API tools faq
paste
Guest User

Untitled

a guest
Apr 14th, 2018
104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
INI file 19.08 KB | None | 0 0
raw download clone embed print report
  1. VirBase=0     ;Признак 1 для основной вирусной базы, 0 - для дополнений
  2. ;Следующая строка (после 'Creator=') должна содержать не более 93 символов
  3. Creator=Igor Daniloff, Daniloff's Anti-Virus Labs and DialogueScience Inc.
  4. MinVers=428   ;Максимальная версия engine, с которым работает база
  5.  
  6. [MEMVIR]    ;Секция резидентных вирусов
  7. [TRC13]  ;Trace Int 13h Chaine
  8.  
  9. [END TRC13]
  10. [TRC21]  ;Trace Int 21h Chaine
  11.  
  12. ;Bolero.1307
  13. MEM 02eh,0ch,74h,000h,30h,002642876h,0ch,1,0ebh,000h,0,Bolero,0,1307,0  ;2ec6 37a
  14. ;Uhg.2580
  15. MEM 09ch,0eh,75h,000h,30h,08697e806h,0eh,2,0ebh,06fh,0,Uhg,0,2580,0  ;9c3d 1ff
  16.  
  17. [END TRC21]
  18. [SCANMEM]  ;Scan Memory Viruses
  19. ;STOP -ОБЯЗАТЕЛЬНО!!! после одной или нескольких записей с одинаковым
  20. ;стартовым байтом
  21. [END SCANMEM]
  22. [IFSHOOK]  ;Win95 IFS HOOK Viruses
  23.  
  24. [END IFSHOOK]
  25. [SCANPRC]  ;Scan Windows Memory Processes Viruses
  26.  
  27. ;Win32.HLLW.Nimda.57344 (2) 80 3e 53 75 35
  28. MEM 08bh,18h,04dh,0dh,030h,05c7b275ch,00h,0,000h,000h,0,Win32.HLLW,Nimda,57344,DeleteProc  ;60c0
  29. STOP
  30.  
  31. ;STOP -ОБЯЗАТЕЛЬНО!!! после одной или нескольких записей с одинаковым
  32. ;стартовым байтом
  33. [END SCANPRC]
  34. [SCANSYS]  ;Scan Share and System Windows Memory Viruses
  35. ;STOP -ОБЯЗАТЕЛЬНО!!! после одной или нескольких записей с одинаковым
  36. ;стартовым байтом
  37. [END SCANSYS]
  38. [INTRMEM]
  39. [END INTRMEM]
  40. [END MEMVIR]
  41. [FILEVIR]    ;Секция файловых вирусов
  42. [EASY]    ;Easy viruses -- Above 0x800 bytes from EXE (PE) entry point
  43.  
  44.  
  45. ;HEURISTIC----------------------------------------------
  46.  
  47. ;DISKPART
  48. FILE   06ah,00000h,020h,08959eedfh,066h,00073h,030h,042e9ab42h,CHK+COM,0,0,0  ;***
  49.        CES   SPECIAL:NoHeuristic,00100h,00004h,00000h,00000h,00000h
  50. ;WWHEEL.DLL
  51. FILE   083h,00000h,020h,0e17d502dh,053h,00023h,030h,0567487ddh,CHK+COM,0,0,0  ;***
  52.        CES   SPECIAL:NoHeuristic,00100h,00004h,00000h,00000h,00000h
  53. ;HEURISTIC----------------------------------------------
  54.  
