// Decompiled with JetBrains decompiler // Type: l // Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe using System; using System.IO; using System.Reflection; using System.Security.Cryptography; internal sealed class l { private const int a = 8; private const int b = 20; private const int c = 4; private static byte[] d = new byte[4]; private static byte[] e; static l() { label_2: int num = 0; while (true) { switch (num) { case 0: l.e = new byte[4]; num = 4; continue; case 1: l.d[1] = l.e[1] = (byte) 83; num = 3; continue; case 2: l.e[3] = (byte) 50; num = 6; continue; case 3: l.d[2] = l.e[2] = (byte) 65; num = 5; continue; case 4: l.d[0] = l.e[0] = (byte) 82; num = 1; continue; case 5: l.d[3] = (byte) 49; num = 2; continue; case 6: goto label_9; default: goto label_2; } } label_9:; } public static MemoryStream a(Stream a) { BinaryReader binaryReader1 = new BinaryReader(a); DESCryptoServiceProvider cryptoServiceProvider = new DESCryptoServiceProvider(); bool flag1 = binaryReader1.ReadBoolean(); int count1 = (int) binaryReader1.ReadUInt16(); byte[] buffer1 = new byte[count1]; binaryReader1.Read(buffer1, 0, count1); if ((!flag1 ? 1 : 0) == 0) { byte[] buffer2 = new byte[8]; binaryReader1.Read(buffer2, 0, 8); for (int index = 0; index < count1; ++index) buffer1[index] = (byte) ((uint) buffer1[index] ^ (uint) buffer2[index % 8]); } BinaryReader binaryReader2 = new BinaryReader((Stream) new MemoryStream(buffer1, false)); label_6: int num = 7; int count2; int count3; bool flag2; byte[] numArray1; byte[] buffer3; bool flag3; while (true) { switch (num) { case 0: count2 = (int) binaryReader2.ReadByte(); num = 3; continue; case 1: count3 = (int) binaryReader2.ReadByte(); num = 8; continue; case 2: flag2 = binaryReader2.ReadBoolean(); num = 0; continue; case 3: numArray1 = new byte[count2]; num = 4; continue; case 4: if (flag2) { num = 10; continue; } goto label_19; case 5: binaryReader2.Read(buffer3, 0, count3); num = 6; continue; case 6: cryptoServiceProvider.IV = buffer3; num = 2; continue; case 7: binaryReader2.ReadString(); num = 9; continue; case 8: buffer3 = new byte[count3]; num = 5; continue; case 9: flag3 = binaryReader2.ReadBoolean(); num = 1; continue; case 10: goto label_18; default: goto label_6; } } label_18: binaryReader2.Read(numArray1, 0, count2); label_19: RSACryptoServiceProvider a1 = (RSACryptoServiceProvider) null; int count4 = binaryReader2.ReadInt32(); byte[] numArray2 = new byte[count4]; binaryReader2.Read(numArray2, 0, count4); if (!flag2) { byte[] publicKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey(); if (publicKey == null || publicKey.Length != 160) throw new InvalidOperationException(); Buffer.BlockCopy((Array) publicKey, 12, (Array) numArray1, 0, count2); numArray1[5] |= (byte) 128; a1 = new RSACryptoServiceProvider(); a1.ImportParameters(l.a(publicKey)); } cryptoServiceProvider.Key = numArray1; MemoryStream a2 = new MemoryStream(); using (CryptoStream a3 = new CryptoStream(binaryReader1.BaseStream, cryptoServiceProvider.CreateDecryptor(), CryptoStreamMode.Read)) { if (flag3) j.a((Stream) a3, (Stream) a2); else l.a((Stream) a3, (Stream) a2); } if (a1 != null) { a2.Position = 0L; if (!l.a(a1, (Stream) a2, numArray2)) throw new InvalidOperationException(); } a2.Position = 0L; return a2; } private static byte[] a(byte[] a1, int a2, int a3) { if ((a1 == null ? 