// Decompiled with JetBrains decompiler // Type: Microsoft.InfoCards.SafeCryptoKey // Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 // MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe using Microsoft.InfoCards.Diagnostics; using System; using System.ComponentModel; using System.Runtime.InteropServices; using System.Security; using System.Security.Cryptography; namespace Microsoft.InfoCards { internal class SafeCryptoKey : IDisposable { private SafeCryptoKeyHandle m_handle; [SuppressUnmanagedCodeSecurity] [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)] private static extern bool CryptSetKeyParam( [In] SafeCryptoKeyHandle hKey, [In] uint dwParam, [In] IntPtr data, [In] uint flags); [SuppressUnmanagedCodeSecurity] [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)] private static extern bool CryptImportKey( [In] SafeRsaProviderHandle hProv, [In] IntPtr pbKeyData, [In] uint dwDataLen, [In] IntPtr hPubKey, [In] uint dwFlags, out SafeCryptoKeyHandle hKey); public SafeCryptoKeyHandle Handle => this.m_handle; public unsafe SafeCryptoKey(SafeRsaProviderHandle provider, byte[] encryptedKey, byte[] iv) { SafeCryptoKey.BlobHeader blobHeader = new SafeCryptoKey.BlobHeader(encryptedKey.Length); int dwDataLen = sizeof (SafeCryptoKey.BlobHeader) + encryptedKey.Length; // ISSUE: untyped stack allocation byte* pbKeyData = (byte*) __untypedstackalloc(dwDataLen); byte* numPtr = (byte*) &blobHeader; for (int index = 0; index < 12; ++index) pbKeyData[index] = numPtr[index]; try { ProtectedMemory.Unprotect(encryptedKey, MemoryProtectionScope.SameProcess); for (int index = 0; index < encryptedKey.Length; ++index) pbKeyData[12 + index] = encryptedKey[index]; } finally { ProtectedMemory.Protect(encryptedKey, MemoryProtectionScope.SameProcess); } if (!SafeCryptoKey.CryptImportKey(provider, (IntPtr) (void*) pbKeyData, (uint) dwDataLen, IntPtr.Zero, 0U, out this.m_handle)) { Exception e = (Exception) new Win32Exception(Marshal.GetLastWin32Error()); InfoCardTrace.CloseInvalidOutSafeHandle((SafeHandle) this.m_handle); InfoCardTrace.TraceAndLogException(e); throw InfoCardTrace.ThrowHelperError(e); } fixed (byte* data = &iv[0]) { if (!SafeCryptoKey.CryptSetKeyParam(this.m_handle, 1U, (IntPtr) (void*) data, 0U)) { Exception e = (Exception) new Win32Exception(Marshal.GetLastWin32Error()); this.m_handle.Dispose(); throw InfoCardTrace.ThrowHelperError(e); } // ISSUE: __unpin statement __unpin(data); } } void IDisposable.Dispose() => this.m_handle.Dispose(); [StructLayout(LayoutKind.Explicit, Size = 12)] private struct BlobHeader { private const int PLAINTEXTKEYBLOB = 8; private const int CUR_BLOB_VERSION = 2; private const int CALG_AES = 26128; [FieldOffset(0)] public byte bType; [FieldOffset(1)] public byte bVersion; [FieldOffset(2)] public ushort reserved; [FieldOffset(4)] public uint aiKeyAlg; [FieldOffset(8)] public uint keyLength; public BlobHeader(int keySize) { this.bType = (byte) 8; this.bVersion = (byte) 2; this.reserved = (ushort) 0; this.aiKeyAlg = 26128U; this.keyLength = (uint) keySize; } } } }