【由于新版本以发布,请大家不要回复本贴。】最近,用vb6写了个壳,虽说简单,恐怕能用vb6写壳的人并不多。
自己试了试,这个壳支持vb\部分vc++等。不支持BC++.
这个壳的免杀效果还算可以,测试数据如下:
【未加壳】
VirSCAN.org Scanned Report :
Scanned time : 2009/07/22 17:26:40 (CST)
Scanner results: 87%的杀软(33/38)报告发现病毒
File Name : 未加壳.zip
File Size : 3334 byte
File Type : Zip archive data, at least v1.0 to extract
MD5 : 748bbc31301df8f619be2a667f4807d0
SHA1 : 880fc46bfd9665642646e563627a1934d1c829e2
Online report : http://virscan.org/report/0002062f427cf6450122e97a7f2efb53.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090721221323 2009-07-21 0.35 Exploit.Win32.MS08-067!IK
安博士V3 2009.07.22.03 2009.07.22 2009-07-22 1.32 Win-Trojan/Hacktool.16384.B
AntiVir 8.2.0.222 7.1.5.13 2009-07-22 0.40 EXP/MS08-067.B
安天 2.0.18 20090722.2632680 2009-07-22 0.12 Exploit/Win32.MS08-067.a
Arcavir 2009 200907220745 2009-07-22 0.03 Trojan.Exploit.Gimmiv.a
Authentium 5.1.1 200907212205 2009-07-21 1.17 W32/Malware!ff3c (Exact)
AVAST! 4.7.4 090721-0 2009-07-21 0.00 Win32:Trojan-gen {Other}
AVG 8.5.288 270.13.23/2254 2009-07-22 0.32 Exploit.MS08-067
BitDefender 7.81008.3829770 7.26744 2009-07-22 3.36 Trojan.Generic.1264162
CA (VET) 9.0.0.143 31.6.6632 2009-07-22 4.11 Win32/Mantgor.A trojan.
ClamAV 0.95.2 9602 2009-07-22 0.01 Trojan.Gimmiv-8
Comodo 3.10 1729 2009-07-21 0.71 VirTool.Win32.Exploit.MS08-067.~C
CP Secure 1.1.0.715 2009.07.22 2009-07-22 11.57 Troj.Spy.W32.Agent.pn
Dr.Web 4.44.0.9170 2009.07.22 2009-07-22 5.30 Exploit.MS08-067
F-Prot 4.4.4.56 20090721 2009-07-21 1.15 W32/Malware!ff3c (exact)
F-Secure 5.51.6100 2009.07.22.03 2009-07-22 0.05 Exploit.Win32.MS08-067.i [AVP]
飞塔 2.81-3.120 10.631 2009-07-21 0.25 W32/DCERPC!exploit.MS08067
GData 19.6624/19.407 20090722 2009-07-22 6.92 Exploit.Win32.MS08-067.i [Engine:A]
ViRobot 20090721 2009.07.21 2009-07-21 0.65 -
Ikarus T3.1.01.64 2009.07.22.73080 2009-07-22 3.50 Exploit.Win32.MS08-067
江民杀毒 11.0.800 2009.07.22 2009-07-22 4.01 Exploit.Gimmiv.b
卡巴斯基 5.5.10 2009.07.22 2009-07-22 0.04 Exploit.Win32.MS08-067.i
金山毒霸 2009.2.5.15 2009.7.22.14 2009-07-22 0.54 Win32.EXPLOIT.MS08-67.eq.16384
迈克菲 5.3.00 5683 2009-07-21 2.93 Exploit-MS08-067
Microsoft 1.4903 2009.07.22 2009-07-22 4.74 Trojan:Win32/Clort.A!exploit
mks_vir 2.01 2009.07.15 2009-07-15 3.14 -
Norman 6.01.09 6.01.00 2009-07-16 8.01 W32/Exploit-MS08-067.A
熊猫卫士 9.05.01 2009.07.21 2009-07-21 1.81 Exploit/MS08-067
趋势科技 8.700-1004 6.299.00 2009-07-21 0.03 -
Quick Heal 10.00 2009.07.21 2009-07-21 1.07 -
瑞星 20.0 21.39.21.00 2009-07-22 0.96 Hack.Exploit.Win32.MS08-067.a
Sophos 2.88.0 4.43 2009-07-22 2.90 Troj/Gimmiv-B
Sunbelt 5274 5274 2009-07-21 1.25 Exploit.Win32.Gimmiv.a
赛门铁克 1.3.0.24 20090721.006 2009-07-21 0.00 -
nProtect 20090721.02 4887961 2009-07-21 9.01 Trojan/W32.Gimmiv.16384
The Hacker 6.3.4.3 v00372 2009-07-21 1.00 Trojan/Exploit.MS08-067.i
