MalwareSourceCode/MSIL/Trojan/Win32/L/Trojan.Win32.Llac.aamy-d1153c91831872cfeacf510426d9b4752eab5933102816559dcd2628b12a7253/_0003/_0002.cs
2022-08-18 06:28:56 -05:00

80 lines
3.2 KiB
C#
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: .
// Assembly: syncuiLoader, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F112AE9C-7564-463C-8834-3BB2BC4FBE1B
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Llac.aamy-d1153c91831872cfeacf510426d9b4752eab5933102816559dcd2628b12a7253.exe
using \u0003;
using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
namespace \u0003
{
internal sealed class \u0002
{
public static string \u0001;
public static byte[] \u0003([In] byte[] obj0, [In] string obj1)
{
if (obj1.StartsWith("{"))
{
\u0002.\u0001 = "ERR 2006: This template was not properly processed by {smartassembly}";
return (byte[]) null;
}
try
{
RijndaelManaged rijndaelManaged = new RijndaelManaged();
RSACryptoServiceProvider cryptoServiceProvider = new RSACryptoServiceProvider();
cryptoServiceProvider.FromXmlString(obj1);
rijndaelManaged.GenerateKey();
rijndaelManaged.GenerateIV();
byte[] numArray1 = new byte[48];
Buffer.BlockCopy((Array) rijndaelManaged.Key, 0, (Array) numArray1, 0, 32);
Buffer.BlockCopy((Array) rijndaelManaged.IV, 0, (Array) numArray1, 32, 16);
MemoryStream memoryStream = new MemoryStream();
try
{
byte[] buffer = cryptoServiceProvider.Encrypt(numArray1, false);
memoryStream.WriteByte((byte) 1);
memoryStream.WriteByte(Convert.ToByte(buffer.Length / 8));
memoryStream.Write(buffer, 0, buffer.Length);
}
catch (CryptographicException ex1)
{
try
{
byte[] numArray2 = new byte[16];
byte[] numArray3 = new byte[16];
Buffer.BlockCopy((Array) rijndaelManaged.Key, 0, (Array) numArray2, 0, 16);
Buffer.BlockCopy((Array) rijndaelManaged.Key, 16, (Array) numArray3, 0, 16);
byte[] buffer1 = cryptoServiceProvider.Encrypt(numArray2, false);
byte[] buffer2 = cryptoServiceProvider.Encrypt(numArray3, false);
byte[] buffer3 = cryptoServiceProvider.Encrypt(rijndaelManaged.IV, false);
memoryStream.WriteByte((byte) 2);
memoryStream.WriteByte(Convert.ToByte(buffer1.Length / 8));
memoryStream.Write(buffer1, 0, buffer1.Length);
memoryStream.Write(buffer2, 0, buffer2.Length);
memoryStream.Write(buffer3, 0, buffer3.Length);
}
catch (CryptographicException ex2)
{
\u0002.\u0001 = "ERR 2005: The 128-bit encryption is not available on this computer. You need to install the High Encryption Pack in order to use the reporting feature.";
return (byte[]) null;
}
}
CryptoStream cryptoStream = new CryptoStream((Stream) memoryStream, rijndaelManaged.CreateEncryptor(), CryptoStreamMode.Write);
cryptoStream.Write(obj0, 0, obj0.Length);
cryptoStream.FlushFinalBlock();
return memoryStream.ToArray();
}
catch (Exception ex)
{
\u0002.\u0001 = "ERR 2004: " + ex.Message;
return (byte[]) null;
}
}
}
}