mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 02:46:10 +00:00
198 lines
6.2 KiB
C#
198 lines
6.2 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: ady
|
|||
|
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
|
|||
|
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
|
|||
|
|
|||
|
using Microsoft.Win32;
|
|||
|
using System;
|
|||
|
using System.Collections.Generic;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
using System.Reflection;
|
|||
|
using System.Text;
|
|||
|
using System.Xml;
|
|||
|
using XobniLogging;
|
|||
|
|
|||
|
internal static class ady
|
|||
|
{
|
|||
|
private const int a = 200;
|
|||
|
private const int b = 50000;
|
|||
|
private const string c = "Software\\Xobni\\Settings";
|
|||
|
private const int d = 200000;
|
|||
|
private const int e = 1000000;
|
|||
|
private static bool? f = new bool?();
|
|||
|
private static readonly UnicodeEncoding g = new UnicodeEncoding(!BitConverter.IsLittleEndian, false, false);
|
|||
|
|
|||
|
internal static void a(Level A_0, string A_1, Exception A_2)
|
|||
|
{
|
|||
|
string A_1_1 = ady.a(A_1, A_2, A_0);
|
|||
|
ady.a(A_0, A_1_1);
|
|||
|
}
|
|||
|
|
|||
|
internal static void a(Level A_0, string A_1)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
if (A_1 == null)
|
|||
|
throw new ArgumentNullException("message");
|
|||
|
if (A_0 == Level.Exception)
|
|||
|
ady.d(ady.c(A_1));
|
|||
|
ady.b(A_1);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
ady.b(ex.ToString());
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static void d(string A_0)
|
|||
|
{
|
|||
|
string s = Environment.NewLine + Environment.NewLine + A_0 + Environment.NewLine + Environment.NewLine;
|
|||
|
byte[] bytes = ady.g.GetBytes(s);
|
|||
|
string str = Path.Combine(ady.b(), "Xobni.log");
|
|||
|
if (File.Exists(str) && new FileInfo(str).Length > 50000L)
|
|||
|
return;
|
|||
|
using (FileStream fileStream = new FileStream(str, FileMode.Append, FileAccess.Write, FileShare.None))
|
|||
|
fileStream.Write(bytes, 0, bytes.Length);
|
|||
|
}
|
|||
|
|
|||
|
internal static string b()
|
|||
|
{
|
|||
|
RegistryKey currentUser = Registry.CurrentUser;
|
|||
|
string path = string.Empty;
|
|||
|
try
|
|||
|
{
|
|||
|
using (RegistryKey registryKey = currentUser.OpenSubKey("Software\\Xobni", false))
|
|||
|
{
|
|||
|
if (registryKey != null)
|
|||
|
path = registryKey.GetValue("DataFiles") as string;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ady.b("Error getting location of directory from registry");
|
|||
|
}
|
|||
|
if (string.IsNullOrEmpty(path))
|
|||
|
path = ady.a();
|
|||
|
if (!string.IsNullOrEmpty(path))
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
if (!Directory.Exists(path))
|
|||
|
Directory.CreateDirectory(path);
|
|||
|
if ((new DirectoryInfo(path).Attributes & FileAttributes.ReadOnly) == FileAttributes.ReadOnly)
|
|||
|
{
|
|||
|
ady.b("Directory " + path + " is read-only, using default directory");
|
|||
|
path = ady.a();
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ady.b("Error creating directory: " + path);
|
|||
|
ady.b("Reverting to default data file directory");
|
|||
|
path = ady.a();
|
|||
|
}
|
|||
|
}
|
|||
|
else
|
|||
|
path = ady.a();
|
|||
|
return path;
|
|||
|
}
|
|||
|
|
|||
|
private static string a() => Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\Xobni\\";
|
|||
|
|
|||
|
private static string a(string A_0, Exception A_1, Level A_2)
|
|||
|
{
|
|||
|
