ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-25 21:05:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-e8127d5ac262f8a18c98990240938f5b10bb0eb14e19d9b9912199b94bd711a1/as.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

247 lines
10 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: as
// Assembly: SpeechGridService, Version=1.0.0.81, Culture=neutral, PublicKeyToken=0b1522110151bc44
// MVID: EC73F2A1-74C8-4B65-87F0-244E72253AC2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Patched.mf-e8127d5ac262f8a18c98990240938f5b10bb0eb14e19d9b9912199b94bd711a1.exe
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.Xml;
using System.Text;
using System.Threading;
using System.Xml;
internal static class @as
{
private static readonly string a = "http://updates.speechgrid.net/updateCheck?build={0}&clientGuid={1}&requestIsFromService={2}";
private static System.Threading.Timer b;
private static readonly string c = "-----BEGIN CERTIFICATE-----\r\nMIIDVDCCAjwCCQCIWhwhFtjLfzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJV\r\nUzEWMBQGA1UECAwNU2FuIEZyYW5jaXNjbzEWMBQGA1UEBwwNU2FuIEZyYW5jaXNj\r\nbzETMBEGA1UECgwKU3BlZWNoR3JpZDEYMBYGA1UEAwwPU3BlZWNoR3JpZCBQUk9E\r\nMB4XDTExMDIxODAzNDMzMFoXDTM4MDIxMTAzNDMzMFowbDELMAkGA1UEBhMCVVMx\r\nFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28x\r\nEzARBgNVBAoMClNwZWVjaEdyaWQxGDAWBgNVBAMMD1NwZWVjaEdyaWQgUFJPRDCC\r\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlAgt4kRc0bxDso24IMhij9\r\nXmVIizXM5mMUtlub0Mimmp0whvpsWNGKNQgkxHCZhIU+DV/5z2C2698ZMrfCkZpz\r\nj4aKCcprWNAsh7jFQoi1rbMaR5Df5nZMVJyjiRhaiwI0grS5WUsQ4iM/kKR1TL8q\r\npWukfU6UilCJk+jhb/J+5VEmg7WNzwDRrfkT/w8BIIhB6kSKQVTTKKPGi7p1s0dY\r\n8iH9ED4jg08A4gnmRuAFIZdo2rWX1N730WfcZ1O3UmjI5FXWlhRHcjgZCUEtGnHu\r\n6bMZMqAIK3kkxjOZJGBUSdiaSZU1p8GHcGFPJzXLchNfoWZms9vpaXIxh9+dMd0C\r\nAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAWMlHPCE1cGAM0lAIWycHqp6xfY13ILos\r\nTJgZAg/UfzKoS16pvWQmSDD4VTAxHkws358fA5yMDnBpMFZaNzKb2YFCsRI9Xj79\r\ntijWvxp/X0p6i9UBmQreYmBy30Ur76FMYWDb3W/UVEUcgud0bKKwRax03hQDGwtE\r\ncauzAXHKIYZidi4wnMObWCrosWCYjNcojQkyyV2TIBnHseaXipzsPV5S8Ra/8vJx\r\naycIMFN5k9yeTe4XGWhWFt1C4qEM7vOop1H/uhVz5Z453gIuUPrw91kibhjUToPV\r\nsSiqMJt07S7QuBQlaTo4C/zrGAc7S4AuUuce02kjdrFg+MWLv6TPPw==\r\n-----END CERTIFICATE-----";
private static readonly string d = "-----BEGIN CERTIFICATE-----\r\nMIIDTjCCAjYCCQD6l9oqYF8G3zANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJV\r\nUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzET\r\nMBEGA1UECgwKU3BlZWNoR3JpZDEYMBYGA1UEAwwPU3BlZWNoR3JpZCBURVNUMB4X\r\nDTExMDIxODAzMDYzNloXDTM4MDIxMTAzMDYzNlowaTELMAkGA1UEBhMCVVMxEzAR\r\nBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNV\r\nBAoMClNwZWVjaEdyaWQxGDAWBgNVBAMMD1NwZWVjaEdyaWQgVEVTVDCCASIwDQYJ\r\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM0AbE9tOTC7PgfwTsriFqQHYHhu7+Nv\r\nDafCGe7XqbhIPZ09W5krF8U5a/TnznManP+tIRVyyMMSReyuS1BF0n1NjBvvvxGx\r\ntDDrZHjdRItihfLgMXUrDvX5gud02LgLK2faK1M8W8jX0J6GCplYrUarQES2qCSU\r\n1c5gJlxsqFxqnCGS/ZYXCRBFRJEaGZO73RzL9k8ggY5K9ksxUfPiCzCcXPwUXAWR\r\nfKlFlTyncXhaIHcW0I+Qeulrr3Nkp+4nBhH7HFKpMoIWDDHu3p3uvkB9wtdoSGG+\r\niEAqu80WbeFP9OVxIDPnDwGDhJ1L8Vq5QB1PU/7AQ7+zHTP0xjt7rRsCAwEAATAN\r\nBgkqhkiG9w0BAQUFAAOCAQEAIgsabxtJdIo8kXkmh67Ah++m1kFDgYOzhkrd5ogd\r\n+NMUgHjuFM7EUB4DEV1gsagM3R5ulqTi2kq7buzUkWn+U9VhUDRyDFLXABB4/n9G\r\nlh/Q5SuSH5Rz/5xio1a6M2SLJtIVZyCLIl4/xE+c9iftT2xedKKgtIsi4dZ91qcm\r\njTXMET/3U/SKru3K+9vpARI6RWRae3TXlUNxsxFI61fXjie2WfzSMMcl3i6t9dJQ\r\nLTH2Q/FNnb693WalmbmzizaSJ3fZ5tlt5lnMyOH0908Lz28kTCT/BKh8ivjEQZm8\r\nM25AHGxGeav/vDIWgqk++SNNj6EkWKJuvo+O1FlRzFOZaw==\r\n-----END CERTIFICATE-----";
internal static void b(e A_0)
{
TimeSpan dueTime = new TimeSpan((long) ((double) TimeSpan.FromHours(24.0).Ticks * new Random().NextDouble()));
if (@as.b())
{
dueTime = TimeSpan.FromSeconds(10.0);
@as.a((object) A_0, "ImmediateUpdateCheck flag is set, but will be subjugated to user preference for automatic updates.");
}
@as.b = new System.Threading.Timer(new TimerCallback(@as.b), (object) A_0, dueTime, TimeSpan.FromHours(24.0));
@as.a((object) A_0, @as.a() ? "Automatic updates are enabled" : "Automatic updates are disabled (by user)");
@as.a((object) A_0, string.Format("First update check (if enabled) scheduled for t-minus {0} hours", (object) dueTime.TotalHours));
}
internal static void a(e A_0, bool A_1)
{
if (A_1)
@as.b.Change(TimeSpan.Zero, TimeSpan.FromHours(24.0));
else
@as.a((object) A_0);
}
private static void b(object A_0)
{
if (!@as.a())
@as.a(A_0, "Skipping scheduled check for updates due to user setting.");
else
@as.a(A_0);
}
private static void a(object A_0)
{
e A_0_1 = (e) null;
try
{
if (!(A_0 is e e))
e = new e();
A_0_1 = e;
string A_0_2 = @as.a(A_0_1);
if (string.IsNullOrEmpty(A_0_2))
return;
@as.a a = @as.a.a(A_0_2, A_0_1 != null && A_0_1.c());
string str = Path.Combine(au.a(ax.a, ax.b, ax.c) ?? throw new Exception("Cannot find writable directory for update download."), "SpeechGridUpdater.exe");
if (System.IO.File.Exists(str))
{
try
{
System.IO.File.Delete(str);
}
catch (IOException ex)
{
@as.a((object) A_0_1, "An updater seems to be running already. Trying to kill it...");
int num = 0;
foreach (Process process in Process.GetProcessesByName("SpeechGridUpdater"))
{
process.Kill();
++num;
}
@as.a((object) A_0_1, string.Format("Killed {0} already-running updaters", (object) num));
}
}
using (WebClient webClient = new WebClient())
webClient.DownloadFile(a.b(), str);
string base64String;
using (FileStream inputStream = new FileStream(str, FileMode.Open, FileAccess.Read))
base64String = Convert.ToBase64String(new SHA1CryptoServiceProvider().ComputeHash((Stream) inputStream));
if (base64String != a.a())
throw new Exception("Updater executable hash is mismatched.");
try
{
if (A_0_1.f() != null)
A_0_1.f()();
}
catch (Exception ex)
{
if (A_0_1 != null)
{
if (A_0_1.g() != null)
@as.a((Delegate) A_0_1.g(), (object) "Exception calling BeforeExecutingUpdateFile delegate", (object) ex);
}
}
@as.a((object) A_0_1, string.Format("Launching update executable {0}", (object) str));
Process.Start(str);
}
catch (Exception ex)
{
if (A_0_1 == null || A_0_1.d() == null)
return;
