Lord Julus (ionifl@pcnet.pcnet.ro)
Mon, 08 Jun 1998 07:48:45
For those of you who think I am an annorak trainspotting mental
disabled person trying to pass you a virus, here is the transcript
of the source of the file. If you find any virus in it, I will have
to addmit I was fooled myself too:
secret.lst Sourcer v5.10 8-Jun-98 7:44 am Page 1
PAGE 59,132
;ÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍk
;Ík Ík
;Ík SECRET Ík
;Ík Ík
;Ík Created: 26-May-98 Ík
;Ík Passes: 9 Analysis Options on: QRS Ík
;Ík Ík
;ÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍkÍk
target EQU 'T3' ; Target assembler: TASM-3.2
include srmacros.inc
.386c
seg_a segment byte public use16
assume cs:seg_a, ds:seg_a
org 100h
secret proc far
3CC7:0100 start:
3CC7:0100 B4 09 mov ah,9
3CC7:0102 ?BA 018B mov dx,offset data_2 ; (3CC7:018B='Which key shall ')
3CC7:0105 CD 21 int 21h ; DOS Services ah=function 09h
; display char string at ds:dx
3CC7:0107 BE 02BB mov si,2BBh
3CC7:010A ?BB 02B9 mov bx,offset data_10 ; (3CC7:02B9=27h)
3CC7:010D C7 07 0000 mov word ptr [bx],0
3CC7:0111 loc_1: ; xref 3CC7:011E
3CC7:0111 ?B4 01 mov ah,1
3CC7:0113 CD 21 int 21h ; DOS Services ah=function 01h
; get keybd char al, with echo
3CC7:0115 3C 0D cmp al,0Dh
3CC7:0117 74 07 je short loc_2 ; Jump if equal
3CC7:0119 88 04 mov [si],al
3CC7:011B 46 inc si
3CC7:011C FF 07 inc word ptr [bx]
3CC7:011E EB F1 jmp short loc_1 ; (0111)
3CC7:0120 loc_2: ; xref 3CC7:0117
3CC7:0120 B4 09 mov ah,9
3CC7:0122 ?BA 020C mov dx,offset data_7 ; (3CC7:020C='Decrypting ')
3CC7:0125 CD 21 int 21h ; DOS Services ah=function 09h
; display char string at ds:dx
3CC7:0127 ?BA 0218 mov dx,offset data_8 ; (3CC7:0218='data, this might')
3CC7:012A CD 21 int 21h ; DOS Services ah=function 09h
; display char string at ds:dx
3CC7:012C B8 3D00 mov ax,3D00h
3CC7:012F ?BA 01F2 mov dx,offset data_5 ; (3CC7:01F2=73h)
3CC7:0132 CD 21 int 21h ; DOS Services ah=function 3Dh
; open file, al=mode,; open file, al=mode,name@ds:dx
secret.lst Sourcer v5.10 8-Jun-98 7:44 am Page 2
3CC7:0134 93 xchg bx,ax
3CC7:0135 B8 4200 mov ax,4200h
3CC7:0138 33 C9 xor cx,cx ; Zero register
3CC7:013A BA 01B9 mov dx,1B9h
3CC7:013D CD 21 int 21h ; DOS Services ah=function 42h
; move file ptr, bx=file handle
; al=method, cx,dx=offset
3CC7:013F B4 3C mov ah,3Ch ; '<'
3CC7:0141 ?BA 01E4 mov dx,offset data_4 ; (3CC7:01E4=73h)
3CC7:0144 33 C9 xor cx,cx ; Zero register
3CC7:0146 CD 21 int 21h ; DOS Services ah=function 3Ch
; create/truncate file @ ds:dx
3CC7:0148 97 xchg di,ax
3CC7:0149 33 ED xor bp,bp ; Zero register
3CC7:014B loc_3: ; xref 3CC7:0177
3CC7:014B ?B4 3F mov ah,3Fh ; '?'
