mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-12 05:15:28 +00:00
181 lines
6.2 KiB
C#
181 lines
6.2 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type:
|
|||
|
// Assembly: sine stb, Version=3.5.4.1, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 51A01DAC-AF31-442E-B8F7-AC6F2055EAB9
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Llac.acnb-1c7cb1c36d03d78dc4c7e14753e274d64baaf8014c8b4fa86c019842eb127177.exe
|
|||
|
|
|||
|
using System;
|
|||
|
using System.Collections.Generic;
|
|||
|
using System.Diagnostics;
|
|||
|
using System.IO;
|
|||
|
using System.Reflection;
|
|||
|
using System.Runtime.CompilerServices;
|
|||
|
using System.Text;
|
|||
|
|
|||
|
internal static class \u0005\u2000
|
|||
|
{
|
|||
|
private static readonly Dictionary<int, string> \u0002 = new Dictionary<int, string>(209);
|
|||
|
private static BinaryReader \u0003;
|
|||
|
private static byte[] \u0005;
|
|||
|
private static short \u0008;
|
|||
|
private static int \u0006;
|
|||
|
private static byte[] \u000E;
|
|||
|
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining)]
|
|||
|
internal static string \u0002(int _param0)
|
|||
|
{
|
|||
|
lock (\u0005\u2000.\u0002)
|
|||
|
{
|
|||
|
string str1;
|
|||
|
if (\u0005\u2000.\u0002.TryGetValue(_param0, out str1))
|
|||
|
return str1;
|
|||
|
if (\u0005\u2000.\u0003 == null)
|
|||
|
{
|
|||
|
Assembly executingAssembly = Assembly.GetExecutingAssembly();
|
|||
|
Assembly.GetCallingAssembly();
|
|||
|
\u0005\u2000.\u0006 = 1610370;
|
|||
|
Stream manifestResourceStream = executingAssembly.GetManifestResourceStream(" \u200B ");
|
|||
|
int skipFrames = 1;
|
|||
|
StackTrace stackTrace = new StackTrace(skipFrames, false);
|
|||
|
\u0005\u2000.\u0006 ^= 6470 | skipFrames;
|
|||
|
int index = skipFrames - 1;
|
|||
|
StackFrame frame = stackTrace.GetFrame(index);
|
|||
|
MethodBase methodBase = frame == null ? (MethodBase) null : frame.GetMethod();
|
|||
|
\u0005\u2000.\u0006 ^= index + 128;
|
|||
|
Type type = (object) methodBase == null ? (Type) null : methodBase.DeclaringType;
|
|||
|
if (frame == null)
|
|||
|
\u0005\u2000.\u0006 ^= 219315;
|
|||
|
bool flag = (object) type == (object) typeof (RuntimeMethodHandle);
|
|||
|
\u0005\u2000.\u0006 ^= 160;
|
|||
|
if (!flag)
|
|||
|
{
|
|||
|
flag = (object) type == null;
|
|||
|
if (flag)
|
|||
|
\u0005\u2000.\u0006 ^= 219283;
|
|||
|
}
|
|||
|
if (flag == (stackTrace != null))
|
|||
|
\u0005\u2000.\u0006 ^= 32;
|
|||
|
\u0005\u2000.\u0006 ^= 6502 | index + 1;
|
|||
|
\u0005\u2000.\u0003 = new BinaryReader(manifestResourceStream);
|
|||
|
short count = (short) ((int) \u0005\u2000.\u0003.ReadInt16() ^ -11950);
|
|||
|
if (count == (short) 0)
|
|||
|
\u0005\u2000.\u0008 = (short) ((int) \u0005\u2000.\u0003.ReadInt16() ^ 4163);
|
|||
|
else
|
|||
|
\u0005\u2000.\u0005 = \u0005\u2000.\u0003.ReadBytes((int) count);
|
|||
|
Assembly assembly = executingAssembly;
|
|||
|
AssemblyName assemblyName;
|
|||
|
try
|
|||
|
{
|
|||
|
assemblyName = assembly.GetName();
|
|||
|
}
|
|||
|
catch
|
|||
|
{
|
|||
|
assemblyName = new AssemblyName(assembly.FullName);
|
|||
|
}
|
|||
|
\u0005\u2000.\u000E = assemblyName.GetPublicKeyToken();
|
|||
|
if (\u0005\u2000.\u000E != null && \u0005\u2000.\u000E.Length == 0)
|
|||
|
\u0005\u2000.\u000E = (byte[]) null;
|
|||
|
\u0005\u2000.\u0006 = \u0005\u2000.\u0006 & 268435314 ^ 6788;
|
|||
|
}
|
|||
|