VBA32 3.12.10.8 20090721.1807 2009-07-21 1.84 Exploit.Win32.MS08-067.a
VirusBuster 4.5.11.10 10.109.6/1824416 2009-07-21 2.37 Exploit.MS08-067.A
【加壳】
VirSCAN.org Scanned Report :
Scanned time : 2009/07/22 17:26:44 (CST)
Scanner results: 37%的杀软(14/38)报告发现病毒
File Name : 加壳.exe
File Size : 20480 byte
File Type : PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5 : 60b9f95e0ae2c28fff233949b9ea8c99
SHA1 : 0f16dc665138e61f25408d2499fa62195919a865
Online report : http://virscan.org/report/cae4705b1d461f0100174f731398cd43.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090721221323 2009-07-21 0.54 Exploit.Win32.MS08!IK
安博士V3 2009.07.22.03 2009.07.22 2009-07-22 0.86 -
AntiVir 8.2.0.222 7.1.5.13 2009-07-22 0.53 -
安天 2.0.18 20090722.2632680 2009-07-22 0.12 -
Arcavir 2009 200907220745 2009-07-22 0.03 -
Authentium 5.1.1 200907212205 2009-07-21 1.14 W32/Backdoor2.DBKW (Exact)
AVAST! 4.7.4 090721-0 2009-07-21 0.00 -
AVG 8.5.288 270.13.23/2254 2009-07-22 0.34 Exploit.BVQ
BitDefender 7.81008.3829770 7.26744 2009-07-22 3.66 MemScan:Exploit.Gimmiv.A
CA (VET) 9.0.0.143 31.6.6632 2009-07-22 6.01 -
ClamAV 0.95.2 9602 2009-07-22 0.01 -
Comodo 3.10 1729 2009-07-21 0.89 VirTool.Win32.Exploit.MS08-067.~C
CP Secure 1.1.0.715 2009.07.22 2009-07-22 11.59 -
Dr.Web 4.44.0.9170 2009.07.22 2009-07-22 5.00 -
F-Prot 4.4.4.56 20090721 2009-07-21 1.13 W32/Backdoor2.DBKW (exact)
F-Secure 5.51.6100 2009.07.22.03 2009-07-22 0.07 Type_Win32 [AVP]
飞塔 2.81-3.120 10.631 2009-07-21 0.32 -
GData 19.6624/19.407 20090722 2009-07-22 4.73 -
ViRobot 20090721 2009.07.21 2009-07-21 0.42 -
Ikarus T3.1.01.64 2009.07.22.73080 2009-07-22 4.05 Exploit.Win32.MS08
江民杀毒 11.0.800 2009.07.22 2009-07-22 4.32 -
卡巴斯基 5.5.10 2009.07.22 2009-07-22 0.06 -
金山毒霸 2009.2.5.15 2009.7.22.14 2009-07-22 0.81 -
迈克菲 5.3.00 5683 2009-07-21 2.97 Exploit-MS08-067
Microsoft 1.4903 2009.07.22 2009-07-22 5.34 Trojan:Win32/Clort.A!exploit
mks_vir 2.01 2009.07.15 2009-07-15 3.16 -
Norman 6.01.09 6.01.00 2009-07-16 4.01 -
熊猫卫士 9.05.01 2009.07.21 2009-07-21 1.76 -
趋势科技 8.700-1004 6.299.00 2009-07-21 0.03 -
Quick Heal 10.00 2009.07.21 2009-07-21 1.06 Suspicious - DNAScan
瑞星 20.0 21.39.21.00 2009-07-22 1.05 Packer.Win32.UnkPacker.b [Suspicious]
Sophos 2.88.0 4.43 2009-07-22 2.92 -
Sunbelt 5274 5274 2009-07-21 1.70 -
赛门铁克 1.3.0.24 20090721.006 2009-07-21 0.09 Hacktool
nProtect 20090721.02 4887961 2009-07-21 9.80 MemScan:Exploit.Gimmiv.A
The Hacker 6.3.4.3 v00372 2009-07-21 0.69 -
VBA32 3.12.10.8 20090721.1807 2009-07-21 1.91 -
VirusBuster 4.5.11.10 10.109.6/1824416 2009-07-21 2.21 -
国产杀毒软件中,只有瑞星报毒,但居然只是Packer.Win32.UnkPacker.b [Suspicious]。
可见免杀效果还可以。
希望大家多提宝贵意见。
tbcaaa8@tom.com
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
其他几家没报 卖咖啡这次变牛了