  55. ;Win32.HLLW.Supernova.40960
  56. FILE   05ch,00001h,007h,01cb341e3h,053h,0003ch,040h,0c1c3640eh,CDL,Win32.HLLW,Supernova,40960  ;***
  57. ;Trivial.Anjo.700
  58. FILE   0b4h,00000h,010h,05c6834e4h,0b8h,00017h,030h,035df5035h,DEL,Trivial,Anjo,700  ;***
  59. ;Trojan.Aphex.70
  60. FILE   004h,00007h,007h,0419de474h,0dch,00024h,040h,0bde237d8h,CDL,Trojan,Aphex,70  ;***
  61. ;Trojan.MulDrop (92) (damaged 88)
  62. FILE   08ch,00016h,007h,0cce6303ch,0fch,0004ch,040h,046647306h,CDL,Trojan,MulDrop,0  ;***
  63. ;Trojan.PWS.Murka (4)
  64. FILE   0ech,00009h,007h,0ac0f810ah,094h,00013h,040h,0831cc46bh,CDL,Trojan.PWS,Murka,0  ;***
  65. ;BackDoor.Wildek.2 (1) (server)
  66. FILE   034h,0000eh,007h,0712125abh,0c8h,0009fh,040h,058b42c1dh,CDL,BackDoor,Wildek,2  ;***
  67. ;BackDoor.Wildek.2 (2) (client)
  68. FILE   00ch,00007h,007h,04aa2ec12h,00ch,00008h,040h,0220f6d22h,CDL,BackDoor,Wildek,2  ;***
  69. ;BackDoor.InCommand.16 (10) (regclient)
  70. FILE   030h,00007h,007h,076456f03h,028h,00024h,040h,06d987e6dh,CDL,BackDoor,InCommand,16  ;***
  71. ;BackDoor.InCommand.16 (11) (regserv)
  72. FILE   0e0h,0000ch,007h,0a2168f36h,0c4h,00069h,040h,0eec3681eh,CDL,BackDoor,InCommand,16  ;***
  73. ;BackDoor.InCommand.17 beta3 (5) (client)
  74. FILE   098h,00012h,007h,0c9e8ecdah,040h,00039h,040h,043a75d37h,CDL,BackDoor,InCommand,17  ;***
  75. ;BackDoor.InCommand.17 beta3 (6) (ntpasshack)
  76. FILE   0b8h,00007h,007h,0fcaedaa0h,050h,-019fh,040h,0fb55c64fh,CDL,BackDoor,InCommand,17
  77. ;BackDoor.InCommand.17 beta3 (7) (passhack)
  78. FILE   00ch,00007h,007h,048a9d512h,050h,-019fh,040h,0bddf0ab5h,CDL,BackDoor,InCommand,17
  79. ;BackDoor.InCommand.17 beta3 (8) (plugin.stub)
  80. FILE   094h,00011h,007h,0d0b8629ch,088h,00036h,040h,0e5f4ed1ah,CDL,BackDoor,InCommand,17
  81. ;BackDoor.Zuper
  82. FILE   044h,00001h,007h,00fbd5cf0h,06dh,00045h,040h,075c365e6h,CDL,BackDoor,Zuper,0  ;***
  83.  
  84.  
  85. ;------------------------------------------------------------------------------------------
  86. ;FDOS.MsgBomb
  87. FILE   040h,00008h,007h,043284417h,044h,00046h,040h,0193d4575h,CHK+COM,FDOS,MsgBomb,0  ;***
  88.        CES   INTERPR:CheckSeekLargePacked#,0bed0h,00004h,00040h,0caeah,021d2h
  89. ;FDOS.Visual Error
  90. FILE   040h,00008h,007h,043284417h,044h,00046h,040h,0193d4575h,ACT+COM,0,0,0  ;***
  91.        CES   SPECIAL:NoCheckThisFile,00000h,00000h,00000h,00000h,00000h
  92.  
  93. ;------------------------------------------------------------------------------------------
  94.  
  95. [END EASY]
  96. [POLY]   ;Polymorphic viruses
  97.  
  98. ;Byworm.1200
  99. FILE   0cdh,00000h,010h,0505405e4h,0b8h,001ebh,030h,0a53ceb9bh,COMEXE,Byworm,0,1200  ;***
  100.        CES   ASIS   ,00100h,00004h,00000h,00000h,00000h
  101.        CES   CISS   ,003e6h,003e4h,003e8h,003eah,00000h
  102. ;Byworm.1600
  103. FILE   0cdh,00000h,010h,0d402f2e1h,0b8h,00201h,030h,0a7c61399h,COMEXE,Byworm,0,1600  ;***
  104.        CES   ASIS   ,00100h,00004h,00000h,00000h,00000h
  105.        CES   CISS   ,00523h,00521h,00525h,00527h,00000h
  106. ;Uhg.2580
  107. FILE   0cdh,00000h,010h,066701057h,09ch,00063h,030h,08697e806h,COMEXE,Uhg,0,2580  ;***
  108.        CES   BYTES  ,-0076h,-0075h,-0078h,00000h,00000h
  109.        CES   INTERPR:CureBombTrack2349#,-0087h,-008ah,00000h,-0082h,00000h
  110.  
