ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 19:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Virus/Win32/V/Virus.Win32.Virut.ce-bb6bf5a81e7ce35327253fa15ae76b9f32a2dfb7c0def1083789e9ea135c25ee/Form1.cs

383 lines
14 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: cfFncEnabler.Form1
// Assembly: cfFncEnabler, Version=1.0.0.18, Culture=neutral, PublicKeyToken=null
// MVID: 332E9E14-3026-4FC8-B925-0BA2C251918E
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Virut.ce-bb6bf5a81e7ce35327253fa15ae76b9f32a2dfb7c0def1083789e9ea135c25ee.exe
using Microsoft.Win32;
using System;
using System.Collections;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Management;
using System.Net.NetworkInformation;
using System.Runtime.InteropServices;
using System.ServiceProcess;
using System.Threading;
using System.Windows.Forms;
namespace cfFncEnabler
{
public class Form1 : Form
{
private bool bRunningWinSidebar;
private bool bRunningGglSidebar;
private int nCount;
private IContainer components;
private System.Windows.Forms.Timer timer1;
private TextBox myTextBox;
private Button button1;
public Form1()
{
this.InitializeComponent();
this.myTextBox.Text = "TOSHIBA ConfigFree WPS/Sidebar gadgets enabler version 1.0.0.14.\r\n";
}
private void Form1_Load(object sender, EventArgs e)
{
try
{
Hashtable hashtable = new Hashtable();
try
{
ManagementScope scope = new ManagementScope("root\\cimv2");
scope.Connect();
ObjectQuery query = new ObjectQuery("select ProductName,PNPDeviceID from Win32_NetworkAdapter");
ManagementObjectCollection objectCollection = new ManagementObjectSearcher(scope, query).Get();
foreach (NetworkInterface networkInterface in NetworkInterface.GetAllNetworkInterfaces())
{
if (networkInterface.NetworkInterfaceType == NetworkInterfaceType.Wireless80211)
{
foreach (ManagementObject managementObject in objectCollection)
{
if (networkInterface.Description.ToString().Contains(managementObject.GetPropertyValue("ProductName").ToString()))
{
if (managementObject.GetPropertyValue("PNPDeviceID") != null)
{
hashtable.Add((object) managementObject.GetPropertyValue("PNPDeviceID").ToString(), (object) managementObject.GetPropertyValue("PNPDeviceID").ToString().Substring(4, 8));
}
else
{
if (managementObject.GetPropertyValue("ProductName").ToString().Contains("Atheros"))
hashtable.Add((object) "PCI\\VEN_168C\\NULL", (object) "VEN_168C");
if (managementObject.GetPropertyValue("ProductName").ToString().Contains("Realtek"))
hashtable.Add((object) "PCI\\VEN_10EC\\NULL", (object) "VEN_10EC");
}
}
}
}
}
}
catch (Exception ex)
{
this.ndsDBGError(1, -1, "cfFncEnabler", "scope.Connect():" + ex.Message);
}
try
{
string subkey = "SOFTWARE\\TOSHIBA\\ConfigFree\\";
RegistryKey subKey = Registry.CurrentUser.CreateSubKey(subkey);
foreach (DictionaryEntry dictionaryEntry in hashtable)
{
if (dictionaryEntry.Value.ToString().CompareTo((string) null) != 0)
{
switch (dictionaryEntry.Value.ToString())
{
case "VEN_168C":
ServiceController serviceController = new ServiceController("jswpsapi");
try
{
if (serviceController.Status == ServiceControllerStatus.ContinuePending || serviceController.Status == ServiceControllerStatus.Paused || serviceController.Status == ServiceControllerStatus.PausePending || serviceController.Status == ServiceControllerStatus.Running || serviceController.Status == ServiceControllerStatus.StartPending || serviceController.Status == ServiceControllerStatus.Stopped || serviceController.Status == ServiceControllerStatus.StopPending)
{
subKey.SetValue("EnableWPS", (object) 1);
