mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-20 18:36:10 +00:00
102 lines
2.9 KiB
C#
102 lines
2.9 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
|
// Type: eRecoveryService.ETFclass
|
|||
|
|
// Assembly: eRecoveryService, Version=2.5.3.6, Culture=neutral, PublicKeyToken=null
|
|||
|
|
// MVID: 08DF666A-8C92-4CCB-869A-390134BB6787
|
|||
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Patched.mf-d8d6de6a708417645ef396f90e846eda5ae240e20dd2ceba0b7c9c1e4a6a7d77.exe
|
|||
|
|
|
|||
|
|
using IERYETF;
|
|||
|
|
using System;
|
|||
|
|
using System.IO;
|
|||
|
|
using System.Runtime.Remoting.Lifetime;
|
|||
|
|
using System.Threading;
|
|||
|
|
|
|||
|
|
namespace eRecoveryService
|
|||
|
|
{
|
|||
|
|
public class ETFclass : MarshalByRefObject, IERY
|
|||
|
|
{
|
|||
|
|
private ILease lease;
|
|||
|
|
|
|||
|
|
public override object InitializeLifetimeService()
|
|||
|
|
{
|
|||
|
|
if (this.lease == null)
|
|||
|
|
{
|
|||
|
|
this.lease = (ILease) base.InitializeLifetimeService();
|
|||
|
|
if (this.lease.CurrentState == LeaseState.Initial)
|
|||
|
|
this.lease.InitialLeaseTime = TimeSpan.Zero;
|
|||
|
|
}
|
|||
|
|
return (object) this.lease;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private string GetAvailableDrLetter()
|
|||
|
|
{
|
|||
|
|
uint logicalDrives = WIN32.GetLogicalDrives();
|
|||
|
|
string str = "";
|
|||
|
|
char ch = 'D';
|
|||
|
|
int num;
|
|||
|
|
for (num = 3; num < 26; ++num)
|
|||
|
|
{
|
|||
|
|
if (((int) (logicalDrives >> num) & 1) == 0)
|
|||
|
|
{
|
|||
|
|
str = ch.ToString();
|
|||
|
|
break;
|
|||
|
|
}
|
|||
|
|
++ch;
|
|||
|
|
}
|
|||
|
|
string availableDrLetter = str + ":";
|
|||
|
|
if (num == 26)
|
|||
|
|
availableDrLetter = "";
|
|||
|
|
return availableDrLetter;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private bool MountHiddenPartition(string szDr)
|
|||
|
|
{
|
|||
|
|
bool flag = false;
|
|||
|
|
int num = 0;
|
|||
|
|
while (!flag && num < 5)
|
|||
|
|
{
|
|||
|
|
flag = WIN32.DefineDosDevice(1U, szDr, "\\Device\\Harddisk0\\Partition1");
|
|||
|
|
if (!flag)
|
|||
|
|
Thread.Sleep(1000);
|
|||
|
|
}
|
|||
|
|
return flag;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public bool UnMountHiddenPartition(string m_szTempHid)
|
|||
|
|
{
|
|||
|
|
bool flag = false;
|
|||
|
|
int num = 0;
|
|||
|
|
while (!flag && num < 5)
|
|||
|
|
{
|
|||
|
|
flag = WIN32.DefineDosDevice(7U, m_szTempHid, "\\Device\\Harddisk0\\Partition1");
|
|||
|
|
if (!flag)
|
|||
|
|
Thread.Sleep(1000);
|
|||
|
|
}
|
|||
|
|
return flag;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public bool SetHiddenPartPassHint(string szPass, string szHint)
|
|||
|
|
{
|
|||
|
|
string availableDrLetter = this.GetAvailableDrLetter();
|
|||
|
|
string str = availableDrLetter + "\\aimdrs.dat";
|
|||
|
|
this.MountHiddenPartition(availableDrLetter);
|
|||
|
|
if (szPass.Length == 0)
|
|||
|
|
{
|
|||
|
|
if (File.Exists(str))
|
|||
|
|
{
|
|||
|
|
File.SetAttributes(str, FileAttributes.Normal);
|
|||
|
|
File.Delete(str);
|
|||
|
|
this.UnMountHiddenPartition(availableDrLetter);
|
|||
|
|
}
|
|||
|
|
return true;
|
|||
|
|
}
|
|||
|
|
if (szPass.Length > 0 && File.Exists(str))
|
|||
|
|
File.SetAttributes(str, FileAttributes.Normal);
|
|||
|
|
WIN32.WritePrivateProfileString("MyData", "PD", szPass, str);
|
|||
|
|
WIN32.WritePrivateProfileString("MyData", "HT", szHint, str);
|
|||
|
|
File.SetAttributes(str, FileAttributes.ReadOnly | FileAttributes.Hidden | FileAttributes.System);
|
|||
|
|
this.UnMountHiddenPartition(availableDrLetter);
|
|||
|
|
return true;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|