  111.  
  112. [END POLY]
  113. [CRYPT]  ;Encoded viruses
  114.  
  115. ;Bolero.1307
  116. FILE   059h,00000h,010h,0d97f5bf7h,02eh,000b4h,030h,002642876h,COM,Bolero,0,1307  ;***
  117.        CES   MOVE   ,004a0h,00005h,00000h,00000h,00000h
  118. ;Loh.1560
  119. FILE   09ch,00000h,010h,0f81aea10h,0b9h,000ddh,030h,0827dfeb1h,EXE,Loh,0,1560  ;***
  120.        CES   INTERPR:CureOpera1020#,00618h,00618h,00000h,00000h,00618h
  121.  
  122.  
  123. [END CRYPT]
  124. [SPECIAL]  ;Special functions
  125. [END SPECIAL]
  126. [MACRO]  ;Macro viruses
  127.  
  128. [END MACRO]
  129. [MACROSRC] ;Macro Source viruses
  130. [END MACROSRC]
  131. [HEADER]  ;Packed or Header viruses
  132.  
  133.  
  134. ;VBS.Britney (5) (chm)
  135. FILE   042h,00244h,007h,0425c4c14h,04bh,0025ah,040h,08ab65befh,CDL,VBS,Britney,0  ;***
  136. ;VBS.Britney (6) (chm)
  137. FILE   041h,0022eh,007h,04c45450dh,041h,00240h,040h,0c50b8aa4h,CDL,VBS,Britney,0  ;***
  138. ;Bolero.1307 (dropper)
  139. FILE   059h,0003ch,010h,0d97f5bf7h,02eh,000f0h,030h,002642876h,DEL,Bolero,0,1307  ;***
  140. ;Trivial.161
  141. FILE   0beh,00000h,010h,07214f6e2h,0b0h,00042h,030h,097d0cc7bh,DEL,Trivial,0,161  ;***
  142. ;Trivial.179
  143. FILE   0e8h,00000h,010h,0e0c2efc1h,08dh,0002bh,030h,00f9db3cch,DEL,Trivial,0,179  ;***
  144. ;Trivial.Sbvc.30000 (1)
  145. FILE   0b4h,00014h,010h,080e2d81eh,0b4h,0002fh,030h,061751e3ah,DEL,Trivial,Sbvc,30000  ;***
  146. ;Trivial.Sbvc.30000 (2)
  147. FILE   0b4h,00016h,010h,0f454e34eh,0b4h,00032h,030h,09ca23396h,DEL,Trivial,Sbvc,30000  ;***
  148.  
  149.  
  150.  
  151. [END HEADER]
  152. [DATA]   ;Data viruses -- First 0x800 bytes of primary section of PE EXE
  153.  
