糟糕病毒Raging Angel源码[LCG]
= =、这破程序已经被埋在回收站里两年多,是我写的第一个超过1000行的程序。今天放出来吧……不为别的,只是因为那天看到读本上爱因斯坦的一句话“一个获得成功的人,前苏联作家高尔基从他的同胞那里所取得的,总是无可比拟地超过他对他们所做的贡献。”放出来是为了让大家学习知识,不是教唆大家去搞怪。这个程序的第一个版本其实只有
cmd /c \"FOR /d %i IN (a,b,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do @subst %i: c:\\
这句,其效果是占用A-Z盘符,把没有的盘符影射成C盘。= =、我记得重启过就好了的
只不过后来被我改的恶劣了。这里不赘述,有兴趣的童鞋请自己看源代码。
//////////////////////////////////////////////////////////////////////////////
////////////This Virus is written for Windows Nt system////////////////////
///////////////////Raging Angel Version V1.0 Beta/////////////////////////
//////////////////////////////Code by Azure///////////////////////////////
/////////////////////////////////2008.10///////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
这个程序曾经被班里的同学戏称为“狂热鸟人”专用版……恩,过去就让他过去好了。如果我没记错的话程序里应该有一个比较严重的句柄表溢出,至于在哪里,各位看官请自己找。
报毒概率30.56%,各位杀软你们赢了= =、这么低的概率……
文件 Raging_Angel.exe 接收于 2010.04.03 03:51:46 (UTC)
反病毒引擎版本最后更新扫描结果
a-squared4.5.0.502010.04.02-
AntiVir7.10.6.232010.04.02TR/Crypt.XPACK.Gen
Antiy-AVL2.0.3.72010.04.02-
Authentium5.2.0.52010.04.02-
Avast4.8.1351.02010.04.02-
Avast55.0.332.02010.04.02-
AVG9.0.0.7872010.04.02-
BitDefender7.22010.04.03Gen:Trojan.Heur.Hype.bmW@aaIxNjk
CAT-QuickHeal10.002010.04.03Win32.Packed.Katusha.a.3
ClamAV0.96.0.0-git2010.04.03-
DrWeb5.0.2.033002010.04.03-
eSafe7.0.17.02010.04.01-
eTrust-Vet35.2.74052010.04.02-
F-Prot4.5.1.852010.04.02-
F-Secure9.0.15370.02010.04.02Gen:Trojan.Heur.Hype.bmW@aaIxNjk
Fortinet4.0.14.02010.04.01-
GData192010.04.03Gen:Trojan.Heur.Hype.bmW@aaIxNjk
IkarusT3.1.1.80.02010.04.02-
Jiangmin13.0.9002010.04.02Heur:Worm/Autorun
K7AntiVirus7.10.10042010.03.22-
Kaspersky7.0.0.1252010.04.03Heur.AntiAV
McAfee59372010.03.31-
McAfee+Artemis59372010.03.31-
Microsoft1.56052010.04.02Backdoor:Win32/Hupigon.CN
NOD3249952010.04.02-
Norman6.04.102010.04.01-
nProtect2009.1.8.02010.04.02-
Panda10.0.2.22010.04.02-
Rising22.41.04.052010.04.02Dropper.Win32.Undef.GEN
Sophos4.52.02010.04.03Mal/Behav-116
Sunbelt61322010.04.03-
Symantec20091.2.0.412010.04.03Suspicious.Insight
TrendMicro9.120.0.10042010.04.03-
VBA323.12.12.42010.04.02-
ViRobot2010.4.2.22582010.04.02-
VirusBuster5.0.27.02010.04.02-
附加信息
File size: 20480 bytes
MD5 : 033a80ba1ec1c816973e04fc5b15325e
SHA1 : 17cab6eb748e2b7c8ad4fb4b8fedad00d4907f88
SHA256: 027da88706c0a2c678a3c01bcec86ba64f56786151e5cc4e42b1ba9ff59e0ead
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1000<BR>timedatestamp.....: 0x4AED14E9 (Sun Nov 1 05:56:09 2009)<BR>machinetype.......: 0x14C (Intel I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x12A0 0x2000 4.15 f9fe1829d8c9d9accdd08c588c60df26<BR>.rdata 0x3000 0x8C4 0x1000 3.34 83c6866d1ac841b759cb7b8e6b42aa64<BR>.data 0x4000 0xF14 0x1000 5.35 640b3f340e5a38ca4c6d189d9cf42d64<BR><BR>( 6 imports )<BR><BR>> advapi32.dll: CloseServiceHandle, OpenServiceA, QueryServiceStatus, RegSetValueExA, RegDeleteKeyA, RegOpenKeyA, RegCreateKeyA, ControlService, OpenSCManagerA<BR>> kernel32.dll: CreateJobObjectA, Process32Next, Process32First, CreateToolhelp32Snapshot, CreateFileA, GetWindowsDirectoryA, ExitThread, SetFileAttributesA, CopyFileA, DeleteFileA, FindFirstFileA, WriteFile, OpenProcess, SetProcessPriorityBoost, SetThreadPriority, GetCurrentThread, SetPriorityClass, lstrcatA, lstrcpyA, GetEnvironmentVariableA, GetShortPathNameA, Sleep, GetProcAddress, LoadLibraryA, GetCurrentProcessId, DuplicateHandle, GetCurrentProcess, GetCurrentThreadId, CreateMutexA, GetLastError, ExitProcess, CreateThread, WinExec, GetCurrentDirectoryA, GetModuleFileNameA<BR>> msvcrt.dll: _strlwr, sprintf, strncat, strstr, _except_handler3, _stricmp<BR>> ntdll.dll: ZwQueryInformationProcess, ZwDuplicateObject, ZwFreeVirtualMemory, ZwQuerySystemInformation, ZwAllocateVirtualMemory, ZwOpenProcess, ZwTerminateJobObject, ZwAssignProcessToJobObject, RtlAdjustPrivilege, CsrGetProcessId, ZwSystemDebugControl, ZwClose<BR>> shell32.dll: ShellExecuteExA, SHChangeNotify, ShellExecuteA<BR>> user32.dll: GetWindowTextA, FindWindowExA, EnumWindows, SetWindowTextA, SendMessageA, PostThreadMessageA, GetMessageA, FindWindowA, GetWindowThreadProcessId, MessageBoxA<BR><BR>( 0 exports )<BR>
TrID : File type identification<BR>Win32 Executable MS Visual C++ (generic) (51.5%)<BR>Windows Screen Saver (17.9%)<BR>Win32 Executable Generic (11.6%)<BR>Win32 Dynamic Link Library (generic) (10.3%)<BR>Win32 Executable MS Visual FoxPro 7 (3.0%)
ssdeep: 192:DmmB2lx3AxRi4yx9uKuUrmB7ncdcd/7/gEWcAjtMgxt:Dmm4Hwf4oKuBcet7/gETgxt
sigcheck: publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
PEiD : -
RDS : NSRL Reference Data Set<BR>-
为了保证广大人民的系统安全,源码下载权限设置为11,避免闲杂人等拿此源码做坏事…… 严重支持源代码!!!求大侠回收站内的所有内容!!! :lol神秘的回收站 权限不够!!!
悲剧 汗。这东西看的吓死人。 源代码 是个好东西 虽然我也很想看看。。。。可是。。。 呵呵,我也想看啊 来看一下。。 纯支持。。。。。。。。。。
页:
[1]
2