@as.a((Delegate) A_0_1.d(), (object) "Exception while checking for and running updates", (object) ex);
}
}
private static string a(e A_0)
{
int revision = Assembly.GetExecutingAssembly().GetName().Version.Revision;
string str = string.Empty;
if (A_0 != null && A_0.a() != null)
str = A_0.a();
bool flag = false;
if (A_0 != null)
flag = A_0.e();
HttpWebRequest httpWebRequest = (HttpWebRequest) WebRequest.Create(string.Format(@as.a, (object) revision, (object) str, (object) flag));
httpWebRequest.KeepAlive = false;
try
{
using (WebResponse response = httpWebRequest.GetResponse())
{
using (StreamReader streamReader = new StreamReader(response.GetResponseStream()))
return streamReader.ReadToEnd();
}
}
catch (Exception ex)
{
@as.a((Delegate) A_0.g(), (object) "Exception while trying to check for update info.", (object) ex);
return (string) null;
}
}
private static bool b()
{
try
{
using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("Software\\SpeechGrid", false))
{
if (registryKey == null)
return false;
if (!(registryKey.GetValue("ImmediateUpdateCheck") is string empty))
empty = string.Empty;
return empty.ToLowerInvariant() == "true";
}
}
catch
{
return false;
}
}
private static bool a() => @as.a(Registry.LocalMachine) && @as.a(Registry.CurrentUser);
private static bool a(RegistryKey A_0)
{
try
{
using (RegistryKey registryKey = A_0.OpenSubKey("Software\\SpeechGrid\\AppData", false))
return registryKey == null || (registryKey.GetValue("AutomaticUpdatesEnabled") as long?).GetValueOrDefault(1L) != 0L;
}
catch
{
return true;
}
}
private static void a(Delegate A_0, params object[] A_1)
{
try
{
A_0.DynamicInvoke(A_1);
}
catch
{
}
}
private static void a(object A_0, string A_1)
{
if (!(A_0 is e e) || e.b() == null)
return;
@as.a((Delegate) e.b(), (object) A_1);
}
private class a
{
[CompilerGenerated]
[SpecialName]
internal string b() => this.a;
[CompilerGenerated]
[SpecialName]
internal void a(string A_0) => this.a = A_0;
[CompilerGenerated]
[SpecialName]
internal string a() => this.b;
[CompilerGenerated]
[SpecialName]
internal void b(string A_0) => this.b = A_0;
internal static @as.a a(string A_0, bool A_1)
{
if (!A_1)
return @as.a.a(A_0, @as.c);
try
{
return @as.a.a(A_0, @as.c);
}
catch
{
return @as.a.a(A_0, @as.d);
}
}
private static @as.a a(string A_0, string A_1)
{
X509Certificate2 certificate = new X509Certificate2(Encoding.UTF8.GetBytes(A_1.Replace("\r", "").Replace("\n", "").Replace("-----BEGIN CERTIFICATE-----", "").Replace("-----END CERTIFICATE-----", "")));
XmlDocument document = new XmlDocument();
document.PreserveWhitespace = true;
document.LoadXml(A_0);
SignedXml signedXml = new SignedXml(document);
XmlNodeList elementsByTagName = document.GetElementsByTagName("Signature");
signedXml.LoadXml((XmlElement) elementsByTagName[0]);
if (!signedXml.CheckSignature(certificate, true))
throw new Exception("Signature verification failed.");
@as.a a = new @as.a();
a.a(document["UpdateInfo"]["DownloadUrl"].InnerText);
a.b(document["UpdateInfo"]["DownloadHash"].InnerText);
return a;
}
}
}
Reference in New Issue View Git Blame Copy Permalink