什么也不会……
不过里面好像没有网络部分的代码,所以没有破坏力吧
ADVAPI32.RegCloseKey7 X% m% f$ \. L+ G ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA KERNEL32.CloseHandle& O% S/ E& T% y% @ KERNEL32.CopyFileA- _. D9 q( s+ b KERNEL32.CreateEventA KERNEL32.CreateProcessA KERNEL32.CreateToolhelp32Snapshot KERNEL32.FreeLibrary KERNEL32.GetLastError KERNEL32.GetModuleFileNameA( S+ s# ]* T( A KERNEL32.GetModuleHandleA% f& f7 b9 V, N: l KERNEL32.GetProcAddress KERNEL32.GetStartupInfoA KERNEL32.GetSystemDirectoryA KERNEL32.GetWindowsDirectoryA KERNEL32.LoadLibraryA KERNEL32.Process32First9 H' q0 K3 q) q; T; A KERNEL32.Process32Next3 h% Q# U: m$ \" n, @5 Q KERNEL32.WaitForSingleObject MFC42." k' `1 _8 N; `+ s6 { MFC42.% Y) ]1 t5 @) O: t: ]! h MFC42. MFC42. MFC42.' f5 g; _& T8 g/ g+ w ] ~ MFC42. MFC42.3 ^- } q: U6 q" a MFC42. MFC42. MFC42. MFC42.; a5 H( X9 z/ J MFC42.0 T9 f* q0 a9 l% u- d MFC42. MFC42.( \+ N7 E6 ]1 k% J! R. E MFC42. MFC42." ? a4 R4 U$ y2 J3 A MFC42.& ]& }6 [1 m; A/ b# J6 Y! L MFC42. MFC42.$ k# [: n$ R( V$ X- f MFC42.7 M" w' K g/ I" @ MFC42. MFC42." c# d, `4 \& S5 u# T) @ MFC42. MFC42., r! G. ^% H% _9 i' M MFC42. MFC42.6 X3 M& S9 T0 P. _; `3 { O( P# F MFC42.. T; V* w* c0 g7 l MFC42. MFC42.2 r) z3 C! n$ e0 R1 j MFC42.$ J% B8 T ]; ~8 Q6 F MFC42.2 z# n( h6 q$ \; m# i9 S MFC42. MFC42.2 v$ q1 H7 A( f0 Z; e6 Q( s MFC42.* {' B/ J2 R: w5 r1 u+ J n MFC42. MFC42. MFC42.- l, C8 ?1 {4 o4 W8 K4 c MFC42. MFC42. MFC42. MFC42. MFC42. MSVCRT.__CxxFrameHandler- b* f0 b9 Y; E N& r% k$ L; T MSVCRT.__dllonexit MSVCRT.__getmainargs! _( [1 ]& _2 b0 [% o9 I MSVCRT.__p__commode: w# }* M0 T& A3 b, e MSVCRT.__p__fmode MSVCRT.__set_app_type MSVCRT.__setusermatherr% L; N8 z4 A3 u' ] MSVCRT._controlfp8 ?) P- p o5 R8 h Q0 u MSVCRT._except_handler3% e7 ?) C; e) e/ |5 ^ MSVCRT._exit MSVCRT._initterm& o2 M/ r3 J" W( p MSVCRT._onexit- V# X$ |. H7 m MSVCRT._setmbcp MSVCRT._strupr$ x5 C/ ~8 B5 Q& h' D. M8 s6 A MSVCRT._XcptFilter MSVCRT.exit( `! R+ ]: I9 w+ \% S; @ MSVCRT.fclose MSVCRT.fopen7 x, _; x' a' d) Q, V3 w MSVCRT.fread: x% a5 ^$ Q& r% J# h' {9 W MSVCRT.fseek MSVCRT.fwrite MSVCRT.sprintf MSVCRT.strrchr* Y4 o D/ `, q3 n MSVCRT.strstr USER32.EnumWindows USER32.GetWindowThreadProcessId+ E: q4 h0 K4 Z, e USER32.PostMessageA USER32.WaitForInputIdle5 Y V1 f- ^) y+ F! b你已经把壳脱了?
Google后,找到
r!sc's petite 2.2/2.1 enlarger v1.0
不知道,用w32Dasm而已……
我这方面是小白……
并不是所有的病毒木马有网络相关函数的。有些木马里面压缩了一个DLL,一切活动由那个DLL完成的。
欢迎光临 下沙论坛 (http://bbs.xiasha.cn/) | Powered by Discuz! X3.3 |