mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
383 lines
14 KiB
C#
383 lines
14 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: cfFncEnabler.Form1
|
|
// Assembly: cfFncEnabler, Version=1.0.0.18, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 332E9E14-3026-4FC8-B925-0BA2C251918E
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Virut.ce-bb6bf5a81e7ce35327253fa15ae76b9f32a2dfb7c0def1083789e9ea135c25ee.exe
|
|
|
|
using Microsoft.Win32;
|
|
using System;
|
|
using System.Collections;
|
|
using System.ComponentModel;
|
|
using System.Diagnostics;
|
|
using System.Drawing;
|
|
using System.IO;
|
|
using System.Management;
|
|
using System.Net.NetworkInformation;
|
|
using System.Runtime.InteropServices;
|
|
using System.ServiceProcess;
|
|
using System.Threading;
|
|
using System.Windows.Forms;
|
|
|
|
namespace cfFncEnabler
|
|
{
|
|
public class Form1 : Form
|
|
{
|
|
private bool bRunningWinSidebar;
|
|
private bool bRunningGglSidebar;
|
|
private int nCount;
|
|
private IContainer components;
|
|
private System.Windows.Forms.Timer timer1;
|
|
private TextBox myTextBox;
|
|
private Button button1;
|
|
|
|
public Form1()
|
|
{
|
|
this.InitializeComponent();
|
|
this.myTextBox.Text = "TOSHIBA ConfigFree WPS/Sidebar gadgets enabler version 1.0.0.14.\r\n";
|
|
}
|
|
|
|
private void Form1_Load(object sender, EventArgs e)
|
|
{
|
|
try
|
|
{
|
|
Hashtable hashtable = new Hashtable();
|
|
try
|
|
{
|
|
ManagementScope scope = new ManagementScope("root\\cimv2");
|
|
scope.Connect();
|
|
ObjectQuery query = new ObjectQuery("select ProductName,PNPDeviceID from Win32_NetworkAdapter");
|
|
ManagementObjectCollection objectCollection = new ManagementObjectSearcher(scope, query).Get();
|
|
foreach (NetworkInterface networkInterface in NetworkInterface.GetAllNetworkInterfaces())
|
|
{
|
|
if (networkInterface.NetworkInterfaceType == NetworkInterfaceType.Wireless80211)
|
|
{
|
|
foreach (ManagementObject managementObject in objectCollection)
|
|
{
|
|
if (networkInterface.Description.ToString().Contains(managementObject.GetPropertyValue("ProductName").ToString()))
|
|
{
|
|
if (managementObject.GetPropertyValue("PNPDeviceID") != null)
|
|
{
|
|
hashtable.Add((object) managementObject.GetPropertyValue("PNPDeviceID").ToString(), (object) managementObject.GetPropertyValue("PNPDeviceID").ToString().Substring(4, 8));
|
|
}
|
|
else
|
|
{
|
|
if (managementObject.GetPropertyValue("ProductName").ToString().Contains("Atheros"))
|
|
hashtable.Add((object) "PCI\\VEN_168C\\NULL", (object) "VEN_168C");
|
|
if (managementObject.GetPropertyValue("ProductName").ToString().Contains("Realtek"))
|
|
hashtable.Add((object) "PCI\\VEN_10EC\\NULL", (object) "VEN_10EC");
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
this.ndsDBGError(1, -1, "cfFncEnabler", "scope.Connect():" + ex.Message);
|
|
}
|
|
try
|
|
{
|
|
string subkey = "SOFTWARE\\TOSHIBA\\ConfigFree\\";
|
|
RegistryKey subKey = Registry.CurrentUser.CreateSubKey(subkey);
|
|
foreach (DictionaryEntry dictionaryEntry in hashtable)
|
|
{
|
|