3CC7:014D B9 0001 mov cx,1
3CC7:0150 ?BA 018A mov dx,offset data_1 ; (3CC7:018A=0)
3CC7:0153 CD 21 int 21h ; DOS Services ah=function 3Fh
; read file, bx=file handle
; cx=bytes to ds:dx buffer
3CC7:0155 91 xchg cx,ax
3CC7:0156 ?BE 02BB mov si,offset data_11 ; (3CC7:02BB=45h)
3CC7:0159 8A 02 mov al,[bp+si]
3CC7:015B 45 inc bp
3CC7:015C ?BE 018A mov si,offset data_1 ; (3CC7:018A=0)
3CC7:015F 30 04 xor [si],al
3CC7:0161 ?BE 02B9 mov si,offset data_10 ; (3CC7:02B9=27h)
3CC7:0164 3B 2C cmp bp,[si]
3CC7:0166 72 02 jb short loc_4 ; Jump if below
3CC7:0168 33 ED xor bp,bp ; Zero register
3CC7:016A loc_4: ; xref 3CC7:0166
3CC7:016A 87 FB xchg di,bx
3CC7:016C B4 40 mov ah,40h
3CC7:016E CD 21 int 21h ; DOS Services ah=function 40h
; write file bx=file handle
; cx=bytes from ds:dx buffer
3CC7:0170 3D 0001 cmp ax,1
3CC7:0173 75 04 jne short loc_5 ; Jump if not equal
3CC7:0175 87 FB xchg di,bx
3CC7:0177 EB D2 jmp short loc_3 ; (014B)
3CC7:0179 loc_5: ; xref 3CC7:0173
3CC7:0179 B4 3E mov ah,3Eh
3CC7:017B CD 21 int 21h ; DOS Services ah=function 3Eh
; close file, bx=file handle
3CC7:017D 87 FB xchg di,bx
3CC7:017F CD 21 int 21h ; DOS Services ah=function 3Eh
; close file, bx=file handle
3CC7:0181 B4 09 mov ah,9
3CC7:0183 ?BA 0239 mov dx,offset data_9 ; (3CC7:0239='')
3CC7:0186 CD 21 int 21h ; DOS Services ah=function 09h
; display char string at ds:dx
3CC7:0188 CD 20 int 20h ; DOS program terminate
3CC7:018A 00 data_1 db 0 ; xref 3CC7:0150, 015C
3CC7:018B 57 68 69 63 68 20 data_2 db 'Which key shall I use? $' ; xref 3CC7:0102
3CC7:0191 6B 65 79 20 73 68
3CC7:0197 61 6C 6C 20 49 20
secret.lst Sourcer v5.10 8-Jun-98 7:44 am Page 3
3CC7:019D 75 73 65 3F 20 24
3CC7:01A3 0D 0A 45 6E 74 65 db 0Dh, 0Ah, 'Enter filename to encr'
3CC7:01A9 72 20 66 69 6C 65
3CC7:01AF 6E 61 6D 65 20 74
3CC7:01B5 6F 20 65 6E 63 72
3CC7:01BB 79 70 74 3A 20 24 db 'ypt: $'
3CC7:01C1 45 6E 74 65 72 20 db 'Enter destination file (.com): $'
3CC7:01C7 64 65 73 74 69 6E
3CC7:01CD 61 74 69 6F 6E 20
3CC7:01D3 66 69 6C 65 20 28
3CC7:01D9 2E 63 6F 6D 29 3A
3CC7:01DF 20 24
3CC7:01E1 0A 0D 24 db 0Ah, 0Dh, '$'
