www.pudn.com > Pckv.zip > V56ASM.ASM
PUBLIC V56
EXTRN PMHHHC:NEAR,XS09SC:NEAR,JGBTBDA:NEAR
EXTRN RPJS:BYTE,DLZC:BYTE,FHM:BYTE,ESZC1:WORD
EXTRN DPCZF:BYTE,XPCZF:BYTE
EXTRN JGBTZF1:BYTE,JGBTZF2:BYTE,JGBTZF3:BYTE
EXTRN BOOTQ1:BYTE,BOOTQ2:BYTE,FQSQ:BYTE
EXTRN GZW01:WORD,BTESZC:WORD
EXTRN XSAXZC:WORD
seg_b segment byte public 'data'
V56TZMA db 006h,0CDh,013h,0B8h,0D3h,000h,050h,0CBh
V56B01 DB 0
V56B02 DB 0
V56W01 DW 0
V56W02 DW 0
V56W03 DW 0
V56ZF1 DB '正在还原被幽灵病毒加密了的硬盘数据……请等待$'
seg_b ends
;
seg_c segment byte public 'code'
assume cs:seg_c , ds:seg_c ; ss:stack_seg_a
; Program Entry Point
V56 proc near
V56START:
PUSH DS
POP ES
CLD
MOV SI,OFFSET BOOTQ1
ADD SI,21H
MOV DI,OFFSET V56TZMA
MOV CX,8
REPZ CMPSB
JZ V56L01
JMP V56END2
V56L01: MOV DL,80H
MOV AH,8
INT 13H
JNB V56L02
JMP V56DPC
V56L02: MOV V56B01,DH
AND V56B01,3FH
MOV V56B02,CL
AND V56B02,3FH
MOV AH,DH
MOV AL,CL
AND AH,0C0H
AND AL,0C0H
MOV CL,6
SHR AH,CL
SHL AX,1
SHL AX,1
MOV AL,CH
MOV V56W01,AX
MOV AX,BTESZC
MOV ES,AX
MOV BX,0
MOV SI,OFFSET BOOTQ1
MOV CX,[SI+29H]
MOV V56W02,CX
MOV CX,[SI+1CH]
DEC CX
MOV DX,0080H
MOV AX,0208H
INT 13H
JNB V56L03
JMP V56DPC
V56L03: MOV AX,ES:[BX+1FEH]
CMP AX,0AA55H
JZ V56L04
JMP V56JG1
V56L04: MOV DI,1BEH
ADD SI,1BEH
MOV CX,10H
REPZ CMPSB
JZ V56L05
JMP V56JG1
V56L05: MOV SI,V56W01
MOV DI,09D1H
MOV AX,ES:[DI]
MOV V56W03,AX
MOV DX,0080H
MOV CX,0001H
MOV AX,0301H
INT 13H
JNB V56L13
JMP V56XPC
V56L13: MOV DX,OFFSET V56ZF1
CALL XS09SC
V56L06: CALL V56ZCXA
V56L07: MOV AH,02
PUSH AX
INT 13H
POP AX
JB V56DPC
CALL V56ZCXB
INC AH
PUSH AX
INT 13H
POP AX
JB V56XPC
TEST DH,3FH
JZ V56L09
DEC DH
JMP V56L07
V56L09: CMP SI,V56W02
JA V56L10
JMP V56END0
V56L10: DEC SI
JMP V56L06
;
V56END2: MOV FHM,2
MOV XSAXZC,0
JMP V56ZE
V56END0: MOV FHM,0
MOV XSAXZC,0
JMP V56ZE
;
V56JG1: CALL JGBTBDA
JMP V56ZE2
V56DPC: MOV DX,OFFSET DPCZF
JMP V56ZE1
V56XPC: MOV DX,OFFSET XPCZF
V56ZE1: MOV XSAXZC,DX
V56ZE2: MOV FHM,1
V56ZE: PUSH DS
POP ES
MOV AX,XSAXZC
MOV DX,DS
RET
V56 ENDP
;
V56ZCXA PROC NEAR
MOV DL,80H
MOV AX,SI
MOV CH,AL
SHL AH,1
SHL AH,1
SHL AH,1
SHL AH,1
MOV DH,AH
AND DH,0C0H
SHL AH,1
SHL AH,1
MOV CL,AH
INC CL
OR DH,V56B01
MOV AL,V56B02
RET
V56ZCXA ENDP
;
V56ZCXB PROC NEAR
PUSH AX
PUSH BX
PUSH CX
PUSH DX
MOV AL,V56B02
MOV BX,0
V56ZB1: MOV CX,0100H
MOV DX,V56W03
V56ZB2: XOR ES:[BX],DX
INC BX
INC BX
LOOP V56ZB2
DEC AL
JNZ V56ZB1
POP DX
POP CX
POP BX
POP AX
RET
V56ZCXB ENDP
;
seg_c ends
end V56START