goto label_36;
}
else
{
subKey.SetValue("EnableWPS", (object) 0);
goto label_36;
}
}
catch (Exception ex)
{
this.ndsDBGError(1, 0, "cfWPSEnabler", ex.Message);
subKey.SetValue("EnableWPS", (object) 0);
goto label_36;
}
case "VID_0BDA":
case "VEN_10EC":
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.System);
string str1 = Path.GetDirectoryName(folderPath) + "\\SysWOW64";
string str2 = "\\RtlLib.dll";
if (File.Exists(folderPath + str2) || File.Exists(str1 + str2))
{
subKey.SetValue("EnableWPS", (object) 3);
goto label_36;
}
else
{
subKey.SetValue("EnableWPS", (object) 0);
goto label_36;
}
default:
subKey.SetValue("EnableWPS", (object) 0);
continue;
}
}
}
label_36:
subKey.Close();
}
catch (Exception ex)
{
this.ndsDBGError(1, -1, "cfFncEnabler", "Registry.CurrentUser.CreateSubKey" + ex.Message);
}
}
catch (Exception ex)
{
this.ndsDBGError(1, -1, "cfFncEnabler", "IPGlobalProperties:" + ex.Message);
}
if (Environment.OSVersion.Version.Major < 6 || Environment.OSVersion.Version.Minor < 1)
return;
string subkey1 = "SOFTWARE\\TOSHIBA\\ConfigFree\\";
RegistryKey subKey1 = Registry.CurrentUser.CreateSubKey(subkey1);
try
{
subKey1.SetValue("EnableWPS", (object) 0);
}
catch (Exception ex)
{
this.ndsDBGError(1, -1, nameof (Form1_Load), "Registry.CurrentUser.CreateSubKey(rKeyName):" + ex.Message);
}
subKey1.Close();
}
private void timer1_Tick(object sender, EventArgs e)
{
int num1 = 0;
string name = "SOFTWARE\\Wow6432Node\\TOSHIBA\\ConfigFree\\";
string str1 = "SOFTWARE\\TOSHIBA\\ConfigFree\\";
if (this.nCount >= 4)
{
this.timer1.Stop();
this.ndsDBGError(1, -1, nameof (timer1_Tick), "timer1 is timeout.:");
num1 = 1;
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(str1);
try
{
registryKey = Registry.CurrentUser.CreateSubKey(str1);
registryKey.SetValue("GadgetsConfigured", (object) num1);
}
catch (Exception ex)
{
this.ndsDBGError(1, -1, nameof (timer1_Tick), "Registry.CurrentUser.CreateSubKey(rKeyName):" + ex.Message);
}
registryKey.Close();
Environment.Exit(0);
}
if (Process.GetProcessesByName("sidebar").Length > 0)
{
this.bRunningWinSidebar = true;
this.myTextBox.Text = "Windows Sidebar is running.\r\n";
}
if (Process.GetProcessesByName("GoogleDesktop").Length > 0)
{
this.bRunningGglSidebar = true;
this.myTextBox.Text = "Google Sidebar is running.\r\n";
}
bool flag = Marshal.SizeOf((object) IntPtr.Zero) == 8;
try
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(str1);
try
{
num1 = (int) registryKey.GetValue("GadgetsConfigured");
}
catch (Exception ex)
{
this.ndsDBGError(1, -1, nameof (timer1_Tick), "Registry.CurrentUser.OpenSubKey(rKeyName):nGadgetsConfigured:" + ex.Message);
}
finally
{
registryKey.Close();
}
int num2 = 2;
try
{
registryKey = !flag ? Registry.LocalMachine.OpenSubKey(str1) : Registry.LocalMachine.OpenSubKey(name);
num2 = (int) registryKey.GetValue("EnableGadgets", (object) 2);
}
catch (Exception ex)
{
this.ndsDBGError(1, -1, nameof (timer1_Tick), "Registry.LocalMachine.OpenSubKey(rKeyName):nEnableGadgets:" + ex.Message);
}
finally
{
registryKey.Close();
}
if (num1 == 0)
{
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles);
string str2 = folderPath + " (x86)";
string str3 = "\\Windows Sidebar\\sidebar.exe";
string str4 = "\\TOSHIBA\\ConfigFree\\";
if (this.bRunningWinSidebar)
{
if (num2 != 2)
{
try
{
foreach (Process process in Process.GetProcessesByName("sidebar"))
{
try
{
process.Kill();
}
catch (Exception ex)
{
this.ndsDBGError(1, -1, "cfFncEnabler", "p.Kill():" + ex.Message);
}
}
}
catch (Exception ex)
{
this.ndsDBGError(1, -1, "cfFncEnabler", "p.Kill():" + ex.Message);