3CC7:01E4 73 65 63 72 65 74 data_4 db 'secret.txt', 0 ; xref 3CC7:0141
3CC7:01EA 2E 74 78 74 00
3CC7:01EF 00 00 00 db 0, 0, 0
3CC7:01F2 73 65 63 72 65 74 data_5 db 'secret.com', 0 ; xref 3CC7:012F
3CC7:01F8 2E 63 6F 6D 00
3CC7:01FD 00 00 00 45 6E db 00h, 00h, 00h, 45h, 6Eh
3CC7:0202 63 72 79 70 74 69 db 'crypting $'
3CC7:0208 6E 67 20 24
3CC7:020C 44 65 63 72 79 70 data_7 db 'Decrypting $' ; xref 3CC7:0122
3CC7:0212 74 69 6E 67 20 24
3CC7:0218 64 61 74 61 2C 20 data_8 db 'data, this might take a while...' ; xref 3CC7:0127
3CC7:021E 74 68 69 73 20 6D
3CC7:0224 69 67 68 74 20 74
3CC7:022A 61 6B 65 20 61 20
3CC7:0230 77 68 69 6C 65 2E
3CC7:0236 2E 2E
3CC7:0238 24 db '$'
3CC7:0239 0D 0A 64 6F 6E 65 data_9 db 0Dh, 0Ah, 'done!', 0Dh, 0Ah, '$' ; xref 3CC7:0183
3CC7:023F 21 0D 0A 24
3CC7:0243 54 68 65 72 65 20 db 'There is no such file! choose an'
3CC7:0249 69 73 20 6E 6F 20
3CC7:024F 73 75 63 68 20 66
3CC7:0255 69 6C 65 21 20 63
3CC7:025B 68 6F 6F 73 65 20
3CC7:0261 61 6E
3CC7:0263 6F 74 68 65 72 20 db 'other file [Y/n]$'
3CC7:0269 66 69 6C 65 20 5B
3CC7:026F 59 2F 6E 5D 24
3CC7:0274 4F 75 74 70 75 74 db 'Output file already exist! Overw'
3CC7:027A 20 66 69 6C 65 20
3CC7:0280 61 6C 72 65 61 64
3CC7:0286 79 20 65 78 69 73
3CC7:028C 74 21 20 4F 76 65
3CC7:0292 72 77
3CC7:0294 72 69 74 65 20 5B db 'rite [Y/n]?$'
3CC7:029A 59 2F 6E 5D 3F 24
3CC7:02A0 0D 0A 4C 65 61 76 db 0Dh, 0Ah, 'Leaving this world..', 0Dh
3CC7:02A6 69 6E 67 20 74 68
3CC7:02AC 69 73 20 77 6F 72
3CC7:02B2 6C 64 2E 2E 0D
3CC7:02B7 0A 24 db 0Ah, '$'
3CC7:02B9 27 data_10 db 27h ; xref 3CC7:010A, 0161
3CC7:02BA 1A db 1Ah
3CC7:02BB 45 52 39 22 34 72 data_11 db 'ER9"4rM1Q' ; xref 3CC7:0156
secret.lst Sourcer v5.10 8-Jun-98 7:44 am Page 4
3CC7:02C1 4D 31 51
3CC7:02C4 0E 1F 10 0D 52 34 db 0Eh, 1Fh, 10h, 0Dh, 52h, 34h
3CC7:02CA 25 28 21 0E 33 42 db 25h, 28h, 21h, 0Eh, 33h, 42h
3CC7:02D0 02 13 07 08 1F 7F db 02h, 13h, 07h, 08h, 1Fh, 7Fh
3CC7:02D6 40 4B 5F 24 0A 17 db 40h, 4Bh, 5Fh, 24h, 0Ah, 17h
3CC7:02DC 00 54 1C 04 02 32 db 00h, 54h, 1Ch, 04h, 02h, 32h
3CC7:02E2 28 32 21 4B 27 11 db 28h, 32h, 21h, 4Bh, 27h, 11h
3CC7:02E8 60 7E 78 63 30 35 db '`~xc059a', 1Bh, 9, '.'
