// Decompiled with JetBrains decompiler // Type: SmartAssembly.Zip.AESCryptoIndirector // Assembly: WinData, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 162322D2-FE3A-45B9-99E4-3519564A1D4D // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.kkro-82cd479bb60c59525668e5016b400a8cc48f04b14a5c6cad5e2c6046b301e79d.exe using System; using System.IO; using System.Reflection; using System.Security.Cryptography; namespace SmartAssembly.Zip { public sealed class AESCryptoIndirector : IDisposable { private readonly Type m_AcspType; private readonly object m_AESCryptoServiceProvider; public AESCryptoIndirector() { try { this.m_AcspType = Assembly.Load("System.Core, Version=2.0.5.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e").GetType("System.Security.Cryptography.AesManaged"); } catch (FileNotFoundException ex) { this.m_AcspType = Assembly.Load("mscorlib").GetType("System.Security.Cryptography.RijndaelManaged"); } this.m_AESCryptoServiceProvider = Activator.CreateInstance(this.m_AcspType); } public ICryptoTransform GetAESCryptoTransform( byte[] key, byte[] iv, bool decrypt) { this.m_AcspType.GetProperty("Key").GetSetMethod().Invoke(this.m_AESCryptoServiceProvider, new object[1] { (object) key }); this.m_AcspType.GetProperty("IV").GetSetMethod().Invoke(this.m_AESCryptoServiceProvider, new object[1] { (object) iv }); return (ICryptoTransform) this.m_AcspType.GetMethod(decrypt ? "CreateDecryptor" : "CreateEncryptor", new Type[0]).Invoke(this.m_AESCryptoServiceProvider, new object[0]); } public void Clear() => this.m_AcspType.GetMethod(nameof (Clear)).Invoke(this.m_AESCryptoServiceProvider, new object[0]); public void Dispose() => this.Clear(); } }