zjjmj2002
驱动小牛
驱动小牛
  • 注册日期2007-04-05
  • 最后登录2016-01-09
  • 粉丝0
  • 关注0
  • 积分15分
  • 威望321点
  • 贡献值0点
  • 好评度224点
  • 原创分1分
  • 专家分0分
阅读:1308回复:2

发个以前的病毒样本,关关税吧!

楼主#
更多 发布于:2007-06-08 10:14
;This is source code of a WinXp virus.Write by zjjmj2002.
;It use \Device\PhysicalMemory switch to ring.The routine entering ring 0 is from some other's C code--I only
;rewrite it in MASM.
;It use ApiHash to Search the API addresses in memory.
;The infection method is cavity infection.It will insert pieces of itself to the cavity of host
;file,but if there are no enough place for it,it will append to the tail of host file.
;It will hook CreateProcessW to infect PE file.
;It can hide itself in kernen32.dll module.Save computer resource :)
;It will destory many install PE file,becoz they always try to examine themself before executing :(
;So if the PE filesize>10M,it will not infect!
;Anti WFP,so my cute virus can infect notepad.exe and so on!
;This is TEST version, So it only infect special PE file(offset 0x38=0xff)!
;Sorry for my poor English,coz I have wasted too many time on StarCraft,hehe!
附件名称/大小 下载次数 最后更新
jmj.zip (37KB)  20 2007-06-08 10:14
hlpsl
驱动牛犊
驱动牛犊
  • 注册日期2003-02-27
  • 最后登录2015-01-28
  • 粉丝0
  • 关注0
  • 积分1分
  • 威望30点
  • 贡献值0点
  • 好评度19点
  • 原创分0分
  • 专家分0分
沙发#
发布于:2007-06-11 13:13
                     
wingsoft
驱动小牛
驱动小牛
  • 注册日期2006-05-16
  • 最后登录2008-10-14
  • 粉丝0
  • 关注0
  • 积分1001分
  • 威望216点
  • 贡献值0点
  • 好评度214点
  • 原创分0分
  • 专家分0分
板凳#
发布于:2007-06-23 00:05
都爱用英文....
[url] http://www.81915.com[/url]
游客

返回顶部