}
}
}
try
{
if (num2 != 2)
{
if (flag)
{
Process.Start("\"" + str2 + str4 + "AddGadget.exe\"", "-add \"" + str2 + str4 + "SrcSetting.ini\"");
this.myTextBox.Text += "AddGadget.exe registered (x64)\r\n";
num1 = 1;
this.timer1.Stop();
}
else
{
Process.Start("\"" + folderPath + str4 + "AddGadget.exe\"", "-add \"" + folderPath + str4 + "SrcSetting.ini\"");
this.myTextBox.Text += "AddGadget.exe registered (x86)\r\n";
num1 = 1;
this.timer1.Stop();
}
}
}
catch (Exception ex)
{
this.ndsDBGError(1, -1, nameof (timer1_Tick), "System.Diagnostics.Process.Start:Enable:" + ex.Message);
}
try
{
registryKey = Registry.CurrentUser.CreateSubKey(str1);
registryKey.SetValue("GadgetsConfigured", (object) num1);
}
catch (Exception ex)
{
this.ndsDBGError(1, -1, nameof (timer1_Tick), "Registry.CurrentUser.CreateSubKey(rKeyName):" + ex.Message);
}
finally
{
registryKey.Close();
}
if (num2 == 1)
{
if (this.bRunningWinSidebar)
{
if (!this.bRunningGglSidebar)
{
Thread.Sleep(500);
Process.Start("\"" + folderPath + str3 + "\"");
}
}
}
}
else
this.myTextBox.Text = "Gadget setting has already done.\r\n";
}
catch (Exception ex)
{
this.ndsDBGError(1, -1, nameof (timer1_Tick), "Registry.CurrentUser.CreateSubKey(2):" + ex.Message);
}
if (num1 == 1)
{
TextBox textBox = this.myTextBox;
textBox.Text = textBox.Text + this.nCount.ToString() + "Exit.\r\n";
Environment.Exit(0);
}
TextBox textBox1 = this.myTextBox;
textBox1.Text = textBox1.Text + this.nCount.ToString() + ": timer1_Tick finished.\r\n";
++this.nCount;
}
private void ndsDBGError(int i, int err, string function, string error)
{
if (i == 1)
{
string str = "Warining:";
Trace.WriteLine(str + "\"" + error + "\" in " + function + "(" + err.ToString() + ")");
TextBox textBox = this.myTextBox;
textBox.Text = textBox.Text + str + "\"" + error + "\" in " + function + "(" + err.ToString() + ")\r\n";
}
else
{
string str = "Fatal:";
Trace.WriteLine(str + "\"" + error + "\" in " + function + "(" + err.ToString() + ")");
TextBox textBox = this.myTextBox;
textBox.Text = textBox.Text + str + "\"" + error + "\" in " + function + "(" + err.ToString() + ")\r\n";
}
}
private void button1_Click(object sender, EventArgs e) => this.Close();
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.components = (IContainer) new Container();
this.timer1 = new System.Windows.Forms.Timer(this.components);
this.myTextBox = new TextBox();
this.button1 = new Button();
this.SuspendLayout();
this.timer1.Enabled = true;
this.timer1.Interval = 3000;
this.timer1.Tick += new EventHandler(this.timer1_Tick);
this.myTextBox.Location = new Point(12, 12);
this.myTextBox.Multiline = true;
this.myTextBox.Name = "myTextBox";
this.myTextBox.ScrollBars = ScrollBars.Vertical;
this.myTextBox.Size = new Size(560, 210);
this.myTextBox.TabIndex = 0;
this.button1.Location = new Point(497, 228);
this.button1.Name = "button1";
this.button1.Size = new Size(75, 23);
this.button1.TabIndex = 1;
this.button1.Text = "OK";
this.button1.UseVisualStyleBackColor = true;
this.button1.Click += new EventHandler(this.button1_Click);
this.AutoScaleDimensions = new SizeF(6f, 12f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(584, 263);
this.Controls.Add((Control) this.button1);
this.Controls.Add((Control) this.myTextBox);
this.Name = nameof (Form1);
this.ShowIcon = false;
this.ShowInTaskbar = false;
this.Text = "cfFncEnabler";
this.WindowState = FormWindowState.Minimized;
this.Load += new EventHandler(this.Form1_Load);
this.ResumeLayout(false);
this.PerformLayout();
}
}
}
Reference in New Issue Copy Permalink