Dictionary<string, string> A_0_1 = new Dictionary<string, string>();
|
|||
|
A_0_1.Add("DescriptionHint", A_0);
|
|||
|
A_0_1.Add("Level", Enum.GetName(typeof (Level), (object) A_2));
|
|||
|
A_0_1.Add("Message", A_1.Message);
|
|||
|
A_0_1.Add("Type", A_1.GetType().Name);
|
|||
|
A_0_1.Add("StackTrace", A_1.StackTrace);
|
|||
|
if (A_1.InnerException != null)
|
|||
|
{
|
|||
|
A_0_1.Add("InnerMessage", A_1.InnerException.Message);
|
|||
|
A_0_1.Add("InnerStackTrace", A_1.InnerException.StackTrace);
|
|||
|
if (A_1.InnerException.InnerException != null)
|
|||
|
{
|
|||
|
A_0_1.Add("InnerInnerMessage", A_1.InnerException.InnerException.Message);
|
|||
|
A_0_1.Add("InnerInnerStackTrace", A_1.InnerException.InnerException.StackTrace);
|
|||
|
}
|
|||
|
}
|
|||
|
return ady.a(A_0_1);
|
|||
|
}
|
|||
|
|
|||
|
public static string a(Dictionary<string, string> A_0)
|
|||
|
{
|
|||
|
if (A_0 == null)
|
|||
|
return (string) null;
|
|||
|
XmlDocument xmlDocument = new XmlDocument();
|
|||
|
XmlElement element1 = xmlDocument.CreateElement("Exception");
|
|||
|
int num1 = 0;
|
|||
|
foreach (KeyValuePair<string, string> keyValuePair in A_0)
|
|||
|
{
|
|||
|
int num2 = keyValuePair.Value != null ? keyValuePair.Value.Length : 0;
|
|||
|
num1 += keyValuePair.Key.Length + num2;
|
|||
|
if (keyValuePair.Key.Length <= 200000 && num2 <= 200000)
|
|||
|
{
|
|||
|
if (num1 <= 1000000)
|
|||
|
{
|
|||
|
XmlElement element2 = xmlDocument.CreateElement(keyValuePair.Key);
|
|||
|
element2.AppendChild((XmlNode) xmlDocument.CreateTextNode(keyValuePair.Value ?? "NULL"));
|
|||
|
element1.AppendChild((XmlNode) element2);
|
|||
|
}
|
|||
|
else
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
xmlDocument.AppendChild((XmlNode) element1);
|
|||
|
XmlWriterSettings settings = new XmlWriterSettings();
|
|||
|
settings.ConformanceLevel = ConformanceLevel.Fragment;
|
|||
|
settings.OmitXmlDeclaration = true;
|
|||
|
StringBuilder output = new StringBuilder();
|
|||
|
XmlWriter w = XmlWriter.Create(output, settings);
|
|||
|
if (xmlDocument.DocumentElement != null)
|
|||
|
xmlDocument.DocumentElement.WriteTo(w);
|
|||
|
w.Flush();
|
|||
|
return output.ToString();
|
|||
|
}
|
|||
|
|
|||
|
private static string c(string A_0)
|
|||
|
{
|
|||
|
Version version = Assembly.GetExecutingAssembly().GetName().Version;
|
|||
|
return "[" + DateTime.UtcNow.ToString("dd/MMM/yyyy HH:mm:ss.ffff") + "] Xobni-" + (object) version + ": " + A_0;
|
|||
|
}
|
|||
|
|
|||
|
internal static void b(string A_0)
|
|||
|
{
|
|||
|
if (!ady.f.HasValue)
|
|||
|
ady.f = new bool?(ady.a("ConnectorOutputDebug") != null);
|
|||
|
string str = ady.c(A_0);
|
|||
|
if (!ady.f.Value)
|
|||
|
return;
|
|||
|
int length;
|
|||
|
for (int startIndex = 0; startIndex < str.Length; startIndex += length)
|
|||
|
{
|
|||
|
length = Math.Min(200, str.Length - startIndex);
|
|||
|
Debugger.Log(1, "", str.Substring(startIndex, length));
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static string a(string A_0)
|
|||
|
{
|
|||
|
using (RegistryKey registryKey1 = Registry.LocalMachine.OpenSubKey("Software\\Xobni\\Settings", false))
|
|||
|
{
|
|||
|
if (registryKey1 != null)
|
|||
|
return registryKey1.GetValue(A_0, (object) null) as string;
|
|||
|
using (RegistryKey registryKey2 = Registry.LocalMachine.OpenSubKey("Software\\Xobni\\Settings", false))
|
|||
|
return registryKey2 == null ? (string) null : registryKey2.GetValue(A_0, (object) null) as string;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|