  154. ;Win32.HLLM.Frethem.11
  155. FILE   0a8h,0016ch,007h,0edcf3709h,08ch,0079dh,040h,043d31b16h,CDL,Win32.HLLM,Frethem,11  ;***
  156. ;Win32.HLLM.Frethem.12
  157. FILE   0b8h,0016ch,007h,0fda149f9h,02ch,0078bh,040h,0234cec5eh,CDL,Win32.HLLM,Frethem,12  ;***
  158. ;Win32.HLLM.Frethem.13
  159. FILE   0e8h,0016ch,007h,0addb6349h,0a0h,00795h,040h,0c31757beh,CDL,Win32.HLLM,Frethem,13  ;***
  160. ;Win32.HLLM.Frethem.14
  161. FILE   0e8h,0016ch,007h,0add86049h,0a0h,00795h,040h,0c03576bdh,CDL,Win32.HLLM,Frethem,14  ;***
  162. ;Win32.HLLW.Datom (1) (msvxd.exe)
  163. FILE   0d7h,00001h,007h,097314695h,064h,005e1h,040h,09bcf9e16h,CDL,Win32.HLLW,Datom,0  ;***
  164. ;Win32.HLLW.Datom (2) (msvxd16.dll)
  165. FILE   0abh,00001h,007h,0eb212ae9h,015h,00699h,040h,0cea2ef0ah,CDL,Win32.HLLW,Datom,0  ;***
  166. ;Win32.HLLW.Datom (3) (msvxd32.exe)
  167. FILE   0c3h,00001h,007h,083711281h,023h,0073ch,040h,0cf49a772h,CDL,Win32.HLLW,Datom,0  ;***
  168. ;HLLO.2608
  169. FILE   005h,00000h,007h,04e7c57d4h,030h,000b7h,040h,02ca5d932h,DEL,HLLO,0,2608  ;***
  170. ;IRC.Projax.56060
  171. FILE   050h,00002h,007h,0555c5117h,046h,000d3h,040h,0addcc952h,DEL,IRC,Projax,56060  ;***
  172. ;Trojan.PWS.Zimenok (1) (cfg)
  173. FILE   09eh,0000fh,007h,0de3ae4b6h,020h,00150h,040h,027c3e427h,CDL,Trojan.PWS,Zimenok,0  ;***
  174. ;Trojan.PWS.Zimenok (2)
  175. FILE   050h,00010h,007h,010509b43h,0a5h,0036dh,040h,0dedbadfch,CDL,Trojan.PWS,Zimenok,0  ;***
  176. ;Trojan.PWS.Zimenok (3)
  177. FILE   005h,00110h,007h,045e99e45h,0c0h,006dah,040h,0e96c0ea9h,CDL,Trojan.PWS,Zimenok,0  ;***
  178. ;Trojan.Share.3851
  179. FILE   061h,00004h,007h,07a64661fh,010h,00289h,040h,029005f2fh,CDL,Trojan,Share,3851  ;***
  180. ;Trojan.Share.3856
  181. FILE   061h,00004h,007h,07a64661fh,010h,00289h,040h,012006414h,CDL,Trojan,Share,3856  ;***
  182. ;BackDoor.BlackRat.16 (1) (downloader)
  183. FILE   056h,00001h,007h,05669d956h,037h,00064h,040h,0ef970de8h,CDL,BackDoor,BlackRat,16  ;***
  184. ;BackDoor.BlackRat.16 (2) (server)
  185. FILE   08ch,00018h,007h,0cc69e1e8h,0e8h,00759h,040h,09f025b9ah,CDL,BackDoor,BlackRat,16  ;***
  186.  
  187.  
  188. ;COM
  189. ;BAT.GhostDog.942
  190. FILE   066h,006cbh,020h,04c22310ch,074h,0075fh,030h,032154246h,DEL,BAT,GhostDog,942  ;***
  191. ;BAT.GhostDog.1228
  192. FILE   066h,00699h,020h,04c22310ch,074h,0075fh,030h,032154246h,DEL,BAT,GhostDog,1228  ;***
  193. ;BAT.Julia.1000
  194. FILE   066h,006afh,020h,04c223119h,074h,0072ch,030h,0590d3638h,DEL,BAT,Julia,1000  ;***
  195. ;BAT.Bakk.494
  196. FILE   066h,006c3h,020h,05a126274h,074h,00755h,030h,010310422h,DEL,BAT,Bakk,494  ;***
  197. ;BAT.Cls.475
  198. FILE   066h,00729h,020h,0476b0c24h,074h,007a7h,030h,057467d24h,DEL,BAT,Cls,475  ;***
  199. ;JS.Fortnight (2)
  200. FILE   03ch,00751h,007h,0284e2b6dh,073h,0079ch,040h,0123d4b66h,DEL,JS,Fortnight,0  ;***
  201.  
  202.  
  203. [END DATA]
  204. [TEXT]       ;Text viruses
  205.  
  206. ;Error for BAT.Trivia.39
  207. FILE   049h,0000ah,007h,040464314h,046h,00001h,020h,06f083223h,CHK+COM,0,0,0  ;***
  208.        CES   INTERPR:ErrorBATTrivial39#,00000h,00000h,00000h,00000h,00000h
  209.  
  210.  