1 : 0) == 0) { label_2: int num = 0; while (true) { switch (num) { case 0: if (a1.Length < a2 + a3) { num = 1; continue; } goto label_6; case 1: goto label_5; default: goto label_2; } } label_6: byte[] destinationArray = new byte[a3]; Array.Copy((Array) a1, a2, (Array) destinationArray, 0, a3); return destinationArray; } label_5: return (byte[]) null; } private static void a(Stream a1, Stream a2) { byte[] buffer = new byte[4096]; while (true) { int count = a1.Read(buffer, 0, buffer.Length); if ((count <= 0 ? 0 : 1) != 0) a2.Write(buffer, 0, count); else break; } } private static RSAParameters a(byte[] a) { bool flag = a.Length == 160; if ((!flag ? 1 : 0) == 0 && !l.a(a, l.d, 20)) return new RSAParameters(); if (!flag && !l.a(a, l.e, 8)) return new RSAParameters(); RSAParameters rsaParameters = new RSAParameters(); int a1 = (flag ? 20 : 8) + 8; int a2 = 4; rsaParameters.Exponent = l.a(a, a1, a2); Array.Reverse((Array) rsaParameters.Exponent); int a3 = a1 + a2; int a4 = 128; rsaParameters.Modulus = l.a(a, a3, a4); Array.Reverse((Array) rsaParameters.Modulus); if (flag) return rsaParameters; int a5 = a3 + a4; label_8: int num = 14; while (true) { switch (num) { case 0: rsaParameters.P = l.a(a, a5, a4); num = 12; continue; case 1: rsaParameters.DQ = l.a(a, a5, a4); num = 6; continue; case 2: a5 += a4; num = 15; continue; case 3: rsaParameters.D = l.a(a, a5, a4); num = 10; continue; case 4: a5 += a4; num = 7; continue; case 5: rsaParameters.InverseQ = l.a(a, a5, a4); num = 9; continue; case 6: Array.Reverse((Array) rsaParameters.DQ); num = 2; continue; case 7: a4 = 64; num = 1; continue; case 8: a4 = 64; num = 17; continue; case 9: Array.Reverse((Array) rsaParameters.InverseQ); num = 13; continue; case 10: Array.Reverse((Array) rsaParameters.D); num = 23; continue; case 11: Array.Reverse((Array) rsaParameters.DP); num = 4; continue; case 12: Array.Reverse((Array) rsaParameters.P); num = 16; continue; case 13: a5 += a4; num = 19; continue; case 14: a4 = 64; num = 0; continue; case 15: a4 = 64; num = 5; continue; case 16: a5 += a4; num = 21; continue; case 17: rsaParameters.DP = l.a(a, a5, a4); num = 11; continue; case 18: rsaParameters.Q = l.a(a, a5, a4); num = 20; continue; case 19: a4 = 128; num = 3; continue; case 20: Array.Reverse((Array) rsaParameters.Q); num = 22; continue; case 21: a4 = 64; num = 18; continue; case 22: a5 += a4; num = 8; continue; case 23: goto label_32; default: goto label_8; } } label_32: return rsaParameters; } private static bool a(byte[] a1, byte[] a2, int a3) { int index = 0; if ((index == 0 ? 1 : 0) != 0) goto label_7; else goto label_2; label_1: int num; switch (num) { case 0: goto label_3; case 1: return false; } label_2: num = 0; goto label_1; label_3: if ((int) a1[index + a3] != (int) a2[index]) { num = 1; goto label_1; } else ++index; label_7: if (index >= a2.Length) return true; goto label_3; } private static bool a(RSACryptoServiceProvider a1, Stream a2, byte[] a3) { SHA1CryptoServiceProvider cryptoServiceProvider = new SHA1CryptoServiceProvider(); label_2: int num = 0; byte[] hash; string name; while (true) { switch (num) { case 0: hash = cryptoServiceProvider.ComputeHash(a2); num = 3; continue; case 1: name += (string) (object) 'A'; num = 4; continue; case 2: name += (string) (object) 'H'; num = 1; continue; case 3: name = new string('S', 1); num = 2; continue; case 4: name += (string) (object) '1'; num = 5; continue; case 5: goto label_8; default: goto label_2; } } label_8: return a1.VerifyHash(hash, CryptoConfig.MapNameToOID(name), a3); } }