mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 10:56:10 +00:00
130 lines
5.9 KiB
C#
130 lines
5.9 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: Microsoft.InfoCards.RoamingStoreFile
|
|||
|
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
|
|||
|
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Expiro.w-67b630ead60119692b9abbdfd8717c96904ef041127c2cae033c86b718eaa61e.exe
|
|||
|
|
|||
|
using Microsoft.InfoCards.Diagnostics;
|
|||
|
using System;
|
|||
|
using System.Collections.Generic;
|
|||
|
using System.IO;
|
|||
|
using System.Text;
|
|||
|
using System.Xml;
|
|||
|
|
|||
|
namespace Microsoft.InfoCards
|
|||
|
{
|
|||
|
internal sealed class RoamingStoreFile
|
|||
|
{
|
|||
|
private List<InfoCard> m_infocards;
|
|||
|
|
|||
|
public RoamingStoreFile() => this.m_infocards = new List<InfoCard>();
|
|||
|
|
|||
|
public IList<InfoCard> Cards => (IList<InfoCard>) this.m_infocards;
|
|||
|
|
|||
|
public void Clear()
|
|||
|
{
|
|||
|
foreach (InfoCard infocard in this.m_infocards)
|
|||
|
infocard.ClearSensitiveData();
|
|||
|
this.m_infocards.Clear();
|
|||
|
}
|
|||
|
|
|||
|
public void WriteTo(string password, XmlWriter writer)
|
|||
|
{
|
|||
|
byte[] buffer = (byte[]) null;
|
|||
|
byte[] salt = (byte[]) null;
|
|||
|
using (MemoryStream memoryStream = new MemoryStream())
|
|||
|
{
|
|||
|
using (XmlWriter writer1 = XmlWriter.Create((Stream) memoryStream, new XmlWriterSettings()
|
|||
|
{
|
|||
|
OmitXmlDeclaration = true,
|
|||
|
CloseOutput = false,
|
|||
|
Encoding = Encoding.UTF8
|
|||
|
}))
|
|||
|
{
|
|||
|
writer1.WriteStartElement("RoamingStore", "http://schemas.xmlsoap.org/ws/2005/05/identity");
|
|||
|
foreach (InfoCard infocard in this.m_infocards)
|
|||
|
infocard.WriteXml(writer1);
|
|||
|
writer1.WriteEndElement();
|
|||
|
writer1.Flush();
|
|||
|
}
|
|||
|
memoryStream.Flush();
|
|||
|
memoryStream.Seek(0L, SeekOrigin.Begin);
|
|||
|
buffer = new byte[RoamingStoreFileUtility.CalculateEncryptedSize(Convert.ToInt32(memoryStream.Length))];
|
|||
|
using (MemoryStream destination = new MemoryStream(buffer))
|
|||
|
{
|
|||
|
RoamingStoreFileUtility.Encrypt((Stream) memoryStream, (Stream) destination, password, out salt);
|
|||
|
destination.Flush();
|
|||
|
}
|
|||
|
}
|
|||
|
writer.WriteStartElement("EncryptedStore", "http://schemas.xmlsoap.org/ws/2005/05/identity");
|
|||
|
writer.WriteStartElement("StoreSalt", "http://schemas.xmlsoap.org/ws/2005/05/identity");
|
|||
|
writer.WriteBase64(salt, 0, salt.Length);
|
|||
|
writer.WriteEndElement();
|
|||
|
writer.WriteStartElement("EncryptedData", "http://www.w3.org/2001/04/xmlenc#");
|
|||
|
writer.WriteStartElement("CipherData", "http://www.w3.org/2001/04/xmlenc#");
|
|||
|
writer.WriteStartElement("CipherValue", "http://www.w3.org/2001/04/xmlenc#");
|
|||
|
writer.WriteBase64(buffer, 0, buffer.Length);
|
|||
|
writer.WriteEndElement();
|
|||
|
writer.WriteEndElement();
|
|||
|
writer.WriteEndElement();
|
|||
|
writer.WriteEndElement();
|
|||
|
}
|
|||
|
|
|||
|
