mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 02:46:10 +00:00
164 lines
4.9 KiB
C#
164 lines
4.9 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: rx
|
|||
|
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
|
|||
|
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
|
|||
|
|
|||
|
using GroupPolicy;
|
|||
|
using Microsoft.Win32;
|
|||
|
using System;
|
|||
|
using XobniLogging;
|
|||
|
|
|||
|
public static class rx
|
|||
|
{
|
|||
|
private const string a = "GroupPolicyPreferences";
|
|||
|
private const string b = "Software\\Policies\\Xobni\\Xobni Sidebar\\Preferences";
|
|||
|
private const string c = "auto_updates_on";
|
|||
|
private const string d = "ceip_on";
|
|||
|
private const string e = "linked_in_on";
|
|||
|
private const string f = "skype_on";
|
|||
|
private const string g = "yahoo_on";
|
|||
|
private const string h = "web_widgets_on";
|
|||
|
private const string i = "phone_home_on";
|
|||
|
private const string j = "xobni_on";
|
|||
|
private const string k = "web_search_on";
|
|||
|
private const string l = "data_files_dir";
|
|||
|
private const string m = "bottom_web_search_on";
|
|||
|
|
|||
|
public static bool g()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
return rx.d("auto_updates_on").GetValueOrDefault(true);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
ady.a(Level.Exception, "AutoUpdates Group Policy", ex);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
return true;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static bool f(bool A_0) => rx.b("ceip_on").GetValueOrDefault(A_0);
|
|||
|
|
|||
|
public static bool e(bool A_0) => rx.b("linked_in_on").GetValueOrDefault(A_0);
|
|||
|
|
|||
|
public static bool d(bool A_0) => rx.b("skype_on").GetValueOrDefault(A_0);
|
|||
|
|
|||
|
public static bool c(bool A_0) => rx.b("yahoo_on").GetValueOrDefault(A_0);
|
|||
|
|
|||
|
public static bool b(bool A_0) => rx.b("web_widgets_on").GetValueOrDefault(A_0);
|
|||
|
|
|||
|
public static bool f() => rx.b("linked_in_on").GetValueOrDefault(true);
|
|||
|
|
|||
|
public static bool a(bool A_0) => rx.b("web_search_on").GetValueOrDefault(A_0);
|
|||
|
|
|||
|
public static bool e() => rx.b("phone_home_on").GetValueOrDefault(true);
|
|||
|
|
|||
|
public static bool d() => rx.b("xobni_on").GetValueOrDefault(true);
|
|||
|
|
|||
|
public static bool c() => rx.b("data_files_dir").GetValueOrDefault(true);
|
|||
|
|
|||
|
public static bool b() => rx.b("bottom_web_search_on").GetValueOrDefault(true);
|
|||
|
|
|||
|
public static string a() => rx.c() ? rx.a("data_files_dir") : string.Empty;
|
|||
|
|
|||
|
private static bool? d(string A_0) => rx.d(Registry.LocalMachine, A_0);
|
|||
|
|
|||
|
private static bool? c(string A_0) => rx.d(Registry.CurrentUser, A_0);
|
|||
|
|
|||
|
private static bool? b(string A_0)
|
|||
|
{
|
|||
|
PolicySetting policySetting = rx.c(Registry.LocalMachine, A_0);
|
|||
|
return policySetting != PolicySetting.NotConfigured ? new bool?(policySetting == PolicySetting.On) : rx.c(A_0);
|
|||
|
}
|
|||
|
|
|||
|
private static string a(string A_0)
|
|||
|
{
|
|||
|
string str = rx.a(Registry.LocalMachine, A_0);
|
|||
|
if (string.IsNullOrEmpty(str))
|
|||
|
str = rx.a(Registry.CurrentUser, A_0);
|
|||
|
return str;
|
|||
|
}
|
|||
|
|
|||
|
private static bool? d(RegistryKey A_0, string A_1)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
switch (rx.c(A_0, A_1))
|
|||
|
{
|
|||
|
case PolicySetting.Off:
|
|||
|
return new bool?(false);
|
|||
|
case PolicySetting.On:
|
|||
|
return new bool?(true);
|
|||
|
case PolicySetting.NotConfigured:
|
|||
|
return new bool?();
|
|||
|
default:
|
|||
|
throw new ApplicationException(string.Format("Bad Policy setting for {0}", (object) A_1));
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ady.a(Level.Exception, "CalculatePolicySetting", ex);
|
|||
|
return new bool?();
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static PolicySetting c(RegistryKey A_0, string A_1)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
int? nullable = rx.b(A_0, A_1);
|
|||
|
if (!nullable.HasValue)
|
|||
|
return PolicySetting.NotConfigured;
|
|||
|
switch (nullable.Value)
|
|||
|
{
|
|||
|
case 0:
|
|||
|
return PolicySetting.Off;
|
|||
|
case 1:
|
|||
|
return PolicySetting.On;
|
|||
|
default:
|
|||
|
throw new ApplicationException(string.Format("Bad Policy Value {0}", (object) A_1));
|
|||
|
}
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ady.a(Level.Exception, string.Format("CheckRegistryValue {0}", (object) A_1), ex);
|
|||
|
return PolicySetting.NotConfigured;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static int? b(RegistryKey A_0, string A_1)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
using (RegistryKey registryKey = A_0.OpenSubKey("Software\\Policies\\Xobni\\Xobni Sidebar\\Preferences", false))
|
|||
|
return registryKey == null ? new int?() : (int?) registryKey.GetValue(A_1, (object) null);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ady.a(Level.Exception, string.Format("GetRegistryValue {0}", (object) A_1), ex);
|
|||
|
return new int?();
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static string a(RegistryKey A_0, string A_1)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
using (RegistryKey registryKey = A_0.OpenSubKey("Software\\Policies\\Xobni\\Xobni Sidebar\\Preferences", false))
|
|||
|
return registryKey == null ? (string) null : registryKey.GetValue(A_1, (object) null) as string;
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ady.a(Level.Exception, string.Format("GetRegistryStringValue {0}", (object) A_1), ex);
|
|||
|
return (string) null;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|