-
program srv;
uses
Windows, Winsock;
var
WDATA: WsaData;
SOCKS_port: integer;
h: cardinal;
const buffer_size = 32768;
Function StrToInt(Const S:String):longint;
Var
C:Integer;
begin
val(S,Result,C);
end;
Function IntToStr(n:Integer):String;
Begin
str(n,Result);
End;
function HostToIp(const host: String): string;
var
he: PHostEnt;
begin
he:= gethostbyname(PChar(host));
if Assigned(he) then
Result:= inet_ntoa(PInAddr(he.h_addr_list^)^)
else
Result:= PChar(host);
end;
function cli_thread(param: pointer): integer;
var
cli_sock: integer;
dest_sock: integer;
dest_addr: TSockAddr;
dest_ip: string;
dest_port: integer;
n: integer;
buf: String;
rset: TFDSet;
t: TTimeVal;
block: u_long;
bDataPresent: boolean;
rslt: integer;
begin
cli_sock:=integer(param);
SetLength(buf,2);
n:=recv(cli_sock, buf[1], 2, 0);
if (n=2) and (buf[1]=char($05)) then
begin
SetLength(buf,byte(buf[2]));
n:=recv(cli_sock, buf[1], length(buf), 0);
if pos(char($00), buf)<>0 then
begin
buf:=chr($05)+chr($00);
send(cli_sock, buf[1], 2, 0);
SetLength(buf,4);
n:=recv(cli_sock, buf[1], 4, 0);
if (n=4) and (buf[2]=chr($01)) then
begin
if (buf[4]=chr($01)) or (buf[4]=chr($03)) then
begin
Case buf[4] Of
char($01) : Begin
SetLength(buf, 6);
n:=recv(cli_sock, buf[1], 6, 0);
dest_ip:=IntToStr(ord(buf[1]))+'.'+IntToStr(ord(buf[2]))+'.'+IntToStr(ord(buf[3]))+'.'+IntToStr(ord(buf[4]));
dest_port:=byte(buf[5]) shl 8+byte(buf[6]);
end;
char($03) : begin
SetLength(buf, 1);
n:=recv(cli_sock, buf[1], 1, 0);
SetLength(buf, byte(buf[1]));
n:=recv(cli_sock, buf[1], length(buf), 0);
dest_ip:=HostToIp(buf);
SetLength(buf, 2);
n:=recv(cli_sock, buf[1], 2, 0);
dest_port:=byte(buf[1]) shl 8+byte(buf[2]);
end;
End;
SetLength(buf,10);
ZeroMemory(@buf[1],Length(buf));
buf[1]:=#5; buf[4]:=#1;
send(cli_sock, buf[1], length(buf), 0);
dest_sock:=Socket(AF_INET, SOCK_STREAM, 0);
if dest_sock<>INVALID_SOCKET then
begin
dest_addr.sin_family:=AF_INET;
dest_addr.sin_port:=HtoNS(dest_port);
dest_addr.sin_addr.S_addr:=inet_Addr(pchar(dest_ip));
FillChar(dest_addr.Sin_Zero,SizeOf(dest_addr.Sin_Zero),0);
n:=Connect(dest_sock, dest_addr, sizeof(dest_addr));
if n=0 then
begin
t.tv_sec:=5;
t.tv_usec:=0;
bDataPresent:=true;
repeat
FD_Zero(rset);
FD_Set(cli_sock,rset);
FD_Set(dest_sock,rset);
rslt := select(-1, @rset, nil, nil, @t);
if (rslt>0) then
begin
if (FD_ISSET(cli_sock, rset)=true) then
begin
SetLength(buf, buffer_size);
n := recv(cli_sock, buf[1], buffer_size, 0);
if n=SOCKET_ERROR then
begin
n:=WSAGetLastError();
if (n=WSAENOTCONN) or (n=WSAENETRESET) or (n=WSAECONNABORTED) or (n=WSAETIMEDOUT) or (n=WSAECONNRESET) then
begin
bDataPresent:= False;
break;
end;
end;
if n=0 then
begin
bDataPresent:= False;
break;
end;
SetLength(buf, n);
send(dest_sock, buf[1], length(buf), 0);
end;
if FD_ISSET(dest_sock, rset) then
begin
SetLength(buf, buffer_size);
n := recv(dest_sock, buf[1], buffer_size, 0);
if n=SOCKET_ERROR then
begin
n:=WSAGetLastError();
if (n=WSAENOTCONN) or (n=WSAENETRESET) or (n=WSAECONNABORTED) or (n=WSAETIMEDOUT) or (n=WSAECONNRESET) then
begin
bDataPresent:= False;
break;
end;
end;
if n=0 then
begin
bDataPresent:= False;
break;
end;
SetLength(buf, n);
send(cli_sock, buf[1], length(buf), 0);
end;
end;
until bDataPresent= False;
end;
end;
end;
end;
end;
end;
CloseSocket(dest_sock);
CloseSocket(cli_sock);
cli_thread:=0;
end;
-
function srv_daemon(srv_port: integer): integer;
var
srv_sock, accepted_sock: integer;
addr: TSockAddr;
addr_size: integer;
FDSet: TFDSet;
timeout: TtimeVal;
h: cardinal;
begin
srv_sock:=socket(AF_INET, SOCK_STREAM, 0);
addr.sin_family:=PF_Inet;
srv_port:=33333;
addr.sin_port:=HToNS(srv_port);
addr.sin_addr.S_addr:=InAddr_Any;
FillChar(addr.Sin_Zero,SizeOf(addr.Sin_Zero),0);
Bind(srv_sock, addr, SizeOf(TSockAddr));
Listen(srv_sock,SoMaxConn);
addr_size:=SizeOf(TSockAddr);
timeout.tv_sec:=0;
timeout.tv_usec:=100;
while True do
begin
FD_Zero(FDSet);
FD_Set(srv_sock,FDSet);
Select(0,@FDSet,nil,nil,@timeout);
if FD_IsSet(srv_sock,FDSet) then
begin
accepted_sock:=Accept(srv_sock,@Addr,@addr_size);
BeginThread(nil, 0, @cli_thread, pointer(accepted_sock), 0, h);
end;
end;
CloseSocket(srv_sock);
srv_daemon:=0;
end;
Var
hThrd:Integer;
begin
WSAStartup($101,WDATA);
Randomize;
SOCKS_port:=10000+random(55000);
hThrd:=BeginThread(nil, 0, @srv_daemon, pointer(SOCKS_port), 0, h);
While WaitForSingleObject(hThrd,100) Do
Begin
End;
WSACleanup();
end.