3CC7:02EE 39 61 1B 09 2E
3CC7:02F3 10 03 1B 01 db 10h, 03h, 1Bh, 01h
3CC7:02F7 49 1B 2D 3D 33 37 db 'I', 1Bh, '-=37]0U', 9, 'T'
3CC7:02FD 5D 30 55 09 54
3CC7:0302 17 10 52 39 22 34 db 17h, 10h, 52h, 39h, 22h, 34h
3CC7:0308 7E 0E 36 5E 01 11 db 7Eh, 0Eh, 36h, 5Eh, 01h, 11h
3CC7:030E 06 1A 52 39 22 34 db 06h, 1Ah, 52h, 39h, 22h, 34h
3CC7:0314 75 5C 26 10 19 1C db 75h, 5Ch, 26h, 10h, 19h, 1Ch
3CC7:031A 10 49 1D 2E 28 61 db 10h, 49h, 1Dh, 2Eh, 28h, 61h
3CC7:0320 25 46 2C 10 1A 06 db 25h, 46h, 2Ch, 10h, 1Ah, 06h
3CC7:0326 1A 1D 17 db 1Ah, 1Dh, 17h
3CC7:0329 4D 47 35 3A 4B 63 db 'MG5:KcT', 8
3CC7:032F 54 08
3CC7:0331 17 1C 19 1A 25 3F db 17h, 1Ch, 19h, 1Ah, 25h, 3Fh
3CC7:0337 6C 21 41 25 44 1A db 6Ch, 21h, 41h, 25h, 44h, 1Ah
3CC7:033D 15 07 db 15h, 07h
3CC7:033F 0C 5C 4D 47 4C 58 db 0Ch, '\MGLXg%'
3CC7:0345 67 25
3CC7:0347 10 14 1B 00 49 1A db 10h, 14h, 1Bh, 00h, 49h, 1Ah
3CC7:034D 2F 3A 24 24 4B 31 db 2Fh, 3Ah, 24h, 24h, 4Bh, 31h
3CC7:0353 10 09 1D 11 49 05 db 10h, 09h, 1Dh, 11h, 49h, 05h
3CC7:0359 32 24 35 37 0E 37 db 32h, 24h, 35h, 37h, 0Eh, 37h
3CC7:035F 58 08 54 11 0C 11 db 58h, 08h, 54h, 11h, 0Ch, 11h
3CC7:0365 32 34 31 26 47 2C db '241&G,^@'
3CC7:036B 5E 40
3CC7:036D 06 1A 1C 06 29 23 db 06h, 1Ah, 1Ch, 06h, 29h, 23h
3CC7:0373 24 7E 0E 33 5C 08 db 24h, 7Eh, 0Eh, 33h, 5Ch, 08h
3CC7:0379 15 06 db 15h, 06h
3CC7:037B 0C 52 23 22 2F 26 db 0Ch, 'R#"/&O D`~'
3CC7:0381 4F 20 44 60 7E
3CC7:0386 18 db 18h
3CC7:0387 0C 52 36 24 db 0Ch, 'R6$'
3CC7:038B 20 72 4B 2E 51 db ' rK.Q'
3CC7:0390 04 18 55 06 1C 7A db 04h, 18h, 55h, 06h, 1Ch, 7Ah
3CC7:0396 40 4B 5F 24 2E 59 db 40h, 4Bh, 5Fh, 24h, 2Eh, 59h
3CC7:039C 03 10 17 07 16 32 db 03h, 10h, 17h, 07h, 16h, 32h
3CC7:03A2 0D 32 3D 5E 2B 5F db 0Dh, 32h, 3Dh, 5Eh, 2Bh, 5Fh
3CC7:03A8 0E 18 10 1A db 0Eh, 18h, 10h, 1Ah
3CC7:03AC 5C 21 21 26 3D 40 db '\!!&=@&DC'
3CC7:03B2 26 44 43
3CC7:03B5 07 10 45 7F 4A 40 db 07h, 10h, 45h, 7Fh, 4Ah, 40h
3CC7:03BB 4B 33 4A 31 55 1E db 4Bh, 33h, 4Ah, 31h, 55h, 1Eh
3CC7:03C1 07 55 1D 1A db 07h, 55h, 1Dh, 1Ah
3CC7:03C5 25 6D 2C 37 5D 30 db '%m,7]0Q', 0Ah
3CC7:03CB 51 0A
3CC7:03CD 11 55 1E 1B 34 25 db 11h, 55h, 1Eh, 1Bh, 34h, 25h
3CC7:03D3 61 26 46 26 10 19 db 61h, 26h, 46h, 26h, 10h, 19h
3CC7:03D9 1B 05 00 11 7A 40 db 1Bh, 05h, 00h, 11h, 7Ah, 40h