  211. ;BAT.Eris (eris5.bat)
  212. FILE   045h,00032h,007h,05f35281eh,047h,0003bh,040h,04c637b46h,CDL,BAT,Eris,0  ;***
  213. ;Perl.Snakebyte.2987
  214. FILE   043h,00231h,007h,04a5f4113h,046h,007b5h,040h,0387b066ah,DEL,Perl,Snakebyte,2987  ;***
  215. ;Trojan.FormatC.30
  216. FILE   046h,00007h,007h,00a035b47h,045h,00001h,01ah,017286743h,DEL,Trojan,FormatC,30  ;***
  217. ;Trojan.IframeExec
  218. FILE   03ch,00001h,006h,01c396922h,000h,00000h,000h,000000000h,CHK+COM,Trojan,IframeExec,0  ;***
  219.        CES   INTERPR:CheckTrojanIframeExec#,00200h,00020h,00000h,00000h,00000h
  220.  
  221.  
  222. [END TEXT]
  223. [SCRSKELET]   ;Script Skeleton viruses
  224.  
  225.  
  226. ;BAT.Eris
  227. FILE   025h,00000h,020h,0473c3108h,041h,000c1h,030h,01d091437h,DEL,BAT,Eris,0  ;***
  228. ;VBS.Generic (59)
  229. FILE   041h,0004ah,020h,071240734h,054h,00070h,030h,0444e4400h,CDL,VBS,Generic,0  ;***
  230. ;VBS.Generic (60)
  231. FILE   041h,0003ah,020h,0714e7a3dh,044h,00067h,030h,07d173828h,CDL,VBS,Generic,0  ;***
  232. ;VBS.Generic (61)
  233. FILE   04dh,0003fh,020h,053595e01h,053h,0005ah,030h,0631e3963h,CDL,VBS,Generic,0  ;***
  234. ;VBS.Generic (62)
  235. FILE   057h,00066h,020h,05a312713h,047h,0003bh,030h,071207f38h,CDL,VBS,Generic,0  ;***
  236. ;VBS.Generic (63) (ConvertHex tools)
  237. FILE   045h,00000h,008h,00b17590bh,000h,00000h,000h,000000000h,CHK+COM,VBS,Generic,0  ;***
  238.        CES   INTERPR:CheckVBSConvertHex#,00000h,00000h,00000h,00000h,00000h
  239. ;VBS.Generic (64)
  240. FILE   056h,0005ah,020h,059243859h,047h,00023h,030h,018570354h,CDL,VBS,Generic,0  ;***
  241. ;VBS.Generic (65) (gascript)
  242. FILE   043h,0002dh,007h,04a595a06h,045h,0001eh,040h,0564f5d56h,CDL,VBS,Generic,0  ;***
  243. ;VBS.Generic (66)
  244. FILE   043h,00035h,020h,04e677b07h,04fh,0009ah,030h,04a7c724ah,CDL,VBS,Generic,0  ;***
  245. ;VBS.Generic (67)
  246. FILE   048h,00061h,020h,051243051h,052h,000d3h,030h,05f7a251bh,CDL,VBS,Generic,0  ;***
  247. ;VBS.Generic (68)
  248. FILE   046h,00023h,020h,0274d2f27h,046h,00001h,030h,0174e0d51h,CDL,VBS,Generic,0  ;***
  249. ;VBS.Generic (69)
  250. FILE   057h,00033h,007h,04a5e5803h,045h,00009h,040h,071063971h,CDL,VBS,Generic,0  ;***
  251. ;BAT.Generic (55)
  252. FILE   043h,00016h,020h,0737a0957h,04dh,00000h,03bh,008044708h,DEL,BAT,Generic,0  ;***
  253.  
  254.  
  255. [END SCRSKELET]
  256. [MCRSKELET]   ;Macro Skeleton viruses
  257.  
  258. ;W97M.Iron (3)
  259. FILE   043h,00045h,020h,0622f0836h,049h,0006dh,030h,02b0a2178h,WRD,W97M,Iron,0  ;***
  260. ;W97M.VMPCK (22)
  261. FILE   043h,00097h,020h,0613d132ch,045h,000c2h,030h,074247032h,WRD,W97M,VMPCK,0  ;***
  262.  
