ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-20 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9432413cf6
MalwareSourceCode/MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba/l9.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

109 lines
3.8 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: l9
// Assembly: XobniService, Version=1.8.3.7917, Culture=neutral, PublicKeyToken=6298d2d1fcfb5d85
// MVID: EA9F7D71-4A8D-4739-A320-5F01FC76E972
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-01164dae267b1f13c988de64e7fce38753b97528a3dc3fe730e191fc953c65ba.exe
using Microsoft.Win32;
using System;
using System.IO;
using XobniLogging;
internal static class l9
{
internal static void c()
{
try
{
try
{
ady.a(Level.Debug, "CheckForRegisteredShim started");
if (l9.b())
return;
ady.a(Level.Debug, "Need to re-register Shim");
l9.a();
}
catch (Exception ex)
{
ady.a(Level.Exception, "Top level Check Shim", ex);
}
finally
{
ady.a(Level.Debug, "Finished Check Shim");
}
}
catch (Exception ex)
{
ady.a(Level.Exception, "Outer catch block of Check Shim", ex);
}
}
private static bool b()
{
try
{
return l9.a(Registry.ClassesRoot, "XobniMainConnectorShim.Connect\\", string.Empty, "Connect Class") && l9.a(Registry.ClassesRoot, "XobniMainConnectorShim.Connect\\CLSID\\", string.Empty, "{79a399f3-daa1-46c8-ab92-27c7cbe43251}") && l9.a(Registry.ClassesRoot, "CLSID\\{79a399f3-daa1-46c8-ab92-27c7cbe43251}\\", string.Empty, "XobniMainConnectorShim.Connect") && l9.a(Registry.ClassesRoot, "CLSID\\{79a399f3-daa1-46c8-ab92-27c7cbe43251}\\ProgID\\", string.Empty, "XobniMainConnectorShim.Connect") && l9.a(Registry.ClassesRoot, "CLSID\\{79a399f3-daa1-46c8-ab92-27c7cbe43251}\\InprocServer32\\", "ThreadingModel", "Apartment") && l9.a(Registry.LocalMachine, "SOFTWARE\\Microsoft\\Office\\Outlook\\Addins\\XobniMainConnectorShim.Connect\\", "Description", "Xobni") && l9.a(Registry.LocalMachine, "SOFTWARE\\Microsoft\\Office\\Outlook\\Addins\\XobniMainConnectorShim.Connect\\", "FriendlyName", "Xobni");
}
catch (Exception ex)
{
ady.a(Level.Exception, "Couldn't check Shim reg values", ex);
return false;
}
}
public static string a(RegistryKey A_0, string A_1, string A_2)
{
try
{
using (RegistryKey registryKey = A_0.OpenSubKey(A_1, false))
return registryKey == null ? (string) null : registryKey.GetValue(A_2, (object) null) as string;
}
catch (Exception ex)
{
ady.a(Level.Exception, string.Format("Couldn't get {0} registry value for {1} {2}", (object) A_0, (object) A_1, (object) A_2), ex);
return (string) null;
}
}
private static bool a(RegistryKey A_0, string A_1, string A_2, string A_3)
{
try
{
string str = l9.a(A_0, A_1, A_2);
if (string.IsNullOrEmpty(str) && !string.IsNullOrEmpty(A_3))
{
ady.a(Level.Debug, string.Format("Couldn't find registry key {0} {1} {2}", (object) A_0, (object) A_1, (object) A_2));
return false;
}
if (A_3.Equals(str))
return true;
ady.a(Level.Debug, string.Format("Registry key {0} {1} {2} has wrong value: {3}", (object) A_0, (object) A_1, (object) A_2, (object) str));
return false;
}
catch (Exception ex)
{
ady.a(Level.Exception, "Couldn't read registry value", ex);
return false;
}
}
private static void a()
{
try
{
ady.a(Level.Debug, "Re-Registering Shim");
string path1 = gs.a();
ady.a(Level.Debug, string.Format("Installation path is {0}", (object) path1));
string str = Path.Combine(path1, "XobniMainConnectorShim.dll");
ady.a(Level.Debug, "XobniMainConnectorShim path is " + str);
if (!File.Exists(str))
throw new Exception("XobniMainConnectorShim doesn't exist or path is incorrect");
eh.b(str);
}
catch (Exception ex)
{
ady.a(Level.Exception, "XobniMainConnectorShim", ex);
}
}
}
Reference in New Issue View Git Blame Copy Permalink