int num1 = _param0 ^ -958285185;
|
|||
|
\u0005\u2000.\u0003.BaseStream.Position = (long) num1;
|
|||
|
byte[] numArray1;
|
|||
|
if (\u0005\u2000.\u0005 != null)
|
|||
|
{
|
|||
|
numArray1 = \u0005\u2000.\u0005;
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
short count = \u0005\u2000.\u0008 != (short) -1 ? \u0005\u2000.\u0008 : (short) ((int) \u0005\u2000.\u0003.ReadInt16() ^ 24370 ^ num1);
|
|||
|
numArray1 = count != (short) 0 ? \u0005\u2000.\u0003.ReadBytes((int) count) : (byte[]) null;
|
|||
|
}
|
|||
|
int num2 = \u0005\u2000.\u0003.ReadInt32() ^ num1 ^ 772501101;
|
|||
|
bool flag1 = (num2 & int.MinValue) != 0;
|
|||
|
bool flag2 = (num2 & 1073741824) != 0;
|
|||
|
int count1 = num2 & 1073741823;
|
|||
|
byte[] numArray2 = \u0008\u2000.\u0002(numArray1, \u0005\u2000.\u0003.ReadBytes(count1));
|
|||
|
if (\u0005\u2000.\u000E != null != (\u0005\u2000.\u0006 != 1607814))
|
|||
|
{
|
|||
|
for (int index = 0; index < count1; ++index)
|
|||
|
{
|
|||
|
byte num3 = \u0005\u2000.\u000E[index & 7];
|
|||
|
byte num4 = (byte) ((int) num3 << 3 | (int) num3 >> 5);
|
|||
|
numArray2[index] = (byte) ((uint) numArray2[index] ^ (uint) num4);
|
|||
|
}
|
|||
|
}
|
|||
|
int num5 = \u0005\u2000.\u0006 - 12;
|
|||
|
byte[] bytes;
|
|||
|
int length;
|
|||
|
if (!flag2)
|
|||
|
{
|
|||
|
bytes = numArray2;
|
|||
|
length = count1;
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
length = (int) numArray2[2] | (int) numArray2[0] << 16 | (int) numArray2[3] << 8 | (int) numArray2[1] << 24;
|
|||
|
bytes = new byte[length];
|
|||
|
\u0005\u2000.\u0002(numArray2, 4, bytes);
|
|||
|
}
|
|||
|
string str2;
|
|||
|
if (flag1 && num5 == 1607802)
|
|||
|
{
|
|||
|
char[] chArray = new char[length];
|
|||
|
for (int index = 0; index < length; ++index)
|
|||
|
chArray[index] = (char) bytes[index];
|
|||
|
str2 = new string(chArray);
|
|||
|
}
|
|||
|
else
|
|||
|
str2 = Encoding.Unicode.GetString(bytes, 0, bytes.Length);
|
|||
|
int num6 = num5 + ((int) sbyte.MaxValue + (num5 & 3) << 5);
|
|||
|
if (num6 != 1611930)
|
|||
|
str2 = (_param0 + count1 ^ 936568 ^ num6 & 1293).ToString("X");
|
|||
|
string str3 = string.Intern(str2);
|
|||
|
\u0005\u2000.\u0002.Add(_param0, str3);
|
|||
|
if (\u0005\u2000.\u0002.Count == 209)
|
|||
|
{
|
|||
|
\u0005\u2000.\u0003.Close();
|
|||
|
\u0005\u2000.\u0003 = (BinaryReader) null;
|
|||
|
\u0005\u2000.\u0005 = \u0005\u2000.\u000E = (byte[]) null;
|
|||
|
}
|
|||
|
return str3;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static int \u0002(byte[] _param0, int _param1, byte[] _param2)
|
|||
|
{
|
|||
|
int num1 = 0;
|
|||
|
int num2 = 0;
|
|||
|
int num3 = 128;
|
|||
|
int length = _param2.Length;
|
|||
|
label_9:
|
|||
|
while (num1 < length)
|
|||
|
{
|
|||
|
if ((num3 <<= 1) == 256)
|
|||
|
{
|
|||
|
num3 = 1;
|
|||
|
num2 = (int) _param0[_param1++];
|
|||
|
}
|
|||
|
if ((num2 & num3) != 0)
|
|||
|
{
|
|||
|
int num4 = ((int) _param0[_param1] >> 2) + 3;
|
|||
|
int num5 = ((int) _param0[_param1] << 8 | (int) _param0[_param1 + 1]) & 1023;
|
|||
|
_param1 += 2;
|
|||
|
int num6 = num1 - num5;
|
|||
|
if (num6 < 0)
|
|||
|
return -1;
|
|||
|
while (true)
|
|||
|
{
|
|||
|
if (--num4 >= 0 && num1 < length)
|
|||
|
_param2[num1++] = _param2[num6++];
|
|||
|
else
|
|||
|
goto label_9;
|
|||
|
}
|
|||
|
}
|
|||
|
else
|
|||
|
_param2[num1++] = _param0[_param1++];
|
|||
|
}
|
|||
|
return 0;
|
|||
|
}
|
|||
|
}
|