mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-25 21:05:28 +00:00
f2ac1ece55
add
68 lines
2.1 KiB
C#
68 lines
2.1 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: Poly.API
|
|
// Assembly: Poly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 618F3010-979B-4F78-8F99-D5C35E30AA2E
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Sysn.bshb-a13f90b28df8b73652beb4c3c95ff1b8dc0c2fc41dee8f7d6acdd43828a0aadc.exe
|
|
|
|
using System;
|
|
using System.Runtime.InteropServices;
|
|
using System.Text;
|
|
|
|
namespace Poly
|
|
{
|
|
public static class API
|
|
{
|
|
private const uint LOCALE_SYSTEM_DEFAULT = 1024;
|
|
|
|
[DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
|
|
public static extern bool MoveFileEx(
|
|
string lpExistingFileName,
|
|
string lpNewFileName,
|
|
API.MoveFileFlags dwFlags);
|
|
|
|
[DllImport("kernel32.dll")]
|
|
public static extern int GetLocaleInfo(
|
|
uint Locale,
|
|
uint LCType,
|
|
[Out] StringBuilder lpLCData,
|
|
int cchData);
|
|
|
|
public static string GetInfo(uint lInfo)
|
|
{
|
|
StringBuilder lpLCData = new StringBuilder(256);
|
|
int localeInfo = API.GetLocaleInfo(1024U, lInfo, lpLCData, lpLCData.Capacity);
|
|
return localeInfo > 0 ? lpLCData.ToString().Substring(0, localeInfo - 1) : string.Empty;
|
|
}
|
|
|
|
[DllImport("kernel32.dll")]
|
|
public static extern bool GetVersionEx(ref API.OSVERSIONINFOEX osVersionInfo);
|
|
|
|
[Flags]
|
|
public enum MoveFileFlags
|
|
{
|
|
MOVEFILE_REPLACE_EXISTING = 1,
|
|
MOVEFILE_COPY_ALLOWED = 2,
|
|
MOVEFILE_DELAY_UNTIL_REBOOT = 4,
|
|
MOVEFILE_WRITE_THROUGH = 8,
|
|
MOVEFILE_CREATE_HARDLINK = 16, // 0x00000010
|
|
MOVEFILE_FAIL_IF_NOT_TRACKABLE = 32, // 0x00000020
|
|
}
|
|
|
|
public struct OSVERSIONINFOEX
|
|
{
|
|
public int dwOSVersionInfoSize;
|
|
public int dwMajorVersion;
|
|
public int dwMinorVersion;
|
|
public int dwBuildNumber;
|
|
public int dwPlatformId;
|
|
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 128)]
|
|
public string szCSDVersion;
|
|
public short wServicePackMajor;
|
|
public short wServicePackMinor;
|
|
public short wSuiteMask;
|
|
public byte wProductType;
|
|
public byte wReserved;
|
|
}
|
|
}
|
|
}
|