if (dictionaryEntry.Value.ToString().CompareTo((string) null) != 0)
|
|
{
|
|
switch (dictionaryEntry.Value.ToString())
|
|
{
|
|
case "VEN_168C":
|
|
ServiceController serviceController = new ServiceController("jswpsapi");
|
|
try
|
|
{
|
|
if (serviceController.Status == ServiceControllerStatus.ContinuePending || serviceController.Status == ServiceControllerStatus.Paused || serviceController.Status == ServiceControllerStatus.PausePending || serviceController.Status == ServiceControllerStatus.Running || serviceController.Status == ServiceControllerStatus.StartPending || serviceController.Status == ServiceControllerStatus.Stopped || serviceController.Status == ServiceControllerStatus.StopPending)
|
|
{
|
|
subKey.SetValue("EnableWPS", (object) 1);
|
|
goto label_36;
|
|
}
|
|
else
|
|
{
|
|
subKey.SetValue("EnableWPS", (object) 0);
|
|
goto label_36;
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
this.ndsDBGError(1, 0, "cfWPSEnabler", ex.Message);
|
|
subKey.SetValue("EnableWPS", (object) 0);
|
|
goto label_36;
|
|
}
|
|
case "VID_0BDA":
|
|
case "VEN_10EC":
|
|
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.System);
|
|
string str1 = Path.GetDirectoryName(folderPath) + "\\SysWOW64";
|
|
string str2 = "\\RtlLib.dll";
|
|
if (File.Exists(folderPath + str2) || File.Exists(str1 + str2))
|
|
{
|
|
subKey.SetValue("EnableWPS", (object) 3);
|
|
goto label_36;
|
|
}
|
|
else
|
|
{
|
|
subKey.SetValue("EnableWPS", (object) 0);
|
|
goto label_36;
|
|
}
|
|
default:
|
|
subKey.SetValue("EnableWPS", (object) 0);
|
|
continue;
|
|
}
|
|
}
|
|
}
|
|
label_36:
|
|
subKey.Close();
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
this.ndsDBGError(1, -1, "cfFncEnabler", "Registry.CurrentUser.CreateSubKey" + ex.Message);
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
this.ndsDBGError(1, -1, "cfFncEnabler", "IPGlobalProperties:" + ex.Message);
|
|
}
|
|
if (Environment.OSVersion.Version.Major < 6 || Environment.OSVersion.Version.Minor < 1)
|
|
return;
|
|
string subkey1 = "SOFTWARE\\TOSHIBA\\ConfigFree\\";
|
|
RegistryKey subKey1 = Registry.CurrentUser.CreateSubKey(subkey1);
|
|
try
|
|
{
|
|
subKey1.SetValue("EnableWPS", (object) 0);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
this.ndsDBGError(1, -1, nameof (Form1_Load), "Registry.CurrentUser.CreateSubKey(rKeyName):" + ex.Message);
|
|
}
|
|
subKey1.Close();
|
|
}
|
|
|
|
private void timer1_Tick(object sender, EventArgs e)
|
|
{
|
|
int num1 = 0;
|
|
string name = "SOFTWARE\\Wow6432Node\\TOSHIBA\\ConfigFree\\";
|
|
string str1 = "SOFTWARE\\TOSHIBA\\ConfigFree\\";
|
|
if (this.nCount >= 4)
|
|
{
|
|
this.timer1.Stop();
|
|
this.ndsDBGError(1, -1, nameof (timer1_Tick), "timer1 is timeout.:");
|
|
num1 = 1;
|
|
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(str1);
|
|
try
|
|
{
|
|
registryKey = Registry.CurrentUser.CreateSubKey(str1);
|
|
registryKey.SetValue("GadgetsConfigured", (object) num1);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
this.ndsDBGError(1, -1, nameof (timer1_Tick), "Registry.CurrentUser.CreateSubKey(rKeyName):" + ex.Message);
|
|
}
|
|
registryKey.Close();
