mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
133 lines
6.3 KiB
C#
133 lines
6.3 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: <PrivateImplementationDetails>{FCDEF2F2-8E7E-4528-B12E-ED99013B2DCE}
|
|||
|
// Assembly: L3G!T™ Public Crypter 1.0, Version=1.0.0.1, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: FCDEF2F2-8E7E-4528-B12E-ED99013B2DCE
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Virut.ce-d1c1a097ee65bcbdb837a528eb91652ea74c5b5ac7d41670ff2946e6d8dd6d9f.exe
|
|||
|
|
|||
|
using System;
|
|||
|
using System.Reflection;
|
|||
|
using System.Runtime.CompilerServices;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Security;
|
|||
|
using System.Windows.Forms;
|
|||
|
|
|||
|
[StructLayout(LayoutKind.Auto, CharSet = CharSet.Auto)]
|
|||
|
internal sealed class \u003CPrivateImplementationDetails\u003E\u007BFCDEF2F2\u002D8E7E\u002D4528\u002DB12E\u002DED99013B2DCE\u007D
|
|||
|
{
|
|||
|
private static byte \u0024\u0024method0x6000014\u002D0;
|
|||
|
private static byte \u0024\u0024method0x6000015\u002D0;
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "GetModuleHandle")]
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining)]
|
|||
|
private static extern IntPtr \u0024\u0024method0x600000B\u002D0(string _param0);
|
|||
|
|
|||
|
[DllImport("user32", EntryPoint = "CallWindowProcW")]
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining)]
|
|||
|
private static extern IntPtr \u0024\u0024method0x600000C\u002D0(
|
|||
|
[In] ref byte _param0,
|
|||
|
IntPtr _param1,
|
|||
|
int _param2,
|
|||
|
[In, Out] ref byte _param3,
|
|||
|
IntPtr _param4);
|
|||
|
|
|||
|
internal static void \u0024\u0024method0x600000D\u002D0(bool _param0, bool _param1)
|
|||
|
{
|
|||
|
if (_param1)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
\u003CPrivateImplementationDetails\u003E\u007BFCDEF2F2\u002D8E7E\u002D4528\u002DB12E\u002DED99013B2DCE\u007D.\u0024\u0024method0x6000011\u002D0(_param0);
|
|||
|
}
|
|||
|
catch (SecurityException ex)
|
|||
|
{
|
|||
|
\u003CPrivateImplementationDetails\u003E\u007BFCDEF2F2\u002D8E7E\u002D4528\u002DB12E\u002DED99013B2DCE\u007D.\u0024\u0024method0x6000010\u002D0("E_FullTrust", (Exception) ex);
|
|||
|
throw;
|
|||
|
}
|
|||
|
}
|
|||
|
\u003CPrivateImplementationDetails\u003E\u007BFCDEF2F2\u002D8E7E\u002D4528\u002DB12E\u002DED99013B2DCE\u007D.\u0024\u0024method0x600000E\u002D0();
|
|||
|
}
|
|||
|
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining)]
|
|||
|
private static void \u0024\u0024method0x600000E\u002D0();
|
|||
|
|
|||
|
internal static bool \u0024\u0024method0x600000F\u002D0(string _param0, Exception _param1) => false;
|
|||
|
|
|||
|
internal static void \u0024\u0024method0x6000010\u002D0(string _param0, Exception _param1)
|
|||
|
{
|
|||
|
if (\u003CPrivateImplementationDetails\u003E\u007BFCDEF2F2\u002D8E7E\u002D4528\u002DB12E\u002DED99013B2DCE\u007D.\u0024\u0024method0x600000F\u002D0(_param0, _param1))
|
|||
|
{
|
|||
|
if (Environment.UserInteractive)
|
|||
|
Environment.Exit(1);
|
|||
|
throw new InvalidOperationException(string.Format("Custom error reporter did not close application for code '{0}'.", (object) _param0));
|
|||
|
}
|
|||
|
string str = (string) null;
|
|||
|
string caption = (string) null;
|
|||
|
switch (_param0)
|
|||
|
{
|
|||
|
case "E_FullTrust":
|
|||
|
str = string.Format("The assembly '{0}' requires Full Trust to run properly. Please contact the publisher for instructions on how to enable Full Trust.", (object) Assembly.GetExecutingAssembly());
|
|||
|