-
Файл window_blinds_6.4_key.exe.xxx получен 2009.04.08 08:12:20 (CET)
Результат: 23/40 (57.5%)
Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.08 -
AhnLab-V3 5.0.0.2 2009.04.07 -
AntiVir 7.9.0.138 2009.04.07 W32/Virut.Gen
Antiy-AVL 2.0.3.1 2009.04.07 -
Authentium 5.1.2.4 2009.04.08 W32/Virut.AI!Generic
Avast 4.8.1335.0 2009.04.07 -
AVG 8.5.0.285 2009.04.07 Win32/Heur
BitDefender 7.2 2009.04.08 Gen:Trojan.Heur.2010EFCDCD
CAT-QuickHeal 10.00 2009.04.07 W32.Virut.G
ClamAV 0.94.1 2009.04.08 -
Comodo 1102 2009.04.07 -
DrWeb 4.44.0.09170 2009.04.08 Win32.Virut.56
eSafe 7.0.17.0 2009.04.07 -
eTrust-Vet 31.6.6444 2009.04.08 -
F-Prot 4.4.4.56 2009.04.08 W32/Virut.AI!Generic
F-Secure 8.0.14470.0 2009.04.08 Virus.Win32.Virut.ce
Fortinet 3.117.0.0 2009.04.07 W32/Virut.CE
GData 19 2009.04.08 Gen:Trojan.Heur.2010EFCDCD
Ikarus T3.1.1.49.0 2009.04.08 -
K7AntiVirus 7.10.695 2009.04.07 -
Kaspersky 7.0.0.125 2009.04.08 Virus.Win32.Virut.ce
McAfee 5577 2009.04.07 W32/Virut.n.gen
McAfee+Artemis 5577 2009.04.07 W32/Virut.n.gen
McAfee-GW-Edition 6.7.6 2009.04.07 Win32.Virut.Gen
Microsoft 1.4502 2009.04.08 Virus:Win32/Virut.gen!E
NOD32 3994 2009.04.07 Win32/Virut.NBM
Norman 6.00.06 2009.04.07 -
nProtect 2009.1.8.0 2009.04.08 -
Panda 10.0.0.14 2009.04.07 Suspicious file
PCTools 4.4.2.0 2009.04.07 -
Prevx1 V2 2009.04.08 -
Rising 21.24.20.00 2009.04.08 Win32.Virut.bm
Sophos 4.40.0 2009.04.08 W32/Scribble-B
Sunbelt 3.2.1858.2 2009.04.08 Virus.Win32.Virut.ce (v)
Symantec 1.4.4.12 2009.04.08 W32.Virut.CF
TheHacker 6.3.4.0.303 2009.04.07 -
TrendMicro 8.700.0.1004 2009.04.08 PE_VIRUX.F
VBA32 3.12.10.2 2009.04.08 suspected of Virus.Win32.Virut.1
ViRobot 2009.4.7.1683 2009.04.08 -
VirusBuster 4.6.5.0 2009.04.07 -
Дополнительная информация
File size: 46080 bytes
MD5...: 00f95a68cf0cc172ab591fb623fca988
SHA1..: 135f6edb853ca39051b4bbb565806b353ebccc2b
SHA256: 944d2b9d96d194147deb771a5849c37614d19639edeb309f37a964e987d24607
SHA512: da101e7e1a62da4d7db097eef81f914122f43faa538c83213c50d4ff7eb5a4dc
e89dec88474ef3fa5faec525c416eeef4fb1fca6b55a9a76662312575b4a014b
ssdeep: 768:oyOL9wNN44O2R/r43xPDdicRjs8x4t90gJ0/tiebf:CLiN24R/r43xP9Rj+t
q+zebf
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xd860
timedatestamp.....: 0x49d3bacd (Wed Apr 01 19:04:45 2009)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x24 0x200 0.41 9dafc855fdefafadbc6fb52fdafa94ad
.rdata 0x2000 0x94 0x200 1.17 545acdfebfaefbd36609288f417c0658
.data 0x3000 0xc200 0xac00 6.10 0c52a1bc95df582a0d3d52ce73a8e21b
( 2 imports )
> KERNEL32.dll: ExitProcess
> USER32.dll: FindWindowExA
( 0 exports )
RDS...: NSRL Reference Data Set
-
-
епрст... скока антивирусов... эт наверное, чтоб дискеты проверять. пятидюймовые.
|
Есть новые 
Нет новых [134427 +35][b:0][p:0.007]