|
|
Environment.Exit(0);
|
|
}
|
|
if (Process.GetProcessesByName("sidebar").Length > 0)
|
|
{
|
|
this.bRunningWinSidebar = true;
|
|
this.myTextBox.Text = "Windows Sidebar is running.\r\n";
|
|
}
|
|
if (Process.GetProcessesByName("GoogleDesktop").Length > 0)
|
|
{
|
|
this.bRunningGglSidebar = true;
|
|
this.myTextBox.Text = "Google Sidebar is running.\r\n";
|
|
}
|
|
bool flag = Marshal.SizeOf((object) IntPtr.Zero) == 8;
|
|
try
|
|
{
|
|
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(str1);
|
|
try
|
|
{
|
|
num1 = (int) registryKey.GetValue("GadgetsConfigured");
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
this.ndsDBGError(1, -1, nameof (timer1_Tick), "Registry.CurrentUser.OpenSubKey(rKeyName):nGadgetsConfigured:" + ex.Message);
|
|
}
|
|
finally
|
|
{
|
|
registryKey.Close();
|
|
}
|
|
int num2 = 2;
|
|
try
|
|
{
|
|
registryKey = !flag ? Registry.LocalMachine.OpenSubKey(str1) : Registry.LocalMachine.OpenSubKey(name);
|
|
num2 = (int) registryKey.GetValue("EnableGadgets", (object) 2);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
this.ndsDBGError(1, -1, nameof (timer1_Tick), "Registry.LocalMachine.OpenSubKey(rKeyName):nEnableGadgets:" + ex.Message);
|
|
}
|
|
finally
|
|
{
|
|
registryKey.Close();
|
|
}
|
|
if (num1 == 0)
|
|
{
|
|
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles);
|
|
string str2 = folderPath + " (x86)";
|
|
string str3 = "\\Windows Sidebar\\sidebar.exe";
|
|
string str4 = "\\TOSHIBA\\ConfigFree\\";
|
|
if (this.bRunningWinSidebar)
|
|
{
|
|
if (num2 != 2)
|
|
{
|
|
try
|
|
{
|
|
foreach (Process process in Process.GetProcessesByName("sidebar"))
|
|
{
|
|
try
|
|
{
|
|
process.Kill();
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
this.ndsDBGError(1, -1, "cfFncEnabler", "p.Kill():" + ex.Message);
|
|
}
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
this.ndsDBGError(1, -1, "cfFncEnabler", "p.Kill():" + ex.Message);
|
|
}
|
|
}
|
|
}
|
|
try
|
|
{
|
|
if (num2 != 2)
|
|
{
|
|
if (flag)
|
|
{
|
|
Process.Start("\"" + str2 + str4 + "AddGadget.exe\"", "-add \"" + str2 + str4 + "SrcSetting.ini\"");
|
|
this.myTextBox.Text += "AddGadget.exe registered (x64)\r\n";
|
|
num1 = 1;
|
|
this.timer1.Stop();
|
|
}
|
|
else
|
|
{
|
|
Process.Start("\"" + folderPath + str4 + "AddGadget.exe\"", "-add \"" + folderPath + str4 + "SrcSetting.ini\"");
|
|
this.myTextBox.Text += "AddGadget.exe registered (x86)\r\n";
|
|
num1 = 1;
|
|
this.timer1.Stop();
|
|
}
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
this.ndsDBGError(1, -1, nameof (timer1_Tick), "System.Diagnostics.Process.Start:Enable:" + ex.Message);
|
|
}
|
|
try
|
|
{
|
|
registryKey = Registry.CurrentUser.CreateSubKey(str1);
|
|
registryKey.SetValue("GadgetsConfigured", (object) num1);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
this.ndsDBGError(1, -1, nameof (timer1_Tick), "Registry.CurrentUser.CreateSubKey(rKeyName):" + ex.Message);
|
|
}
|
|
finally
|
|
{
|
|
registryKey.Close();
|
|
}
|
|
if (num2 == 1)
|
|
{
|
|
if (this.bRunningWinSidebar)
|
|
{
|
|
if (!this.bRunningGglSidebar)
|
|
{
|
|