  263.  
  264. [END MCRSKELET]
  265. [SEARCH]
  266. ;STOP -ОБЯЗАТЕЛЬНО!!! после одной или нескольких записей с одинаковым
  267. ;стартовым байтом
  268. [END SEARCH]
  269. [LONGSEARCH]
  270. ;STOP -ОБЯЗАТЕЛЬНО!!! после одной или нескольких записей с одинаковым
  271. ;стартовым байтом
  272. [END LONGSEARCH]
  273. [WLNGSEARCH]
  274.  
  275.  
  276. ;Win32.FunLove.4608 (damaged in last sec)
  277. FILE   081h,04d3fh,010h,068042c67h,03dh,00027h,030h,069a10e41h,DEL,Win32,FunLove,4608  ;***
  278. STOP
  279.  
  280. ;STOP -ОБЯЗАТЕЛЬНО!!! после одной или нескольких записей с одинаковым
  281. ;стартовым байтом
  282. [END WLNGSEARCH]
  283.  
  284. [INTRFILE]  ;File Interpretator procedures
  285.  
  286. ;-------------------------------------------------------------------
  287. CheckSeekLargePacked#:
  288. if ((dword CurDat1+CurDat3)>filesize) ret;
  289. openrd;
  290. seek(dword CurDat1);
  291. read(CurDat3);
  292. closerd;
  293. if ((crcsum(free,CurDat3))!=dword CurDat4) ret;
  294. prnvir;
  295. delete;
  296. exit;
  297. end;
  298.  
  299. ;CheckLargePacked#:
  300. ;if ((fileEP+dword CurDat1+CurDat3)>filesize) ret;
  301. ;openrd;
  302. ;seek(fileEP+dword CurDat1);
  303. ;read(CurDat3);
  304. ;closerd;
  305. ;if ((crcsum(free,CurDat3))!=dword CurDat4) ret;
  306. ;prnvir;
  307. ;delete;
  308. ;exit;
  309. ;end;
  310.  
  311. ;CutWin32Size#:
  312. ;b=headerw(14h)+headerw(6)*28h;
  313. ;if (b<7fdh) {
  314. ;  if (headerd(b-8)<=headerd(b)) {
  315. ;        headerd(b)=a-headerd(b+4);   //Phys Size
  316. ;        headerd(b-8)=a-headerd(b+4); //Virt Size
  317. ;        headerd(50h)=headerd(b-4)+headerd(b); //Image Size
  318. ;  }
  319. ;  else {
  320. ;        headerd(b)=a-headerd(b+4);   //Phys Size
  321. ;        headerd(50h)=headerd(b-4)+headerd(b-8); //Image Size
  322. ;  }
  323. ;  if (headerd(50h)%headerd(38h)) headerd(50h)=((headerd(50h)/headerd(38h))+1)*headerd(38h);
  324. ;  wrheader(b+4);
  325. ;}
  326. ;else wrheader(2ch);
  327. ;ret;
  328. ;end;
  329.  
  330. ;CorrectLastSec#:
  331. ;if (b<7fdh) {
  332. ;        a=headerd(b)&(headerd(3ch)-1);
  333. ;        if (a) {
  334. ;                seek(headerd(b)+headerd(b+4));
  335. ;                for (i=0,i+=4,i<headerd(3ch)-a) virsgd(i)=0;
  336. ;                c=writebig(virsg,headerd(3ch)-a);
  337. ;                headerd(b)+=headerd(3ch)-a;
  338. ;                wrheader(b+4);
  339. ;        }
  340. ;        setsize(headerd(b)+headerd(b+4));
  341. ;}
  342. ;ret;
  343. ;end;
  344.  
  345. ;CutFromLastPE#:
  346. ;if (headerd(28h)>headerd(34h)) headerd(28h)-=headerd(34h);
  347. ;a=fileEP+sign CurCut;
  348. ;call(CutWin32Size#);
  349. ;call(CorrectLastSec#);
  350. ;ret;
  351. ;end;
  352.  
  353. ;CureWin95Zerg3849#:
  354. ;headerd(28h)=virsgd(vir+sign CurDat1);
  355. ;call(CutFromLastPE#);
  356. ;ret;
  357. ;end;
  358.  