caption = "Full Trust Required";
|
|||
|
break;
|
|||
|
case "E_x86Required":
|
|||
|
str = "This software was designed for use with 32-bit versions of Windows. Please contact the publisher for a compatible version.";
|
|||
|
caption = "32-bit Host Required";
|
|||
|
break;
|
|||
|
case "E_TamperDetected":
|
|||
|
str = "This software is encrypted to provide copy protection. Certain virus scanning programs may prevent the software from starting due to their heuristic analysis. \r\n\r\nPlease add this software to the white-list of the anti-virus program and restart. Contact the software publisher for additional information and compatibility";
|
|||
|
caption = "Possible Tampering Detected";
|
|||
|
break;
|
|||
|
}
|
|||
|
if (Environment.UserInteractive)
|
|||
|
{
|
|||
|
int num = (int) MessageBox.Show((IWin32Window) null, str, caption, MessageBoxButtons.OK, MessageBoxIcon.Hand);
|
|||
|
Environment.Exit(1);
|
|||
|
}
|
|||
|
throw new InvalidOperationException(str, _param1);
|
|||
|
}
|
|||
|
|
|||
|
[SecuritySafeCritical]
|
|||
|
internal static void \u0024\u0024method0x6000011\u002D0(bool _param0)
|
|||
|
{
|
|||
|
IntPtr num = \u003CPrivateImplementationDetails\u003E\u007BFCDEF2F2\u002D8E7E\u002D4528\u002DB12E\u002DED99013B2DCE\u007D.\u0024\u0024method0x600000B\u002D0("kernel32.dll");
|
|||
|
lock (typeof (object))
|
|||
|
{
|
|||
|
if (IntPtr.Size == 8)
|
|||
|
\u003CPrivateImplementationDetails\u003E\u007BFCDEF2F2\u002D8E7E\u002D4528\u002DB12E\u002DED99013B2DCE\u007D.\u0024\u0024method0x6000010\u002D0("E_x86Required", (Exception) null);
|
|||
|
int int32 = Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly().ManifestModule).ToInt32();
|
|||
|
try
|
|||
|
{
|
|||
|
if (\u003CPrivateImplementationDetails\u003E\u007BFCDEF2F2\u002D8E7E\u002D4528\u002DB12E\u002DED99013B2DCE\u007D.\u0024\u0024method0x6000012\u002D0(num.ToInt32(), int32))
|
|||
|
return;
|
|||
|
Environment.Exit(1);
|
|||
|
}
|
|||
|
catch (Exception ex1)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
if (\u003CPrivateImplementationDetails\u003E\u007BFCDEF2F2\u002D8E7E\u002D4528\u002DB12E\u002DED99013B2DCE\u007D.\u0024\u0024method0x6000012\u002D0(num.ToInt32(), int32))
|
|||
|
return;
|
|||
|
\u003CPrivateImplementationDetails\u003E\u007BFCDEF2F2\u002D8E7E\u002D4528\u002DB12E\u002DED99013B2DCE\u007D.\u0024\u0024method0x6000010\u002D0("E_TamperDetected", ex1);
|
|||
|
}
|
|||
|
catch (InvalidOperationException ex2)
|
|||
|
{
|
|||
|
throw;
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
\u003CPrivateImplementationDetails\u003E\u007BFCDEF2F2\u002D8E7E\u002D4528\u002DB12E\u002DED99013B2DCE\u007D.\u0024\u0024method0x6000010\u002D0("E_TamperDetected", ex1);
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
[SecuritySafeCritical]
|
|||
|
private static bool \u0024\u0024method0x6000012\u002D0(int _param0, int _param1)
|
|||
|
{
|
|||
|
\u003CPrivateImplementationDetails\u003E\u007BFCDEF2F2\u002D8E7E\u002D4528\u002DB12E\u002DED99013B2DCE\u007D.\u0024\u0024method0x600000C\u002D0(ref \u003CPrivateImplementationDetails\u003E\u007BFCDEF2F2\u002D8E7E\u002D4528\u002DB12E\u002DED99013B2DCE\u007D.\u0024\u0024method0x6000014\u002D0, new IntPtr(_param1), _param0, ref \u003CPrivateImplementationDetails\u003E\u007BFCDEF2F2\u002D8E7E\u002D4528\u002DB12E\u002DED99013B2DCE\u007D.\u0024\u0024method0x6000015\u002D0, new IntPtr(0));
|
|||
|
return true;
|
|||
|
}
|
|||
|
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining)]
|
|||
|
private static void \u0024\u0024method0x6000013\u002D0();
|
|||
|
}
|