Thread.Sleep(500);
|
|
Process.Start("\"" + folderPath + str3 + "\"");
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else
|
|
this.myTextBox.Text = "Gadget setting has already done.\r\n";
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
this.ndsDBGError(1, -1, nameof (timer1_Tick), "Registry.CurrentUser.CreateSubKey(2):" + ex.Message);
|
|
}
|
|
if (num1 == 1)
|
|
{
|
|
TextBox textBox = this.myTextBox;
|
|
textBox.Text = textBox.Text + this.nCount.ToString() + "Exit.\r\n";
|
|
Environment.Exit(0);
|
|
}
|
|
TextBox textBox1 = this.myTextBox;
|
|
textBox1.Text = textBox1.Text + this.nCount.ToString() + ": timer1_Tick finished.\r\n";
|
|
++this.nCount;
|
|
}
|
|
|
|
private void ndsDBGError(int i, int err, string function, string error)
|
|
{
|
|
if (i == 1)
|
|
{
|
|
string str = "Warining:";
|
|
Trace.WriteLine(str + "\"" + error + "\" in " + function + "(" + err.ToString() + ")");
|
|
TextBox textBox = this.myTextBox;
|
|
textBox.Text = textBox.Text + str + "\"" + error + "\" in " + function + "(" + err.ToString() + ")\r\n";
|
|
}
|
|
else
|
|
{
|
|
string str = "Fatal:";
|
|
Trace.WriteLine(str + "\"" + error + "\" in " + function + "(" + err.ToString() + ")");
|
|
TextBox textBox = this.myTextBox;
|
|
textBox.Text = textBox.Text + str + "\"" + error + "\" in " + function + "(" + err.ToString() + ")\r\n";
|
|
}
|
|
}
|
|
|
|
private void button1_Click(object sender, EventArgs e) => this.Close();
|
|
|
|
protected override void Dispose(bool disposing)
|
|
{
|
|
if (disposing && this.components != null)
|
|
this.components.Dispose();
|
|
base.Dispose(disposing);
|
|
}
|
|
|
|
private void InitializeComponent()
|
|
{
|
|
this.components = (IContainer) new Container();
|
|
this.timer1 = new System.Windows.Forms.Timer(this.components);
|
|
this.myTextBox = new TextBox();
|
|
this.button1 = new Button();
|
|
this.SuspendLayout();
|
|
this.timer1.Enabled = true;
|
|
this.timer1.Interval = 3000;
|
|
this.timer1.Tick += new EventHandler(this.timer1_Tick);
|
|
this.myTextBox.Location = new Point(12, 12);
|
|
this.myTextBox.Multiline = true;
|
|
this.myTextBox.Name = "myTextBox";
|
|
this.myTextBox.ScrollBars = ScrollBars.Vertical;
|
|
this.myTextBox.Size = new Size(560, 210);
|
|
this.myTextBox.TabIndex = 0;
|
|
this.button1.Location = new Point(497, 228);
|
|
this.button1.Name = "button1";
|
|
this.button1.Size = new Size(75, 23);
|
|
this.button1.TabIndex = 1;
|
|
this.button1.Text = "OK";
|
|
this.button1.UseVisualStyleBackColor = true;
|
|
this.button1.Click += new EventHandler(this.button1_Click);
|
|
this.AutoScaleDimensions = new SizeF(6f, 12f);
|
|
this.AutoScaleMode = AutoScaleMode.Font;
|
|
this.ClientSize = new Size(584, 263);
|
|
this.Controls.Add((Control) this.button1);
|
|
this.Controls.Add((Control) this.myTextBox);
|
|
this.Name = nameof (Form1);
|
|
this.ShowIcon = false;
|
|
this.ShowInTaskbar = false;
|
|
this.Text = "cfFncEnabler";
|
|
this.WindowState = FormWindowState.Minimized;
|
|
this.Load += new EventHandler(this.Form1_Load);
|
|
this.ResumeLayout(false);
|
|
this.PerformLayout();
|
|
}
|
|
}
|
|
}
|