  359. ;RemoveLastPESection#:
  360. ;a=headerw(14h)+2ch+headerw(6)*28h;
  361. ;if (a<7fdh) {
  362. ;  seek(headerd(a));
  363. ;  call (RemoveVirusCode);
  364. ;  for (i=0,i+=4,i<18h) headerd(a+i-14h)=0;
  365. ;  headerd(50h)=headerd(a-30h)+headerd(a-2ch); //Image Size
  366. ;  if (headerd(50h)%headerd(38h)) headerd(50h)=((headerd(50h)/headerd(38h))+1)*headerd(38h);
  367. ;  wrheader(a+4);
  368. ;}
  369. ;else wrheader(2ch);
  370. ;ret;
  371. ;end;
  372.  
  373. ;CureLastPESection#:
  374. ;--headerw(6);
  375. ;headerd(28h)=virsgd(vir+sign CurDat1);
  376. ;if (headerd(28h)>=headerd(34h)) headerd(28h)-=headerd(34h);
  377. ;call (RemoveLastPESection#);
  378. ;ret;
  379. ;end;
  380.  
  381. ;SearchWin32RVA#:    //Вход:  a - RVA
  382. ;        //Выход: a - смещение, -1 - ошибка
  383. ;        //Файл должен быть открыт!
  384. ;if ((headerw(14h)+(headerw(6)-1)*28h+18h)<=7d8h) {
  385. ;  for (i=0,++i,i<headerw(6)) {
  386. ;     if (a<headerd(headerw(14h)+i*28h+18h+0ch)) continue;
  387. ;     if (a>headerd(headerw(14h)+i*28h+18h+0ch)+headerd(headerw(14h)+i*28h+18h+10h)) continue;
  388. ;     a=a-headerd(headerw(14h)+i*28h+18h+0ch)+headerd(headerw(14h)+i*28h+18h+14h);
  389. ;     ret;
  390. ;  }
  391. ;  a=-1;
  392. ;}
  393. ;else {
  394. ;  seek(offshead+headerw(14h)+18h);
  395. ;  read(800h);
  396. ;  for (i=0,++i,i<headerw(6)) {
  397. ;     if (a<freed(i*28h+0ch)) continue;
  398. ;     if (a>freed(i*28h+0ch)+freed(i*28h+10h)) continue;
  399. ;     a=a-freed(i*28h+0ch)+freed(i*28h+14h);
  400. ;     ret;
  401. ;  }
  402. ;  a=-1;
  403. ;}
  404. ;ret;
  405. ;end;
  406.  
  407. ;||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
  408.  
  409. ErrorBATTrivial39#:
  410. ++textd(2);
  411. ret;
  412. end;
  413.  
  414. CureBombTrack2349#:
  415. ip=virsgw(vir+sign CurDat1);
  416. cs=virsgw(vir+sign CurDat2);
  417. sp=virsgw(vir+sign CurDat4);
  418. correct;
  419. ret;
  420. end;
  421.  
  422. CureOpera1020#:
  423. ab=CurDat2;
  424. call (ReadLastBytes);
  425. for (i=0,++i,i<CurDat2) {virsgb(i)^=ab;--ab;}
  426. a=writebig(virsg,CurDat2);
  427. call(START);
  428. ret;
  429. end;
  430. ;-------------------------------------------------------------------
  431.  
  432. CheckTrojanIframeExec#:
  433. for (i=7,++i,i<CurDat1) {
  434.   if (textd(i)!='<IFR') continue;
  435.   if (textd(i+4)!='AME ') continue;
  436.   if (textd(i+8)!='SRC=') continue;
  437. //  if (word textd(i+12)=='3D') i+=2;
  438.   if (textd(i+12)!='CID:') continue;
  439.   for (j=i+18,++j,j<i+18+CurDat2) {
  440.     if (textd(j)!='HEIG') continue;
  441.     if (textd(j+3)!='GHT=') continue;
  442. //    if (word textd(j+7)=='3D') j+=2;
  443.     if (byte textd(j+7)!='0') continue;
  444.     if (textd(j+8)!=' WID') continue;
  445.     if (textd(j+11)!='DTH=') continue;
  446. //    if (word textd(j+15)=='3D') j+=2;
  447.     if (byte textd(j+15)!='0') continue;
  448.     if (byte textd(j+16)!='>') continue;
  449.     if (byte textd(j+17)==0ah) ++j;
  450.     if (byte textd(j+17)!='<') continue;
  451.     if (textd(j+18)!='/IFR') continue;
  452.     if (textd(j+22)!='AME>') continue;
  453.     prnvir;
  454.     delete;
  455.     exit;
  456.   }
  457. }
  458. ret;
  459. end;
  460.  