public void ReadFrom(string password, XmlReader reader)
|
|||
|
{
|
|||
|
if (!reader.IsStartElement("EncryptedStore", "http://schemas.xmlsoap.org/ws/2005/05/identity"))
|
|||
|
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("InvalidImportFile")));
|
|||
|
if (!reader.ReadToDescendant("StoreSalt", "http://schemas.xmlsoap.org/ws/2005/05/identity"))
|
|||
|
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("InvalidImportFile")));
|
|||
|
byte[] numArray = new byte[RoamingStoreFileUtility.SaltLength];
|
|||
|
reader.ReadElementContentAsBase64(numArray, 0, numArray.Length);
|
|||
|
if (reader.ReadElementContentAsBase64(new byte[1], 0, 1) != 0)
|
|||
|
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("InvalidImportFile")));
|
|||
|
if (!reader.IsStartElement("EncryptedData", "http://www.w3.org/2001/04/xmlenc#"))
|
|||
|
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("InvalidImportFile")));
|
|||
|
if (!reader.ReadToDescendant("CipherData", "http://www.w3.org/2001/04/xmlenc#"))
|
|||
|
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("InvalidImportFile")));
|
|||
|
if (!reader.ReadToDescendant("CipherValue", "http://www.w3.org/2001/04/xmlenc#"))
|
|||
|
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("InvalidImportFile")));
|
|||
|
using (MemoryStream source = new MemoryStream(4096))
|
|||
|
{
|
|||
|
byte[] buffer = new byte[1024];
|
|||
|
int count;
|
|||
|
while ((count = reader.ReadElementContentAsBase64(buffer, 0, buffer.Length)) > 0)
|
|||
|
source.Write(buffer, 0, count);
|
|||
|
source.Flush();
|
|||
|
source.Seek(0L, SeekOrigin.Begin);
|
|||
|
using (MemoryStream destination = new MemoryStream(RoamingStoreFileUtility.CalculateDecryptedSize(Convert.ToInt32(source.Length))))
|
|||
|
{
|
|||
|
RoamingStoreFileUtility.Decrypt((Stream) source, (Stream) destination, password, numArray);
|
|||
|
destination.Flush();
|
|||
|
destination.Seek(0L, SeekOrigin.Begin);
|
|||
|
using (XmlReader reader1 = InfoCardSchemas.CreateReader((Stream) destination, reader.Settings))
|
|||
|
{
|
|||
|
reader1.Read();
|
|||
|
if (!reader1.IsStartElement("RoamingStore", "http://schemas.xmlsoap.org/ws/2005/05/identity"))
|
|||
|
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("InvalidImportFile")));
|
|||
|
if (reader1.ReadToDescendant("RoamingInformationCard", "http://schemas.xmlsoap.org/ws/2005/05/identity"))
|
|||
|
{
|
|||
|
do
|
|||
|
{
|
|||
|
InfoCard infoCard = new InfoCard();
|
|||
|
infoCard.ReadXml(reader1);
|
|||
|
this.m_infocards.Add(infoCard);
|
|||
|
reader1.ReadEndElement();
|
|||
|
}
|
|||
|
while (reader1.IsStartElement("RoamingInformationCard", "http://schemas.xmlsoap.org/ws/2005/05/identity"));
|
|||
|
}
|
|||
|
reader1.ReadEndElement();
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
reader.ReadEndElement();
|
|||
|
if (reader.IsStartElement("EncryptionProperties", "http://www.w3.org/2001/04/xmlenc#"))
|
|||
|
reader.Skip();
|
|||
|
reader.ReadEndElement();
|
|||
|
reader.ReadEndElement();
|
|||
|
}
|
|||
|
}
|
|||
|
}
|