好友
阅读权限 40
听众
最后登录 1970-1-1
= =、这破程序已经被埋在回收站里两年多,是我写的第一个超过1000行的程序。今天放出来吧……不为别的,只是因为那天看到读本上爱因斯坦的一句话“一个获得成功的人,前苏联作家高尔基从他的同胞那里所取得的,总是无可比拟地超过他对他们所做的贡献。”
放出来是为了让大家学习知识,不是教唆大家去搞怪。这个程序的第一个版本其实只有cmd /c "FOR /d %i IN (a,b,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do @subst %i: c:\\
这句,其效果是占用A-Z盘符,把没有的盘符影射成C盘。= =、我记得重启过就好了的
只不过后来被我改的恶劣了。这里不赘述,有兴趣的童鞋请自己看源代码。
//////////////////////////////////////////////////////////////////////////////
////////////This Virus is written for Windows Nt system////////////////////
///////////////////Raging Angel Version V1.0 Beta/////////////////////////
//////////////////////////////Code by Azure///////////////////////////////
/////////////////////////////////2008.10///////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
这个程序曾经被班里的同学戏称为“狂热鸟人”专用版……恩,过去就让他过去好了。如果我没记错的话程序里应该有一个比较严重的句柄表溢出,至于在哪里,各位看官请自己找。
报毒概率30.56%,各位杀软你们赢了= =、这么低的概率……
文件 Raging_Angel.exe 接收于 2010.04.03 03:51:46 (UTC)
反病毒引擎 版本 最后更新 扫描结果 a-squared 4.5.0.50 2010.04.02 - AntiVir 7.10.6.23 2010.04.02 TR/Crypt.XPACK.Gen Antiy-AVL 2.0.3.7 2010.04.02 - Authentium 5.2.0.5 2010.04.02 - Avast 4.8.1351.0 2010.04.02 - Avast5 5.0.332.0 2010.04.02 - AVG 9.0.0.787 2010.04.02 - BitDefender 7.2 2010.04.03 Gen:Trojan.Heur.Hype.bmW@aaIxNjk CAT-QuickHeal 10.00 2010.04.03 Win32.Packed.Katusha.a.3 ClamAV 0.96.0.0-git 2010.04.03 - DrWeb 5.0.2.03300 2010.04.03 - eSafe 7.0.17.0 2010.04.01 - eTrust-Vet 35.2.7405 2010.04.02 - F-Prot 4.5.1.85 2010.04.02 - F-Secure 9.0.15370.0 2010.04.02 Gen:Trojan.Heur.Hype.bmW@aaIxNjk Fortinet 4.0.14.0 2010.04.01 - GData 19 2010.04.03 Gen:Trojan.Heur.Hype.bmW@aaIxNjk Ikarus T3.1.1.80.0 2010.04.02 - Jiangmin 13.0.900 2010.04.02 Heur:Worm/Autorun K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.04.03 Heur.AntiAV McAfee 5937 2010.03.31 - McAfee+Artemis 5937 2010.03.31 - Microsoft 1.5605 2010.04.02 Backdoor:Win32/Hupigon.CN NOD32 4995 2010.04.02 - Norman 6.04.10 2010.04.01 - nProtect 2009.1.8.0 2010.04.02 - Panda 10.0.2.2 2010.04.02 - Rising 22.41.04.05 2010.04.02 Dropper.Win32.Undef.GEN Sophos 4.52.0 2010.04.03 Mal/Behav-116 Sunbelt 6132 2010.04.03 - Symantec 20091.2.0.41 2010.04.03 Suspicious.Insight TrendMicro 9.120.0.1004 2010.04.03 - VBA32 3.12.12.4 2010.04.02 - ViRobot 2010.4.2.2258 2010.04.02 - VirusBuster 5.0.27.0 2010.04.02 -
附加信息 File size: 20480 bytes MD5 : 033a80ba1ec1c816973e04fc5b15325e SHA1 : 17cab6eb748e2b7c8ad4fb4b8fedad00d4907f88 SHA256: 027da88706c0a2c678a3c01bcec86ba64f56786151e5cc4e42b1ba9ff59e0ead PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1000<BR>timedatestamp.....: 0x4AED14E9 (Sun Nov 1 05:56:09 2009)<BR>machinetype.......: 0x14C (Intel I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x12A0 0x2000 4.15 f9fe1829d8c9d9accdd08c588c60df26<BR>.rdata 0x3000 0x8C4 0x1000 3.34 83c6866d1ac841b759cb7b8e6b42aa64<BR>.data 0x4000 0xF14 0x1000 5.35 640b3f340e5a38ca4c6d189d9cf42d64<BR><BR>( 6 imports )<BR><BR>> advapi32.dll: CloseServiceHandle, OpenServiceA, QueryServiceStatus, RegSetValueExA, RegDeleteKeyA, RegOpenKeyA, RegCreateKeyA, ControlService, OpenSCManagerA<BR>> kernel32.dll: CreateJobObjectA, Process32Next, Process32First, CreateToolhelp32Snapshot, CreateFileA, GetWindowsDirectoryA, ExitThread, SetFileAttributesA, CopyFileA, DeleteFileA, FindFirstFileA, WriteFile, OpenProcess, SetProcessPriorityBoost, SetThreadPriority, GetCurrentThread, SetPriorityClass, lstrcatA, lstrcpyA, GetEnvironmentVariableA, GetShortPathNameA, Sleep, GetProcAddress, LoadLibraryA, GetCurrentProcessId, DuplicateHandle, GetCurrentProcess, GetCurrentThreadId, CreateMutexA, GetLastError, ExitProcess, CreateThread, WinExec, GetCurrentDirectoryA, GetModuleFileNameA<BR>> msvcrt.dll: _strlwr, sprintf, strncat, strstr, _except_handler3, _stricmp<BR>> ntdll.dll: ZwQueryInformationProcess, ZwDuplicateObject, ZwFreeVirtualMemory, ZwQuerySystemInformation, ZwAllocateVirtualMemory, ZwOpenProcess, ZwTerminateJobObject, ZwAssignProcessToJobObject, RtlAdjustPrivilege, CsrGetProcessId, ZwSystemDebugControl, ZwClose<BR>> shell32.dll: ShellExecuteExA, SHChangeNotify, ShellExecuteA<BR>> user32.dll: GetWindowTextA, FindWindowExA, EnumWindows, SetWindowTextA, SendMessageA, PostThreadMessageA, GetMessageA, FindWindowA, GetWindowThreadProcessId, MessageBoxA<BR><BR>( 0 exports )<BR> TrID : File type identification<BR>Win32 Executable MS Visual C++ (generic) (51.5%)<BR>Windows Screen Saver (17.9%)<BR>Win32 Executable Generic (11.6%)<BR>Win32 Dynamic Link Library (generic) (10.3%)<BR>Win32 Executable MS Visual FoxPro 7 (3.0%) ssdeep: 192:DmmB2lx3AxRi4yx9uKuUrmB7ncdcd/7/gEWcAjtMgxt:Dmm4Hwf4oKuBcet7/gETgxt sigcheck: publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> PEiD : - RDS : NSRL Reference Data Set<BR>-
为了保证广大人民的系统安全,源码下载权限设置为11,避免闲杂人等拿此源码做坏事……