  461. CheckVBSConvertHex#:
  462. for (i=80h,++i,i<780h) {
  463.         if (datad(i)!='Func') continue;
  464.         if (datad(i+4)!='tion') continue;
  465.         if (byte datad(i+8)!=20h) continue;
  466.         for (j=9,++j,j<200h) {
  467.                 if (word textd(j)!=2228h) continue;
  468.                 aw=0;
  469.                 for (k=j+2,k+=2,k<800h) {
  470.                     bw=0;
  471.                     for (l=0,++l,l<2) {
  472.                         bw<|=4;
  473.                         ab=textd(k+l);
  474.                         if ((ab>='0')&&(ab<='9')) {
  475.                            ab-='0';
  476.                         }
  477.                         else if ((ab>='A')&&(ab<='F')) {
  478.                              ab-=37h;
  479.                         }
  480.                         else ret;
  481.                         bw=bw|ab;
  482.  
  483.                     }
  484.                     freeb(aw)=bw;
  485.                     ++aw;
  486.                 }
  487.                 if (freed(0)!='On E') ret;
  488.                 for (k=0,++k,k<aw) {
  489.                     if ((freed(k)&0dfdfdfffh)=='.SCR') {
  490.                        if ((freed(k+4)&0dfdfdfdfh)!='IPTF') continue;
  491.                        if ((freed(k+8)&0dfdfdfdfh)!='ULLN') continue;
  492.                        if ((freed(k+11)&0dfdfdfdfh)!='NAME') continue;
  493.                           prnvir;
  494.                           delete;
  495.                           exit;
  496.                     }
  497.                 }
  498.                 ret;
  499.         }
  500.         ret;
  501. }
  502. ret;
  503. end;
  504.  
  505.  
  506. [END INTRFILE]
  507. [END FILEVIR]
  508. [BOOTVIR]  ;Boot Viruses
  509. [EASYBOOT]
  510.  
  511. [END EASYBOOT]
  512. [SEARCHBOOT]
  513. [END SEARCHBOOT]
  514. [INTRBOOT]
  515. [END INTRBOOT]
  516. [END BOOTVIR]
  517. [END]
  518.  
  519. ;Имена вирусов должны идти сразу за секцией VIRNAMES, а после всех имен
  520. обязательно должен быть перевод строки
  521. [VIRNAMES]
  522. Anjo
  523. Aphex
  524. BackDoor
  525. Bakk
  526. BAT
  527. BlackRat
  528. Bolero
  529. Britney
  530. Byworm
  531. Cls
  532. Datom
  533. Eris
  534. FDOS
  535. FormatC
  536. Fortnight
  537. Frethem
  538. FunLove
  539. Generic
  540. GhostDog
  541. HLLO
  542. IframeExec
  543. InCommand
  544. IRC
  545. Iron
  546. JS
  547. Julia
  548. Loh
  549. MsgBomb
  550. MulDrop
  551. Murka
  552. Nimda
  553. Perl
  554. Projax
  555. Sbvc
  556. Share
  557. Snakebyte
  558. Supernova
  559. Trivial
  560. Trojan
  561. Trojan.PWS
  562. Uhg
  563. VBS
  564. VMPCK
  565. W97M
  566. Wildek
  567. Win32
  568. Win32.HLLM
  569. Win32.HLLW
  570. Zimenok
  571. Zuper
  572.  
  573.  
  574. // Source: 1764376ba7382c9c9786e3b913633edc3b5f8bedeb6a4e0f43fa163a8d7c949574891cbd51ffcd29fa313725fe15f91eb014701d75ef71de7d1c6fb6f9183e88
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!