3CC7:03DF 4B 5F 24 61 64 02 db 4Bh, 5Fh, 24h, 61h, 64h, 02h
secret.lst Sourcer v5.10 8-Jun-98 7:44 am Page 5
3CC7:03E5 54 21 01 17 60 18 db 54h, 21h, 01h, 17h, 60h, 18h
3CC7:03EB 2F 34 41 31 57 04 db 2Fh, 34h, 41h, 31h, 57h, 04h
3CC7:03F1 02 10 07 db 02h, 10h, 07h
3CC7:03F4 50 4D 47 4C 58 5D db 'PMGLX]*^'
3CC7:03FA 2A 5E
3CC7:03FC 0E 11 db 0Eh, 11h
3CC7:03FE 55 20 55 2D 6D 2F db 'U U-m/=Zc}'
3CC7:0404 3D 5A 63 7D
3CC7:0408 04 1A 11 0B 17 db 04h, 1Ah, 11h, 0Bh, 17h
3CC7:040D loc_6:
3CC7:040D 2E: 29 24 sub cs:[si],sp
3CC7:0410 20 00 and [bx+si],al
3CC7:0412 6D insw ; Port dx to es:[di]
3CC7:0413 10 60 7E adc [bx+si+7Eh],ah
3CC7:0416 78 63 ;* js short loc_8 ;*Jump if sign=1
3CC7:0416 78 63 db 78h, 63h
3CC7:0418 3D 6328 cmp ax,6328h
3CC7:041B 6F outsw ; Out [si] to port dx
3CC7:041C 5F pop di
3CC7:041D 24 4E and al,4Eh ; 'N'
3CC7:041F loc_7:
3CC7:041F 3A 0C cmp cl,[si]
3CC7:0421 16 push ss
3CC7:0422 1A 1C sbb bl,[si]
3CC7:0424 06 push es
3CC7:0425 60 pusha ; Save all regs
3CC7:0426 20 38 and [bx+si],bh
3CC7:0428 72 5C jc short $+5Eh ; Jump if carry Set
3CC7:042A 26 51 01 59 1B 08 db 26h, 51h, 01h, 59h, 1Bh, 08h
3CC7:0430 1F db 1Fh
3CC7:0431 25 6D 32 26 5B 25 db '%m2&[%VRy'
3CC7:0437 56 52 79
3CC7:043A 7F 64 78 04 2C 2C db 7Fh, 64h, 78h, 04h, 2Ch, 2Ch
3CC7:0440 3C 47 37 11 4D 20 db 3Ch, 47h, 37h, 11h, 4Dh, 20h
3CC7:0446 1D 00 01 60 24 32 db 1Dh, 00h, 01h, 60h, 24h, 32h
3CC7:044C 72 4F 2D 10 0C 04 db 72h, 4Fh, 2Dh, 10h, 0Ch, 04h
3CC7:0452 07 00 1E db 07h, 00h, 1Eh
3CC7:0455 6D 2B 24 db 'm+$'
3CC7:0458 25 42 62 3D 67 79 db '%Bb=gy'
3CC7:045E 7F 21 33 6D 05 00 db 7Fh, 21h, 33h, 6Dh, 05h, 00h
3CC7:0464 73 23 49 3D 67 59 db 's#I=gYU=', 27h, 'MG['
3CC7:046A 55 3D 27 4D 47 5B
secret endp
seg_a ends
end start
secret.lst Sourcer v5.10 8-Jun-98 7:44 am Page 6
--------------------|-------------------------------------
L O R D J U L U S | e-mail: ionifl@pcnet.pcnet.ro ----------
--------------------|-----------------------------------------------
LoVe, GuNS & | "Make love, not war !... ------
RoCK 'N'RoLL !! | ...Oh, Hell, make them both - get married !"--
--------------------|----------------------------------------------
Visit me at http://members.tripod.com/~lordjulus
http:/www.geocities.com/Athens/Forum/1395
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:18:26 ADT